Buffer overflow in NFS mountd gives root access to remote attackers, mostly in Linux systems.

This issue has been addressed in nfs-server packages as shipped in Red Hat Linux since version nfs-server-2.2beta37. https://www.cve.org/CVERecord?id=CVE-1999-0002 https://nvd.nist.gov/vuln/detail/CVE-1999-0002

Buffer overflow in statd allows root privileges.

Not vulnerable. This flaw is specific to statd on Solaris, IRIX, Unixware and AIX platforms. https://www.cve.org/CVERecord?id=CVE-1999-0018 https://nvd.nist.gov/vuln/detail/CVE-1999-0018

Delete or create a file via rpc.statd, due to invalid information.

Not vulnerable. This flaw is specific to statd on Solaris platform. https://www.cve.org/CVERecord?id=CVE-1999-0019 https://nvd.nist.gov/vuln/detail/CVE-1999-0019

Predictable TCP sequence numbers allow spoofing.

Not vulnerable. This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 3, 4, 5, and Red Hat Enterprise MRG. The Linux kernel has implemented secure random number generated initial TCP sequences to prevent TCP hijacking attacks since 1996. https://www.cve.org/CVERecord?id=CVE-1999-0077 https://nvd.nist.gov/vuln/detail/CVE-1999-0077 1999-11-09T00:00:00 glibc: manual/search.texi lacks a statement about the unspecified tdelete return value upon deletion of a tree's root 0.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N CWE-1053

manual/search.texi in the GNU C Library (aka glibc) before 2.2 lacks a statement about the unspecified tdelete return value upon deletion of a tree's root, which might allow attackers to access a dangling pointer in an application whose developer was unaware of a documentation update from 1999.

Red Hat Product Security does not feel that this issue has any security impact because the CVE description suggests that a missing statement in the manpage could lead to a generalized developer awareness problem, that in turn could potentially lead to a flaw. Thus, there is no actual exploitable vulnerability reported in this CVE, but rather, the possibility that one could occur in some *unspecified* software which uses glibc where the developers haven't read the manpage since 1999. There is no direct way for a vulnerability to come to fruition in software based solely on developer knowledge (or lack thereof), but an *implementation* of that knowledge, which is absent from the description of this issue. This manpage issue does not affect glibc as shipped with Red Hat Enterprise Linux 5, 6, 7, or 8 as the versions of glibc shipped already have the updated manpage. Red Hat Enterprise Linux 5 Not affected glibc Red Hat Enterprise Linux 6 Not affected glibc Red Hat Enterprise Linux 7 Not affected glibc Red Hat Enterprise Linux 8 Not affected glibc https://www.cve.org/CVERecord?id=CVE-1999-0199 https://nvd.nist.gov/vuln/detail/CVE-1999-0199

Automount daemon automountd allows local or remote users to gain privileges via shell metacharacters.

Not vulnerable. This flaw is specific to automountd on Solaris platform. https://www.cve.org/CVERecord?id=CVE-1999-0210 https://nvd.nist.gov/vuln/detail/CVE-1999-0210 Moderate 1999-03-22T00:00:00 openssl: allow remote attackers to reuse SSL sessions and bypass access controls 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CWE-384

OpenSSL and SSLeay allow remote attackers to reuse SSL sessions and bypass access controls.

OpenSSL, as shipped with Red Hat Enterprise Linux 5, 6, 7, and 8, is not affected by this flaw because newer versions of OpenSSL that have already been patched are shipped. This vulnerability was originally published over 20 years ago. It affects OpenSSL versions < 0.92b, which are not shipped in Red Hat products. Red Hat Advanced Cluster Management for Kubernetes 2 Not affected openssl Red Hat Enterprise Linux 5 Not affected openssl Red Hat Enterprise Linux 5 Not affected openssl097a Red Hat Enterprise Linux 6 Not affected openssl Red Hat Enterprise Linux 6 Not affected openssl098e Red Hat Enterprise Linux 7 Not affected openssl Red Hat Enterprise Linux 7 Not affected openssl098e Red Hat Enterprise Linux 7 Not affected ovmf Red Hat Enterprise Linux 8 Not affected compat-openssl10 Red Hat Enterprise Linux 8 Not affected mingw-openssl Red Hat Enterprise Linux 8 Not affected openssl Red Hat JBoss Core Services Not affected jbcs-httpd24-openssl Red Hat JBoss Enterprise Application Platform 5 Not affected openssl Red Hat JBoss Enterprise Application Platform 6 Not affected openssl Red Hat JBoss Enterprise Web Server 2 Not affected jbcs-httpd24-openssl Red Hat JBoss Enterprise Web Server 2 Not affected openssl https://www.cve.org/CVERecord?id=CVE-1999-0428 https://nvd.nist.gov/vuln/detail/CVE-1999-0428

rpc.statd allows remote attackers to forward RPC calls to the local operating system via the SM_MON and SM_NOTIFY commands, which in turn could be used to remotely exploit other bugs such as in automountd.

Not vulnerable. This flaw is specific to statd on Solaris platform. https://www.cve.org/CVERecord?id=CVE-1999-0493 https://nvd.nist.gov/vuln/detail/CVE-1999-0493

ICMP echo (ping) is allowed from arbitrary hosts.

Red Hat Enterprise Linux by default does respond to ICMP echo requests, although it's likely that in a production environment those would be filtered by some firewall on entry to your network. However you can happily block ICMP ping responses using iptables if you so wish, but note that there is no known vulnerability in allowing them. For more details, please see: http://kbase.redhat.com/faq/FAQ_43_4304.shtm https://www.cve.org/CVERecord?id=CVE-1999-0523 https://nvd.nist.gov/vuln/detail/CVE-1999-0523

ICMP information such as (1) netmask and (2) timestamp is allowed from arbitrary hosts.

Red Hat Enterprise Linux is configured by default to respond to all ICMP requests. Users may configure the firewall to prevent a system from responding to certain ICMP requests. https://www.cve.org/CVERecord?id=CVE-1999-0524 https://nvd.nist.gov/vuln/detail/CVE-1999-0524 Low 1999-07-25T00:00:00 security flaw

The Squid package in Red Hat Linux 5.2 and 6.0, and other distributions, installs cachemgr.cgi in a public web directory, which allows remote attackers to use it as an intermediary to connect to other systems.

Red Hat Enterprise Linux 3 2005-06-14T00:00:00 RHSA-2005:415 squid-7:2.5.STABLE3-6.3E.13 Red Hat Enterprise Linux 4 2005-06-14T00:00:00 RHSA-2005:415 squid-7:2.5.STABLE6-3.4E.9 Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2005-06-13T00:00:00 RHSA-2005:489 Red Hat Enterprise Linux ES version 2.1 2005-06-13T00:00:00 RHSA-2005:489 Red Hat Linux Advanced Workstation 2.1 2005-06-13T00:00:00 RHSA-2005:489 https://www.cve.org/CVERecord?id=CVE-1999-0710 https://nvd.nist.gov/vuln/detail/CVE-1999-0710 1999-07-23T00:00:00 security flaw

The Guile plugin for the Gnumeric spreadsheet package allows attackers to execute arbitrary code.

https://www.cve.org/CVERecord?id=CVE-1999-0719 https://nvd.nist.gov/vuln/detail/CVE-1999-0719 1999-06-03T00:00:00 security flaw

Denial of service in Linux 2.2.x kernels via malformed ICMP packets containing unusual types, codes, and IP header lengths.

https://www.cve.org/CVERecord?id=CVE-1999-0804 https://nvd.nist.gov/vuln/detail/CVE-1999-0804 1999-11-18T00:00:00 security flaw

Denial of service in Linux syslogd via a large number of connections.

https://www.cve.org/CVERecord?id=CVE-1999-0831 https://nvd.nist.gov/vuln/detail/CVE-1999-0831 1999-11-30T00:00:00 security flaw

Buffer overflow in NFS server on Linux allows attackers to execute commands via a long pathname.

https://www.cve.org/CVERecord?id=CVE-1999-0832 https://nvd.nist.gov/vuln/detail/CVE-1999-0832 1999-10-20T00:00:00 security flaw

Red Hat Linux screen program does not use Unix98 ptys, allowing local users to write to other terminals.

https://www.cve.org/CVERecord?id=CVE-1999-0894 https://nvd.nist.gov/vuln/detail/CVE-1999-0894

wu-ftp with FTP conversion enabled allows an attacker to execute commands via a malformed file name that is interpreted as an argument to the program that does the conversion, e.g. tar or uncompress.

Red Hat does not consider CVE-1999-0997 to be a security vulnerability. The wu-ftpd process chroots itself into the target ftp directory and will only run external commands as the user logged into the ftp server. Because the process chroots itself, an attacker needs a valid login with write access to the ftp server, and even then they could only potentially execute commands as themselves. https://www.cve.org/CVERecord?id=CVE-1999-0997 https://nvd.nist.gov/vuln/detail/CVE-1999-0997 Low 1996-07-16T00:00:00 security flaw

cpio on FreeBSD 2.1.0, Debian GNU/Linux 3.0, and possibly other operating systems, uses a 0 umask when creating files using the -O (archive) or -F options, which creates the files with mode 0666 and allows local users to read or overwrite those files.

Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Red Hat would like to thank Mike O'Connor for reporting this issue. Red Hat Enterprise Linux 3 2005-02-18T00:00:00 RHSA-2005:080 cpio-0:2.5-3e.3 Red Hat Enterprise Linux 4 2005-02-15T00:00:00 RHSA-2005:073 cpio-0:2.5-7.EL4.1 Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2005-11-10T00:00:00 RHSA-2005:806 Red Hat Enterprise Linux ES version 2.1 2005-11-10T00:00:00 RHSA-2005:806 Red Hat Enterprise Linux WS version 2.1 2005-11-10T00:00:00 RHSA-2005:806 Red Hat Linux Advanced Workstation 2.1 2005-11-10T00:00:00 RHSA-2005:806 https://www.cve.org/CVERecord?id=CVE-1999-1572 https://nvd.nist.gov/vuln/detail/CVE-1999-1572 1999-11-08T00:00:00 security flaw

The initscripts package in Red Hat Linux allows local users to gain privileges via a symlink attack.

https://www.cve.org/CVERecord?id=CVE-2000-0031 https://nvd.nist.gov/vuln/detail/CVE-2000-0031 1999-12-28T00:00:00 security flaw

resend command in Majordomo allows local users to gain privileges via shell metacharacters.

This issue was fixed in the following product: - Red Hat Powertools 6.1 - RHSA-2000:005 (2000-01-21) https://www.cve.org/CVERecord?id=CVE-2000-0035 https://nvd.nist.gov/vuln/detail/CVE-2000-0035 1999-12-28T00:00:00 security flaw

Majordomo wrapper allows local users to gain privileges by specifying an alternate configuration file.

This issue was fixed in the following product: - Red Hat Powertools 6.1 - RHSA-2000:005 (2000-01-21) https://www.cve.org/CVERecord?id=CVE-2000-0037 https://nvd.nist.gov/vuln/detail/CVE-2000-0037 2000-01-04T00:00:00 security flaw

Red Hat userhelper program in the usermode package allows local users to gain root access via PAM and a .. (dot dot) attack.

This issue was fixed in the following products: - Red Hat Linux 6.0 - RHSA-2000:001 (2000-01-04) - Red Hat Linux 6.1 - RHSA-2000:001 (2000-01-04) https://www.cve.org/CVERecord?id=CVE-2000-0052 https://nvd.nist.gov/vuln/detail/CVE-2000-0052 2000-03-10T00:00:00 security flaw

Buffer overflow in ircII 4.4 IRC client allows remote attackers to execute commands via the DCC chat capability.

This issue was fixed in the following products: - Red Hat Linux 4.2 - RHSA-2000:008 (2000-03-30) - Red Hat Linux 5.2 - RHSA-2000:008 (2000-03-30) - Red Hat Linux 6.0 - RHSA-2000:008 (2000-03-30) - Red Hat Linux 6.1 - RHSA-2000:008 (2000-03-30) - Red Hat Linux 6.2 - RHSA-2000:008 (2000-03-30) https://www.cve.org/CVERecord?id=CVE-2000-0183 https://nvd.nist.gov/vuln/detail/CVE-2000-0183 2000-02-28T00:00:00 security flaw

Buffer overflow in the dump utility in the Linux ext2fs backup package allows local users to gain privileges via a long command line argument.

This issue was fixed in the following products: - Red Hat Linux 5.2 - RHSA-2000:100 (2000-11-02) - Red Hat Linux 6.2 - RHSA-2000:100 (2000-11-02) https://www.cve.org/CVERecord?id=CVE-2000-0186 https://nvd.nist.gov/vuln/detail/CVE-2000-0186 2000-02-28T00:00:00 security flaw

Buffer overflow in mhshow in the Linux nmh package allows remote attackers to execute commands via malformed MIME headers in an email message.

This issue was fixed in the following products: - Red Hat Linux 5.2 - RHSA-2000:006 (2000-03-06) - Red Hat Linux 6.0 - RHSA-2000:006 (2000-03-06) - Red Hat Linux 6.1 - RHSA-2000:006 (2000-03-06) https://www.cve.org/CVERecord?id=CVE-2000-0196 https://nvd.nist.gov/vuln/detail/CVE-2000-0196 2000-03-22T00:00:00 security flaw

gpm-root in the gpm package does not properly drop privileges, which allows local users to gain privileges by starting a utility from gpm-root.

This issue was fixed in the following products: - Red Hat Linux 5.2 - RHSA-2000:009 (2000-04-12) - Red Hat Linux 5.2 - RHSA-2000:045 (2000-07-26) - Red Hat Linux 6.0 - RHSA-2000:009 (2000-04-12) - Red Hat Linux 6.0 - RHSA-2000:045 (2000-07-26) - Red Hat Linux 6.1 - RHSA-2000:009 (2000-04-12) - Red Hat Linux 6.1 - RHSA-2000:045 (2000-07-26) - Red Hat Linux 6.2 - RHSA-2000:009 (2000-04-12) - Red Hat Linux 6.2 - RHSA-2000:045 (2000-07-26) https://www.cve.org/CVERecord?id=CVE-2000-0229 https://nvd.nist.gov/vuln/detail/CVE-2000-0229 2000-03-13T00:00:00 security flaw

Buffer overflow in imwheel allows local users to gain root privileges via the imwheel-solo script and a long HOME environmental variable.

This issue was fixed in the following products: - Red Hat Powertools 6.1 - RHSA-2000:016 (2000-04-21) - Red Hat Powertools 6.2 - RHSA-2000:016 (2000-04-21) https://www.cve.org/CVERecord?id=CVE-2000-0230 https://nvd.nist.gov/vuln/detail/CVE-2000-0230 2000-04-24T00:00:00 security flaw

The web GUI for the Linux Virtual Server (LVS) software in the Red Hat Linux Piranha package has a backdoor password that allows remote attackers to execute arbitrary commands.

https://www.cve.org/CVERecord?id=CVE-2000-0248 https://nvd.nist.gov/vuln/detail/CVE-2000-0248 2000-04-18T00:00:00 security flaw

Emacs 20 does not properly set permissions for a slave PTY device when starting a new subprocess, which allows local users to read or modify communications between Emacs and the subprocess.

This issue was fixed in the following products: - Red Hat Linux 6.0 - RHSA-2000:036 (2000-06-15) - Red Hat Linux 6.1 - RHSA-2000:036 (2000-06-15) - Red Hat Linux 6.2 - RHSA-2000:036 (2000-06-15) https://www.cve.org/CVERecord?id=CVE-2000-0269 https://nvd.nist.gov/vuln/detail/CVE-2000-0269 2000-04-24T00:00:00 security flaw

The passwd.php3 CGI script in the Red Hat Piranha Virtual Server Package allows local users to execute arbitrary commands via shell metacharacters.

This issue was fixed in the following product: - Red Hat Linux 6.2 - RHSA-2000:014 (2000-04-24) https://www.cve.org/CVERecord?id=CVE-2000-0322 https://nvd.nist.gov/vuln/detail/CVE-2000-0322 2000-04-13T00:00:00 security flaw

Linux OpenLDAP server allows local users to modify arbitrary files via a symlink attack.

This issue was fixed in the following products: - Red Hat Linux 6.1 - RHSA-2000:012 (2000-04-21) - Red Hat Linux 6.2 - RHSA-2000:012 (2000-04-21) https://www.cve.org/CVERecord?id=CVE-2000-0336 https://nvd.nist.gov/vuln/detail/CVE-2000-0336 1999-10-13T00:00:00 security flaw

Pluggable Authentication Modules (PAM) in Red Hat Linux 6.1 does not properly lock access to disabled NIS accounts.

https://www.cve.org/CVERecord?id=CVE-2000-0356 https://nvd.nist.gov/vuln/detail/CVE-2000-0356 1999-12-12T00:00:00 security flaw

ORBit and esound in Red Hat Linux 6.1 do not use sufficiently random numbers, which allows local users to guess the authentication keys.

https://www.cve.org/CVERecord?id=CVE-2000-0357 https://nvd.nist.gov/vuln/detail/CVE-2000-0357 1999-12-12T00:00:00 security flaw

ORBit and gnome-session in Red Hat Linux 6.1 allows remote attackers to crash a program.

https://www.cve.org/CVERecord?id=CVE-2000-0358 https://nvd.nist.gov/vuln/detail/CVE-2000-0358 1999-06-06T00:00:00 security flaw

screen and rxvt in Red Hat Linux 6.0 do not properly set the modes of tty devices, which allows local users to write to other ttys.

https://www.cve.org/CVERecord?id=CVE-2000-0364 https://nvd.nist.gov/vuln/detail/CVE-2000-0364 1999-06-06T00:00:00 security flaw

Red Hat Linux 6.0 installs the /dev/pts file system with insecure modes, which allows local users to write to other tty devices.

https://www.cve.org/CVERecord?id=CVE-2000-0365 https://nvd.nist.gov/vuln/detail/CVE-2000-0365 1999-06-08T00:00:00 security flaw

Vulnerabilities in the KDE kvt terminal program allow local users to gain root privileges.

https://www.cve.org/CVERecord?id=CVE-2000-0373 https://nvd.nist.gov/vuln/detail/CVE-2000-0373 2000-05-16T00:00:00 security flaw

Buffer overflow in krb_rd_req function in Kerberos 4 and 5 allows remote attackers to gain root privileges.

This issue was fixed in the following product: - Red Hat Linux 6.2 - RHSA-2000:025 (2000-05-16) https://www.cve.org/CVERecord?id=CVE-2000-0389 https://nvd.nist.gov/vuln/detail/CVE-2000-0389 2000-05-16T00:00:00 security flaw

Buffer overflow in krb425_conv_principal function in Kerberos 5 allows remote attackers to gain root privileges.

This issue was fixed in the following product: - Red Hat Linux 6.2 - RHSA-2000:025 (2000-05-16) https://www.cve.org/CVERecord?id=CVE-2000-0390 https://nvd.nist.gov/vuln/detail/CVE-2000-0390 2000-05-16T00:00:00 security flaw

Buffer overflow in krshd in Kerberos 5 allows remote attackers to gain root privileges.

This issue was fixed in the following product: - Red Hat Linux 6.2 - RHSA-2000:025 (2000-05-16) https://www.cve.org/CVERecord?id=CVE-2000-0391 https://nvd.nist.gov/vuln/detail/CVE-2000-0391 2000-05-16T00:00:00 security flaw

Buffer overflow in ksu in Kerberos 5 allows local users to gain root privileges.

This issue was fixed in the following product: - Red Hat Linux 6.2 - RHSA-2000:025 (2000-05-16) https://www.cve.org/CVERecord?id=CVE-2000-0392 https://nvd.nist.gov/vuln/detail/CVE-2000-0392 2000-05-12T00:00:00 security flaw

Netscape Communicator before version 4.73 and Navigator 4.07 do not properly validate SSL certificates, which allows remote attackers to steal information by redirecting traffic from a legitimate web server to their own malicious server, aka the "Acros-Suencksen SSL" vulnerability.

This issue was fixed in the following products: - Red Hat Linux 5.0 - RHSA-2000:028 (2000-05-19) - Red Hat Linux 5.1 - RHSA-2000:028 (2000-05-19) - Red Hat Linux 5.2 - RHSA-2000:028 (2000-05-19) - Red Hat Linux 6.0 - RHSA-2000:028 (2000-05-19) - Red Hat Linux 6.1 - RHSA-2000:028 (2000-05-19) - Red Hat Linux 6.2 - RHSA-2000:028 (2000-05-19) https://www.cve.org/CVERecord?id=CVE-2000-0406 https://nvd.nist.gov/vuln/detail/CVE-2000-0406 2000-06-15T00:00:00 security flaw

The DocumentTemplate package in Zope 2.2 and earlier allows a remote attacker to modify DTMLDocuments or DTMLMethods without authorization.

This issue was fixed in the following products: - Red Hat Powertools 6.1 - RHSA-2000:038 (2000-06-22) - Red Hat Powertools 6.2 - RHSA-2000:038 (2000-06-22) https://www.cve.org/CVERecord?id=CVE-2000-0483 https://nvd.nist.gov/vuln/detail/CVE-2000-0483 2000-05-21T00:00:00 security flaw

Buffer overflow in the XDMCP parsing code of GNOME gdm, KDE kdm, and wdm allows remote attackers to execute arbitrary commands or cause a denial of service via a long FORWARD_QUERY request.

This issue was fixed in the following product: - Red Hat Linux 6.2 - RHSA-2000:027 (2000-05-21) https://www.cve.org/CVERecord?id=CVE-2000-0491 https://nvd.nist.gov/vuln/detail/CVE-2000-0491 2000-06-09T00:00:00 security flaw

The "capabilities" feature in Linux before 2.2.16 allows local users to cause a denial of service or gain privileges by setting the capabilities to prevent a setuid program from dropping privileges, aka the "Linux kernel setuid/setcap vulnerability."

This issue was fixed in the following products: - Red Hat Linux 6.0 - RHSA-2000:037 (2000-06-20) - Red Hat Linux 6.1 - RHSA-2000:037 (2000-06-20) - Red Hat Linux 6.2 - RHSA-2000:037 (2000-06-20) https://www.cve.org/CVERecord?id=CVE-2000-0506 https://nvd.nist.gov/vuln/detail/CVE-2000-0506 2000-06-07T00:00:00 security flaw

Buffer overflow in restore program 0.4b17 and earlier in dump package allows local users to execute arbitrary commands via a long tape name.

This issue was fixed in the following products: - Red Hat Linux 5.2 - RHSA-2000:100 (2000-11-02) - Red Hat Linux 6.2 - RHSA-2000:100 (2000-11-02) https://www.cve.org/CVERecord?id=CVE-2000-0520 https://nvd.nist.gov/vuln/detail/CVE-2000-0520 2000-05-31T00:00:00 security flaw

The KApplication class in the KDE 1.1.2 configuration file management capability allows local users to overwrite arbitrary files.

This issue was fixed in the following products: - Red Hat Powertools 6.0 - RHSA-2000:032 (2000-06-07) - Red Hat Powertools 6.1 - RHSA-2000:032 (2000-06-07) - Red Hat Powertools 6.2 - RHSA-2000:032 (2000-06-07) https://www.cve.org/CVERecord?id=CVE-2000-0530 https://nvd.nist.gov/vuln/detail/CVE-2000-0530 2000-06-20T00:00:00 security flaw

Linux gpm program allows local users to cause a denial of service by flooding the /dev/gpmctl device with STREAM sockets.

This issue was fixed in the following products: - Red Hat Linux 5.2 - RHSA-2000:045 (2000-07-26) - Red Hat Linux 6.0 - RHSA-2000:045 (2000-07-26) - Red Hat Linux 6.1 - RHSA-2000:045 (2000-07-26) - Red Hat Linux 6.2 - RHSA-2000:045 (2000-07-26) https://www.cve.org/CVERecord?id=CVE-2000-0531 https://nvd.nist.gov/vuln/detail/CVE-2000-0531 2000-06-09T00:00:00 security flaw

Buffer overflow in Kerberos 4 KDC program allows remote attackers to cause a denial of service via the lastrealm variable in the set_tgtkey function.

This issue was fixed in the following product: - Red Hat Linux 6.2 - RHSA-2000:031 (2000-06-09) https://www.cve.org/CVERecord?id=CVE-2000-0546 https://nvd.nist.gov/vuln/detail/CVE-2000-0546 2000-06-09T00:00:00 security flaw

Buffer overflow in Kerberos 4 KDC program allows remote attackers to cause a denial of service via the localrealm variable in the process_v4 function.

This issue was fixed in the following product: - Red Hat Linux 6.2 - RHSA-2000:031 (2000-06-09) https://www.cve.org/CVERecord?id=CVE-2000-0547 https://nvd.nist.gov/vuln/detail/CVE-2000-0547 2000-06-09T00:00:00 security flaw

Buffer overflow in Kerberos 4 KDC program allows remote attackers to cause a denial of service via the e_msg variable in the kerb_err_reply function.

This issue was fixed in the following product: - Red Hat Linux 6.2 - RHSA-2000:031 (2000-06-09) https://www.cve.org/CVERecord?id=CVE-2000-0548 https://nvd.nist.gov/vuln/detail/CVE-2000-0548 2000-06-09T00:00:00 security flaw

Kerberos 4 KDC program does not properly check for null termination of AUTH_MSG_KDC_REQUEST requests, which allows remote attackers to cause a denial of service via a malformed request.

This issue was fixed in the following product: - Red Hat Linux 6.2 - RHSA-2000:031 (2000-06-09) https://www.cve.org/CVERecord?id=CVE-2000-0549 https://nvd.nist.gov/vuln/detail/CVE-2000-0549 2000-06-09T00:00:00 security flaw

Kerberos 4 KDC program improperly frees memory twice (aka "double-free"), which allows remote attackers to cause a denial of service.

This issue was fixed in the following product: - Red Hat Linux 6.2 - RHSA-2000:031 (2000-06-09) https://www.cve.org/CVERecord?id=CVE-2000-0550 https://nvd.nist.gov/vuln/detail/CVE-2000-0550 2000-07-03T00:00:00 security flaw

makewhatis in Linux man package allows local users to overwrite files via a symlink attack.

This issue was fixed in the following products: - Red Hat Linux 5.2 - RHSA-2000:041 (2000-07-04) - Red Hat Linux 6.0 - RHSA-2000:041 (2000-07-04) - Red Hat Linux 6.1 - RHSA-2000:041 (2000-07-04) - Red Hat Linux 6.2 - RHSA-2000:041 (2000-07-04) https://www.cve.org/CVERecord?id=CVE-2000-0566 https://nvd.nist.gov/vuln/detail/CVE-2000-0566 2000-06-23T00:00:00 security flaw

The lreply function in wu-ftpd 2.6.0 and earlier does not properly cleanse an untrusted format string, which allows remote attackers to execute arbitrary commands via the SITE EXEC command.

This issue was fixed in the following products: - Red Hat Linux 5.2 - RHSA-2000:039 (2000-06-23) - Red Hat Linux 6.2 - RHSA-2000:039 (2000-06-23) https://www.cve.org/CVERecord?id=CVE-2000-0573 https://nvd.nist.gov/vuln/detail/CVE-2000-0573 2000-07-05T00:00:00 security flaw

BitchX IRC client does not properly cleanse an untrusted format string, which allows remote attackers to cause a denial of service via an invite to a channel whose name includes special formatting characters.

This issue was fixed in the following products: - Red Hat Powertools 6.0 - RHSA-2000:042 (2000-07-06) - Red Hat Powertools 6.1 - RHSA-2000:042 (2000-07-06) - Red Hat Powertools 6.2 - RHSA-2000:042 (2000-07-06) https://www.cve.org/CVERecord?id=CVE-2000-0594 https://nvd.nist.gov/vuln/detail/CVE-2000-0594 2000-07-18T00:00:00 security flaw

Vulnerability in Mandrake Linux usermode package allows local users to to reboot or halt the system.

This issue was fixed in the following products: - Red Hat Linux 6.0 - RHSA-2000:053 (2000-10-13) - Red Hat Linux 6.1 - RHSA-2000:053 (2000-10-13) - Red Hat Linux 6.2 - RHSA-2000:053 (2000-10-13) https://www.cve.org/CVERecord?id=CVE-2000-0633 https://nvd.nist.gov/vuln/detail/CVE-2000-0633 2000-07-24T00:00:00 security flaw

Netscape Communicator 4.73 and earlier allows remote attackers to cause a denial of service or execute arbitrary commands via a JPEG image containing a comment with an illegal field length of 1.

This issue was fixed in the following products: - Red Hat Linux 5.2 - RHSA-2000:046 (2000-07-31) - Red Hat Linux 6.0 - RHSA-2000:046 (2000-07-31) - Red Hat Linux 6.1 - RHSA-2000:046 (2000-07-31) - Red Hat Linux 6.2 - RHSA-2000:046 (2000-07-31) https://www.cve.org/CVERecord?id=CVE-2000-0655 https://nvd.nist.gov/vuln/detail/CVE-2000-0655 2000-07-16T00:00:00 security flaw

rpc.statd in the nfs-utils package in various Linux distributions does not properly cleanse untrusted format strings, which allows remote attackers to gain root privileges.

This issue was fixed in the following products: - Red Hat Linux 6.0 - RHSA-2000:043 (2000-07-17) - Red Hat Linux 6.1 - RHSA-2000:043 (2000-07-17) - Red Hat Linux 6.2 - RHSA-2000:043 (2000-07-17) https://www.cve.org/CVERecord?id=CVE-2000-0666 https://nvd.nist.gov/vuln/detail/CVE-2000-0666 2000-07-21T00:00:00 security flaw

pam_console PAM module in Linux systems allows a user to access the system console and reboot the system when a display manager such as gdm or kdm has XDMCP enabled.

This issue was fixed in the following products: - Red Hat Linux 6.0 - RHSA-2000:044 (2000-07-21) - Red Hat Linux 6.1 - RHSA-2000:044 (2000-07-21) - Red Hat Linux 6.2 - RHSA-2000:044 (2000-07-21) https://www.cve.org/CVERecord?id=CVE-2000-0668 https://nvd.nist.gov/vuln/detail/CVE-2000-0668 2000-08-03T00:00:00 security flaw

Netscape Communicator and Navigator 4.04 through 4.74 allows remote attackers to read arbitrary files by using a Java applet to open a connection to a URL using the "file", "http", "https", and "ftp" protocols, as demonstrated by Brown Orifice.

This issue was fixed in the following product: - Red Hat Linux 6.2 - RHSA-2000:054 (2000-08-18) https://www.cve.org/CVERecord?id=CVE-2000-0676 https://nvd.nist.gov/vuln/detail/CVE-2000-0676 2000-08-25T00:00:00 security flaw

The faxrunq and faxrunqd in the mgetty package allows local users to create or modify arbitrary files via a symlink attack which creates a symlink in from /var/spool/fax/outgoing/.last_run to the target file.

This issue was fixed in the following products: - Red Hat Linux 5.2 - RHSA-2000:059 (2000-09-07) - Red Hat Linux 6.0 - RHSA-2000:059 (2000-09-07) - Red Hat Linux 6.1 - RHSA-2000:059 (2000-09-07) - Red Hat Linux 6.2 - RHSA-2000:059 (2000-09-07) https://www.cve.org/CVERecord?id=CVE-2000-0691 https://nvd.nist.gov/vuln/detail/CVE-2000-0691 2000-08-01T00:00:00 security flaw

The wrapper program in mailman 2.0beta3 and 2.0beta4 does not properly cleanse untrusted format strings, which allows local users to gain privileges.

This issue was fixed in the following product: - Red Hat Secure Web Server 3.2 - RHSA-2000:030 (2000-05-24) https://www.cve.org/CVERecord?id=CVE-2000-0701 https://nvd.nist.gov/vuln/detail/CVE-2000-0701 2000-08-07T00:00:00 security flaw

suidperl (aka sperl) does not properly cleanse the escape sequence "~!" before calling /bin/mail to send an error report, which allows local users to gain privileges by setting the "interactive" environmental variable and calling suidperl with a filename that contains the escape sequence.

This issue was fixed in the following products: - Red Hat Linux 5.0 - RHSA-2000:048 (2000-08-07) - Red Hat Linux 5.1 - RHSA-2000:048 (2000-08-07) - Red Hat Linux 5.2 - RHSA-2000:048 (2000-08-07) - Red Hat Linux 6.0 - RHSA-2000:048 (2000-08-07) - Red Hat Linux 6.1 - RHSA-2000:048 (2000-08-07) - Red Hat Linux 6.2 - RHSA-2000:048 (2000-08-07) https://www.cve.org/CVERecord?id=CVE-2000-0703 https://nvd.nist.gov/vuln/detail/CVE-2000-0703 2000-08-07T00:00:00 security flaw

ntop running in web mode allows remote attackers to read arbitrary files via a .. (dot dot) attack.

This issue was fixed in the following product: - Red Hat Powertools 6.2 - RHSA-2000:049 (2000-08-07) https://www.cve.org/CVERecord?id=CVE-2000-0705 https://nvd.nist.gov/vuln/detail/CVE-2000-0705 2000-08-08T00:00:00 security flaw

umb-scheme 3.2-11 for Red Hat Linux is installed with world-writeable files.

This issue was fixed in the following product: - Red Hat Linux 6.2 - RHSA-2000:047 (2000-08-07) https://www.cve.org/CVERecord?id=CVE-2000-0714 https://nvd.nist.gov/vuln/detail/CVE-2000-0714 2000-08-05T00:00:00 security flaw

DiskCheck script diskcheck.pl in Red Hat Linux 6.2 allows local users to create or overwrite arbitrary files via a symlink attack on a temporary file.

Red Hat Powertools 6.2 2000-12-01T00:00:00 RHSA-2000:122 Red Hat Powertools 7.0 2000-12-01T00:00:00 RHSA-2000:122 https://www.cve.org/CVERecord?id=CVE-2000-0715 https://nvd.nist.gov/vuln/detail/CVE-2000-0715 2000-08-10T00:00:00 security flaw

Zope before 2.2.1 does not properly restrict access to the getRoles method, which allows users who can edit DTML to add or modify roles by modifying the roles list that is included in a request.

This issue was fixed in the following products: - Red Hat Powertools 6.1 - RHSA-2000:052 (2000-08-11) - Red Hat Powertools 6.2 - RHSA-2000:052 (2000-08-11) https://www.cve.org/CVERecord?id=CVE-2000-0725 https://nvd.nist.gov/vuln/detail/CVE-2000-0725 2000-08-29T00:00:00 security flaw

xpdf PDF viewer client earlier than 0.91 does not properly launch a web browser for embedded URL's, which allows an attacker to execute arbitrary commands via a URL that contains shell metacharacters.

This issue was fixed in the following products: - Red Hat Linux 5.2 - RHSA-2000:060 (2000-09-13) - Red Hat Linux 6.2 - RHSA-2000:060 (2000-09-13) https://www.cve.org/CVERecord?id=CVE-2000-0727 https://nvd.nist.gov/vuln/detail/CVE-2000-0727 2000-08-29T00:00:00 security flaw

xpdf PDF viewer client earlier than 0.91 allows local users to overwrite arbitrary files via a symlink attack.

This issue was fixed in the following products: - Red Hat Linux 5.2 - RHSA-2000:060 (2000-09-13) - Red Hat Linux 6.2 - RHSA-2000:060 (2000-09-13) https://www.cve.org/CVERecord?id=CVE-2000-0728 https://nvd.nist.gov/vuln/detail/CVE-2000-0728 2000-08-08T00:00:00 security flaw

Buffer overflow in mopd (Maintenance Operations Protocol loader daemon) allows remote attackers to execute arbitrary commands via a long file name.

This issue was fixed in the following products: - Red Hat Powertools 6.0 - RHSA-2000:050 (2000-08-08) - Red Hat Powertools 6.1 - RHSA-2000:050 (2000-08-08) - Red Hat Powertools 6.2 - RHSA-2000:050 (2000-08-08) https://www.cve.org/CVERecord?id=CVE-2000-0750 https://nvd.nist.gov/vuln/detail/CVE-2000-0750 2000-08-08T00:00:00 security flaw

mopd (Maintenance Operations Protocol loader daemon) does not properly cleanse user-injected format strings, which allows remote attackers to execute arbitrary commands.

This issue was fixed in the following products: - Red Hat Powertools 6.0 - RHSA-2000:050 (2000-08-08) - Red Hat Powertools 6.1 - RHSA-2000:050 (2000-08-08) - Red Hat Powertools 6.2 - RHSA-2000:050 (2000-08-08) https://www.cve.org/CVERecord?id=CVE-2000-0751 https://nvd.nist.gov/vuln/detail/CVE-2000-0751 2000-08-17T00:00:00 security flaw

IRC Xchat client versions 1.4.2 and earlier allows remote attackers to execute arbitrary commands by encoding shell metacharacters into a URL which XChat uses to launch a web browser.

This issue was fixed in the following product: - Red Hat Linux 6.2 - RHSA-2000:055 (2000-08-22) https://www.cve.org/CVERecord?id=CVE-2000-0787 https://nvd.nist.gov/vuln/detail/CVE-2000-0787

String parsing error in rpc.kstatd in the linuxnfs or knfsd packages in SuSE and possibly other Linux systems allows remote attackers to gain root privileges.

This issue is a duplicate of CVE-2000-0666, which has been corrected via RHSA-2000:043. https://www.cve.org/CVERecord?id=CVE-2000-0800 https://nvd.nist.gov/vuln/detail/CVE-2000-0800 2000-10-06T00:00:00 security flaw

Linux tmpwatch --fuser option allows local users to execute arbitrary commands by creating files whose names contain shell metacharacters.

This issue was fixed in the following products: - Red Hat Linux 6.1 - RHSA-2000:080 (2000-11-08) - Red Hat Linux 6.2 - RHSA-2000:080 (2000-11-08) - Red Hat Linux 7.0 - RHSA-2000:080 (2000-11-08) https://www.cve.org/CVERecord?id=CVE-2000-0816 https://nvd.nist.gov/vuln/detail/CVE-2000-0816 1999-09-17T00:00:00 security flaw

The unsetenv function in glibc 2.1.1 does not properly unset an environmental variable if the variable is provided twice to a program, which could allow local users to execute arbitrary commands in setuid programs by specifying their own duplicate environmental variables such as LD_PRELOAD or LD_LIBRARY_PATH.

This issue was fixed in the following products: - Red Hat Linux 5.0 - RHSA-2000:057 (2000-09-01) - Red Hat Linux 5.1 - RHSA-2000:057 (2000-09-01) - Red Hat Linux 5.2 - RHSA-2000:057 (2000-09-01) - Red Hat Linux 6.0 - RHSA-2000:057 (2000-09-01) - Red Hat Linux 6.1 - RHSA-2000:057 (2000-09-01) - Red Hat Linux 6.2 - RHSA-2000:057 (2000-09-01) https://www.cve.org/CVERecord?id=CVE-2000-0824 https://nvd.nist.gov/vuln/detail/CVE-2000-0824 2000-09-09T00:00:00 security flaw

The tmpwatch utility in Red Hat Linux forks a new process for each directory level, which allows local users to cause a denial of service by creating deeply nested directories in /tmp or /var/tmp/.

This issue was fixed in the following products: - Red Hat Linux 6.1 - RHSA-2000:080 (2000-11-08) - Red Hat Linux 6.2 - RHSA-2000:080 (2000-11-08) - Red Hat Linux 7.0 - RHSA-2000:080 (2000-11-08) https://www.cve.org/CVERecord?id=CVE-2000-0829 https://nvd.nist.gov/vuln/detail/CVE-2000-0829 2000-09-04T00:00:00 security flaw

Some functions that implement the locale subsystem on Unix do not properly cleanse user-injected format strings, which allows local attackers to execute arbitrary commands via functions such as gettext and catopen.

This issue was fixed in the following products: - Red Hat Linux 5.0 - RHSA-2000:057 (2000-09-01) - Red Hat Linux 5.1 - RHSA-2000:057 (2000-09-01) - Red Hat Linux 5.2 - RHSA-2000:057 (2000-09-01) - Red Hat Linux 6.0 - RHSA-2000:057 (2000-09-01) - Red Hat Linux 6.1 - RHSA-2000:057 (2000-09-01) - Red Hat Linux 6.2 - RHSA-2000:057 (2000-09-01) https://www.cve.org/CVERecord?id=CVE-2000-0844 https://nvd.nist.gov/vuln/detail/CVE-2000-0844 2000-08-31T00:00:00 security flaw

Race condition in the creation of a Unix domain socket in GNOME esound 0.2.19 and earlier allows a local user to change the permissions of arbitrary files and directories, and gain additional privileges, via a symlink attack.

This issue was fixed in the following products: - Red Hat Linux 6.0 - RHSA-2000:077 (2000-10-06) - Red Hat Linux 6.1 - RHSA-2000:077 (2000-10-06) - Red Hat Linux 6.2 - RHSA-2000:077 (2000-10-06) - Red Hat Linux 7.0 - RHSA-2000:077 (2000-10-06) - Red Hat Linux 7.0j - RHSA-2000:077 (2000-10-06) https://www.cve.org/CVERecord?id=CVE-2000-0864 https://nvd.nist.gov/vuln/detail/CVE-2000-0864 2000-09-17T00:00:00 security flaw

Kernel logging daemon (klogd) in Linux does not properly cleanse user-injected format strings, which allows local users to gain root privileges by triggering malformed kernel messages.

This issue was fixed in the following products: - Red Hat Linux 5.2 - RHSA-2000:061 (2000-09-18) - Red Hat Linux 6.0 - RHSA-2000:061 (2000-09-18) - Red Hat Linux 6.1 - RHSA-2000:061 (2000-09-18) - Red Hat Linux 6.2 - RHSA-2000:061 (2000-09-18) https://www.cve.org/CVERecord?id=CVE-2000-0867 https://nvd.nist.gov/vuln/detail/CVE-2000-0867 2000-11-07T00:00:00 security flaw

named in BIND 8.2 through 8.2.2-P6 allows remote attackers to cause a denial of service by making a compressed zone transfer (ZXFR) request and performing a name service query on an authoritative record that is not cached, aka the "zxfr bug."

This issue was fixed in the following products: - Red Hat Linux 5.2 - RHSA-2000:107 (2000-11-16) - Red Hat Linux 6.0 - RHSA-2000:107 (2000-11-16) - Red Hat Linux 6.1 - RHSA-2000:107 (2000-11-16) - Red Hat Linux 6.2 - RHSA-2000:107 (2000-11-16) - Red Hat Linux 7.0 - RHSA-2000:107 (2000-11-16) https://www.cve.org/CVERecord?id=CVE-2000-0887 https://nvd.nist.gov/vuln/detail/CVE-2000-0887 2000-11-13T00:00:00 security flaw

named in BIND 8.2 through 8.2.2-P6 allows remote attackers to cause a denial of service by sending an SRV record to the server, aka the "srv bug."

This issue was fixed in the following products: - Red Hat Linux 5.2 - RHSA-2000:107 (2000-11-16) - Red Hat Linux 6.0 - RHSA-2000:107 (2000-11-16) - Red Hat Linux 6.1 - RHSA-2000:107 (2000-11-16) - Red Hat Linux 6.2 - RHSA-2000:107 (2000-11-16) - Red Hat Linux 7.0 - RHSA-2000:107 (2000-11-16) https://www.cve.org/CVERecord?id=CVE-2000-0888 https://nvd.nist.gov/vuln/detail/CVE-2000-0888 2000-09-05T00:00:00 security flaw

Format string vulnerability in screen 3.9.5 and earlier allows local users to gain root privileges via format characters in the vbell_msg initialization variable.

This issue was fixed in the following product: - Red Hat Linux 5.2 - RHSA-2000:058 (2000-09-07) https://www.cve.org/CVERecord?id=CVE-2000-0901 https://nvd.nist.gov/vuln/detail/CVE-2000-0901 2000-09-22T00:00:00 security flaw

Buffer overflow in the automatic mail checking component of Pine 4.21 and earlier allows remote attackers to execute arbitrary commands via a long From: header.

This issue was fixed in the following products: - Red Hat Linux 5.2 - RHSA-2000:102 (2000-11-10) - Red Hat Linux 6.0 - RHSA-2000:102 (2000-11-10) - Red Hat Linux 6.1 - RHSA-2000:102 (2000-11-10) - Red Hat Linux 6.2 - RHSA-2000:102 (2000-11-10) - Red Hat Linux 7.0 - RHSA-2000:102 (2000-11-10) https://www.cve.org/CVERecord?id=CVE-2000-0909 https://nvd.nist.gov/vuln/detail/CVE-2000-0909 Important 2000-09-29T00:00:00 security flaw

mod_rewrite in Apache 1.3.12 and earlier allows remote attackers to read arbitrary files if a RewriteRule directive is expanded to include a filename whose name contains a regular expression.

This issue was fixed in the following products: - Red Hat Linux 5.2 - RHSA-2000:088 (2000-10-23) - Red Hat Linux 6.0 - RHSA-2000:088 (2000-10-23) - Red Hat Linux 6.1 - RHSA-2000:088 (2000-10-23) - Red Hat Linux 6.2 - RHSA-2000:088 (2000-10-23) - Red Hat Linux 7.0 - RHSA-2000:088 (2000-10-23) - Red Hat Secure Web Server 3.2 - RHSA-2000:095 (2000-10-26) https://www.cve.org/CVERecord?id=CVE-2000-0913 https://nvd.nist.gov/vuln/detail/CVE-2000-0913 2000-09-25T00:00:00 security flaw

Format string vulnerability in use_syslog() function in LPRng 3.6.24 allows remote attackers to execute arbitrary commands.

This issue was fixed in the following product: - Red Hat Linux 7.0 - RHSA-2000:065 (2000-09-26) https://www.cve.org/CVERecord?id=CVE-2000-0917 https://nvd.nist.gov/vuln/detail/CVE-2000-0917 2000-09-20T00:00:00 security flaw

Glint in Red Hat Linux 5.2 allows local users to overwrite arbitrary files and cause a denial of service via a symlink attack.

This issue was fixed in the following product: - Red Hat Linux 5.2 - RHSA-2000:062 (2000-09-19) https://www.cve.org/CVERecord?id=CVE-2000-0934 https://nvd.nist.gov/vuln/detail/CVE-2000-0934 2000-10-02T00:00:00 security flaw

GnoRPM before 0.95 allows local users to modify arbitrary files via a symlink attack.

This issue was fixed in the following products: - Red Hat Linux 6.1 - RHSA-2000:072 (2000-12-01) - Red Hat Linux 6.2 - RHSA-2000:072 (2000-12-01) - Red Hat Linux 7.0 - RHSA-2000:072 (2000-12-01) https://www.cve.org/CVERecord?id=CVE-2000-0948 https://nvd.nist.gov/vuln/detail/CVE-2000-0948 2000-09-28T00:00:00 security flaw

Heap overflow in savestr function in LBNL traceroute 1.4a5 and earlier allows a local user to execute arbitrary commands via the -g option.

This issue was fixed in the following products: - Red Hat Linux 5.0 - RHSA-2000:078 (2000-10-13) - Red Hat Linux 5.1 - RHSA-2000:078 (2000-10-13) - Red Hat Linux 5.2 - RHSA-2000:078 (2000-10-13) - Red Hat Linux 6.0 - RHSA-2000:078 (2000-10-13) - Red Hat Linux 6.1 - RHSA-2000:078 (2000-10-13) - Red Hat Linux 6.2 - RHSA-2000:078 (2000-10-13) https://www.cve.org/CVERecord?id=CVE-2000-0949 https://nvd.nist.gov/vuln/detail/CVE-2000-0949 2000-10-26T00:00:00 security flaw

cyrus-sasl before 1.5.24 in Red Hat Linux 7.0 does not properly verify the authorization for a local user, which could allow the users to bypass specified access restrictions.

This issue was fixed in the following product: - Red Hat Linux 7.0 - RHSA-2000:094 (2000-10-26) https://www.cve.org/CVERecord?id=CVE-2000-0956 https://nvd.nist.gov/vuln/detail/CVE-2000-0956 2000-10-09T00:00:00 security flaw

Buffer overflow in ncurses library allows local users to execute arbitrary commands via long environmental information such as TERM or TERMINFO_DIRS.

This issue was fixed in the following products: - Red Hat Linux 6.2 - RHSA-2000:115 (2000-11-27) - Red Hat Linux 7.0 - RHSA-2000:115 (2000-11-27) - Red Hat Linux 7.0j - RHSA-2000:115 (2000-11-27) https://www.cve.org/CVERecord?id=CVE-2000-0963 https://nvd.nist.gov/vuln/detail/CVE-2000-0963 2000-10-12T00:00:00 security flaw

PHP 3 and 4 do not properly cleanse user-injected format strings, which allows remote attackers to execute arbitrary commands by triggering error messages that are improperly written to the error logs.

This issue was fixed in the following products: - Red Hat Linux 5.2 - RHSA-2000:088 (2000-10-23) - Red Hat Linux 6.0 - RHSA-2000:088 (2000-10-23) - Red Hat Linux 6.1 - RHSA-2000:088 (2000-10-23) - Red Hat Linux 6.2 - RHSA-2000:088 (2000-10-23) - Red Hat Linux 7.0 - RHSA-2000:088 (2000-10-23) - Red Hat Secure Web Server 3.2 - RHSA-2000:095 (2000-10-26) https://www.cve.org/CVERecord?id=CVE-2000-0967 https://nvd.nist.gov/vuln/detail/CVE-2000-0967 2000-10-13T00:00:00 security flaw

Buffer overflow in curl earlier than 6.0-1.1, and curl-ssl earlier than 6.0-1.2, allows remote attackers to execute arbitrary commands by forcing a long error message to be generated.

https://www.cve.org/CVERecord?id=CVE-2000-0973 https://nvd.nist.gov/vuln/detail/CVE-2000-0973 2000-10-11T00:00:00 security flaw

GnuPG (gpg) 1.0.3 does not properly check all signatures of a file containing multiple documents, which allows an attacker to modify contents of all documents but the first without detection.

This issue was fixed in the following products: - Red Hat Linux 6.2 - RHSA-2000:089 (2000-10-20) - Red Hat Linux 7.0 - RHSA-2000:089 (2000-10-20) https://www.cve.org/CVERecord?id=CVE-2000-0974 https://nvd.nist.gov/vuln/detail/CVE-2000-0974 2000-10-18T00:00:00 security flaw

Format string vulnerability in logging function of ypbind 3.3, while running in debug mode, leaks file descriptors and allows an attacker to cause a denial of service.

This issue was fixed in the following products: - Red Hat Linux 5.0 - RHSA-2000:086 (2000-11-08) - Red Hat Linux 5.1 - RHSA-2000:086 (2000-11-08) - Red Hat Linux 5.2 - RHSA-2000:086 (2000-11-08) - Red Hat Linux 6.0 - RHSA-2000:086 (2000-11-08) - Red Hat Linux 6.1 - RHSA-2000:086 (2000-11-08) - Red Hat Linux 6.2 - RHSA-2000:086 (2000-11-08) https://www.cve.org/CVERecord?id=CVE-2000-1040 https://nvd.nist.gov/vuln/detail/CVE-2000-1040 2000-10-27T00:00:00 security flaw

nss_ldap earlier than 121, when run with nscd (name service caching daemon), allows remote attackers to cause a denial of service via a flood of LDAP requests.

This issue was fixed in the following products: - Red Hat Linux 6.1 - RHSA-2000:024 (2000-10-27) - Red Hat Linux 6.2 - RHSA-2000:024 (2000-10-27) - Red Hat Linux 7.0 - RHSA-2000:024 (2000-10-27) https://www.cve.org/CVERecord?id=CVE-2000-1045 https://nvd.nist.gov/vuln/detail/CVE-2000-1045 2000-11-12T00:00:00 security flaw

modprobe in the modutils 2.3.x package on Linux systems allows a local user to execute arbitrary commands via shell metacharacters.

This issue was fixed in the following products: - Red Hat Linux 6.2 - RHSA-2000:108 (2000-12-20) - Red Hat Linux 7.0 - RHSA-2000:108 (2000-12-20) https://www.cve.org/CVERecord?id=CVE-2000-1095 https://nvd.nist.gov/vuln/detail/CVE-2000-1095 2000-10-28T00:00:00 security flaw

Multiple shell programs on various Unix systems, including (1) tcsh, (2) csh, (3) sh, and (4) bash, follow symlinks when processing << redirects (aka here-documents or in-here documents), which allows local users to overwrite files of other users via a symlink attack.

This issue was fixed in the following products: - Red Hat Linux 5.0 - RHSA-2000:117 (2000-11-27) - Red Hat Linux 5.1 - RHSA-2000:117 (2000-11-27) - Red Hat Linux 5.2 - RHSA-2000:117 (2000-11-27) - Red Hat Linux 5.2 - RHSA-2000:121 (2000-11-30) - Red Hat Linux 6.0 - RHSA-2000:117 (2000-11-27) - Red Hat Linux 6.0 - RHSA-2000:121 (2000-11-30) - Red Hat Linux 6.1 - RHSA-2000:117 (2000-11-27) - Red Hat Linux 6.1 - RHSA-2000:121 (2000-11-30) - Red Hat Linux 6.2 - RHSA-2000:117 (2000-11-27) - Red Hat Linux 6.2 - RHSA-2000:121 (2000-11-30) - Red Hat Linux 7.0 - RHSA-2000:121 (2000-11-30) - Red Hat Linux 7.0j - RHSA-2000:121 (2000-11-30) Red Hat Linux 5.2 2000-11-30T00:00:00 RHSA-2000:121 Red Hat Linux 6.0 2000-11-30T00:00:00 RHSA-2000:121 Red Hat Linux 6.1 2000-11-30T00:00:00 RHSA-2000:121 Red Hat Linux 6.2 2000-11-30T00:00:00 RHSA-2000:121 Red Hat Linux 7.0 2000-11-30T00:00:00 RHSA-2000:121 Red Hat Linux 7.0j 2000-11-30T00:00:00 RHSA-2000:121 https://www.cve.org/CVERecord?id=CVE-2000-1134 https://nvd.nist.gov/vuln/detail/CVE-2000-1134 2000-11-29T00:00:00 security flaw

GNU ed before 0.2-18.1 allows local users to overwrite the files of other users via a symlink attack.

Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Red Hat Linux 5.2 2000-12-06T00:00:00 RHSA-2000:123 Red Hat Linux 6.0 2000-12-06T00:00:00 RHSA-2000:123 Red Hat Linux 6.1 2000-12-06T00:00:00 RHSA-2000:123 Red Hat Linux 6.2 2000-12-06T00:00:00 RHSA-2000:123 Red Hat Linux 7.0 2000-12-06T00:00:00 RHSA-2000:123 https://www.cve.org/CVERecord?id=CVE-2000-1137 https://nvd.nist.gov/vuln/detail/CVE-2000-1137 2000-11-22T00:00:00 security flaw

ghostscript before 5.10-16 allows local users to overwrite files of other users via a symlink attack.

This issue was fixed in the following products: - Red Hat Linux 5.0 - RHSA-2000:114 (2000-11-22) - Red Hat Linux 5.1 - RHSA-2000:114 (2000-11-22) - Red Hat Linux 5.2 - RHSA-2000:114 (2000-11-22) - Red Hat Linux 6.0 - RHSA-2000:114 (2000-11-22) - Red Hat Linux 6.1 - RHSA-2000:114 (2000-11-22) - Red Hat Linux 6.2 - RHSA-2000:114 (2000-11-22) - Red Hat Linux 7.0 - RHSA-2000:114 (2000-11-22) https://www.cve.org/CVERecord?id=CVE-2000-1162 https://nvd.nist.gov/vuln/detail/CVE-2000-1162 2000-11-13T00:00:00 security flaw

OpenSSH SSH client before 2.3.0 does not properly disable X11 or agent forwarding, which could allow a malicious SSH server to gain access to the X11 display and sniff X11 events, or gain access to the ssh-agent.

This issue was fixed in the following product: - Red Hat Linux 7.0 - RHSA-2000:111 (2000-11-27) https://www.cve.org/CVERecord?id=CVE-2000-1169 https://nvd.nist.gov/vuln/detail/CVE-2000-1169 2000-11-18T00:00:00 security flaw

Multiple buffer overflows in AFS ACL parser for Ethereal 0.8.13 and earlier allows remote attackers to execute arbitrary commands via a packet with a long username.

This issue was fixed in the following products: - Red Hat Powertools 6.0 - RHSA-2000:116 (2000-12-05) - Red Hat Powertools 6.1 - RHSA-2000:116 (2000-12-05) - Red Hat Powertools 6.2 - RHSA-2000:116 (2000-12-05) - Red Hat Powertools 7.0 - RHSA-2000:116 (2000-12-05) https://www.cve.org/CVERecord?id=CVE-2000-1174 https://nvd.nist.gov/vuln/detail/CVE-2000-1174 2000-11-16T00:00:00 security flaw

Joe text editor follows symbolic links when creating a rescue copy called DEADJOE during an abnormal exit, which allows local users to overwrite the files of other users whose joe session crashes.

This issue was fixed in the following products: - Red Hat Linux 5.2 - RHSA-2000:110 (2000-11-20) - Red Hat Linux 6.0 - RHSA-2000:110 (2000-11-20) - Red Hat Linux 6.1 - RHSA-2000:110 (2000-11-20) - Red Hat Linux 6.2 - RHSA-2000:110 (2000-11-20) - Red Hat Linux 7.0 - RHSA-2000:110 (2000-11-20) https://www.cve.org/CVERecord?id=CVE-2000-1178 https://nvd.nist.gov/vuln/detail/CVE-2000-1178 2000-11-27T00:00:00 security flaw

Buffer overflow in the HTML parser for Netscape 4.75 and earlier allows remote attackers to execute arbitrary commands via a long password value in a form field.

This issue was fixed in the following products: - Red Hat Linux 6.0 - RHSA-2000:109 (2000-11-27) - Red Hat Linux 6.1 - RHSA-2000:109 (2000-11-27) - Red Hat Linux 6.2 - RHSA-2000:109 (2000-11-27) - Red Hat Linux 7.0 - RHSA-2000:109 (2000-11-27) https://www.cve.org/CVERecord?id=CVE-2000-1187 https://nvd.nist.gov/vuln/detail/CVE-2000-1187 2000-12-01T00:00:00 security flaw

Buffer overflow in pam_localuser PAM module in Red Hat Linux 7.x and 6.x allows attackers to gain privileges.

This issue was fixed in the following products: - Red Hat Linux 6.0 - RHSA-2000:120 (2000-12-01) - Red Hat Linux 6.1 - RHSA-2000:120 (2000-12-01) - Red Hat Linux 6.2 - RHSA-2000:120 (2000-12-01) - Red Hat Linux 7.0 - RHSA-2000:120 (2000-12-01) - Red Hat Linux 7.0j - RHSA-2000:120 (2000-12-01) https://www.cve.org/CVERecord?id=CVE-2000-1189 https://nvd.nist.gov/vuln/detail/CVE-2000-1189 2000-05-31T00:00:00 security flaw

imwheel-solo in imwheel package allows local users to modify arbitrary files via a symlink attack from the .imwheelrc file.

This issue was fixed in the following products: - Red Hat Powertools 6.1 - RHSA-2000:016 (2000-04-21) - Red Hat Powertools 6.2 - RHSA-2000:016 (2000-04-21) https://www.cve.org/CVERecord?id=CVE-2000-1190 https://nvd.nist.gov/vuln/detail/CVE-2000-1190 Low 2000-04-18T00:00:00 security flaw

htsearch program in htDig 3.2 beta, 3.1.6, 3.1.5, and earlier allows remote attackers to determine the physical path of the server by requesting a non-existent configuration file using the config parameter, which generates an error message that includes the full path.

Red Hat Enterprise Linux 3 2007-06-11T00:00:00 RHBA-2007:0026 htdig-2:3.1.6-7.el3 https://www.cve.org/CVERecord?id=CVE-2000-1191 https://nvd.nist.gov/vuln/detail/CVE-2000-1191

PostgreSQL stores usernames and passwords in plaintext in (1) pg_shadow and (2) pg_pwd, which allows attackers with sufficient privileges to gain access to databases.

Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. https://www.cve.org/CVERecord?id=CVE-2000-1199 https://nvd.nist.gov/vuln/detail/CVE-2000-1199 2000-09-30T00:00:00 security flaw

userhelper in the usermode package on Red Hat Linux executes non-setuid programs as root, which does not activate the security measures in glibc and allows the programs to be exploited via format string vulnerabilities in glibc via the LANG or LC_ALL environment variables (CVE-2000-0844).

This issue was fixed in the following products: - Red Hat Linux 6.0 - RHSA-2000:075 (2000-12-01) - Red Hat Linux 6.1 - RHSA-2000:075 (2000-12-01) - Red Hat Linux 6.2 - RHSA-2000:075 (2000-12-01) - Red Hat Linux 7.0 - RHSA-2000:075 (2000-12-01) https://www.cve.org/CVERecord?id=CVE-2000-1207 https://nvd.nist.gov/vuln/detail/CVE-2000-1207 2000-05-31T00:00:00 security flaw

Format string vulnerability in startprinting() function of printjob.c in BSD-based lpr lpd package may allow local users to gain privileges via an improper syslog call that uses format strings from the checkremote() call.

This issue was fixed in the following products: - Red Hat Linux 5.0 - RHSA-2000:066 (2000-10-13) - Red Hat Linux 5.1 - RHSA-2000:066 (2000-10-13) - Red Hat Linux 5.2 - RHSA-2000:066 (2000-10-13) - Red Hat Linux 6.0 - RHSA-2000:066 (2000-10-13) - Red Hat Linux 6.1 - RHSA-2000:066 (2000-10-13) - Red Hat Linux 6.2 - RHSA-2000:066 (2000-10-13) https://www.cve.org/CVERecord?id=CVE-2000-1208 https://nvd.nist.gov/vuln/detail/CVE-2000-1208 2000-12-22T00:00:00 security flaw

Zope 2.2.0 through 2.2.4 does not properly perform security registration for legacy names of object constructors such as DTML method objects, which could allow attackers to perform unauthorized activities.

Red Hat Powertools 6.2 2000-12-13T00:00:00 RHSA-2000:125 Red Hat Powertools 7.0 2000-12-13T00:00:00 RHSA-2000:125 https://www.cve.org/CVERecord?id=CVE-2000-1211 https://nvd.nist.gov/vuln/detail/CVE-2000-1211 2000-12-18T00:00:00 security flaw

Zope 2.2.0 through 2.2.4 does not properly protect a data updating method on Image and File objects, which allows attackers with DTML editing privileges to modify the raw data of these objects.

Red Hat Powertools 6.2 2000-12-20T00:00:00 RHSA-2000:135 Red Hat Powertools 7.0 2000-12-20T00:00:00 RHSA-2000:135 https://www.cve.org/CVERecord?id=CVE-2000-1212 https://nvd.nist.gov/vuln/detail/CVE-2000-1212 2000-10-18T00:00:00 security flaw

ping in iputils before 20001010, as distributed on Red Hat Linux 6.2 through 7J and other operating systems, does not drop privileges after acquiring a raw socket, which increases ping's exposure to bugs that otherwise would occur at lower privileges.

This issue was fixed in the following products: - Red Hat Linux 6.2 - RHSA-2000:087 (2000-10-18) - Red Hat Linux 7.0 - RHSA-2000:087 (2000-10-18) - Red Hat Linux 7.0j - RHSA-2000:087 (2000-10-18) https://www.cve.org/CVERecord?id=CVE-2000-1213 https://nvd.nist.gov/vuln/detail/CVE-2000-1213 2000-10-18T00:00:00 security flaw

Buffer overflows in the (1) outpack or (2) buf variables of ping in iputils before 20001010, as distributed on Red Hat Linux 6.2 through 7J and other operating systems, may allow local users to gain privileges.

This issue was fixed in the following products: - Red Hat Linux 6.2 - RHSA-2000:087 (2000-10-18) - Red Hat Linux 7.0 - RHSA-2000:087 (2000-10-18) - Red Hat Linux 7.0j - RHSA-2000:087 (2000-10-18) https://www.cve.org/CVERecord?id=CVE-2000-1214 https://nvd.nist.gov/vuln/detail/CVE-2000-1214 Important 2000-01-08T00:00:00 security flaw

The line printer daemon (lpd) in the lpr package in multiple Linux operating systems allows local users to gain root privileges by causing sendmail to execute with arbitrary command line arguments, as demonstrated using the -C option to specify a configuration file.

https://www.cve.org/CVERecord?id=CVE-2000-1220 https://nvd.nist.gov/vuln/detail/CVE-2000-1220 Important 2000-01-08T00:00:00 security flaw

The line printer daemon (lpd) in the lpr package in multiple Linux operating systems authenticates by comparing the reverse-resolved hostname of the local machine to the hostname of the print server as returned by gethostname, which allows remote attackers to bypass intended access controls by modifying the DNS for the attacking IP.

https://www.cve.org/CVERecord?id=CVE-2000-1221 https://nvd.nist.gov/vuln/detail/CVE-2000-1221 Moderate 2000-06-01T00:00:00 openssl: Mishandling C bitwise-shift operations making easier to bypass protection mechanisms 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N

crypto/rsa/rsa_gen.c in OpenSSL before 0.9.6 mishandles C bitwise-shift operations that exceed the size of an expression, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging improper RSA key generation on 64-bit HP-UX platforms.

Red Hat Enterprise Linux 5 Not affected openssl Red Hat Enterprise Linux 5 Not affected openssl097a Red Hat Enterprise Linux 6 Not affected openssl Red Hat Enterprise Linux 6 Not affected openssl098e Red Hat Enterprise Linux 7 Not affected openssl Red Hat Enterprise Linux 7 Not affected openssl098e Red Hat JBoss Enterprise Application Platform 6 Not affected openssl Red Hat JBoss Enterprise Web Server 1 Not affected openssl Red Hat JBoss Enterprise Web Server 2 Not affected openssl Red Hat JBoss Enterprise Web Server 3 Not affected openssl https://www.cve.org/CVERecord?id=CVE-2000-1254 https://nvd.nist.gov/vuln/detail/CVE-2000-1254 2001-01-29T00:00:00 security flaw

Buffer overflow in transaction signature (TSIG) handling code in BIND 8 allows remote attackers to gain root privileges.

Red Hat Linux 5.2 2001-01-29T00:00:00 RHSA-2001:007 Red Hat Linux 6.2 2001-01-29T00:00:00 RHSA-2001:007 Red Hat Linux 7.0 2001-01-29T00:00:00 RHSA-2001:007 https://www.cve.org/CVERecord?id=CVE-2001-0010 https://nvd.nist.gov/vuln/detail/CVE-2001-0010 2001-01-29T00:00:00 security flaw

Buffer overflow in nslookupComplain function in BIND 4 allows remote attackers to gain root privileges.

Red Hat Linux 5.2 2001-01-29T00:00:00 RHSA-2001:007 Red Hat Linux 6.2 2001-01-29T00:00:00 RHSA-2001:007 Red Hat Linux 7.0 2001-01-29T00:00:00 RHSA-2001:007 https://www.cve.org/CVERecord?id=CVE-2001-0011 https://nvd.nist.gov/vuln/detail/CVE-2001-0011 2001-01-29T00:00:00 security flaw

BIND 4 and BIND 8 allow remote attackers to access sensitive information such as environment variables.

Red Hat Linux 5.2 2001-01-29T00:00:00 RHSA-2001:007 Red Hat Linux 6.2 2001-01-29T00:00:00 RHSA-2001:007 Red Hat Linux 7.0 2001-01-29T00:00:00 RHSA-2001:007 https://www.cve.org/CVERecord?id=CVE-2001-0012 https://nvd.nist.gov/vuln/detail/CVE-2001-0012 2001-01-29T00:00:00 security flaw

Format string vulnerability in nslookupComplain function in BIND 4 allows remote attackers to gain root privileges.

Red Hat Linux 5.2 2001-01-29T00:00:00 RHSA-2001:007 Red Hat Linux 6.2 2001-01-29T00:00:00 RHSA-2001:007 Red Hat Linux 7.0 2001-01-29T00:00:00 RHSA-2001:007 https://www.cve.org/CVERecord?id=CVE-2001-0013 https://nvd.nist.gov/vuln/detail/CVE-2001-0013 2000-12-11T00:00:00 security flaw

rp-pppoe PPPoE client allows remote attackers to cause a denial of service via the Clamp MSS option and a TCP packet with a zero-length TCP option.

This issue was fixed in the following product: - Red Hat Linux 7.0 - RHSA-2000:130 (2000-12-19) https://www.cve.org/CVERecord?id=CVE-2001-0026 https://nvd.nist.gov/vuln/detail/CVE-2001-0026 2000-12-08T00:00:00 security flaw

KTH Kerberos IV allows local users to overwrite arbitrary files via a symlink attack on a ticket file.

Red Hat Linux 6.2 2001-03-08T00:00:00 RHSA-2001:025 Red Hat Linux 7.0 2001-03-08T00:00:00 RHSA-2001:025 https://www.cve.org/CVERecord?id=CVE-2001-0036 https://nvd.nist.gov/vuln/detail/CVE-2001-0036 2000-12-07T00:00:00 security flaw

Buffer overflow in BitchX IRC client allows remote attackers to cause a denial of service and possibly execute arbitrary commands via an IP address that resolves to a long DNS hostname or domain name.

This issue was fixed in the following products: - Red Hat Powertools 6.0 - RHSA-2000:126 (2000-12-19) - Red Hat Powertools 6.1 - RHSA-2000:126 (2000-12-19) - Red Hat Powertools 6.2 - RHSA-2000:126 (2000-12-19) - Red Hat Powertools 7.0 - RHSA-2000:126 (2000-12-19) https://www.cve.org/CVERecord?id=CVE-2001-0050 https://nvd.nist.gov/vuln/detail/CVE-2001-0050 2000-12-18T00:00:00 security flaw

Format string vulnerability in stunnel 3.8 and earlier allows attackers to execute arbitrary commands via a malformed ident username.

Red Hat Linux 7.0 2000-12-19T00:00:00 RHSA-2000:129 https://www.cve.org/CVERecord?id=CVE-2001-0060 https://nvd.nist.gov/vuln/detail/CVE-2001-0060 2000-11-26T00:00:00 security flaw

Secure Locate (slocate) allows local users to corrupt memory via a malformed database file that specifies an offset value that accesses memory outside of the intended buffer.

Red Hat Linux 6.0 2000-12-19T00:00:00 RHSA-2000:128 Red Hat Linux 6.1 2000-12-19T00:00:00 RHSA-2000:128 Red Hat Linux 6.2 2000-12-19T00:00:00 RHSA-2000:128 Red Hat Linux 7.0 2000-12-19T00:00:00 RHSA-2000:128 https://www.cve.org/CVERecord?id=CVE-2001-0066 https://nvd.nist.gov/vuln/detail/CVE-2001-0066 2000-12-19T00:00:00 security flaw

gpg (aka GnuPG) 1.0.4 and other versions does not properly verify detached signatures, which allows attackers to modify the contents of a file without detection.

Red Hat Linux 6.2 2000-12-19T00:00:00 RHSA-2000:131 Red Hat Linux 7.0 2000-12-19T00:00:00 RHSA-2000:131 https://www.cve.org/CVERecord?id=CVE-2001-0071 https://nvd.nist.gov/vuln/detail/CVE-2001-0071 2000-12-19T00:00:00 security flaw

gpg (aka GnuPG) 1.0.4 and other versions imports both public and private keys from public key servers without notifying the user about the private keys, which could allow an attacker to break the web of trust.

Red Hat Linux 6.2 2000-12-19T00:00:00 RHSA-2000:131 Red Hat Linux 7.0 2000-12-19T00:00:00 RHSA-2000:131 https://www.cve.org/CVERecord?id=CVE-2001-0072 https://nvd.nist.gov/vuln/detail/CVE-2001-0072 2000-12-27T00:00:00 security flaw

Vulnerability in fetchmail 5.5.0-2 and earlier in the AUTHENTICATE GSSAPI command.

https://www.cve.org/CVERecord?id=CVE-2001-0101 https://nvd.nist.gov/vuln/detail/CVE-2001-0101 2001-01-12T00:00:00 security flaw

PHP Apache module 4.0.4 and earlier allows remote attackers to bypass .htaccess access restrictions via a malformed HTTP request on an unrestricted page that causes PHP to use those access controls on the next page that is requested.

Red Hat Linux 5.2 2000-12-20T00:00:00 RHSA-2000:136 Red Hat Linux 6.0 2000-12-20T00:00:00 RHSA-2000:136 Red Hat Linux 6.1 2000-12-20T00:00:00 RHSA-2000:136 Red Hat Linux 6.2 2000-12-20T00:00:00 RHSA-2000:136 Red Hat Linux 7.0 2000-12-20T00:00:00 RHSA-2000:136 https://www.cve.org/CVERecord?id=CVE-2001-0108 https://nvd.nist.gov/vuln/detail/CVE-2001-0108 Low 2001-01-10T00:00:00 security flaw

sdiff 2.7 in the diffutils package allows local users to overwrite files via a symlink attack.

Red Hat Linux 5.2 2001-10-19T00:00:00 RHSA-2001:116 Red Hat Linux 6.2 2001-10-19T00:00:00 RHSA-2001:116 Red Hat Linux 7.0 2001-10-19T00:00:00 RHSA-2001:116 Red Hat Linux 7.1 2001-10-19T00:00:00 RHSA-2001:116 https://www.cve.org/CVERecord?id=CVE-2001-0117 https://nvd.nist.gov/vuln/detail/CVE-2001-0117 2000-12-16T00:00:00 security flaw

Zope before 2.2.4 does not properly compute local roles, which could allow users to bypass specified access restrictions and gain privileges.

Red Hat Powertools 6.1 2000-12-18T00:00:00 RHSA-2000:127 Red Hat Powertools 6.2 2000-12-18T00:00:00 RHSA-2000:127 Red Hat Powertools 7.0 2000-12-18T00:00:00 RHSA-2000:127 https://www.cve.org/CVERecord?id=CVE-2001-0128 https://nvd.nist.gov/vuln/detail/CVE-2001-0128 Low 2001-01-10T00:00:00 httpd: allows local users to overwrite arbitrary files via a symlink attack 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N CWE-59

htpasswd and htdigest in Apache 2.0a9, 1.3.14, and others allows local users to overwrite arbitrary files via a symlink attack.

A flaw was found in Apache httpd. Both htpasswd and htdigest allow local users to overwrite arbitrary files via a symlink attack. The highest threat from this vulnerability is to data integrity.

All versions of httpd package shipped with Red Hat Products, uses APR's safe temp file creation and therefore they are not affected by this flaw Red Hat Enterprise Linux 5 Not affected httpd Red Hat Enterprise Linux 6 Not affected httpd Red Hat Enterprise Linux 7 Not affected httpd Red Hat Enterprise Linux 8 Not affected httpd:2.4/httpd Red Hat JBoss Core Services Not affected httpd Red Hat JBoss Enterprise Web Server 2 Out of support scope httpd Red Hat JBoss Enterprise Web Server 2 Out of support scope httpd22 Red Hat Software Collections Not affected httpd24-httpd https://www.cve.org/CVERecord?id=CVE-2001-0131 https://nvd.nist.gov/vuln/detail/CVE-2001-0131 2001-01-10T00:00:00 security flaw

mgetty 1.1.22 allows local users to overwrite arbitrary files via a symlink attack in some configurations.

Red Hat Linux 5.2 2001-04-16T00:00:00 RHSA-2001:050 Red Hat Linux 6.2 2001-04-16T00:00:00 RHSA-2001:050 Red Hat Linux 7.0 2001-04-16T00:00:00 RHSA-2001:050 Red Hat Linux 7.1 2001-04-16T00:00:00 RHSA-2001:050 https://www.cve.org/CVERecord?id=CVE-2001-0141 https://nvd.nist.gov/vuln/detail/CVE-2001-0141 2001-01-16T00:00:00 security flaw

When using the LD_PRELOAD environmental variable in SUID or SGID applications, glibc does not verify that preloaded libraries in /etc/ld.so.cache are also SUID/SGID, which could allow a local user to overwrite arbitrary files by loading a library from /lib or /usr/lib.

Red Hat Linux 6.0 2001-01-15T00:00:00 RHSA-2001:002 Red Hat Linux 6.1 2001-01-15T00:00:00 RHSA-2001:002 Red Hat Linux 6.2 2001-01-15T00:00:00 RHSA-2001:002 https://www.cve.org/CVERecord?id=CVE-2001-0169 https://nvd.nist.gov/vuln/detail/CVE-2001-0169 2001-01-10T00:00:00 security flaw

glibc 2.1.9x and earlier does not properly clear the RESOLV_HOST_CONF, HOSTALIASES, or RES_OPTIONS environmental variables when executing setuid/setgid programs, which could allow local users to read arbitrary files.

Red Hat Linux 7.0 2001-01-11T00:00:00 RHSA-2001:001 https://www.cve.org/CVERecord?id=CVE-2001-0170 https://nvd.nist.gov/vuln/detail/CVE-2001-0170

Format string vulnerability in wu-ftp 2.6.1 and earlier, when running with debug mode enabled, allows remote attackers to execute arbitrary commands via a malformed argument that is recorded in a PASV port assignment.

Red Hat Enterprise Linux 2.1 ships with wu-ftp version 2.6.2 which is not vulnerable to this issue. https://www.cve.org/CVERecord?id=CVE-2001-0187 https://nvd.nist.gov/vuln/detail/CVE-2001-0187 2001-02-02T00:00:00 security flaw

gnuserv before 3.12, as shipped with XEmacs, does not properly check the specified length of an X Windows MIT-MAGIC-COOKIE cookie, which allows remote attackers to execute arbitrary commands via a buffer overflow, or brute force authentication by using a short cookie length.

Red Hat Linux 7.0 2001-02-02T00:00:00 RHSA-2001:010 Red Hat Powertools 6.2 2001-02-02T00:00:00 RHSA-2001:011 https://www.cve.org/CVERecord?id=CVE-2001-0191 https://nvd.nist.gov/vuln/detail/CVE-2001-0191 2001-01-21T00:00:00 security flaw

Format string vulnerability in print_client in icecast 1.3.8beta2 and earlier allows remote attackers to execute arbitrary commands.

Red Hat Powertools 6.2 2001-01-23T00:00:00 RHSA-2001:004 Red Hat Powertools 7.0 2001-01-23T00:00:00 RHSA-2001:004 https://www.cve.org/CVERecord?id=CVE-2001-0197 https://nvd.nist.gov/vuln/detail/CVE-2001-0197 2001-01-18T00:00:00 security flaw

Buffer overflow in micq client 0.4.6 and earlier allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long Description field.

Red Hat Powertools 6.2 2001-01-25T00:00:00 RHSA-2001:005 Red Hat Powertools 7.0 2001-01-25T00:00:00 RHSA-2001:005 https://www.cve.org/CVERecord?id=CVE-2001-0233 https://nvd.nist.gov/vuln/detail/CVE-2001-0233 2001-02-22T00:00:00 security flaw

Buffer overflow in sudo earlier than 1.6.3p6 allows local users to gain root privileges.

Red Hat Linux 7.0 2001-02-23T00:00:00 RHSA-2001:018 Red Hat Powertools 6.2 2001-02-23T00:00:00 RHSA-2001:019 https://www.cve.org/CVERecord?id=CVE-2001-0279 https://nvd.nist.gov/vuln/detail/CVE-2001-0279 2001-02-28T00:00:00 security flaw

Joe text editor 2.8 searches the current working directory (CWD) for the .joerc configuration file, which could allow local users to gain privileges of other users by placing a Trojan Horse .joerc file into a directory, then waiting for users to execute joe from that directory.

Red Hat Linux 5.2 2001-02-28T00:00:00 RHSA-2001:024 Red Hat Linux 6.2 2001-02-28T00:00:00 RHSA-2001:024 Red Hat Linux 7.0 2001-02-28T00:00:00 RHSA-2001:024 https://www.cve.org/CVERecord?id=CVE-2001-0289 https://nvd.nist.gov/vuln/detail/CVE-2001-0289 2001-02-13T00:00:00 security flaw

Buffer overflow in Analog before 4.16 allows remote attackers to execute arbitrary commands by using the ALIAS command to construct large strings.

Red Hat Secure Web Server 2.0 2001-02-23T00:00:00 RHSA-2001:017 https://www.cve.org/CVERecord?id=CVE-2001-0301 https://nvd.nist.gov/vuln/detail/CVE-2001-0301 2001-01-30T00:00:00 security flaw

inetd in Red Hat 6.2 does not properly close sockets for internal services such as chargen, daytime, echo, etc., which allows remote attackers to cause a denial of service via a series of connections to the internal services.

Red Hat Linux 6.2 2001-01-29T00:00:00 RHSA-2001:006 https://www.cve.org/CVERecord?id=CVE-2001-0309 https://nvd.nist.gov/vuln/detail/CVE-2001-0309 2001-02-08T00:00:00 security flaw

Linux kernel 2.4 and 2.2 allows local users to read kernel memory and possibly gain privileges via a negative argument to the sysctl call.

Red Hat Linux 6.2 2001-02-08T00:00:00 RHSA-2001:013 Red Hat Linux 7.0 2001-02-08T00:00:00 RHSA-2001:013 https://www.cve.org/CVERecord?id=CVE-2001-0316 https://nvd.nist.gov/vuln/detail/CVE-2001-0316 2001-02-08T00:00:00 security flaw

Race condition in ptrace in Linux kernel 2.4 and 2.2 allows local users to gain privileges by using ptrace to track and modify a running setuid process.

Red Hat Linux 6.2 2001-02-08T00:00:00 RHSA-2001:013 Red Hat Linux 7.0 2001-02-08T00:00:00 RHSA-2001:013 https://www.cve.org/CVERecord?id=CVE-2001-0317 https://nvd.nist.gov/vuln/detail/CVE-2001-0317 Low 2001-05-01T00:00:00 kernel: TCP connection ISN hijacks 2.6 AV:N/AC:H/Au:N/C:N/I:P/A:N

TCP implementations that use random increments for initial sequence numbers (ISN) can allow remote attackers to perform session hijacking or disruption by injecting a flood of packets with a range of ISN values, one of which may match the expected ISN.

This issue did NOT affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG 2. Red Hat Enterprise Linux 5 Not affected kernel Red Hat Enterprise Linux 6 Not affected kernel Red Hat Enterprise MRG 2 Not affected kernel-rt https://www.cve.org/CVERecord?id=CVE-2001-0328 https://nvd.nist.gov/vuln/detail/CVE-2001-0328 2001-03-19T00:00:00 security flaw

The OpenPGP PGP standard allows an attacker to determine the private signature key via a cryptanalytic attack in which the attacker alters the encrypted private key file and captures a single message signed with the signature key.

Red Hat Linux 6.2 2001-05-17T00:00:00 RHSA-2001:063 Red Hat Linux 7.0 2001-05-17T00:00:00 RHSA-2001:063 Red Hat Linux 7.1 2001-05-17T00:00:00 RHSA-2001:063 https://www.cve.org/CVERecord?id=CVE-2001-0381 https://nvd.nist.gov/vuln/detail/CVE-2001-0381 Important 2001-04-16T00:00:00 security flaw

ip_conntrack_ftp in the IPTables firewall for Linux 2.4 allows remote attackers to bypass access restrictions for an FTP server via a PORT command that lists an arbitrary IP address and port number, which is added to the RELATED table and allowed by the firewall.

Red Hat Linux 7.1 2001-06-22T00:00:00 RHSA-2001:084 https://www.cve.org/CVERecord?id=CVE-2001-0405 https://nvd.nist.gov/vuln/detail/CVE-2001-0405 2001-04-17T00:00:00 security flaw

Samba before 2.2.0 allows local attackers to overwrite arbitrary files via a symlink attack using (1) a printer queue query, (2) the more command in smbclient, or (3) the mput command in smbclient.

Red Hat Linux 5.2 2001-05-15T00:00:00 RHSA-2001:044 Red Hat Linux 6.2 2001-05-15T00:00:00 RHSA-2001:044 Red Hat Linux 7.0 2001-05-15T00:00:00 RHSA-2001:044 Red Hat Linux 7.1 2001-05-15T00:00:00 RHSA-2001:044 https://www.cve.org/CVERecord?id=CVE-2001-0406 https://nvd.nist.gov/vuln/detail/CVE-2001-0406 2001-03-26T00:00:00 security flaw

vim (aka gvim) processes VIM control codes that are embedded in a file, which could allow attackers to execute arbitrary commands when another user opens a file containing malicious VIM control codes.

Red Hat Linux 5.2 2001-07-10T00:00:00 RHSA-2001:008 Red Hat Linux 6.2 2001-07-10T00:00:00 RHSA-2001:008 Red Hat Linux 7.0 2001-07-10T00:00:00 RHSA-2001:008 https://www.cve.org/CVERecord?id=CVE-2001-0408 https://nvd.nist.gov/vuln/detail/CVE-2001-0408 2001-04-04T00:00:00 ntpd security hole

Buffer overflow in ntpd ntp daemon 4.0.99k and earlier (aka xntpd and xntp3) allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long readvar argument.

Red Hat Linux 5.2 2001-04-05T00:00:00 RHSA-2001:045 Red Hat Linux 6.2 2001-04-05T00:00:00 RHSA-2001:045 Red Hat Linux 7.0 2001-04-05T00:00:00 RHSA-2001:045 https://www.cve.org/CVERecord?id=CVE-2001-0414 https://nvd.nist.gov/vuln/detail/CVE-2001-0414 2001-03-08T00:00:00 security flaw

sgml-tools (aka sgmltools) before 1.0.9-15 creates temporary files with insecure permissions, which allows other users to read files that are being processed by sgml-tools.

Red Hat Linux 5.2 2001-03-09T00:00:00 RHSA-2001:027 Red Hat Linux 6.2 2001-03-09T00:00:00 RHSA-2001:027 Red Hat Linux 7.0 2001-03-09T00:00:00 RHSA-2001:027 https://www.cve.org/CVERecord?id=CVE-2001-0416 https://nvd.nist.gov/vuln/detail/CVE-2001-0416 2001-03-07T00:00:00 security flaw

Kerberos 4 (aka krb4) allows local users to overwrite arbitrary files via a symlink attack on new ticket files.

https://www.cve.org/CVERecord?id=CVE-2001-0417 https://nvd.nist.gov/vuln/detail/CVE-2001-0417 2001-04-20T00:00:00 security flaw

licq before 1.0.3 allows remote attackers to execute arbitrary commands via shell metacharacters in a URL.

Red Hat Linux 7.0 2001-02-28T00:00:00 RHSA-2001:022 Red Hat Powertools 6.2 2001-02-28T00:00:00 RHSA-2001:023 https://www.cve.org/CVERecord?id=CVE-2001-0439 https://nvd.nist.gov/vuln/detail/CVE-2001-0439 2001-04-20T00:00:00 security flaw

Buffer overflow in logging functions of licq before 1.0.3 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands.

Red Hat Linux 7.0 2001-02-28T00:00:00 RHSA-2001:022 Red Hat Powertools 6.2 2001-02-28T00:00:00 RHSA-2001:023 https://www.cve.org/CVERecord?id=CVE-2001-0440 https://nvd.nist.gov/vuln/detail/CVE-2001-0440 2001-03-09T00:00:00 security flaw

Buffer overflow in (1) wrapping and (2) unwrapping functions of slrn news reader before 0.9.7.0 allows remote attackers to execute arbitrary commands via a long message header.

Red Hat Linux 6.2 2001-03-09T00:00:00 RHSA-2001:028 Red Hat Linux 7.0 2001-03-09T00:00:00 RHSA-2001:028 https://www.cve.org/CVERecord?id=CVE-2001-0441 https://nvd.nist.gov/vuln/detail/CVE-2001-0441 2001-03-09T00:00:00 security flaw

Format string vulnerability in Mutt before 1.2.5 allows a remote malicious IMAP server to execute arbitrary commands.

Red Hat Linux 5.2 2001-03-09T00:00:00 RHSA-2001:029 Red Hat Linux 6.2 2001-03-09T00:00:00 RHSA-2001:029 Red Hat Linux 7.0 2001-03-09T00:00:00 RHSA-2001:029 https://www.cve.org/CVERecord?id=CVE-2001-0473 https://nvd.nist.gov/vuln/detail/CVE-2001-0473 2001-04-17T00:00:00 security flaw

Format string vulnerability in gftp prior to 2.0.8 allows remote malicious FTP servers to execute arbitrary commands.

Red Hat Linux 6.2 2001-04-25T00:00:00 RHSA-2001:053 Red Hat Linux 7.0 2001-04-25T00:00:00 RHSA-2001:053 Red Hat Linux 7.1 2001-04-25T00:00:00 RHSA-2001:053 https://www.cve.org/CVERecord?id=CVE-2001-0489 https://nvd.nist.gov/vuln/detail/CVE-2001-0489 2001-04-30T00:00:00 security flaw

kdesu in kdelibs package creates world readable temporary files containing authentication info, which can allow local users to gain privileges.

Red Hat Linux 7.1 2001-04-30T00:00:00 RHSA-2001:059 https://www.cve.org/CVERecord?id=CVE-2001-0496 https://nvd.nist.gov/vuln/detail/CVE-2001-0496

SNMP service in Atmel 802.11b VNET-B Access Point 1.3 and earlier, as used in Netgear ME102 and Linksys WAP11, accepts arbitrary community strings with requested MIB modifications, which allows remote attackers to obtain sensitive information such as WEP keys, cause a denial of service, or gain access to the network.

Not vulnerable. This issue did not affect the version of atmel-firmware as shipped with Red Hat Enterprise Linux 6 as it did not implement the SNMP protocol support. https://www.cve.org/CVERecord?id=CVE-2001-0514 https://nvd.nist.gov/vuln/detail/CVE-2001-0514 2001-05-29T00:00:00 security flaw

Format string vulnerability in Gnu Privacy Guard (aka GnuPG or gpg) 1.05 and earlier can allow an attacker to gain privileges via format strings in the original filename that is stored in an encrypted file.

Red Hat Linux 6.2 2001-06-07T00:00:00 RHSA-2001:073 Red Hat Linux 7.0 2001-06-07T00:00:00 RHSA-2001:073 Red Hat Linux 7.1 2001-06-07T00:00:00 RHSA-2001:073 https://www.cve.org/CVERecord?id=CVE-2001-0522 https://nvd.nist.gov/vuln/detail/CVE-2001-0522 Critical 2001-04-30T00:00:00 security flaw

wu-ftpd 2.6.1 allows remote attackers to execute arbitrary commands via a "~{" argument to commands such as CWD, which is not properly handled by the glob function (ftpglob).

Red Hat Linux 6.2 2001-11-27T00:00:00 RHSA-2001:157 Red Hat Linux 7.0 2001-11-27T00:00:00 RHSA-2001:157 Red Hat Linux 7.1 2001-11-27T00:00:00 RHSA-2001:157 Red Hat Linux 7.2 2001-11-27T00:00:00 RHSA-2001:157 https://www.cve.org/CVERecord?id=CVE-2001-0550 https://nvd.nist.gov/vuln/detail/CVE-2001-0550 Critical 2001-07-18T00:00:00 security flaw

Buffer overflow in BSD-based telnetd telnet daemon on various operating systems allows remote attackers to execute arbitrary commands via a set of options including AYT (Are You There), which is not properly handled by the telrcv function.

Red Hat Linux 5.2 2001-08-09T00:00:00 RHSA-2001:099 Red Hat Linux 6.2 2001-08-09T00:00:00 RHSA-2001:099 Red Hat Linux 6.2 2001-08-09T00:00:00 RHSA-2001:100 Red Hat Linux 7.0 2001-08-09T00:00:00 RHSA-2001:099 Red Hat Linux 7.0 2001-08-09T00:00:00 RHSA-2001:100 Red Hat Linux 7.1 2001-08-09T00:00:00 RHSA-2001:099 Red Hat Linux 7.1 2001-08-09T00:00:00 RHSA-2001:100 https://www.cve.org/CVERecord?id=CVE-2001-0554 https://nvd.nist.gov/vuln/detail/CVE-2001-0554 2001-03-01T00:00:00 security flaw

The Nirvana Editor (NEdit) 5.1.1 and earlier allows a local attacker to overwrite other users' files via a symlink attack on (1) backup files or (2) temporary files used when nedit prints a file or portions of a file.

Red Hat Powertools 6.2 2001-05-08T00:00:00 RHSA-2001:061 Red Hat Powertools 7.0 2001-05-08T00:00:00 RHSA-2001:061 Red Hat Powertools 7.1 2001-05-08T00:00:00 RHSA-2001:061 https://www.cve.org/CVERecord?id=CVE-2001-0556 https://nvd.nist.gov/vuln/detail/CVE-2001-0556 2001-02-10T00:00:00 security flaw

Buffer overflow in Vixie cron 3.0.1-56 and earlier could allow a local attacker to gain additional privileges via a long username (> 20 characters).

Red Hat Linux 5.2 2001-02-12T00:00:00 RHSA-2001:014 Red Hat Linux 6.2 2001-02-12T00:00:00 RHSA-2001:014 Red Hat Linux 7.0 2001-02-12T00:00:00 RHSA-2001:014 https://www.cve.org/CVERecord?id=CVE-2001-0560 https://nvd.nist.gov/vuln/detail/CVE-2001-0560 2001-05-02T00:00:00 security flaw

Digital Creations Zope 2.3.2 and earlier allows a local attacker to gain additional privileges via the changing of ZClass permission mappings for objects and methods in the ZClass.

Red Hat Powertools 6.2 2001-05-14T00:00:00 RHSA-2001:065 Red Hat Powertools 7.0 2001-05-14T00:00:00 RHSA-2001:065 Red Hat Powertools 7.1 2001-05-14T00:00:00 RHSA-2001:065 https://www.cve.org/CVERecord?id=CVE-2001-0567 https://nvd.nist.gov/vuln/detail/CVE-2001-0567 2001-02-23T00:00:00 security flaw

Digital Creations Zope 2.3.1 b1 and earlier allows a local attacker (Zope user) with through-the-web scripting capabilities to alter ZClasses class attributes.

Red Hat Powertools 6.2 2001-02-24T00:00:00 RHSA-2001:021 Red Hat Powertools 7.0 2001-02-24T00:00:00 RHSA-2001:021 https://www.cve.org/CVERecord?id=CVE-2001-0568 https://nvd.nist.gov/vuln/detail/CVE-2001-0568 2001-02-23T00:00:00 security flaw

Digital Creations Zope 2.3.1 b1 and earlier contains a problem in the method return values related to the classes (1) ObjectManager, (2) PropertyManager, and (3) PropertySheet.

Red Hat Powertools 6.2 2001-02-24T00:00:00 RHSA-2001:021 Red Hat Powertools 7.0 2001-02-24T00:00:00 RHSA-2001:021 https://www.cve.org/CVERecord?id=CVE-2001-0569 https://nvd.nist.gov/vuln/detail/CVE-2001-0569 2001-05-03T00:00:00 security flaw

minicom 1.83.1 and earlier allows a local attacker to gain additional privileges via numerous format string attacks.

Red Hat Linux 5.2 2001-05-10T00:00:00 RHSA-2001:067 Red Hat Linux 6.2 2001-05-10T00:00:00 RHSA-2001:067 Red Hat Linux 7.0 2001-05-10T00:00:00 RHSA-2001:067 Red Hat Linux 7.1 2001-05-10T00:00:00 RHSA-2001:067 https://www.cve.org/CVERecord?id=CVE-2001-0570 https://nvd.nist.gov/vuln/detail/CVE-2001-0570 2001-03-18T00:00:00 security flaw

The SSH protocols 1 and 2 (aka SSH-2) as implemented in OpenSSH and other packages have various weaknesses which can allow a remote attacker to obtain the following information via sniffing: (1) password lengths or ranges of lengths, which simplifies brute force password guessing, (2) whether RSA or DSA authentication is being used, (3) the number of authorized_keys in RSA authentication, or (4) the lengths of shell commands.

Red Hat Linux 7.0 2001-03-23T00:00:00 RHSA-2001:033 https://www.cve.org/CVERecord?id=CVE-2001-0572 https://nvd.nist.gov/vuln/detail/CVE-2001-0572 2001-04-09T00:00:00 security flaw

Netscape Communicator before 4.77 allows remote attackers to execute arbitrary Javascript via a GIF image whose comment contains the Javascript.

Red Hat Linux 6.2 2001-04-09T00:00:00 RHSA-2001:046 Red Hat Linux 7.0 2001-04-09T00:00:00 RHSA-2001:046 Red Hat Linux 7.1 2001-04-09T00:00:00 RHSA-2001:046 https://www.cve.org/CVERecord?id=CVE-2001-0596 https://nvd.nist.gov/vuln/detail/CVE-2001-0596 Important 2001-05-02T00:00:00 security flaw

Red Hat Linux 7.1 sets insecure permissions on swap files created during installation, which can allow a local attacker to gain additional privileges by reading sensitive information from the swap file, such as passwords.

Red Hat Linux 7.1 2001-05-02T00:00:00 RHSA-2001:058 https://www.cve.org/CVERecord?id=CVE-2001-0635 https://nvd.nist.gov/vuln/detail/CVE-2001-0635 2001-05-13T00:00:00 security flaw

Buffer overflow in man program in various distributions of Linux allows local user to execute arbitrary code as group man via a long -S option.

Red Hat Linux 5.2 2001-05-21T00:00:00 RHSA-2001:069 Red Hat Linux 6.2 2001-05-21T00:00:00 RHSA-2001:069 Red Hat Linux 7.0 2001-05-21T00:00:00 RHSA-2001:069 https://www.cve.org/CVERecord?id=CVE-2001-0641 https://nvd.nist.gov/vuln/detail/CVE-2001-0641 2001-08-21T00:00:00 security flaw

Sendmail 8.10.0 through 8.11.5, and 8.12.0 beta, allows local users to modify process memory and possibly gain privileges via a large value in the 'category' part of debugger (-d) command line arguments, which is interpreted as a negative number.

Red Hat Linux 5.2 2001-09-13T00:00:00 RHSA-2001:106 Red Hat Linux 6.2 2001-09-13T00:00:00 RHSA-2001:106 Red Hat Linux 7.0 2001-09-13T00:00:00 RHSA-2001:106 Red Hat Linux 7.1 2001-09-13T00:00:00 RHSA-2001:106 https://www.cve.org/CVERecord?id=CVE-2001-0653 https://nvd.nist.gov/vuln/detail/CVE-2001-0653 2001-08-29T00:00:00 security flaw

Buffer overflow in BSD line printer daemon (in.lpd or lpd) in various BSD-based operating systems allows remote attackers to execute arbitrary code via an incomplete print job followed by a request to display the printer queue.

Red Hat Linux 6.2 2001-11-02T00:00:00 RHSA-2001:147 https://www.cve.org/CVERecord?id=CVE-2001-0670 https://nvd.nist.gov/vuln/detail/CVE-2001-0670 2001-06-06T00:00:00 security flaw

Format string vulnerability in exim (3.22-10 in Red Hat, 3.12 in Debian and 3.16 in Conectiva) in batched SMTP mode allows a remote attacker to execute arbitrary code via format strings in SMTP mail headers.

Red Hat Powertools 6.2 2001-06-26T00:00:00 RHSA-2001:078 Red Hat Powertools 7.0 2001-06-26T00:00:00 RHSA-2001:078 Red Hat Powertools 7.1 2001-06-26T00:00:00 RHSA-2001:078 https://www.cve.org/CVERecord?id=CVE-2001-0690 https://nvd.nist.gov/vuln/detail/CVE-2001-0690 2001-06-11T00:00:00 security flaw

Buffer overflows in Washington University imapd 2000a through 2000c could allow local users without shell access to execute code as themselves in certain configurations.

Red Hat Linux 5.2 2001-07-18T00:00:00 RHSA-2001:094 Red Hat Linux 6.2 2001-07-18T00:00:00 RHSA-2001:094 Red Hat Linux 7.0 2001-07-18T00:00:00 RHSA-2001:094 Red Hat Linux 7.1 2001-07-18T00:00:00 RHSA-2001:094 https://www.cve.org/CVERecord?id=CVE-2001-0691 https://nvd.nist.gov/vuln/detail/CVE-2001-0691 Moderate 2001-09-28T00:00:00 security flaw

split-logfile in Apache 1.3.20 allows remote attackers to overwrite arbitrary files that end in the .log extension via an HTTP request with a / (slash) in the Host: header.

Red Hat Linux 6.2 2001-12-04T00:00:00 RHSA-2001:126 Red Hat Linux 7.0 2001-12-04T00:00:00 RHSA-2001:126 Red Hat Linux 7.1 2001-12-04T00:00:00 RHSA-2001:126 Red Hat Linux 7.2 2001-12-04T00:00:00 RHSA-2001:126 Red Hat Secure Web Server 3.2 2002-07-01T00:00:00 RHSA-2001:164 https://www.cve.org/CVERecord?id=CVE-2001-0730 https://nvd.nist.gov/vuln/detail/CVE-2001-0730 Important 2001-07-09T00:00:00 security flaw

Apache 1.3.20 with Multiviews enabled allows remote attackers to view directory contents and bypass the index page via a URL containing the "M=D" query string.

Red Hat Linux 6.2 2001-12-04T00:00:00 RHSA-2001:126 Red Hat Linux 7.0 2001-12-04T00:00:00 RHSA-2001:126 Red Hat Linux 7.1 2001-12-04T00:00:00 RHSA-2001:126 Red Hat Linux 7.2 2001-12-04T00:00:00 RHSA-2001:126 Red Hat Secure Web Server 3.2 2002-07-01T00:00:00 RHSA-2001:164 https://www.cve.org/CVERecord?id=CVE-2001-0731 https://nvd.nist.gov/vuln/detail/CVE-2001-0731 2001-03-31T00:00:00 security flaw

Vulnerability in (1) pine before 4.33 and (2) the pico editor, included with pine, allows local users local users to overwrite arbitrary files via a symlink attack.

Red Hat Linux 5.2 2001-03-31T00:00:00 RHSA-2001:042 Red Hat Linux 6.2 2001-03-31T00:00:00 RHSA-2001:042 Red Hat Linux 7.0 2001-03-31T00:00:00 RHSA-2001:042 https://www.cve.org/CVERecord?id=CVE-2001-0736 https://nvd.nist.gov/vuln/detail/CVE-2001-0736 2001-06-08T00:00:00 security flaw

Buffer overflow in Linux xinetd 2.1.8.9pre11-1 and earlier may allow remote attackers to execute arbitrary code via a long ident response, which is not properly handled by the svc_logprint function.

Red Hat Linux 7.0 2001-06-07T00:00:00 RHSA-2001:075 Red Hat Linux 7.1 2001-06-07T00:00:00 RHSA-2001:075 https://www.cve.org/CVERecord?id=CVE-2001-0763 https://nvd.nist.gov/vuln/detail/CVE-2001-0763 Important 2001-07-10T00:00:00 security flaw

Buffer overflow in xloadimage 4.1 (aka xli 1.16 and 1.17) in Linux allows remote attackers to execute arbitrary code via a FACES format image containing a long (1) Firstname or (2) Lastname field.

Red Hat Linux 6.2 2001-07-09T00:00:00 RHSA-2001:088 Red Hat Linux 7.0 2001-07-09T00:00:00 RHSA-2001:088 Red Hat Linux 7.1 2001-07-09T00:00:00 RHSA-2001:088 https://www.cve.org/CVERecord?id=CVE-2001-0775 https://nvd.nist.gov/vuln/detail/CVE-2001-0775 2001-06-26T00:00:00 security flaw

Directory traversal vulnerability in Icecast 1.3.10 and earlier allows remote attackers to read arbitrary files via a modified .. (dot dot) attack using encoded URL characters.

Red Hat Powertools 7.0 2002-04-25T00:00:00 RHSA-2002:063 Red Hat Powertools 7.1 2002-04-25T00:00:00 RHSA-2002:063 https://www.cve.org/CVERecord?id=CVE-2001-0784 https://nvd.nist.gov/vuln/detail/CVE-2001-0784 Important 2001-06-12T00:00:00 security flaw

LPRng in Red Hat Linux 7.0 and 7.1 does not properly drop memberships in supplemental groups when lowering privileges, which could allow a local user to elevate privileges.

Red Hat Linux 7.0 2001-06-12T00:00:00 RHSA-2001:077 Red Hat Linux 7.1 2001-06-12T00:00:00 RHSA-2001:077 https://www.cve.org/CVERecord?id=CVE-2001-0787 https://nvd.nist.gov/vuln/detail/CVE-2001-0787 2001-09-18T00:00:00 security flaw

OpenSSH before 2.9.9, when running sftp using sftp-server and using restricted keypairs, allows remote authenticated users to bypass authorized_keys2 command= restrictions using sftp commands.

Red Hat Linux 7.0 2001-11-30T00:00:00 RHSA-2001:154 Red Hat Linux 7.1 2001-11-30T00:00:00 RHSA-2001:154 Red Hat Linux 7.2 2001-11-30T00:00:00 RHSA-2001:154 https://www.cve.org/CVERecord?id=CVE-2001-0816 https://nvd.nist.gov/vuln/detail/CVE-2001-0816 2001-06-10T00:00:00 security flaw

A buffer overflow in Linux fetchmail before 5.8.6 allows remote attackers to execute arbitrary code via a large 'To:' field in an email header.

Red Hat Linux 5.2 2001-09-10T00:00:00 RHSA-2001:103 Red Hat Linux 6.2 2001-09-10T00:00:00 RHSA-2001:103 Red Hat Linux 7.0 2001-09-10T00:00:00 RHSA-2001:103 Red Hat Linux 7.1 2001-09-10T00:00:00 RHSA-2001:103 https://www.cve.org/CVERecord?id=CVE-2001-0819 https://nvd.nist.gov/vuln/detail/CVE-2001-0819 2001-07-02T00:00:00 security flaw

Buffer overflow in internal string handling routines of xinetd before 2.1.8.8 allows remote attackers to execute arbitrary commands via a length argument of zero or less, which disables the length check.

Red Hat Linux 7.0 2001-07-06T00:00:00 RHSA-2001:092 Red Hat Linux 7.1 2001-07-06T00:00:00 RHSA-2001:092 https://www.cve.org/CVERecord?id=CVE-2001-0825 https://nvd.nist.gov/vuln/detail/CVE-2001-0825 2001-10-07T00:00:00 security flaw

htsearch CGI program in htdig (ht://Dig) 3.1.5 and earlier allows remote attackers to use the -c option to specify an alternate configuration file, which could be used to (1) cause a denial of service (CPU consumption) by specifying a large file such as /dev/zero, or (2) read arbitrary files by uploading an alternate configuration file that specifies the target file.

Red Hat Linux 7.1 2001-11-08T00:00:00 RHSA-2001:139 Red Hat Linux 7.2 2001-11-08T00:00:00 RHSA-2001:139 https://www.cve.org/CVERecord?id=CVE-2001-0834 https://nvd.nist.gov/vuln/detail/CVE-2001-0834 2001-10-24T00:00:00 security flaw

Cross-site scripting vulnerability in Webalizer 2.01-06, and possibly other versions, allows remote attackers to inject arbitrary HTML tags by specifying them in (1) search keywords embedded in HTTP referrer information, or (2) host names that are retrieved via a reverse DNS lookup.

Red Hat Linux 7.2 2001-10-30T00:00:00 RHSA-2001:140 Red Hat Powertools 7.0 2001-10-30T00:00:00 RHSA-2001:141 Red Hat Powertools 7.1 2001-10-30T00:00:00 RHSA-2001:141 https://www.cve.org/CVERecord?id=CVE-2001-0835 https://nvd.nist.gov/vuln/detail/CVE-2001-0835 2001-09-21T00:00:00 security flaw

Squid proxy server 2.4 and earlier allows remote attackers to cause a denial of service (crash) via a mkdir-only FTP PUT request.

Red Hat Linux 6.2 2001-10-04T00:00:00 RHSA-2001:113 Red Hat Linux 7.0 2001-10-04T00:00:00 RHSA-2001:113 Red Hat Linux 7.1 2001-10-04T00:00:00 RHSA-2001:113 Red Hat Linux 7.2 2001-10-04T00:00:00 RHSA-2001:113 https://www.cve.org/CVERecord?id=CVE-2001-0843 https://nvd.nist.gov/vuln/detail/CVE-2001-0843 Important 2001-11-02T00:00:00 security flaw

Linux kernel 2.0, 2.2 and 2.4 with syncookies enabled allows remote attackers to bypass firewall rules by brute force guessing the cookie.

Red Hat Linux 6.2 2001-11-02T00:00:00 RHSA-2001:142 Red Hat Linux 7.0 2001-11-02T00:00:00 RHSA-2001:142 Red Hat Linux 7.1 2001-11-02T00:00:00 RHSA-2001:142 Red Hat Linux 7.2 2001-11-02T00:00:00 RHSA-2001:142 https://www.cve.org/CVERecord?id=CVE-2001-0851 https://nvd.nist.gov/vuln/detail/CVE-2001-0851 Important 2001-11-05T00:00:00 security flaw

TUX HTTP server 2.1.0-2 in Red Hat Linux allows remote attackers to cause a denial of service via a long Host: header.

Red Hat Linux 6.2 2001-11-02T00:00:00 RHSA-2001:142 Red Hat Linux 7.0 2001-11-02T00:00:00 RHSA-2001:142 Red Hat Linux 7.1 2001-11-02T00:00:00 RHSA-2001:142 Red Hat Linux 7.2 2001-11-02T00:00:00 RHSA-2001:142 https://www.cve.org/CVERecord?id=CVE-2001-0852 https://nvd.nist.gov/vuln/detail/CVE-2001-0852 2001-11-13T00:00:00 security flaw

2.4.3-12 kernel in Red Hat Linux 7.1 Korean installation program sets the setting default umask for init to 000, which installs files with world-writeable permissions.

Red Hat Linux 7.1k 2001-11-13T00:00:00 RHSA-2001:148 https://www.cve.org/CVERecord?id=CVE-2001-0859 https://nvd.nist.gov/vuln/detail/CVE-2001-0859 2001-11-02T00:00:00 security flaw

Format string vulnerability in the default logging callback function _sasl_syslog in common.c in Cyrus SASL library (cyrus-sasl) may allow remote attackers to execute arbitrary commands.

Red Hat Linux 7.0 2001-11-29T00:00:00 RHSA-2001:150 Red Hat Linux 7.1 2001-11-29T00:00:00 RHSA-2001:150 Red Hat Linux 7.2 2001-11-29T00:00:00 RHSA-2001:150 Red Hat Powertools 6.2 2001-11-29T00:00:00 RHSA-2001:151 https://www.cve.org/CVERecord?id=CVE-2001-0869 https://nvd.nist.gov/vuln/detail/CVE-2001-0869 2001-12-04T00:00:00 security flaw

OpenSSH 3.0.1 and earlier with UseLogin enabled does not properly cleanse critical environment variables such as LD_PRELOAD, which allows local users to gain root privileges.

Red Hat Linux 7.0 2001-12-05T00:00:00 RHSA-2001:161 Red Hat Linux 7.1 2001-12-05T00:00:00 RHSA-2001:161 Red Hat Linux 7.2 2001-12-05T00:00:00 RHSA-2001:161 https://www.cve.org/CVERecord?id=CVE-2001-0872 https://nvd.nist.gov/vuln/detail/CVE-2001-0872 2001-09-08T00:00:00 security flaw

uuxqt in Taylor UUCP package does not properly remove dangerous long options, which allows local users to gain privileges by calling uux and specifying an alternate configuration file with the --config option.

Red Hat Linux 6.2 2002-01-17T00:00:00 RHSA-2001:165 Red Hat Linux 7.0 2002-01-17T00:00:00 RHSA-2001:165 Red Hat Linux 7.1 2002-01-17T00:00:00 RHSA-2001:165 Red Hat Linux 7.2 2002-01-17T00:00:00 RHSA-2001:165 https://www.cve.org/CVERecord?id=CVE-2001-0873 https://nvd.nist.gov/vuln/detail/CVE-2001-0873 2001-11-28T00:00:00 security flaw

Cross-site scripting vulnerability in Mailman email archiver before 2.08 allows attackers to obtain sensitive information or authentication credentials via a malicious link that is accessed by other web users.

Red Hat Linux 7.2 2001-12-21T00:00:00 RHSA-2001:168 Red Hat Powertools 7.0 2001-12-21T00:00:00 RHSA-2001:169 Red Hat Powertools 7.1 2001-12-21T00:00:00 RHSA-2001:169 Red Hat Secure Web Server 3.2 2002-01-02T00:00:00 RHSA-2001:170 https://www.cve.org/CVERecord?id=CVE-2001-0884 https://nvd.nist.gov/vuln/detail/CVE-2001-0884 2001-12-14T00:00:00 security flaw

Buffer overflow in glob function of glibc allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a glob pattern that ends in a brace "{" character.

Red Hat Linux 6.2 2001-12-14T00:00:00 RHSA-2001:160 Red Hat Linux 7.0 2001-12-14T00:00:00 RHSA-2001:160 Red Hat Linux 7.1 2001-12-14T00:00:00 RHSA-2001:160 Red Hat Linux 7.2 2001-12-14T00:00:00 RHSA-2001:160 https://www.cve.org/CVERecord?id=CVE-2001-0886 https://nvd.nist.gov/vuln/detail/CVE-2001-0886 2001-12-17T00:00:00 security flaw

xSANE 0.81 and earlier allows local users to modify files of other xSANE users via a symlink attack on temporary files.

Red Hat Linux 7.0 2002-01-08T00:00:00 RHSA-2001:171 Red Hat Linux 7.1 2002-01-08T00:00:00 RHSA-2001:171 Red Hat Linux 7.2 2002-01-08T00:00:00 RHSA-2001:171 Red Hat Powertools 6.0 2002-01-08T00:00:00 RHSA-2001:172 Red Hat Powertools 6.1 2002-01-08T00:00:00 RHSA-2001:172 Red Hat Powertools 6.2 2002-01-08T00:00:00 RHSA-2001:172 https://www.cve.org/CVERecord?id=CVE-2001-0887 https://nvd.nist.gov/vuln/detail/CVE-2001-0887 2002-01-08T00:00:00 security flaw

Exim 3.22 and earlier, in some configurations, does not properly verify the local part of an address when redirecting the address to a pipe, which could allow remote attackers to execute arbitrary commands via shell metacharacters.

Red Hat Powertools 6.2 2002-01-08T00:00:00 RHSA-2001:176 Red Hat Powertools 7.0 2002-01-08T00:00:00 RHSA-2001:176 Red Hat Powertools 7.1 2002-01-08T00:00:00 RHSA-2001:176 https://www.cve.org/CVERecord?id=CVE-2001-0889 https://nvd.nist.gov/vuln/detail/CVE-2001-0889 2001-12-17T00:00:00 security flaw

Certain backend drivers in the SANE library 1.0.3 and earlier, as used in frontend software such as XSane, allows local users to modify files via a symlink attack on temporary files.

Red Hat Linux 7.0 2002-01-08T00:00:00 RHSA-2001:171 Red Hat Linux 7.1 2002-01-08T00:00:00 RHSA-2001:171 Red Hat Linux 7.2 2002-01-08T00:00:00 RHSA-2001:171 Red Hat Powertools 6.0 2002-01-08T00:00:00 RHSA-2001:172 Red Hat Powertools 6.1 2002-01-08T00:00:00 RHSA-2001:172 Red Hat Powertools 6.2 2002-01-08T00:00:00 RHSA-2001:172 https://www.cve.org/CVERecord?id=CVE-2001-0890 https://nvd.nist.gov/vuln/detail/CVE-2001-0890 2001-11-15T00:00:00 security flaw

Vulnerability in Postfix SMTP server before 20010228-pl07, when configured to email the postmaster when SMTP errors cause the session to terminate, allows remote attackers to cause a denial of service (memory exhaustion) by generating a large number of SMTP errors, which forces the SMTP session log to grow too large.

Red Hat Powertools 7.1 2001-11-27T00:00:00 RHSA-2001:156 https://www.cve.org/CVERecord?id=CVE-2001-0894 https://nvd.nist.gov/vuln/detail/CVE-2001-0894 2001-07-03T00:00:00 security flaw

Race condition in signal handling of procmail 3.20 and earlier, when running setuid, allows local users to cause a denial of service or gain root privileges by sending a signal while a signal handling routine is already running.

Red Hat Linux 5.2 2001-07-19T00:00:00 RHSA-2001:093 Red Hat Linux 6.2 2001-07-19T00:00:00 RHSA-2001:093 Red Hat Linux 7.0 2001-07-19T00:00:00 RHSA-2001:093 Red Hat Linux 7.1 2001-07-19T00:00:00 RHSA-2001:093 https://www.cve.org/CVERecord?id=CVE-2001-0905 https://nvd.nist.gov/vuln/detail/CVE-2001-0905 2001-06-22T00:00:00 security flaw

teTeX filter before 1.0.7 allows local users to gain privileges via a symlink attack on temporary files that are produced when printing .dvi files using lpr.

Red Hat Linux 5.2 2001-10-30T00:00:00 RHSA-2001:102 Red Hat Linux 6.2 2001-10-30T00:00:00 RHSA-2001:102 Red Hat Linux 7.0 2001-10-30T00:00:00 RHSA-2001:102 Red Hat Linux 7.0j 2001-10-30T00:00:00 RHSA-2001:102 Red Hat Linux 7.1 2001-10-30T00:00:00 RHSA-2001:102 https://www.cve.org/CVERecord?id=CVE-2001-0906 https://nvd.nist.gov/vuln/detail/CVE-2001-0906

Vulnerability in wu-ftpd 2.6.0, and possibly earlier versions, which is unrelated to the ftpglob bug described in CVE-2001-0550.

CVE-2001-0935 refers to vulnerabilities found when SUSE did a code audit of the wu-ftpd glob.c file in wu-ftpd 2.6.0. They shared these details with the wu-ftpd upstream authors who clarified that some of the issues did not apply, and all were addressed by the version of glob.c in upstream wu-ftpd 2.6.1. Therefore we believe that the issues labelled as CVE-2001-0935 do not affect wu-ftpd 2.6.1 or later versions and therefore do not affect Red Hat Enterprise Linux 2.1. https://www.cve.org/CVERecord?id=CVE-2001-0935 https://nvd.nist.gov/vuln/detail/CVE-2001-0935 2001-07-16T00:00:00 security flaw

slapd in OpenLDAP 1.x before 1.2.12, and 2.x before 2.0.8, allows remote attackers to cause a denial of service (crash) via an invalid Basic Encoding Rules (BER) length field.

Red Hat Linux 6.2 2001-08-09T00:00:00 RHSA-2001:098 Red Hat Linux 7.0 2001-08-09T00:00:00 RHSA-2001:098 Red Hat Linux 7.1 2001-08-09T00:00:00 RHSA-2001:098 https://www.cve.org/CVERecord?id=CVE-2001-0977 https://nvd.nist.gov/vuln/detail/CVE-2001-0977 2001-08-27T00:00:00 security flaw

The default configuration of the DVI print filter (dvips) in Red Hat Linux 7.0 and earlier does not run dvips in secure mode when dvips is executed by lpd, which could allow remote attackers to gain privileges by printing a DVI file that contains malicious commands.

Red Hat Linux 5.2 2001-10-30T00:00:00 RHSA-2001:102 Red Hat Linux 6.2 2001-10-30T00:00:00 RHSA-2001:102 Red Hat Linux 7.0 2001-10-30T00:00:00 RHSA-2001:102 Red Hat Linux 7.0j 2001-10-30T00:00:00 RHSA-2001:102 Red Hat Linux 7.1 2001-10-30T00:00:00 RHSA-2001:102 https://www.cve.org/CVERecord?id=CVE-2001-1002 https://nvd.nist.gov/vuln/detail/CVE-2001-1002 2001-08-09T00:00:00 security flaw

Fetchmail (aka fetchmail-ssl) before 5.8.17 allows a remote malicious (1) IMAP server or (2) POP/POP3 server to overwrite arbitrary memory and possibly gain privileges via a negative index number as part of a response to a LIST request.

Red Hat Linux 5.2 2001-09-10T00:00:00 RHSA-2001:103 Red Hat Linux 6.2 2001-09-10T00:00:00 RHSA-2001:103 Red Hat Linux 7.0 2001-09-10T00:00:00 RHSA-2001:103 Red Hat Linux 7.1 2001-09-10T00:00:00 RHSA-2001:103 https://www.cve.org/CVERecord?id=CVE-2001-1009 https://nvd.nist.gov/vuln/detail/CVE-2001-1009

Apache on Red Hat Linux with with the UserDir directive enabled generates different error codes when a username exists and there is no public_html directory and when the username does not exist, which could allow remote attackers to determine valid usernames on the server.

Red Hat does not consider this flaw to be a security issue. If UserDir is enabled, you can configure httpd to respond with a custom error page and a single error code whether the user exists or not. The UserDir functionality is disabled by default in httpd on Red Hat Enterprise Linux 5, 6, and 7, and is thus not exposed on default installations. https://www.cve.org/CVERecord?id=CVE-2001-1013 https://nvd.nist.gov/vuln/detail/CVE-2001-1013 Important 2001-07-27T00:00:00 security flaw

Format string vulnerability in pic utility in groff 1.16.1 and other versions, and jgroff before 1.15, allows remote attackers to bypass the -S option and execute arbitrary commands via format string specifiers in the plot command.

Red Hat Linux 7.0 2002-01-14T00:00:00 RHSA-2002:004 Red Hat Linux 7.1 2002-01-14T00:00:00 RHSA-2002:004 Red Hat Linux 7.2 2002-01-14T00:00:00 RHSA-2002:004 https://www.cve.org/CVERecord?id=CVE-2001-1022 https://nvd.nist.gov/vuln/detail/CVE-2001-1022 Important 2001-09-21T00:00:00 security flaw

Buffer overflow in ultimate_source function of man 1.5 and earlier allows local users to gain privileges.

Red Hat Linux 5.2 2001-09-18T00:00:00 RHSA-2001:072 Red Hat Linux 6.2 2001-09-18T00:00:00 RHSA-2001:072 Red Hat Linux 7.0 2001-09-18T00:00:00 RHSA-2001:072 Red Hat Linux 7.1 2001-09-18T00:00:00 RHSA-2001:072 https://www.cve.org/CVERecord?id=CVE-2001-1028 https://nvd.nist.gov/vuln/detail/CVE-2001-1028 2001-07-18T00:00:00 security flaw

Squid before 2.3STABLE5 in HTTP accelerator mode does not enable access control lists (ACLs) when the httpd_accel_host and http_accel_with_proxy off settings are used, which allows attackers to bypass the ACLs and conduct unauthorized activities such as port scanning.

Red Hat Linux 7.0 2001-07-19T00:00:00 RHSA-2001:097 https://www.cve.org/CVERecord?id=CVE-2001-1030 https://nvd.nist.gov/vuln/detail/CVE-2001-1030 2001-06-26T00:00:00 security flaw

Icecast 1.3.7, and other versions before 1.3.11 with HTTP server file streaming support enabled allows remote attackers to cause a denial of service (crash) via a URL that ends in . (dot), / (forward slash), or \ (backward slash).

Red Hat Powertools 7.0 2002-04-25T00:00:00 RHSA-2002:063 Red Hat Powertools 7.1 2002-04-25T00:00:00 RHSA-2002:063 https://www.cve.org/CVERecord?id=CVE-2001-1083 https://nvd.nist.gov/vuln/detail/CVE-2001-1083 2001-07-10T00:00:00 security flaw

The Pseudo-Random Number Generator (PRNG) in SSLeay and OpenSSL before 0.9.6b allows attackers to use the output of small PRNG requests to determine the internal state information, which could be used by attackers to predict future pseudo-random numbers.

https://www.cve.org/CVERecord?id=CVE-2001-1141 https://nvd.nist.gov/vuln/detail/CVE-2001-1141 Important 2001-10-08T00:00:00 security flaw

The PAM implementation in /bin/login of the util-linux package before 2.11 causes a password entry to be rewritten across multiple PAM calls, which could provide the credentials of one user to a different user, when used in certain PAM modules such as pam_limits.

Red Hat Linux 7.1 2001-10-16T00:00:00 RHSA-2001:132 Red Hat Linux 7.2 2001-10-16T00:00:00 RHSA-2001:132 https://www.cve.org/CVERecord?id=CVE-2001-1147 https://nvd.nist.gov/vuln/detail/CVE-2001-1147 2001-06-23T00:00:00 security flaw

Directory traversal vulnerability in the %m macro in the smb.conf configuration file in Samba before 2.2.0a allows remote attackers to overwrite certain files via a .. in a NETBIOS name, which is used as the name for a .log file.

Red Hat Linux 5.2 2001-06-26T00:00:00 RHSA-2001:086 Red Hat Linux 6.2 2001-06-26T00:00:00 RHSA-2001:086 Red Hat Linux 7.0 2001-06-26T00:00:00 RHSA-2001:086 Red Hat Linux 7.1 2001-06-26T00:00:00 RHSA-2001:086 https://www.cve.org/CVERecord?id=CVE-2001-1162 https://nvd.nist.gov/vuln/detail/CVE-2001-1162 2001-07-03T00:00:00 security flaw

Buffer overflow in Elm 2.5.5 and earlier allows remote attackers to execute arbitrary code via a long Message-ID header.

Red Hat Linux 5.2 2001-07-16T00:00:00 RHSA-2001:091 Red Hat Linux 6.2 2001-07-16T00:00:00 RHSA-2001:091 Red Hat Linux 7.0 2001-07-16T00:00:00 RHSA-2001:091 Red Hat Linux 7.1 2001-07-16T00:00:00 RHSA-2001:091 https://www.cve.org/CVERecord?id=CVE-2001-1174 https://nvd.nist.gov/vuln/detail/CVE-2001-1174 Moderate 2001-07-12T00:00:00 security flaw

vipw in the util-linux package before 2.10 causes /etc/shadow to be world-readable in some cases, which would make it easier for local users to perform brute force password guessing.

Red Hat Linux 7.1 2001-07-16T00:00:00 RHSA-2001:095 Red Hat Linux 7.1 2001-10-16T00:00:00 RHSA-2001:132 Red Hat Linux 7.2 2001-10-16T00:00:00 RHSA-2001:132 https://www.cve.org/CVERecord?id=CVE-2001-1175 https://nvd.nist.gov/vuln/detail/CVE-2001-1175 Moderate 2001-10-10T00:00:00 security flaw

Zope before 2.2.4 allows partially trusted users to bypass security controls for certain methods by accessing the methods through the fmt attribute of dtml-var tags.

Red Hat Linux 5.2 2001-09-18T00:00:00 RHSA-2001:072 Red Hat Linux 6.2 2001-09-18T00:00:00 RHSA-2001:072 Red Hat Linux 7.0 2001-09-18T00:00:00 RHSA-2001:072 Red Hat Linux 7.1 2001-09-18T00:00:00 RHSA-2001:072 Red Hat Powertools 6.2 2001-10-10T00:00:00 RHSA-2001:115 Red Hat Powertools 7.0 2001-10-10T00:00:00 RHSA-2001:115 Red Hat Powertools 7.1 2001-10-10T00:00:00 RHSA-2001:115 https://www.cve.org/CVERecord?id=CVE-2001-1227 https://nvd.nist.gov/vuln/detail/CVE-2001-1227 2001-03-13T00:00:00 security flaw

Buffer overflows in (1) Icecast before 1.3.9 and (2) libshout before 1.0.4 allow remote attackers to cause a denial of service (crash) and execute arbitrary code.

Red Hat Powertools 7.0 2002-04-25T00:00:00 RHSA-2002:063 Red Hat Powertools 7.1 2002-04-25T00:00:00 RHSA-2002:063 https://www.cve.org/CVERecord?id=CVE-2001-1229 https://nvd.nist.gov/vuln/detail/CVE-2001-1229 2001-03-13T00:00:00 security flaw

Buffer overflows in Icecast before 1.3.10 allow remote attackers to cause a denial of service (crash) and execute arbitrary code.

Red Hat Powertools 7.0 2002-04-25T00:00:00 RHSA-2002:063 Red Hat Powertools 7.1 2002-04-25T00:00:00 RHSA-2002:063 https://www.cve.org/CVERecord?id=CVE-2001-1230 https://nvd.nist.gov/vuln/detail/CVE-2001-1230 Important 2001-06-30T00:00:00 security flaw

PHP 4.0.5 through 4.1.0 in safe mode does not properly cleanse the 5th parameter to the mail() function, which allows local users and possibly remote attackers to execute arbitrary commands via shell metacharacters.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2002-06-26T00:00:00 RHSA-2002:129 Red Hat Linux 7.0 2002-08-20T00:00:00 RHSA-2002:102 Red Hat Linux 7.1 2002-08-20T00:00:00 RHSA-2002:102 Red Hat Linux 7.1 2003-06-30T00:00:00 RHSA-2003:159 Red Hat Linux 7.2 2002-08-20T00:00:00 RHSA-2002:102 Red Hat Linux 7.3 2002-08-20T00:00:00 RHSA-2002:102 https://www.cve.org/CVERecord?id=CVE-2001-1246 https://nvd.nist.gov/vuln/detail/CVE-2001-1246 2001-06-30T00:00:00 security flaw

PHP 4.0.4pl1 and 4.0.5 in safe mode allows remote attackers to read and write files owned by the web server UID by uploading a PHP script that uses the error_log function to access the files.

Red Hat Linux 6.2 2002-02-28T00:00:00 RHSA-2002:035 Red Hat Linux 7.0 2002-02-28T00:00:00 RHSA-2002:035 Red Hat Linux 7.1 2002-02-28T00:00:00 RHSA-2002:035 Red Hat Linux 7.2 2002-02-28T00:00:00 RHSA-2002:035 https://www.cve.org/CVERecord?id=CVE-2001-1247 https://nvd.nist.gov/vuln/detail/CVE-2001-1247 Low 2001-07-12T00:00:00 security flaw

Directory traversal vulnerability in GNU tar 1.13.19 and earlier allows local users to overwrite arbitrary files during archive extraction via a tar file whose filenames contain a .. (dot dot).

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2002-10-02T00:00:00 RHSA-2002:138 Red Hat Linux 6.2 2002-09-29T00:00:00 RHSA-2002:096 Red Hat Linux 7.0 2002-09-29T00:00:00 RHSA-2002:096 Red Hat Linux 7.1 2002-09-29T00:00:00 RHSA-2002:096 Red Hat Linux 7.1 2003-07-01T00:00:00 RHSA-2003:218 Red Hat Linux 7.2 2002-09-29T00:00:00 RHSA-2002:096 Red Hat Linux 7.3 2002-09-29T00:00:00 RHSA-2002:096 https://www.cve.org/CVERecord?id=CVE-2001-1267 https://nvd.nist.gov/vuln/detail/CVE-2001-1267 2001-07-05T00:00:00 security flaw

Directory traversal vulnerability in Info-ZIP UnZip 5.42 and earlier allows attackers to overwrite arbitrary files during archive extraction via a .. (dot dot) in an extracted filename.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2002-10-02T00:00:00 RHSA-2002:138 Red Hat Linux 6.2 2002-09-29T00:00:00 RHSA-2002:096 Red Hat Linux 7.0 2002-09-29T00:00:00 RHSA-2002:096 Red Hat Linux 7.1 2002-09-29T00:00:00 RHSA-2002:096 Red Hat Linux 7.1 2003-07-01T00:00:00 RHSA-2003:218 Red Hat Linux 7.2 2002-09-29T00:00:00 RHSA-2002:096 Red Hat Linux 7.3 2002-09-29T00:00:00 RHSA-2002:096 https://www.cve.org/CVERecord?id=CVE-2001-1268 https://nvd.nist.gov/vuln/detail/CVE-2001-1268 2001-07-05T00:00:00 security flaw

Info-ZIP UnZip 5.42 and earlier allows attackers to overwrite arbitrary files during archive extraction via filenames in the archive that begin with the '/' (slash) character.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2002-10-02T00:00:00 RHSA-2002:138 Red Hat Linux 6.2 2002-09-29T00:00:00 RHSA-2002:096 Red Hat Linux 7.0 2002-09-29T00:00:00 RHSA-2002:096 Red Hat Linux 7.1 2002-09-29T00:00:00 RHSA-2002:096 Red Hat Linux 7.1 2003-07-01T00:00:00 RHSA-2003:218 Red Hat Linux 7.2 2002-09-29T00:00:00 RHSA-2002:096 Red Hat Linux 7.3 2002-09-29T00:00:00 RHSA-2002:096 https://www.cve.org/CVERecord?id=CVE-2001-1269 https://nvd.nist.gov/vuln/detail/CVE-2001-1269 2001-02-08T00:00:00 security flaw

The "mxcsr P4" vulnerability in the Linux kernel before 2.2.17-14, when running on certain Intel CPUs, allows local users to cause a denial of service (system halt).

Red Hat Linux 6.2 2001-02-08T00:00:00 RHSA-2001:013 Red Hat Linux 7.0 2001-02-08T00:00:00 RHSA-2001:013 https://www.cve.org/CVERecord?id=CVE-2001-1273 https://nvd.nist.gov/vuln/detail/CVE-2001-1273 2001-01-19T00:00:00 security flaw

Buffer overflow in MySQL before 3.23.31 allows attackers to cause a denial of service and possibly gain privileges.

Red Hat Linux 7.0 2001-01-18T00:00:00 RHSA-2001:003 https://www.cve.org/CVERecord?id=CVE-2001-1274 https://nvd.nist.gov/vuln/detail/CVE-2001-1274 2001-01-23T00:00:00 security flaw

MySQL before 3.23.31 allows users with a MySQL account to use the SHOW GRANTS command to obtain the encrypted administrator password from the mysql.user table and possibly gain privileges via password cracking.

Red Hat Linux 7.0 2001-01-18T00:00:00 RHSA-2001:003 https://www.cve.org/CVERecord?id=CVE-2001-1275 https://nvd.nist.gov/vuln/detail/CVE-2001-1275 2001-06-04T00:00:00 security flaw

ispell before 3.1.20 allows local users to overwrite files of other users via a symlink attack on a temporary file.

Red Hat Linux 5.2 2001-07-10T00:00:00 RHSA-2001:074 Red Hat Linux 6.2 2001-07-10T00:00:00 RHSA-2001:074 https://www.cve.org/CVERecord?id=CVE-2001-1276 https://nvd.nist.gov/vuln/detail/CVE-2001-1276 2001-06-11T00:00:00 security flaw

makewhatis in the man package before 1.5i2 allows an attacker in group man to overwrite arbitrary files via a man page whose name contains shell metacharacters.

https://www.cve.org/CVERecord?id=CVE-2001-1277 https://nvd.nist.gov/vuln/detail/CVE-2001-1277 2001-10-10T00:00:00 security flaw

Zope before 2.2.4 allows partially trusted users to bypass security controls for certain methods by accessing the methods through the fmt attribute of dtml-var tags.

https://www.cve.org/CVERecord?id=CVE-2001-1278 https://nvd.nist.gov/vuln/detail/CVE-2001-1278 2001-07-09T00:00:00 security flaw

Buffer overflow in print-rx.c of tcpdump 3.x (probably 3.6x) allows remote attackers to cause a denial of service and possibly execute arbitrary code via AFS RPC packets with invalid lengths that trigger an integer signedness error, a different vulnerability than CVE-2000-1026.

Red Hat Linux 6.2 2002-04-09T00:00:00 RHSA-2001:089 Red Hat Linux 7.0 2002-04-09T00:00:00 RHSA-2001:089 Red Hat Linux 7.1 2002-04-09T00:00:00 RHSA-2001:089 Red Hat Linux 7.2 2002-04-09T00:00:00 RHSA-2001:089 https://www.cve.org/CVERecord?id=CVE-2001-1279 https://nvd.nist.gov/vuln/detail/CVE-2001-1279 2001-06-11T00:00:00 security flaw

xinetd 2.1.8 and earlier runs with a default umask of 0, which could allow local users to read or modify files that are created by an application that runs under xinetd but does not set its own safe umask.

Red Hat Linux 7.0 2001-06-07T00:00:00 RHSA-2001:075 Red Hat Linux 7.1 2001-06-07T00:00:00 RHSA-2001:075 https://www.cve.org/CVERecord?id=CVE-2001-1322 https://nvd.nist.gov/vuln/detail/CVE-2001-1322 Critical 2001-04-25T00:00:00 security flaw

Buffer overflow in MIT Kerberos 5 (krb5) 1.2.2 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via base-64 encoded data, which is not properly handled when the radix_encode function processes file glob output from the ftpglob function.

Red Hat Linux 6.2 2001-05-17T00:00:00 RHSA-2001:060 Red Hat Linux 7.0 2001-05-17T00:00:00 RHSA-2001:060 Red Hat Linux 7.1 2001-05-17T00:00:00 RHSA-2001:060 https://www.cve.org/CVERecord?id=CVE-2001-1323 https://nvd.nist.gov/vuln/detail/CVE-2001-1323 2001-03-05T00:00:00 security flaw

Buffer overflows in Linux CUPS before 1.1.6 may allow remote attackers to execute arbitrary code.

Red Hat Powertools 7.0 2002-03-15T00:00:00 RHSA-2002:032 https://www.cve.org/CVERecord?id=CVE-2001-1332 https://nvd.nist.gov/vuln/detail/CVE-2001-1332 2001-03-05T00:00:00 security flaw

Linux CUPS before 1.1.6 does not securely handle temporary files, possibly due to a symlink vulnerability that could allow local users to overwrite files.

Red Hat Powertools 7.0 2002-03-15T00:00:00 RHSA-2002:032 https://www.cve.org/CVERecord?id=CVE-2001-1333 https://nvd.nist.gov/vuln/detail/CVE-2001-1333 2001-05-28T00:00:00 security flaw

Sendmail before 8.11.4, and 8.12.0 before 8.12.0.Beta10, allows local users to cause a denial of service and possibly corrupt the heap and gain privileges via race conditions in signal handlers.

Red Hat Linux 5.2 2001-09-13T00:00:00 RHSA-2001:106 Red Hat Linux 6.2 2001-09-13T00:00:00 RHSA-2001:106 Red Hat Linux 7.0 2001-09-13T00:00:00 RHSA-2001:106 Red Hat Linux 7.1 2001-09-13T00:00:00 RHSA-2001:106 https://www.cve.org/CVERecord?id=CVE-2001-1349 https://nvd.nist.gov/vuln/detail/CVE-2001-1349 2001-12-25T00:00:00 security flaw

Cross-site scripting vulnerability in namazu.cgi for Namazu 2.0.7 and earlier allows remote attackers to execute arbitrary Javascript as other web users via the lang parameter.

Red Hat Linux 7.0j 2002-07-09T00:00:00 RHSA-2001:162 https://www.cve.org/CVERecord?id=CVE-2001-1350 https://nvd.nist.gov/vuln/detail/CVE-2001-1350 2001-12-25T00:00:00 security flaw

Cross-site scripting vulnerability in Namazu 2.0.8 and earlier allows remote attackers to execute arbitrary Javascript as other web users via the index file name that is displayed when displaying hit numbers.

Red Hat Linux 7.0j 2002-07-09T00:00:00 RHSA-2001:162 https://www.cve.org/CVERecord?id=CVE-2001-1351 https://nvd.nist.gov/vuln/detail/CVE-2001-1351 2001-12-27T00:00:00 security flaw

Cross-site scripting vulnerability in Namazu 2.0.9 and earlier allows remote attackers to execute arbitrary Javascript as other web users via an error message that is returned when an invalid index file is specified in the idxname parameter.

Red Hat Linux 7.0j 2002-07-09T00:00:00 RHSA-2001:179 https://www.cve.org/CVERecord?id=CVE-2001-1352 https://nvd.nist.gov/vuln/detail/CVE-2001-1352 2001-09-18T00:00:00 security flaw

ghostscript before 6.51 allows local users to read and write arbitrary files as the 'lp' user via the file operator, even with -dSAFER enabled.

Red Hat Linux 7.2 2001-10-31T00:00:00 RHSA-2001:138 https://www.cve.org/CVERecord?id=CVE-2001-1353 https://nvd.nist.gov/vuln/detail/CVE-2001-1353 2001-02-18T00:00:00 security flaw

expect before 5.32 searches for its libraries in /var/tmp before other directories, which could allow local users to gain root privileges via a Trojan horse library that is accessed by mkpasswd.

Red Hat Linux 7.0 2002-08-12T00:00:00 RHSA-2002:148 Red Hat Linux 7.1 2002-08-12T00:00:00 RHSA-2002:148 https://www.cve.org/CVERecord?id=CVE-2001-1374 https://nvd.nist.gov/vuln/detail/CVE-2001-1374 2001-02-18T00:00:00 security flaw

tcl/tk package (tcltk) 8.3.1 searches for its libraries in the current working directory before other directories, which could allow local users to execute arbitrary code via a Trojan horse library that is under a user-controlled directory.

Red Hat Linux 7.0 2002-08-12T00:00:00 RHSA-2002:148 Red Hat Linux 7.1 2002-08-12T00:00:00 RHSA-2002:148 https://www.cve.org/CVERecord?id=CVE-2001-1375 https://nvd.nist.gov/vuln/detail/CVE-2001-1375 2001-11-13T00:00:00 security flaw

Buffer overflow in digest calculation function of multiple RADIUS implementations allows remote attackers to cause a denial of service and possibly execute arbitrary code via shared secret data.

Red Hat Powertools 7.0 2002-03-06T00:00:00 RHSA-2002:030 Red Hat Powertools 7.1 2002-03-06T00:00:00 RHSA-2002:030 https://www.cve.org/CVERecord?id=CVE-2001-1376 https://nvd.nist.gov/vuln/detail/CVE-2001-1376 2001-11-13T00:00:00 security flaw

Multiple RADIUS implementations do not properly validate the Vendor-Length of the Vendor-Specific attribute, which allows remote attackers to cause a denial of service (crash) via a Vendor-Length that is less than 2.

Red Hat Powertools 7.0 2002-03-06T00:00:00 RHSA-2002:030 Red Hat Powertools 7.1 2002-03-06T00:00:00 RHSA-2002:030 https://www.cve.org/CVERecord?id=CVE-2001-1377 https://nvd.nist.gov/vuln/detail/CVE-2001-1377 2001-03-12T00:00:00 security flaw

fetchmailconf in fetchmail before 5.7.4 allows local users to overwrite files of other users via a symlink attack on temporary files.

Red Hat Linux 5.2 2001-09-10T00:00:00 RHSA-2001:103 Red Hat Linux 6.2 2001-09-10T00:00:00 RHSA-2001:103 Red Hat Linux 7.0 2001-09-10T00:00:00 RHSA-2001:103 Red Hat Linux 7.1 2001-09-10T00:00:00 RHSA-2001:103 https://www.cve.org/CVERecord?id=CVE-2001-1378 https://nvd.nist.gov/vuln/detail/CVE-2001-1378 2001-08-29T00:00:00 security flaw

The PostgreSQL authentication modules (1) mod_auth_pgsql 0.9.5, and (2) mod_auth_pgsql_sys 0.9.4, allow remote attackers to bypass authentication and execute arbitrary SQL via a SQL injection attack on the user name.

Red Hat Linux 7.2 2001-10-24T00:00:00 RHSA-2001:124 https://www.cve.org/CVERecord?id=CVE-2001-1379 https://nvd.nist.gov/vuln/detail/CVE-2001-1379 2001-09-26T00:00:00 security flaw

OpenSSH before 2.9.9, while using keypairs and multiple keys of different types in the ~/.ssh/authorized_keys2 file, may not properly handle the "from" option associated with a key, which could allow remote attackers to login from unauthorized IP addresses.

Red Hat Linux 7.0 2001-10-16T00:00:00 RHSA-2001:114 Red Hat Linux 7.1 2001-10-16T00:00:00 RHSA-2001:114 Red Hat Linux 7.2 2001-10-16T00:00:00 RHSA-2001:114 https://www.cve.org/CVERecord?id=CVE-2001-1380 https://nvd.nist.gov/vuln/detail/CVE-2001-1380 2001-09-19T00:00:00 security flaw

initscript in setserial 2.17-4 and earlier uses predictable temporary file names, which could allow local users to conduct unauthorized operations on files.

Red Hat Linux 7.0 2001-10-02T00:00:00 RHSA-2001:110 Red Hat Linux 7.1 2001-10-02T00:00:00 RHSA-2001:110 https://www.cve.org/CVERecord?id=CVE-2001-1383 https://nvd.nist.gov/vuln/detail/CVE-2001-1383 Important 2001-10-18T00:00:00 security flaw

ptrace in Linux 2.2.x through 2.2.19, and 2.4.x through 2.4.9, allows local users to gain root privileges by running ptrace on a setuid or setgid program that itself calls an unprivileged program, such as newgrp.

Red Hat Linux 6.2 2001-10-18T00:00:00 RHSA-2001:130 Red Hat Linux 7.0 2001-10-18T00:00:00 RHSA-2001:130 Red Hat Linux 7.1 2001-10-23T00:00:00 RHSA-2001:129 Red Hat Linux 7.2 2001-10-23T00:00:00 RHSA-2001:129 https://www.cve.org/CVERecord?id=CVE-2001-1384 https://nvd.nist.gov/vuln/detail/CVE-2001-1384 2001-01-12T00:00:00 security flaw

The Apache module for PHP 4.0.0 through PHP 4.0.4, when disabled with the 'engine = off' option for a virtual host, may disable PHP for other virtual hosts, which could cause Apache to serve the source code of PHP scripts.

Red Hat Linux 5.2 2000-12-20T00:00:00 RHSA-2000:136 Red Hat Linux 6.0 2000-12-20T00:00:00 RHSA-2000:136 Red Hat Linux 6.1 2000-12-20T00:00:00 RHSA-2000:136 Red Hat Linux 6.2 2000-12-20T00:00:00 RHSA-2000:136 Red Hat Linux 7.0 2000-12-20T00:00:00 RHSA-2000:136 https://www.cve.org/CVERecord?id=CVE-2001-1385 https://nvd.nist.gov/vuln/detail/CVE-2001-1385 2001-10-30T00:00:00 security flaw

iptables-save in iptables before 1.2.4 records the "--reject-with icmp-host-prohibited" rule as "--reject-with tcp-reset," which causes iptables to generate different responses than specified by the administrator, possibly leading to an information leak.

Red Hat Linux 7.1 2001-11-07T00:00:00 RHSA-2001:144 Red Hat Linux 7.2 2001-11-07T00:00:00 RHSA-2001:144 https://www.cve.org/CVERecord?id=CVE-2001-1387 https://nvd.nist.gov/vuln/detail/CVE-2001-1387 2001-10-30T00:00:00 security flaw

iptables before 1.2.4 does not accurately convert rate limits that are specified on the command line, which could allow attackers or users to generate more or less traffic than intended by the administrator.

Red Hat Linux 7.1 2001-11-07T00:00:00 RHSA-2001:144 Red Hat Linux 7.2 2001-11-07T00:00:00 RHSA-2001:144 https://www.cve.org/CVERecord?id=CVE-2001-1388 https://nvd.nist.gov/vuln/detail/CVE-2001-1388 2001-08-30T00:00:00 security flaw

Multiple vulnerabilities in xinetd 2.3.0 and earlier, and additional variants until 2.3.3, may allow remote attackers to cause a denial of service or execute arbitrary code, primarily via buffer overflows or improper NULL termination.

Red Hat Linux 7.0 2001-09-10T00:00:00 RHSA-2001:109 Red Hat Linux 7.1 2001-09-10T00:00:00 RHSA-2001:109 https://www.cve.org/CVERecord?id=CVE-2001-1389 https://nvd.nist.gov/vuln/detail/CVE-2001-1389 2001-03-27T00:00:00 security flaw

Unknown vulnerability in binfmt_misc in the Linux kernel before 2.2.19, related to user pages.

Red Hat Linux 6.2 2001-04-10T00:00:00 RHSA-2001:047 Red Hat Linux 7.0 2001-04-10T00:00:00 RHSA-2001:047 https://www.cve.org/CVERecord?id=CVE-2001-1390 https://nvd.nist.gov/vuln/detail/CVE-2001-1390 2001-03-27T00:00:00 security flaw

Off-by-one vulnerability in CPIA driver of Linux kernel before 2.2.19 allows users to modify kernel memory.

Red Hat Linux 6.2 2001-04-10T00:00:00 RHSA-2001:047 Red Hat Linux 7.0 2001-04-10T00:00:00 RHSA-2001:047 https://www.cve.org/CVERecord?id=CVE-2001-1391 https://nvd.nist.gov/vuln/detail/CVE-2001-1391 2001-03-27T00:00:00 security flaw

The Linux kernel before 2.2.19 does not have unregister calls for (1) CPUID and (2) MSR drivers, which could cause a DoS (crash) by unloading and reloading the drivers.

Red Hat Linux 6.2 2001-04-10T00:00:00 RHSA-2001:047 Red Hat Linux 7.0 2001-04-10T00:00:00 RHSA-2001:047 https://www.cve.org/CVERecord?id=CVE-2001-1392 https://nvd.nist.gov/vuln/detail/CVE-2001-1392 2001-03-27T00:00:00 security flaw

Unknown vulnerability in classifier code for Linux kernel before 2.2.19 could result in denial of service (hang).

Red Hat Linux 6.2 2001-04-10T00:00:00 RHSA-2001:047 Red Hat Linux 7.0 2001-04-10T00:00:00 RHSA-2001:047 https://www.cve.org/CVERecord?id=CVE-2001-1393 https://nvd.nist.gov/vuln/detail/CVE-2001-1393 2001-03-27T00:00:00 security flaw

Signedness error in (1) getsockopt and (2) setsockopt for Linux kernel before 2.2.19 allows local users to cause a denial of service.

Red Hat Linux 6.2 2001-04-10T00:00:00 RHSA-2001:047 Red Hat Linux 7.0 2001-04-10T00:00:00 RHSA-2001:047 https://www.cve.org/CVERecord?id=CVE-2001-1394 https://nvd.nist.gov/vuln/detail/CVE-2001-1394 2001-03-27T00:00:00 security flaw

Unknown vulnerability in sockfilter for Linux kernel before 2.2.19 related to "boundary cases," with unknown impact.

Red Hat Linux 6.2 2001-04-10T00:00:00 RHSA-2001:047 Red Hat Linux 7.0 2001-04-10T00:00:00 RHSA-2001:047 https://www.cve.org/CVERecord?id=CVE-2001-1395 https://nvd.nist.gov/vuln/detail/CVE-2001-1395 2001-03-27T00:00:00 security flaw

Unknown vulnerabilities in strnlen_user for Linux kernel before 2.2.19, with unknown impact.

Red Hat Linux 6.2 2001-04-10T00:00:00 RHSA-2001:047 Red Hat Linux 7.0 2001-04-10T00:00:00 RHSA-2001:047 https://www.cve.org/CVERecord?id=CVE-2001-1396 https://nvd.nist.gov/vuln/detail/CVE-2001-1396 2001-03-27T00:00:00 security flaw

The System V (SYS5) shared memory implementation for Linux kernel before 2.2.19 could allow attackers to modify recently freed memory.

Red Hat Linux 6.2 2001-04-10T00:00:00 RHSA-2001:047 Red Hat Linux 7.0 2001-04-10T00:00:00 RHSA-2001:047 https://www.cve.org/CVERecord?id=CVE-2001-1397 https://nvd.nist.gov/vuln/detail/CVE-2001-1397 2001-03-27T00:00:00 security flaw

Masquerading code for Linux kernel before 2.2.19 does not fully check packet lengths in certain cases, which may lead to a vulnerability.

Red Hat Linux 6.2 2001-04-10T00:00:00 RHSA-2001:047 Red Hat Linux 7.0 2001-04-10T00:00:00 RHSA-2001:047 https://www.cve.org/CVERecord?id=CVE-2001-1398 https://nvd.nist.gov/vuln/detail/CVE-2001-1398 2001-03-27T00:00:00 security flaw

Certain operations in Linux kernel before 2.2.19 on the x86 architecture copy the wrong number of bytes, which might allow attackers to modify memory, aka "User access asm bug on x86."

Red Hat Linux 6.2 2001-04-10T00:00:00 RHSA-2001:047 Red Hat Linux 7.0 2001-04-10T00:00:00 RHSA-2001:047 https://www.cve.org/CVERecord?id=CVE-2001-1399 https://nvd.nist.gov/vuln/detail/CVE-2001-1399 2001-03-27T00:00:00 security flaw

Unknown vulnerabilities in the UDP port allocation for Linux kernel before 2.2.19 could allow local users to cause a denial of service (deadlock).

Red Hat Linux 6.2 2001-04-10T00:00:00 RHSA-2001:047 Red Hat Linux 7.0 2001-04-10T00:00:00 RHSA-2001:047 https://www.cve.org/CVERecord?id=CVE-2001-1400 https://nvd.nist.gov/vuln/detail/CVE-2001-1400 2001-08-29T00:00:00 security flaw

Bugzilla before 2.14 does not properly restrict access to confidential bugs, which could allow Bugzilla users to bypass viewing permissions via modified bug id parameters in (1) process_bug.cgi, (2) show_activity.cgi, (3) showvotes.cgi, (4) showdependencytree.cgi, (5) showdependencygraph.cgi, (6) showattachment.cgi, or (7) describecomponents.cgi.

Red Hat Powertools 7.0 2001-09-10T00:00:00 RHSA-2001:107 Red Hat Powertools 7.1 2001-09-10T00:00:00 RHSA-2001:107 https://www.cve.org/CVERecord?id=CVE-2001-1401 https://nvd.nist.gov/vuln/detail/CVE-2001-1401 2001-08-29T00:00:00 security flaw

Bugzilla before 2.14 does not properly escape untrusted parameters, which could allow remote attackers to conduct unauthorized activities via cross-site scripting (CSS) and possibly SQL injection attacks on (1) the product or output form variables for reports.cgi, (2) the voteon, bug_id, and user variables for showvotes.cgi, (3) an invalid email address in createaccount.cgi, (4) an invalid ID in showdependencytree.cgi, (5) invalid usernames and other fields in process_bug.cgi, and (6) error messages in buglist.cgi.

Red Hat Powertools 7.0 2001-09-10T00:00:00 RHSA-2001:107 Red Hat Powertools 7.1 2001-09-10T00:00:00 RHSA-2001:107 https://www.cve.org/CVERecord?id=CVE-2001-1402 https://nvd.nist.gov/vuln/detail/CVE-2001-1402 2001-08-29T00:00:00 security flaw

Bugzilla before 2.14 includes the username and password in URLs, which could allow attackers to gain privileges by reading the information from the web server logs, or by "shoulder-surfing" and observing the web browser's location bar.

Red Hat Powertools 7.0 2001-09-10T00:00:00 RHSA-2001:107 Red Hat Powertools 7.1 2001-09-10T00:00:00 RHSA-2001:107 https://www.cve.org/CVERecord?id=CVE-2001-1403 https://nvd.nist.gov/vuln/detail/CVE-2001-1403 2001-08-29T00:00:00 security flaw

Bugzilla before 2.14 stores user passwords in plaintext and sends password requests in an email message, which could allow attackers to gain privileges.

Red Hat Powertools 7.0 2001-09-10T00:00:00 RHSA-2001:107 Red Hat Powertools 7.1 2001-09-10T00:00:00 RHSA-2001:107 https://www.cve.org/CVERecord?id=CVE-2001-1404 https://nvd.nist.gov/vuln/detail/CVE-2001-1404 2001-08-29T00:00:00 security flaw

Bugzilla before 2.14 does not restrict access to sanitycheck.cgi, which allows local users to cause a denial of service (CPU consumption) via a flood of requests to sanitycheck.cgi.

Red Hat Powertools 7.0 2001-09-10T00:00:00 RHSA-2001:107 Red Hat Powertools 7.1 2001-09-10T00:00:00 RHSA-2001:107 https://www.cve.org/CVERecord?id=CVE-2001-1405 https://nvd.nist.gov/vuln/detail/CVE-2001-1405 2001-08-29T00:00:00 security flaw

process_bug.cgi in Bugzilla before 2.14 does not set the "groupset" bit when a bug is moved between product groups, which will cause the bug to have the old group's restrictions, which might not be as stringent.

Red Hat Powertools 7.0 2001-09-10T00:00:00 RHSA-2001:107 Red Hat Powertools 7.1 2001-09-10T00:00:00 RHSA-2001:107 https://www.cve.org/CVERecord?id=CVE-2001-1406 https://nvd.nist.gov/vuln/detail/CVE-2001-1406 2001-08-29T00:00:00 security flaw

Bugzilla before 2.14 allows Bugzilla users to bypass group security checks by marking a bug as the duplicate of a restricted bug, which adds the user to the CC list of the restricted bug and allows the user to view the bug.

Red Hat Powertools 7.0 2001-09-10T00:00:00 RHSA-2001:107 Red Hat Powertools 7.1 2001-09-10T00:00:00 RHSA-2001:107 https://www.cve.org/CVERecord?id=CVE-2001-1407 https://nvd.nist.gov/vuln/detail/CVE-2001-1407 Low 2001-08-28T00:00:00 security flaw

dexconf in XFree86 Xserver 4.1.0-2 creates the /dev/dri directory with insecure permissions (666), which allows local users to replace or create files in the root file system.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2003-06-25T00:00:00 RHSA-2003:065 Red Hat Enterprise Linux ES version 2.1 2003-06-25T00:00:00 RHSA-2003:065 Red Hat Enterprise Linux WS version 2.1 2003-06-25T00:00:00 RHSA-2003:065 Red Hat Linux 7.1 2003-06-25T00:00:00 RHSA-2003:064 Red Hat Linux 7.2 2003-06-25T00:00:00 RHSA-2003:064 Red Hat Linux 7.3 2003-06-25T00:00:00 RHSA-2003:066 Red Hat Linux 8.0 2003-06-25T00:00:00 RHSA-2003:067 Red Hat Linux Advanced Workstation 2.1 2003-06-25T00:00:00 RHSA-2003:065 https://www.cve.org/CVERecord?id=CVE-2001-1409 https://nvd.nist.gov/vuln/detail/CVE-2001-1409 Moderate 2001-11-20T00:00:00 security flaw

Stack-based buffer overflow in the comprexx function for ncompress 4.2.4 and earlier, when used in situations that cross security boundaries (such as FTP server), may allow remote attackers to execute arbitrary code via a long filename argument.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2004-12-13T00:00:00 RHSA-2004:536 Red Hat Enterprise Linux ES version 2.1 2004-12-13T00:00:00 RHSA-2004:536 Red Hat Enterprise Linux WS version 2.1 2004-12-13T00:00:00 RHSA-2004:536 Red Hat Linux Advanced Workstation 2.1 2004-12-13T00:00:00 RHSA-2004:536 https://www.cve.org/CVERecord?id=CVE-2001-1413 https://nvd.nist.gov/vuln/detail/CVE-2001-1413

The SSH-1 protocol allows remote servers to conduct man-in-the-middle attacks and replay a client challenge response to a target server by creating a Session ID that matches the Session ID of the target, but which uses a public key pair that is weaker than the target's public key, which allows the attacker to compute the corresponding private key and use the target's Session ID with the compromised key pair to masquerade as the target.

This issue affects the version of the openssh as shipped with Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this issue as having low security impact. This issue is not currently planned to be addressed in future openssh updates for Red Hat Enterprise Linux 4. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/. This issue did not affect the versions of openssh as shipped with Red Hat Enterprise Linux 5 and 6, since it is SSH-1 protocol specific and those versions did not enable SSH-1 protocol support in the default configuration. https://www.cve.org/CVERecord?id=CVE-2001-1473 https://nvd.nist.gov/vuln/detail/CVE-2001-1473 Low 2001-12-12T00:00:00 security flaw

script command in the util-linux package before 2.11n allows local users to overwrite arbitrary files by setting a hardlink from the typescript log file to any file on the system, then having root execute the script command.

Red Hat Enterprise Linux 3 2005-10-11T00:00:00 RHSA-2005:782 util-linux-0:2.11y-31.11 Red Hat Enterprise Linux 4 2005-10-11T00:00:00 RHSA-2005:782 util-linux-0:2.12a-16.EL4.12 https://www.cve.org/CVERecord?id=CVE-2001-1494 https://nvd.nist.gov/vuln/detail/CVE-2001-1494

OpenSSH before 3.0.1 with Kerberos V enabled does not properly authenticate users, which could allow remote attackers to login unchallenged.

Not vulnerable. This issue did not affect the versions of OpenSSH as shipped with Red Hat Enterprise Linux 2.1, 3, or 4. https://www.cve.org/CVERecord?id=CVE-2001-1507 https://nvd.nist.gov/vuln/detail/CVE-2001-1507

mod_usertrack in Apache 1.3.11 through 1.3.20 generates session ID's using predictable information including host IP address, system time and server process ID, which allows local users to obtain session ID's and bypass authentication when these session ID's are used for authentication.

This is not a security issue. The mod_usertrack cookies are not designed to be used for authentication. https://www.cve.org/CVERecord?id=CVE-2001-1534 https://nvd.nist.gov/vuln/detail/CVE-2001-1534 Low 2001-12-31T00:00:00 httpd: log files contain information directly supplied by clients and does not filter or quote control characters 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CWE-532

The log files in Apache web server contain information directly supplied by clients and does not filter or quote control characters, which could allow remote attackers to hide HTTP requests and spoof source IP addresses when logs are viewed with UNIX programs such as cat, tail, and grep.

This is a duplicate CVE name and is a combination of CVE-2003-0020 and CVE-2003-0083. Red Hat Enterprise Linux 5 Not affected httpd Red Hat Enterprise Linux 6 Not affected httpd Red Hat Enterprise Linux 7 Not affected httpd Red Hat Enterprise Linux 8 Not affected httpd:2.4/httpd Red Hat JBoss Core Services Not affected httpd Red Hat JBoss Enterprise Web Server 2 Not affected httpd Red Hat JBoss Enterprise Web Server 2 Not affected httpd22 Red Hat Software Collections Not affected httpd24-httpd https://www.cve.org/CVERecord?id=CVE-2001-1556 https://nvd.nist.gov/vuln/detail/CVE-2001-1556 Moderate 2002-08-27T00:00:00 security flaw

The MAC module in Netfilter in Linux kernel 2.4.1 through 2.4.11, when configured to filter based on MAC addresses, allows remote attackers to bypass packet filters via small packets.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2003-06-19T00:00:00 RHSA-2003:195 Red Hat Enterprise Linux ES version 2.1 2003-06-19T00:00:00 RHSA-2003:195 Red Hat Enterprise Linux WS version 2.1 2003-06-19T00:00:00 RHSA-2003:195 https://www.cve.org/CVERecord?id=CVE-2001-1572 https://nvd.nist.gov/vuln/detail/CVE-2001-1572 Low 2001-01-05T00:00:00 a2ps: insecure temporary file use 2.1 AV:L/AC:L/Au:N/C:N/I:P/A:N (CWE-377|CWE-367)

The tempname_ensure function in lib/routines.h in a2ps 4.14 and earlier, as used by the spy_user function and possibly other functions, allows local users to modify arbitrary files via a symlink attack on a temporary file.

Red Hat Enterprise Linux 5 Not affected a2ps Red Hat Enterprise Linux 6 Not affected a2ps Red Hat Enterprise Linux 7 Not affected a2ps https://www.cve.org/CVERecord?id=CVE-2001-1593 https://nvd.nist.gov/vuln/detail/CVE-2001-1593 2002-01-01T00:00:00 security flaw

Vulnerability in RFC822 address parser in mutt before 1.2.5.1 and mutt 1.3.x before 1.3.25 allows remote attackers to execute arbitrary commands via an improperly terminated comment or phrase in the address list.

Red Hat Linux 6.2 2002-01-07T00:00:00 RHSA-2002:003 Red Hat Linux 7.0 2002-01-07T00:00:00 RHSA-2002:003 Red Hat Linux 7.0j 2002-01-07T00:00:00 RHSA-2002:003 Red Hat Linux 7.1 2002-01-07T00:00:00 RHSA-2002:003 Red Hat Linux 7.2 2002-01-07T00:00:00 RHSA-2002:003 https://www.cve.org/CVERecord?id=CVE-2002-0001 https://nvd.nist.gov/vuln/detail/CVE-2002-0001 2001-12-18T00:00:00 security flaw

Format string vulnerability in stunnel before 3.22 when used in client mode for (1) smtp, (2) pop, or (3) nntp allows remote malicious servers to execute arbitrary code.

Red Hat Linux 7.2 2002-01-07T00:00:00 RHSA-2002:002 https://www.cve.org/CVERecord?id=CVE-2002-0002 https://nvd.nist.gov/vuln/detail/CVE-2002-0002 Important 2002-01-14T00:00:00 security flaw

Buffer overflow in the preprocessor in groff 1.16 and earlier allows remote attackers to gain privileges via lpd in the LPRng printing system.

Red Hat Linux 7.0 2002-01-14T00:00:00 RHSA-2002:004 Red Hat Linux 7.1 2002-01-14T00:00:00 RHSA-2002:004 Red Hat Linux 7.2 2002-01-14T00:00:00 RHSA-2002:004 https://www.cve.org/CVERecord?id=CVE-2002-0003 https://nvd.nist.gov/vuln/detail/CVE-2002-0003 2002-01-17T00:00:00 security flaw

Heap corruption vulnerability in the "at" program allows local users to execute arbitrary code via a malformed execution time, which causes at to free the same memory twice.

Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Red Hat Linux 6.2 2002-01-23T00:00:00 RHSA-2002:015 Red Hat Linux 7.0 2002-01-23T00:00:00 RHSA-2002:015 Red Hat Linux 7.1 2002-01-23T00:00:00 RHSA-2002:015 Red Hat Linux 7.2 2002-01-23T00:00:00 RHSA-2002:015 https://www.cve.org/CVERecord?id=CVE-2002-0004 https://nvd.nist.gov/vuln/detail/CVE-2002-0004 2002-01-09T00:00:00 security flaw

XChat 1.8.7 and earlier, including default configurations of 1.4.2 and 1.4.3, allows remote attackers to execute arbitrary IRC commands as other clients via encoded characters in a PRIVMSG command that calls CTCP PING, which expands the characters in the client response when the percascii variable is set.

Red Hat Linux 6.2 2002-01-15T00:00:00 RHSA-2002:005 Red Hat Linux 7.0 2002-01-15T00:00:00 RHSA-2002:005 Red Hat Linux 7.1 2002-01-15T00:00:00 RHSA-2002:005 Red Hat Linux 7.2 2002-01-15T00:00:00 RHSA-2002:005 https://www.cve.org/CVERecord?id=CVE-2002-0006 https://nvd.nist.gov/vuln/detail/CVE-2002-0006 2002-01-05T00:00:00 security flaw

CGI.pl in Bugzilla before 2.14.1, when using LDAP, allows remote attackers to obtain an anonymous bind to the LDAP server via a request that does not include a password, which causes a null password to be sent to the LDAP server.

Red Hat Powertools 7.0 2002-01-15T00:00:00 RHSA-2002:001 Red Hat Powertools 7.1 2002-01-15T00:00:00 RHSA-2002:001 https://www.cve.org/CVERecord?id=CVE-2002-0007 https://nvd.nist.gov/vuln/detail/CVE-2002-0007 2002-01-05T00:00:00 security flaw

Bugzilla before 2.14.1 allows remote attackers to (1) spoof a user comment via an HTTP request to process_bug.cgi using the "who" parameter, instead of the Bugzilla_login cookie, or (2) post a bug as another user by modifying the reporter parameter to enter_bug.cgi, which is passed to post_bug.cgi.

Red Hat Powertools 7.0 2002-01-15T00:00:00 RHSA-2002:001 Red Hat Powertools 7.1 2002-01-15T00:00:00 RHSA-2002:001 https://www.cve.org/CVERecord?id=CVE-2002-0008 https://nvd.nist.gov/vuln/detail/CVE-2002-0008 2002-01-05T00:00:00 security flaw

show_bug.cgi in Bugzilla before 2.14.1 allows a user with "Bugs Access" privileges to see other products that are not accessible to the user, by submitting a bug and reading the resulting Product pulldown menu.

Red Hat Powertools 7.0 2002-01-15T00:00:00 RHSA-2002:001 Red Hat Powertools 7.1 2002-01-15T00:00:00 RHSA-2002:001 https://www.cve.org/CVERecord?id=CVE-2002-0009 https://nvd.nist.gov/vuln/detail/CVE-2002-0009 2002-01-05T00:00:00 security flaw

Bugzilla before 2.14.1 allows remote attackers to inject arbitrary SQL code and create files or gain privileges via (1) the sql parameter in buglist.cgi, (2) invalid field names from the "boolean chart" query in buglist.cgi, (3) the mybugslink parameter in userprefs.cgi, (4) a malformed bug ID in the buglist parameter in long_list.cgi, and (5) the value parameter in editusers.cgi, which allows groupset privileges to be modified by attackers with blessgroupset privileges.

Red Hat Powertools 7.0 2002-01-15T00:00:00 RHSA-2002:001 Red Hat Powertools 7.1 2002-01-15T00:00:00 RHSA-2002:001 https://www.cve.org/CVERecord?id=CVE-2002-0010 https://nvd.nist.gov/vuln/detail/CVE-2002-0010 2002-01-05T00:00:00 security flaw

Information leak in doeditvotes.cgi in Bugzilla before 2.14.1 may allow remote attackers to more easily conduct attacks on the login.

Red Hat Powertools 7.0 2002-01-15T00:00:00 RHSA-2002:001 Red Hat Powertools 7.1 2002-01-15T00:00:00 RHSA-2002:001 https://www.cve.org/CVERecord?id=CVE-2002-0011 https://nvd.nist.gov/vuln/detail/CVE-2002-0011 2002-02-12T00:00:00 security flaw

Vulnerabilities in a large number of SNMP implementations allow remote attackers to cause a denial of service or gain privileges via SNMPv1 trap handling, as demonstrated by the PROTOS c06-SNMPv1 test suite. NOTE: It is highly likely that this candidate will be SPLIT into multiple candidates, one or more for each vendor. This and other SNMP-related candidates will be updated when more accurate information is available.

Red Hat Linux 6.2 2002-02-12T00:00:00 RHSA-2001:163 Red Hat Linux 7.0 2002-02-12T00:00:00 RHSA-2001:163 Red Hat Linux 7.1 2002-02-12T00:00:00 RHSA-2001:163 Red Hat Linux 7.2 2002-02-12T00:00:00 RHSA-2001:163 Red Hat Linux 7.2 2002-06-06T00:00:00 RHSA-2002:088 Red Hat Linux 7.3 2002-06-06T00:00:00 RHSA-2002:088 Red Hat Powertools 6.2 2002-09-13T00:00:00 RHSA-2002:036 Red Hat Powertools 7.0 2002-09-13T00:00:00 RHSA-2002:036 Red Hat Powertools 7.1 2002-09-13T00:00:00 RHSA-2002:036 https://www.cve.org/CVERecord?id=CVE-2002-0012 https://nvd.nist.gov/vuln/detail/CVE-2002-0012 2002-02-12T00:00:00 security flaw

Vulnerabilities in the SNMPv1 request handling of a large number of SNMP implementations allow remote attackers to cause a denial of service or gain privileges via (1) GetRequest, (2) GetNextRequest, and (3) SetRequest messages, as demonstrated by the PROTOS c06-SNMPv1 test suite. NOTE: It is highly likely that this candidate will be SPLIT into multiple candidates, one or more for each vendor. This and other SNMP-related candidates will be updated when more accurate information is available.

Red Hat Linux 6.2 2002-02-12T00:00:00 RHSA-2001:163 Red Hat Linux 7.0 2002-02-12T00:00:00 RHSA-2001:163 Red Hat Linux 7.1 2002-02-12T00:00:00 RHSA-2001:163 Red Hat Linux 7.2 2002-02-12T00:00:00 RHSA-2001:163 Red Hat Linux 7.2 2002-06-06T00:00:00 RHSA-2002:088 Red Hat Linux 7.3 2002-06-06T00:00:00 RHSA-2002:088 Red Hat Powertools 6.2 2002-09-13T00:00:00 RHSA-2002:036 Red Hat Powertools 7.0 2002-09-13T00:00:00 RHSA-2002:036 Red Hat Powertools 7.1 2002-09-13T00:00:00 RHSA-2002:036 https://www.cve.org/CVERecord?id=CVE-2002-0013 https://nvd.nist.gov/vuln/detail/CVE-2002-0013 2002-01-05T00:00:00 security flaw

URL-handling code in Pine 4.43 and earlier allows remote attackers to execute arbitrary commands via a URL enclosed in single quotes and containing shell metacharacters (&).

Red Hat Linux 6.2 2002-01-15T00:00:00 RHSA-2002:009 Red Hat Linux 7.0 2002-01-15T00:00:00 RHSA-2002:009 Red Hat Linux 7.1 2002-01-15T00:00:00 RHSA-2002:009 Red Hat Linux 7.2 2002-01-15T00:00:00 RHSA-2002:009 https://www.cve.org/CVERecord?id=CVE-2002-0014 https://nvd.nist.gov/vuln/detail/CVE-2002-0014 Important 2002-11-12T00:00:00 security flaw

Buffer overflows in the DNS stub resolver library in ISC BIND 4.9.2 through 4.9.10, and other derived libraries such as BSD libc and GNU glibc, allow remote attackers to execute arbitrary code via DNS server responses that trigger the overflow in the (1) getnetbyname, or (2) getnetbyaddr functions, aka "LIBRESOLV: buffer overrun" and a different vulnerability than CVE-2002-0684.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2004-08-04T00:00:00 RHSA-2004:383 Red Hat Enterprise Linux ES version 2.1 2004-08-04T00:00:00 RHSA-2004:383 Red Hat Enterprise Linux WS version 2.1 2004-08-04T00:00:00 RHSA-2004:383 Red Hat Linux Advanced Workstation 2.1 2004-08-04T00:00:00 RHSA-2004:383 https://www.cve.org/CVERecord?id=CVE-2002-0029 https://nvd.nist.gov/vuln/detail/CVE-2002-0029 Important 2003-01-29T00:00:00 security flaw

Integer signedness error in MIT Kerberos V5 ASN.1 decoder before krb5 1.2.5 allows remote attackers to cause a denial of service via a large unsigned data element length, which is later used as a negative value.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2003-03-27T00:00:00 RHSA-2003:052 Red Hat Enterprise Linux ES version 2.1 2003-03-27T00:00:00 RHSA-2003:052 Red Hat Enterprise Linux WS version 2.1 2003-03-27T00:00:00 RHSA-2003:052 Red Hat Linux 6.2 2003-03-26T00:00:00 RHSA-2003:051 Red Hat Linux 7.0 2003-03-26T00:00:00 RHSA-2003:051 Red Hat Linux 7.1 2003-03-26T00:00:00 RHSA-2003:051 Red Hat Linux 7.1 2003-04-29T00:00:00 RHSA-2003:168 Red Hat Linux 7.2 2003-03-26T00:00:00 RHSA-2003:051 Red Hat Linux 7.3 2003-03-26T00:00:00 RHSA-2003:051 Red Hat Linux 8.0 2003-03-26T00:00:00 RHSA-2003:051 Red Hat Linux Advanced Workstation 2.1 2003-03-27T00:00:00 RHSA-2003:052 https://www.cve.org/CVERecord?id=CVE-2002-0036 https://nvd.nist.gov/vuln/detail/CVE-2002-0036 2002-01-14T00:00:00 security flaw

sudo 1.6.0 through 1.6.3p7 does not properly clear the environment before calling the mail program, which could allow local users to gain root privileges by modifying environment variables and changing how the mail program is invoked.

Red Hat Linux 7.0 2002-01-15T00:00:00 RHSA-2002:011 Red Hat Linux 7.1 2002-01-15T00:00:00 RHSA-2002:011 Red Hat Linux 7.2 2002-01-15T00:00:00 RHSA-2002:011 Red Hat Powertools 6.2 2002-01-15T00:00:00 RHSA-2002:013 https://www.cve.org/CVERecord?id=CVE-2002-0043 https://nvd.nist.gov/vuln/detail/CVE-2002-0043 2002-01-14T00:00:00 security flaw

GNU Enscript 1.6.1 and earlier allows local users to overwrite arbitrary files of the Enscript user via a symlink attack on temporary files.

Red Hat Linux 6.0 2002-01-18T00:00:00 RHSA-2002:012 Red Hat Linux 6.1 2002-01-18T00:00:00 RHSA-2002:012 Red Hat Linux 6.2 2002-01-18T00:00:00 RHSA-2002:012 Red Hat Linux 7.0 2002-01-18T00:00:00 RHSA-2002:012 Red Hat Linux 7.1 2002-01-18T00:00:00 RHSA-2002:012 Red Hat Linux 7.2 2002-01-18T00:00:00 RHSA-2002:012 https://www.cve.org/CVERecord?id=CVE-2002-0044 https://nvd.nist.gov/vuln/detail/CVE-2002-0044 2002-01-14T00:00:00 security flaw

slapd in OpenLDAP 2.0 through 2.0.19 allows local users, and anonymous users before 2.0.8, to conduct a "replace" action on access controls without any values, which causes OpenLDAP to delete non-mandatory attributes that would otherwise be protected by ACLs.

Red Hat Linux 7.0 2002-01-23T00:00:00 RHSA-2002:014 Red Hat Linux 7.1 2002-01-23T00:00:00 RHSA-2002:014 Red Hat Linux 7.2 2002-01-23T00:00:00 RHSA-2002:014 https://www.cve.org/CVERecord?id=CVE-2002-0045 https://nvd.nist.gov/vuln/detail/CVE-2002-0045 Important 2002-01-20T00:00:00 security flaw

Linux kernel, and possibly other operating systems, allows remote attackers to read portions of memory via a series of fragmented ICMP packets that generate an ICMP TTL Exceeded response, which includes portions of the memory in the response packet.

Red Hat Linux 7.1 2002-01-24T00:00:00 RHSA-2002:007 Red Hat Linux 7.2 2002-01-24T00:00:00 RHSA-2002:007 https://www.cve.org/CVERecord?id=CVE-2002-0046 https://nvd.nist.gov/vuln/detail/CVE-2002-0046 2002-01-07T00:00:00 security flaw

CIPE VPN package before 1.3.0-3 allows remote attackers to cause a denial of service (crash) via a short malformed packet.

Red Hat Linux 7.1 2002-01-24T00:00:00 RHSA-2002:007 Red Hat Linux 7.2 2002-01-24T00:00:00 RHSA-2002:007 https://www.cve.org/CVERecord?id=CVE-2002-0047 https://nvd.nist.gov/vuln/detail/CVE-2002-0047 2002-01-25T00:00:00 security flaw

Multiple signedness errors (mixed signed and unsigned numbers) in the I/O functions of rsync 2.4.6, 2.3.2, and other versions allow remote attackers to cause a denial of service and execute arbitrary code in the rsync client or server.

Red Hat Linux 6.2 2002-01-25T00:00:00 RHSA-2002:018 Red Hat Linux 7.0 2002-01-25T00:00:00 RHSA-2002:018 Red Hat Linux 7.1 2002-01-25T00:00:00 RHSA-2002:018 Red Hat Linux 7.2 2002-01-25T00:00:00 RHSA-2002:018 https://www.cve.org/CVERecord?id=CVE-2002-0048 https://nvd.nist.gov/vuln/detail/CVE-2002-0048 Moderate 2002-03-09T00:00:00 zlib: Double free in inflateEnd 7.0 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CWE-416

The decompression algorithm in zlib 1.1.3 and earlier, as used in many different utilities and packages, causes inflateEnd to release certain memory more than once (a "double free"), which may allow local and remote attackers to execute arbitrary code via a block of malformed compression data.

Red Hat Linux 6.2 2002-03-11T00:00:00 RHSA-2002:026 Red Hat Linux 7.0 2002-03-11T00:00:00 RHSA-2002:026 Red Hat Linux 7.1 2002-03-11T00:00:00 RHSA-2002:026 Red Hat Linux 7.2 2002-03-11T00:00:00 RHSA-2002:026 Red Hat Powertools 6.2 2002-03-11T00:00:00 RHSA-2002:027 Red Hat Powertools 7.0 2002-03-11T00:00:00 RHSA-2002:027 Red Hat Powertools 7.1 2002-03-11T00:00:00 RHSA-2002:027 Red Hat Enterprise Linux 6 Not affected zlib Red Hat Enterprise Linux 7 Not affected zlib Red Hat Enterprise Linux 8 Not affected zlib Red Hat Enterprise Linux 9 Not affected zlib Red Hat JBoss Enterprise Application Platform 6 Not affected zlib Red Hat Software Collections Not affected rh-nodejs12-nodejs Red Hat Software Collections Not affected rh-nodejs14-nodejs https://www.cve.org/CVERecord?id=CVE-2002-0059 https://nvd.nist.gov/vuln/detail/CVE-2002-0059 Important 2002-02-27T00:00:00 security flaw

IRC connection tracking helper module in the netfilter subsystem for Linux 2.4.18-pre9 and earlier does not properly set the mask for conntrack expectations for incoming DCC connections, which could allow remote attackers to bypass intended firewall restrictions.

Red Hat Linux 7.1 2002-02-27T00:00:00 RHSA-2002:028 Red Hat Linux 7.2 2002-02-27T00:00:00 RHSA-2002:028 https://www.cve.org/CVERecord?id=CVE-2002-0060 https://nvd.nist.gov/vuln/detail/CVE-2002-0060

Apache for Win32 before 1.3.24, and 2.0.x before 2.0.34-beta, allows remote attackers to execute arbitrary commands via shell metacharacters (a | pipe character) provided as arguments to batch (.bat) or .cmd scripts, which are sent unfiltered to the shell interpreter, typically cmd.exe.

Not vulnerable. This flaw is specific to Apache HTTP server on Windows platforms. https://www.cve.org/CVERecord?id=CVE-2002-0061 https://nvd.nist.gov/vuln/detail/CVE-2002-0061 2002-02-18T00:00:00 security flaw

Buffer overflow in ncurses 5.0, and the ncurses4 compatibility package as used in Red Hat Linux, allows local users to gain privileges, related to "routines for moving the physical cursor and scrolling."

Red Hat Linux 7.0 2002-02-21T00:00:00 RHSA-2002:020 Red Hat Linux 7.1 2002-02-21T00:00:00 RHSA-2002:020 Red Hat Linux 7.2 2002-02-21T00:00:00 RHSA-2002:020 https://www.cve.org/CVERecord?id=CVE-2002-0062 https://nvd.nist.gov/vuln/detail/CVE-2002-0062 2002-02-13T00:00:00 security flaw

Buffer overflow in ippRead function of CUPS before 1.1.14 may allow attackers to execute arbitrary code via long attribute names or language values.

Red Hat Powertools 7.0 2002-03-15T00:00:00 RHSA-2002:032 https://www.cve.org/CVERecord?id=CVE-2002-0063 https://nvd.nist.gov/vuln/detail/CVE-2002-0063 2002-02-21T00:00:00 security flaw

Squid 2.4 STABLE3 and earlier does not properly disable HTCP, even when "htcp_port 0" is specified in squid.conf, which could allow remote attackers to bypass intended access restrictions.

Red Hat Linux 6.2 2002-02-26T00:00:00 RHSA-2002:029 Red Hat Linux 7.0 2002-02-26T00:00:00 RHSA-2002:029 Red Hat Linux 7.1 2002-02-26T00:00:00 RHSA-2002:029 Red Hat Linux 7.2 2002-02-26T00:00:00 RHSA-2002:029 https://www.cve.org/CVERecord?id=CVE-2002-0067 https://nvd.nist.gov/vuln/detail/CVE-2002-0067 2002-02-21T00:00:00 security flaw

Squid 2.4 STABLE3 and earlier allows remote attackers to cause a denial of service (core dump) and possibly execute arbitrary code with an ftp:// URL with a larger number of special characters, which exceed the buffer when Squid URL-escapes the characters.

Red Hat Linux 6.2 2002-02-26T00:00:00 RHSA-2002:029 Red Hat Linux 7.0 2002-02-26T00:00:00 RHSA-2002:029 Red Hat Linux 7.1 2002-02-26T00:00:00 RHSA-2002:029 Red Hat Linux 7.2 2002-02-26T00:00:00 RHSA-2002:029 https://www.cve.org/CVERecord?id=CVE-2002-0068 https://nvd.nist.gov/vuln/detail/CVE-2002-0068 2002-02-21T00:00:00 security flaw

Memory leak in SNMP in Squid 2.4 STABLE3 and earlier allows remote attackers to cause a denial of service.

Red Hat Linux 6.2 2002-02-26T00:00:00 RHSA-2002:029 Red Hat Linux 7.0 2002-02-26T00:00:00 RHSA-2002:029 Red Hat Linux 7.1 2002-02-26T00:00:00 RHSA-2002:029 Red Hat Linux 7.2 2002-02-26T00:00:00 RHSA-2002:029 https://www.cve.org/CVERecord?id=CVE-2002-0069 https://nvd.nist.gov/vuln/detail/CVE-2002-0069 2002-03-11T00:00:00 security flaw

rsync, when running in daemon mode, does not properly call setgroups before dropping privileges, which could provide supplemental group privileges to local users, who could then read certain files that would otherwise be disallowed.

Red Hat Linux 6.2 2002-03-11T00:00:00 RHSA-2002:026 Red Hat Linux 7.0 2002-03-11T00:00:00 RHSA-2002:026 Red Hat Linux 7.1 2002-03-11T00:00:00 RHSA-2002:026 Red Hat Linux 7.2 2002-03-11T00:00:00 RHSA-2002:026 https://www.cve.org/CVERecord?id=CVE-2002-0080 https://nvd.nist.gov/vuln/detail/CVE-2002-0080 Critical 2002-02-27T00:00:00 security flaw

Buffer overflows in (1) php_mime_split in PHP 4.1.0, 4.1.1, and 4.0.6 and earlier, and (2) php3_mime_split in PHP 3.0.x allows remote attackers to execute arbitrary code via a multipart/form-data HTTP POST request when file_uploads is enabled.

Red Hat Linux 6.2 2002-02-28T00:00:00 RHSA-2002:035 Red Hat Linux 7.0 2002-02-28T00:00:00 RHSA-2002:035 Red Hat Linux 7.1 2002-02-28T00:00:00 RHSA-2002:035 Red Hat Linux 7.2 2002-02-28T00:00:00 RHSA-2002:035 Red Hat Stronghold 3 2002-02-28T00:00:00 RHSA-2002:040 https://www.cve.org/CVERecord?id=CVE-2002-0081 https://nvd.nist.gov/vuln/detail/CVE-2002-0081 Important 2002-02-27T00:00:00 security flaw

The dbm and shm session cache code in mod_ssl before 2.8.7-1.3.23, and Apache-SSL before 1.3.22+1.46, does not properly initialize memory using the i2d_SSL_SESSION function, which allows remote attackers to use a buffer overflow to execute arbitrary code via a large client certificate that is signed by a trusted Certificate Authority (CA), which produces a large serialized session.

Red Hat Linux 7.0 2002-03-08T00:00:00 RHSA-2002:041 Red Hat Linux 7.1 2002-03-08T00:00:00 RHSA-2002:041 Red Hat Linux 7.2 2002-03-08T00:00:00 RHSA-2002:041 Red Hat Secure Web Server 3.2 2002-03-18T00:00:00 RHSA-2002:042 Red Hat Stronghold 3 2002-03-07T00:00:00 RHSA-2002:045 https://www.cve.org/CVERecord?id=CVE-2002-0082 https://nvd.nist.gov/vuln/detail/CVE-2002-0082 2002-03-07T00:00:00 security flaw

Off-by-one error in the channel code of OpenSSH 2.0 through 3.0.2 allows local users or remote malicious servers to gain privileges.

Red Hat Linux 7.0 2002-03-08T00:00:00 RHSA-2002:043 Red Hat Linux 7.1 2002-03-08T00:00:00 RHSA-2002:043 Red Hat Linux 7.2 2002-03-08T00:00:00 RHSA-2002:043 https://www.cve.org/CVERecord?id=CVE-2002-0083 https://nvd.nist.gov/vuln/detail/CVE-2002-0083 2002-02-20T00:00:00 security flaw

CVS before 1.10.8 does not properly initialize a global variable, which allows remote attackers to cause a denial of service (server crash) via the diff capability.

Red Hat Linux 6.2 2002-03-11T00:00:00 RHSA-2002:026 Red Hat Linux 7.0 2002-03-11T00:00:00 RHSA-2002:026 Red Hat Linux 7.1 2002-03-11T00:00:00 RHSA-2002:026 Red Hat Linux 7.2 2002-03-11T00:00:00 RHSA-2002:026 https://www.cve.org/CVERecord?id=CVE-2002-0092 https://nvd.nist.gov/vuln/detail/CVE-2002-0092 2002-05-20T00:00:00 security flaw

fetchmail email client before 5.9.10 does not properly limit the maximum number of messages available, which allows a remote IMAP server to overwrite memory via a message count that exceeds the boundaries of an array.

Red Hat Linux 6.2 2002-05-21T00:00:00 RHSA-2002:047 Red Hat Linux 7.0 2002-05-21T00:00:00 RHSA-2002:047 Red Hat Linux 7.1 2002-05-21T00:00:00 RHSA-2002:047 Red Hat Linux 7.2 2002-05-21T00:00:00 RHSA-2002:047 Red Hat Linux 7.3 2002-05-21T00:00:00 RHSA-2002:047 https://www.cve.org/CVERecord?id=CVE-2002-0146 https://nvd.nist.gov/vuln/detail/CVE-2002-0146 2002-05-02T00:00:00 security flaw

Nautilus 1.0.4 and earlier allows local users to overwrite arbitrary files via a symlink attack on the .nautilus-metafile.xml metadata file.

Red Hat Linux 7.2 2002-05-02T00:00:00 RHSA-2002:064 https://www.cve.org/CVERecord?id=CVE-2002-0157 https://nvd.nist.gov/vuln/detail/CVE-2002-0157 2002-03-27T00:00:00 security flaw

LogWatch before 2.5 allows local users to execute arbitrary code via a symlink attack on the logwatch temporary directory.

Red Hat Linux 7.2 2002-04-04T00:00:00 RHSA-2002:053 Red Hat Powertools 6.2 2002-04-04T00:00:00 RHSA-2002:054 Red Hat Powertools 7.0 2002-04-04T00:00:00 RHSA-2002:054 Red Hat Powertools 7.1 2002-04-04T00:00:00 RHSA-2002:054 https://www.cve.org/CVERecord?id=CVE-2002-0162 https://nvd.nist.gov/vuln/detail/CVE-2002-0162 2002-03-26T00:00:00 security flaw

Heap-based buffer overflow in Squid before 2.4 STABLE4, and Squid 2.5 and 2.6 until March 12, 2002 distributions, allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via compressed DNS responses.

Red Hat Linux 6.2 2002-07-04T00:00:00 RHSA-2002:051 Red Hat Linux 7.0 2002-07-04T00:00:00 RHSA-2002:051 Red Hat Linux 7.1 2002-07-04T00:00:00 RHSA-2002:051 Red Hat Linux 7.2 2002-07-04T00:00:00 RHSA-2002:051 Red Hat Linux 7.3 2002-07-04T00:00:00 RHSA-2002:051 https://www.cve.org/CVERecord?id=CVE-2002-0163 https://nvd.nist.gov/vuln/detail/CVE-2002-0163 Important 2002-05-02T00:00:00 security flaw

Vulnerability in the MIT-SHM extension of the X server on Linux (XFree86) 4.2.1 and earlier allows local users to read and write arbitrary shared memory, possibly to cause a denial of service or gain privileges.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2003-06-25T00:00:00 RHSA-2003:065 Red Hat Enterprise Linux ES version 2.1 2003-06-25T00:00:00 RHSA-2003:065 Red Hat Enterprise Linux WS version 2.1 2003-06-25T00:00:00 RHSA-2003:065 Red Hat Linux 7.1 2003-06-25T00:00:00 RHSA-2003:064 Red Hat Linux 7.2 2003-06-25T00:00:00 RHSA-2003:064 Red Hat Linux 7.3 2003-06-25T00:00:00 RHSA-2003:066 Red Hat Linux 8.0 2003-06-25T00:00:00 RHSA-2003:067 Red Hat Linux Advanced Workstation 2.1 2003-06-25T00:00:00 RHSA-2003:065 https://www.cve.org/CVERecord?id=CVE-2002-0164 https://nvd.nist.gov/vuln/detail/CVE-2002-0164 2002-04-03T00:00:00 security flaw

LogWatch 2.5 allows local users to gain root privileges via a symlink attack, a different vulnerability than CVE-2002-0162.

Red Hat Linux 7.2 2002-04-04T00:00:00 RHSA-2002:053 Red Hat Powertools 6.2 2002-04-04T00:00:00 RHSA-2002:054 Red Hat Powertools 7.0 2002-04-04T00:00:00 RHSA-2002:054 Red Hat Powertools 7.1 2002-04-04T00:00:00 RHSA-2002:054 https://www.cve.org/CVERecord?id=CVE-2002-0165 https://nvd.nist.gov/vuln/detail/CVE-2002-0165 2002-03-20T00:00:00 security flaw

Cross-site scripting vulnerability in analog before 5.22 allows remote attackers to execute Javascript via an HTTP request containing the script, which is entered into a web logfile and not properly filtered by analog during display.

Red Hat Powertools 7.1 2002-10-10T00:00:00 RHSA-2002:059 https://www.cve.org/CVERecord?id=CVE-2002-0166 https://nvd.nist.gov/vuln/detail/CVE-2002-0166 Important 2002-03-20T00:00:00 security flaw

Imlib before 1.9.13 sometimes uses the NetPBM package to load trusted images, which could allow attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain weaknesses of NetPBM.

Red Hat Linux 6.2 2002-03-21T00:00:00 RHSA-2002:048 Red Hat Linux 7.0 2002-03-21T00:00:00 RHSA-2002:048 Red Hat Linux 7.1 2002-03-21T00:00:00 RHSA-2002:048 Red Hat Linux 7.2 2002-03-21T00:00:00 RHSA-2002:048 https://www.cve.org/CVERecord?id=CVE-2002-0167 https://nvd.nist.gov/vuln/detail/CVE-2002-0167 Important 2002-03-20T00:00:00 security flaw

Vulnerability in Imlib before 1.9.13 allows attackers to cause a denial of service (crash) and possibly execute arbitrary code by manipulating arguments that are passed to malloc, which results in a heap corruption.

Red Hat Linux 6.2 2002-03-21T00:00:00 RHSA-2002:048 Red Hat Linux 7.0 2002-03-21T00:00:00 RHSA-2002:048 Red Hat Linux 7.1 2002-03-21T00:00:00 RHSA-2002:048 Red Hat Linux 7.2 2002-03-21T00:00:00 RHSA-2002:048 https://www.cve.org/CVERecord?id=CVE-2002-0168 https://nvd.nist.gov/vuln/detail/CVE-2002-0168 2002-05-01T00:00:00 security flaw

The default stylesheet for DocBook on Red Hat Linux 6.2 through 7.2 is installed with an insecure option enabled, which could allow users to overwrite files outside of the current directory from an untrusted document by using a full pathname as an element identifier.

Red Hat Linux 6.2 2002-05-01T00:00:00 RHSA-2002:062 Red Hat Linux 7.0 2002-05-01T00:00:00 RHSA-2002:062 Red Hat Linux 7.1 2002-05-01T00:00:00 RHSA-2002:062 Red Hat Linux 7.2 2002-05-01T00:00:00 RHSA-2002:062 https://www.cve.org/CVERecord?id=CVE-2002-0169 https://nvd.nist.gov/vuln/detail/CVE-2002-0169 2002-03-01T00:00:00 security flaw

Zope 2.2.0 through 2.5.1 does not properly verify the access for objects with proxy roles, which could allow some users to access documents in violation of the intended configuration.

Red Hat Powertools 7.0 2002-09-25T00:00:00 RHSA-2002:060 Red Hat Powertools 7.1 2002-09-25T00:00:00 RHSA-2002:060 https://www.cve.org/CVERecord?id=CVE-2002-0170 https://nvd.nist.gov/vuln/detail/CVE-2002-0170 2002-04-02T00:00:00 security flaw

Buffer overflows in icecast 1.3.11 and earlier allows remote attackers to execute arbitrary code via a long HTTP GET request from an MP3 client.

Red Hat Powertools 7.0 2002-04-25T00:00:00 RHSA-2002:063 Red Hat Powertools 7.1 2002-04-25T00:00:00 RHSA-2002:063 https://www.cve.org/CVERecord?id=CVE-2002-0177 https://nvd.nist.gov/vuln/detail/CVE-2002-0177 2002-04-12T00:00:00 security flaw

uudecode, as available in the sharutils package before 4.2.1, does not check whether the filename of the uudecoded file is a pipe or symbolic link, which could allow attackers to overwrite files or execute commands.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2003-05-23T00:00:00 RHSA-2003:180 Red Hat Linux 6.2 2002-05-14T00:00:00 RHSA-2002:065 Red Hat Linux 7.0 2002-05-14T00:00:00 RHSA-2002:065 Red Hat Linux 7.1 2002-05-14T00:00:00 RHSA-2002:065 Red Hat Linux 7.2 2002-05-14T00:00:00 RHSA-2002:065 https://www.cve.org/CVERecord?id=CVE-2002-0178 https://nvd.nist.gov/vuln/detail/CVE-2002-0178 Moderate 2002-04-15T00:00:00 security flaw

Buffer overflow in Webalizer 2.01-06, when configured to use reverse DNS lookups, allows remote attackers to execute arbitrary code by connecting to the monitored web server from an IP address that resolves to a long hostname.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2002-12-04T00:00:00 RHSA-2002:255 Red Hat Linux 7.2 2002-12-04T00:00:00 RHSA-2002:254 Red Hat Linux Advanced Workstation 2.1 2002-12-04T00:00:00 RHSA-2002:255 https://www.cve.org/CVERecord?id=CVE-2002-0180 https://nvd.nist.gov/vuln/detail/CVE-2002-0180 2002-04-25T00:00:00 security flaw

Sudo before 1.6.6 contains an off-by-one error that can result in a heap-based buffer overflow that may allow local users to gain root privileges via special characters in the -p (prompt) argument, which are not properly expanded.

Red Hat Linux 7.0 2002-04-25T00:00:00 RHSA-2002:071 Red Hat Linux 7.1 2002-04-25T00:00:00 RHSA-2002:071 Red Hat Linux 7.2 2002-04-25T00:00:00 RHSA-2002:071 Red Hat Powertools 6.2 2002-04-25T00:00:00 RHSA-2002:072 https://www.cve.org/CVERecord?id=CVE-2002-0184 https://nvd.nist.gov/vuln/detail/CVE-2002-0184 2002-04-05T00:00:00 security flaw

mod_python version 2.7.6 and earlier allows a module indirectly imported by a published module to then be accessed via the publisher, which allows remote attackers to call possibly dangerous functions from the imported module.

Red Hat Linux 7.2 2002-05-02T00:00:00 RHSA-2002:070 Red Hat Linux 7.3 2002-05-02T00:00:00 RHSA-2002:070 https://www.cve.org/CVERecord?id=CVE-2002-0185 https://nvd.nist.gov/vuln/detail/CVE-2002-0185 2002-02-12T00:00:00 security flaw

Buffer overflows in mpg321 before 0.2.9 allows local and possibly remote attackers to execute arbitrary code via a long URL to (1) a command line option, (2) an HTTP request, or (3) an FTP request.

Red Hat Linux 7.2 2002-05-16T00:00:00 RHSA-2002:078 https://www.cve.org/CVERecord?id=CVE-2002-0272 https://nvd.nist.gov/vuln/detail/CVE-2002-0272 2002-02-13T00:00:00 security flaw

Exim 3.34 and earlier may allow local users to gain privileges via a buffer overflow in long -C (configuration file) and other command line arguments.

https://www.cve.org/CVERecord?id=CVE-2002-0274 https://nvd.nist.gov/vuln/detail/CVE-2002-0274 2002-03-23T00:00:00 security flaw

The ASN.1 parser in Ethereal 0.9.2 and earlier allows remote attackers to cause a denial of service (crash) via a certain malformed packet, which causes Ethereal to allocate memory incorrectly, possibly due to zero-length fields.

Red Hat Linux 7.2 2002-06-06T00:00:00 RHSA-2002:088 Red Hat Linux 7.3 2002-06-06T00:00:00 RHSA-2002:088 Red Hat Powertools 6.2 2002-09-13T00:00:00 RHSA-2002:036 Red Hat Powertools 7.0 2002-09-13T00:00:00 RHSA-2002:036 Red Hat Powertools 7.1 2002-09-13T00:00:00 RHSA-2002:036 https://www.cve.org/CVERecord?id=CVE-2002-0353 https://nvd.nist.gov/vuln/detail/CVE-2002-0353 2002-04-25T00:00:00 security flaw

The XMLHttpRequest object (XMLHTTP) in Netscape 6.1 and Mozilla 0.9.7 allows remote attackers to read arbitrary files and list directories on a client system by opening a URL that redirects the browser to the file on the client, then reading the result using the responseText property.

Red Hat Linux 7.2 2002-05-15T00:00:00 RHSA-2002:079 Red Hat Linux 7.3 2002-05-15T00:00:00 RHSA-2002:079 https://www.cve.org/CVERecord?id=CVE-2002-0354 https://nvd.nist.gov/vuln/detail/CVE-2002-0354 Important 2002-01-31T00:00:00 security flaw

ghostscript before 6.53 allows attackers to execute arbitrary commands by using .locksafe or .setsafe to reset the current pagedevice.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2002-08-20T00:00:00 RHSA-2002:123 Red Hat Linux 6.2 2002-06-04T00:00:00 RHSA-2002:083 Red Hat Linux 7.0 2002-06-04T00:00:00 RHSA-2002:083 Red Hat Linux 7.1 2002-06-04T00:00:00 RHSA-2002:083 Red Hat Linux 7.1 2003-06-24T00:00:00 RHSA-2003:209 Red Hat Linux 7.2 2002-06-04T00:00:00 RHSA-2002:083 Red Hat Linux 7.3 2002-06-04T00:00:00 RHSA-2002:083 https://www.cve.org/CVERecord?id=CVE-2002-0363 https://nvd.nist.gov/vuln/detail/CVE-2002-0363 Important 2002-05-06T00:00:00 security flaw

Format string vulnerability in the logging function for the pam_ldap PAM LDAP module before version 144 allows attackers to execute arbitrary code via format strings in the configuration file name.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2002-10-04T00:00:00 RHSA-2002:180 Red Hat Linux 6.2 2002-05-27T00:00:00 RHSA-2002:084 Red Hat Linux 6.2 2002-10-04T00:00:00 RHSA-2002:175 Red Hat Linux 7.0 2002-05-27T00:00:00 RHSA-2002:084 Red Hat Linux 7.0 2002-10-04T00:00:00 RHSA-2002:175 Red Hat Linux 7.1 2002-05-27T00:00:00 RHSA-2002:084 Red Hat Linux 7.1 2002-10-04T00:00:00 RHSA-2002:175 Red Hat Linux 7.2 2002-05-27T00:00:00 RHSA-2002:084 Red Hat Linux 7.2 2002-10-04T00:00:00 RHSA-2002:175 Red Hat Linux 7.3 2002-05-27T00:00:00 RHSA-2002:084 Red Hat Linux 7.3 2002-10-04T00:00:00 RHSA-2002:175 Red Hat Linux Advanced Workstation 2.1 2002-10-04T00:00:00 RHSA-2002:180 https://www.cve.org/CVERecord?id=CVE-2002-0374 https://nvd.nist.gov/vuln/detail/CVE-2002-0374 Important 2002-06-10T00:00:00 security flaw

The default configuration of LPRng print spooler in Red Hat Linux 7.0 through 7.3, Mandrake 8.1 and 8.2, and other operating systems, accepts print jobs from arbitrary remote hosts.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2002-08-19T00:00:00 RHSA-2002:120 Red Hat Linux 7.0 2002-06-10T00:00:00 RHSA-2002:089 Red Hat Linux 7.1 2002-06-10T00:00:00 RHSA-2002:089 Red Hat Linux 7.1 2003-07-14T00:00:00 RHSA-2003:225 Red Hat Linux 7.2 2002-06-10T00:00:00 RHSA-2002:089 Red Hat Linux 7.3 2002-06-10T00:00:00 RHSA-2002:089 https://www.cve.org/CVERecord?id=CVE-2002-0378 https://nvd.nist.gov/vuln/detail/CVE-2002-0378 2002-05-10T00:00:00 security flaw

Buffer overflow in University of Washington imap server (uw-imapd) imap-2001 (imapd 2001.315) and imap-2001a (imapd 2001.315) with legacy RFC 1730 support, and imapd 2000.287 and earlier, allows remote authenticated users to execute arbitrary code via a long BODY request.

Red Hat Linux 6.2 2002-05-24T00:00:00 RHSA-2002:092 Red Hat Linux 7.0 2002-05-24T00:00:00 RHSA-2002:092 Red Hat Linux 7.1 2002-05-24T00:00:00 RHSA-2002:092 Red Hat Linux 7.2 2002-05-24T00:00:00 RHSA-2002:092 https://www.cve.org/CVERecord?id=CVE-2002-0379 https://nvd.nist.gov/vuln/detail/CVE-2002-0379 Moderate 2002-05-31T00:00:00 security flaw

Buffer overflow in tcpdump 3.6.2 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via an NFS packet.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2002-11-27T00:00:00 RHSA-2002:121 Red Hat Linux 6.2 2002-05-30T00:00:00 RHSA-2002:094 Red Hat Linux 7.0 2002-05-30T00:00:00 RHSA-2002:094 Red Hat Linux 7.1 2002-05-30T00:00:00 RHSA-2002:094 Red Hat Linux 7.1 2003-06-30T00:00:00 RHSA-2003:214 Red Hat Linux 7.2 2002-05-30T00:00:00 RHSA-2002:094 https://www.cve.org/CVERecord?id=CVE-2002-0380 https://nvd.nist.gov/vuln/detail/CVE-2002-0380 Important 2002-03-27T00:00:00 security flaw

XChat IRC client allows remote attackers to execute arbitrary commands via a /dns command on a host whose DNS reverse lookup contains shell metacharacters.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2002-08-05T00:00:00 RHSA-2002:124 Red Hat Linux 6.2 2002-06-04T00:00:00 RHSA-2002:097 Red Hat Linux 7.0 2002-06-04T00:00:00 RHSA-2002:097 Red Hat Linux 7.1 2002-06-04T00:00:00 RHSA-2002:097 Red Hat Linux 7.2 2002-06-04T00:00:00 RHSA-2002:097 Red Hat Linux 7.3 2002-06-04T00:00:00 RHSA-2002:097 https://www.cve.org/CVERecord?id=CVE-2002-0382 https://nvd.nist.gov/vuln/detail/CVE-2002-0382 2002-05-21T00:00:00 security flaw

Buffer overflow in Jabber plug-in for Gaim client before 0.58 allows remote attackers to execute arbitrary code.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2002-08-02T00:00:00 RHSA-2002:122 Red Hat Linux 7.1 2002-08-06T00:00:00 RHSA-2002:098 Red Hat Linux 7.1 2003-06-23T00:00:00 RHSA-2003:156 Red Hat Linux 7.2 2002-08-06T00:00:00 RHSA-2002:098 Red Hat Linux 7.3 2002-08-06T00:00:00 RHSA-2002:098 Red Hat Powertools 7.0 2002-08-06T00:00:00 RHSA-2002:107 https://www.cve.org/CVERecord?id=CVE-2002-0384 https://nvd.nist.gov/vuln/detail/CVE-2002-0384 Important 2002-05-20T00:00:00 security flaw

Cross-site scripting vulnerabilities in Mailman before 2.0.11 allow remote attackers to execute script via (1) the admin login page, or (2) the Pipermail index summaries.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2002-07-12T00:00:00 RHSA-2002:125 Red Hat Linux 7.2 2002-06-10T00:00:00 RHSA-2002:099 Red Hat Linux 7.3 2002-06-10T00:00:00 RHSA-2002:099 Red Hat Powertools 7.0 2002-06-10T00:00:00 RHSA-2002:100 Red Hat Powertools 7.1 2002-06-10T00:00:00 RHSA-2002:100 Red Hat Secure Web Server 3.2 2002-06-27T00:00:00 RHSA-2002:101 https://www.cve.org/CVERecord?id=CVE-2002-0388 https://nvd.nist.gov/vuln/detail/CVE-2002-0388 Low 2008-08-19T00:00:00 mailman: Local users able to read private mailing list archives 2.1 AV:L/AC:L/Au:N/C:P/I:N/A:N

Pipermail in Mailman stores private mail messages with predictable filenames in a world-executable directory, which allows local users to read private mailing list archives.

It was found that mailman stored private email messages in a world-readable directory. A local user could use this flaw to read private mailing list archives.

Red Hat Enterprise Linux 6 2015-07-20T00:00:00 RHSA-2015:1417 mailman-3:2.1.12-25.el6 Red Hat Enterprise Linux 4 Will not fix mailman Red Hat Enterprise Linux 5 Will not fix mailman https://www.cve.org/CVERecord?id=CVE-2002-0389 https://nvd.nist.gov/vuln/detail/CVE-2002-0389 Important 2002-07-29T00:00:00 security flaw

Integer overflow in xdr_array function in RPC servers for operating systems that use libc, glibc, or other code based on SunRPC including dietlibc, allows remote attackers to execute arbitrary code by passing a large number of arguments to xdr_array through RPC services such as rpc.cmsd and dmispd.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2002-08-06T00:00:00 RHSA-2002:167 Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2002-09-05T00:00:00 RHSA-2002:173 Red Hat Linux 6.2 2002-08-13T00:00:00 RHSA-2002:166 Red Hat Linux 6.2 2002-08-15T00:00:00 RHSA-2002:172 Red Hat Linux 7.0 2002-08-13T00:00:00 RHSA-2002:166 Red Hat Linux 7.0 2002-08-15T00:00:00 RHSA-2002:172 Red Hat Linux 7.1 2002-08-13T00:00:00 RHSA-2002:166 Red Hat Linux 7.1 2002-08-15T00:00:00 RHSA-2002:172 Red Hat Linux 7.1 2003-04-29T00:00:00 RHSA-2003:168 Red Hat Linux 7.1 2003-06-26T00:00:00 RHSA-2003:212 Red Hat Linux 7.2 2002-08-13T00:00:00 RHSA-2002:166 Red Hat Linux 7.2 2002-08-15T00:00:00 RHSA-2002:172 Red Hat Linux 7.3 2002-08-13T00:00:00 RHSA-2002:166 Red Hat Linux 7.3 2002-08-15T00:00:00 RHSA-2002:172 https://www.cve.org/CVERecord?id=CVE-2002-0391 https://nvd.nist.gov/vuln/detail/CVE-2002-0391 Moderate 2002-06-17T00:00:00 security flaw

Apache 1.3 through 1.3.24, and Apache 2.0 through 2.0.36, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a chunk-encoded HTTP request that causes Apache to use an incorrect size.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2002-07-12T00:00:00 RHSA-2002:126 Red Hat Linux 6.2 2002-06-19T00:00:00 RHSA-2002:103 Red Hat Linux 7.0 2002-06-19T00:00:00 RHSA-2002:103 Red Hat Linux 7.1 2002-06-19T00:00:00 RHSA-2002:103 Red Hat Linux 7.1 2003-04-22T00:00:00 RHSA-2003:106 Red Hat Linux 7.2 2002-06-19T00:00:00 RHSA-2002:103 Red Hat Linux 7.3 2002-06-19T00:00:00 RHSA-2002:103 Red Hat Secure Web Server 3.2 2002-06-30T00:00:00 RHSA-2002:117 Red Hat Stronghold 3 2002-06-20T00:00:00 RHSA-2002:118 Red Hat Stronghold 4 2002-06-20T00:00:00 RHSA-2002:118 Stronghold 4 for Red Hat Enterprise Linux 2002-07-31T00:00:00 RHSA-2002:150 https://www.cve.org/CVERecord?id=CVE-2002-0392 https://nvd.nist.gov/vuln/detail/CVE-2002-0392 Low 2002-09-30T00:00:00 security flaw

Directory traversal vulnerability in GNU tar 1.13.19 through 1.13.25, and possibly later versions, allows attackers to overwrite arbitrary files during archive extraction via a (1) "/.." or (2) "./.." string, which removes the leading slash but leaves the "..", a variant of CVE-2001-1267.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2002-10-02T00:00:00 RHSA-2002:138 Red Hat Linux 6.2 2002-09-29T00:00:00 RHSA-2002:096 Red Hat Linux 7.0 2002-09-29T00:00:00 RHSA-2002:096 Red Hat Linux 7.1 2002-09-29T00:00:00 RHSA-2002:096 Red Hat Linux 7.1 2003-07-01T00:00:00 RHSA-2003:218 Red Hat Linux 7.2 2002-09-29T00:00:00 RHSA-2002:096 Red Hat Linux 7.3 2002-09-29T00:00:00 RHSA-2002:096 https://www.cve.org/CVERecord?id=CVE-2002-0399 https://nvd.nist.gov/vuln/detail/CVE-2002-0399 Important 2002-06-04T00:00:00 security flaw

ISC BIND 9 before 9.2.1 allows remote attackers to cause a denial of service (shutdown) via a malformed DNS packet that triggers an error condition that is not properly handled when the rdataset parameter to the dns_message_findtype() function in message.c is not NULL, aka DoS_findtype.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2002-07-30T00:00:00 RHSA-2002:119 Red Hat Linux 7.1 2002-06-04T00:00:00 RHSA-2002:105 Red Hat Linux 7.1 2003-06-18T00:00:00 RHSA-2003:154 Red Hat Linux 7.2 2002-06-04T00:00:00 RHSA-2002:105 Red Hat Linux 7.3 2002-06-04T00:00:00 RHSA-2002:105 https://www.cve.org/CVERecord?id=CVE-2002-0400 https://nvd.nist.gov/vuln/detail/CVE-2002-0400 2002-05-19T00:00:00 security flaw

SMB dissector in Ethereal 0.9.3 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via malformed packets that cause Ethereal to dereference a NULL pointer.

Red Hat Linux 7.2 2002-06-06T00:00:00 RHSA-2002:088 Red Hat Linux 7.3 2002-06-06T00:00:00 RHSA-2002:088 Red Hat Powertools 6.2 2002-09-13T00:00:00 RHSA-2002:036 Red Hat Powertools 7.0 2002-09-13T00:00:00 RHSA-2002:036 Red Hat Powertools 7.1 2002-09-13T00:00:00 RHSA-2002:036 https://www.cve.org/CVERecord?id=CVE-2002-0401 https://nvd.nist.gov/vuln/detail/CVE-2002-0401 Moderate 2002-05-19T00:00:00 security flaw

Buffer overflow in X11 dissector in Ethereal 0.9.3 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code while Ethereal is parsing keysyms.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2002-09-13T00:00:00 RHSA-2002:170 Red Hat Linux 7.2 2002-06-06T00:00:00 RHSA-2002:088 Red Hat Linux 7.3 2002-06-06T00:00:00 RHSA-2002:088 Red Hat Powertools 6.2 2002-09-13T00:00:00 RHSA-2002:036 Red Hat Powertools 7.0 2002-09-13T00:00:00 RHSA-2002:036 Red Hat Powertools 7.1 2002-09-13T00:00:00 RHSA-2002:036 https://www.cve.org/CVERecord?id=CVE-2002-0402 https://nvd.nist.gov/vuln/detail/CVE-2002-0402 Moderate 2002-05-19T00:00:00 security flaw

DNS dissector in Ethereal before 0.9.3 allows remote attackers to cause a denial of service (CPU consumption) via a malformed packet that causes Ethereal to enter an infinite loop.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2002-09-13T00:00:00 RHSA-2002:170 Red Hat Linux 7.2 2002-06-06T00:00:00 RHSA-2002:088 Red Hat Linux 7.3 2002-06-06T00:00:00 RHSA-2002:088 Red Hat Powertools 6.2 2002-09-13T00:00:00 RHSA-2002:036 Red Hat Powertools 7.0 2002-09-13T00:00:00 RHSA-2002:036 Red Hat Powertools 7.1 2002-09-13T00:00:00 RHSA-2002:036 https://www.cve.org/CVERecord?id=CVE-2002-0403 https://nvd.nist.gov/vuln/detail/CVE-2002-0403 Moderate 2002-05-19T00:00:00 security flaw

Vulnerability in GIOP dissector in Ethereal before 0.9.3 allows remote attackers to cause a denial of service (memory consumption).

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2002-09-13T00:00:00 RHSA-2002:170 Red Hat Linux 7.2 2002-06-06T00:00:00 RHSA-2002:088 Red Hat Linux 7.3 2002-06-06T00:00:00 RHSA-2002:088 Red Hat Powertools 6.2 2002-09-13T00:00:00 RHSA-2002:036 Red Hat Powertools 7.0 2002-09-13T00:00:00 RHSA-2002:036 Red Hat Powertools 7.1 2002-09-13T00:00:00 RHSA-2002:036 https://www.cve.org/CVERecord?id=CVE-2002-0404 https://nvd.nist.gov/vuln/detail/CVE-2002-0404 2002-03-08T00:00:00 security flaw

The iBCS routines in arch/i386/kernel/traps.c for Linux kernels 2.4.18 and earlier on x86 systems allow local users to kill arbitrary processes via a a binary compatibility interface (lcall).

Red Hat Linux 7.3 2002-08-21T00:00:00 RHSA-2002:158 https://www.cve.org/CVERecord?id=CVE-2002-0429 https://nvd.nist.gov/vuln/detail/CVE-2002-0429 Low 2002-03-07T00:00:00 security flaw

Race condition in the recursive (1) directory deletion and (2) directory move in GNU File Utilities (fileutils) 4.1 and earlier allows local users to delete directories as the user running fileutils by moving a low-level directory to a higher level as it is being deleted, which causes fileutils to chdir to a ".." directory that is higher than expected, possibly up to the root file system.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2003-02-20T00:00:00 RHSA-2003:016 Red Hat Linux 6.2 2003-02-13T00:00:00 RHSA-2003:015 Red Hat Linux 7.0 2003-02-13T00:00:00 RHSA-2003:015 Red Hat Linux 7.1 2003-02-13T00:00:00 RHSA-2003:015 Red Hat Linux 7.2 2003-02-13T00:00:00 RHSA-2003:015 Red Hat Linux 7.3 2003-02-13T00:00:00 RHSA-2003:015 Red Hat Linux Advanced Workstation 2.1 2003-02-20T00:00:00 RHSA-2003:016 https://www.cve.org/CVERecord?id=CVE-2002-0435 https://nvd.nist.gov/vuln/detail/CVE-2002-0435

Buffer overflow in mtr 0.46 and earlier, when installed setuid root, allows local users to access a raw socket via a long MTR_OPTIONS environment variable.

Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. https://www.cve.org/CVERecord?id=CVE-2002-0497 https://nvd.nist.gov/vuln/detail/CVE-2002-0497

The UDP implementation in Linux 2.4.x kernels keeps the IP Identification field at 0 for all non-fragmented packets, which could allow remote attackers to determine that a target system is running Linux.

Red Hat do not consider this to be a security issue and there are many ways that you can identify or fingerprint a Linux machine. Users that wish to block fingerprinting can use various techniques to disguise their operating system, for example see http://www.infosecwriters.com/text_resources/pdf/nmap.pdf https://www.cve.org/CVERecord?id=CVE-2002-0510 https://nvd.nist.gov/vuln/detail/CVE-2002-0510 Important 2002-04-30T00:00:00 security flaw

Buffer overflow in Netscape 6 and Mozilla 1.0 RC1 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long channel name in an IRC URI.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2003-02-12T00:00:00 RHSA-2003:046 Red Hat Linux 7.2 2002-10-18T00:00:00 RHSA-2002:192 Red Hat Linux 7.3 2002-10-18T00:00:00 RHSA-2002:192 Red Hat Linux 8.0 2002-10-18T00:00:00 RHSA-2002:192 https://www.cve.org/CVERecord?id=CVE-2002-0593 https://nvd.nist.gov/vuln/detail/CVE-2002-0593 Low 2002-04-30T00:00:00 security flaw

Netscape 6 and Mozilla 1.0 RC1 and earlier allows remote attackers to determine the existence of files on the client system via a LINK element in a Cascading Style Sheet (CSS) page that causes an HTTP redirect.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2003-02-12T00:00:00 RHSA-2003:046 Red Hat Linux 7.2 2002-10-18T00:00:00 RHSA-2002:192 Red Hat Linux 7.3 2002-10-18T00:00:00 RHSA-2002:192 Red Hat Linux 8.0 2002-10-18T00:00:00 RHSA-2002:192 https://www.cve.org/CVERecord?id=CVE-2002-0594 https://nvd.nist.gov/vuln/detail/CVE-2002-0594 Moderate 2002-07-29T00:00:00 security flaw

setpwnam.c in the util-linux package, as included in Red Hat Linux 7.3 and earlier, and other operating systems, does not properly lock a temporary file when modifying /etc/passwd, which may allow local users to gain privileges via a complex race condition that uses an open file descriptor in utility programs such as chfn and chsh.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2002-07-29T00:00:00 RHSA-2002:137 Red Hat Linux 6.2 2002-07-29T00:00:00 RHSA-2002:132 Red Hat Linux 7.0 2002-07-29T00:00:00 RHSA-2002:132 Red Hat Linux 7.1 2002-07-29T00:00:00 RHSA-2002:132 Red Hat Linux 7.2 2002-07-29T00:00:00 RHSA-2002:132 Red Hat Linux 7.3 2002-07-29T00:00:00 RHSA-2002:132 https://www.cve.org/CVERecord?id=CVE-2002-0638 https://nvd.nist.gov/vuln/detail/CVE-2002-0638

Integer overflow in sshd in OpenSSH 2.9.9 through 3.3 allows remote attackers to execute arbitrary code during challenge response authentication (ChallengeResponseAuthentication) when OpenSSH is using SKEY or BSD_AUTH authentication.

Not vulnerable. This issue did not affect the versions of OpenSSH as shipped with Red Hat Enterprise Linux 3 or later. This issue did not affect the OpenSSL packages as shipped with Red Hat Enterprise Linux 2.1 as they were not compiled with S/Key or BSD_AUTH support. The upstream patch for this issue and CVE-2002-0640 was included in an errata so that users recompiling OpenSSL with support for those authentication methods would also be protected: https://rhn.redhat.com/errata/RHSA-2002-131.html https://www.cve.org/CVERecord?id=CVE-2002-0639 https://nvd.nist.gov/vuln/detail/CVE-2002-0639 Moderate 2002-06-26T00:00:00 security flaw

Buffer overflow in sshd in OpenSSH 2.3.1 through 3.3 may allow remote attackers to execute arbitrary code via a large number of responses during challenge response authentication when OpenBSD is using PAM modules with interactive keyboard authentication (PAMAuthenticationViaKbdInt).

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2002-07-12T00:00:00 RHSA-2002:131 Red Hat Linux 7.0 2002-06-27T00:00:00 RHSA-2002:127 Red Hat Linux 7.1 2002-06-27T00:00:00 RHSA-2002:127 Red Hat Linux 7.2 2002-06-27T00:00:00 RHSA-2002:127 Red Hat Linux 7.3 2002-06-27T00:00:00 RHSA-2002:127 https://www.cve.org/CVERecord?id=CVE-2002-0640 https://nvd.nist.gov/vuln/detail/CVE-2002-0640 Important 2002-06-26T00:00:00 security flaw

Buffer overflow in the DNS resolver code used in libc, glibc, and libbind, as derived from ISC BIND, allows remote malicious DNS servers to cause a denial of service and possibly execute arbitrary code via the stub resolvers.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2002-07-30T00:00:00 RHSA-2002:119 Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2002-08-06T00:00:00 RHSA-2002:167 Red Hat Linux 6.2 2002-08-09T00:00:00 RHSA-2002:133 Red Hat Linux 6.2 2002-07-25T00:00:00 RHSA-2002:139 Red Hat Linux 7.0 2002-08-09T00:00:00 RHSA-2002:133 Red Hat Linux 7.0 2002-07-25T00:00:00 RHSA-2002:139 Red Hat Linux 7.1 2002-08-09T00:00:00 RHSA-2002:133 Red Hat Linux 7.1 2002-07-25T00:00:00 RHSA-2002:139 Red Hat Linux 7.1 2003-06-18T00:00:00 RHSA-2003:154 Red Hat Linux 7.2 2002-08-09T00:00:00 RHSA-2002:133 Red Hat Linux 7.2 2002-07-25T00:00:00 RHSA-2002:139 Red Hat Linux 7.3 2002-08-09T00:00:00 RHSA-2002:133 Red Hat Linux 7.3 2002-07-25T00:00:00 RHSA-2002:139 https://www.cve.org/CVERecord?id=CVE-2002-0651 https://nvd.nist.gov/vuln/detail/CVE-2002-0651 Moderate 2002-06-24T00:00:00 security flaw

Off-by-one buffer overflow in the ssl_compat_directive function, as called by the rewrite_command hook for mod_ssl Apache module 2.8.9 and earlier, allows local users to execute arbitrary code as the Apache server user via .htaccess files with long entries.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2002-07-16T00:00:00 RHSA-2002:136 Red Hat Linux 7.0 2002-07-16T00:00:00 RHSA-2002:134 Red Hat Linux 7.1 2002-07-16T00:00:00 RHSA-2002:134 Red Hat Linux 7.1 2003-04-22T00:00:00 RHSA-2003:106 Red Hat Linux 7.2 2002-07-16T00:00:00 RHSA-2002:134 Red Hat Linux 7.3 2002-07-16T00:00:00 RHSA-2002:134 Red Hat Secure Web Server 3.2 2002-07-24T00:00:00 RHSA-2002:135 Red Hat Stronghold 3 2002-07-31T00:00:00 RHSA-2002:164 Stronghold 4 for Red Hat Enterprise Linux 2002-08-01T00:00:00 RHSA-2002:146 https://www.cve.org/CVERecord?id=CVE-2002-0653 https://nvd.nist.gov/vuln/detail/CVE-2002-0653 Critical 2002-07-30T00:00:00 security flaw

OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, does not properly handle ASCII representations of integers on 64 bit platforms, which could allow attackers to cause a denial of service and possibly execute arbitrary code.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2002-07-30T00:00:00 RHSA-2002:157 Red Hat Linux 6.2 2002-07-30T00:00:00 RHSA-2002:155 Red Hat Linux 7.0 2002-07-30T00:00:00 RHSA-2002:155 Red Hat Linux 7.1 2002-07-30T00:00:00 RHSA-2002:155 Red Hat Linux 7.2 2002-07-30T00:00:00 RHSA-2002:155 Red Hat Linux 7.3 2002-07-30T00:00:00 RHSA-2002:155 Red Hat Stronghold 3 2002-07-31T00:00:00 RHSA-2002:164 Red Hat Stronghold 4 2002-08-08T00:00:00 RHSA-2002:163 https://www.cve.org/CVERecord?id=CVE-2002-0655 https://nvd.nist.gov/vuln/detail/CVE-2002-0655 Critical 2002-07-30T00:00:00 security flaw

Buffer overflows in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, allow remote attackers to execute arbitrary code via (1) a large client master key in SSL2 or (2) a large session ID in SSL3.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2002-07-30T00:00:00 RHSA-2002:157 Red Hat Linux 6.2 2002-07-30T00:00:00 RHSA-2002:155 Red Hat Linux 7.0 2002-07-30T00:00:00 RHSA-2002:155 Red Hat Linux 7.1 2002-07-30T00:00:00 RHSA-2002:155 Red Hat Linux 7.2 2002-07-30T00:00:00 RHSA-2002:155 Red Hat Linux 7.3 2002-07-30T00:00:00 RHSA-2002:155 Red Hat Stronghold 3 2002-07-31T00:00:00 RHSA-2002:164 Red Hat Stronghold 4 2002-08-08T00:00:00 RHSA-2002:163 https://www.cve.org/CVERecord?id=CVE-2002-0656 https://nvd.nist.gov/vuln/detail/CVE-2002-0656 2002-07-30T00:00:00 security flaw

Buffer overflow in OpenSSL 0.9.7 before 0.9.7-beta3, with Kerberos enabled, allows attackers to execute arbitrary code via a long master key.

https://www.cve.org/CVERecord?id=CVE-2002-0657 https://nvd.nist.gov/vuln/detail/CVE-2002-0657 Moderate 2002-07-29T00:00:00 security flaw

OSSP mm library (libmm) before 1.2.0 allows the local Apache user to gain privileges via temporary files, possibly via a symbolic link attack.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2002-07-31T00:00:00 RHSA-2002:154 Red Hat Linux 7.0 2002-07-31T00:00:00 RHSA-2002:153 Red Hat Linux 7.1 2002-07-31T00:00:00 RHSA-2002:153 Red Hat Linux 7.1 2003-07-02T00:00:00 RHSA-2003:158 Red Hat Linux 7.2 2002-07-31T00:00:00 RHSA-2002:153 Red Hat Linux 7.3 2002-07-31T00:00:00 RHSA-2002:153 Red Hat Secure Web Server 3.2 2002-07-25T00:00:00 RHSA-2002:156 Red Hat Stronghold 3 2002-07-31T00:00:00 RHSA-2002:164 Red Hat Stronghold 4 2002-08-08T00:00:00 RHSA-2002:163 https://www.cve.org/CVERecord?id=CVE-2002-0658 https://nvd.nist.gov/vuln/detail/CVE-2002-0658 Important 2002-07-30T00:00:00 security flaw

The ASN1 library in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, allows remote attackers to cause a denial of service via invalid encodings.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2002-08-05T00:00:00 RHSA-2002:161 Red Hat Linux 6.2 2002-08-06T00:00:00 RHSA-2002:160 Red Hat Linux 7.0 2002-08-06T00:00:00 RHSA-2002:160 Red Hat Linux 7.1 2002-08-06T00:00:00 RHSA-2002:160 Red Hat Linux 7.2 2002-08-06T00:00:00 RHSA-2002:160 Red Hat Linux 7.3 2002-08-06T00:00:00 RHSA-2002:160 Red Hat Linux Advanced Workstation 2.1 2002-08-05T00:00:00 RHSA-2002:161 Red Hat Stronghold 3 2002-07-31T00:00:00 RHSA-2002:164 Red Hat Stronghold 3 2002-08-19T00:00:00 RHSA-2002:184 Red Hat Stronghold 4 2002-08-08T00:00:00 RHSA-2002:163 Red Hat Stronghold 4 2002-09-02T00:00:00 RHSA-2002:193 https://www.cve.org/CVERecord?id=CVE-2002-0659 https://nvd.nist.gov/vuln/detail/CVE-2002-0659 Important 2002-08-05T00:00:00 security flaw

Buffer overflow in libpng 1.0.12-3.woody.2 and libpng3 1.2.1-1.1.woody.2 on Debian GNU/Linux 3.0, and other operating systems, may allow attackers to cause a denial of service and possibly execute arbitrary code, a different vulnerability than CVE-2002-0728.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2002-08-05T00:00:00 RHSA-2002:152 Red Hat Linux 6.2 2002-08-19T00:00:00 RHSA-2002:151 Red Hat Linux 7.0 2002-08-19T00:00:00 RHSA-2002:151 Red Hat Linux 7.1 2002-08-19T00:00:00 RHSA-2002:151 Red Hat Linux 7.1 2003-04-24T00:00:00 RHSA-2003:157 Red Hat Linux 7.2 2002-08-19T00:00:00 RHSA-2002:151 Red Hat Linux 7.3 2002-08-19T00:00:00 RHSA-2002:151 https://www.cve.org/CVERecord?id=CVE-2002-0660 https://nvd.nist.gov/vuln/detail/CVE-2002-0660 2002-09-03T00:00:00 security flaw

scrollkeeper-get-cl in ScrollKeeper 0.3 to 0.3.11 allows local users to create and overwrite files via a symlink attack on the scrollkeeper-tempfile.x temporary files.

Red Hat Linux 7.3 2002-09-02T00:00:00 RHSA-2002:186 https://www.cve.org/CVERecord?id=CVE-2002-0662 https://nvd.nist.gov/vuln/detail/CVE-2002-0662 Moderate 2002-06-26T00:00:00 security flaw

Buffer overflow in DNS resolver functions that perform lookup of network names and addresses, as used in BIND 4.9.8 and ported to glibc 2.2.5 and earlier, allows remote malicious DNS servers to execute arbitrary code through a subroutine used by functions such as getnetbyname and getnetbyaddr.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2002-08-06T00:00:00 RHSA-2002:167 Red Hat Linux 6.2 2002-07-25T00:00:00 RHSA-2002:139 Red Hat Linux 7.0 2002-07-25T00:00:00 RHSA-2002:139 Red Hat Linux 7.1 2002-07-25T00:00:00 RHSA-2002:139 Red Hat Linux 7.1 2003-06-26T00:00:00 RHSA-2003:212 Red Hat Linux 7.2 2002-07-25T00:00:00 RHSA-2002:139 Red Hat Linux 7.3 2002-07-25T00:00:00 RHSA-2002:139 https://www.cve.org/CVERecord?id=CVE-2002-0684 https://nvd.nist.gov/vuln/detail/CVE-2002-0684 2002-04-15T00:00:00 security flaw

The "through the web code" capability for Zope 2.0 through 2.5.1 b1 allows untrusted users to shut down the Zope server via certain headers.

Red Hat Powertools 7.0 2002-09-25T00:00:00 RHSA-2002:060 Red Hat Powertools 7.1 2002-09-25T00:00:00 RHSA-2002:060 https://www.cve.org/CVERecord?id=CVE-2002-0687 https://nvd.nist.gov/vuln/detail/CVE-2002-0687 2002-06-14T00:00:00 security flaw

ZCatalog plug-in index support capability for Zope 2.4.0 through 2.5.1 allows anonymous users and untrusted code to bypass access restrictions and call arbitrary methods of catalog indexes.

Red Hat Powertools 7.0 2002-09-25T00:00:00 RHSA-2002:060 Red Hat Powertools 7.1 2002-09-25T00:00:00 RHSA-2002:060 https://www.cve.org/CVERecord?id=CVE-2002-0688 https://nvd.nist.gov/vuln/detail/CVE-2002-0688 2002-05-10T00:00:00 security flaw

An interaction between the Perl MD5 module (perl-Digest-MD5) and Perl could produce incorrect MD5 checksums for UTF-8 data, which could prevent a system from properly verifying the integrity of the data.

Red Hat Linux 7.3 2002-05-10T00:00:00 RHSA-2002:081 https://www.cve.org/CVERecord?id=CVE-2002-0703 https://nvd.nist.gov/vuln/detail/CVE-2002-0703 2002-05-09T00:00:00 security flaw

The Network Address Translation (NAT) capability for Netfilter ("iptables") 1.2.6a and earlier leaks translated IP addresses in ICMP error messages.

Red Hat Linux 6.2 2002-05-09T00:00:00 RHSA-2002:086 Red Hat Linux 7.0 2002-05-09T00:00:00 RHSA-2002:086 Red Hat Linux 7.1 2002-05-09T00:00:00 RHSA-2002:086 Red Hat Linux 7.2 2002-05-09T00:00:00 RHSA-2002:086 Red Hat Linux 7.3 2002-05-09T00:00:00 RHSA-2002:086 https://www.cve.org/CVERecord?id=CVE-2002-0704 https://nvd.nist.gov/vuln/detail/CVE-2002-0704 Important 2002-07-03T00:00:00 security flaw

Buffer overflows in Squid before 2.4.STABLE6 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code (1) via the MSNT auth helper (msnt_auth) when using denyusers or allowusers files, (2) via the gopher client, or (3) via the FTP server directory listing parser when HTML output is generated.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2002-07-12T00:00:00 RHSA-2002:130 Red Hat Linux 6.2 2002-07-04T00:00:00 RHSA-2002:051 Red Hat Linux 7.0 2002-07-04T00:00:00 RHSA-2002:051 Red Hat Linux 7.1 2002-07-04T00:00:00 RHSA-2002:051 Red Hat Linux 7.2 2002-07-04T00:00:00 RHSA-2002:051 Red Hat Linux 7.3 2002-07-04T00:00:00 RHSA-2002:051 https://www.cve.org/CVERecord?id=CVE-2002-0713 https://nvd.nist.gov/vuln/detail/CVE-2002-0713 Moderate 2002-07-03T00:00:00 security flaw

FTP proxy in Squid before 2.4.STABLE6 does not compare the IP addresses of control and data connections with the FTP server, which allows remote attackers to bypass firewall rules or spoof FTP server responses.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2002-07-12T00:00:00 RHSA-2002:130 Red Hat Linux 6.2 2002-07-04T00:00:00 RHSA-2002:051 Red Hat Linux 7.0 2002-07-04T00:00:00 RHSA-2002:051 Red Hat Linux 7.1 2002-07-04T00:00:00 RHSA-2002:051 Red Hat Linux 7.2 2002-07-04T00:00:00 RHSA-2002:051 Red Hat Linux 7.3 2002-07-04T00:00:00 RHSA-2002:051 https://www.cve.org/CVERecord?id=CVE-2002-0714 https://nvd.nist.gov/vuln/detail/CVE-2002-0714 Important 2002-07-03T00:00:00 security flaw

Vulnerability in Squid before 2.4.STABLE6 related to proxy authentication credentials may allow remote web sites to obtain the user's proxy login and password.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2002-07-12T00:00:00 RHSA-2002:130 Red Hat Linux 6.2 2002-07-04T00:00:00 RHSA-2002:051 Red Hat Linux 7.0 2002-07-04T00:00:00 RHSA-2002:051 Red Hat Linux 7.1 2002-07-04T00:00:00 RHSA-2002:051 Red Hat Linux 7.2 2002-07-04T00:00:00 RHSA-2002:051 Red Hat Linux 7.3 2002-07-04T00:00:00 RHSA-2002:051 https://www.cve.org/CVERecord?id=CVE-2002-0715 https://nvd.nist.gov/vuln/detail/CVE-2002-0715 Moderate 2002-07-08T00:00:00 security flaw

Buffer overflow in the progressive reader for libpng 1.2.x before 1.2.4, and 1.0.x before 1.0.14, allows attackers to cause a denial of service (crash) via a PNG data stream that has more IDAT data than indicated by the IHDR chunk.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2002-08-05T00:00:00 RHSA-2002:152 Red Hat Linux 6.2 2002-08-19T00:00:00 RHSA-2002:151 Red Hat Linux 7.0 2002-08-19T00:00:00 RHSA-2002:151 Red Hat Linux 7.1 2002-08-19T00:00:00 RHSA-2002:151 Red Hat Linux 7.1 2003-04-24T00:00:00 RHSA-2003:157 Red Hat Linux 7.2 2002-08-19T00:00:00 RHSA-2002:151 Red Hat Linux 7.3 2002-08-19T00:00:00 RHSA-2002:151 https://www.cve.org/CVERecord?id=CVE-2002-0728 https://nvd.nist.gov/vuln/detail/CVE-2002-0728 2002-05-02T00:00:00 security flaw

The multibyte support in PostgreSQL 6.5.x with SQL_ASCII encoding consumes an extra character when processing a character that cannot be converted, which could remove an escape character from the query and make the application subject to SQL injection attacks.

Red Hat Database 7.1 2002-08-20T00:00:00 RHSA-2002:149 https://www.cve.org/CVERecord?id=CVE-2002-0802 https://nvd.nist.gov/vuln/detail/CVE-2002-0802 2002-06-08T00:00:00 security flaw

Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, allows remote attackers to display restricted products and components via a direct HTTP request to queryhelp.cgi.

Red Hat Powertools 7.0 2002-08-20T00:00:00 RHSA-2002:109 Red Hat Powertools 7.1 2002-08-20T00:00:00 RHSA-2002:109 https://www.cve.org/CVERecord?id=CVE-2002-0803 https://nvd.nist.gov/vuln/detail/CVE-2002-0803 2002-06-08T00:00:00 security flaw

Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, when configured to perform reverse DNS lookups, allows remote attackers to bypass IP restrictions by connecting from a system with a spoofed reverse DNS hostname.

Red Hat Powertools 7.0 2002-08-20T00:00:00 RHSA-2002:109 Red Hat Powertools 7.1 2002-08-20T00:00:00 RHSA-2002:109 https://www.cve.org/CVERecord?id=CVE-2002-0804 https://nvd.nist.gov/vuln/detail/CVE-2002-0804 2002-06-08T00:00:00 security flaw

Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, (1) creates new directories with world-writable permissions, and (2) creates the params file with world-writable permissions, which allows local users to modify the files and execute code.

Red Hat Powertools 7.0 2002-08-20T00:00:00 RHSA-2002:109 Red Hat Powertools 7.1 2002-08-20T00:00:00 RHSA-2002:109 https://www.cve.org/CVERecord?id=CVE-2002-0805 https://nvd.nist.gov/vuln/detail/CVE-2002-0805 2002-06-08T00:00:00 security flaw

Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, allows authenticated users with editing privileges to delete other users by directly calling the editusers.cgi script with the "del" option.

Red Hat Powertools 7.0 2002-08-20T00:00:00 RHSA-2002:109 Red Hat Powertools 7.1 2002-08-20T00:00:00 RHSA-2002:109 https://www.cve.org/CVERecord?id=CVE-2002-0806 https://nvd.nist.gov/vuln/detail/CVE-2002-0806 2002-06-08T00:00:00 security flaw

Cross-site scripting vulnerabilities in Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, could allow remote attackers to execute script as other Bugzilla users via the full name (real name) field, which is not properly quoted by editusers.cgi.

Red Hat Powertools 7.0 2002-08-20T00:00:00 RHSA-2002:109 Red Hat Powertools 7.1 2002-08-20T00:00:00 RHSA-2002:109 https://www.cve.org/CVERecord?id=CVE-2002-0807 https://nvd.nist.gov/vuln/detail/CVE-2002-0807 2001-11-05T00:00:00 security flaw

Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, when performing a mass change, sets the groupset of all bugs to the groupset of the first bug, which could inadvertently cause insecure groupset permissions to be assigned to some bugs.

Red Hat Powertools 7.0 2002-08-20T00:00:00 RHSA-2002:109 Red Hat Powertools 7.1 2002-08-20T00:00:00 RHSA-2002:109 https://www.cve.org/CVERecord?id=CVE-2002-0808 https://nvd.nist.gov/vuln/detail/CVE-2002-0808 2002-06-02T00:00:00 security flaw

Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, does not properly handle URL-encoded field names that are generated by some browsers, which could cause certain fields to appear to be unset, which has the effect of removing group permissions on bugs when buglist.cgi is provided with the encoded field names.

Red Hat Powertools 7.0 2002-08-20T00:00:00 RHSA-2002:109 Red Hat Powertools 7.1 2002-08-20T00:00:00 RHSA-2002:109 https://www.cve.org/CVERecord?id=CVE-2002-0809 https://nvd.nist.gov/vuln/detail/CVE-2002-0809 2001-07-25T00:00:00 security flaw

Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, directs error messages from the syncshadowdb command to the HTML output, which could leak sensitive information, including plaintext passwords, if syncshadowdb fails.

Red Hat Powertools 7.0 2002-08-20T00:00:00 RHSA-2002:109 Red Hat Powertools 7.1 2002-08-20T00:00:00 RHSA-2002:109 https://www.cve.org/CVERecord?id=CVE-2002-0810 https://nvd.nist.gov/vuln/detail/CVE-2002-0810 2002-06-08T00:00:00 security flaw

Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, may allow remote attackers to cause a denial of service or execute certain queries via a SQL injection attack on the sort order parameter to buglist.cgi.

Red Hat Powertools 7.0 2002-08-20T00:00:00 RHSA-2002:109 Red Hat Powertools 7.1 2002-08-20T00:00:00 RHSA-2002:109 https://www.cve.org/CVERecord?id=CVE-2002-0811 https://nvd.nist.gov/vuln/detail/CVE-2002-0811 Moderate 2002-06-28T00:00:00 security flaw

Buffer overflows in Ethereal 0.9.4 and earlier allow remote attackers to cause a denial of service or execute arbitrary code via (1) the BGP dissector, or (2) the WCP dissector.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2002-09-13T00:00:00 RHSA-2002:170 Red Hat Linux 7.2 2002-08-29T00:00:00 RHSA-2002:169 Red Hat Linux 7.3 2002-08-29T00:00:00 RHSA-2002:169 Red Hat Powertools 6.2 2002-09-13T00:00:00 RHSA-2002:036 Red Hat Powertools 7.0 2002-09-13T00:00:00 RHSA-2002:036 Red Hat Powertools 7.1 2002-09-13T00:00:00 RHSA-2002:036 https://www.cve.org/CVERecord?id=CVE-2002-0821 https://nvd.nist.gov/vuln/detail/CVE-2002-0821 Moderate 2002-06-28T00:00:00 security flaw

Ethereal 0.9.4 and earlier allows remote attackers to cause a denial of service and possibly excecute arbitrary code via the (1) SOCKS, (2) RSVP, (3) AFS, or (4) LMP dissectors, which can be caused to core dump.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2002-09-13T00:00:00 RHSA-2002:170 Red Hat Linux 7.2 2002-08-29T00:00:00 RHSA-2002:169 Red Hat Linux 7.3 2002-08-29T00:00:00 RHSA-2002:169 Red Hat Powertools 6.2 2002-09-13T00:00:00 RHSA-2002:036 Red Hat Powertools 7.0 2002-09-13T00:00:00 RHSA-2002:036 Red Hat Powertools 7.1 2002-09-13T00:00:00 RHSA-2002:036 https://www.cve.org/CVERecord?id=CVE-2002-0822 https://nvd.nist.gov/vuln/detail/CVE-2002-0822 Important 2002-07-23T00:00:00 security flaw

Buffer overflow in the DNS SRV code for nss_ldap before nss_ldap-198 allows remote attackers to cause a denial of service and possibly execute arbitrary code.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2002-10-04T00:00:00 RHSA-2002:180 Red Hat Linux 6.2 2002-10-04T00:00:00 RHSA-2002:175 Red Hat Linux 7.0 2002-10-04T00:00:00 RHSA-2002:175 Red Hat Linux 7.1 2002-10-04T00:00:00 RHSA-2002:175 Red Hat Linux 7.2 2002-10-04T00:00:00 RHSA-2002:175 Red Hat Linux 7.3 2002-10-04T00:00:00 RHSA-2002:175 Red Hat Linux Advanced Workstation 2.1 2002-10-04T00:00:00 RHSA-2002:180 https://www.cve.org/CVERecord?id=CVE-2002-0825 https://nvd.nist.gov/vuln/detail/CVE-2002-0825 Moderate 2002-08-20T00:00:00 security flaw

Buffer overflow in the ISIS dissector for Ethereal 0.9.5 and earlier allows remote attackers to cause a denial of service or execute arbitrary code via malformed packets.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2002-09-13T00:00:00 RHSA-2002:170 Red Hat Linux 7.2 2002-08-29T00:00:00 RHSA-2002:169 Red Hat Linux 7.3 2002-08-29T00:00:00 RHSA-2002:169 Red Hat Powertools 6.2 2002-09-13T00:00:00 RHSA-2002:036 Red Hat Powertools 7.0 2002-09-13T00:00:00 RHSA-2002:036 Red Hat Powertools 7.1 2002-09-13T00:00:00 RHSA-2002:036 https://www.cve.org/CVERecord?id=CVE-2002-0834 https://nvd.nist.gov/vuln/detail/CVE-2002-0834 Important 2002-08-30T00:00:00 security flaw

Preboot eXecution Environment (PXE) server allows remote attackers to cause a denial of service (crash) via certain DHCP packets from Voice-Over-IP (VOIP) phones.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2002-08-30T00:00:00 RHSA-2002:165 Red Hat Linux 6.2 2002-08-30T00:00:00 RHSA-2002:162 Red Hat Linux 7.0 2002-08-30T00:00:00 RHSA-2002:162 Red Hat Linux 7.1 2002-08-30T00:00:00 RHSA-2002:162 Red Hat Linux 7.2 2002-08-30T00:00:00 RHSA-2002:162 Red Hat Linux 7.3 2002-08-30T00:00:00 RHSA-2002:162 https://www.cve.org/CVERecord?id=CVE-2002-0835 https://nvd.nist.gov/vuln/detail/CVE-2002-0835 Important 2002-10-14T00:00:00 security flaw

dvips converter for Postscript files in the tetex package calls the system() function insecurely, which allows remote attackers to execute arbitrary commands via certain print jobs, possibly involving fonts.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2002-10-14T00:00:00 RHSA-2002:195 Red Hat Linux 6.2 2002-10-14T00:00:00 RHSA-2002:194 Red Hat Linux 7.0 2002-10-14T00:00:00 RHSA-2002:194 Red Hat Linux 7.1 2002-10-14T00:00:00 RHSA-2002:194 Red Hat Linux 7.2 2002-10-14T00:00:00 RHSA-2002:194 Red Hat Linux 7.3 2002-10-14T00:00:00 RHSA-2002:194 Red Hat Linux 8.0 2002-10-14T00:00:00 RHSA-2002:194 https://www.cve.org/CVERecord?id=CVE-2002-0836 https://nvd.nist.gov/vuln/detail/CVE-2002-0836 2002-09-09T00:00:00 security flaw

wordtrans 1.1pre8 and earlier in the wordtrans-web package allows remote attackers to (1) execute arbitrary code or (2) conduct cross-site scripting attacks via certain parameters (possibly "dict") to the wordtrans.php script.

Red Hat Linux 7.3 2002-09-09T00:00:00 RHSA-2002:188 https://www.cve.org/CVERecord?id=CVE-2002-0837 https://nvd.nist.gov/vuln/detail/CVE-2002-0837 2002-09-26T00:00:00 security flaw

Buffer overflow in (1) gv 3.5.8 and earlier, (2) gvv 1.0.2 and earlier, (3) ggv 1.99.90 and earlier, (4) gnome-gv, and (5) kghostview in kdegraphics 2.2.2 and earlier, allows attackers to execute arbitrary code via a malformed (a) PDF or (b) PostScript file, which is processed by an unsafe call to sscanf.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2002-10-10T00:00:00 RHSA-2002:211 Red Hat Linux 6.2 2002-10-10T00:00:00 RHSA-2002:207 Red Hat Linux 7.0 2002-10-10T00:00:00 RHSA-2002:207 Red Hat Linux 7.1 2002-10-10T00:00:00 RHSA-2002:207 Red Hat Linux 7.2 2002-10-10T00:00:00 RHSA-2002:207 Red Hat Linux 7.2 2002-12-04T00:00:00 RHSA-2002:220 Red Hat Linux 7.3 2002-10-10T00:00:00 RHSA-2002:207 Red Hat Linux 7.3 2002-12-04T00:00:00 RHSA-2002:220 Red Hat Linux 8.0 2002-10-10T00:00:00 RHSA-2002:207 Red Hat Linux 8.0 2002-12-04T00:00:00 RHSA-2002:220 Red Hat Linux Advanced Workstation 2.1 2002-10-10T00:00:00 RHSA-2002:211 Red Hat Powertools 7.0 2002-10-04T00:00:00 RHSA-2002:212 Red Hat Powertools 7.1 2002-10-04T00:00:00 RHSA-2002:212 https://www.cve.org/CVERecord?id=CVE-2002-0838 https://nvd.nist.gov/vuln/detail/CVE-2002-0838 Important 2002-10-03T00:00:00 security flaw

The shared memory scoreboard in the HTTP daemon for Apache 1.3.x before 1.3.27 allows any user running as the Apache UID to send a SIGUSR1 signal to any process as root, resulting in a denial of service (process kill) or possibly other behaviors that would not normally be allowed, by modifying the parent[].pid and parent[].last_rtime segments in the scoreboard.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2003-01-09T00:00:00 RHSA-2002:251 Red Hat Linux 6.2 2002-12-12T00:00:00 RHSA-2002:222 Red Hat Linux 7.0 2002-12-12T00:00:00 RHSA-2002:222 Red Hat Linux 7.1 2002-12-12T00:00:00 RHSA-2002:222 Red Hat Linux 7.1 2003-04-22T00:00:00 RHSA-2003:106 Red Hat Linux 7.2 2002-12-12T00:00:00 RHSA-2002:222 Red Hat Linux 7.3 2002-12-12T00:00:00 RHSA-2002:222 Red Hat Linux 8.0 2002-12-12T00:00:00 RHSA-2002:222 Red Hat Linux Advanced Workstation 2.1 2003-01-09T00:00:00 RHSA-2002:251 Red Hat Stronghold 3 2002-11-08T00:00:00 RHSA-2002:243 Red Hat Stronghold 4 2002-11-08T00:00:00 RHSA-2002:244 Stronghold 4 for Red Hat Enterprise Linux 2002-11-07T00:00:00 RHSA-2002:248 https://www.cve.org/CVERecord?id=CVE-2002-0839 https://nvd.nist.gov/vuln/detail/CVE-2002-0839 Low 2002-10-02T00:00:00 security flaw

Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vulnerability than CAN-2002-1157.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2003-01-09T00:00:00 RHSA-2002:251 Red Hat Linux 6.2 2002-12-12T00:00:00 RHSA-2002:222 Red Hat Linux 7.0 2002-12-12T00:00:00 RHSA-2002:222 Red Hat Linux 7.1 2002-12-12T00:00:00 RHSA-2002:222 Red Hat Linux 7.1 2003-04-22T00:00:00 RHSA-2003:106 Red Hat Linux 7.2 2002-12-12T00:00:00 RHSA-2002:222 Red Hat Linux 7.3 2002-12-12T00:00:00 RHSA-2002:222 Red Hat Linux 8.0 2002-12-12T00:00:00 RHSA-2002:222 Red Hat Linux Advanced Workstation 2.1 2003-01-09T00:00:00 RHSA-2002:251 Red Hat Stronghold 3 2002-11-08T00:00:00 RHSA-2002:243 Red Hat Stronghold 4 2002-11-08T00:00:00 RHSA-2002:244 Stronghold 4 for Red Hat Enterprise Linux 2002-11-07T00:00:00 RHSA-2002:248 https://www.cve.org/CVERecord?id=CVE-2002-0840 https://nvd.nist.gov/vuln/detail/CVE-2002-0840 Important 2002-10-03T00:00:00 security flaw

Buffer overflows in the ApacheBench benchmark support program (ab.c) in Apache before 1.3.27, and Apache 2.x before 2.0.43, allow a malicious web server to cause a denial of service and possibly execute arbitrary code via a long response.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2003-01-09T00:00:00 RHSA-2002:251 Red Hat Linux 6.2 2002-12-12T00:00:00 RHSA-2002:222 Red Hat Linux 7.0 2002-12-12T00:00:00 RHSA-2002:222 Red Hat Linux 7.1 2002-12-12T00:00:00 RHSA-2002:222 Red Hat Linux 7.1 2003-04-22T00:00:00 RHSA-2003:106 Red Hat Linux 7.2 2002-12-12T00:00:00 RHSA-2002:222 Red Hat Linux 7.3 2002-12-12T00:00:00 RHSA-2002:222 Red Hat Linux 8.0 2002-12-12T00:00:00 RHSA-2002:222 Red Hat Linux Advanced Workstation 2.1 2003-01-09T00:00:00 RHSA-2002:251 Red Hat Stronghold 3 2002-11-08T00:00:00 RHSA-2002:243 Red Hat Stronghold 4 2002-11-08T00:00:00 RHSA-2002:244 Stronghold 4 for Red Hat Enterprise Linux 2002-11-07T00:00:00 RHSA-2002:248 https://www.cve.org/CVERecord?id=CVE-2002-0843 https://nvd.nist.gov/vuln/detail/CVE-2002-0843 Low 2002-05-25T00:00:00 security flaw

Off-by-one overflow in the CVS PreservePermissions of rcs.c for CVSD before 1.11.2 allows local users to execute arbitrary code.

Red Hat Enterprise Linux 3 2004-01-14T00:00:00 RHSA-2004:004 cvs-0:1.11.2-14 https://www.cve.org/CVERecord?id=CVE-2002-0844 https://nvd.nist.gov/vuln/detail/CVE-2002-0844 Important 2002-08-08T00:00:00 security flaw

The decoder for Macromedia Shockwave Flash allows remote attackers to execute arbitrary code via a malformed SWF header that contains more data than the specified length.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2003-07-09T00:00:00 RHSA-2003:027 Red Hat Enterprise Linux ES version 2.1 2003-07-09T00:00:00 RHSA-2003:027 Red Hat Enterprise Linux WS version 2.1 2003-07-09T00:00:00 RHSA-2003:027 Red Hat Linux 7.1 2003-06-20T00:00:00 RHSA-2003:026 Red Hat Linux 7.2 2003-06-20T00:00:00 RHSA-2003:026 Red Hat Linux 7.3 2003-06-20T00:00:00 RHSA-2003:026 https://www.cve.org/CVERecord?id=CVE-2002-0846 https://nvd.nist.gov/vuln/detail/CVE-2002-0846 Important 2002-07-11T00:00:00 security flaw

Cross-site scripting vulnerability in Mailman before 2.0.12 allows remote attackers to execute script as other users via a subscriber's list subscription options in the (1) adminpw or (2) info parameters to the ml-name feature.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2002-08-28T00:00:00 RHSA-2002:181 Red Hat Linux 7.2 2002-08-23T00:00:00 RHSA-2002:176 Red Hat Linux 7.3 2002-08-23T00:00:00 RHSA-2002:176 Red Hat Powertools 7.0 2002-08-23T00:00:00 RHSA-2002:177 Red Hat Powertools 7.1 2002-08-23T00:00:00 RHSA-2002:177 Red Hat Secure Web Server 3.2 2002-08-27T00:00:00 RHSA-2002:178 https://www.cve.org/CVERecord?id=CVE-2002-0855 https://nvd.nist.gov/vuln/detail/CVE-2002-0855 Moderate 2002-08-13T00:00:00 security flaw

xinetd 2.3.4 leaks file descriptors for the signal pipe to services that are launched by xinetd, which could allow those services to cause a denial of service via the pipe.

Red Hat Linux 7.0 2002-10-15T00:00:00 RHSA-2002:196 Red Hat Linux 7.1 2002-10-15T00:00:00 RHSA-2002:196 Red Hat Linux 7.1 2003-07-14T00:00:00 RHSA-2003:228 Red Hat Linux 7.2 2002-10-15T00:00:00 RHSA-2002:196 Red Hat Linux 7.3 2002-10-15T00:00:00 RHSA-2002:196 Red Hat Linux 8.0 2002-10-15T00:00:00 RHSA-2002:196 https://www.cve.org/CVERecord?id=CVE-2002-0871 https://nvd.nist.gov/vuln/detail/CVE-2002-0871 Low 2002-01-03T00:00:00 security flaw

Vulnerability in FAM 2.6.8, 2.6.6, and other versions allows unprivileged users to obtain the names of files whose access is restricted to the root group.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2005-01-05T00:00:00 RHSA-2005:005 Red Hat Enterprise Linux ES version 2.1 2005-01-05T00:00:00 RHSA-2005:005 Red Hat Enterprise Linux WS version 2.1 2005-01-05T00:00:00 RHSA-2005:005 Red Hat Linux Advanced Workstation 2.1 2005-01-05T00:00:00 RHSA-2005:005 https://www.cve.org/CVERecord?id=CVE-2002-0875 https://nvd.nist.gov/vuln/detail/CVE-2002-0875 Important 2002-08-12T00:00:00 security flaw

The SSL capability for Konqueror in KDE 3.0.2 and earlier does not verify the Basic Constraints for an intermediate CA-signed certificate, which allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2002-12-04T00:00:00 RHSA-2002:221 Red Hat Linux 7.2 2002-12-04T00:00:00 RHSA-2002:220 Red Hat Linux 7.3 2002-12-04T00:00:00 RHSA-2002:220 Red Hat Linux 8.0 2002-12-04T00:00:00 RHSA-2002:220 https://www.cve.org/CVERecord?id=CVE-2002-0970 https://nvd.nist.gov/vuln/detail/CVE-2002-0970 Important 2002-08-20T00:00:00 security flaw

Buffer overflows in PostgreSQL 7.2 allow attackers to cause a denial of service and possibly execute arbitrary code via long arguments to the functions (1) lpad or (2) rpad.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2003-01-22T00:00:00 RHSA-2002:301 Red Hat Linux 6.2 2003-01-14T00:00:00 RHSA-2003:010 Red Hat Linux 7.0 2003-01-14T00:00:00 RHSA-2003:010 Red Hat Linux 7.1 2003-01-14T00:00:00 RHSA-2003:010 Red Hat Linux 7.2 2003-01-14T00:00:00 RHSA-2003:010 Red Hat Linux 7.3 2003-01-14T00:00:00 RHSA-2003:001 Red Hat Linux 8.0 2003-01-14T00:00:00 RHSA-2003:001 Red Hat Linux Advanced Workstation 2.1 2003-01-22T00:00:00 RHSA-2002:301 https://www.cve.org/CVERecord?id=CVE-2002-0972 https://nvd.nist.gov/vuln/detail/CVE-2002-0972 Low 2002-08-23T00:00:00 security flaw

Argument injection vulnerability in the mail function for PHP 4.x to 4.2.2 may allow attackers to bypass safe mode restrictions and modify command line arguments to the MTA (e.g. sendmail) in the 5th argument to mail(), altering MTA behavior and possibly executing commands.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2002-11-11T00:00:00 RHSA-2002:214 Red Hat Linux 7.0 2002-11-11T00:00:00 RHSA-2002:213 Red Hat Linux 7.1 2002-11-11T00:00:00 RHSA-2002:213 Red Hat Linux 7.1 2003-06-30T00:00:00 RHSA-2003:159 Red Hat Linux 7.2 2002-11-11T00:00:00 RHSA-2002:213 Red Hat Linux 7.3 2002-11-11T00:00:00 RHSA-2002:213 Red Hat Linux Advanced Workstation 2.1 2002-11-11T00:00:00 RHSA-2002:214 Red Hat Stronghold 3 2002-11-08T00:00:00 RHSA-2002:243 Red Hat Stronghold 4 2002-11-08T00:00:00 RHSA-2002:244 Stronghold 4 for Red Hat Enterprise Linux 2002-11-07T00:00:00 RHSA-2002:248 https://www.cve.org/CVERecord?id=CVE-2002-0985 https://nvd.nist.gov/vuln/detail/CVE-2002-0985 Moderate 2002-08-23T00:00:00 security flaw

The mail function in PHP 4.x to 4.2.2 does not filter ASCII control characters from its arguments, which could allow remote attackers to modify mail message content, including mail headers, and possibly use PHP as a "spam proxy."

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2002-11-11T00:00:00 RHSA-2002:214 Red Hat Linux 7.0 2002-11-11T00:00:00 RHSA-2002:213 Red Hat Linux 7.1 2002-11-11T00:00:00 RHSA-2002:213 Red Hat Linux 7.1 2003-06-30T00:00:00 RHSA-2003:159 Red Hat Linux 7.2 2002-11-11T00:00:00 RHSA-2002:213 Red Hat Linux 7.3 2002-11-11T00:00:00 RHSA-2002:213 Red Hat Linux Advanced Workstation 2.1 2002-11-11T00:00:00 RHSA-2002:214 Red Hat Stronghold 3 2002-11-08T00:00:00 RHSA-2002:243 Red Hat Stronghold 4 2002-11-08T00:00:00 RHSA-2002:244 Stronghold 4 for Red Hat Enterprise Linux 2002-11-07T00:00:00 RHSA-2002:248 https://www.cve.org/CVERecord?id=CVE-2002-0986 https://nvd.nist.gov/vuln/detail/CVE-2002-0986 Important 2002-08-25T00:00:00 security flaw

The URL handler in the manual browser option for Gaim before 0.59.1 allows remote attackers to execute arbitrary script via shell metacharacters in a link.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2002-09-09T00:00:00 RHSA-2002:191 Red Hat Linux 7.1 2002-09-10T00:00:00 RHSA-2002:189 Red Hat Linux 7.1 2003-06-23T00:00:00 RHSA-2003:156 Red Hat Linux 7.2 2002-09-10T00:00:00 RHSA-2002:189 Red Hat Linux 7.3 2002-09-10T00:00:00 RHSA-2002:189 Red Hat Powertools 7.0 2002-09-10T00:00:00 RHSA-2002:190 https://www.cve.org/CVERecord?id=CVE-2002-0989 https://nvd.nist.gov/vuln/detail/CVE-2002-0989 Important 2002-03-04T00:00:00 security flaw

Buffer overflow in read_smtp_response of protocol.c in libesmtp before 0.8.11 allows a remote SMTP server to (1) execute arbitrary code via a certain response or (2) cause a denial of service via long server responses.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2003-05-22T00:00:00 RHSA-2003:111 Red Hat Enterprise Linux ES version 2.1 2003-05-22T00:00:00 RHSA-2003:111 Red Hat Enterprise Linux WS version 2.1 2003-05-22T00:00:00 RHSA-2003:111 Red Hat Linux 7.2 2003-04-03T00:00:00 RHSA-2003:109 Red Hat Linux 7.3 2003-04-03T00:00:00 RHSA-2003:109 Red Hat Linux 8.0 2003-04-03T00:00:00 RHSA-2003:109 Red Hat Linux 9 2003-04-03T00:00:00 RHSA-2003:109 Red Hat Linux Advanced Workstation 2.1 2003-05-22T00:00:00 RHSA-2003:111 https://www.cve.org/CVERecord?id=CVE-2002-1090 https://nvd.nist.gov/vuln/detail/CVE-2002-1090 Important 2002-09-06T00:00:00 security flaw

Netscape 6.2.3 and earlier, and Mozilla 1.0.1, allow remote attackers to corrupt heap memory and execute arbitrary code via a GIF image with a zero width.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2003-02-12T00:00:00 RHSA-2003:046 Red Hat Linux 7.2 2002-10-18T00:00:00 RHSA-2002:192 Red Hat Linux 7.3 2002-10-18T00:00:00 RHSA-2002:192 Red Hat Linux 8.0 2002-10-18T00:00:00 RHSA-2002:192 https://www.cve.org/CVERecord?id=CVE-2002-1091 https://nvd.nist.gov/vuln/detail/CVE-2002-1091 2002-08-01T00:00:00 security flaw

os._execvpe from os.py in Python 2.2.1 and earlier creates temporary files with predictable names, which could allow local users to execute arbitrary code via a symlink attack.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2003-02-12T00:00:00 RHSA-2003:048 Red Hat Linux 6.2 2003-01-21T00:00:00 RHSA-2002:202 Red Hat Linux 7.0 2003-01-21T00:00:00 RHSA-2002:202 Red Hat Linux 7.1 2003-01-21T00:00:00 RHSA-2002:202 Red Hat Linux 7.2 2003-01-21T00:00:00 RHSA-2002:202 Red Hat Linux 7.3 2003-01-21T00:00:00 RHSA-2002:202 Red Hat Linux Advanced Workstation 2.1 2003-02-12T00:00:00 RHSA-2003:048 https://www.cve.org/CVERecord?id=CVE-2002-1119 https://nvd.nist.gov/vuln/detail/CVE-2002-1119 2002-05-19T00:00:00 security flaw

Mozilla 1.1 and earlier, and Mozilla-based browsers such as Netscape and Galeon, set the document referrer too quickly in certain situations when a new page is being loaded, which allows web pages to determine the next page that is being visited, including manually entered URLs, using the onunload handler.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2003-02-12T00:00:00 RHSA-2003:046 Red Hat Linux 7.2 2002-10-18T00:00:00 RHSA-2002:192 Red Hat Linux 7.3 2002-10-18T00:00:00 RHSA-2002:192 Red Hat Linux 8.0 2002-10-18T00:00:00 RHSA-2002:192 https://www.cve.org/CVERecord?id=CVE-2002-1126 https://nvd.nist.gov/vuln/detail/CVE-2002-1126 2002-09-16T00:00:00 security flaw

Cross-site scripting vulnerabilities in SquirrelMail 1.2.7 and earlier allows remote attackers to execute script as other web users via (1) addressbook.php, (2) options.php, (3) search.php, or (4) help.php.

Red Hat Linux 8.0 2002-10-10T00:00:00 RHSA-2002:204 https://www.cve.org/CVERecord?id=CVE-2002-1131 https://nvd.nist.gov/vuln/detail/CVE-2002-1131 2002-09-16T00:00:00 security flaw

SquirrelMail 1.2.7 and earlier allows remote attackers to determine the absolute pathname of the options.php script via a malformed optpage file argument, which generates an error message when the file cannot be included in the script.

Red Hat Linux 8.0 2002-10-10T00:00:00 RHSA-2002:204 https://www.cve.org/CVERecord?id=CVE-2002-1132 https://nvd.nist.gov/vuln/detail/CVE-2002-1132 Moderate 2002-10-03T00:00:00 security flaw

The BIND 4 and BIND 8.2.x stub resolver libraries, and other libraries such as glibc 2.2.5 and earlier, libc, and libresolv, use the maximum buffer size instead of the actual size when processing a DNS response, which causes the stub resolvers to read past the actual boundary ("read buffer overflow"), allowing remote attackers to cause a denial of service (crash).

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2003-01-30T00:00:00 RHSA-2003:022 Red Hat Linux 6.2 2002-10-04T00:00:00 RHSA-2002:197 Red Hat Linux 7.0 2002-10-04T00:00:00 RHSA-2002:197 Red Hat Linux 7.1 2002-10-04T00:00:00 RHSA-2002:197 Red Hat Linux 7.1 2003-06-26T00:00:00 RHSA-2003:212 Red Hat Linux 7.2 2002-10-04T00:00:00 RHSA-2002:197 Red Hat Linux 7.3 2002-10-04T00:00:00 RHSA-2002:197 Red Hat Linux Advanced Workstation 2.1 2003-01-30T00:00:00 RHSA-2003:022 https://www.cve.org/CVERecord?id=CVE-2002-1146 https://nvd.nist.gov/vuln/detail/CVE-2002-1146 Important 2002-09-24T00:00:00 security flaw

The default servlet (org.apache.catalina.servlets.DefaultServlet) in Tomcat 4.0.4 and 4.1.10 and earlier allows remote attackers to read source code for server files via a direct request to the servlet.

Red Hat Stronghold 4 2002-11-08T00:00:00 RHSA-2002:217 Stronghold 4 for Red Hat Enterprise Linux 2002-11-05T00:00:00 RHSA-2002:218 https://www.cve.org/CVERecord?id=CVE-2002-1148 https://nvd.nist.gov/vuln/detail/CVE-2002-1148 2002-09-06T00:00:00 security flaw

The cross-site scripting protection for Konqueror in KDE 2.2.2 and 3.0 through 3.0.3 does not properly initialize the domains on sub-frames and sub-iframes, which can allow remote attackers to execute script and steal cookies from subframes that are in other domains.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2002-12-04T00:00:00 RHSA-2002:221 Red Hat Linux 7.2 2002-12-04T00:00:00 RHSA-2002:220 Red Hat Linux 7.3 2002-12-04T00:00:00 RHSA-2002:220 Red Hat Linux 8.0 2002-12-04T00:00:00 RHSA-2002:220 https://www.cve.org/CVERecord?id=CVE-2002-1151 https://nvd.nist.gov/vuln/detail/CVE-2002-1151 2002-09-10T00:00:00 security flaw

Konqueror in KDE 3.0 through 3.0.2 does not properly detect the "secure" flag in an HTTP cookie, which could cause Konqueror to send the cookie across an unencrypted channel, which could allow remote attackers to steal the cookie via sniffing.

Red Hat Linux 7.2 2002-12-04T00:00:00 RHSA-2002:220 Red Hat Linux 7.3 2002-12-04T00:00:00 RHSA-2002:220 Red Hat Linux 8.0 2002-12-04T00:00:00 RHSA-2002:220 https://www.cve.org/CVERecord?id=CVE-2002-1152 https://nvd.nist.gov/vuln/detail/CVE-2002-1152 2002-05-14T00:00:00 security flaw

anlgform.pl in Analog before 5.23 does not restrict access to the PROGRESSFREQ progress update command, which allows remote attackers to cause a denial of service (disk consumption) by using the command to report updates more frequently and fill the web server error log.

Red Hat Powertools 7.1 2002-10-10T00:00:00 RHSA-2002:059 https://www.cve.org/CVERecord?id=CVE-2002-1154 https://nvd.nist.gov/vuln/detail/CVE-2002-1154 Important 2003-06-09T00:00:00 security flaw

Buffer overflow in KON kon2 0.3.9b and earlier allows local users to execute arbitrary code via a long -Coding command line argument.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2003-06-09T00:00:00 RHSA-2003:050 Red Hat Enterprise Linux ES version 2.1 2003-06-09T00:00:00 RHSA-2003:050 Red Hat Enterprise Linux WS version 2.1 2003-06-09T00:00:00 RHSA-2003:050 Red Hat Linux 7.1 2003-06-03T00:00:00 RHSA-2003:047 Red Hat Linux 7.2 2003-06-03T00:00:00 RHSA-2003:047 Red Hat Linux 7.3 2003-06-03T00:00:00 RHSA-2003:047 Red Hat Linux 8.0 2003-06-03T00:00:00 RHSA-2003:047 Red Hat Linux 9 2003-06-03T00:00:00 RHSA-2003:047 https://www.cve.org/CVERecord?id=CVE-2002-1155 https://nvd.nist.gov/vuln/detail/CVE-2002-1155 Low 2002-10-22T00:00:00 security flaw

Cross-site scripting vulnerability in the mod_ssl Apache module 2.8.9 and earlier, when UseCanonicalName is off and wildcard DNS is enabled, allows remote attackers to execute script as other web site visitors, via the server name in an HTTPS response on the SSL port, which is used in a self-referencing URL, a different vulnerability than CAN-2002-0840.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2003-01-09T00:00:00 RHSA-2002:251 Red Hat Linux 6.2 2002-12-12T00:00:00 RHSA-2002:222 Red Hat Linux 7.0 2002-12-12T00:00:00 RHSA-2002:222 Red Hat Linux 7.1 2002-12-12T00:00:00 RHSA-2002:222 Red Hat Linux 7.1 2003-04-22T00:00:00 RHSA-2003:106 Red Hat Linux 7.2 2002-12-12T00:00:00 RHSA-2002:222 Red Hat Linux 7.3 2002-12-12T00:00:00 RHSA-2002:222 Red Hat Linux 8.0 2002-12-12T00:00:00 RHSA-2002:222 Red Hat Linux Advanced Workstation 2.1 2003-01-09T00:00:00 RHSA-2002:251 Red Hat Stronghold 3 2002-11-08T00:00:00 RHSA-2002:243 Red Hat Stronghold 4 2002-11-08T00:00:00 RHSA-2002:244 Stronghold 4 for Red Hat Enterprise Linux 2002-11-07T00:00:00 RHSA-2002:248 https://www.cve.org/CVERecord?id=CVE-2002-1157 https://nvd.nist.gov/vuln/detail/CVE-2002-1157 2002-12-02T00:00:00 security flaw

Buffer overflow in the irw_through function for Canna 3.5b2 and earlier allows local users to execute arbitrary code as the bin user.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2002-12-10T00:00:00 RHSA-2002:261 Red Hat Linux 7.1 2002-12-10T00:00:00 RHSA-2002:246 Red Hat Linux 7.1 2003-06-24T00:00:00 RHSA-2003:115 Red Hat Linux 7.2 2002-12-10T00:00:00 RHSA-2002:246 Red Hat Linux 7.3 2002-12-10T00:00:00 RHSA-2002:246 Red Hat Linux 8.0 2002-12-10T00:00:00 RHSA-2002:246 Red Hat Linux Advanced Workstation 2.1 2002-12-10T00:00:00 RHSA-2002:261 https://www.cve.org/CVERecord?id=CVE-2002-1158 https://nvd.nist.gov/vuln/detail/CVE-2002-1158 2002-12-02T00:00:00 security flaw

Canna 3.6 and earlier does not properly validate requests, which allows remote attackers to cause a denial of service or information leak.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2002-12-10T00:00:00 RHSA-2002:261 Red Hat Linux 7.1 2002-12-10T00:00:00 RHSA-2002:246 Red Hat Linux 7.1 2003-06-24T00:00:00 RHSA-2003:115 Red Hat Linux 7.2 2002-12-10T00:00:00 RHSA-2002:246 Red Hat Linux 7.3 2002-12-10T00:00:00 RHSA-2002:246 Red Hat Linux 8.0 2002-12-10T00:00:00 RHSA-2002:246 Red Hat Linux Advanced Workstation 2.1 2002-12-10T00:00:00 RHSA-2002:261 https://www.cve.org/CVERecord?id=CVE-2002-1159 https://nvd.nist.gov/vuln/detail/CVE-2002-1159 Important 2003-02-03T00:00:00 security flaw

The default configuration of the pam_xauth module forwards MIT-Magic-Cookies to new X sessions, which could allow local users to gain root privileges by stealing the cookies from a temporary .xauth file, which is created with the original user's credentials after root uses su.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2003-03-05T00:00:00 RHSA-2003:028 Red Hat Enterprise Linux ES version 2.1 2003-03-05T00:00:00 RHSA-2003:028 Red Hat Enterprise Linux WS version 2.1 2003-03-05T00:00:00 RHSA-2003:028 Red Hat Linux 7.1 2003-02-13T00:00:00 RHSA-2003:035 Red Hat Linux 7.2 2003-02-13T00:00:00 RHSA-2003:035 Red Hat Linux 7.3 2003-02-13T00:00:00 RHSA-2003:035 Red Hat Linux 8.0 2003-02-13T00:00:00 RHSA-2003:035 Red Hat Linux Advanced Workstation 2.1 2003-03-05T00:00:00 RHSA-2003:028 https://www.cve.org/CVERecord?id=CVE-2002-1160 https://nvd.nist.gov/vuln/detail/CVE-2002-1160 Low 2002-10-01T00:00:00 security flaw

Sendmail Consortium's Restricted Shell (SMRSH) in Sendmail 8.12.6, 8.11.6-15, and possibly other versions after 8.11 from 5/19/1998, allows attackers to bypass the intended restrictions of smrsh by inserting additional commands after (1) "||" sequences or (2) "/" characters, which are not properly filtered or verified.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2003-01-30T00:00:00 RHSA-2002:259 Red Hat Linux 6.2 2003-03-03T00:00:00 RHSA-2003:073 Red Hat Linux 7.0 2003-03-03T00:00:00 RHSA-2003:073 Red Hat Linux 7.1 2003-03-03T00:00:00 RHSA-2003:073 Red Hat Linux 7.1 2003-07-08T00:00:00 RHSA-2003:227 Red Hat Linux 7.2 2003-03-03T00:00:00 RHSA-2003:073 Red Hat Linux 7.3 2003-03-03T00:00:00 RHSA-2003:073 Red Hat Linux 8.0 2003-03-03T00:00:00 RHSA-2003:073 Red Hat Linux Advanced Workstation 2.1 2003-01-30T00:00:00 RHSA-2002:259 https://www.cve.org/CVERecord?id=CVE-2002-1165 https://nvd.nist.gov/vuln/detail/CVE-2002-1165 2002-10-02T00:00:00 security flaw

The handle_var_requests function in snmp_agent.c for the SNMP daemon in the Net-SNMP (formerly ucd-snmp) package 5.0.1 through 5.0.5 allows remote attackers to cause a denial of service (crash) via a NULL dereference.

Red Hat Linux 8.0 2002-12-17T00:00:00 RHSA-2002:228 https://www.cve.org/CVERecord?id=CVE-2002-1170 https://nvd.nist.gov/vuln/detail/CVE-2002-1170 Critical 2002-09-29T00:00:00 security flaw

Buffer overflows in Fetchmail 6.0.0 and earlier allow remote attackers to cause a denial of service (crash) or execute arbitrary code via (1) long headers that are not properly processed by the readheaders function, or (2) via long Received: headers, which are not properly parsed by the parse_received function.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2002-10-07T00:00:00 RHSA-2002:216 Red Hat Linux 6.2 2002-10-07T00:00:00 RHSA-2002:215 Red Hat Linux 7.0 2002-10-07T00:00:00 RHSA-2002:215 Red Hat Linux 7.1 2002-10-07T00:00:00 RHSA-2002:215 Red Hat Linux 7.1 2003-04-24T00:00:00 RHSA-2003:155 Red Hat Linux 7.2 2002-10-07T00:00:00 RHSA-2002:215 Red Hat Linux 7.3 2002-10-07T00:00:00 RHSA-2002:215 Red Hat Linux 8.0 2002-10-07T00:00:00 RHSA-2002:215 https://www.cve.org/CVERecord?id=CVE-2002-1174 https://nvd.nist.gov/vuln/detail/CVE-2002-1174 Moderate 2002-09-29T00:00:00 security flaw

The getmxrecord function in Fetchmail 6.0.0 and earlier does not properly check the boundary of a particular malformed DNS packet from a malicious DNS server, which allows remote attackers to cause a denial of service (crash) when Fetchmail attempts to read data beyond the expected boundary.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2002-10-07T00:00:00 RHSA-2002:216 Red Hat Linux 6.2 2002-10-07T00:00:00 RHSA-2002:215 Red Hat Linux 7.0 2002-10-07T00:00:00 RHSA-2002:215 Red Hat Linux 7.1 2002-10-07T00:00:00 RHSA-2002:215 Red Hat Linux 7.1 2003-04-24T00:00:00 RHSA-2003:155 Red Hat Linux 7.2 2002-10-07T00:00:00 RHSA-2002:215 Red Hat Linux 7.3 2002-10-07T00:00:00 RHSA-2002:215 Red Hat Linux 8.0 2002-10-07T00:00:00 RHSA-2002:215 https://www.cve.org/CVERecord?id=CVE-2002-1175 https://nvd.nist.gov/vuln/detail/CVE-2002-1175 Low 2002-09-28T00:00:00 security flaw

GNU tar 1.13.19 and other versions before 1.13.25 allows remote attackers to overwrite arbitrary files via a symlink attack, as the result of a modification that effectively disabled the security check.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2002-10-02T00:00:00 RHSA-2002:138 Red Hat Linux 6.2 2002-09-29T00:00:00 RHSA-2002:096 Red Hat Linux 7.0 2002-09-29T00:00:00 RHSA-2002:096 Red Hat Linux 7.1 2002-09-29T00:00:00 RHSA-2002:096 Red Hat Linux 7.1 2003-07-01T00:00:00 RHSA-2003:218 Red Hat Linux 7.2 2002-09-29T00:00:00 RHSA-2002:096 Red Hat Linux 7.3 2002-09-29T00:00:00 RHSA-2002:096 https://www.cve.org/CVERecord?id=CVE-2002-1216 https://nvd.nist.gov/vuln/detail/CVE-2002-1216 2002-10-08T00:00:00 security flaw

Buffer overflow in DSC 3.0 parser from GSview, as used in KGhostView in KDE 1.1 and KDE 3.0.3a, may allow attackers to cause a denial of service or execute arbitrary code via a modified .ps (PostScript) input file.

Red Hat Linux 7.2 2002-12-04T00:00:00 RHSA-2002:220 Red Hat Linux 7.3 2002-12-04T00:00:00 RHSA-2002:220 Red Hat Linux 8.0 2002-12-04T00:00:00 RHSA-2002:220 https://www.cve.org/CVERecord?id=CVE-2002-1223 https://nvd.nist.gov/vuln/detail/CVE-2002-1223 2002-10-08T00:00:00 security flaw

Directory traversal vulnerability in kpf for KDE 3.0.1 through KDE 3.0.3a allows remote attackers to read arbitrary files as the kpf user via a URL with a modified icon parameter.

Red Hat Linux 7.2 2002-12-04T00:00:00 RHSA-2002:220 Red Hat Linux 7.3 2002-12-04T00:00:00 RHSA-2002:220 Red Hat Linux 8.0 2002-12-04T00:00:00 RHSA-2002:220 https://www.cve.org/CVERecord?id=CVE-2002-1224 https://nvd.nist.gov/vuln/detail/CVE-2002-1224 Important 2002-10-21T00:00:00 security flaw

Memory leak in ypdb_open in yp_db.c for ypserv before 2.5 in the NIS package 3.9 and earlier allows remote attackers to cause a denial of service (memory consumption) via a large number of requests for a map that does not exist.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2002-10-25T00:00:00 RHSA-2002:224 Red Hat Linux 6.2 2002-10-24T00:00:00 RHSA-2002:223 Red Hat Linux 7.0 2002-10-24T00:00:00 RHSA-2002:223 Red Hat Linux 7.1 2002-10-24T00:00:00 RHSA-2002:223 Red Hat Linux 7.1 2003-07-14T00:00:00 RHSA-2003:229 Red Hat Linux 7.2 2002-10-24T00:00:00 RHSA-2002:223 Red Hat Linux 7.3 2002-10-24T00:00:00 RHSA-2002:223 Red Hat Linux Advanced Workstation 2.1 2002-10-25T00:00:00 RHSA-2002:224 https://www.cve.org/CVERecord?id=CVE-2002-1232 https://nvd.nist.gov/vuln/detail/CVE-2002-1232 Critical 2002-10-23T00:00:00 security flaw

The kadm_ser_in function in (1) the Kerberos v4compatibility administration daemon (kadmind4) in the MIT Kerberos 5 (krb5) krb5-1.2.6 and earlier, (2) kadmind in KTH Kerberos 4 (eBones) before 1.2.1, and (3) kadmind in KTH Kerberos 5 (Heimdal) before 0.5.1 when compiled with Kerberos 4 support, does not properly verify the length field of a request, which allows remote attackers to execute arbitrary code via a buffer overflow attack.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2002-11-07T00:00:00 RHSA-2002:250 Red Hat Linux 6.2 2002-11-07T00:00:00 RHSA-2002:242 Red Hat Linux 7.0 2002-11-07T00:00:00 RHSA-2002:242 Red Hat Linux 7.1 2002-11-07T00:00:00 RHSA-2002:242 Red Hat Linux 7.1 2003-04-29T00:00:00 RHSA-2003:168 Red Hat Linux 7.2 2002-11-07T00:00:00 RHSA-2002:242 Red Hat Linux 7.3 2002-11-07T00:00:00 RHSA-2002:242 Red Hat Linux 8.0 2002-11-07T00:00:00 RHSA-2002:242 https://www.cve.org/CVERecord?id=CVE-2002-1235 https://nvd.nist.gov/vuln/detail/CVE-2002-1235 Low 2002-11-11T00:00:00 security flaw

Buffer overflow in LISa allows local users to gain access to a raw socket via a long LOGNAME environment variable for the resLISa daemon.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2002-12-04T00:00:00 RHSA-2002:221 Red Hat Linux 7.2 2002-12-04T00:00:00 RHSA-2002:220 Red Hat Linux 7.3 2002-12-04T00:00:00 RHSA-2002:220 Red Hat Linux 8.0 2002-12-04T00:00:00 RHSA-2002:220 https://www.cve.org/CVERecord?id=CVE-2002-1247 https://nvd.nist.gov/vuln/detail/CVE-2002-1247 2002-11-02T00:00:00 security flaw

An incomplete fix for a cross-site scripting (XSS) vulnerability in SquirrelMail 1.2.8 calls the strip_tags function on the PHP_SELF value but does not save the result back to that variable, leaving it open to cross-site scripting attacks.

Red Hat Linux 8.0 2003-03-05T00:00:00 RHSA-2003:042 https://www.cve.org/CVERecord?id=CVE-2002-1276 https://nvd.nist.gov/vuln/detail/CVE-2002-1276 Moderate 2002-11-07T00:00:00 security flaw

Buffer overflow in Window Maker (wmaker) 0.80.0 and earlier may allow remote attackers to execute arbitrary code via a certain image file that is not properly handled when Window Maker uses width and height information to allocate a buffer.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2003-01-14T00:00:00 RHSA-2003:009 Red Hat Linux 6.2 2003-02-06T00:00:00 RHSA-2003:043 Red Hat Linux 7.0 2003-02-06T00:00:00 RHSA-2003:043 Red Hat Linux 7.1 2003-02-06T00:00:00 RHSA-2003:043 Red Hat Linux 7.2 2003-02-06T00:00:00 RHSA-2003:043 Red Hat Linux 7.3 2003-02-06T00:00:00 RHSA-2003:043 Red Hat Linux 8.0 2003-02-06T00:00:00 RHSA-2003:043 Red Hat Linux Advanced Workstation 2.1 2003-01-14T00:00:00 RHSA-2003:009 https://www.cve.org/CVERecord?id=CVE-2002-1277 https://nvd.nist.gov/vuln/detail/CVE-2002-1277 Important 2002-11-11T00:00:00 security flaw

Unknown vulnerability in the rlogin KIO subsystem (rlogin.protocol) of KDE 2.x 2.1 and later, and KDE 3.x 3.0.4 and earlier, allows local and remote attackers to execute arbitrary code via a certain URL.

Red Hat Linux 7.2 2002-12-04T00:00:00 RHSA-2002:220 Red Hat Linux 7.3 2002-12-04T00:00:00 RHSA-2002:220 Red Hat Linux 8.0 2002-12-04T00:00:00 RHSA-2002:220 https://www.cve.org/CVERecord?id=CVE-2002-1281 https://nvd.nist.gov/vuln/detail/CVE-2002-1281 Important 2002-11-11T00:00:00 security flaw

Unknown vulnerability in the telnet KIO subsystem (telnet.protocol) of KDE 2.x 2.1 and later allows local and remote attackers to execute arbitrary code via a certain URL.

Red Hat Linux 7.2 2002-12-04T00:00:00 RHSA-2002:220 Red Hat Linux 7.3 2002-12-04T00:00:00 RHSA-2002:220 Red Hat Linux 8.0 2002-12-04T00:00:00 RHSA-2002:220 https://www.cve.org/CVERecord?id=CVE-2002-1282 https://nvd.nist.gov/vuln/detail/CVE-2002-1282 Moderate 2002-11-12T00:00:00 security flaw

Multiple buffer overflows in LISa on KDE 2.x for 2.1 and later, and KDE 3.x before 3.0.4, allow (1) local and possibly remote attackers to execute arbitrary code via the "lisa" daemon, and (2) remote attackers to execute arbitrary code via a certain "lan://" URL.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2002-12-04T00:00:00 RHSA-2002:221 Red Hat Linux 7.2 2002-12-04T00:00:00 RHSA-2002:220 Red Hat Linux 7.3 2002-12-04T00:00:00 RHSA-2002:220 Red Hat Linux 8.0 2002-12-04T00:00:00 RHSA-2002:220 https://www.cve.org/CVERecord?id=CVE-2002-1306 https://nvd.nist.gov/vuln/detail/CVE-2002-1306 Important 2002-11-14T00:00:00 security flaw

Heap-based buffer overflow in Netscape and Mozilla allows remote attackers to execute arbitrary code via a jar: URL that references a malformed .jar file, which overflows a buffer during decompression.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2003-10-15T00:00:00 RHSA-2003:163 Red Hat Enterprise Linux ES version 2.1 2003-10-15T00:00:00 RHSA-2003:163 Red Hat Enterprise Linux WS version 2.1 2003-10-15T00:00:00 RHSA-2003:163 Red Hat Linux 7.1 2003-07-15T00:00:00 RHSA-2003:162 Red Hat Linux 7.2 2003-07-15T00:00:00 RHSA-2003:162 Red Hat Linux 7.3 2003-07-15T00:00:00 RHSA-2003:162 Red Hat Linux 8.0 2003-07-15T00:00:00 RHSA-2003:162 Red Hat Linux Advanced Workstation 2.1 2003-10-15T00:00:00 RHSA-2003:163 https://www.cve.org/CVERecord?id=CVE-2002-1308 https://nvd.nist.gov/vuln/detail/CVE-2002-1308 2002-11-20T00:00:00 security flaw

Buffer overflow in samba 2.2.2 through 2.2.6 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an encrypted password that causes the overflow during decryption in which a DOS codepage string is converted to a little-endian UCS2 unicode string.

Red Hat Linux 7.3 2002-11-22T00:00:00 RHSA-2002:266 Red Hat Linux 8.0 2002-11-22T00:00:00 RHSA-2002:266 https://www.cve.org/CVERecord?id=CVE-2002-1318 https://nvd.nist.gov/vuln/detail/CVE-2002-1318 2002-11-11T00:00:00 security flaw

The Linux kernel 2.4.20 and earlier, and 2.5.x, when running on x86 systems, allows local users to cause a denial of service (hang) via the emulation mode, which does not properly clear TF and NT EFLAGs.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2002-11-22T00:00:00 RHSA-2002:263 Red Hat Linux 6.2 2002-11-25T00:00:00 RHSA-2002:264 Red Hat Linux 7.0 2002-11-25T00:00:00 RHSA-2002:264 Red Hat Linux 7.1 2002-11-16T00:00:00 RHSA-2002:262 Red Hat Linux 7.2 2002-11-16T00:00:00 RHSA-2002:262 Red Hat Linux 7.3 2002-11-16T00:00:00 RHSA-2002:262 Red Hat Linux 8.0 2002-11-16T00:00:00 RHSA-2002:262 https://www.cve.org/CVERecord?id=CVE-2002-1319 https://nvd.nist.gov/vuln/detail/CVE-2002-1319 Moderate 2002-11-07T00:00:00 security flaw

Pine 4.44 and earlier allows remote attackers to cause a denial of service (core dump and failed restart) via an email message with a From header that contains a large number of quotation marks (").

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2003-01-03T00:00:00 RHSA-2002:271 Red Hat Linux 6.2 2003-01-03T00:00:00 RHSA-2002:270 Red Hat Linux 7.0 2003-01-03T00:00:00 RHSA-2002:270 Red Hat Linux 7.1 2003-01-03T00:00:00 RHSA-2002:270 Red Hat Linux 7.2 2003-01-03T00:00:00 RHSA-2002:270 Red Hat Linux 7.3 2003-01-03T00:00:00 RHSA-2002:270 Red Hat Linux 8.0 2003-01-03T00:00:00 RHSA-2002:270 Red Hat Linux Advanced Workstation 2.1 2003-01-03T00:00:00 RHSA-2002:271 https://www.cve.org/CVERecord?id=CVE-2002-1320 https://nvd.nist.gov/vuln/detail/CVE-2002-1320 Moderate 2002-10-04T00:00:00 security flaw

Safe.pm 2.0.7 and earlier, when used in Perl 5.8.0 and earlier, may allow attackers to break out of safe compartments in (1) Safe::reval or (2) Safe::rdo using a redefined @_ variable, which is not reset between successive calls.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2003-09-22T00:00:00 RHSA-2003:257 Red Hat Enterprise Linux ES version 2.1 2003-09-22T00:00:00 RHSA-2003:257 Red Hat Enterprise Linux WS version 2.1 2003-09-22T00:00:00 RHSA-2003:257 Red Hat Linux 7.1 2003-09-22T00:00:00 RHSA-2003:256 Red Hat Linux 7.2 2003-09-22T00:00:00 RHSA-2003:256 Red Hat Linux 7.3 2003-09-22T00:00:00 RHSA-2003:256 Red Hat Linux 8.0 2003-09-22T00:00:00 RHSA-2003:256 Red Hat Linux 9 2003-09-22T00:00:00 RHSA-2003:256 Red Hat Linux Advanced Workstation 2.1 2003-09-22T00:00:00 RHSA-2003:257 https://www.cve.org/CVERecord?id=CVE-2002-1323 https://nvd.nist.gov/vuln/detail/CVE-2002-1323 Moderate 2002-11-27T00:00:00 security flaw

Cross-site scripting (XSS) vulnerability in w3m 0.3.2 does not escape an HTML tag in a frame, which allows remote attackers to insert arbitrary web script or HTML and access files or cookies.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2003-02-06T00:00:00 RHSA-2003:045 Red Hat Linux 7.0j 2003-02-07T00:00:00 RHSA-2003:044 Red Hat Linux 7.2 2003-02-07T00:00:00 RHSA-2003:044 Red Hat Linux 7.3 2003-02-07T00:00:00 RHSA-2003:044 Red Hat Linux 8.0 2003-02-07T00:00:00 RHSA-2003:044 Red Hat Linux Advanced Workstation 2.1 2003-02-06T00:00:00 RHSA-2003:045 https://www.cve.org/CVERecord?id=CVE-2002-1335 https://nvd.nist.gov/vuln/detail/CVE-2002-1335 Moderate 2002-07-26T00:00:00 security flaw

TightVNC before 1.2.6 generates the same challenge string for multiple connections, which allows remote attackers to bypass VNC authentication by sniffing the challenge and response of other users.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2003-01-16T00:00:00 RHSA-2002:287 Red Hat Linux 7.0 2003-02-21T00:00:00 RHSA-2003:041 Red Hat Linux 7.1 2003-02-21T00:00:00 RHSA-2003:041 Red Hat Linux 7.2 2003-02-21T00:00:00 RHSA-2003:041 Red Hat Linux 7.3 2003-02-21T00:00:00 RHSA-2003:041 Red Hat Linux 8.0 2003-02-21T00:00:00 RHSA-2003:041 https://www.cve.org/CVERecord?id=CVE-2002-1336 https://nvd.nist.gov/vuln/detail/CVE-2002-1336 Critical 2003-03-03T00:00:00 security flaw

Buffer overflow in Sendmail 5.79 to 8.12.7 allows remote attackers to execute arbitrary code via certain formatted address fields, related to sender and recipient header comments as processed by the crackaddr function of headers.c.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2003-03-03T00:00:00 RHSA-2003:074 Red Hat Enterprise Linux ES version 2.1 2003-03-03T00:00:00 RHSA-2003:074 Red Hat Enterprise Linux WS version 2.1 2003-03-03T00:00:00 RHSA-2003:074 Red Hat Linux 6.2 2003-03-03T00:00:00 RHSA-2003:073 Red Hat Linux 7.0 2003-03-03T00:00:00 RHSA-2003:073 Red Hat Linux 7.1 2003-03-03T00:00:00 RHSA-2003:073 Red Hat Linux 7.1 2003-07-08T00:00:00 RHSA-2003:227 Red Hat Linux 7.2 2003-03-03T00:00:00 RHSA-2003:073 Red Hat Linux 7.3 2003-03-03T00:00:00 RHSA-2003:073 Red Hat Linux 8.0 2003-03-03T00:00:00 RHSA-2003:073 Red Hat Linux Advanced Workstation 2.1 2003-03-03T00:00:00 RHSA-2003:074 https://www.cve.org/CVERecord?id=CVE-2002-1337 https://nvd.nist.gov/vuln/detail/CVE-2002-1337 2002-12-03T00:00:00 security flaw

Cross-site scripting (XSS) vulnerability in read_body.php for SquirrelMail 1.2.10, 1.2.9, and earlier allows remote attackers to insert script and HTML via the (1) mailbox and (2) passed_id parameters.

Red Hat Linux 8.0 2003-03-05T00:00:00 RHSA-2003:042 https://www.cve.org/CVERecord?id=CVE-2002-1341 https://nvd.nist.gov/vuln/detail/CVE-2002-1341 Moderate 2002-12-10T00:00:00 security flaw

Directory traversal vulnerability in wget before 1.8.2-4 allows a remote FTP server to create or overwrite files as the wget user via filenames containing (1) /absolute/path or (2) .. (dot dot) sequences.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2002-12-10T00:00:00 RHSA-2002:256 Red Hat Linux 6.2 2002-12-10T00:00:00 RHSA-2002:229 Red Hat Linux 7.0 2002-12-10T00:00:00 RHSA-2002:229 Red Hat Linux 7.1 2002-12-10T00:00:00 RHSA-2002:229 Red Hat Linux 7.2 2002-12-10T00:00:00 RHSA-2002:229 Red Hat Linux 7.3 2002-12-10T00:00:00 RHSA-2002:229 Red Hat Linux 8.0 2002-12-10T00:00:00 RHSA-2002:229 Red Hat Linux Advanced Workstation 2.1 2002-12-10T00:00:00 RHSA-2002:256 https://www.cve.org/CVERecord?id=CVE-2002-1344 https://nvd.nist.gov/vuln/detail/CVE-2002-1344 2002-12-09T00:00:00 security flaw

Multiple buffer overflows in Cyrus SASL library 2.1.9 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) long inputs during user name canonicalization, (2) characters that need to be escaped during LDAP authentication using saslauthd, or (3) an off-by-one error in the log writer, which does not allocate space for the null character that terminates a string.

Red Hat Linux 8.0 2003-01-07T00:00:00 RHSA-2002:283 https://www.cve.org/CVERecord?id=CVE-2002-1347 https://nvd.nist.gov/vuln/detail/CVE-2002-1347 2002-11-27T00:00:00 security flaw

w3m before 0.3.2.2 does not properly escape HTML tags in the ALT attribute of an IMG tag, which could allow remote attackers to access files or cookies.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2003-02-06T00:00:00 RHSA-2003:045 Red Hat Linux 7.0j 2003-02-07T00:00:00 RHSA-2003:044 Red Hat Linux 7.2 2003-02-07T00:00:00 RHSA-2003:044 Red Hat Linux 7.3 2003-02-07T00:00:00 RHSA-2003:044 Red Hat Linux 8.0 2003-02-07T00:00:00 RHSA-2003:044 Red Hat Linux Advanced Workstation 2.1 2003-02-06T00:00:00 RHSA-2003:045 https://www.cve.org/CVERecord?id=CVE-2002-1348 https://nvd.nist.gov/vuln/detail/CVE-2002-1348 2001-10-15T00:00:00 security flaw

The BGP decoding routines in tcpdump 3.6.x before 3.7 do not properly copy data, which allows remote attackers to cause a denial of service (application crash).

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2003-02-26T00:00:00 RHSA-2003:033 Red Hat Linux 7.1 2003-04-23T00:00:00 RHSA-2003:032 Red Hat Linux 7.1 2003-06-30T00:00:00 RHSA-2003:214 Red Hat Linux 7.2 2003-04-23T00:00:00 RHSA-2003:032 Red Hat Linux 7.3 2003-04-23T00:00:00 RHSA-2003:032 Red Hat Linux 8.0 2003-04-23T00:00:00 RHSA-2003:032 Red Hat Linux Advanced Workstation 2.1 2003-02-26T00:00:00 RHSA-2003:033 https://www.cve.org/CVERecord?id=CVE-2002-1350 https://nvd.nist.gov/vuln/detail/CVE-2002-1350 Low 2002-12-07T00:00:00 security flaw

Multiple integer signedness errors in the BGP dissector in Ethereal 0.9.7 and earlier allow remote attackers to cause a denial of service (infinite loop) via malformed messages.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2003-01-29T00:00:00 RHSA-2002:291 Red Hat Linux 7.2 2003-01-09T00:00:00 RHSA-2002:290 Red Hat Linux 7.3 2003-01-09T00:00:00 RHSA-2002:290 Red Hat Linux 8.0 2003-01-09T00:00:00 RHSA-2002:290 Red Hat Linux Advanced Workstation 2.1 2003-01-29T00:00:00 RHSA-2002:291 https://www.cve.org/CVERecord?id=CVE-2002-1355 https://nvd.nist.gov/vuln/detail/CVE-2002-1355 Moderate 2002-12-07T00:00:00 security flaw

Ethereal 0.9.7 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via malformed packets to the (1) LMP, (2) PPP, or (3) TDS dissectors, possibly related to a missing field for EndVerifyAck messages.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2003-01-29T00:00:00 RHSA-2002:291 Red Hat Linux 7.2 2003-01-09T00:00:00 RHSA-2002:290 Red Hat Linux 7.3 2003-01-09T00:00:00 RHSA-2002:290 Red Hat Linux 8.0 2003-01-09T00:00:00 RHSA-2002:290 Red Hat Linux Advanced Workstation 2.1 2003-01-29T00:00:00 RHSA-2002:291 https://www.cve.org/CVERecord?id=CVE-2002-1356 https://nvd.nist.gov/vuln/detail/CVE-2002-1356 2002-11-03T00:00:00 security flaw

mICQ 0.4.9 and earlier allows remote attackers to cause a denial of service (crash) via malformed ICQ message types without a 0xFE separator character.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2003-04-28T00:00:00 RHSA-2003:119 Red Hat Enterprise Linux ES version 2.1 2003-04-28T00:00:00 RHSA-2003:119 Red Hat Enterprise Linux WS version 2.1 2003-04-28T00:00:00 RHSA-2003:119 Red Hat Linux 7.2 2003-04-24T00:00:00 RHSA-2003:118 Red Hat Linux 7.3 2003-04-24T00:00:00 RHSA-2003:118 Red Hat Linux Advanced Workstation 2.1 2003-04-28T00:00:00 RHSA-2003:119 https://www.cve.org/CVERecord?id=CVE-2002-1362 https://nvd.nist.gov/vuln/detail/CVE-2002-1362 Important 2002-12-19T00:00:00 security flaw

Portable Network Graphics (PNG) library libpng 1.2.5 and earlier does not correctly calculate offsets, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a buffer overflow attack on the row buffers.

Red Hat Enterprise Linux 3 2004-06-18T00:00:00 RHSA-2004:249 libpng-2:1.2.2-24 Red Hat Enterprise Linux 3 2004-06-18T00:00:00 RHSA-2004:249 libpng10-0:1.0.13-14 Red Hat Enterprise Linux 3 2004-08-04T00:00:00 RHSA-2004:402 libpng-2:1.2.2-25 Red Hat Enterprise Linux 3 2004-08-04T00:00:00 RHSA-2004:402 libpng10-0:1.0.13-15 Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2003-01-29T00:00:00 RHSA-2003:007 Red Hat Linux 6.2 2003-01-13T00:00:00 RHSA-2003:006 Red Hat Linux 7.0 2003-01-13T00:00:00 RHSA-2003:006 Red Hat Linux 7.1 2003-01-13T00:00:00 RHSA-2003:006 Red Hat Linux 7.1 2003-04-24T00:00:00 RHSA-2003:157 Red Hat Linux 7.2 2003-01-13T00:00:00 RHSA-2003:006 Red Hat Linux 7.3 2003-01-13T00:00:00 RHSA-2003:006 Red Hat Linux 8.0 2003-01-13T00:00:00 RHSA-2003:006 Red Hat Linux Advanced Workstation 2.1 2003-01-29T00:00:00 RHSA-2003:007 https://www.cve.org/CVERecord?id=CVE-2002-1363 https://nvd.nist.gov/vuln/detail/CVE-2002-1363 Critical 2002-12-13T00:00:00 security flaw

Heap-based buffer overflow in Fetchmail 6.1.3 and earlier does not account for the "@" character when determining buffer lengths for local addresses, which allows remote attackers to execute arbitrary code via a header with a large number of local addresses.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2002-12-17T00:00:00 RHSA-2002:294 Red Hat Linux 6.2 2002-12-17T00:00:00 RHSA-2002:293 Red Hat Linux 7.0 2002-12-17T00:00:00 RHSA-2002:293 Red Hat Linux 7.1 2002-12-17T00:00:00 RHSA-2002:293 Red Hat Linux 7.1 2003-04-24T00:00:00 RHSA-2003:155 Red Hat Linux 7.2 2002-12-17T00:00:00 RHSA-2002:293 Red Hat Linux 7.3 2002-12-17T00:00:00 RHSA-2002:293 Red Hat Linux 8.0 2002-12-17T00:00:00 RHSA-2002:293 Red Hat Linux Advanced Workstation 2.1 2002-12-17T00:00:00 RHSA-2002:294 https://www.cve.org/CVERecord?id=CVE-2002-1365 https://nvd.nist.gov/vuln/detail/CVE-2002-1365 2002-12-19T00:00:00 security flaw

Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 allows local users with lp privileges to create or overwrite arbitrary files via file race conditions, as demonstrated by ice-cream.

Red Hat Linux 7.3 2003-01-13T00:00:00 RHSA-2002:295 Red Hat Linux 8.0 2003-01-13T00:00:00 RHSA-2002:295 https://www.cve.org/CVERecord?id=CVE-2002-1366 https://nvd.nist.gov/vuln/detail/CVE-2002-1366 2002-12-19T00:00:00 security flaw

Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 allows remote attackers to add printers without authentication via a certain UDP packet, which can then be used to perform unauthorized activities such as stealing the local root certificate for the administration server via a "need authorization" page, as demonstrated by new-coke.

Red Hat Linux 7.3 2003-01-13T00:00:00 RHSA-2002:295 Red Hat Linux 8.0 2003-01-13T00:00:00 RHSA-2002:295 https://www.cve.org/CVERecord?id=CVE-2002-1367 https://nvd.nist.gov/vuln/detail/CVE-2002-1367 2002-12-19T00:00:00 security flaw

Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by causing negative arguments to be fed into memcpy() calls via HTTP requests with (1) a negative Content-Length value or (2) a negative length in a chunked transfer encoding.

Red Hat Linux 7.3 2003-01-13T00:00:00 RHSA-2002:295 Red Hat Linux 8.0 2003-01-13T00:00:00 RHSA-2002:295 https://www.cve.org/CVERecord?id=CVE-2002-1368 https://nvd.nist.gov/vuln/detail/CVE-2002-1368 2002-12-19T00:00:00 security flaw

jobs.c in Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 does not properly use the strncat function call when processing the options string, which allows remote attackers to execute arbitrary code via a buffer overflow attack.

Red Hat Linux 7.3 2003-01-13T00:00:00 RHSA-2002:295 Red Hat Linux 8.0 2003-01-13T00:00:00 RHSA-2002:295 https://www.cve.org/CVERecord?id=CVE-2002-1369 https://nvd.nist.gov/vuln/detail/CVE-2002-1369 2002-12-19T00:00:00 security flaw

filters/image-gif.c in Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 does not properly check for zero-length GIF images, which allows remote attackers to execute arbitrary code via modified chunk headers, as demonstrated by nogif.

Red Hat Linux 7.3 2003-01-13T00:00:00 RHSA-2002:295 Red Hat Linux 8.0 2003-01-13T00:00:00 RHSA-2002:295 https://www.cve.org/CVERecord?id=CVE-2002-1371 https://nvd.nist.gov/vuln/detail/CVE-2002-1371 Important 2002-12-19T00:00:00 security flaw

Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 does not properly check the return values of various file and socket operations, which could allow a remote attacker to cause a denial of service (resource exhaustion) by causing file descriptors to be assigned and not released, as demonstrated by fanta.

Red Hat Linux 7.3 2003-01-13T00:00:00 RHSA-2002:295 Red Hat Linux 8.0 2003-01-13T00:00:00 RHSA-2002:295 https://www.cve.org/CVERecord?id=CVE-2002-1372 https://nvd.nist.gov/vuln/detail/CVE-2002-1372 Moderate 2002-12-12T00:00:00 security flaw

Signed integer vulnerability in the COM_TABLE_DUMP package for MySQL 3.23.x before 3.23.54 allows remote attackers to cause a denial of service (crash or hang) in mysqld by causing large negative integers to be provided to a memcpy call.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2003-01-06T00:00:00 RHSA-2002:289 Red Hat Linux 7.0 2003-01-15T00:00:00 RHSA-2002:288 Red Hat Linux 7.1 2003-01-15T00:00:00 RHSA-2002:288 Red Hat Linux 7.1 2003-05-15T00:00:00 RHSA-2003:166 Red Hat Linux 7.2 2003-01-15T00:00:00 RHSA-2002:288 Red Hat Linux 7.3 2003-01-15T00:00:00 RHSA-2002:288 Red Hat Linux 8.0 2003-01-15T00:00:00 RHSA-2002:288 Red Hat Linux Advanced Workstation 2.1 2003-01-06T00:00:00 RHSA-2002:289 https://www.cve.org/CVERecord?id=CVE-2002-1373 https://nvd.nist.gov/vuln/detail/CVE-2002-1373 Important 2002-12-12T00:00:00 security flaw

The COM_CHANGE_USER command in MySQL 3.x before 3.23.54, and 4.x before 4.0.6, allows remote attackers to gain privileges via a brute force attack using a one-character password, which causes MySQL to only compare the provided password against the first character of the real password.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2003-01-06T00:00:00 RHSA-2002:289 Red Hat Linux 7.0 2003-01-15T00:00:00 RHSA-2002:288 Red Hat Linux 7.1 2003-01-15T00:00:00 RHSA-2002:288 Red Hat Linux 7.1 2003-05-15T00:00:00 RHSA-2003:166 Red Hat Linux 7.2 2003-01-15T00:00:00 RHSA-2002:288 Red Hat Linux 7.3 2003-01-15T00:00:00 RHSA-2002:288 Red Hat Linux 8.0 2003-01-15T00:00:00 RHSA-2002:288 Red Hat Linux Advanced Workstation 2.1 2003-01-06T00:00:00 RHSA-2002:289 https://www.cve.org/CVERecord?id=CVE-2002-1374 https://nvd.nist.gov/vuln/detail/CVE-2002-1374 Moderate 2002-12-12T00:00:00 security flaw

The COM_CHANGE_USER command in MySQL 3.x before 3.23.54, and 4.x to 4.0.6, allows remote attackers to execute arbitrary code via a long response.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2003-01-06T00:00:00 RHSA-2002:289 Red Hat Linux 7.0 2003-01-15T00:00:00 RHSA-2002:288 Red Hat Linux 7.1 2003-01-15T00:00:00 RHSA-2002:288 Red Hat Linux 7.1 2003-05-15T00:00:00 RHSA-2003:166 Red Hat Linux 7.2 2003-01-15T00:00:00 RHSA-2002:288 Red Hat Linux 7.3 2003-01-15T00:00:00 RHSA-2002:288 Red Hat Linux 8.0 2003-01-15T00:00:00 RHSA-2002:288 Red Hat Linux Advanced Workstation 2.1 2003-01-06T00:00:00 RHSA-2002:289 https://www.cve.org/CVERecord?id=CVE-2002-1375 https://nvd.nist.gov/vuln/detail/CVE-2002-1375 Important 2002-12-12T00:00:00 security flaw

libmysqlclient client library in MySQL 3.x to 3.23.54, and 4.x to 4.0.6, does not properly verify length fields for certain responses in the (1) read_rows or (2) read_one_row routines, which allows remote attackers to cause a denial of service and possibly execute arbitrary code.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2003-01-06T00:00:00 RHSA-2002:289 Red Hat Linux 7.0 2003-01-15T00:00:00 RHSA-2002:288 Red Hat Linux 7.1 2003-01-15T00:00:00 RHSA-2002:288 Red Hat Linux 7.1 2003-05-15T00:00:00 RHSA-2003:166 Red Hat Linux 7.2 2003-01-15T00:00:00 RHSA-2002:288 Red Hat Linux 7.3 2003-01-15T00:00:00 RHSA-2002:288 Red Hat Linux 8.0 2003-01-15T00:00:00 RHSA-2002:288 Red Hat Linux Advanced Workstation 2.1 2003-01-06T00:00:00 RHSA-2002:289 Red Hat Stronghold 3 2003-03-18T00:00:00 RHSA-2003:104 Red Hat Stronghold 4 2003-03-03T00:00:00 RHSA-2003:082 https://www.cve.org/CVERecord?id=CVE-2002-1376 https://nvd.nist.gov/vuln/detail/CVE-2002-1376 Important 2002-12-12T00:00:00 security flaw

vim 6.0 and 6.1, and possibly other versions, allows attackers to execute arbitrary commands using the libcall feature in modelines, which are not sandboxed but may be executed when vim is used to edit a malicious file, as demonstrated using mutt.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2003-01-29T00:00:00 RHSA-2002:302 Red Hat Linux 6.2 2003-01-16T00:00:00 RHSA-2002:297 Red Hat Linux 7.0 2003-01-16T00:00:00 RHSA-2002:297 Red Hat Linux 7.1 2003-01-16T00:00:00 RHSA-2002:297 Red Hat Linux 7.2 2003-01-16T00:00:00 RHSA-2002:297 Red Hat Linux 7.3 2003-01-16T00:00:00 RHSA-2002:297 Red Hat Linux 8.0 2003-01-16T00:00:00 RHSA-2002:297 Red Hat Linux Advanced Workstation 2.1 2003-01-29T00:00:00 RHSA-2002:302 https://www.cve.org/CVERecord?id=CVE-2002-1377 https://nvd.nist.gov/vuln/detail/CVE-2002-1377 Critical 2002-12-06T00:00:00 security flaw

Multiple buffer overflows in OpenLDAP2 (OpenLDAP 2) 2.2.0 and earlier allow remote attackers to execute arbitrary code via (1) long -t or -r parameters to slurpd, (2) a malicious ldapfilter.conf file that is not properly handled by getfilter functions, (3) a malicious ldaptemplates.conf that causes an overflow in libldap, (4) a certain access control list that causes an overflow in slapd, or (5) a long generated filename for logging rejected replication requests.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2003-01-15T00:00:00 RHSA-2002:312 Red Hat Linux 6.2 2003-02-06T00:00:00 RHSA-2003:040 Red Hat Linux 7.0 2003-02-06T00:00:00 RHSA-2003:040 Red Hat Linux 7.1 2003-02-06T00:00:00 RHSA-2003:040 Red Hat Linux 7.1 2003-07-07T00:00:00 RHSA-2003:208 Red Hat Linux 7.2 2003-02-06T00:00:00 RHSA-2003:040 Red Hat Linux 7.3 2003-02-06T00:00:00 RHSA-2003:040 Red Hat Linux 8.0 2003-02-06T00:00:00 RHSA-2003:040 Red Hat Linux Advanced Workstation 2.1 2003-01-15T00:00:00 RHSA-2002:312 https://www.cve.org/CVERecord?id=CVE-2002-1378 https://nvd.nist.gov/vuln/detail/CVE-2002-1378 Critical 2002-12-06T00:00:00 security flaw

OpenLDAP2 (OpenLDAP 2) 2.2.0 and earlier allows remote or local attackers to execute arbitrary code when libldap reads the .ldaprc file within applications that are running with extra privileges.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2003-01-15T00:00:00 RHSA-2002:312 Red Hat Linux 6.2 2003-02-06T00:00:00 RHSA-2003:040 Red Hat Linux 7.0 2003-02-06T00:00:00 RHSA-2003:040 Red Hat Linux 7.1 2003-02-06T00:00:00 RHSA-2003:040 Red Hat Linux 7.1 2003-07-07T00:00:00 RHSA-2003:208 Red Hat Linux 7.2 2003-02-06T00:00:00 RHSA-2003:040 Red Hat Linux 7.3 2003-02-06T00:00:00 RHSA-2003:040 Red Hat Linux 8.0 2003-02-06T00:00:00 RHSA-2003:040 Red Hat Linux Advanced Workstation 2.1 2003-01-15T00:00:00 RHSA-2002:312 https://www.cve.org/CVERecord?id=CVE-2002-1379 https://nvd.nist.gov/vuln/detail/CVE-2002-1379 2002-12-17T00:00:00 security flaw

Linux kernel 2.2.x allows local users to cause a denial of service (crash) by using the mmap() function with a PROT_READ parameter to access non-readable memory pages through the /proc/pid/mem interface.

Red Hat Linux 6.2 2003-03-20T00:00:00 RHSA-2003:088 Red Hat Linux 7.0 2003-03-20T00:00:00 RHSA-2003:088 https://www.cve.org/CVERecord?id=CVE-2002-1380 https://nvd.nist.gov/vuln/detail/CVE-2002-1380 2002-12-19T00:00:00 security flaw

Multiple integer overflows in Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 allow remote attackers to execute arbitrary code via (1) the CUPSd HTTP interface, as demonstrated by vanilla-coke, and (2) the image handling code in CUPS filters, as demonstrated by mksun.

Red Hat Linux 7.3 2003-01-13T00:00:00 RHSA-2002:295 Red Hat Linux 8.0 2003-01-13T00:00:00 RHSA-2002:295 https://www.cve.org/CVERecord?id=CVE-2002-1383 https://nvd.nist.gov/vuln/detail/CVE-2002-1383 Important 2002-12-23T00:00:00 security flaw

Integer overflow in pdftops, as used in Xpdf 2.01 and earlier, xpdf-i, and CUPS before 1.1.18, allows local users to execute arbitrary code via a ColorSpace entry with a large number of elements, as demonstrated by cups-pdf.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2003-01-30T00:00:00 RHSA-2002:307 Red Hat Linux 6.2 2003-02-06T00:00:00 RHSA-2003:037 Red Hat Linux 7.0 2003-02-06T00:00:00 RHSA-2003:037 Red Hat Linux 7.1 2003-02-06T00:00:00 RHSA-2003:037 Red Hat Linux 7.1 2003-06-30T00:00:00 RHSA-2003:216 Red Hat Linux 7.2 2003-02-06T00:00:00 RHSA-2003:037 Red Hat Linux 7.3 2003-01-13T00:00:00 RHSA-2002:295 Red Hat Linux 7.3 2003-02-06T00:00:00 RHSA-2003:037 Red Hat Linux 8.0 2003-01-13T00:00:00 RHSA-2002:295 Red Hat Linux 8.0 2003-02-06T00:00:00 RHSA-2003:037 Red Hat Linux Advanced Workstation 2.1 2003-01-30T00:00:00 RHSA-2002:307 https://www.cve.org/CVERecord?id=CVE-2002-1384 https://nvd.nist.gov/vuln/detail/CVE-2002-1384 Low 2002-11-25T00:00:00 security flaw

Buffer overflow in cnd-program for mgetty before 1.1.29 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a Caller ID string with a long CallerName argument.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2003-02-11T00:00:00 RHSA-2003:008 Red Hat Linux 7.1 2003-04-08T00:00:00 RHSA-2003:036 Red Hat Linux 7.2 2003-04-08T00:00:00 RHSA-2003:036 Red Hat Linux 7.3 2003-04-08T00:00:00 RHSA-2003:036 Red Hat Linux 8.0 2003-04-08T00:00:00 RHSA-2003:036 Red Hat Linux Advanced Workstation 2.1 2003-02-11T00:00:00 RHSA-2003:008 https://www.cve.org/CVERecord?id=CVE-2002-1391 https://nvd.nist.gov/vuln/detail/CVE-2002-1391 Low 2002-11-25T00:00:00 security flaw

faxspool in mgetty before 1.1.29 uses a world-writable spool directory for outgoing faxes, which allows local users to modify fax transmission privileges.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2003-02-11T00:00:00 RHSA-2003:008 Red Hat Linux 7.1 2003-04-08T00:00:00 RHSA-2003:036 Red Hat Linux 7.2 2003-04-08T00:00:00 RHSA-2003:036 Red Hat Linux 7.3 2003-04-08T00:00:00 RHSA-2003:036 Red Hat Linux 8.0 2003-04-08T00:00:00 RHSA-2003:036 Red Hat Linux Advanced Workstation 2.1 2003-02-11T00:00:00 RHSA-2003:008 https://www.cve.org/CVERecord?id=CVE-2002-1392 https://nvd.nist.gov/vuln/detail/CVE-2002-1392 Important 2002-12-20T00:00:00 security flaw

Multiple vulnerabilities in KDE 2 and KDE 3.x through 3.0.5 do not quote certain parameters that are inserted into a shell command, which could allow remote attackers to execute arbitrary commands via (1) URLs, (2) filenames, or (3) e-mail addresses.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2003-02-17T00:00:00 RHSA-2003:003 Red Hat Linux 7.1 2003-05-12T00:00:00 RHSA-2003:002 Red Hat Linux 7.2 2003-05-12T00:00:00 RHSA-2003:002 Red Hat Linux 7.3 2003-05-12T00:00:00 RHSA-2003:002 Red Hat Linux 8.0 2003-05-12T00:00:00 RHSA-2003:002 Red Hat Linux 9 2003-05-12T00:00:00 RHSA-2003:002 Red Hat Linux Advanced Workstation 2.1 2003-02-17T00:00:00 RHSA-2003:003 https://www.cve.org/CVERecord?id=CVE-2002-1393 https://nvd.nist.gov/vuln/detail/CVE-2002-1393 2002-10-09T00:00:00 security flaw

Apache Tomcat 4.0.5 and earlier, when using both the invoker servlet and the default servlet, allows remote attackers to read source code for server files or bypass certain protections, a variant of CAN-2002-1148.

Red Hat Stronghold 4 2003-03-03T00:00:00 RHSA-2003:082 Stronghold 4 for Red Hat Enterprise Linux 2003-04-09T00:00:00 RHSA-2003:075 https://www.cve.org/CVERecord?id=CVE-2002-1394 https://nvd.nist.gov/vuln/detail/CVE-2002-1394 2002-10-28T00:00:00 security flaw

Internet Message (IM) 141-18 and earlier uses predictable file and directory names, which allows local users to (1) obtain unauthorized directory permissions via a temporary directory used by impwagent, and (2) overwrite and create arbitrary files via immknmz.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2003-02-26T00:00:00 RHSA-2003:038 Red Hat Enterprise Linux ES version 2.1 2003-02-26T00:00:00 RHSA-2003:038 Red Hat Enterprise Linux WS version 2.1 2003-02-26T00:00:00 RHSA-2003:038 Red Hat Linux 7.0 2003-03-06T00:00:00 RHSA-2003:039 Red Hat Linux 7.1 2003-03-06T00:00:00 RHSA-2003:039 Red Hat Linux 7.2 2003-03-06T00:00:00 RHSA-2003:039 Red Hat Linux 7.3 2003-03-06T00:00:00 RHSA-2003:039 Red Hat Linux 8.0 2003-03-06T00:00:00 RHSA-2003:039 Red Hat Linux Advanced Workstation 2.1 2003-02-26T00:00:00 RHSA-2003:038 https://www.cve.org/CVERecord?id=CVE-2002-1395 https://nvd.nist.gov/vuln/detail/CVE-2002-1395 2002-12-10T00:00:00 security flaw

Heap-based buffer overflow in the wordwrap function in PHP after 4.1.2 and before 4.3.0 may allow attackers to cause a denial of service or execute arbitrary code.

Red Hat Linux 8.0 2003-02-05T00:00:00 RHSA-2003:017 https://www.cve.org/CVERecord?id=CVE-2002-1396 https://nvd.nist.gov/vuln/detail/CVE-2002-1396 Important 2002-08-19T00:00:00 security flaw

Vulnerability in the cash_words() function for PostgreSQL 7.2 and earlier allows local users to cause a denial of service and possibly execute arbitrary code via a large negative argument, possibly triggering an integer signedness error or buffer overflow.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2003-01-22T00:00:00 RHSA-2002:301 Red Hat Linux 6.2 2003-01-14T00:00:00 RHSA-2003:010 Red Hat Linux 7.0 2003-01-14T00:00:00 RHSA-2003:010 Red Hat Linux 7.1 2003-01-14T00:00:00 RHSA-2003:010 Red Hat Linux 7.2 2003-01-14T00:00:00 RHSA-2003:010 Red Hat Linux 7.3 2003-01-14T00:00:00 RHSA-2003:001 Red Hat Linux 8.0 2003-01-14T00:00:00 RHSA-2003:001 Red Hat Linux Advanced Workstation 2.1 2003-01-22T00:00:00 RHSA-2002:301 https://www.cve.org/CVERecord?id=CVE-2002-1397 https://nvd.nist.gov/vuln/detail/CVE-2002-1397 Important 2002-08-19T00:00:00 security flaw

Buffer overflow in the date parser for PostgreSQL before 7.2.2 allows attackers to cause a denial of service and possibly execute arbitrary code via a long date string, aka a vulnerability "in handling long datetime input."

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2003-01-22T00:00:00 RHSA-2002:301 Red Hat Linux 6.2 2003-01-14T00:00:00 RHSA-2003:010 Red Hat Linux 7.0 2003-01-14T00:00:00 RHSA-2003:010 Red Hat Linux 7.1 2003-01-14T00:00:00 RHSA-2003:010 Red Hat Linux 7.2 2003-01-14T00:00:00 RHSA-2003:010 Red Hat Linux 7.3 2003-01-14T00:00:00 RHSA-2003:001 Red Hat Linux 8.0 2003-01-14T00:00:00 RHSA-2003:001 Red Hat Linux Advanced Workstation 2.1 2003-01-22T00:00:00 RHSA-2002:301 https://www.cve.org/CVERecord?id=CVE-2002-1398 https://nvd.nist.gov/vuln/detail/CVE-2002-1398 Important 2002-08-20T00:00:00 security flaw

Heap-based buffer overflow in the repeat() function for PostgreSQL before 7.2.2 allows attackers to execute arbitrary code by causing repeat() to generate a large string.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2003-01-22T00:00:00 RHSA-2002:301 Red Hat Linux 6.2 2003-01-14T00:00:00 RHSA-2003:010 Red Hat Linux 7.0 2003-01-14T00:00:00 RHSA-2003:010 Red Hat Linux 7.1 2003-01-14T00:00:00 RHSA-2003:010 Red Hat Linux 7.2 2003-01-14T00:00:00 RHSA-2003:010 Red Hat Linux 7.3 2003-01-14T00:00:00 RHSA-2003:001 Red Hat Linux 8.0 2003-01-14T00:00:00 RHSA-2003:001 Red Hat Linux Advanced Workstation 2.1 2003-01-22T00:00:00 RHSA-2002:301 https://www.cve.org/CVERecord?id=CVE-2002-1400 https://nvd.nist.gov/vuln/detail/CVE-2002-1400 Moderate 2002-08-28T00:00:00 security flaw

Buffer overflows in (1) circle_poly, (2) path_encode and (3) path_add (also incorrectly identified as path_addr) for PostgreSQL 7.2.3 and earlier allow attackers to cause a denial of service and possibly execute arbitrary code, possibly as a result of an integer overflow.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2003-01-22T00:00:00 RHSA-2002:301 Red Hat Linux 6.2 2003-01-14T00:00:00 RHSA-2003:010 Red Hat Linux 7.0 2003-01-14T00:00:00 RHSA-2003:010 Red Hat Linux 7.1 2003-01-14T00:00:00 RHSA-2003:010 Red Hat Linux 7.2 2003-01-14T00:00:00 RHSA-2003:010 Red Hat Linux 7.3 2003-01-14T00:00:00 RHSA-2003:001 Red Hat Linux 8.0 2003-01-14T00:00:00 RHSA-2003:001 Red Hat Linux Advanced Workstation 2.1 2003-01-22T00:00:00 RHSA-2002:301 https://www.cve.org/CVERecord?id=CVE-2002-1401 https://nvd.nist.gov/vuln/detail/CVE-2002-1401 2002-08-28T00:00:00 security flaw

Buffer overflows in the (1) TZ and (2) SET TIME ZONE enivronment variables for PostgreSQL 7.2.1 and earlier allow local users to cause a denial of service and possibly execute arbitrary code.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2003-01-22T00:00:00 RHSA-2002:301 Red Hat Linux 6.2 2003-01-14T00:00:00 RHSA-2003:010 Red Hat Linux 7.0 2003-01-14T00:00:00 RHSA-2003:010 Red Hat Linux 7.1 2003-01-14T00:00:00 RHSA-2003:010 Red Hat Linux 7.2 2003-01-14T00:00:00 RHSA-2003:010 Red Hat Linux 7.3 2003-01-14T00:00:00 RHSA-2003:001 Red Hat Linux 8.0 2003-01-14T00:00:00 RHSA-2003:001 Red Hat Linux Advanced Workstation 2.1 2003-01-22T00:00:00 RHSA-2002:301 https://www.cve.org/CVERecord?id=CVE-2002-1402 https://nvd.nist.gov/vuln/detail/CVE-2002-1402 Low 2002-08-19T00:00:00 security flaw

CRLF injection vulnerability in Lynx 2.8.4 and earlier allows remote attackers to inject false HTTP headers into an HTTP request that is provided on the command line, via a URL containing encoded carriage return, line feed, and other whitespace characters.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2003-02-21T00:00:00 RHSA-2003:030 Red Hat Linux 6.2 2003-02-12T00:00:00 RHSA-2003:029 Red Hat Linux 7.0 2003-02-12T00:00:00 RHSA-2003:029 Red Hat Linux 7.1 2003-02-12T00:00:00 RHSA-2003:029 Red Hat Linux 7.2 2003-02-12T00:00:00 RHSA-2003:029 Red Hat Linux 7.3 2003-02-12T00:00:00 RHSA-2003:029 Red Hat Linux 8.0 2003-02-12T00:00:00 RHSA-2003:029 Red Hat Linux Advanced Workstation 2.1 2003-02-21T00:00:00 RHSA-2003:030 https://www.cve.org/CVERecord?id=CVE-2002-1405 https://nvd.nist.gov/vuln/detail/CVE-2002-1405 Important 2002-08-08T00:00:00 security flaw

Macromedia Flash Plugin before 6,0,47,0 allows remote attackers to bypass the same-domain restriction and read arbitrary files via (1) an HTTP redirect, (2) a "file://" base in a web document, or (3) a relative URL from a web archive (mht file).

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2003-07-09T00:00:00 RHSA-2003:027 Red Hat Enterprise Linux ES version 2.1 2003-07-09T00:00:00 RHSA-2003:027 Red Hat Enterprise Linux WS version 2.1 2003-07-09T00:00:00 RHSA-2003:027 Red Hat Linux 7.1 2003-06-20T00:00:00 RHSA-2003:026 Red Hat Linux 7.2 2003-06-20T00:00:00 RHSA-2003:026 Red Hat Linux 7.3 2003-06-20T00:00:00 RHSA-2003:026 https://www.cve.org/CVERecord?id=CVE-2002-1467 https://nvd.nist.gov/vuln/detail/CVE-2002-1467 2002-09-18T00:00:00 security flaw

Untrusted search path vulnerability in libX11.so in xfree86, when used in setuid or setgid programs, allows local users to gain root privileges via a modified LD_PRELOAD environment variable that points to a malicious module.

Red Hat Linux 7.3 2003-06-25T00:00:00 RHSA-2003:066 Red Hat Linux 8.0 2003-06-25T00:00:00 RHSA-2003:067 https://www.cve.org/CVERecord?id=CVE-2002-1472 https://nvd.nist.gov/vuln/detail/CVE-2002-1472 Low 2002-12-06T00:00:00 security flaw

slapd in OpenLDAP2 (OpenLDAP 2) 2.2.0 and earlier allows local users to overwrite arbitrary files via a race condition during the creation of a log file for rejected replication requests.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2003-01-15T00:00:00 RHSA-2002:312 Red Hat Linux 6.2 2003-02-06T00:00:00 RHSA-2003:040 Red Hat Linux 7.0 2003-02-06T00:00:00 RHSA-2003:040 Red Hat Linux 7.1 2003-02-06T00:00:00 RHSA-2003:040 Red Hat Linux 7.1 2003-07-07T00:00:00 RHSA-2003:208 Red Hat Linux 7.2 2003-02-06T00:00:00 RHSA-2003:040 Red Hat Linux 7.3 2003-02-06T00:00:00 RHSA-2003:040 Red Hat Linux 8.0 2003-02-06T00:00:00 RHSA-2003:040 Red Hat Linux Advanced Workstation 2.1 2003-01-15T00:00:00 RHSA-2002:312 https://www.cve.org/CVERecord?id=CVE-2002-1508 https://nvd.nist.gov/vuln/detail/CVE-2002-1508 2002-10-08T00:00:00 security flaw

A patch for shadow-utils 20000902 causes the useradd command to create a mail spool files with read/write privileges of the new user's group (mode 660), which allows other users in the same group to read or modify the new user's incoming email.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2003-02-25T00:00:00 RHSA-2003:058 Red Hat Linux 7.2 2003-02-20T00:00:00 RHSA-2003:057 Red Hat Linux 7.3 2003-02-20T00:00:00 RHSA-2003:057 Red Hat Linux 8.0 2003-02-20T00:00:00 RHSA-2003:057 Red Hat Linux Advanced Workstation 2.1 2003-02-25T00:00:00 RHSA-2003:058 https://www.cve.org/CVERecord?id=CVE-2002-1509 https://nvd.nist.gov/vuln/detail/CVE-2002-1509 Important 2001-12-12T00:00:00 security flaw

xdm, with the authComplain variable set to false, allows arbitrary attackers to connect to the X server if the xdm auth directory does not exist.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2003-06-25T00:00:00 RHSA-2003:065 Red Hat Enterprise Linux ES version 2.1 2003-06-25T00:00:00 RHSA-2003:065 Red Hat Enterprise Linux WS version 2.1 2003-06-25T00:00:00 RHSA-2003:065 Red Hat Linux 7.1 2003-06-25T00:00:00 RHSA-2003:064 Red Hat Linux 7.2 2003-06-25T00:00:00 RHSA-2003:064 Red Hat Linux Advanced Workstation 2.1 2003-06-25T00:00:00 RHSA-2003:065 https://www.cve.org/CVERecord?id=CVE-2002-1510 https://nvd.nist.gov/vuln/detail/CVE-2002-1510 Moderate 2002-10-11T00:00:00 security flaw

The vncserver wrapper for vnc before 3.3.3r2-21 uses the rand() function instead of srand(), which causes vncserver to generate weak cookies.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2003-02-26T00:00:00 RHSA-2003:068 Red Hat Linux 7.0 2003-02-21T00:00:00 RHSA-2003:041 Red Hat Linux 7.1 2003-02-21T00:00:00 RHSA-2003:041 Red Hat Linux 7.2 2003-02-21T00:00:00 RHSA-2003:041 Red Hat Linux 7.3 2003-02-21T00:00:00 RHSA-2003:041 Red Hat Linux 8.0 2003-02-21T00:00:00 RHSA-2003:041 https://www.cve.org/CVERecord?id=CVE-2002-1511 https://nvd.nist.gov/vuln/detail/CVE-2002-1511 Important 2002-10-30T00:00:00 security flaw

stunnel 4.0.3 and earlier allows attackers to cause a denial of service (crash) via SIGCHLD signal handler race conditions that cause an inconsistency in the child counter.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2003-07-25T00:00:00 RHSA-2003:223 Red Hat Enterprise Linux ES version 2.1 2003-07-25T00:00:00 RHSA-2003:223 Red Hat Enterprise Linux WS version 2.1 2003-07-25T00:00:00 RHSA-2003:223 Red Hat Linux 7.1 2003-07-25T00:00:00 RHSA-2003:221 Red Hat Linux 7.1 2003-11-24T00:00:00 RHSA-2003:296 Red Hat Linux 7.2 2003-07-25T00:00:00 RHSA-2003:221 Red Hat Linux 7.2 2003-11-24T00:00:00 RHSA-2003:296 Red Hat Linux 7.3 2003-07-25T00:00:00 RHSA-2003:221 Red Hat Linux 7.3 2003-11-24T00:00:00 RHSA-2003:296 Red Hat Linux 8.0 2003-07-25T00:00:00 RHSA-2003:221 Red Hat Linux 8.0 2003-11-24T00:00:00 RHSA-2003:296 Red Hat Linux Advanced Workstation 2.1 2003-07-25T00:00:00 RHSA-2003:223 https://www.cve.org/CVERecord?id=CVE-2002-1563 https://nvd.nist.gov/vuln/detail/CVE-2002-1563 Low 2002-12-12T00:00:00 security flaw

Buffer overflow in url_filename function for wget 1.8.1 allows attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a long URL.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2003-12-10T00:00:00 RHSA-2003:372 Red Hat Enterprise Linux ES version 2.1 2003-12-10T00:00:00 RHSA-2003:372 Red Hat Enterprise Linux WS version 2.1 2003-12-10T00:00:00 RHSA-2003:372 Red Hat Linux Advanced Workstation 2.1 2003-12-10T00:00:00 RHSA-2003:372 https://www.cve.org/CVERecord?id=CVE-2002-1565 https://nvd.nist.gov/vuln/detail/CVE-2002-1565 Important 2003-10-02T00:00:00 security flaw

OpenSSL 0.9.6e uses assertions when detecting buffer overflow attacks instead of less severe mechanisms, which allows remote attackers to cause a denial of service (crash) via certain messages that cause OpenSSL to abort from a failed assertion, as demonstrated using SSLv2 CLIENT_MASTER_KEY messages, which are not properly handled in s2_srvr.c.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2002-07-30T00:00:00 RHSA-2002:157 https://www.cve.org/CVERecord?id=CVE-2002-1568 https://nvd.nist.gov/vuln/detail/CVE-2002-1568 Moderate 2002-04-17T00:00:00 security flaw

The linux 2.4 kernel before 2.4.19 assumes that the fninit instruction clears all registers, which could lead to an information leak on processors that do not clear all relevant SSE registers.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2002-07-16T00:00:00 RHSA-2002:128 https://www.cve.org/CVERecord?id=CVE-2002-1571 https://nvd.nist.gov/vuln/detail/CVE-2002-1571 Moderate 2002-08-27T00:00:00 security flaw

Signed integer overflow in the bttv_read function in the bttv driver (bttv-driver.c) in Linux kernel before 2.4.20 has unknown impact and attack vectors.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2002-10-28T00:00:00 RHSA-2002:227 Red Hat Linux 7.1 2002-10-17T00:00:00 RHSA-2002:205 Red Hat Linux 7.2 2002-10-17T00:00:00 RHSA-2002:205 Red Hat Linux 7.3 2002-10-17T00:00:00 RHSA-2002:206 https://www.cve.org/CVERecord?id=CVE-2002-1572 https://nvd.nist.gov/vuln/detail/CVE-2002-1572 Moderate 2002-08-26T00:00:00 security flaw

Unspecified vulnerability in the pcilynx ieee1394 firewire driver (pcilynx.c) in Linux kernel before 2.4.20 has unknown impact and attack vectors, related to "wrap handling."

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2002-10-28T00:00:00 RHSA-2002:227 Red Hat Linux 7.1 2002-10-17T00:00:00 RHSA-2002:205 Red Hat Linux 7.2 2002-10-17T00:00:00 RHSA-2002:205 Red Hat Linux 7.3 2002-10-17T00:00:00 RHSA-2002:206 https://www.cve.org/CVERecord?id=CVE-2002-1573 https://nvd.nist.gov/vuln/detail/CVE-2002-1573 Moderate 2002-08-26T00:00:00 security flaw

Buffer overflow in the ixj telephony card driver in Linux before 2.4.20 has unknown impact and attack vectors.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2004-02-03T00:00:00 RHSA-2004:044 Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2004-04-22T00:00:00 RHSA-2004:106 Red Hat Enterprise Linux ES version 2.1 2004-02-03T00:00:00 RHSA-2004:044 Red Hat Enterprise Linux WS version 2.1 2004-02-03T00:00:00 RHSA-2004:044 Red Hat Linux 7.1 2002-10-17T00:00:00 RHSA-2002:205 Red Hat Linux 7.2 2002-10-17T00:00:00 RHSA-2002:205 Red Hat Linux 7.3 2002-10-17T00:00:00 RHSA-2002:206 Red Hat Linux Advanced Workstation 2.1 2004-04-22T00:00:00 RHSA-2004:106 https://www.cve.org/CVERecord?id=CVE-2002-1574 https://nvd.nist.gov/vuln/detail/CVE-2002-1574

PostgreSQL 7.2.1 and 7.2.2 allows local users to delete transaction log (pg_clog) data and cause a denial of service (data loss) via the VACUUM command.

Not vulnerable. This issue did not affect the versions of PostgreSQL as shipped with Red Hat Enterprise Linux 2.1, 3, or 4. https://www.cve.org/CVERecord?id=CVE-2002-1642 https://nvd.nist.gov/vuln/detail/CVE-2002-1642

Cross-site request forgery (CSRF) vulnerability in compose.php in SquirrelMail before 1.2.3 allows remote attackers to send email as other users via an IMG URL with modified send_to and subject parameters.

Not vulnerable. This issue did not affect the versions of SquirrelMail as shipped with Red Hat Enterprise Linux 3 or 4. https://www.cve.org/CVERecord?id=CVE-2002-1648 https://nvd.nist.gov/vuln/detail/CVE-2002-1648

Cross-site scripting (XSS) vulnerability in read_body.php in SquirrelMail before 1.2.3 allows remote attackers to execute arbitrary Javascript via a javascript: URL in an IMG tag.

Not vulnerable. This issue did not affect the versions of SquirrelMail as shipped with Red Hat Enterprise Linux 3 or 4. https://www.cve.org/CVERecord?id=CVE-2002-1649 https://nvd.nist.gov/vuln/detail/CVE-2002-1649

The spell checker plugin (check_me.mod.php) for SquirrelMail before 1.2.3 allows remote attackers to execute arbitrary commands via a modified sqspell_command parameter.

Not vulnerable. This issue did not affect the versions of SquirrelMail as shipped with Red Hat Enterprise Linux 3 or 4. https://www.cve.org/CVERecord?id=CVE-2002-1650 https://nvd.nist.gov/vuln/detail/CVE-2002-1650

mod_cgi in Apache 2.0.39 and 2.0.40 allows local users and possibly remote attackers to cause a denial of service (hang and memory consumption) by causing a CGI script to send a large amount of data to stderr, which results in a read/write deadlock between httpd and the CGI script.

Not vulnerable. This issue did not affect the versions of Apache HTTP server as shipped with Red Hat Enterprise Linux 2.1, 3, or 4. https://www.cve.org/CVERecord?id=CVE-2002-1850 https://nvd.nist.gov/vuln/detail/CVE-2002-1850 Low 2002-06-07T00:00:00 pine username disclosure issue

Pine 4.2.1 through 4.4.4 puts Unix usernames and/or uid into Sender: and X-Sender: headers, which could allow remote attackers to obtain sensitive information.

The Red Hat Product Security has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: https://access.redhat.com/security/updates/classification/ https://www.cve.org/CVERecord?id=CVE-2002-1903 https://nvd.nist.gov/vuln/detail/CVE-2002-1903 Low 2002-07-17T00:00:00 security flaw

dump 0.4 b10 through b29 allows local users to cause a denial of service (execution prevention) by using flock() to lock the /etc/dumpdates file.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2005-08-03T00:00:00 RHSA-2005:583 Red Hat Enterprise Linux ES version 2.1 2005-08-03T00:00:00 RHSA-2005:583 Red Hat Enterprise Linux WS version 2.1 2005-08-03T00:00:00 RHSA-2005:583 Red Hat Linux Advanced Workstation 2.1 2005-08-03T00:00:00 RHSA-2005:583 https://www.cve.org/CVERecord?id=CVE-2002-1914 https://nvd.nist.gov/vuln/detail/CVE-2002-1914

Mozilla 0.9.6 and earlier and Netscape 6.2 and earlier allows remote attackers to steal cookies from another domain via a link with a hex-encoded null character (%00) followed by the target domain.

Not vulnerable. This issue did not affect the versions of Mozilla as shipped with Red Hat Enterprise Linux 2.1, 3, or 4. https://www.cve.org/CVERecord?id=CVE-2002-2013 https://nvd.nist.gov/vuln/detail/CVE-2002-2013

SQL injection vulnerability in the LDAP and MySQL authentication patch for Cyrus SASL 1.5.24 and 1.5.27 allows remote attackers to execute arbitrary SQL commands and log in as arbitrary POP mail users via the password.

Not vulnerable. This issue only affects a third-party patch to Cyrus SASL, not distributed with Red Hat Enterprise Linux 2.1, 3, or 4. https://www.cve.org/CVERecord?id=CVE-2002-2043 https://nvd.nist.gov/vuln/detail/CVE-2002-2043

Heap-based buffer overflow in Netscape 6.2.3 and Mozilla 1.0 and earlier allows remote attackers to crash client browsers and execute arbitrary code via a PNG image with large width and height values and an 8-bit or 16-bit alpha channel.

Not vulnerable. This issue did not affect the versions of Mozilla as shipped with Red Hat Enterprise Linux 2.1, 3, or 4. https://www.cve.org/CVERecord?id=CVE-2002-2061 https://nvd.nist.gov/vuln/detail/CVE-2002-2061

Apache before 1.3.24, when writing to the log file, records a spoofed hostname from the reverse lookup of an IP address, even when a double-reverse lookup fails, which allows remote attackers to hide the original source of activities.

Not vulnerable. This issue did not affect the versions of Apache HTTP server as shipped with Red Hat Enterprise Linux 2.1, 3, or 4. https://www.cve.org/CVERecord?id=CVE-2002-2103 https://nvd.nist.gov/vuln/detail/CVE-2002-2103 Moderate 2002-06-25T00:00:00 security flaw

The Internet Group Management Protocol (IGMP) allows local users to cause a denial of service via an IGMP membership report to a target's Ethernet address instead of the Multicast group address, which causes the target to stop sending reports to the router and effectively disconnect the group from the network.

Red Hat Enterprise Linux 3 2006-01-19T00:00:00 RHSA-2006:0140 kernel-0:2.4.21-37.0.1.EL Red Hat Enterprise Linux 4 2006-01-17T00:00:00 RHSA-2006:0101 kernel-0:2.6.9-22.0.2.EL Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2006-02-01T00:00:00 RHSA-2006:0190 Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2006-02-01T00:00:00 RHSA-2006:0191 Red Hat Enterprise Linux ES version 2.1 2006-02-01T00:00:00 RHSA-2006:0191 Red Hat Enterprise Linux WS version 2.1 2006-02-01T00:00:00 RHSA-2006:0191 Red Hat Linux Advanced Workstation 2.1 2006-02-01T00:00:00 RHSA-2006:0190 https://www.cve.org/CVERecord?id=CVE-2002-2185 https://nvd.nist.gov/vuln/detail/CVE-2002-2185

Samba before 2.2.5 does not properly terminate the enum_csc_policy data structure, which may allow remote attackers to execute arbitrary code via a buffer overflow attack.

This issue did not affect the versions of Samba as distributed with Red Hat Enterprise Linux 2.1, 3, or 4. https://www.cve.org/CVERecord?id=CVE-2002-2196 https://nvd.nist.gov/vuln/detail/CVE-2002-2196

The default --checksig setting in RPM Package Manager 4.0.4 checks that a package's signature is valid without listing who signed it, which can allow remote attackers to make it appear that a malicious package comes from a trusted source.

We do not believe this is a security vulnerability. This is the documented and expected behaviour of rpm. https://www.cve.org/CVERecord?id=CVE-2002-2204 https://nvd.nist.gov/vuln/detail/CVE-2002-2204

The installation of OpenOffice 1.0.1 allows local users to overwrite files and possibly gain privileges via a symlink attack on the USERNAME_autoresponse.conf temporary file.

Not vulnerable. This issue did not affect the RPM packages of OpenOffice as distributed with Red Hat Enterprise Linux 2.1, 3, or 4. https://www.cve.org/CVERecord?id=CVE-2002-2210 https://nvd.nist.gov/vuln/detail/CVE-2002-2210 Moderate 2002-02-18T00:00:00 security flaw

The php_if_imap_mime_header_decode function in the IMAP functionality in PHP before 4.2.2 allows remote attackers to cause a denial of service (crash) via an e-mail header with a long "To" header.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2006-07-25T00:00:00 RHSA-2006:0567 Red Hat Enterprise Linux ES version 2.1 2006-07-25T00:00:00 RHSA-2006:0567 Red Hat Enterprise Linux WS version 2.1 2006-07-25T00:00:00 RHSA-2006:0567 Red Hat Linux Advanced Workstation 2.1 2006-07-25T00:00:00 RHSA-2006:0567 https://www.cve.org/CVERecord?id=CVE-2002-2214 https://nvd.nist.gov/vuln/detail/CVE-2002-2214 Moderate 2002-09-07T00:00:00 security flaw

The imap_header function in the IMAP functionality for PHP before 4.3.0 allows remote attackers to cause a denial of service via an e-mail message with a large number of "To" addresses, which triggers an error in the rfc822_write_address function.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2006-05-23T00:00:00 RHSA-2006:0501 Red Hat Enterprise Linux ES version 2.1 2006-05-23T00:00:00 RHSA-2006:0501 Red Hat Enterprise Linux WS version 2.1 2006-05-23T00:00:00 RHSA-2006:0501 Red Hat Linux Advanced Workstation 2.1 2006-05-23T00:00:00 RHSA-2006:0501 https://www.cve.org/CVERecord?id=CVE-2002-2215 https://nvd.nist.gov/vuln/detail/CVE-2002-2215

TCP firewalls could be circumvented by sending a SYN Packets with other flags (like e.g. RST flag) set, which was not correctly discarded by the Linux TCP stack after firewalling.

Not vulnerable. This issue did not affect the Linux kernels as shipped with Red Hat Enterprise Linux 4, 5, 6, and Red Hat Enterprise MRG. https://www.cve.org/CVERecord?id=CVE-2002-2438 https://nvd.nist.gov/vuln/detail/CVE-2002-2438 Moderate 2002-08-05T00:00:00 gcc: Integer overflow can occur during the computation of the memory region size for new[] operator 3.7 AV:L/AC:H/Au:N/C:P/I:P/A:P CWE-190

Integer overflow in the new[] operator in gcc before 4.8.0 allows attackers to have unspecified impacts.

Red Hat Enterprise Linux 5 Will not fix compat-gcc-295 Red Hat Enterprise Linux 5 Will not fix compat-gcc-296 Red Hat Enterprise Linux 5 Will not fix compat-gcc-32 Red Hat Enterprise Linux 5 Will not fix compat-gcc-34 Red Hat Enterprise Linux 5 Will not fix gcc Red Hat Enterprise Linux 5 Will not fix gcc43 Red Hat Enterprise Linux 5 Will not fix gcc44 Red Hat Enterprise Linux 6 Will not fix compat-gcc-295 Red Hat Enterprise Linux 6 Will not fix compat-gcc-296 Red Hat Enterprise Linux 6 Will not fix compat-gcc-32 Red Hat Enterprise Linux 6 Will not fix compat-gcc-34 Red Hat Enterprise Linux 6 Will not fix gcc Red Hat Enterprise Linux 7 Not affected gcc https://www.cve.org/CVERecord?id=CVE-2002-2439 https://nvd.nist.gov/vuln/detail/CVE-2002-2439 Moderate 2002-06-16T00:00:00 krb5: UDP ping-pong flaw in kpasswd 5.0 AV:N/AC:L/Au:N/C:N/I:N/A:P

schpw.c in the kpasswd service in kadmind in MIT Kerberos 5 (aka krb5) before 1.11.3 does not properly validate UDP packets before sending responses, which allows remote attackers to cause a denial of service (CPU and bandwidth consumption) via a forged packet that triggers a communication loop, as demonstrated by krb_pingpong.nasl, a related issue to CVE-1999-0103.

Red Hat Enterprise Linux 5 2013-06-12T00:00:00 RHSA-2013:0942 krb5-0:1.6.1-70.el5_9.2 Red Hat Enterprise Linux 6 2013-06-12T00:00:00 RHSA-2013:0942 krb5-0:1.10.3-10.el6_4.3 https://www.cve.org/CVERecord?id=CVE-2002-2443 https://nvd.nist.gov/vuln/detail/CVE-2002-2443 Important 2003-01-06T00:00:00 cisco: information leak in ethernet frames. 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CWE-200

Multiple ethernet Network Interface Card (NIC) device drivers do not pad frames with null bytes, which allows remote attackers to obtain information from previous packets or kernel memory by using malformed packets, as demonstrated by Etherleak.

Red Hat Linux 6.2 2003-03-20T00:00:00 RHSA-2003:088 Red Hat Linux 7.0 2003-03-20T00:00:00 RHSA-2003:088 Red Hat Linux 7.1 2003-02-04T00:00:00 RHSA-2003:025 Red Hat Linux 7.1 2003-06-25T00:00:00 RHSA-2003:190 Red Hat Linux 7.2 2003-02-04T00:00:00 RHSA-2003:025 Red Hat Linux 7.3 2003-02-04T00:00:00 RHSA-2003:025 Red Hat Linux 8.0 2003-02-04T00:00:00 RHSA-2003:025 Red Hat Enterprise Linux 6 Not affected kernel Red Hat Enterprise Linux 7 Not affected kernel Red Hat Enterprise Linux 7 Not affected kernel-rt Red Hat Enterprise Linux 8 Not affected kernel Red Hat Enterprise Linux 8 Not affected kernel-rt https://www.cve.org/CVERecord?id=CVE-2003-0001 https://nvd.nist.gov/vuln/detail/CVE-2003-0001 Critical 2003-01-20T00:00:00 security flaw

Double-free vulnerability in CVS 1.11.4 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malformed Directory request, as demonstrated by bypassing write checks to execute Update-prog and Checkin-prog commands.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2003-01-20T00:00:00 RHSA-2003:013 Red Hat Linux 6.2 2003-01-20T00:00:00 RHSA-2003:012 Red Hat Linux 7.0 2003-01-20T00:00:00 RHSA-2003:012 Red Hat Linux 7.1 2003-01-20T00:00:00 RHSA-2003:012 Red Hat Linux 7.2 2003-01-20T00:00:00 RHSA-2003:012 Red Hat Linux 7.3 2003-01-20T00:00:00 RHSA-2003:012 Red Hat Linux 8.0 2003-01-20T00:00:00 RHSA-2003:012 Red Hat Linux Advanced Workstation 2.1 2003-01-20T00:00:00 RHSA-2003:013 https://www.cve.org/CVERecord?id=CVE-2003-0015 https://nvd.nist.gov/vuln/detail/CVE-2003-0015 Important 2003-02-04T00:00:00 security flaw

Linux kernel 2.4.10 through 2.4.21-pre4 does not properly handle the O_DIRECT feature, which allows local attackers with write privileges to read portions of previously deleted files, or cause file system corruption.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2003-09-05T00:00:00 RHEA-2002:317 Red Hat Linux 7.1 2003-02-04T00:00:00 RHSA-2003:025 Red Hat Linux 7.2 2003-02-04T00:00:00 RHSA-2003:025 Red Hat Linux 7.3 2003-02-04T00:00:00 RHSA-2003:025 Red Hat Linux 8.0 2003-02-04T00:00:00 RHSA-2003:025 https://www.cve.org/CVERecord?id=CVE-2003-0018 https://nvd.nist.gov/vuln/detail/CVE-2003-0018 2003-02-07T00:00:00 security flaw

uml_net in the kernel-utils package for Red Hat Linux 8.0 has incorrect setuid root privileges, which allows local users to modify network interfaces, e.g. by modifying ARP entries or placing interfaces into promiscuous mode.

Red Hat Linux 8.0 2003-02-07T00:00:00 RHSA-2003:056 https://www.cve.org/CVERecord?id=CVE-2003-0019 https://nvd.nist.gov/vuln/detail/CVE-2003-0019 Low 2003-02-24T00:00:00 security flaw

Apache does not filter terminal escape sequences from its error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2003-09-22T00:00:00 RHSA-2003:244 Red Hat Enterprise Linux ES version 2.1 2003-09-22T00:00:00 RHSA-2003:244 Red Hat Enterprise Linux WS version 2.1 2003-09-22T00:00:00 RHSA-2003:244 Red Hat Linux 7.1 2003-09-22T00:00:00 RHSA-2003:243 Red Hat Linux 7.2 2003-09-22T00:00:00 RHSA-2003:243 Red Hat Linux 7.3 2003-09-22T00:00:00 RHSA-2003:243 Red Hat Linux 8.0 2003-04-09T00:00:00 RHSA-2003:139 Red Hat Linux 9 2003-04-09T00:00:00 RHSA-2003:139 Red Hat Linux Advanced Workstation 2.1 2003-09-22T00:00:00 RHSA-2003:244 Red Hat Stronghold 3 2003-03-18T00:00:00 RHSA-2003:104 Red Hat Stronghold 4 2003-03-03T00:00:00 RHSA-2003:082 Stronghold 4 for Red Hat Enterprise Linux 2003-06-18T00:00:00 RHSA-2003:083 https://www.cve.org/CVERecord?id=CVE-2003-0020 https://nvd.nist.gov/vuln/detail/CVE-2003-0020 Important 2003-02-24T00:00:00 security flaw

The "screen dump" feature in rxvt 2.7.8 allows attackers to overwrite arbitrary files via a certain character escape sequence when it is echoed to a user's terminal, e.g. when the user views a file containing the malicious sequence.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2003-03-11T00:00:00 RHSA-2003:055 Red Hat Enterprise Linux ES version 2.1 2003-03-11T00:00:00 RHSA-2003:055 Red Hat Enterprise Linux WS version 2.1 2003-03-11T00:00:00 RHSA-2003:055 Red Hat Linux 6.2 2003-03-17T00:00:00 RHSA-2003:054 Red Hat Linux 7.0 2003-03-17T00:00:00 RHSA-2003:054 Red Hat Linux 7.1 2003-03-17T00:00:00 RHSA-2003:054 Red Hat Linux 7.2 2003-03-17T00:00:00 RHSA-2003:054 Red Hat Linux 7.3 2003-03-17T00:00:00 RHSA-2003:054 Red Hat Linux Advanced Workstation 2.1 2003-03-11T00:00:00 RHSA-2003:055 https://www.cve.org/CVERecord?id=CVE-2003-0022 https://nvd.nist.gov/vuln/detail/CVE-2003-0022 Important 2003-02-24T00:00:00 security flaw

The menuBar feature in rxvt 2.7.8 allows attackers to modify menu options and execute arbitrary commands via a certain character escape sequence that inserts the commands into the menu.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2003-03-11T00:00:00 RHSA-2003:055 Red Hat Enterprise Linux ES version 2.1 2003-03-11T00:00:00 RHSA-2003:055 Red Hat Enterprise Linux WS version 2.1 2003-03-11T00:00:00 RHSA-2003:055 Red Hat Linux 6.2 2003-03-17T00:00:00 RHSA-2003:054 Red Hat Linux 7.0 2003-03-17T00:00:00 RHSA-2003:054 Red Hat Linux 7.1 2003-03-17T00:00:00 RHSA-2003:054 Red Hat Linux 7.2 2003-03-17T00:00:00 RHSA-2003:054 Red Hat Linux 7.3 2003-03-17T00:00:00 RHSA-2003:054 Red Hat Linux Advanced Workstation 2.1 2003-03-11T00:00:00 RHSA-2003:055 https://www.cve.org/CVERecord?id=CVE-2003-0023 https://nvd.nist.gov/vuln/detail/CVE-2003-0023 2003-01-15T00:00:00 security flaw

Multiple stack-based buffer overflows in the error handling routines of the minires library, as used in the NSUPDATE capability for ISC DHCPD 3.0 through 3.0.1RC10, allow remote attackers to execute arbitrary code via a DHCP message containing a long hostname.

Red Hat Linux 8.0 2003-01-16T00:00:00 RHSA-2003:011 https://www.cve.org/CVERecord?id=CVE-2003-0026 https://nvd.nist.gov/vuln/detail/CVE-2003-0026 Critical 2003-03-19T00:00:00 security flaw

Integer overflow in the xdrmem_getbytes() function, and possibly other functions, of XDR (external data representation) libraries derived from SunRPC, including libnsl, libc, glibc, and dietlibc, allows remote attackers to execute arbitrary code via certain integer values in length fields, a different vulnerability than CVE-2002-0391.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2003-03-27T00:00:00 RHSA-2003:052 Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2003-05-22T00:00:00 RHSA-2003:090 Red Hat Enterprise Linux ES version 2.1 2003-03-27T00:00:00 RHSA-2003:052 Red Hat Enterprise Linux ES version 2.1 2003-05-22T00:00:00 RHSA-2003:090 Red Hat Enterprise Linux WS version 2.1 2003-03-27T00:00:00 RHSA-2003:052 Red Hat Enterprise Linux WS version 2.1 2003-05-22T00:00:00 RHSA-2003:090 Red Hat Linux 6.2 2003-03-26T00:00:00 RHSA-2003:051 Red Hat Linux 6.2 2003-03-19T00:00:00 RHSA-2003:089 Red Hat Linux 7.0 2003-03-26T00:00:00 RHSA-2003:051 Red Hat Linux 7.0 2003-03-19T00:00:00 RHSA-2003:089 Red Hat Linux 7.1 2003-03-26T00:00:00 RHSA-2003:051 Red Hat Linux 7.1 2003-03-19T00:00:00 RHSA-2003:089 Red Hat Linux 7.1 2003-04-29T00:00:00 RHSA-2003:168 Red Hat Linux 7.1 2003-06-26T00:00:00 RHSA-2003:212 Red Hat Linux 7.2 2003-03-26T00:00:00 RHSA-2003:051 Red Hat Linux 7.2 2003-03-19T00:00:00 RHSA-2003:089 Red Hat Linux 7.3 2003-03-26T00:00:00 RHSA-2003:051 Red Hat Linux 7.3 2003-03-19T00:00:00 RHSA-2003:089 Red Hat Linux 8.0 2003-03-26T00:00:00 RHSA-2003:051 Red Hat Linux 8.0 2003-03-19T00:00:00 RHSA-2003:089 Red Hat Linux 9 2003-04-02T00:00:00 RHSA-2003:091 Red Hat Linux Advanced Workstation 2.1 2003-03-27T00:00:00 RHSA-2003:052 Red Hat Linux Advanced Workstation 2.1 2003-05-22T00:00:00 RHSA-2003:090 https://www.cve.org/CVERecord?id=CVE-2003-0028 https://nvd.nist.gov/vuln/detail/CVE-2003-0028 2003-01-15T00:00:00 security flaw

ISC dhcrelay (dhcp-relay) 3.0rc9 and earlier, and possibly other versions, allows remote attackers to cause a denial of service (packet storm) via a certain BOOTP packet that is forwarded to a broadcast MAC address, causing an infinite loop that is not restricted by a hop count.

Red Hat Linux 8.0 2003-03-31T00:00:00 RHSA-2003:034 https://www.cve.org/CVERecord?id=CVE-2003-0039 https://nvd.nist.gov/vuln/detail/CVE-2003-0039 Moderate 2003-01-31T00:00:00 security flaw

Kerberos FTP client allows remote FTP sites to execute arbitrary code via a pipe (|) character in a filename that is retrieved by the client.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2003-01-28T00:00:00 RHSA-2003:021 Red Hat Linux 6.2 2003-01-31T00:00:00 RHSA-2003:020 Red Hat Linux 7.0 2003-01-31T00:00:00 RHSA-2003:020 Red Hat Linux 7.1 2003-01-31T00:00:00 RHSA-2003:020 Red Hat Linux 7.1 2003-04-29T00:00:00 RHSA-2003:168 Red Hat Linux 7.2 2003-01-31T00:00:00 RHSA-2003:020 Red Hat Linux 7.3 2003-01-31T00:00:00 RHSA-2003:020 Red Hat Linux 8.0 2003-01-31T00:00:00 RHSA-2003:020 Red Hat Linux Advanced Workstation 2.1 2003-01-28T00:00:00 RHSA-2003:021 https://www.cve.org/CVERecord?id=CVE-2003-0041 https://nvd.nist.gov/vuln/detail/CVE-2003-0041 Moderate 2004-01-13T00:00:00 security flaw

Buffer overflow in secure locate (slocate) before 2.7 allows local users to execute arbitrary code via a long (1) -c or (2) -r command line argument.

Red Hat Enterprise Linux 3 2004-01-26T00:00:00 RHSA-2004:041 slocate-0:2.7-3 https://www.cve.org/CVERecord?id=CVE-2003-0056 https://nvd.nist.gov/vuln/detail/CVE-2003-0056 Moderate 2003-01-28T00:00:00 security flaw

MIT Kerberos V5 Key Distribution Center (KDC) before 1.2.5 allows remote authenticated attackers to cause a denial of service (crash) on KDCs within the same realm via a certain protocol request that causes a null dereference.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2003-03-27T00:00:00 RHSA-2003:052 Red Hat Enterprise Linux ES version 2.1 2003-03-27T00:00:00 RHSA-2003:052 Red Hat Enterprise Linux WS version 2.1 2003-03-27T00:00:00 RHSA-2003:052 Red Hat Linux 6.2 2003-03-26T00:00:00 RHSA-2003:051 Red Hat Linux 7.0 2003-03-26T00:00:00 RHSA-2003:051 Red Hat Linux 7.1 2003-03-26T00:00:00 RHSA-2003:051 Red Hat Linux 7.1 2003-04-29T00:00:00 RHSA-2003:168 Red Hat Linux 7.2 2003-03-26T00:00:00 RHSA-2003:051 Red Hat Linux 7.3 2003-03-26T00:00:00 RHSA-2003:051 Red Hat Linux 8.0 2003-03-26T00:00:00 RHSA-2003:051 Red Hat Linux Advanced Workstation 2.1 2003-03-27T00:00:00 RHSA-2003:052 https://www.cve.org/CVERecord?id=CVE-2003-0058 https://nvd.nist.gov/vuln/detail/CVE-2003-0058 Moderate 2003-01-28T00:00:00 security flaw

Unknown vulnerability in the chk_trans.c of the libkrb5 library for MIT Kerberos V5 before 1.2.5 allows users from one realm to impersonate users in other realms that have the same inter-realm keys.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2003-03-27T00:00:00 RHSA-2003:052 Red Hat Enterprise Linux ES version 2.1 2003-03-27T00:00:00 RHSA-2003:052 Red Hat Enterprise Linux WS version 2.1 2003-03-27T00:00:00 RHSA-2003:052 Red Hat Linux 6.2 2003-03-26T00:00:00 RHSA-2003:051 Red Hat Linux 7.0 2003-03-26T00:00:00 RHSA-2003:051 Red Hat Linux 7.1 2003-03-26T00:00:00 RHSA-2003:051 Red Hat Linux 7.1 2003-04-29T00:00:00 RHSA-2003:168 Red Hat Linux 7.2 2003-03-26T00:00:00 RHSA-2003:051 Red Hat Linux 7.3 2003-03-26T00:00:00 RHSA-2003:051 Red Hat Linux 8.0 2003-03-26T00:00:00 RHSA-2003:051 Red Hat Linux Advanced Workstation 2.1 2003-03-27T00:00:00 RHSA-2003:052 https://www.cve.org/CVERecord?id=CVE-2003-0059 https://nvd.nist.gov/vuln/detail/CVE-2003-0059 Moderate 2003-02-24T00:00:00 security flaw

The xterm terminal emulator in XFree86 4.2.0 and earlier allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2003-06-25T00:00:00 RHSA-2003:065 Red Hat Enterprise Linux ES version 2.1 2003-06-25T00:00:00 RHSA-2003:065 Red Hat Enterprise Linux WS version 2.1 2003-06-25T00:00:00 RHSA-2003:065 Red Hat Linux 7.1 2003-06-25T00:00:00 RHSA-2003:064 Red Hat Linux 7.2 2003-06-25T00:00:00 RHSA-2003:064 Red Hat Linux 7.3 2003-06-25T00:00:00 RHSA-2003:066 Red Hat Linux 8.0 2003-06-25T00:00:00 RHSA-2003:067 Red Hat Linux Advanced Workstation 2.1 2003-06-25T00:00:00 RHSA-2003:065 https://www.cve.org/CVERecord?id=CVE-2003-0063 https://nvd.nist.gov/vuln/detail/CVE-2003-0063 Moderate 2003-02-24T00:00:00 security flaw

The rxvt terminal emulator 2.7.8 and earlier allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2003-03-11T00:00:00 RHSA-2003:055 Red Hat Enterprise Linux ES version 2.1 2003-03-11T00:00:00 RHSA-2003:055 Red Hat Enterprise Linux WS version 2.1 2003-03-11T00:00:00 RHSA-2003:055 Red Hat Linux 6.2 2003-03-17T00:00:00 RHSA-2003:054 Red Hat Linux 7.0 2003-03-17T00:00:00 RHSA-2003:054 Red Hat Linux 7.1 2003-03-17T00:00:00 RHSA-2003:054 Red Hat Linux 7.2 2003-03-17T00:00:00 RHSA-2003:054 Red Hat Linux 7.3 2003-03-17T00:00:00 RHSA-2003:054 Red Hat Linux Advanced Workstation 2.1 2003-03-11T00:00:00 RHSA-2003:055 https://www.cve.org/CVERecord?id=CVE-2003-0066 https://nvd.nist.gov/vuln/detail/CVE-2003-0066 2003-02-24T00:00:00 security flaw

VTE, as used by default in gnome-terminal terminal emulator 2.2 and as an option in gnome-terminal 2.0, allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands.

Red Hat Linux 8.0 2003-02-25T00:00:00 RHSA-2003:053 https://www.cve.org/CVERecord?id=CVE-2003-0070 https://nvd.nist.gov/vuln/detail/CVE-2003-0070 Low 2003-02-24T00:00:00 security flaw

The DEC UDK processing feature in the xterm terminal emulator in XFree86 4.2.99.4 and earlier allows attackers to cause a denial of service via a certain character escape sequence that causes the terminal to enter a tight loop.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2003-06-25T00:00:00 RHSA-2003:065 Red Hat Enterprise Linux ES version 2.1 2003-06-25T00:00:00 RHSA-2003:065 Red Hat Enterprise Linux WS version 2.1 2003-06-25T00:00:00 RHSA-2003:065 Red Hat Linux 7.1 2003-06-25T00:00:00 RHSA-2003:064 Red Hat Linux 7.2 2003-06-25T00:00:00 RHSA-2003:064 Red Hat Linux 7.3 2003-06-25T00:00:00 RHSA-2003:066 Red Hat Linux 8.0 2003-06-25T00:00:00 RHSA-2003:067 Red Hat Linux Advanced Workstation 2.1 2003-06-25T00:00:00 RHSA-2003:065 https://www.cve.org/CVERecord?id=CVE-2003-0071 https://nvd.nist.gov/vuln/detail/CVE-2003-0071 Important 2003-03-19T00:00:00 security flaw

The Key Distribution Center (KDC) in Kerberos 5 (krb5) 1.2.7 and earlier allows remote, authenticated attackers to cause a denial of service (crash) on KDCs within the same realm using a certain protocol request that causes an out-of-bounds read of an array (aka "array overrun").

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2003-03-27T00:00:00 RHSA-2003:052 Red Hat Enterprise Linux ES version 2.1 2003-03-27T00:00:00 RHSA-2003:052 Red Hat Enterprise Linux WS version 2.1 2003-03-27T00:00:00 RHSA-2003:052 Red Hat Linux 6.2 2003-03-26T00:00:00 RHSA-2003:051 Red Hat Linux 7.0 2003-03-26T00:00:00 RHSA-2003:051 Red Hat Linux 7.1 2003-03-26T00:00:00 RHSA-2003:051 Red Hat Linux 7.1 2003-04-29T00:00:00 RHSA-2003:168 Red Hat Linux 7.2 2003-03-26T00:00:00 RHSA-2003:051 Red Hat Linux 7.3 2003-03-26T00:00:00 RHSA-2003:051 Red Hat Linux 8.0 2003-03-26T00:00:00 RHSA-2003:051 Red Hat Linux Advanced Workstation 2.1 2003-03-27T00:00:00 RHSA-2003:052 https://www.cve.org/CVERecord?id=CVE-2003-0072 https://nvd.nist.gov/vuln/detail/CVE-2003-0072 Important 2003-01-23T00:00:00 security flaw

Double-free vulnerability in mysqld for MySQL before 3.23.55 allows attackers with MySQL access to cause a denial of service (crash) via mysql_change_user.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2003-04-28T00:00:00 RHSA-2003:094 Red Hat Enterprise Linux ES version 2.1 2003-04-28T00:00:00 RHSA-2003:094 Red Hat Enterprise Linux WS version 2.1 2003-04-28T00:00:00 RHSA-2003:094 Red Hat Linux 7.1 2003-04-29T00:00:00 RHSA-2003:093 Red Hat Linux 7.1 2003-05-15T00:00:00 RHSA-2003:166 Red Hat Linux 7.2 2003-04-29T00:00:00 RHSA-2003:093 Red Hat Linux 7.3 2003-04-29T00:00:00 RHSA-2003:093 Red Hat Linux 8.0 2003-04-29T00:00:00 RHSA-2003:093 Red Hat Linux 9 2003-04-29T00:00:00 RHSA-2003:093 Red Hat Linux Advanced Workstation 2.1 2003-04-28T00:00:00 RHSA-2003:094 https://www.cve.org/CVERecord?id=CVE-2003-0073 https://nvd.nist.gov/vuln/detail/CVE-2003-0073 Low 2003-02-24T00:00:00 security flaw

The hanterm (hanterm-xf) terminal emulator 2.0.5 and earlier, and possibly later versions, allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2003-07-08T00:00:00 RHSA-2003:071 Red Hat Enterprise Linux ES version 2.1 2003-07-08T00:00:00 RHSA-2003:071 Red Hat Enterprise Linux WS version 2.1 2003-07-08T00:00:00 RHSA-2003:071 Red Hat Linux 7.2 2003-06-06T00:00:00 RHSA-2003:070 Red Hat Linux 7.3 2003-06-06T00:00:00 RHSA-2003:070 Red Hat Linux 8.0 2003-06-06T00:00:00 RHSA-2003:070 Red Hat Linux Advanced Workstation 2.1 2003-07-08T00:00:00 RHSA-2003:071 https://www.cve.org/CVERecord?id=CVE-2003-0077 https://nvd.nist.gov/vuln/detail/CVE-2003-0077 Moderate 2003-02-19T00:00:00 security flaw

ssl3_get_record in s3_pkt.c for OpenSSL before 0.9.7a and 0.9.6 before 0.9.6i does not perform a MAC computation if an incorrect block cipher padding is used, which causes an information leak (timing discrepancy) that may make it easier to launch cryptographic attacks that rely on distinguishing between padding and MAC verification errors, possibly leading to extraction of the original plaintext, aka the "Vaudenay timing attack."

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2003-03-10T00:00:00 RHSA-2003:063 Red Hat Enterprise Linux ES version 2.1 2003-03-10T00:00:00 RHSA-2003:063 Red Hat Enterprise Linux WS version 2.1 2003-03-10T00:00:00 RHSA-2003:063 Red Hat Linux 6.2 2003-03-06T00:00:00 RHSA-2003:062 Red Hat Linux 7.0 2003-03-06T00:00:00 RHSA-2003:062 Red Hat Linux 7.1 2003-03-06T00:00:00 RHSA-2003:062 Red Hat Linux 7.1 2003-06-23T00:00:00 RHSA-2003:205 Red Hat Linux 7.2 2003-03-06T00:00:00 RHSA-2003:062 Red Hat Linux 7.3 2003-03-06T00:00:00 RHSA-2003:062 Red Hat Linux 8.0 2003-03-06T00:00:00 RHSA-2003:062 Red Hat Linux Advanced Workstation 2.1 2003-03-10T00:00:00 RHSA-2003:063 Red Hat Stronghold 3 2003-03-18T00:00:00 RHSA-2003:104 Red Hat Stronghold 4 2003-03-03T00:00:00 RHSA-2003:082 https://www.cve.org/CVERecord?id=CVE-2003-0078 https://nvd.nist.gov/vuln/detail/CVE-2003-0078 Moderate 2003-02-24T00:00:00 security flaw

The DEC UDK processing feature in the hanterm (hanterm-xf) terminal emulator before 2.0.5 allows attackers to cause a denial of service via a certain character escape sequence that causes the terminal to enter a tight loop.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2003-07-08T00:00:00 RHSA-2003:071 Red Hat Enterprise Linux ES version 2.1 2003-07-08T00:00:00 RHSA-2003:071 Red Hat Enterprise Linux WS version 2.1 2003-07-08T00:00:00 RHSA-2003:071 Red Hat Linux 7.2 2003-06-06T00:00:00 RHSA-2003:070 Red Hat Linux 7.3 2003-06-06T00:00:00 RHSA-2003:070 Red Hat Linux 8.0 2003-06-06T00:00:00 RHSA-2003:070 Red Hat Linux Advanced Workstation 2.1 2003-07-08T00:00:00 RHSA-2003:071 https://www.cve.org/CVERecord?id=CVE-2003-0079 https://nvd.nist.gov/vuln/detail/CVE-2003-0079 2003-03-17T00:00:00 security flaw

The iptables ruleset in Gnome-lokkit in Red Hat Linux 8.0 does not include any rules in the FORWARD chain, which could allow attackers to bypass intended access restrictions if packet forwarding is enabled.

Red Hat Linux 8.0 2003-03-17T00:00:00 RHSA-2003:072 https://www.cve.org/CVERecord?id=CVE-2003-0080 https://nvd.nist.gov/vuln/detail/CVE-2003-0080 Moderate 2003-03-08T00:00:00 security flaw

Format string vulnerability in packet-socks.c of the SOCKS dissector for Ethereal 0.8.7 through 0.9.9 allows remote attackers to execute arbitrary code via SOCKS packets containing format string specifiers.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2003-07-08T00:00:00 RHSA-2003:077 Red Hat Enterprise Linux ES version 2.1 2003-07-08T00:00:00 RHSA-2003:077 Red Hat Enterprise Linux WS version 2.1 2003-07-08T00:00:00 RHSA-2003:077 Red Hat Linux 7.2 2003-04-23T00:00:00 RHSA-2003:076 Red Hat Linux 7.3 2003-04-23T00:00:00 RHSA-2003:076 Red Hat Linux 8.0 2003-04-23T00:00:00 RHSA-2003:076 Red Hat Linux 9 2003-04-23T00:00:00 RHSA-2003:076 Red Hat Linux Advanced Workstation 2.1 2003-07-08T00:00:00 RHSA-2003:077 https://www.cve.org/CVERecord?id=CVE-2003-0081 https://nvd.nist.gov/vuln/detail/CVE-2003-0081 Important 2003-03-19T00:00:00 security flaw

The Key Distribution Center (KDC) in Kerberos 5 (krb5) 1.2.7 and earlier allows remote, authenticated attackers to cause a denial of service (crash) on KDCs within the same realm using a certain protocol request that causes the KDC to corrupt its heap (aka "buffer underrun").

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2003-03-27T00:00:00 RHSA-2003:052 Red Hat Enterprise Linux ES version 2.1 2003-03-27T00:00:00 RHSA-2003:052 Red Hat Enterprise Linux WS version 2.1 2003-03-27T00:00:00 RHSA-2003:052 Red Hat Linux 6.2 2003-03-26T00:00:00 RHSA-2003:051 Red Hat Linux 7.0 2003-03-26T00:00:00 RHSA-2003:051 Red Hat Linux 7.1 2003-03-26T00:00:00 RHSA-2003:051 Red Hat Linux 7.1 2003-04-29T00:00:00 RHSA-2003:168 Red Hat Linux 7.2 2003-03-26T00:00:00 RHSA-2003:051 Red Hat Linux 7.3 2003-03-26T00:00:00 RHSA-2003:051 Red Hat Linux 8.0 2003-03-26T00:00:00 RHSA-2003:051 Red Hat Linux 9 2003-04-02T00:00:00 RHSA-2003:091 Red Hat Linux Advanced Workstation 2.1 2003-03-27T00:00:00 RHSA-2003:052 https://www.cve.org/CVERecord?id=CVE-2003-0082 https://nvd.nist.gov/vuln/detail/CVE-2003-0082 2003-02-24T00:00:00 security flaw

Apache 1.3 before 1.3.25 and Apache 2.0 before version 2.0.46 does not filter terminal escape sequences from its access logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences, a different vulnerability than CVE-2003-0020.

Red Hat Linux 8.0 2003-04-09T00:00:00 RHSA-2003:139 Red Hat Linux 9 2003-04-09T00:00:00 RHSA-2003:139 Red Hat Stronghold 3 2003-03-18T00:00:00 RHSA-2003:104 Red Hat Stronghold 4 2003-03-28T00:00:00 RHSA-2003:116 Stronghold 4 for Red Hat Enterprise Linux 2003-06-18T00:00:00 RHSA-2003:083 https://www.cve.org/CVERecord?id=CVE-2003-0083 https://nvd.nist.gov/vuln/detail/CVE-2003-0083 Important 2003-04-28T00:00:00 security flaw

mod_auth_any package in Red Hat Enterprise Linux 2.1 and other operating systems does not properly escape arguments when calling other programs, which allows attackers to execute arbitrary commands via shell metacharacters.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2003-04-28T00:00:00 RHSA-2003:114 Red Hat Enterprise Linux ES version 2.1 2003-04-28T00:00:00 RHSA-2003:114 Red Hat Enterprise Linux WS version 2.1 2003-04-28T00:00:00 RHSA-2003:114 Red Hat Linux 7.2 2003-05-02T00:00:00 RHSA-2003:113 Red Hat Linux 7.3 2003-05-02T00:00:00 RHSA-2003:113 Red Hat Linux Advanced Workstation 2.1 2003-04-28T00:00:00 RHSA-2003:114 https://www.cve.org/CVERecord?id=CVE-2003-0084 https://nvd.nist.gov/vuln/detail/CVE-2003-0084 Critical 2003-03-15T00:00:00 security flaw

Buffer overflow in the SMB/CIFS packet fragment re-assembly code for SMB daemon (smbd) in Samba before 2.2.8, and Samba-TNG before 0.3.1, allows remote attackers to execute arbitrary code.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2003-03-20T00:00:00 RHSA-2003:096 Red Hat Enterprise Linux ES version 2.1 2003-03-20T00:00:00 RHSA-2003:096 Red Hat Enterprise Linux WS version 2.1 2003-03-20T00:00:00 RHSA-2003:096 Red Hat Linux 6.2 2003-03-18T00:00:00 RHSA-2003:095 Red Hat Linux 7.0 2003-03-18T00:00:00 RHSA-2003:095 Red Hat Linux 7.1 2003-03-18T00:00:00 RHSA-2003:095 Red Hat Linux 7.1 2003-07-15T00:00:00 RHSA-2003:226 Red Hat Linux 7.2 2003-03-18T00:00:00 RHSA-2003:095 Red Hat Linux 7.3 2003-03-18T00:00:00 RHSA-2003:095 Red Hat Linux 8.0 2003-03-18T00:00:00 RHSA-2003:095 Red Hat Linux 9 2003-03-18T00:00:00 RHSA-2003:095 Red Hat Linux Advanced Workstation 2.1 2003-03-20T00:00:00 RHSA-2003:096 https://www.cve.org/CVERecord?id=CVE-2003-0085 https://nvd.nist.gov/vuln/detail/CVE-2003-0085 Moderate 2003-03-15T00:00:00 security flaw

The code for writing reg files in Samba before 2.2.8 allows local users to overwrite arbitrary files via a race condition involving chown.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2003-03-20T00:00:00 RHSA-2003:096 Red Hat Enterprise Linux ES version 2.1 2003-03-20T00:00:00 RHSA-2003:096 Red Hat Enterprise Linux WS version 2.1 2003-03-20T00:00:00 RHSA-2003:096 Red Hat Linux 6.2 2003-03-18T00:00:00 RHSA-2003:095 Red Hat Linux 7.0 2003-03-18T00:00:00 RHSA-2003:095 Red Hat Linux 7.1 2003-03-18T00:00:00 RHSA-2003:095 Red Hat Linux 7.1 2003-07-15T00:00:00 RHSA-2003:226 Red Hat Linux 7.2 2003-03-18T00:00:00 RHSA-2003:095 Red Hat Linux 7.3 2003-03-18T00:00:00 RHSA-2003:095 Red Hat Linux 8.0 2003-03-18T00:00:00 RHSA-2003:095 Red Hat Linux 9 2003-03-18T00:00:00 RHSA-2003:095 Red Hat Linux Advanced Workstation 2.1 2003-03-20T00:00:00 RHSA-2003:096 https://www.cve.org/CVERecord?id=CVE-2003-0086 https://nvd.nist.gov/vuln/detail/CVE-2003-0086 2003-01-10T00:00:00 security flaw

The RADIUS decoder in tcpdump 3.6.2 and earlier allows remote attackers to cause a denial of service (crash) via an invalid RADIUS packet with a header length field of 0, which causes tcpdump to generate data within an infinite loop.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2003-02-26T00:00:00 RHSA-2003:033 Red Hat Linux 7.1 2003-04-23T00:00:00 RHSA-2003:032 Red Hat Linux 7.1 2003-06-30T00:00:00 RHSA-2003:214 Red Hat Linux 7.2 2003-04-23T00:00:00 RHSA-2003:032 Red Hat Linux 7.3 2003-04-23T00:00:00 RHSA-2003:032 Red Hat Linux 8.0 2003-04-23T00:00:00 RHSA-2003:032 Red Hat Linux Advanced Workstation 2.1 2003-02-26T00:00:00 RHSA-2003:033 https://www.cve.org/CVERecord?id=CVE-2003-0093 https://nvd.nist.gov/vuln/detail/CVE-2003-0093 Moderate 2003-03-04T00:00:00 security flaw

Buffer overflow in tryelf() in readelf.c of the file command allows attackers to execute arbitrary code as the user running file, possibly via a large entity size value in an ELF header (elfhdr.e_shentsize).

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2003-03-10T00:00:00 RHSA-2003:087 Red Hat Enterprise Linux ES version 2.1 2003-03-10T00:00:00 RHSA-2003:087 Red Hat Enterprise Linux WS version 2.1 2003-03-10T00:00:00 RHSA-2003:087 Red Hat Linux 6.2 2003-03-07T00:00:00 RHSA-2003:086 Red Hat Linux 7.0 2003-03-07T00:00:00 RHSA-2003:086 Red Hat Linux 7.1 2003-03-07T00:00:00 RHSA-2003:086 Red Hat Linux 7.2 2003-03-07T00:00:00 RHSA-2003:086 Red Hat Linux 7.3 2003-03-07T00:00:00 RHSA-2003:086 Red Hat Linux 8.0 2003-03-07T00:00:00 RHSA-2003:086 Red Hat Linux Advanced Workstation 2.1 2003-03-10T00:00:00 RHSA-2003:087 https://www.cve.org/CVERecord?id=CVE-2003-0102 https://nvd.nist.gov/vuln/detail/CVE-2003-0102 Moderate 2003-02-22T00:00:00 security flaw

Buffer overflow in the gzprintf function in zlib 1.1.4, when zlib is compiled without vsnprintf or when long inputs are truncated using vsnprintf, allows attackers to cause a denial of service or possibly execute arbitrary code.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2003-05-22T00:00:00 RHSA-2003:081 Red Hat Enterprise Linux ES version 2.1 2003-05-22T00:00:00 RHSA-2003:081 Red Hat Enterprise Linux WS version 2.1 2003-05-22T00:00:00 RHSA-2003:081 Red Hat Linux 7.1 2003-04-29T00:00:00 RHSA-2003:079 Red Hat Linux 7.2 2003-04-29T00:00:00 RHSA-2003:079 Red Hat Linux 7.3 2003-04-29T00:00:00 RHSA-2003:079 Red Hat Linux 8.0 2003-04-29T00:00:00 RHSA-2003:079 Red Hat Linux Advanced Workstation 2.1 2003-05-22T00:00:00 RHSA-2003:081 https://www.cve.org/CVERecord?id=CVE-2003-0107 https://nvd.nist.gov/vuln/detail/CVE-2003-0107 Low 2003-02-27T00:00:00 security flaw

isakmp_sub_print in tcpdump 3.6 through 3.7.1 allows remote attackers to cause a denial of service (CPU consumption) via a certain malformed ISAKMP packet to UDP port 500, which causes tcpdump to enter an infinite loop.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2003-03-11T00:00:00 RHSA-2003:085 Red Hat Enterprise Linux ES version 2.1 2003-03-11T00:00:00 RHSA-2003:085 Red Hat Enterprise Linux WS version 2.1 2003-03-11T00:00:00 RHSA-2003:085 Red Hat Linux 7.1 2003-04-23T00:00:00 RHSA-2003:032 Red Hat Linux 7.1 2003-06-30T00:00:00 RHSA-2003:214 Red Hat Linux 7.2 2003-04-23T00:00:00 RHSA-2003:032 Red Hat Linux 7.3 2003-04-23T00:00:00 RHSA-2003:032 Red Hat Linux 8.0 2003-04-23T00:00:00 RHSA-2003:032 Red Hat Linux Advanced Workstation 2.1 2003-03-11T00:00:00 RHSA-2003:085 https://www.cve.org/CVERecord?id=CVE-2003-0108 https://nvd.nist.gov/vuln/detail/CVE-2003-0108 Low 2003-03-11T00:00:00 security flaw

man before 1.5l allows attackers to execute arbitrary code via a malformed man file with improper quotes, which causes the my_xsprintf function to return a string with the value "unsafe," which is then executed as a program via a system call if it is in the search path of the user who runs man.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2003-04-28T00:00:00 RHSA-2003:134 Red Hat Enterprise Linux ES version 2.1 2003-04-28T00:00:00 RHSA-2003:134 Red Hat Enterprise Linux WS version 2.1 2003-04-28T00:00:00 RHSA-2003:134 Red Hat Linux 7.1 2003-05-01T00:00:00 RHSA-2003:133 Red Hat Linux 7.2 2003-05-01T00:00:00 RHSA-2003:133 Red Hat Linux 7.3 2003-05-01T00:00:00 RHSA-2003:133 Red Hat Linux 8.0 2003-05-01T00:00:00 RHSA-2003:133 Red Hat Linux Advanced Workstation 2.1 2003-04-28T00:00:00 RHSA-2003:134 https://www.cve.org/CVERecord?id=CVE-2003-0124 https://nvd.nist.gov/vuln/detail/CVE-2003-0124 Important 2003-03-17T00:00:00 security flaw

The kernel module loader in Linux kernel 2.2.x before 2.2.25, and 2.4.x before 2.4.21, allows local users to gain root privileges by using ptrace to attach to a child process that is spawned by the kernel.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2003-03-21T00:00:00 RHSA-2003:103 Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2003-05-27T00:00:00 RHSA-2003:145 Red Hat Enterprise Linux ES version 2.1 2003-03-21T00:00:00 RHSA-2003:103 Red Hat Enterprise Linux WS version 2.1 2003-03-21T00:00:00 RHSA-2003:103 Red Hat Linux 6.2 2003-03-20T00:00:00 RHSA-2003:088 Red Hat Linux 7.0 2003-03-20T00:00:00 RHSA-2003:088 Red Hat Linux 7.1 2003-03-17T00:00:00 RHSA-2003:098 Red Hat Linux 7.1 2003-06-25T00:00:00 RHSA-2003:190 Red Hat Linux 7.2 2003-03-17T00:00:00 RHSA-2003:098 Red Hat Linux 7.3 2003-03-17T00:00:00 RHSA-2003:098 Red Hat Linux 8.0 2003-03-17T00:00:00 RHSA-2003:098 Red Hat Linux 9 2003-04-08T00:00:00 RHSA-2003:135 Red Hat Linux Advanced Workstation 2.1 2003-05-27T00:00:00 RHSA-2003:145 https://www.cve.org/CVERecord?id=CVE-2003-0127 https://nvd.nist.gov/vuln/detail/CVE-2003-0127 2003-03-19T00:00:00 security flaw

The try_uudecoding function in mail-format.c for Ximian Evolution Mail User Agent 1.2.2 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a malicious uuencoded (UUE) header, possibly triggering a heap-based buffer overflow.

Red Hat Linux 7.3 2003-03-21T00:00:00 RHSA-2003:108 Red Hat Linux 8.0 2003-03-21T00:00:00 RHSA-2003:108 Red Hat Linux 9 2003-03-21T00:00:00 RHSA-2003:108 https://www.cve.org/CVERecord?id=CVE-2003-0128 https://nvd.nist.gov/vuln/detail/CVE-2003-0128 2003-03-19T00:00:00 security flaw

Ximian Evolution Mail User Agent 1.2.2 and earlier allows remote attackers to cause a denial of service (memory consumption) via a mail message that is uuencoded multiple times.

Red Hat Linux 7.3 2003-03-21T00:00:00 RHSA-2003:108 Red Hat Linux 8.0 2003-03-21T00:00:00 RHSA-2003:108 Red Hat Linux 9 2003-03-21T00:00:00 RHSA-2003:108 https://www.cve.org/CVERecord?id=CVE-2003-0129 https://nvd.nist.gov/vuln/detail/CVE-2003-0129 2003-03-19T00:00:00 security flaw

The handle_image function in mail-format.c for Ximian Evolution Mail User Agent 1.2.2 and earlier does not properly escape HTML characters, which allows remote attackers to inject arbitrary data and HTML via a MIME Content-ID header in a MIME-encoded image.

Red Hat Linux 7.3 2003-03-21T00:00:00 RHSA-2003:108 Red Hat Linux 8.0 2003-03-21T00:00:00 RHSA-2003:108 Red Hat Linux 9 2003-03-21T00:00:00 RHSA-2003:108 https://www.cve.org/CVERecord?id=CVE-2003-0130 https://nvd.nist.gov/vuln/detail/CVE-2003-0130 Important 2003-03-19T00:00:00 security flaw

The SSL and TLS components for OpenSSL 0.9.6i and earlier, 0.9.7, and 0.9.7a allow remote attackers to perform an unauthorized RSA private key operation via a modified Bleichenbacher attack that uses a large number of SSL or TLS connections using PKCS #1 v1.5 padding that cause OpenSSL to leak information regarding the relationship between ciphertext and the associated plaintext, aka the "Klima-Pokorny-Rosa attack."

Red Hat Enterprise Linux 4 and 5 are not vulnerable to this issue as they both contain a backported patch. Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2003-03-31T00:00:00 RHSA-2003:102 Red Hat Enterprise Linux ES version 2.1 2003-03-31T00:00:00 RHSA-2003:102 Red Hat Enterprise Linux WS version 2.1 2003-03-31T00:00:00 RHSA-2003:102 Red Hat Linux 6.2 2003-04-01T00:00:00 RHSA-2003:101 Red Hat Linux 7.0 2003-04-01T00:00:00 RHSA-2003:101 Red Hat Linux 7.1 2003-04-01T00:00:00 RHSA-2003:101 Red Hat Linux 7.1 2003-06-23T00:00:00 RHSA-2003:205 Red Hat Linux 7.2 2003-04-01T00:00:00 RHSA-2003:101 Red Hat Linux 7.3 2003-04-01T00:00:00 RHSA-2003:101 Red Hat Linux 8.0 2003-04-01T00:00:00 RHSA-2003:101 Red Hat Linux 9 2003-04-01T00:00:00 RHSA-2003:101 Red Hat Linux Advanced Workstation 2.1 2003-03-31T00:00:00 RHSA-2003:102 Red Hat Stronghold 3 2003-04-15T00:00:00 RHSA-2003:117 Red Hat Stronghold 4 2003-03-28T00:00:00 RHSA-2003:116 https://www.cve.org/CVERecord?id=CVE-2003-0131 https://nvd.nist.gov/vuln/detail/CVE-2003-0131 2003-04-02T00:00:00 security flaw

A memory leak in Apache 2.0 through 2.0.44 allows remote attackers to cause a denial of service (memory consumption) via large chunks of linefeed characters, which causes Apache to allocate 80 bytes for each linefeed.

Red Hat Linux 8.0 2003-04-09T00:00:00 RHSA-2003:139 Red Hat Linux 9 2003-04-09T00:00:00 RHSA-2003:139 https://www.cve.org/CVERecord?id=CVE-2003-0132 https://nvd.nist.gov/vuln/detail/CVE-2003-0132 2003-04-02T00:00:00 security flaw

GtkHTML, as included in Evolution before 1.2.4, allows remote attackers to cause a denial of service (crash) via certain malformed messages.

Red Hat Linux 9 2003-04-14T00:00:00 RHSA-2003:126 https://www.cve.org/CVERecord?id=CVE-2003-0133 https://nvd.nist.gov/vuln/detail/CVE-2003-0133 2003-04-01T00:00:00 security flaw

vsftpd FTP daemon in Red Hat Linux 9 is not compiled against TCP wrappers (tcp_wrappers) but is installed as a standalone service, which inadvertently prevents vsftpd from restricting access as intended.

Red Hat Linux 9 2003-04-01T00:00:00 RHSA-2003:084 https://www.cve.org/CVERecord?id=CVE-2003-0135 https://nvd.nist.gov/vuln/detail/CVE-2003-0135 2003-04-09T00:00:00 security flaw

psbanner in the LPRng package allows local users to overwrite arbitrary files via a symbolic link attack on the /tmp/before file.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2003-05-22T00:00:00 RHSA-2003:150 Red Hat Enterprise Linux ES version 2.1 2003-05-22T00:00:00 RHSA-2003:150 Red Hat Enterprise Linux WS version 2.1 2003-05-22T00:00:00 RHSA-2003:150 Red Hat Linux 7.1 2003-04-24T00:00:00 RHSA-2003:142 Red Hat Linux 7.1 2003-07-14T00:00:00 RHSA-2003:225 Red Hat Linux 7.2 2003-04-24T00:00:00 RHSA-2003:142 Red Hat Linux 7.3 2003-04-24T00:00:00 RHSA-2003:142 Red Hat Linux 8.0 2003-04-24T00:00:00 RHSA-2003:142 Red Hat Linux 9 2003-04-24T00:00:00 RHSA-2003:142 Red Hat Linux Advanced Workstation 2.1 2003-05-22T00:00:00 RHSA-2003:150 https://www.cve.org/CVERecord?id=CVE-2003-0136 https://nvd.nist.gov/vuln/detail/CVE-2003-0136 Important 2003-03-19T00:00:00 security flaw

Version 4 of the Kerberos protocol (krb4), as used in Heimdal and other packages, allows an attacker to impersonate any principal in a realm via a chosen-plaintext attack.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2003-03-27T00:00:00 RHSA-2003:052 Red Hat Enterprise Linux ES version 2.1 2003-03-27T00:00:00 RHSA-2003:052 Red Hat Enterprise Linux WS version 2.1 2003-03-27T00:00:00 RHSA-2003:052 Red Hat Linux 6.2 2003-03-26T00:00:00 RHSA-2003:051 Red Hat Linux 7.0 2003-03-26T00:00:00 RHSA-2003:051 Red Hat Linux 7.1 2003-03-26T00:00:00 RHSA-2003:051 Red Hat Linux 7.1 2003-04-29T00:00:00 RHSA-2003:168 Red Hat Linux 7.2 2003-03-26T00:00:00 RHSA-2003:051 Red Hat Linux 7.3 2003-03-26T00:00:00 RHSA-2003:051 Red Hat Linux 8.0 2003-03-26T00:00:00 RHSA-2003:051 Red Hat Linux 9 2003-04-02T00:00:00 RHSA-2003:091 Red Hat Linux Advanced Workstation 2.1 2003-03-27T00:00:00 RHSA-2003:052 https://www.cve.org/CVERecord?id=CVE-2003-0138 https://nvd.nist.gov/vuln/detail/CVE-2003-0138 Important 2003-03-19T00:00:00 security flaw

Certain weaknesses in the implementation of version 4 of the Kerberos protocol (krb4) in the krb5 distribution, when triple-DES keys are used to key krb4 services, allow an attacker to create krb4 tickets for unauthorized principals using a cut-and-paste attack and "ticket splicing."

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2003-03-27T00:00:00 RHSA-2003:052 Red Hat Enterprise Linux ES version 2.1 2003-03-27T00:00:00 RHSA-2003:052 Red Hat Enterprise Linux WS version 2.1 2003-03-27T00:00:00 RHSA-2003:052 Red Hat Linux 6.2 2003-03-26T00:00:00 RHSA-2003:051 Red Hat Linux 7.0 2003-03-26T00:00:00 RHSA-2003:051 Red Hat Linux 7.1 2003-03-26T00:00:00 RHSA-2003:051 Red Hat Linux 7.1 2003-04-29T00:00:00 RHSA-2003:168 Red Hat Linux 7.2 2003-03-26T00:00:00 RHSA-2003:051 Red Hat Linux 7.3 2003-03-26T00:00:00 RHSA-2003:051 Red Hat Linux 8.0 2003-03-26T00:00:00 RHSA-2003:051 Red Hat Linux 9 2003-04-02T00:00:00 RHSA-2003:091 Red Hat Linux Advanced Workstation 2.1 2003-03-27T00:00:00 RHSA-2003:052 https://www.cve.org/CVERecord?id=CVE-2003-0139 https://nvd.nist.gov/vuln/detail/CVE-2003-0139 Important 2003-03-20T00:00:00 security flaw

Buffer overflow in Mutt 1.4.0 and possibly earlier versions, 1.5.x up to 1.5.3, and other programs that use Mutt code such as Balsa before 2.0.10, allows a remote malicious IMAP server to cause a denial of service (crash) and possibly execute arbitrary code via a crafted folder.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2003-05-22T00:00:00 RHSA-2003:111 Red Hat Enterprise Linux ES version 2.1 2003-05-22T00:00:00 RHSA-2003:111 Red Hat Enterprise Linux WS version 2.1 2003-05-22T00:00:00 RHSA-2003:111 Red Hat Linux 7.2 2003-04-03T00:00:00 RHSA-2003:109 Red Hat Linux 7.3 2003-04-03T00:00:00 RHSA-2003:109 Red Hat Linux 8.0 2003-04-03T00:00:00 RHSA-2003:109 Red Hat Linux 9 2003-04-03T00:00:00 RHSA-2003:109 Red Hat Linux Advanced Workstation 2.1 2003-05-22T00:00:00 RHSA-2003:111 https://www.cve.org/CVERecord?id=CVE-2003-0140 https://nvd.nist.gov/vuln/detail/CVE-2003-0140 Moderate 2003-02-25T00:00:00 security flaw

Unknown vulnerability in tcpdump before 3.7.2 related to an inability to "Handle unknown RADIUS attributes properly," allows remote attackers to cause a denial of service (infinite loop), a different vulnerability than CAN-2003-0093.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2003-06-09T00:00:00 RHSA-2003:151 Red Hat Enterprise Linux ES version 2.1 2003-06-09T00:00:00 RHSA-2003:151 Red Hat Enterprise Linux WS version 2.1 2003-06-09T00:00:00 RHSA-2003:151 Red Hat Linux 7.1 2003-04-23T00:00:00 RHSA-2003:032 Red Hat Linux 7.1 2003-06-30T00:00:00 RHSA-2003:214 Red Hat Linux 7.2 2003-04-23T00:00:00 RHSA-2003:032 Red Hat Linux 7.3 2003-04-23T00:00:00 RHSA-2003:032 Red Hat Linux 8.0 2003-04-23T00:00:00 RHSA-2003:032 Red Hat Linux Advanced Workstation 2.1 2003-06-09T00:00:00 RHSA-2003:151 https://www.cve.org/CVERecord?id=CVE-2003-0145 https://nvd.nist.gov/vuln/detail/CVE-2003-0145 Important 2003-02-28T00:00:00 security flaw

Multiple vulnerabilities in NetPBM 9.20 and earlier, and possibly other versions, may allow remote attackers to cause a denial of service or execute arbitrary code via "maths overflow errors" such as (1) integer signedness errors or (2) integer overflows, which lead to buffer overflows.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2003-03-31T00:00:00 RHSA-2003:061 Red Hat Enterprise Linux ES version 2.1 2003-03-31T00:00:00 RHSA-2003:061 Red Hat Enterprise Linux WS version 2.1 2003-03-31T00:00:00 RHSA-2003:061 Red Hat Linux 7.0 2003-04-03T00:00:00 RHSA-2003:060 Red Hat Linux 7.1 2003-04-03T00:00:00 RHSA-2003:060 Red Hat Linux 7.2 2003-04-03T00:00:00 RHSA-2003:060 Red Hat Linux 7.3 2003-04-03T00:00:00 RHSA-2003:060 Red Hat Linux 8.0 2003-04-03T00:00:00 RHSA-2003:060 Red Hat Linux Advanced Workstation 2.1 2003-03-31T00:00:00 RHSA-2003:061 https://www.cve.org/CVERecord?id=CVE-2003-0146 https://nvd.nist.gov/vuln/detail/CVE-2003-0146 Important 2003-03-14T00:00:00 security flaw

OpenSSL does not use RSA blinding by default, which allows local and remote attackers to obtain the server's private key by determining factors using timing differences on (1) the number of extra reductions during Montgomery reduction, and (2) the use of different integer multiplication algorithms ("Karatsuba" and normal).

Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2003-03-31T00:00:00 RHSA-2003:102 Red Hat Enterprise Linux ES version 2.1 2003-03-31T00:00:00 RHSA-2003:102 Red Hat Enterprise Linux WS version 2.1 2003-03-31T00:00:00 RHSA-2003:102 Red Hat Linux 6.2 2003-04-01T00:00:00 RHSA-2003:101 Red Hat Linux 7.0 2003-04-01T00:00:00 RHSA-2003:101 Red Hat Linux 7.1 2003-04-01T00:00:00 RHSA-2003:101 Red Hat Linux 7.1 2003-06-23T00:00:00 RHSA-2003:205 Red Hat Linux 7.2 2003-04-01T00:00:00 RHSA-2003:101 Red Hat Linux 7.3 2003-04-01T00:00:00 RHSA-2003:101 Red Hat Linux 8.0 2003-04-01T00:00:00 RHSA-2003:101 Red Hat Linux 9 2003-04-01T00:00:00 RHSA-2003:101 Red Hat Linux Advanced Workstation 2.1 2003-03-31T00:00:00 RHSA-2003:102 Red Hat Stronghold 3 2003-04-15T00:00:00 RHSA-2003:117 Red Hat Stronghold 4 2003-03-28T00:00:00 RHSA-2003:116 https://www.cve.org/CVERecord?id=CVE-2003-0147 https://nvd.nist.gov/vuln/detail/CVE-2003-0147 Important 2003-03-08T00:00:00 security flaw

MySQL 3.23.55 and earlier creates world-writeable files and allows mysql users to gain root privileges by using the "SELECT * INFO OUTFILE" operator to overwrite a configuration file and cause mysql to run as root upon restart, as demonstrated by modifying my.cnf.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2003-04-28T00:00:00 RHSA-2003:094 Red Hat Enterprise Linux ES version 2.1 2003-04-28T00:00:00 RHSA-2003:094 Red Hat Enterprise Linux WS version 2.1 2003-04-28T00:00:00 RHSA-2003:094 Red Hat Linux 7.1 2003-04-29T00:00:00 RHSA-2003:093 Red Hat Linux 7.1 2003-05-15T00:00:00 RHSA-2003:166 Red Hat Linux 7.2 2003-04-29T00:00:00 RHSA-2003:093 Red Hat Linux 7.3 2003-04-29T00:00:00 RHSA-2003:093 Red Hat Linux 8.0 2003-04-29T00:00:00 RHSA-2003:093 Red Hat Linux 9 2003-04-29T00:00:00 RHSA-2003:093 Red Hat Linux Advanced Workstation 2.1 2003-04-28T00:00:00 RHSA-2003:094 https://www.cve.org/CVERecord?id=CVE-2003-0150 https://nvd.nist.gov/vuln/detail/CVE-2003-0150 Moderate 2003-03-09T00:00:00 security flaw

Heap-based buffer overflow in the NTLMSSP code for Ethereal 0.9.9 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2003-07-08T00:00:00 RHSA-2003:077 Red Hat Enterprise Linux ES version 2.1 2003-07-08T00:00:00 RHSA-2003:077 Red Hat Enterprise Linux WS version 2.1 2003-07-08T00:00:00 RHSA-2003:077 Red Hat Linux 7.2 2003-04-23T00:00:00 RHSA-2003:076 Red Hat Linux 7.3 2003-04-23T00:00:00 RHSA-2003:076 Red Hat Linux 8.0 2003-04-23T00:00:00 RHSA-2003:076 Red Hat Linux 9 2003-04-23T00:00:00 RHSA-2003:076 Red Hat Linux Advanced Workstation 2.1 2003-07-08T00:00:00 RHSA-2003:077 https://www.cve.org/CVERecord?id=CVE-2003-0159 https://nvd.nist.gov/vuln/detail/CVE-2003-0159 2003-02-11T00:00:00 security flaw

Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail before 1.2.11 allow remote attackers to inject arbitrary HTML code and steal information from a client's web browser.

Red Hat Linux 8.0 2003-04-24T00:00:00 RHSA-2003:112 Red Hat Linux 9 2003-04-24T00:00:00 RHSA-2003:112 https://www.cve.org/CVERecord?id=CVE-2003-0160 https://nvd.nist.gov/vuln/detail/CVE-2003-0160 Critical 2003-03-29T00:00:00 security flaw

The prescan() function in the address parser (parseaddr.c) in Sendmail before 8.12.9 does not properly handle certain conversions from char and int types, which can cause a length check to be disabled when Sendmail misinterprets an input value as a special "NOCHAR" control value, allowing attackers to cause a denial of service and possibly execute arbitrary code via a buffer overflow attack using messages, a different vulnerability than CVE-2002-1337.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2003-03-31T00:00:00 RHSA-2003:121 Red Hat Enterprise Linux ES version 2.1 2003-03-31T00:00:00 RHSA-2003:121 Red Hat Enterprise Linux WS version 2.1 2003-03-31T00:00:00 RHSA-2003:121 Red Hat Linux 6.2 2003-03-31T00:00:00 RHSA-2003:120 Red Hat Linux 7.0 2003-03-31T00:00:00 RHSA-2003:120 Red Hat Linux 7.1 2003-03-31T00:00:00 RHSA-2003:120 Red Hat Linux 7.1 2003-07-08T00:00:00 RHSA-2003:227 Red Hat Linux 7.2 2003-03-31T00:00:00 RHSA-2003:120 Red Hat Linux 7.3 2003-03-31T00:00:00 RHSA-2003:120 Red Hat Linux 8.0 2003-03-31T00:00:00 RHSA-2003:120 Red Hat Linux 9 2003-03-31T00:00:00 RHSA-2003:120 Red Hat Linux Advanced Workstation 2.1 2003-03-31T00:00:00 RHSA-2003:121 https://www.cve.org/CVERecord?id=CVE-2003-0161 https://nvd.nist.gov/vuln/detail/CVE-2003-0161 2003-03-28T00:00:00 security flaw

Format string vulnerability in Eye Of Gnome (EOG) allows attackers to execute arbitrary code via format string specifiers in a command line argument for the file to display.

Red Hat Linux 8.0 2003-04-03T00:00:00 RHSA-2003:128 Red Hat Linux 9 2003-04-03T00:00:00 RHSA-2003:128 https://www.cve.org/CVERecord?id=CVE-2003-0165 https://nvd.nist.gov/vuln/detail/CVE-2003-0165 2003-05-14T00:00:00 security flaw

The connection tracking core of Netfilter for Linux 2.4.20, with CONFIG_IP_NF_CONNTRACK enabled or the ip_conntrack module loaded, allows remote attackers to cause a denial of service (resource consumption) due to an inconsistency with Linux 2.4.20's support of linked lists, which causes Netfilter to fail to identify connections with an UNCONFIRMED status and use large timeouts.

https://www.cve.org/CVERecord?id=CVE-2003-0187 https://nvd.nist.gov/vuln/detail/CVE-2003-0187 2003-04-27T00:00:00 security flaw

lv reads a .lv file from the current working directory, which allows local users to execute arbitrary commands as other lv users by placing malicious .lv files into other directories.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2003-06-13T00:00:00 RHSA-2003:167 Red Hat Enterprise Linux ES version 2.1 2003-06-13T00:00:00 RHSA-2003:167 Red Hat Enterprise Linux WS version 2.1 2003-06-13T00:00:00 RHSA-2003:167 Red Hat Linux 7.1 2003-05-16T00:00:00 RHSA-2003:169 Red Hat Linux 7.2 2003-05-16T00:00:00 RHSA-2003:169 Red Hat Linux 7.3 2003-05-16T00:00:00 RHSA-2003:169 Red Hat Linux 8.0 2003-05-16T00:00:00 RHSA-2003:169 Red Hat Linux 9 2003-05-16T00:00:00 RHSA-2003:169 Red Hat Linux Advanced Workstation 2.1 2003-06-13T00:00:00 RHSA-2003:167 https://www.cve.org/CVERecord?id=CVE-2003-0188 https://nvd.nist.gov/vuln/detail/CVE-2003-0188 2003-05-28T00:00:00 security flaw

The authentication module for Apache 2.0.40 through 2.0.45 on Unix does not properly handle threads safely when using the crypt_r or crypt functions, which allows remote attackers to cause a denial of service (failed Basic authentication with valid usernames and passwords) when a threaded MPM is used.

Red Hat Linux 8.0 2003-05-28T00:00:00 RHSA-2003:186 Red Hat Linux 9 2003-05-28T00:00:00 RHSA-2003:186 https://www.cve.org/CVERecord?id=CVE-2003-0189 https://nvd.nist.gov/vuln/detail/CVE-2003-0189 Low 2003-04-30T00:00:00 security flaw

OpenSSH-portable (OpenSSH) 3.6.1p1 and earlier with PAM support enabled immediately sends an error message when a user does not exist, which allows remote attackers to determine valid usernames via a timing attack.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2003-07-29T00:00:00 RHSA-2003:224 Red Hat Enterprise Linux ES version 2.1 2003-07-29T00:00:00 RHSA-2003:224 Red Hat Enterprise Linux WS version 2.1 2003-07-29T00:00:00 RHSA-2003:224 Red Hat Linux 7.1 2003-07-29T00:00:00 RHSA-2003:222 Red Hat Linux 7.2 2003-07-29T00:00:00 RHSA-2003:222 Red Hat Linux 7.3 2003-07-29T00:00:00 RHSA-2003:222 Red Hat Linux 8.0 2003-07-29T00:00:00 RHSA-2003:222 Red Hat Linux 9 2003-07-29T00:00:00 RHSA-2003:222 Red Hat Linux Advanced Workstation 2.1 2003-07-29T00:00:00 RHSA-2003:224 https://www.cve.org/CVERecord?id=CVE-2003-0190 https://nvd.nist.gov/vuln/detail/CVE-2003-0190 Moderate 2003-07-09T00:00:00 security flaw

Apache 2 before 2.0.47, and certain versions of mod_ssl for Apache 1.3, do not properly handle "certain sequences of per-directory renegotiations and the SSLCipherSuite directive being used to upgrade from a weak ciphersuite to a strong one," which could cause Apache to use the weak ciphersuite.

This issue affected Red Hat Enterprise Linux 2.1 and an update was released to correct it: http://rhn.redhat.com/errata/RHSA-2003-244.html Red Hat Enterprise Linux 3 contained a backported patch to correct this issue since release. This issue does not affect the versions of Apache in Enterprise Linux 4 or later. Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2003-09-22T00:00:00 RHSA-2003:244 Red Hat Enterprise Linux ES version 2.1 2003-09-22T00:00:00 RHSA-2003:244 Red Hat Enterprise Linux WS version 2.1 2003-09-22T00:00:00 RHSA-2003:244 Red Hat Linux 7.1 2003-09-22T00:00:00 RHSA-2003:243 Red Hat Linux 7.2 2003-09-22T00:00:00 RHSA-2003:243 Red Hat Linux 7.3 2003-09-22T00:00:00 RHSA-2003:243 Red Hat Linux 8.0 2003-09-04T00:00:00 RHSA-2003:240 Red Hat Linux 9 2003-09-04T00:00:00 RHSA-2003:240 Red Hat Linux Advanced Workstation 2.1 2003-09-22T00:00:00 RHSA-2003:244 Red Hat Stronghold 4 2003-09-30T00:00:00 RHSA-2003:290 Stronghold 4 for Red Hat Enterprise Linux 2003-10-15T00:00:00 RHSA-2003:301 https://www.cve.org/CVERecord?id=CVE-2003-0192 https://nvd.nist.gov/vuln/detail/CVE-2003-0192 2003-05-05T00:00:00 security flaw

tcpdump does not properly drop privileges to the pcap user when starting up.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2003-06-09T00:00:00 RHSA-2003:151 Red Hat Enterprise Linux ES version 2.1 2003-06-09T00:00:00 RHSA-2003:151 Red Hat Enterprise Linux WS version 2.1 2003-06-09T00:00:00 RHSA-2003:151 Red Hat Linux 7.1 2003-05-15T00:00:00 RHSA-2003:174 Red Hat Linux 7.1 2003-06-30T00:00:00 RHSA-2003:214 Red Hat Linux 7.2 2003-05-15T00:00:00 RHSA-2003:174 Red Hat Linux 7.3 2003-05-15T00:00:00 RHSA-2003:174 Red Hat Linux 8.0 2003-05-15T00:00:00 RHSA-2003:174 Red Hat Linux 9 2003-05-15T00:00:00 RHSA-2003:174 Red Hat Linux Advanced Workstation 2.1 2003-06-09T00:00:00 RHSA-2003:151 https://www.cve.org/CVERecord?id=CVE-2003-0194 https://nvd.nist.gov/vuln/detail/CVE-2003-0194 2003-05-27T00:00:00 security flaw

CUPS before 1.1.19 allows remote attackers to cause a denial of service via a partial printing request to the IPP port (631), which does not time out.

Red Hat Linux 7.3 2003-05-27T00:00:00 RHSA-2003:171 Red Hat Linux 8.0 2003-05-27T00:00:00 RHSA-2003:171 Red Hat Linux 9 2003-05-27T00:00:00 RHSA-2003:171 https://www.cve.org/CVERecord?id=CVE-2003-0195 https://nvd.nist.gov/vuln/detail/CVE-2003-0195 Critical 2003-04-07T00:00:00 security flaw

Multiple buffer overflows in Samba before 2.2.8a may allow remote attackers to execute arbitrary code or cause a denial of service, as discovered by the Samba team and a different vulnerability than CVE-2003-0201.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2003-04-07T00:00:00 RHSA-2003:138 Red Hat Enterprise Linux ES version 2.1 2003-04-07T00:00:00 RHSA-2003:138 Red Hat Enterprise Linux WS version 2.1 2003-04-07T00:00:00 RHSA-2003:138 Red Hat Linux 7.1 2003-04-08T00:00:00 RHSA-2003:137 Red Hat Linux 7.1 2003-07-15T00:00:00 RHSA-2003:226 Red Hat Linux 7.2 2003-04-08T00:00:00 RHSA-2003:137 Red Hat Linux 7.3 2003-04-08T00:00:00 RHSA-2003:137 Red Hat Linux 8.0 2003-04-08T00:00:00 RHSA-2003:137 Red Hat Linux 9 2003-04-08T00:00:00 RHSA-2003:137 Red Hat Linux Advanced Workstation 2.1 2003-04-07T00:00:00 RHSA-2003:138 https://www.cve.org/CVERecord?id=CVE-2003-0196 https://nvd.nist.gov/vuln/detail/CVE-2003-0196 Critical 2003-04-07T00:00:00 security flaw

Buffer overflow in the call_trans2open function in trans2.c for Samba 2.2.x before 2.2.8a, 2.0.10 and earlier 2.0.x versions, and Samba-TNG before 0.3.2, allows remote attackers to execute arbitrary code.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2003-04-07T00:00:00 RHSA-2003:138 Red Hat Enterprise Linux ES version 2.1 2003-04-07T00:00:00 RHSA-2003:138 Red Hat Enterprise Linux WS version 2.1 2003-04-07T00:00:00 RHSA-2003:138 Red Hat Linux 7.1 2003-04-08T00:00:00 RHSA-2003:137 Red Hat Linux 7.1 2003-07-15T00:00:00 RHSA-2003:226 Red Hat Linux 7.2 2003-04-08T00:00:00 RHSA-2003:137 Red Hat Linux 7.3 2003-04-08T00:00:00 RHSA-2003:137 Red Hat Linux 8.0 2003-04-08T00:00:00 RHSA-2003:137 Red Hat Linux 9 2003-04-08T00:00:00 RHSA-2003:137 Red Hat Linux Advanced Workstation 2.1 2003-04-07T00:00:00 RHSA-2003:138 https://www.cve.org/CVERecord?id=CVE-2003-0201 https://nvd.nist.gov/vuln/detail/CVE-2003-0201 2003-04-03T00:00:00 security flaw

KDE 2 and KDE 3.1.1 and earlier 3.x versions allows attackers to execute arbitrary commands via (1) PostScript (PS) or (2) PDF files, related to missing -dPARANOIDSAFER and -dSAFER arguments when using the kghostview Ghostscript viewer.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2003-05-22T00:00:00 RHSA-2003:146 Red Hat Enterprise Linux ES version 2.1 2003-05-22T00:00:00 RHSA-2003:146 Red Hat Enterprise Linux WS version 2.1 2003-05-22T00:00:00 RHSA-2003:146 Red Hat Linux 7.1 2003-05-12T00:00:00 RHSA-2003:002 Red Hat Linux 7.2 2003-05-12T00:00:00 RHSA-2003:002 Red Hat Linux 7.3 2003-05-12T00:00:00 RHSA-2003:002 Red Hat Linux 8.0 2003-05-12T00:00:00 RHSA-2003:002 Red Hat Linux 9 2003-05-12T00:00:00 RHSA-2003:002 Red Hat Linux Advanced Workstation 2.1 2003-05-22T00:00:00 RHSA-2003:146 https://www.cve.org/CVERecord?id=CVE-2003-0204 https://nvd.nist.gov/vuln/detail/CVE-2003-0204 Important 2003-04-18T00:00:00 security flaw

Memory leak in xinetd 2.3.10 allows remote attackers to cause a denial of service (memory consumption) via a large number of rejected connections.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2003-05-22T00:00:00 RHSA-2003:161 Red Hat Enterprise Linux ES version 2.1 2003-05-22T00:00:00 RHSA-2003:161 Red Hat Enterprise Linux WS version 2.1 2003-05-22T00:00:00 RHSA-2003:161 Red Hat Linux 7.1 2003-05-13T00:00:00 RHSA-2003:160 Red Hat Linux 7.1 2003-07-14T00:00:00 RHSA-2003:228 Red Hat Linux 7.2 2003-05-13T00:00:00 RHSA-2003:160 Red Hat Linux 7.3 2003-05-13T00:00:00 RHSA-2003:160 Red Hat Linux 8.0 2003-05-13T00:00:00 RHSA-2003:160 Red Hat Linux 9 2003-05-13T00:00:00 RHSA-2003:160 Red Hat Linux Advanced Workstation 2.1 2003-05-22T00:00:00 RHSA-2003:161 https://www.cve.org/CVERecord?id=CVE-2003-0211 https://nvd.nist.gov/vuln/detail/CVE-2003-0211 Important 2003-04-05T00:00:00 security flaw

The route cache implementation in Linux 2.4, and the Netfilter IP conntrack module, allows remote attackers to cause a denial of service (CPU consumption) via packets with forged source addresses that cause a large number of hash table collisions.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2003-05-27T00:00:00 RHSA-2003:145 Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2003-05-30T00:00:00 RHSA-2003:147 Red Hat Enterprise Linux ES version 2.1 2003-05-30T00:00:00 RHSA-2003:147 Red Hat Enterprise Linux WS version 2.1 2003-05-30T00:00:00 RHSA-2003:147 Red Hat Linux 7.1 2003-06-25T00:00:00 RHSA-2003:190 Red Hat Linux Advanced Workstation 2.1 2003-05-27T00:00:00 RHSA-2003:145 https://www.cve.org/CVERecord?id=CVE-2003-0244 https://nvd.nist.gov/vuln/detail/CVE-2003-0244 2003-05-28T00:00:00 security flaw

Vulnerability in the apr_psprintf function in the Apache Portable Runtime (APR) library for Apache 2.0.37 through 2.0.45 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long strings, as demonstrated using XML objects to mod_dav, and possibly other vectors.

Red Hat Linux 8.0 2003-05-28T00:00:00 RHSA-2003:186 Red Hat Linux 9 2003-05-28T00:00:00 RHSA-2003:186 https://www.cve.org/CVERecord?id=CVE-2003-0245 https://nvd.nist.gov/vuln/detail/CVE-2003-0245 2003-05-12T00:00:00 security flaw

The ioperm system call in Linux kernel 2.4.20 and earlier does not properly restrict privileges, which allows local users to gain read or write access to certain I/O ports.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2003-05-30T00:00:00 RHSA-2003:147 Red Hat Enterprise Linux ES version 2.1 2003-05-30T00:00:00 RHSA-2003:147 Red Hat Enterprise Linux WS version 2.1 2003-05-30T00:00:00 RHSA-2003:147 https://www.cve.org/CVERecord?id=CVE-2003-0246 https://nvd.nist.gov/vuln/detail/CVE-2003-0246 Important 2003-06-03T00:00:00 security flaw

Unknown vulnerability in the TTY layer of the Linux kernel 2.4 allows attackers to cause a denial of service ("kernel oops").

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2003-06-19T00:00:00 RHSA-2003:195 Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2003-08-21T00:00:00 RHSA-2003:198 Red Hat Enterprise Linux ES version 2.1 2003-06-19T00:00:00 RHSA-2003:195 Red Hat Enterprise Linux WS version 2.1 2003-06-19T00:00:00 RHSA-2003:195 Red Hat Linux 7.1 2003-06-03T00:00:00 RHSA-2003:187 Red Hat Linux 7.1 2003-06-25T00:00:00 RHSA-2003:190 Red Hat Linux 7.2 2003-06-03T00:00:00 RHSA-2003:187 Red Hat Linux 7.3 2003-06-03T00:00:00 RHSA-2003:187 Red Hat Linux 8.0 2003-06-03T00:00:00 RHSA-2003:187 Red Hat Linux 9 2003-06-03T00:00:00 RHSA-2003:187 Red Hat Linux Advanced Workstation 2.1 2003-08-21T00:00:00 RHSA-2003:198 https://www.cve.org/CVERecord?id=CVE-2003-0247 https://nvd.nist.gov/vuln/detail/CVE-2003-0247 Moderate 2003-06-03T00:00:00 security flaw

The mxcsr code in Linux kernel 2.4 allows attackers to modify CPU state registers via a malformed address.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2003-06-19T00:00:00 RHSA-2003:195 Red Hat Enterprise Linux ES version 2.1 2003-06-19T00:00:00 RHSA-2003:195 Red Hat Enterprise Linux WS version 2.1 2003-06-19T00:00:00 RHSA-2003:195 Red Hat Linux 7.1 2003-06-03T00:00:00 RHSA-2003:187 Red Hat Linux 7.2 2003-06-03T00:00:00 RHSA-2003:187 Red Hat Linux 7.3 2003-06-03T00:00:00 RHSA-2003:187 Red Hat Linux 8.0 2003-06-03T00:00:00 RHSA-2003:187 Red Hat Linux 9 2003-06-03T00:00:00 RHSA-2003:187 https://www.cve.org/CVERecord?id=CVE-2003-0248 https://nvd.nist.gov/vuln/detail/CVE-2003-0248 Moderate 2003-08-04T00:00:00 security flaw

ypserv NIS server before 2.7 allows remote attackers to cause a denial of service via a TCP client request that does not respond to the server, which causes ypserv to block.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2003-06-25T00:00:00 RHSA-2003:201 Red Hat Enterprise Linux ES version 2.1 2003-06-25T00:00:00 RHSA-2003:201 Red Hat Linux 7.1 2003-06-25T00:00:00 RHSA-2003:173 Red Hat Linux 7.1 2003-07-14T00:00:00 RHSA-2003:229 Red Hat Linux 7.2 2003-06-25T00:00:00 RHSA-2003:173 Red Hat Linux 7.3 2003-06-25T00:00:00 RHSA-2003:173 Red Hat Linux 8.0 2003-06-25T00:00:00 RHSA-2003:173 Red Hat Linux 9 2003-06-25T00:00:00 RHSA-2003:173 Red Hat Linux Advanced Workstation 2.1 2003-06-25T00:00:00 RHSA-2003:201 https://www.cve.org/CVERecord?id=CVE-2003-0251 https://nvd.nist.gov/vuln/detail/CVE-2003-0251 Important 2003-07-14T00:00:00 security flaw

Off-by-one error in the xlog function of mountd in the Linux NFS utils package (nfs-utils) before 1.0.4 allows remote attackers to cause a denial of service and possibly execute arbitrary code via certain RPC requests to mountd that do not contain newlines.

This issue has been addressed in nfs-utils packages as shipped in Red Hat Enterprise Linux 2 via https://rhn.redhat.com/errata/RHSA-2003-207.html. Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2003-07-14T00:00:00 RHSA-2003:207 Red Hat Enterprise Linux ES version 2.1 2003-07-14T00:00:00 RHSA-2003:207 Red Hat Enterprise Linux WS version 2.1 2003-07-14T00:00:00 RHSA-2003:207 Red Hat Linux 7.1 2003-07-14T00:00:00 RHSA-2003:206 Red Hat Linux 7.2 2003-07-14T00:00:00 RHSA-2003:206 Red Hat Linux 7.3 2003-07-14T00:00:00 RHSA-2003:206 Red Hat Linux 8.0 2003-07-14T00:00:00 RHSA-2003:206 Red Hat Linux 9 2003-07-14T00:00:00 RHSA-2003:206 Red Hat Linux Advanced Workstation 2.1 2003-07-14T00:00:00 RHSA-2003:207 https://www.cve.org/CVERecord?id=CVE-2003-0252 https://nvd.nist.gov/vuln/detail/CVE-2003-0252 2003-07-09T00:00:00 security flaw

The prefork MPM in Apache 2 before 2.0.47 does not properly handle certain errors from accept, which could lead to a denial of service.

Red Hat Linux 8.0 2003-09-04T00:00:00 RHSA-2003:240 Red Hat Linux 9 2003-09-04T00:00:00 RHSA-2003:240 https://www.cve.org/CVERecord?id=CVE-2003-0253 https://nvd.nist.gov/vuln/detail/CVE-2003-0253 2003-07-09T00:00:00 security flaw

Apache 2 before 2.0.47, when running on an IPv6 host, allows attackers to cause a denial of service (CPU consumption by infinite loop) when the FTP proxy server fails to create an IPv6 socket.

Red Hat Linux 8.0 2003-09-04T00:00:00 RHSA-2003:240 Red Hat Linux 9 2003-09-04T00:00:00 RHSA-2003:240 https://www.cve.org/CVERecord?id=CVE-2003-0254 https://nvd.nist.gov/vuln/detail/CVE-2003-0254 Moderate 2003-05-04T00:00:00 security flaw

The key validation code in GnuPG before 1.2.2 does not properly determine the validity of keys with multiple user IDs and assigns the greatest validity of the most valid user ID, which prevents GnuPG from warning the encrypting user when a user ID does not have a trusted path.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2003-06-23T00:00:00 RHSA-2003:176 Red Hat Enterprise Linux ES version 2.1 2003-06-23T00:00:00 RHSA-2003:176 Red Hat Enterprise Linux WS version 2.1 2003-06-23T00:00:00 RHSA-2003:176 Red Hat Linux 7.1 2003-05-21T00:00:00 RHSA-2003:175 Red Hat Linux 7.2 2003-05-21T00:00:00 RHSA-2003:175 Red Hat Linux 7.3 2003-05-21T00:00:00 RHSA-2003:175 Red Hat Linux 8.0 2003-05-21T00:00:00 RHSA-2003:175 Red Hat Linux 9 2003-05-21T00:00:00 RHSA-2003:175 Red Hat Linux Advanced Workstation 2.1 2003-06-23T00:00:00 RHSA-2003:176 https://www.cve.org/CVERecord?id=CVE-2003-0255 https://nvd.nist.gov/vuln/detail/CVE-2003-0255 Moderate 2003-05-09T00:00:00 security flaw

Directory traversal vulnerability in UnZip 5.50 allows attackers to overwrite arbitrary files via invalid characters between two . (dot) characters, which are filtered and result in a ".." sequence.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2003-07-01T00:00:00 RHSA-2003:200 Red Hat Enterprise Linux ES version 2.1 2003-07-01T00:00:00 RHSA-2003:200 Red Hat Enterprise Linux WS version 2.1 2003-07-01T00:00:00 RHSA-2003:200 Red Hat Linux 7.1 2003-07-01T00:00:00 RHSA-2003:199 Red Hat Linux 7.1 2003-07-01T00:00:00 RHSA-2003:218 Red Hat Linux 7.2 2003-07-01T00:00:00 RHSA-2003:199 Red Hat Linux 7.3 2003-07-01T00:00:00 RHSA-2003:199 Red Hat Linux 8.0 2003-07-01T00:00:00 RHSA-2003:199 Red Hat Linux 9 2003-07-01T00:00:00 RHSA-2003:199 Red Hat Linux Advanced Workstation 2.1 2003-07-01T00:00:00 RHSA-2003:200 https://www.cve.org/CVERecord?id=CVE-2003-0282 https://nvd.nist.gov/vuln/detail/CVE-2003-0282 Low 2003-05-14T00:00:00 security flaw

c-client IMAP Client, as used in imap-2002b and Pine 4.53, allows remote malicious IMAP servers to cause a denial of service (crash) and possibly execute arbitrary code via certain large (1) literal and (2) mailbox size values that cause either integer signedness errors or integer overflow errors.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2005-01-12T00:00:00 RHSA-2005:015 Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2005-02-18T00:00:00 RHSA-2005:114 Red Hat Enterprise Linux ES version 2.1 2005-01-12T00:00:00 RHSA-2005:015 Red Hat Enterprise Linux ES version 2.1 2005-02-18T00:00:00 RHSA-2005:114 Red Hat Enterprise Linux WS version 2.1 2005-01-12T00:00:00 RHSA-2005:015 Red Hat Linux Advanced Workstation 2.1 2005-01-12T00:00:00 RHSA-2005:015 Red Hat Linux Advanced Workstation 2.1 2005-02-18T00:00:00 RHSA-2005:114 https://www.cve.org/CVERecord?id=CVE-2003-0297 https://nvd.nist.gov/vuln/detail/CVE-2003-0297 Important 2003-09-05T00:00:00 security flaw

EPIC IRC Client (EPIC4) pre2.002, pre2.003, and possibly later versions, allows remote malicious IRC servers to cause a denial of service (crash) and possibly execute arbitrary code via a CTCP request from a large nickname, which causes an incorrect length calculation.

Red Hat Linux 7.3 2003-11-17T00:00:00 RHSA-2003:342 Red Hat Linux 8.0 2003-11-17T00:00:00 RHSA-2003:342 Red Hat Linux 9 2003-11-17T00:00:00 RHSA-2003:342 https://www.cve.org/CVERecord?id=CVE-2003-0328 https://nvd.nist.gov/vuln/detail/CVE-2003-0328 2003-05-18T00:00:00 security flaw

Unknown vulnerability in GNU Ghostscript before 7.07 allows attackers to execute arbitrary commands, even when -dSAFER is enabled, via a PostScript file that causes the commands to be executed from a malicious print job.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2003-06-17T00:00:00 RHSA-2003:182 Red Hat Enterprise Linux ES version 2.1 2003-06-17T00:00:00 RHSA-2003:182 Red Hat Enterprise Linux WS version 2.1 2003-06-17T00:00:00 RHSA-2003:182 Red Hat Linux 7.1 2003-05-30T00:00:00 RHSA-2003:181 Red Hat Linux 7.1 2003-06-24T00:00:00 RHSA-2003:209 Red Hat Linux 7.2 2003-05-30T00:00:00 RHSA-2003:181 Red Hat Linux 7.3 2003-05-30T00:00:00 RHSA-2003:181 Red Hat Linux 8.0 2003-05-30T00:00:00 RHSA-2003:181 Red Hat Linux 9 2003-05-30T00:00:00 RHSA-2003:181 Red Hat Linux Advanced Workstation 2.1 2003-06-17T00:00:00 RHSA-2003:182 https://www.cve.org/CVERecord?id=CVE-2003-0354 https://nvd.nist.gov/vuln/detail/CVE-2003-0354 Moderate 2003-05-01T00:00:00 security flaw

Multiple off-by-one vulnerabilities in Ethereal 0.9.11 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via the (1) AIM, (2) GIOP Gryphon, (3) OSPF, (4) PPTP, (5) Quake, (6) Quake2, (7) Quake3, (8) Rsync, (9) SMB, (10) SMPP, and (11) TSP dissectors, which do not properly use the tvb_get_nstringz and tvb_get_nstringz0 functions.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2003-07-08T00:00:00 RHSA-2003:077 Red Hat Enterprise Linux ES version 2.1 2003-07-08T00:00:00 RHSA-2003:077 Red Hat Enterprise Linux WS version 2.1 2003-07-08T00:00:00 RHSA-2003:077 Red Hat Linux 7.2 2003-07-03T00:00:00 RHSA-2003:203 Red Hat Linux 7.3 2003-07-03T00:00:00 RHSA-2003:203 Red Hat Linux 8.0 2003-07-03T00:00:00 RHSA-2003:203 Red Hat Linux 9 2003-07-03T00:00:00 RHSA-2003:203 Red Hat Linux Advanced Workstation 2.1 2003-07-08T00:00:00 RHSA-2003:077 https://www.cve.org/CVERecord?id=CVE-2003-0356 https://nvd.nist.gov/vuln/detail/CVE-2003-0356 Moderate 2003-05-01T00:00:00 security flaw

Multiple integer overflow vulnerabilities in Ethereal 0.9.11 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via the (1) Mount and (2) PPP dissectors.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2003-07-08T00:00:00 RHSA-2003:077 Red Hat Enterprise Linux ES version 2.1 2003-07-08T00:00:00 RHSA-2003:077 Red Hat Enterprise Linux WS version 2.1 2003-07-08T00:00:00 RHSA-2003:077 Red Hat Linux 7.2 2003-07-03T00:00:00 RHSA-2003:203 Red Hat Linux 7.3 2003-07-03T00:00:00 RHSA-2003:203 Red Hat Linux 8.0 2003-07-03T00:00:00 RHSA-2003:203 Red Hat Linux 9 2003-07-03T00:00:00 RHSA-2003:203 Red Hat Linux Advanced Workstation 2.1 2003-07-08T00:00:00 RHSA-2003:077 https://www.cve.org/CVERecord?id=CVE-2003-0357 https://nvd.nist.gov/vuln/detail/CVE-2003-0357 Important 2003-06-03T00:00:00 security flaw

The TCP/IP fragment reassembly handling in the Linux kernel 2.4 allows remote attackers to cause a denial of service (CPU consumption) via certain packets that cause a large number of hash table collisions.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2003-06-19T00:00:00 RHSA-2003:195 Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2003-08-21T00:00:00 RHSA-2003:198 Red Hat Enterprise Linux ES version 2.1 2003-06-19T00:00:00 RHSA-2003:195 Red Hat Enterprise Linux WS version 2.1 2003-06-19T00:00:00 RHSA-2003:195 Red Hat Linux 7.1 2003-06-03T00:00:00 RHSA-2003:187 Red Hat Linux 7.1 2003-06-25T00:00:00 RHSA-2003:190 Red Hat Linux 7.2 2003-06-03T00:00:00 RHSA-2003:187 Red Hat Linux 7.3 2003-06-03T00:00:00 RHSA-2003:187 Red Hat Linux 8.0 2003-06-03T00:00:00 RHSA-2003:187 Red Hat Linux 9 2003-06-03T00:00:00 RHSA-2003:187 Red Hat Linux Advanced Workstation 2.1 2003-08-21T00:00:00 RHSA-2003:198 https://www.cve.org/CVERecord?id=CVE-2003-0364 https://nvd.nist.gov/vuln/detail/CVE-2003-0364 Moderate 2003-07-02T00:00:00 gzip: symlink attack on temporary files leads to arbitrary file overwrite 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N (CWE-20|CWE-377)

znew in the gzip package allows local users to overwrite arbitrary files via a symlink attack on temporary files.

Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Red Hat Enterprise Linux 5 Not affected gzip Red Hat Enterprise Linux 6 Not affected gzip Red Hat Enterprise Linux 7 Not affected gzip Red Hat Enterprise Linux 8 Not affected gzip https://www.cve.org/CVERecord?id=CVE-2003-0367 https://nvd.nist.gov/vuln/detail/CVE-2003-0367 Important 2003-06-02T00:00:00 security flaw

Konqueror Embedded and KDE 2.2.2 and earlier does not validate the Common Name (CN) field for X.509 Certificates, which could allow remote attackers to spoof certificates via a man-in-the-middle attack.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2003-06-17T00:00:00 RHSA-2003:193 Red Hat Enterprise Linux ES version 2.1 2003-06-17T00:00:00 RHSA-2003:193 Red Hat Enterprise Linux WS version 2.1 2003-06-17T00:00:00 RHSA-2003:193 Red Hat Linux 7.1 2003-06-05T00:00:00 RHSA-2003:192 Red Hat Linux 7.2 2003-06-05T00:00:00 RHSA-2003:192 Red Hat Linux Advanced Workstation 2.1 2003-06-17T00:00:00 RHSA-2003:193 https://www.cve.org/CVERecord?id=CVE-2003-0370 https://nvd.nist.gov/vuln/detail/CVE-2003-0370 Low 2003-06-05T00:00:00 security flaw

OpenSSH 3.6.1 and earlier, when restricting host access by numeric IP addresses and with VerifyReverseMapping disabled, allows remote attackers to bypass "from=" and "user@host" address restrictions by connecting to a host from a system whose reverse DNS hostname contains the numeric IP address.

Red Hat Enterprise Linux 2.1 2006-09-29T00:00:00 RHSA-2006:0698 openssh-0:3.1p1-21 Red Hat Enterprise Linux 3 2006-07-20T00:00:00 RHSA-2006:0298 openssh-0:3.6.1p2-33.30.9 https://www.cve.org/CVERecord?id=CVE-2003-0386 https://nvd.nist.gov/vuln/detail/CVE-2003-0386 Low 2003-06-16T00:00:00 security flaw

pam_wheel in Linux-PAM 0.78, with the trust option enabled and the use_uid option disabled, allows local users to spoof log entries and gain privileges by causing getlogin() to return a spoofed user name.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2004-08-18T00:00:00 RHSA-2004:304 Red Hat Enterprise Linux ES version 2.1 2004-08-18T00:00:00 RHSA-2004:304 Red Hat Enterprise Linux WS version 2.1 2004-08-18T00:00:00 RHSA-2004:304 Red Hat Linux Advanced Workstation 2.1 2004-08-18T00:00:00 RHSA-2004:304 https://www.cve.org/CVERecord?id=CVE-2003-0388 https://nvd.nist.gov/vuln/detail/CVE-2003-0388 Low 2003-06-13T00:00:00 security flaw

Buffer overflow in mikmod 3.1.6 and earlier allows remote attackers to execute arbitrary code via an archive file that contains a file with a long filename.

Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Red Hat Enterprise Linux 3 2005-06-13T00:00:00 RHSA-2005:506 mikmod-0:3.1.6-22.EL3 Red Hat Enterprise Linux 4 2005-06-13T00:00:00 RHSA-2005:506 mikmod-0:3.1.6-32.EL4 https://www.cve.org/CVERecord?id=CVE-2003-0427 https://nvd.nist.gov/vuln/detail/CVE-2003-0427 Low 2003-05-01T00:00:00 security flaw

Unknown vulnerability in the DCERPC (DCE/RPC) dissector in Ethereal 0.9.12 and earlier allows remote attackers to cause a denial of service (memory consumption) via a certain NDR string.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2003-07-08T00:00:00 RHSA-2003:077 Red Hat Enterprise Linux ES version 2.1 2003-07-08T00:00:00 RHSA-2003:077 Red Hat Enterprise Linux WS version 2.1 2003-07-08T00:00:00 RHSA-2003:077 Red Hat Linux 7.2 2003-07-03T00:00:00 RHSA-2003:203 Red Hat Linux 7.3 2003-07-03T00:00:00 RHSA-2003:203 Red Hat Linux 8.0 2003-07-03T00:00:00 RHSA-2003:203 Red Hat Linux 9 2003-07-03T00:00:00 RHSA-2003:203 Red Hat Linux Advanced Workstation 2.1 2003-07-08T00:00:00 RHSA-2003:077 https://www.cve.org/CVERecord?id=CVE-2003-0428 https://nvd.nist.gov/vuln/detail/CVE-2003-0428 Moderate 2003-05-01T00:00:00 security flaw

The OSI dissector in Ethereal 0.9.12 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via invalid IPv4 or IPv6 prefix lengths, possibly triggering a buffer overflow.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2003-07-08T00:00:00 RHSA-2003:077 Red Hat Enterprise Linux ES version 2.1 2003-07-08T00:00:00 RHSA-2003:077 Red Hat Enterprise Linux WS version 2.1 2003-07-08T00:00:00 RHSA-2003:077 Red Hat Linux 7.2 2003-07-03T00:00:00 RHSA-2003:203 Red Hat Linux 7.3 2003-07-03T00:00:00 RHSA-2003:203 Red Hat Linux 8.0 2003-07-03T00:00:00 RHSA-2003:203 Red Hat Linux 9 2003-07-03T00:00:00 RHSA-2003:203 Red Hat Linux Advanced Workstation 2.1 2003-07-08T00:00:00 RHSA-2003:077 https://www.cve.org/CVERecord?id=CVE-2003-0429 https://nvd.nist.gov/vuln/detail/CVE-2003-0429 Low 2003-05-01T00:00:00 security flaw

The SPNEGO dissector in Ethereal 0.9.12 and earlier allows remote attackers to cause a denial of service (crash) via an invalid ASN.1 value.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2003-07-08T00:00:00 RHSA-2003:077 Red Hat Enterprise Linux ES version 2.1 2003-07-08T00:00:00 RHSA-2003:077 Red Hat Enterprise Linux WS version 2.1 2003-07-08T00:00:00 RHSA-2003:077 Red Hat Linux 7.2 2003-07-03T00:00:00 RHSA-2003:203 Red Hat Linux 7.3 2003-07-03T00:00:00 RHSA-2003:203 Red Hat Linux 8.0 2003-07-03T00:00:00 RHSA-2003:203 Red Hat Linux 9 2003-07-03T00:00:00 RHSA-2003:203 Red Hat Linux Advanced Workstation 2.1 2003-07-08T00:00:00 RHSA-2003:077 https://www.cve.org/CVERecord?id=CVE-2003-0430 https://nvd.nist.gov/vuln/detail/CVE-2003-0430 Low 2003-05-01T00:00:00 security flaw

The tvb_get_nstringz0 function in Ethereal 0.9.12 and earlier does not properly handle a zero-length buffer size, with unknown consequences.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2003-07-08T00:00:00 RHSA-2003:077 Red Hat Enterprise Linux ES version 2.1 2003-07-08T00:00:00 RHSA-2003:077 Red Hat Enterprise Linux WS version 2.1 2003-07-08T00:00:00 RHSA-2003:077 Red Hat Linux 7.2 2003-07-03T00:00:00 RHSA-2003:203 Red Hat Linux 7.3 2003-07-03T00:00:00 RHSA-2003:203 Red Hat Linux 8.0 2003-07-03T00:00:00 RHSA-2003:203 Red Hat Linux 9 2003-07-03T00:00:00 RHSA-2003:203 Red Hat Linux Advanced Workstation 2.1 2003-07-08T00:00:00 RHSA-2003:077 https://www.cve.org/CVERecord?id=CVE-2003-0431 https://nvd.nist.gov/vuln/detail/CVE-2003-0431 Low 2003-05-01T00:00:00 security flaw

Ethereal 0.9.12 and earlier does not handle certain strings properly, with unknown consequences, in the (1) BGP, (2) WTP, (3) DNS, (4) 802.11, (5) ISAKMP, (6) WSP, (7) CLNP, (8) ISIS, and (9) RMI dissectors.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2003-07-08T00:00:00 RHSA-2003:077 Red Hat Enterprise Linux ES version 2.1 2003-07-08T00:00:00 RHSA-2003:077 Red Hat Enterprise Linux WS version 2.1 2003-07-08T00:00:00 RHSA-2003:077 Red Hat Linux 7.2 2003-07-03T00:00:00 RHSA-2003:203 Red Hat Linux 7.3 2003-07-03T00:00:00 RHSA-2003:203 Red Hat Linux 8.0 2003-07-03T00:00:00 RHSA-2003:203 Red Hat Linux 9 2003-07-03T00:00:00 RHSA-2003:203 Red Hat Linux Advanced Workstation 2.1 2003-07-08T00:00:00 RHSA-2003:077 https://www.cve.org/CVERecord?id=CVE-2003-0432 https://nvd.nist.gov/vuln/detail/CVE-2003-0432 Important 2003-06-13T00:00:00 security flaw

Various PDF viewers including (1) Adobe Acrobat 5.06 and (2) Xpdf 1.01 allow remote attackers to execute arbitrary commands via shell metacharacters in an embedded hyperlink.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2003-06-18T00:00:00 RHSA-2003:197 Red Hat Enterprise Linux ES version 2.1 2003-06-18T00:00:00 RHSA-2003:197 Red Hat Enterprise Linux WS version 2.1 2003-06-18T00:00:00 RHSA-2003:197 Red Hat Linux 7.1 2003-06-18T00:00:00 RHSA-2003:196 Red Hat Linux 7.1 2003-06-30T00:00:00 RHSA-2003:216 Red Hat Linux 7.2 2003-06-18T00:00:00 RHSA-2003:196 Red Hat Linux 7.3 2003-06-18T00:00:00 RHSA-2003:196 Red Hat Linux 8.0 2003-06-18T00:00:00 RHSA-2003:196 Red Hat Linux 9 2003-06-18T00:00:00 RHSA-2003:196 Red Hat Linux Advanced Workstation 2.1 2003-06-18T00:00:00 RHSA-2003:197 https://www.cve.org/CVERecord?id=CVE-2003-0434 https://nvd.nist.gov/vuln/detail/CVE-2003-0434 Low 2003-06-06T00:00:00 security flaw

The (1) semi MIME library 1.14.5 and earlier, and (2) wemi 1.14.0 and possibly other versions, allows local users to overwrite arbitrary files via a symlink attack on temporary files.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2003-10-02T00:00:00 RHSA-2003:231 Red Hat Enterprise Linux ES version 2.1 2003-10-02T00:00:00 RHSA-2003:231 Red Hat Enterprise Linux WS version 2.1 2003-10-02T00:00:00 RHSA-2003:231 Red Hat Linux 7.1 2003-07-23T00:00:00 RHSA-2003:234 Red Hat Linux 7.2 2003-07-23T00:00:00 RHSA-2003:234 Red Hat Linux 7.3 2003-07-23T00:00:00 RHSA-2003:234 Red Hat Linux 8.0 2003-07-23T00:00:00 RHSA-2003:234 Red Hat Linux 9 2003-07-23T00:00:00 RHSA-2003:234 Red Hat Linux Advanced Workstation 2.1 2003-10-02T00:00:00 RHSA-2003:231 https://www.cve.org/CVERecord?id=CVE-2003-0440 https://nvd.nist.gov/vuln/detail/CVE-2003-0440 2003-05-11T00:00:00 security flaw

Cross-site scripting (XSS) vulnerability in the transparent SID support capability for PHP before 4.3.2 (session.use_trans_sid) allows remote attackers to insert arbitrary script via the PHPSESSID parameter.

Red Hat Linux 8.0 2003-07-02T00:00:00 RHSA-2003:204 Red Hat Linux 9 2003-07-02T00:00:00 RHSA-2003:204 https://www.cve.org/CVERecord?id=CVE-2003-0442 https://nvd.nist.gov/vuln/detail/CVE-2003-0442 Important 2003-06-28T00:00:00 security flaw

The imagemagick libmagick library 5.5 and earlier creates temporary files insecurely, which allows local users to create or overwrite arbitrary files.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2004-10-20T00:00:00 RHSA-2004:494 Red Hat Enterprise Linux ES version 2.1 2004-10-20T00:00:00 RHSA-2004:494 Red Hat Enterprise Linux WS version 2.1 2004-10-20T00:00:00 RHSA-2004:494 Red Hat Linux Advanced Workstation 2.1 2004-10-20T00:00:00 RHSA-2004:494 https://www.cve.org/CVERecord?id=CVE-2003-0455 https://nvd.nist.gov/vuln/detail/CVE-2003-0455 Moderate 2003-07-29T00:00:00 security flaw

KDE Konqueror for KDE 3.1.2 and earlier does not remove authentication credentials from URLs of the "user:password@host" form in the HTTP-Referer header, which could allow remote web sites to steal the credentials for pages that link to the sites.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2003-07-30T00:00:00 RHSA-2003:236 Red Hat Enterprise Linux ES version 2.1 2003-07-30T00:00:00 RHSA-2003:236 Red Hat Enterprise Linux WS version 2.1 2003-07-30T00:00:00 RHSA-2003:236 Red Hat Linux 7.1 2003-08-11T00:00:00 RHSA-2003:235 Red Hat Linux 7.2 2003-08-11T00:00:00 RHSA-2003:235 Red Hat Linux 7.3 2003-08-11T00:00:00 RHSA-2003:235 Red Hat Linux 8.0 2003-08-11T00:00:00 RHSA-2003:235 Red Hat Linux 9 2003-08-11T00:00:00 RHSA-2003:235 Red Hat Linux Advanced Workstation 2.1 2003-07-30T00:00:00 RHSA-2003:236 https://www.cve.org/CVERecord?id=CVE-2003-0459 https://nvd.nist.gov/vuln/detail/CVE-2003-0459 Low 2003-07-21T00:00:00 security flaw

/proc/tty/driver/serial in Linux 2.4.x reveals the exact number of characters used in serial links, which could allow local users to obtain potentially sensitive information such as the length of passwords.

Red Hat Enterprise Linux 3 2004-05-12T00:00:00 RHSA-2004:188 kernel-0:2.4.21-15.EL Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2002-11-22T00:00:00 RHSA-2002:263 Red Hat Linux 7.1 2003-07-21T00:00:00 RHSA-2003:238 Red Hat Linux 7.2 2003-07-21T00:00:00 RHSA-2003:238 Red Hat Linux 7.3 2003-07-21T00:00:00 RHSA-2003:238 Red Hat Linux 8.0 2003-07-21T00:00:00 RHSA-2003:238 Red Hat Linux 9 2003-07-21T00:00:00 RHSA-2003:238 https://www.cve.org/CVERecord?id=CVE-2003-0461 https://nvd.nist.gov/vuln/detail/CVE-2003-0461 Important 2003-08-21T00:00:00 security flaw

A race condition in the way env_start and env_end pointers are initialized in the execve system call and used in fs/proc/base.c on Linux 2.4 allows local users to cause a denial of service (crash).

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2003-08-21T00:00:00 RHSA-2003:198 Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2003-08-21T00:00:00 RHSA-2003:239 Red Hat Enterprise Linux ES version 2.1 2003-08-21T00:00:00 RHSA-2003:239 Red Hat Enterprise Linux WS version 2.1 2003-08-21T00:00:00 RHSA-2003:239 Red Hat Linux 7.1 2003-07-21T00:00:00 RHSA-2003:238 Red Hat Linux 7.2 2003-07-21T00:00:00 RHSA-2003:238 Red Hat Linux 7.3 2003-07-21T00:00:00 RHSA-2003:238 Red Hat Linux 8.0 2003-07-21T00:00:00 RHSA-2003:238 Red Hat Linux 9 2003-07-21T00:00:00 RHSA-2003:238 Red Hat Linux Advanced Workstation 2.1 2003-08-21T00:00:00 RHSA-2003:198 https://www.cve.org/CVERecord?id=CVE-2003-0462 https://nvd.nist.gov/vuln/detail/CVE-2003-0462 Important 2003-07-21T00:00:00 security flaw

The RPC code in Linux kernel 2.4 sets the reuse flag when sockets are created, which could allow local users to bind to UDP ports that are used by privileged services such as nfsd.

Red Hat Linux 7.1 2003-07-21T00:00:00 RHSA-2003:238 Red Hat Linux 7.2 2003-07-21T00:00:00 RHSA-2003:238 Red Hat Linux 7.3 2003-07-21T00:00:00 RHSA-2003:238 Red Hat Linux 8.0 2003-07-21T00:00:00 RHSA-2003:238 Red Hat Linux 9 2003-07-21T00:00:00 RHSA-2003:238 https://www.cve.org/CVERecord?id=CVE-2003-0464 https://nvd.nist.gov/vuln/detail/CVE-2003-0464 Low 2003-07-11T00:00:00 security flaw

The kernel strncpy function in Linux 2.4 and 2.5 does not %NUL pad the buffer on architectures other than x86, as opposed to the expected behavior of strncpy as implemented in libc, which could lead to information leaks.

Red Hat Enterprise Linux 3 2004-05-12T00:00:00 RHSA-2004:188 kernel-0:2.4.21-15.EL https://www.cve.org/CVERecord?id=CVE-2003-0465 https://nvd.nist.gov/vuln/detail/CVE-2003-0465 Important 2003-07-31T00:00:00 security flaw

Off-by-one error in the fb_realpath() function, as derived from the realpath function in BSD, may allow attackers to execute arbitrary code, as demonstrated in wu-ftpd 2.5.0 through 2.6.2 via commands that cause pathnames of length MAXPATHLEN+1 to trigger a buffer overflow, including (1) STOR, (2) RETR, (3) APPE, (4) DELE, (5) MKD, (6) RMD, (7) STOU, or (8) RNTO.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2003-07-31T00:00:00 RHSA-2003:246 Red Hat Enterprise Linux ES version 2.1 2003-07-31T00:00:00 RHSA-2003:246 Red Hat Linux 7.1 2003-07-31T00:00:00 RHSA-2003:245 Red Hat Linux 7.2 2003-07-31T00:00:00 RHSA-2003:245 Red Hat Linux 7.3 2003-07-31T00:00:00 RHSA-2003:245 Red Hat Linux 8.0 2003-07-31T00:00:00 RHSA-2003:245 Red Hat Linux Advanced Workstation 2.1 2003-07-31T00:00:00 RHSA-2003:246 https://www.cve.org/CVERecord?id=CVE-2003-0466 https://nvd.nist.gov/vuln/detail/CVE-2003-0466 2003-08-03T00:00:00 security flaw

Postfix 1.1.11 and earlier allows remote attackers to use Postfix to conduct "bounce scans" or DDos attacks of other hosts via an email address to the local host containing the target IP address and service name followed by a "!" string, which causes Postfix to attempt to use SMTP to communicate with the target on the associated port.

Red Hat Linux 7.3 2003-08-04T00:00:00 RHSA-2003:251 Red Hat Linux 8.0 2003-08-04T00:00:00 RHSA-2003:251 Red Hat Linux 9 2003-08-04T00:00:00 RHSA-2003:251 https://www.cve.org/CVERecord?id=CVE-2003-0468 https://nvd.nist.gov/vuln/detail/CVE-2003-0468 Important 2003-06-27T00:00:00 security flaw

The execve system call in Linux 2.4.x records the file descriptor of the executable process in the file table of the calling process, which allows local users to gain read access to restricted file descriptors.

Red Hat Desktop version 3 2003-12-19T00:00:00 RHSA-2003:408 Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2003-12-19T00:00:00 RHSA-2003:368 Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2003-12-19T00:00:00 RHSA-2003:408 Red Hat Enterprise Linux ES version 2.1 2003-12-19T00:00:00 RHSA-2003:408 Red Hat Enterprise Linux ES version 3 2003-12-19T00:00:00 RHSA-2003:408 Red Hat Enterprise Linux WS version 2.1 2003-12-19T00:00:00 RHSA-2003:408 Red Hat Linux 7.1 2003-07-21T00:00:00 RHSA-2003:238 Red Hat Linux 7.2 2003-07-21T00:00:00 RHSA-2003:238 Red Hat Linux 7.3 2003-07-21T00:00:00 RHSA-2003:238 Red Hat Linux 8.0 2003-07-21T00:00:00 RHSA-2003:238 Red Hat Linux 9 2003-07-21T00:00:00 RHSA-2003:238 Red Hat Linux Advanced Workstation 2.1 2003-12-19T00:00:00 RHSA-2003:368 https://www.cve.org/CVERecord?id=CVE-2003-0476 https://nvd.nist.gov/vuln/detail/CVE-2003-0476 Moderate 2003-06-20T00:00:00 security flaw

The /proc filesystem in Linux allows local users to obtain sensitive information by opening various entries in /proc/self before executing a setuid program, which causes the program to fail to change the ownership and permissions of those entries.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2003-08-21T00:00:00 RHSA-2003:198 Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2003-08-21T00:00:00 RHSA-2003:239 Red Hat Enterprise Linux ES version 2.1 2003-08-21T00:00:00 RHSA-2003:239 Red Hat Enterprise Linux WS version 2.1 2003-08-21T00:00:00 RHSA-2003:239 Red Hat Linux 7.1 2003-07-21T00:00:00 RHSA-2003:238 Red Hat Linux 7.2 2003-07-21T00:00:00 RHSA-2003:238 Red Hat Linux 7.3 2003-07-21T00:00:00 RHSA-2003:238 Red Hat Linux 8.0 2003-07-21T00:00:00 RHSA-2003:238 Red Hat Linux 9 2003-07-21T00:00:00 RHSA-2003:238 Red Hat Linux Advanced Workstation 2.1 2003-08-21T00:00:00 RHSA-2003:198 https://www.cve.org/CVERecord?id=CVE-2003-0501 https://nvd.nist.gov/vuln/detail/CVE-2003-0501 Low 2003-07-08T00:00:00 security flaw

skk (Simple Kana to Kanji conversion program) 12.1 and earlier, and the ddskk package which is based on skk, creates temporary files insecurely, which allows local users to overwrite arbitrary files.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2003-08-11T00:00:00 RHSA-2003:242 Red Hat Enterprise Linux ES version 2.1 2003-08-11T00:00:00 RHSA-2003:242 Red Hat Enterprise Linux WS version 2.1 2003-08-11T00:00:00 RHSA-2003:242 Red Hat Linux 7.1 2003-08-11T00:00:00 RHSA-2003:241 Red Hat Linux 7.2 2003-08-11T00:00:00 RHSA-2003:241 Red Hat Linux 7.3 2003-08-11T00:00:00 RHSA-2003:241 Red Hat Linux 8.0 2003-08-11T00:00:00 RHSA-2003:241 Red Hat Linux 9 2003-08-11T00:00:00 RHSA-2003:241 Red Hat Linux Advanced Workstation 2.1 2003-08-11T00:00:00 RHSA-2003:242 https://www.cve.org/CVERecord?id=CVE-2003-0539 https://nvd.nist.gov/vuln/detail/CVE-2003-0539 2003-08-03T00:00:00 security flaw

The address parser code in Postfix 1.1.12 and earlier allows remote attackers to cause a denial of service (lock) via (1) a malformed envelope address to a local host that would generate a bounce and contains the ".!" string in the MAIL FROM or Errors-To headers, which causes nqmgr to lock up, or (2) via a valid MAIL FROM with a RCPT TO containing a ".!" string, which causes an instance of the SMTP listener to lock up.

Red Hat Linux 7.3 2003-08-04T00:00:00 RHSA-2003:251 Red Hat Linux 8.0 2003-08-04T00:00:00 RHSA-2003:251 Red Hat Linux 9 2003-08-04T00:00:00 RHSA-2003:251 https://www.cve.org/CVERecord?id=CVE-2003-0540 https://nvd.nist.gov/vuln/detail/CVE-2003-0540 2003-09-09T00:00:00 security flaw

gtkhtml before 1.1.10, as used in Evolution, allows remote attackers to cause a denial of service (crash) via a malformed message that causes a null pointer dereference.

Red Hat Linux 7.3 2003-09-09T00:00:00 RHSA-2003:264 Red Hat Linux 8.0 2003-09-09T00:00:00 RHSA-2003:264 Red Hat Linux 9 2003-09-09T00:00:00 RHSA-2003:264 https://www.cve.org/CVERecord?id=CVE-2003-0541 https://nvd.nist.gov/vuln/detail/CVE-2003-0541 Low 2003-10-29T00:00:00 security flaw

Multiple stack-based buffer overflows in (1) mod_alias and (2) mod_rewrite for Apache before 1.3.29 allow attackers to create configuration files to cause a denial of service (crash) or execute arbitrary code via a regular expression with more than 9 captures.

Red Hat Enterprise Linux 3 2004-01-14T00:00:00 RHSA-2004:015 httpd-0:2.0.46-26.ent Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2003-12-10T00:00:00 RHSA-2003:360 Red Hat Enterprise Linux ES version 2.1 2003-12-10T00:00:00 RHSA-2003:360 Red Hat Enterprise Linux WS version 2.1 2003-12-10T00:00:00 RHSA-2003:360 Red Hat Linux 7.1 2003-12-18T00:00:00 RHSA-2003:405 Red Hat Linux 7.2 2003-12-18T00:00:00 RHSA-2003:405 Red Hat Linux 7.3 2003-12-18T00:00:00 RHSA-2003:405 Red Hat Linux 8.0 2003-12-16T00:00:00 RHSA-2003:320 Red Hat Linux 9 2003-12-16T00:00:00 RHSA-2003:320 Red Hat Linux Advanced Workstation 2.1 2003-12-10T00:00:00 RHSA-2003:360 Red Hat Stronghold 4 2004-03-17T00:00:00 RHSA-2004:139 Stronghold 4.0 for Red Hat Enterprise Linux AS (version 2.1) 2005-11-02T00:00:00 RHSA-2005:816 https://www.cve.org/CVERecord?id=CVE-2003-0542 https://nvd.nist.gov/vuln/detail/CVE-2003-0542 Moderate 2003-09-30T00:00:00 CAN-2003-0543/0544 OpenSSL ASN.1 protocol crashes

Integer overflow in OpenSSL 0.9.6 and 0.9.7 allows remote attackers to cause a denial of service (crash) via an SSL client certificate with certain ASN.1 tag values.

For Red Hat Enterprise Linux 2.1 OpenSSL packages (openssl, openssl096, openssl095a) issue was addressed via RHSA-2003:293. The OpenSSL packages in Red Hat Enterprise Linux 3 and 4 (openssl, openssl096b) contain a backported patch since their initial release. The OpenSSL packages in Red Hat Enterprise Linux 5 are based on fixed upstream release (openssl), or contain backported patch since their initial release (openssl097a). Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2003-09-30T00:00:00 RHSA-2003:293 Red Hat Enterprise Linux ES version 2.1 2003-09-30T00:00:00 RHSA-2003:293 Red Hat Enterprise Linux WS version 2.1 2003-09-30T00:00:00 RHSA-2003:293 Red Hat Linux 7.1 2003-09-30T00:00:00 RHSA-2003:291 Red Hat Linux 7.2 2003-09-30T00:00:00 RHSA-2003:291 Red Hat Linux 7.3 2003-09-30T00:00:00 RHSA-2003:291 Red Hat Linux 8.0 2003-09-30T00:00:00 RHSA-2003:291 Red Hat Linux 9 2003-09-30T00:00:00 RHSA-2003:292 Red Hat Linux Advanced Workstation 2.1 2003-09-30T00:00:00 RHSA-2003:293 Red Hat Stronghold 4 2003-09-30T00:00:00 RHSA-2003:290 https://www.cve.org/CVERecord?id=CVE-2003-0543 https://nvd.nist.gov/vuln/detail/CVE-2003-0543 Moderate 2003-09-30T00:00:00 CAN-2003-0543/0544 OpenSSL ASN.1 protocol crashes

OpenSSL 0.9.6 and 0.9.7 does not properly track the number of characters in certain ASN.1 inputs, which allows remote attackers to cause a denial of service (crash) via an SSL client certificate that causes OpenSSL to read past the end of a buffer when the long form is used.

For Red Hat Enterprise Linux 2.1 OpenSSL packages (openssl, openssl096, openssl095a) issue was addressed via RHSA-2003:293. The OpenSSL packages in Red Hat Enterprise Linux 3 and 4 (openssl, openssl096b) contain a backported patch since their initial release. The OpenSSL packages in Red Hat Enterprise Linux 5 are based on fixed upstream release (openssl), or contain backported patch since their initial release (openssl097a). Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2003-09-30T00:00:00 RHSA-2003:293 Red Hat Enterprise Linux ES version 2.1 2003-09-30T00:00:00 RHSA-2003:293 Red Hat Enterprise Linux WS version 2.1 2003-09-30T00:00:00 RHSA-2003:293 Red Hat Linux 7.1 2003-09-30T00:00:00 RHSA-2003:291 Red Hat Linux 7.2 2003-09-30T00:00:00 RHSA-2003:291 Red Hat Linux 7.3 2003-09-30T00:00:00 RHSA-2003:291 Red Hat Linux 8.0 2003-09-30T00:00:00 RHSA-2003:291 Red Hat Linux 9 2003-09-30T00:00:00 RHSA-2003:292 Red Hat Linux Advanced Workstation 2.1 2003-09-30T00:00:00 RHSA-2003:293 Red Hat Stronghold 4 2003-09-30T00:00:00 RHSA-2003:290 https://www.cve.org/CVERecord?id=CVE-2003-0544 https://nvd.nist.gov/vuln/detail/CVE-2003-0544 Moderate 2003-09-30T00:00:00 CAN-2003-0543/0544 OpenSSL ASN.1 protocol crashes

Double free vulnerability in OpenSSL 0.9.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an SSL client certificate with a certain invalid ASN.1 encoding.

Not vulnerable. The OpenSSL packages in Red Hat Enterprise Linux 2.1 were not affected by this issue. The OpenSSL packages in Red Hat Enterprise Linux 3 and 4 contain a backported patch since their initial release (openssl), or were not affected by this issue (openssl096b). The OpenSSL packages in Red Hat Enterprise Linux 5 are based on fixed upstream release (openssl), or contain backported patch since their initial release (openssl097a). Red Hat Linux 9 2003-09-30T00:00:00 RHSA-2003:292 https://www.cve.org/CVERecord?id=CVE-2003-0545 https://nvd.nist.gov/vuln/detail/CVE-2003-0545 2003-08-08T00:00:00 security flaw

up2date 3.0.7 and 3.1.23 does not properly verify RPM GPG signatures, which could allow remote attackers to cause unsigned packages to be installed from the Red Hat Network, if that network is compromised.

Red Hat Linux 8.0 2003-08-08T00:00:00 RHSA-2003:255 Red Hat Linux 9 2003-08-08T00:00:00 RHSA-2003:255 https://www.cve.org/CVERecord?id=CVE-2003-0546 https://nvd.nist.gov/vuln/detail/CVE-2003-0546 Low 2003-08-20T00:00:00 security flaw

GDM before 2.4.1.6, when using the "examine session errors" feature, allows local users to read arbitrary files via a symlink attack on the ~/.xsession-errors file.

Red Hat Linux 7.1 2003-08-21T00:00:00 RHSA-2003:258 Red Hat Linux 7.2 2003-08-21T00:00:00 RHSA-2003:258 Red Hat Linux 7.3 2003-08-21T00:00:00 RHSA-2003:258 Red Hat Linux 8.0 2003-08-21T00:00:00 RHSA-2003:258 Red Hat Linux 9 2003-08-21T00:00:00 RHSA-2003:258 https://www.cve.org/CVERecord?id=CVE-2003-0547 https://nvd.nist.gov/vuln/detail/CVE-2003-0547 Low 2003-08-20T00:00:00 security flaw

The X Display Manager Control Protocol (XDMCP) support for GDM before 2.4.1.6 allows attackers to cause a denial of service (daemon crash) when a chosen host expires, a different issue than CVE-2003-0549.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2003-08-21T00:00:00 RHSA-2003:259 Red Hat Enterprise Linux ES version 2.1 2003-08-21T00:00:00 RHSA-2003:259 Red Hat Enterprise Linux WS version 2.1 2003-08-21T00:00:00 RHSA-2003:259 Red Hat Linux 7.1 2003-08-21T00:00:00 RHSA-2003:258 Red Hat Linux 7.2 2003-08-21T00:00:00 RHSA-2003:258 Red Hat Linux 7.3 2003-08-21T00:00:00 RHSA-2003:258 Red Hat Linux 8.0 2003-08-21T00:00:00 RHSA-2003:258 Red Hat Linux 9 2003-08-21T00:00:00 RHSA-2003:258 Red Hat Linux Advanced Workstation 2.1 2003-08-21T00:00:00 RHSA-2003:259 https://www.cve.org/CVERecord?id=CVE-2003-0548 https://nvd.nist.gov/vuln/detail/CVE-2003-0548 Low 2003-08-20T00:00:00 security flaw

The X Display Manager Control Protocol (XDMCP) support for GDM before 2.4.1.6 allows attackers to cause a denial of service (daemon crash) via a short authorization key name.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2003-08-21T00:00:00 RHSA-2003:259 Red Hat Enterprise Linux ES version 2.1 2003-08-21T00:00:00 RHSA-2003:259 Red Hat Enterprise Linux WS version 2.1 2003-08-21T00:00:00 RHSA-2003:259 Red Hat Linux 7.1 2003-08-21T00:00:00 RHSA-2003:258 Red Hat Linux 7.2 2003-08-21T00:00:00 RHSA-2003:258 Red Hat Linux 7.3 2003-08-21T00:00:00 RHSA-2003:258 Red Hat Linux 8.0 2003-08-21T00:00:00 RHSA-2003:258 Red Hat Linux 9 2003-08-21T00:00:00 RHSA-2003:258 Red Hat Linux Advanced Workstation 2.1 2003-08-21T00:00:00 RHSA-2003:259 https://www.cve.org/CVERecord?id=CVE-2003-0549 https://nvd.nist.gov/vuln/detail/CVE-2003-0549 Moderate 2003-06-30T00:00:00 security flaw

The STP protocol, as enabled in Linux 2.4.x, does not provide sufficient security by design, which allows attackers to modify the bridge topology.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2003-08-21T00:00:00 RHSA-2003:198 Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2003-08-21T00:00:00 RHSA-2003:239 Red Hat Enterprise Linux ES version 2.1 2003-08-21T00:00:00 RHSA-2003:239 Red Hat Enterprise Linux WS version 2.1 2003-08-21T00:00:00 RHSA-2003:239 Red Hat Linux 7.1 2003-07-21T00:00:00 RHSA-2003:238 Red Hat Linux 7.2 2003-07-21T00:00:00 RHSA-2003:238 Red Hat Linux 7.3 2003-07-21T00:00:00 RHSA-2003:238 Red Hat Linux 8.0 2003-07-21T00:00:00 RHSA-2003:238 Red Hat Linux 9 2003-07-21T00:00:00 RHSA-2003:238 Red Hat Linux Advanced Workstation 2.1 2003-08-21T00:00:00 RHSA-2003:198 https://www.cve.org/CVERecord?id=CVE-2003-0550 https://nvd.nist.gov/vuln/detail/CVE-2003-0550 Moderate 2003-06-30T00:00:00 security flaw

The STP protocol implementation in Linux 2.4.x does not properly verify certain lengths, which could allow attackers to cause a denial of service.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2003-08-21T00:00:00 RHSA-2003:198 Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2003-08-21T00:00:00 RHSA-2003:239 Red Hat Enterprise Linux ES version 2.1 2003-08-21T00:00:00 RHSA-2003:239 Red Hat Enterprise Linux WS version 2.1 2003-08-21T00:00:00 RHSA-2003:239 Red Hat Linux 7.1 2003-07-21T00:00:00 RHSA-2003:238 Red Hat Linux 7.2 2003-07-21T00:00:00 RHSA-2003:238 Red Hat Linux 7.3 2003-07-21T00:00:00 RHSA-2003:238 Red Hat Linux 8.0 2003-07-21T00:00:00 RHSA-2003:238 Red Hat Linux 9 2003-07-21T00:00:00 RHSA-2003:238 Red Hat Linux Advanced Workstation 2.1 2003-08-21T00:00:00 RHSA-2003:198 https://www.cve.org/CVERecord?id=CVE-2003-0551 https://nvd.nist.gov/vuln/detail/CVE-2003-0551 Moderate 2003-06-30T00:00:00 security flaw

Linux 2.4.x allows remote attackers to spoof the bridge Forwarding table via forged packets whose source addresses are the same as the target.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2003-08-21T00:00:00 RHSA-2003:198 Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2003-08-21T00:00:00 RHSA-2003:239 Red Hat Enterprise Linux ES version 2.1 2003-08-21T00:00:00 RHSA-2003:239 Red Hat Enterprise Linux WS version 2.1 2003-08-21T00:00:00 RHSA-2003:239 Red Hat Linux 7.1 2003-07-21T00:00:00 RHSA-2003:238 Red Hat Linux 7.2 2003-07-21T00:00:00 RHSA-2003:238 Red Hat Linux 7.3 2003-07-21T00:00:00 RHSA-2003:238 Red Hat Linux 8.0 2003-07-21T00:00:00 RHSA-2003:238 Red Hat Linux 9 2003-07-21T00:00:00 RHSA-2003:238 Red Hat Linux Advanced Workstation 2.1 2003-08-21T00:00:00 RHSA-2003:198 https://www.cve.org/CVERecord?id=CVE-2003-0552 https://nvd.nist.gov/vuln/detail/CVE-2003-0552 Important 2003-12-23T00:00:00 security flaw

Multiple vulnerabilities in multiple vendor implementations of the Secure/Multipurpose Internet Mail Extensions (S/MIME) protocol allow remote attackers to cause a denial of service and possibly execute arbitrary code via an S/MIME email message containing certain unexpected ASN.1 constructs, as demonstrated using the NISSC test suite.

Red Hat Linux 9 2004-03-17T00:00:00 RHSA-2004:112 https://www.cve.org/CVERecord?id=CVE-2003-0564 https://nvd.nist.gov/vuln/detail/CVE-2003-0564 Important 2004-03-10T00:00:00 security flaw

Konqueror in KDE 3.1.3 and earlier (kdelibs) allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory traversal sequences in a URL, which causes Konqueror to send the cookie outside the specified URL subsets, e.g. to a vulnerable application that runs on the same server as the target application.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2004-03-10T00:00:00 RHSA-2004:074 Red Hat Enterprise Linux ES version 2.1 2004-03-10T00:00:00 RHSA-2004:074 Red Hat Enterprise Linux WS version 2.1 2004-03-10T00:00:00 RHSA-2004:074 Red Hat Linux 9 2004-03-10T00:00:00 RHSA-2004:075 Red Hat Linux Advanced Workstation 2.1 2004-03-10T00:00:00 RHSA-2004:074 https://www.cve.org/CVERecord?id=CVE-2003-0592 https://nvd.nist.gov/vuln/detail/CVE-2003-0592 Low 2004-03-10T00:00:00 security flaw

Mozilla allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory traversal sequences in a URL, which causes Mozilla to send the cookie outside the specified URL subsets, e.g. to a vulnerable application that runs on the same server as the target application.

Red Hat Linux 9 2004-03-17T00:00:00 RHSA-2004:112 https://www.cve.org/CVERecord?id=CVE-2003-0594 https://nvd.nist.gov/vuln/detail/CVE-2003-0594 Important 2003-07-20T00:00:00 security flaw

Cross-site scripting (XSS) vulnerability in start_form() of CGI.pm allows remote attackers to insert web script via a URL that is fed into the form's action parameter.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2003-09-22T00:00:00 RHSA-2003:257 Red Hat Enterprise Linux ES version 2.1 2003-09-22T00:00:00 RHSA-2003:257 Red Hat Enterprise Linux WS version 2.1 2003-09-22T00:00:00 RHSA-2003:257 Red Hat Linux 7.1 2003-09-22T00:00:00 RHSA-2003:256 Red Hat Linux 7.2 2003-09-22T00:00:00 RHSA-2003:256 Red Hat Linux 7.3 2003-09-22T00:00:00 RHSA-2003:256 Red Hat Linux 8.0 2003-09-22T00:00:00 RHSA-2003:256 Red Hat Linux 9 2003-09-22T00:00:00 RHSA-2003:256 Red Hat Linux Advanced Workstation 2.1 2003-09-22T00:00:00 RHSA-2003:257 https://www.cve.org/CVERecord?id=CVE-2003-0615 https://nvd.nist.gov/vuln/detail/CVE-2003-0615 Low 2003-07-30T00:00:00 leaks file existance information

Multiple vulnerabilities in suidperl 5.6.1 and earlier allow a local user to obtain sensitive information about files for which the user does not have appropriate permissions.

The Red Hat Product Security has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: https://access.redhat.com/security/updates/classification/ This issue does not affect Red Hat Enterprise Linux 4. Red Hat Desktop version 3 2006-07-20T00:00:00 RHBA-2006:0294 Red Hat Enterprise Linux AS version 3 2006-07-20T00:00:00 RHBA-2006:0294 Red Hat Enterprise Linux ES version 3 2006-07-20T00:00:00 RHBA-2006:0294 Red Hat Enterprise Linux WS version 3 2006-07-20T00:00:00 RHBA-2006:0294 https://www.cve.org/CVERecord?id=CVE-2003-0618 https://nvd.nist.gov/vuln/detail/CVE-2003-0618 Important 2003-07-29T00:00:00 security flaw

Integer signedness error in the decode_fh function of nfs3xdr.c in Linux kernel before 2.4.21 allows remote attackers to cause a denial of service (kernel panic) via a negative size value within XDR data of an NFSv3 procedure call.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2003-08-21T00:00:00 RHSA-2003:198 Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2003-08-21T00:00:00 RHSA-2003:239 Red Hat Enterprise Linux ES version 2.1 2003-08-21T00:00:00 RHSA-2003:239 Red Hat Enterprise Linux WS version 2.1 2003-08-21T00:00:00 RHSA-2003:239 Red Hat Linux Advanced Workstation 2.1 2003-08-21T00:00:00 RHSA-2003:198 https://www.cve.org/CVERecord?id=CVE-2003-0619 https://nvd.nist.gov/vuln/detail/CVE-2003-0619 Low 2003-09-07T00:00:00 security flaw

Kdbg 1.1.0 through 1.2.8 does not check permissions of the .kdbgrc file, which allows local users to execute arbitrary commands.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2005-06-02T00:00:00 RHSA-2005:416 Red Hat Enterprise Linux ES version 2.1 2005-06-02T00:00:00 RHSA-2005:416 Red Hat Enterprise Linux WS version 2.1 2005-06-02T00:00:00 RHSA-2005:416 Red Hat Linux Advanced Workstation 2.1 2005-06-02T00:00:00 RHSA-2005:416 https://www.cve.org/CVERecord?id=CVE-2003-0644 https://nvd.nist.gov/vuln/detail/CVE-2003-0644 Important 2003-09-17T00:00:00 security flaw

A "potential buffer overflow in ruleset parsing" for Sendmail 8.12.9, when using the nonstandard rulesets (1) recipient (2), final, or (3) mailer-specific envelope recipients, has unknown consequences.

Red Hat Linux 7.1 2003-09-17T00:00:00 RHSA-2003:283 Red Hat Linux 7.2 2003-09-17T00:00:00 RHSA-2003:283 Red Hat Linux 7.3 2003-09-17T00:00:00 RHSA-2003:283 Red Hat Linux 8.0 2003-09-17T00:00:00 RHSA-2003:283 Red Hat Linux 9 2003-09-17T00:00:00 RHSA-2003:283 https://www.cve.org/CVERecord?id=CVE-2003-0681 https://nvd.nist.gov/vuln/detail/CVE-2003-0681 Important 2003-09-16T00:00:00 security flaw

"Memory bugs" in OpenSSH 3.7.1 and earlier, with unknown impact, a different set of vulnerabilities than CVE-2003-0693 and CVE-2003-0695.

Not vulnerable. This flaw is fixed in Red Hat Enterprise Linux 2.1 via the errata RHSA-2003:280. This flaw is fixed in Red Hat Enterprise Linux 3 as a backported patch. The source RPM contains the patch openssh-3.6.1p2-owl-realloc.diff which resolved this flaw before Red Hat Enterprise Linux 3 GA. This flaw does not affect any subsequent versions of Red Hat Enterprise Linux. Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2003-09-16T00:00:00 RHSA-2003:280 Red Hat Enterprise Linux ES version 2.1 2003-09-16T00:00:00 RHSA-2003:280 Red Hat Enterprise Linux WS version 2.1 2003-09-16T00:00:00 RHSA-2003:280 Red Hat Linux 7.1 2003-09-16T00:00:00 RHSA-2003:279 Red Hat Linux 7.2 2003-09-16T00:00:00 RHSA-2003:279 Red Hat Linux 7.3 2003-09-16T00:00:00 RHSA-2003:279 Red Hat Linux 8.0 2003-09-16T00:00:00 RHSA-2003:279 Red Hat Linux 9 2003-09-16T00:00:00 RHSA-2003:279 Red Hat Linux Advanced Workstation 2.1 2003-09-16T00:00:00 RHSA-2003:280 https://www.cve.org/CVERecord?id=CVE-2003-0682 https://nvd.nist.gov/vuln/detail/CVE-2003-0682 Important 2003-08-26T00:00:00 security flaw

Buffer overflow in PAM SMB module (pam_smb) 1.1.6 and earlier, when authenticating to a remote service, allows remote attackers to execute arbitrary code.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2003-08-26T00:00:00 RHSA-2003:262 Red Hat Enterprise Linux ES version 2.1 2003-08-26T00:00:00 RHSA-2003:262 Red Hat Enterprise Linux WS version 2.1 2003-08-26T00:00:00 RHSA-2003:262 Red Hat Linux 7.2 2003-08-26T00:00:00 RHSA-2003:261 Red Hat Linux 7.3 2003-08-26T00:00:00 RHSA-2003:261 Red Hat Linux 8.0 2003-08-26T00:00:00 RHSA-2003:261 Red Hat Linux 9 2003-08-26T00:00:00 RHSA-2003:261 Red Hat Linux Advanced Workstation 2.1 2003-08-26T00:00:00 RHSA-2003:262 https://www.cve.org/CVERecord?id=CVE-2003-0686 https://nvd.nist.gov/vuln/detail/CVE-2003-0686 2003-08-25T00:00:00 security flaw

The DNS map code in Sendmail 8.12.8 and earlier, when using the "enhdnsbl" feature, does not properly initialize certain data structures, which allows remote attackers to cause a denial of service (process crash) via an invalid DNS response that causes Sendmail to free incorrect data.

Red Hat Linux 8.0 2003-08-28T00:00:00 RHSA-2003:265 Red Hat Linux 9 2003-08-28T00:00:00 RHSA-2003:265 https://www.cve.org/CVERecord?id=CVE-2003-0688 https://nvd.nist.gov/vuln/detail/CVE-2003-0688 Important 2003-04-01T00:00:00 security flaw

The getgrouplist function in GNU libc (glibc) 2.2.4 and earlier allows attackers to cause a denial of service (segmentation fault) and execute arbitrary code when a user is a member of a large number of groups, which can cause a buffer overflow.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2003-08-22T00:00:00 RHSA-2003:249 Red Hat Enterprise Linux ES version 2.1 2003-08-22T00:00:00 RHSA-2003:249 Red Hat Enterprise Linux WS version 2.1 2003-08-22T00:00:00 RHSA-2003:249 Red Hat Linux 7.1 2003-11-12T00:00:00 RHSA-2003:325 Red Hat Linux 7.2 2003-11-12T00:00:00 RHSA-2003:325 Red Hat Linux 7.3 2003-11-12T00:00:00 RHSA-2003:325 Red Hat Linux 8.0 2003-11-12T00:00:00 RHSA-2003:325 Red Hat Linux 9 2003-11-12T00:00:00 RHSA-2003:325 Red Hat Linux Advanced Workstation 2.1 2003-08-22T00:00:00 RHSA-2003:249 https://www.cve.org/CVERecord?id=CVE-2003-0689 https://nvd.nist.gov/vuln/detail/CVE-2003-0689 Moderate 2003-09-16T00:00:00 security flaw

KDM in KDE 3.1.3 and earlier does not verify whether the pam_setcred function call succeeds, which may allow attackers to gain root privileges by triggering error conditions within PAM modules, as demonstrated in certain configurations of the MIT pam_krb5 module.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2003-09-16T00:00:00 RHSA-2003:270 Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2003-11-12T00:00:00 RHSA-2003:289 Red Hat Enterprise Linux ES version 2.1 2003-09-16T00:00:00 RHSA-2003:270 Red Hat Enterprise Linux ES version 2.1 2003-11-12T00:00:00 RHSA-2003:289 Red Hat Enterprise Linux WS version 2.1 2003-09-16T00:00:00 RHSA-2003:270 Red Hat Enterprise Linux WS version 2.1 2003-11-12T00:00:00 RHSA-2003:289 Red Hat Linux 7.1 2003-09-16T00:00:00 RHSA-2003:269 Red Hat Linux 7.1 2003-11-25T00:00:00 RHSA-2003:286 Red Hat Linux 7.2 2003-09-16T00:00:00 RHSA-2003:269 Red Hat Linux 7.2 2003-11-25T00:00:00 RHSA-2003:286 Red Hat Linux 7.3 2003-09-16T00:00:00 RHSA-2003:269 Red Hat Linux 7.3 2003-11-25T00:00:00 RHSA-2003:287 Red Hat Linux 8.0 2003-09-16T00:00:00 RHSA-2003:269 Red Hat Linux 8.0 2003-11-25T00:00:00 RHSA-2003:287 Red Hat Linux 9 2003-09-16T00:00:00 RHSA-2003:269 Red Hat Linux 9 2003-11-17T00:00:00 RHSA-2003:288 Red Hat Linux Advanced Workstation 2.1 2003-09-16T00:00:00 RHSA-2003:270 Red Hat Linux Advanced Workstation 2.1 2003-11-12T00:00:00 RHSA-2003:289 https://www.cve.org/CVERecord?id=CVE-2003-0690 https://nvd.nist.gov/vuln/detail/CVE-2003-0690 Moderate 2003-09-16T00:00:00 security flaw

KDM in KDE 3.1.3 and earlier uses a weak session cookie generation algorithm that does not provide 128 bits of entropy, which allows attackers to guess session cookies via brute force methods and gain access to the user session.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2003-09-16T00:00:00 RHSA-2003:270 Red Hat Enterprise Linux ES version 2.1 2003-09-16T00:00:00 RHSA-2003:270 Red Hat Enterprise Linux WS version 2.1 2003-09-16T00:00:00 RHSA-2003:270 Red Hat Linux 7.1 2003-09-16T00:00:00 RHSA-2003:269 Red Hat Linux 7.2 2003-09-16T00:00:00 RHSA-2003:269 Red Hat Linux 7.3 2003-09-16T00:00:00 RHSA-2003:269 Red Hat Linux 8.0 2003-09-16T00:00:00 RHSA-2003:269 Red Hat Linux 9 2003-09-16T00:00:00 RHSA-2003:269 Red Hat Linux 9 2003-11-17T00:00:00 RHSA-2003:288 Red Hat Linux Advanced Workstation 2.1 2003-09-16T00:00:00 RHSA-2003:270 https://www.cve.org/CVERecord?id=CVE-2003-0692 https://nvd.nist.gov/vuln/detail/CVE-2003-0692 Critical 2003-09-15T00:00:00 security flaw

A "buffer management error" in buffer_append_space of buffer.c for OpenSSH before 3.7 may allow remote attackers to execute arbitrary code by causing an incorrect amount of memory to be freed and corrupting the heap, a different vulnerability than CVE-2003-0695.

Not vulnerable. This flaw is fixed in Red Hat Enterprise Linux 2.1 via the errata RHSA-2003:280. This flaw is fixed in Red Hat Enterprise Linux 3 as a backported patch. The source RPM contains the patch openssh-3.6.1p2-owl-realloc.diff which resolved this flaw before Red Hat Enterprise Linux 3 GA. This flaw does not affect any subsequent versions of Red Hat Enterprise Linux. Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2003-09-16T00:00:00 RHSA-2003:280 Red Hat Enterprise Linux ES version 2.1 2003-09-16T00:00:00 RHSA-2003:280 Red Hat Enterprise Linux WS version 2.1 2003-09-16T00:00:00 RHSA-2003:280 Red Hat Linux 7.1 2003-09-16T00:00:00 RHSA-2003:279 Red Hat Linux 7.2 2003-09-16T00:00:00 RHSA-2003:279 Red Hat Linux 7.3 2003-09-16T00:00:00 RHSA-2003:279 Red Hat Linux 8.0 2003-09-16T00:00:00 RHSA-2003:279 Red Hat Linux 9 2003-09-16T00:00:00 RHSA-2003:279 Red Hat Linux Advanced Workstation 2.1 2003-09-16T00:00:00 RHSA-2003:280 https://www.cve.org/CVERecord?id=CVE-2003-0693 https://nvd.nist.gov/vuln/detail/CVE-2003-0693 Critical 2003-09-17T00:00:00 security flaw

The prescan function in Sendmail 8.12.9 allows remote attackers to execute arbitrary code via buffer overflow attacks, as demonstrated using the parseaddr function in parseaddr.c.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2003-09-17T00:00:00 RHSA-2003:284 Red Hat Enterprise Linux ES version 2.1 2003-09-17T00:00:00 RHSA-2003:284 Red Hat Enterprise Linux WS version 2.1 2003-09-17T00:00:00 RHSA-2003:284 Red Hat Linux 7.1 2003-09-17T00:00:00 RHSA-2003:283 Red Hat Linux 7.2 2003-09-17T00:00:00 RHSA-2003:283 Red Hat Linux 7.3 2003-09-17T00:00:00 RHSA-2003:283 Red Hat Linux 8.0 2003-09-17T00:00:00 RHSA-2003:283 Red Hat Linux 9 2003-09-17T00:00:00 RHSA-2003:283 Red Hat Linux Advanced Workstation 2.1 2003-09-17T00:00:00 RHSA-2003:284 https://www.cve.org/CVERecord?id=CVE-2003-0694 https://nvd.nist.gov/vuln/detail/CVE-2003-0694 Critical 2003-09-16T00:00:00 security flaw

Multiple "buffer management errors" in OpenSSH before 3.7.1 may allow attackers to cause a denial of service or execute arbitrary code using (1) buffer_init in buffer.c, (2) buffer_free in buffer.c, or (3) a separate function in channels.c, a different vulnerability than CVE-2003-0693.

Not vulnerable. This flaw is fixed in Red Hat Enterprise Linux 2.1 via the errata RHSA-2003:280. This flaw is fixed in Red Hat Enterprise Linux 3 as a backported patch. The source RPM contains the patch openssh-3.6.1p2-owl-realloc.diff which resolved this flaw before Red Hat Enterprise Linux 3 GA. This flaw does not affect any subsequent versions of Red Hat Enterprise Linux. Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2003-09-16T00:00:00 RHSA-2003:280 Red Hat Enterprise Linux ES version 2.1 2003-09-16T00:00:00 RHSA-2003:280 Red Hat Enterprise Linux WS version 2.1 2003-09-16T00:00:00 RHSA-2003:280 Red Hat Linux 7.1 2003-09-16T00:00:00 RHSA-2003:279 Red Hat Linux 7.2 2003-09-16T00:00:00 RHSA-2003:279 Red Hat Linux 7.3 2003-09-16T00:00:00 RHSA-2003:279 Red Hat Linux 8.0 2003-09-16T00:00:00 RHSA-2003:279 Red Hat Linux 9 2003-09-16T00:00:00 RHSA-2003:279 Red Hat Linux Advanced Workstation 2.1 2003-09-16T00:00:00 RHSA-2003:280 https://www.cve.org/CVERecord?id=CVE-2003-0695 https://nvd.nist.gov/vuln/detail/CVE-2003-0695 Moderate 2003-08-21T00:00:00 security flaw

The C-Media PCI sound driver in Linux before 2.4.21 does not use the get_user function to access userspace, which crosses security boundaries and may facilitate the exploitation of vulnerabilities, a different vulnerability than CVE-2003-0700.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2003-08-21T00:00:00 RHSA-2003:198 Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2003-08-21T00:00:00 RHSA-2003:239 Red Hat Enterprise Linux ES version 2.1 2003-08-21T00:00:00 RHSA-2003:239 Red Hat Enterprise Linux WS version 2.1 2003-08-21T00:00:00 RHSA-2003:239 Red Hat Linux 7.1 2003-07-21T00:00:00 RHSA-2003:238 Red Hat Linux 7.2 2003-07-21T00:00:00 RHSA-2003:238 Red Hat Linux 7.3 2003-07-21T00:00:00 RHSA-2003:238 Red Hat Linux 8.0 2003-07-21T00:00:00 RHSA-2003:238 Red Hat Linux 9 2003-07-21T00:00:00 RHSA-2003:238 Red Hat Linux Advanced Workstation 2.1 2003-08-21T00:00:00 RHSA-2003:198 https://www.cve.org/CVERecord?id=CVE-2003-0699 https://nvd.nist.gov/vuln/detail/CVE-2003-0699 Moderate 2003-07-21T00:00:00 security flaw

The C-Media PCI sound driver in Linux before 2.4.22 does not use the get_user function to access userspace in certain conditions, which crosses security boundaries and may facilitate the exploitation of vulnerabilities, a different vulnerability than CVE-2003-0699.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2004-02-03T00:00:00 RHSA-2004:044 Red Hat Enterprise Linux ES version 2.1 2004-02-03T00:00:00 RHSA-2004:044 Red Hat Enterprise Linux WS version 2.1 2004-02-03T00:00:00 RHSA-2004:044 Red Hat Linux 7.1 2003-07-21T00:00:00 RHSA-2003:238 Red Hat Linux 7.2 2003-07-21T00:00:00 RHSA-2003:238 Red Hat Linux 7.3 2003-07-21T00:00:00 RHSA-2003:238 Red Hat Linux 8.0 2003-07-21T00:00:00 RHSA-2003:238 Red Hat Linux 9 2003-07-21T00:00:00 RHSA-2003:238 https://www.cve.org/CVERecord?id=CVE-2003-0700 https://nvd.nist.gov/vuln/detail/CVE-2003-0700 Important 2003-09-10T00:00:00 security flaw

Buffer overflow in PINE before 4.58 allows remote attackers to execute arbitrary code via a malformed message/external-body MIME type.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2003-09-11T00:00:00 RHSA-2003:274 Red Hat Enterprise Linux ES version 2.1 2003-09-11T00:00:00 RHSA-2003:274 Red Hat Enterprise Linux WS version 2.1 2003-09-11T00:00:00 RHSA-2003:274 Red Hat Linux 7.1 2003-09-11T00:00:00 RHSA-2003:273 Red Hat Linux 7.2 2003-09-11T00:00:00 RHSA-2003:273 Red Hat Linux 7.3 2003-09-11T00:00:00 RHSA-2003:273 Red Hat Linux 8.0 2003-09-11T00:00:00 RHSA-2003:273 Red Hat Linux 9 2003-09-11T00:00:00 RHSA-2003:273 Red Hat Linux Advanced Workstation 2.1 2003-09-11T00:00:00 RHSA-2003:274 https://www.cve.org/CVERecord?id=CVE-2003-0720 https://nvd.nist.gov/vuln/detail/CVE-2003-0720 Important 2003-09-10T00:00:00 security flaw

Integer signedness error in rfc2231_get_param from strings.c in PINE before 4.58 allows remote attackers to execute arbitrary code via an email that causes an out-of-bounds array access using a negative number.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2003-09-11T00:00:00 RHSA-2003:274 Red Hat Enterprise Linux ES version 2.1 2003-09-11T00:00:00 RHSA-2003:274 Red Hat Enterprise Linux WS version 2.1 2003-09-11T00:00:00 RHSA-2003:274 Red Hat Linux 7.1 2003-09-11T00:00:00 RHSA-2003:273 Red Hat Linux 7.2 2003-09-11T00:00:00 RHSA-2003:273 Red Hat Linux 7.3 2003-09-11T00:00:00 RHSA-2003:273 Red Hat Linux 8.0 2003-09-11T00:00:00 RHSA-2003:273 Red Hat Linux 9 2003-09-11T00:00:00 RHSA-2003:273 Red Hat Linux Advanced Workstation 2.1 2003-09-11T00:00:00 RHSA-2003:274 https://www.cve.org/CVERecord?id=CVE-2003-0721 https://nvd.nist.gov/vuln/detail/CVE-2003-0721 Important 2003-08-30T00:00:00 security flaw

Multiple integer overflows in the font libraries for XFree86 4.3.0 allow local or remote attackers to cause a denial of service or execute arbitrary code via heap-based and stack-based buffer overflow attacks.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2003-11-12T00:00:00 RHSA-2003:289 Red Hat Enterprise Linux ES version 2.1 2003-11-12T00:00:00 RHSA-2003:289 Red Hat Enterprise Linux WS version 2.1 2003-11-12T00:00:00 RHSA-2003:289 Red Hat Linux 7.1 2003-11-25T00:00:00 RHSA-2003:286 Red Hat Linux 7.2 2003-11-25T00:00:00 RHSA-2003:286 Red Hat Linux 7.3 2003-11-25T00:00:00 RHSA-2003:287 Red Hat Linux 8.0 2003-11-25T00:00:00 RHSA-2003:287 Red Hat Linux 9 2003-11-17T00:00:00 RHSA-2003:288 Red Hat Linux Advanced Workstation 2.1 2003-11-12T00:00:00 RHSA-2003:289 https://www.cve.org/CVERecord?id=CVE-2003-0730 https://nvd.nist.gov/vuln/detail/CVE-2003-0730 Important 2003-09-03T00:00:00 security flaw

Stunnel 4.00, and 3.24 and earlier, leaks a privileged file descriptor returned by listen(), which allows local users to hijack the Stunnel server.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2003-11-12T00:00:00 RHSA-2003:297 Red Hat Enterprise Linux ES version 2.1 2003-11-12T00:00:00 RHSA-2003:297 Red Hat Enterprise Linux WS version 2.1 2003-11-12T00:00:00 RHSA-2003:297 Red Hat Linux 7.1 2003-11-24T00:00:00 RHSA-2003:296 Red Hat Linux 7.2 2003-11-24T00:00:00 RHSA-2003:296 Red Hat Linux 7.3 2003-11-24T00:00:00 RHSA-2003:296 Red Hat Linux 8.0 2003-11-24T00:00:00 RHSA-2003:296 Red Hat Linux Advanced Workstation 2.1 2003-11-12T00:00:00 RHSA-2003:297 https://www.cve.org/CVERecord?id=CVE-2003-0740 https://nvd.nist.gov/vuln/detail/CVE-2003-0740 Moderate 2003-02-10T00:00:00 security flaw

saned in sane-backends 1.0.7 and earlier does not check the IP address of the connecting host during the SANE_NET_INIT RPC call, which allows remote attackers to use that call even if they are restricted in saned.conf.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2003-10-07T00:00:00 RHSA-2003:285 Red Hat Enterprise Linux ES version 2.1 2003-10-07T00:00:00 RHSA-2003:285 Red Hat Enterprise Linux WS version 2.1 2003-10-07T00:00:00 RHSA-2003:285 Red Hat Linux 7.1 2003-10-07T00:00:00 RHSA-2003:278 Red Hat Linux 7.2 2003-10-07T00:00:00 RHSA-2003:278 Red Hat Linux 7.3 2003-10-07T00:00:00 RHSA-2003:278 Red Hat Linux 8.0 2003-10-07T00:00:00 RHSA-2003:278 Red Hat Linux Advanced Workstation 2.1 2003-10-07T00:00:00 RHSA-2003:285 https://www.cve.org/CVERecord?id=CVE-2003-0773 https://nvd.nist.gov/vuln/detail/CVE-2003-0773 Moderate 2003-02-10T00:00:00 security flaw

saned in sane-backends 1.0.7 and earlier does not quickly handle connection drops, which allows remote attackers to cause a denial of service (segmentation fault) when invalid memory is accessed.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2003-10-07T00:00:00 RHSA-2003:285 Red Hat Enterprise Linux ES version 2.1 2003-10-07T00:00:00 RHSA-2003:285 Red Hat Enterprise Linux WS version 2.1 2003-10-07T00:00:00 RHSA-2003:285 Red Hat Linux 7.1 2003-10-07T00:00:00 RHSA-2003:278 Red Hat Linux 7.2 2003-10-07T00:00:00 RHSA-2003:278 Red Hat Linux 7.3 2003-10-07T00:00:00 RHSA-2003:278 Red Hat Linux 8.0 2003-10-07T00:00:00 RHSA-2003:278 Red Hat Linux Advanced Workstation 2.1 2003-10-07T00:00:00 RHSA-2003:285 https://www.cve.org/CVERecord?id=CVE-2003-0774 https://nvd.nist.gov/vuln/detail/CVE-2003-0774 Moderate 2003-02-10T00:00:00 security flaw

saned in sane-backends 1.0.7 and earlier calls malloc with an arbitrary size value if a connection is dropped before the size value has been sent, which allows remote attackers to cause a denial of service (memory consumption or crash).

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2003-10-07T00:00:00 RHSA-2003:285 Red Hat Enterprise Linux ES version 2.1 2003-10-07T00:00:00 RHSA-2003:285 Red Hat Enterprise Linux WS version 2.1 2003-10-07T00:00:00 RHSA-2003:285 Red Hat Linux 7.1 2003-10-07T00:00:00 RHSA-2003:278 Red Hat Linux 7.2 2003-10-07T00:00:00 RHSA-2003:278 Red Hat Linux 7.3 2003-10-07T00:00:00 RHSA-2003:278 Red Hat Linux 8.0 2003-10-07T00:00:00 RHSA-2003:278 Red Hat Linux Advanced Workstation 2.1 2003-10-07T00:00:00 RHSA-2003:285 https://www.cve.org/CVERecord?id=CVE-2003-0775 https://nvd.nist.gov/vuln/detail/CVE-2003-0775 Moderate 2003-02-10T00:00:00 security flaw

saned in sane-backends 1.0.7 and earlier does not properly "check the validity of the RPC numbers it gets before getting the parameters," with unknown consequences.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2003-10-07T00:00:00 RHSA-2003:285 Red Hat Enterprise Linux ES version 2.1 2003-10-07T00:00:00 RHSA-2003:285 Red Hat Enterprise Linux WS version 2.1 2003-10-07T00:00:00 RHSA-2003:285 Red Hat Linux 7.1 2003-10-07T00:00:00 RHSA-2003:278 Red Hat Linux 7.2 2003-10-07T00:00:00 RHSA-2003:278 Red Hat Linux 7.3 2003-10-07T00:00:00 RHSA-2003:278 Red Hat Linux 8.0 2003-10-07T00:00:00 RHSA-2003:278 Red Hat Linux Advanced Workstation 2.1 2003-10-07T00:00:00 RHSA-2003:285 https://www.cve.org/CVERecord?id=CVE-2003-0776 https://nvd.nist.gov/vuln/detail/CVE-2003-0776 Moderate 2003-02-10T00:00:00 security flaw

saned in sane-backends 1.0.7 and earlier, when debug messages are enabled, does not properly handle dropped connections, which can prevent strings from being null terminated and cause a denial of service (segmentation fault).

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2003-10-07T00:00:00 RHSA-2003:285 Red Hat Enterprise Linux ES version 2.1 2003-10-07T00:00:00 RHSA-2003:285 Red Hat Enterprise Linux WS version 2.1 2003-10-07T00:00:00 RHSA-2003:285 Red Hat Linux 7.1 2003-10-07T00:00:00 RHSA-2003:278 Red Hat Linux 7.2 2003-10-07T00:00:00 RHSA-2003:278 Red Hat Linux 7.3 2003-10-07T00:00:00 RHSA-2003:278 Red Hat Linux 8.0 2003-10-07T00:00:00 RHSA-2003:278 Red Hat Linux Advanced Workstation 2.1 2003-10-07T00:00:00 RHSA-2003:285 https://www.cve.org/CVERecord?id=CVE-2003-0777 https://nvd.nist.gov/vuln/detail/CVE-2003-0777 Moderate 2003-02-10T00:00:00 security flaw

saned in sane-backends 1.0.7 and earlier, and possibly later versions, does not properly allocate memory in certain cases, which could allow attackers to cause a denial of service (memory consumption).

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2003-10-07T00:00:00 RHSA-2003:285 Red Hat Enterprise Linux ES version 2.1 2003-10-07T00:00:00 RHSA-2003:285 Red Hat Enterprise Linux WS version 2.1 2003-10-07T00:00:00 RHSA-2003:285 Red Hat Linux 7.1 2003-10-07T00:00:00 RHSA-2003:278 Red Hat Linux 7.2 2003-10-07T00:00:00 RHSA-2003:278 Red Hat Linux 7.3 2003-10-07T00:00:00 RHSA-2003:278 Red Hat Linux 8.0 2003-10-07T00:00:00 RHSA-2003:278 Red Hat Linux Advanced Workstation 2.1 2003-10-07T00:00:00 RHSA-2003:285 https://www.cve.org/CVERecord?id=CVE-2003-0778 https://nvd.nist.gov/vuln/detail/CVE-2003-0778 Important 2003-09-10T00:00:00 security flaw

Buffer overflow in get_salt_from_password from sql_acl.cc for MySQL 4.0.14 and earlier, and 3.23.x, allows attackers with ALTER TABLE privileges to execute arbitrary code via a long Password field.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2003-10-09T00:00:00 RHSA-2003:282 Red Hat Enterprise Linux ES version 2.1 2003-10-09T00:00:00 RHSA-2003:282 Red Hat Enterprise Linux WS version 2.1 2003-10-09T00:00:00 RHSA-2003:282 Red Hat Linux 7.1 2003-10-09T00:00:00 RHSA-2003:281 Red Hat Linux 7.2 2003-10-09T00:00:00 RHSA-2003:281 Red Hat Linux 7.3 2003-10-09T00:00:00 RHSA-2003:281 Red Hat Linux 8.0 2003-10-09T00:00:00 RHSA-2003:281 Red Hat Linux 9 2003-10-09T00:00:00 RHSA-2003:281 Red Hat Linux Advanced Workstation 2.1 2003-10-09T00:00:00 RHSA-2003:282 https://www.cve.org/CVERecord?id=CVE-2003-0780 https://nvd.nist.gov/vuln/detail/CVE-2003-0780

The PAM conversation function in OpenSSH 3.7.1 and 3.7.1p1 interprets an array of structures as an array of pointers, which allows attackers to modify the stack and possibly gain privileges.

Not vulnerable. This issue did not affect the version of openssh as shipped with Red Hat Enterprise Linux 3 as it did not include the upstream PAM password authentication module reimplementation, introduced in OpenSSH 3.7. This issue did not affect the versions of openssh as shipped with Red Hat Enterprise Linux 4, 5, and 6. https://www.cve.org/CVERecord?id=CVE-2003-0787 https://nvd.nist.gov/vuln/detail/CVE-2003-0787 Moderate 2003-11-03T00:00:00 security flaw

Unknown vulnerability in the Internet Printing Protocol (IPP) implementation in CUPS before 1.1.19 allows remote attackers to cause a denial of service (CPU consumption from a "busy loop") via certain inputs to the IPP port (TCP 631).

Red Hat Linux 8.0 2003-11-03T00:00:00 RHSA-2003:275 Red Hat Linux 9 2003-11-03T00:00:00 RHSA-2003:275 https://www.cve.org/CVERecord?id=CVE-2003-0788 https://nvd.nist.gov/vuln/detail/CVE-2003-0788 Moderate 2003-10-28T00:00:00 security flaw

mod_cgid in Apache before 2.0.48, when using a threaded MPM, does not properly handle CGI redirect paths, which could cause Apache to send the output of a CGI program to the wrong client.

Red Hat Linux 8.0 2003-12-16T00:00:00 RHSA-2003:320 Red Hat Linux 9 2003-12-16T00:00:00 RHSA-2003:320 https://www.cve.org/CVERecord?id=CVE-2003-0789 https://nvd.nist.gov/vuln/detail/CVE-2003-0789 Moderate 2003-10-16T00:00:00 security flaw

Fetchmail 6.2.4 and earlier does not properly allocate memory for long lines, which allows remote attackers to cause a denial of service (crash) via a certain email.

https://www.cve.org/CVERecord?id=CVE-2003-0792 https://nvd.nist.gov/vuln/detail/CVE-2003-0792 Important 2003-10-15T00:00:00 security flaw

The vty layer in Quagga before 0.96.4, and Zebra 0.93b and earlier, does not verify that sub-negotiation is taking place when processing the SE marker, which allows remote attackers to cause a denial of service (crash) via a malformed telnet command to the telnet CLI port, which may trigger a null dereference.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2003-11-12T00:00:00 RHSA-2003:305 Red Hat Linux 7.2 2003-11-13T00:00:00 RHSA-2003:307 Red Hat Linux 7.3 2003-11-13T00:00:00 RHSA-2003:307 Red Hat Linux 8.0 2003-11-13T00:00:00 RHSA-2003:307 Red Hat Linux 9 2003-11-13T00:00:00 RHSA-2003:307 Red Hat Linux Advanced Workstation 2.1 2003-11-12T00:00:00 RHSA-2003:305 https://www.cve.org/CVERecord?id=CVE-2003-0795 https://nvd.nist.gov/vuln/detail/CVE-2003-0795 Moderate 2003-10-05T00:00:00 JBoss HSQLDB component remote command injection

Unknown vulnerability in the HSQLDB component in JBoss 3.2.1 and 3.0.8 on Java 1.4.x platforms, when running in the default configuration, allows remote attackers to conduct unauthorized activities and possibly execute arbitrary code via certain SQL statements to (1) TCP port 1701 in JBoss 3.2.1, and (2) port 1476 in JBoss 3.0.8.

Red Hat Enterprise Linux 5 2007-12-05T00:00:00 RHSA-2007:1048 hsqldb-1:1.8.0.4-3jpp.6 Red Hat Enterprise Linux 5 2007-12-05T00:00:00 RHSA-2007:1048 openoffice.org-1:2.0.4-5.4.25 https://www.cve.org/CVERecord?id=CVE-2003-0845 https://nvd.nist.gov/vuln/detail/CVE-2003-0845 Moderate 2003-10-06T00:00:00 security flaw

Heap-based buffer overflow in main.c of slocate 2.6, and possibly other versions, may allow local users to gain privileges via a modified slocate database that causes a negative "pathlen" value to be used.

Red Hat Enterprise Linux 3 2004-01-26T00:00:00 RHSA-2004:041 slocate-0:2.7-3 Red Hat Linux 9 2004-01-22T00:00:00 RHSA-2004:040 https://www.cve.org/CVERecord?id=CVE-2003-0848 https://nvd.nist.gov/vuln/detail/CVE-2003-0848 Important 2003-11-04T00:00:00 security flaw

OpenSSL 0.9.6k allows remote attackers to cause a denial of service (crash via large recursion) via malformed ASN.1 sequences.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2004-03-17T00:00:00 RHSA-2004:119 Red Hat Enterprise Linux ES version 2.1 2004-03-17T00:00:00 RHSA-2004:119 Red Hat Enterprise Linux WS version 2.1 2004-03-17T00:00:00 RHSA-2004:119 Red Hat Linux Advanced Workstation 2.1 2004-03-17T00:00:00 RHSA-2004:119 Red Hat Stronghold 4 2004-03-17T00:00:00 RHSA-2004:139 https://www.cve.org/CVERecord?id=CVE-2003-0851 https://nvd.nist.gov/vuln/detail/CVE-2003-0851 Moderate 2003-10-15T00:00:00 security flaw

An integer overflow in ls in the fileutils or coreutils packages may allow local users to cause a denial of service or execute arbitrary code via a large -w value, which could be remotely exploited via applications that use ls, such as wu-ftpd.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2003-11-12T00:00:00 RHSA-2003:310 Red Hat Enterprise Linux ES version 2.1 2003-11-12T00:00:00 RHSA-2003:310 Red Hat Enterprise Linux WS version 2.1 2003-11-12T00:00:00 RHSA-2003:310 Red Hat Linux 7.1 2003-11-03T00:00:00 RHSA-2003:309 Red Hat Linux 7.2 2003-11-03T00:00:00 RHSA-2003:309 Red Hat Linux 7.3 2003-11-03T00:00:00 RHSA-2003:309 Red Hat Linux 8.0 2003-11-03T00:00:00 RHSA-2003:309 Red Hat Linux 9 2003-11-03T00:00:00 RHSA-2003:309 Red Hat Linux Advanced Workstation 2.1 2003-11-12T00:00:00 RHSA-2003:310 https://www.cve.org/CVERecord?id=CVE-2003-0853 https://nvd.nist.gov/vuln/detail/CVE-2003-0853 Important 2003-10-15T00:00:00 security flaw

ls in the fileutils or coreutils packages allows local users to consume a large amount of memory via a large -w value, which can be remotely exploited via applications that use ls, such as wu-ftpd.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2003-11-12T00:00:00 RHSA-2003:310 Red Hat Enterprise Linux ES version 2.1 2003-11-12T00:00:00 RHSA-2003:310 Red Hat Enterprise Linux WS version 2.1 2003-11-12T00:00:00 RHSA-2003:310 Red Hat Linux 7.1 2003-11-03T00:00:00 RHSA-2003:309 Red Hat Linux 7.2 2003-11-03T00:00:00 RHSA-2003:309 Red Hat Linux 7.3 2003-11-03T00:00:00 RHSA-2003:309 Red Hat Linux 8.0 2003-11-03T00:00:00 RHSA-2003:309 Red Hat Linux 9 2003-11-03T00:00:00 RHSA-2003:309 Red Hat Linux Advanced Workstation 2.1 2003-11-12T00:00:00 RHSA-2003:310 https://www.cve.org/CVERecord?id=CVE-2003-0854 https://nvd.nist.gov/vuln/detail/CVE-2003-0854 Low 2003-02-25T00:00:00 security flaw

Pan 0.13.3 and earlier allows remote attackers to cause a denial of service (crash) via a news post with a long author email address.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2003-12-10T00:00:00 RHSA-2003:312 Red Hat Enterprise Linux ES version 2.1 2003-12-10T00:00:00 RHSA-2003:312 Red Hat Enterprise Linux WS version 2.1 2003-12-10T00:00:00 RHSA-2003:312 Red Hat Linux 7.1 2003-11-24T00:00:00 RHSA-2003:311 Red Hat Linux 7.2 2003-11-24T00:00:00 RHSA-2003:311 Red Hat Linux 7.3 2003-11-24T00:00:00 RHSA-2003:311 Red Hat Linux 8.0 2003-11-24T00:00:00 RHSA-2003:311 Red Hat Linux 9 2003-11-24T00:00:00 RHSA-2003:311 Red Hat Linux Advanced Workstation 2.1 2003-12-10T00:00:00 RHSA-2003:312 https://www.cve.org/CVERecord?id=CVE-2003-0855 https://nvd.nist.gov/vuln/detail/CVE-2003-0855 Low 2003-11-12T00:00:00 security flaw

iproute 2.4.7 and earlier allows local users to cause a denial of service via spoofed messages as other users to the kernel netlink interface.

Red Hat Enterprise Linux 3 2003-11-12T00:00:00 RHSA-2003:317 iproute-0:2.4.7-11.30E.1 Red Hat Linux 7.1 2003-11-24T00:00:00 RHSA-2003:316 Red Hat Linux 7.2 2003-11-24T00:00:00 RHSA-2003:316 Red Hat Linux 7.3 2003-11-24T00:00:00 RHSA-2003:316 Red Hat Linux 8.0 2003-11-24T00:00:00 RHSA-2003:316 Red Hat Linux 9 2003-11-24T00:00:00 RHSA-2003:316 https://www.cve.org/CVERecord?id=CVE-2003-0856 https://nvd.nist.gov/vuln/detail/CVE-2003-0856

The (1) ipq_read and (2) ipulog_read functions in iptables allow local users to cause a denial of service by sending spoofed messages as other users to the kernel netlink interface.

Not affected. Red Hat did not ship iptables-devel or anything else that used these vulnerable functions with Red Hat Enterprise Linux 2.1 or 3. Red Hat Enterprise Linux 4 and 5 contained a backported patch to correct this issue. https://www.cve.org/CVERecord?id=CVE-2003-0857 https://nvd.nist.gov/vuln/detail/CVE-2003-0857 Low 2003-11-12T00:00:00 security flaw

Zebra 0.93b and earlier, and quagga before 0.95, allows local users to cause a denial of service by sending spoofed messages as other users to the kernel netlink interface.

Red Hat Enterprise Linux 3 2003-11-12T00:00:00 RHSA-2003:315 quagga-0:0.96.2-8.3E Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2003-11-12T00:00:00 RHSA-2003:305 Red Hat Linux 7.2 2003-11-13T00:00:00 RHSA-2003:307 Red Hat Linux 7.3 2003-11-13T00:00:00 RHSA-2003:307 Red Hat Linux 8.0 2003-11-13T00:00:00 RHSA-2003:307 Red Hat Linux 9 2003-11-13T00:00:00 RHSA-2003:307 Red Hat Linux Advanced Workstation 2.1 2003-11-12T00:00:00 RHSA-2003:305 https://www.cve.org/CVERecord?id=CVE-2003-0858 https://nvd.nist.gov/vuln/detail/CVE-2003-0858 Low 2003-11-12T00:00:00 security flaw

The getifaddrs function in GNU libc (glibc) 2.2.4 and earlier allows local users to cause a denial of service by sending spoofed messages as other users to the kernel netlink interface.

Red Hat Enterprise Linux 3 2003-11-14T00:00:00 RHSA-2003:334 glibc-0:2.3.2-95.6 Red Hat Linux 7.1 2003-11-12T00:00:00 RHSA-2003:325 Red Hat Linux 7.2 2003-11-12T00:00:00 RHSA-2003:325 Red Hat Linux 7.3 2003-11-12T00:00:00 RHSA-2003:325 Red Hat Linux 8.0 2003-11-12T00:00:00 RHSA-2003:325 Red Hat Linux 9 2003-11-12T00:00:00 RHSA-2003:325 https://www.cve.org/CVERecord?id=CVE-2003-0859 https://nvd.nist.gov/vuln/detail/CVE-2003-0859

Buffer overflows in PHP before 4.3.3 have unknown impact and unknown attack vectors.

We do not consider these to be security issues: http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1 https://www.cve.org/CVERecord?id=CVE-2003-0860 https://nvd.nist.gov/vuln/detail/CVE-2003-0860

Integer overflows in (1) base64_encode and (2) the GD library for PHP before 4.3.3 have unknown impact and unknown attack vectors.

We do not consider these to be security issues: http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1 https://www.cve.org/CVERecord?id=CVE-2003-0861 https://nvd.nist.gov/vuln/detail/CVE-2003-0861

The php_check_safe_mode_include_dir function in fopen_wrappers.c of PHP 4.3.x returns a success value (0) when the safe_mode_include_dir variable is not specified in configuration, which differs from the previous failure value and may allow remote attackers to exploit file include vulnerabilities in PHP applications.

Not vulnerable. This issue did not affect the versions of PHP as shipped with Red Hat Enterprise Linux 2.1. The PHP packages in Red Hat Enterprise Linux 3 contain a backported patch to address this issue since release. The issue was fixed upstream in PHP 4.3.3. The PHP packages in Red Hat Enterprise Linux 4 and 5 are based on fixed upstream versions. https://www.cve.org/CVERecord?id=CVE-2003-0863 https://nvd.nist.gov/vuln/detail/CVE-2003-0863

Xscreensaver 4.14 contains certain debugging code that should have been omitted, which causes Xscreensaver to create temporary files insecurely in the (1) apple2, (2) xanalogtv, and (3) pong screensavers, and allows local users to overwrite arbitrary files via a symlink attack.

This issue did not affect the versions of Xscreensaver as distributed with Red Hat Enterprise Linux 2.1, 3, or 4. https://www.cve.org/CVERecord?id=CVE-2003-0885 https://nvd.nist.gov/vuln/detail/CVE-2003-0885 Moderate 2003-08-24T00:00:00 security flaw

Buffer overflow in to_ascii for PostgreSQL 7.2.x, and 7.3.x before 7.3.4, allows remote attackers to execute arbitrary code.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2003-11-12T00:00:00 RHSA-2003:314 Red Hat Enterprise Linux ES version 2.1 2003-11-12T00:00:00 RHSA-2003:314 Red Hat Enterprise Linux WS version 2.1 2003-11-12T00:00:00 RHSA-2003:314 Red Hat Linux 7.2 2003-11-13T00:00:00 RHSA-2003:313 Red Hat Linux 7.3 2003-11-13T00:00:00 RHSA-2003:313 Red Hat Linux 8.0 2003-11-13T00:00:00 RHSA-2003:313 Red Hat Linux 9 2003-11-13T00:00:00 RHSA-2003:313 Red Hat Linux Advanced Workstation 2.1 2003-11-12T00:00:00 RHSA-2003:314 https://www.cve.org/CVERecord?id=CVE-2003-0901 https://nvd.nist.gov/vuln/detail/CVE-2003-0901 Moderate 2004-01-18T00:00:00 security flaw

netpbm 9.25 and earlier does not properly create temporary files, which allows local users to overwrite arbitrary files.

Red Hat Enterprise Linux 3 2004-02-03T00:00:00 RHSA-2004:031 netpbm-0:9.24-11.30.1 Red Hat Linux 9 2004-02-05T00:00:00 RHSA-2004:030 https://www.cve.org/CVERecord?id=CVE-2003-0924 https://nvd.nist.gov/vuln/detail/CVE-2003-0924 Moderate 2003-11-03T00:00:00 security flaw

Buffer overflow in Ethereal 0.9.15 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malformed GTP MSISDN string.

Red Hat Enterprise Linux 3 2003-11-12T00:00:00 RHSA-2003:324 ethereal-0:0.9.16-0.30E.1 Red Hat Linux 7.2 2003-11-10T00:00:00 RHSA-2003:323 Red Hat Linux 7.3 2003-11-10T00:00:00 RHSA-2003:323 Red Hat Linux 8.0 2003-11-10T00:00:00 RHSA-2003:323 Red Hat Linux 9 2003-11-10T00:00:00 RHSA-2003:323 https://www.cve.org/CVERecord?id=CVE-2003-0925 https://nvd.nist.gov/vuln/detail/CVE-2003-0925 Low 2003-11-03T00:00:00 security flaw

Ethereal 0.9.15 and earlier, and Tethereal, allows remote attackers to cause a denial of service (crash) via certain malformed (1) ISAKMP or (2) MEGACO packets.

Red Hat Enterprise Linux 3 2003-11-12T00:00:00 RHSA-2003:324 ethereal-0:0.9.16-0.30E.1 Red Hat Linux 7.2 2003-11-10T00:00:00 RHSA-2003:323 Red Hat Linux 7.3 2003-11-10T00:00:00 RHSA-2003:323 Red Hat Linux 8.0 2003-11-10T00:00:00 RHSA-2003:323 Red Hat Linux 9 2003-11-10T00:00:00 RHSA-2003:323 https://www.cve.org/CVERecord?id=CVE-2003-0926 https://nvd.nist.gov/vuln/detail/CVE-2003-0926 Moderate 2003-11-03T00:00:00 security flaw

Heap-based buffer overflow in Ethereal 0.9.15 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the SOCKS dissector.

Red Hat Enterprise Linux 3 2003-11-12T00:00:00 RHSA-2003:324 ethereal-0:0.9.16-0.30E.1 Red Hat Linux 7.2 2003-11-10T00:00:00 RHSA-2003:323 Red Hat Linux 7.3 2003-11-10T00:00:00 RHSA-2003:323 Red Hat Linux 8.0 2003-11-10T00:00:00 RHSA-2003:323 Red Hat Linux 9 2003-11-10T00:00:00 RHSA-2003:323 https://www.cve.org/CVERecord?id=CVE-2003-0927 https://nvd.nist.gov/vuln/detail/CVE-2003-0927 Moderate 2003-09-06T00:00:00 security flaw

Net-SNMP before 5.0.9 allows a user or community to access data in MIB objects, even if that data is not allowed to be viewed.

Red Hat Enterprise Linux 3 2004-01-15T00:00:00 RHSA-2004:023 net-snmp-0:5.0.9-2.30E.1 Red Hat Linux 8.0 2003-12-02T00:00:00 RHSA-2003:335 Red Hat Linux 9 2003-12-02T00:00:00 RHSA-2003:335 https://www.cve.org/CVERecord?id=CVE-2003-0935 https://nvd.nist.gov/vuln/detail/CVE-2003-0935 Important 2003-12-01T00:00:00 security flaw

Integer overflow in the do_brk function for the brk system call in Linux kernel 2.4.22 and earlier allows local users to gain root privileges.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2003-12-19T00:00:00 RHSA-2003:368 Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2003-12-01T00:00:00 RHSA-2003:389 Red Hat Enterprise Linux AS version 3 2003-12-02T00:00:00 RHBA-2003:308 Red Hat Enterprise Linux ES version 2.1 2003-12-01T00:00:00 RHSA-2003:389 Red Hat Enterprise Linux WS version 2.1 2003-12-01T00:00:00 RHSA-2003:389 Red Hat Enterprise Linux WS version 3 2003-12-02T00:00:00 RHBA-2003:308 Red Hat Linux 7.1 2003-12-02T00:00:00 RHSA-2003:392 Red Hat Linux 7.2 2003-12-02T00:00:00 RHSA-2003:392 Red Hat Linux 7.3 2003-12-02T00:00:00 RHSA-2003:392 Red Hat Linux 8.0 2003-12-02T00:00:00 RHSA-2003:392 Red Hat Linux 9 2003-12-02T00:00:00 RHSA-2003:392 Red Hat Linux Advanced Workstation 2.1 2003-12-19T00:00:00 RHSA-2003:368 https://www.cve.org/CVERecord?id=CVE-2003-0961 https://nvd.nist.gov/vuln/detail/CVE-2003-0961 Critical 2003-12-04T00:00:00 security flaw

Heap-based buffer overflow in rsync before 2.5.7, when running in server mode, allows remote attackers to execute arbitrary code and possibly escape the chroot jail.

Red Hat would like to thank the rsync team for reporting this issue. Red Hat Enterprise Linux 3 2003-12-04T00:00:00 RHSA-2003:399 rsync-0:2.5.7-1 Red Hat Linux 7.1 2003-12-04T00:00:00 RHSA-2003:398 Red Hat Linux 7.2 2003-12-04T00:00:00 RHSA-2003:398 Red Hat Linux 7.3 2003-12-04T00:00:00 RHSA-2003:398 Red Hat Linux 8.0 2003-12-04T00:00:00 RHSA-2003:398 Red Hat Linux 9 2003-12-04T00:00:00 RHSA-2003:398 https://www.cve.org/CVERecord?id=CVE-2003-0962 https://nvd.nist.gov/vuln/detail/CVE-2003-0962 Moderate 2003-12-13T00:00:00 security flaw

Buffer overflows in (1) try_netscape_proxy and (2) try_squid_eplf for lftp 2.6.9 and earlier allow remote HTTP servers to execute arbitrary code via long directory names that are processed by the ls or rels commands.

Red Hat would like to thank Ulf Härnhammar for reporting this issue. Red Hat Enterprise Linux 3 2003-12-16T00:00:00 RHSA-2003:404 lftp-0:2.6.3-5 Red Hat Linux 7.2 2003-12-16T00:00:00 RHSA-2003:403 Red Hat Linux 7.3 2003-12-16T00:00:00 RHSA-2003:403 Red Hat Linux 8.0 2003-12-16T00:00:00 RHSA-2003:403 Red Hat Linux 9 2003-12-16T00:00:00 RHSA-2003:403 https://www.cve.org/CVERecord?id=CVE-2003-0963 https://nvd.nist.gov/vuln/detail/CVE-2003-0963 Important 2003-12-31T00:00:00 security flaw

Cross-site scripting (XSS) vulnerability in the admin CGI script for Mailman before 2.1.4 allows remote attackers to steal session cookies and conduct unauthorized activities.

Red Hat Linux 9 2004-02-05T00:00:00 RHSA-2004:020 https://www.cve.org/CVERecord?id=CVE-2003-0965 https://nvd.nist.gov/vuln/detail/CVE-2003-0965 Important 2004-01-14T00:00:00 security flaw

Buffer overflow in the frm command in elm 2.5.6 and earlier, and possibly later versions, allows remote attackers to execute arbitrary code via a long Subject line.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2004-01-14T00:00:00 RHSA-2004:009 Red Hat Linux Advanced Workstation 2.1 2004-01-14T00:00:00 RHSA-2004:009 https://www.cve.org/CVERecord?id=CVE-2003-0966 https://nvd.nist.gov/vuln/detail/CVE-2003-0966 Moderate 2003-11-20T00:00:00 security flaw

rad_decode in FreeRADIUS 0.9.2 and earlier allows remote attackers to cause a denial of service (crash) via a short RADIUS string attribute with a tag, which causes memcpy to be called with a -1 length argument, as demonstrated using the Tunnel-Password attribute.

Red Hat Enterprise Linux 3 2003-12-10T00:00:00 RHSA-2003:386 freeradius-0:0.9.3-1 https://www.cve.org/CVERecord?id=CVE-2003-0967 https://nvd.nist.gov/vuln/detail/CVE-2003-0967 Important 2003-11-27T00:00:00 security flaw

GnuPG (GPG) 1.0.2, and other versions up to 1.2.3, creates ElGamal type 20 (sign+encrypt) keys using the same key component for encryption as for signing, which allows attackers to determine the private key from a signature.

Red Hat Enterprise Linux 3 2003-12-11T00:00:00 RHSA-2003:395 gnupg-0:1.2.1-10 Red Hat Linux 7.1 2003-12-11T00:00:00 RHSA-2003:390 Red Hat Linux 7.2 2003-12-11T00:00:00 RHSA-2003:390 Red Hat Linux 7.3 2003-12-11T00:00:00 RHSA-2003:390 Red Hat Linux 8.0 2003-12-11T00:00:00 RHSA-2003:390 Red Hat Linux 9 2003-12-11T00:00:00 RHSA-2003:390 https://www.cve.org/CVERecord?id=CVE-2003-0971 https://nvd.nist.gov/vuln/detail/CVE-2003-0971 Low 2003-11-27T00:00:00 security flaw

Integer signedness error in ansi.c for GNU screen 4.0.1 and earlier, and 3.9.15 and earlier, allows local users to execute arbitrary code via a large number of ";" (semicolon) characters in escape sequences, which leads to a buffer overflow.

https://www.cve.org/CVERecord?id=CVE-2003-0972 https://nvd.nist.gov/vuln/detail/CVE-2003-0972 Low 2003-11-28T00:00:00 security flaw

Unknown vulnerability in mod_python 3.0.x before 3.0.4, and 2.7.x before 2.7.9, allows remote attackers to cause a denial of service (httpd crash) via a certain query string.

Red Hat Enterprise Linux 3 2004-02-26T00:00:00 RHSA-2004:058 mod_python-0:3.0.3-3.ent Red Hat Linux 9 2004-02-26T00:00:00 RHSA-2004:063 https://www.cve.org/CVERecord?id=CVE-2003-0973 https://nvd.nist.gov/vuln/detail/CVE-2003-0973 Low 2003-12-17T00:00:00 security flaw

CVS server before 1.11.10 may allow attackers to cause the CVS server to create directories and files in the file system root directory via malformed module requests.

Red Hat Enterprise Linux 3 2004-01-14T00:00:00 RHSA-2004:004 cvs-0:1.11.2-14 Red Hat Linux 9 2004-01-12T00:00:00 RHSA-2004:003 https://www.cve.org/CVERecord?id=CVE-2003-0977 https://nvd.nist.gov/vuln/detail/CVE-2003-0977 Low 2003-12-04T00:00:00 security flaw

Real time clock (RTC) routines in Linux kernel 2.4.23 and earlier do not properly initialize their structures, which could leak kernel data to user space.

Red Hat Enterprise Linux 3 2004-05-12T00:00:00 RHSA-2004:188 kernel-0:2.4.21-15.EL Red Hat Linux 7.1 2004-01-05T00:00:00 RHSA-2003:417 Red Hat Linux 7.2 2004-01-05T00:00:00 RHSA-2003:417 Red Hat Linux 7.3 2004-01-05T00:00:00 RHSA-2003:417 Red Hat Linux 8.0 2004-01-05T00:00:00 RHSA-2003:417 Red Hat Linux 9 2004-01-05T00:00:00 RHSA-2003:417 https://www.cve.org/CVERecord?id=CVE-2003-0984 https://nvd.nist.gov/vuln/detail/CVE-2003-0984 Important 2004-01-05T00:00:00 security flaw

The mremap system call (do_mremap) in Linux kernel 2.4.x before 2.4.21, and possibly other versions before 2.4.24, does not properly perform bounds checks, which allows local users to cause a denial of service and possibly gain privileges by causing a remapping of a virtual memory area (VMA) to create a zero length VMA, a different vulnerability than CAN-2004-0077.

Red Hat would like to thank Andrea Arcangeli, Paul Starzetz (ISEC), and Solar Designer for reporting this issue. Red Hat Enterprise Linux 3 2004-01-07T00:00:00 RHSA-2003:416 kernel-0:2.4.21-4.0.2.EL Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2004-01-05T00:00:00 RHSA-2003:418 Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2004-01-05T00:00:00 RHSA-2003:419 Red Hat Enterprise Linux ES version 2.1 2004-01-05T00:00:00 RHSA-2003:419 Red Hat Enterprise Linux WS version 2.1 2004-01-05T00:00:00 RHSA-2003:419 Red Hat Linux 7.1 2004-01-05T00:00:00 RHSA-2003:417 Red Hat Linux 7.2 2004-01-05T00:00:00 RHSA-2003:417 Red Hat Linux 7.3 2004-01-05T00:00:00 RHSA-2003:417 Red Hat Linux 8.0 2004-01-05T00:00:00 RHSA-2003:417 Red Hat Linux 9 2004-01-05T00:00:00 RHSA-2003:417 Red Hat Linux Advanced Workstation 2.1 2004-01-05T00:00:00 RHSA-2003:418 https://www.cve.org/CVERecord?id=CVE-2003-0985 https://nvd.nist.gov/vuln/detail/CVE-2003-0985 Important 2003-12-15T00:00:00 security flaw

Various routines for the ppc64 architecture on Linux kernel 2.6 prior to 2.6.2 and 2.4 prior to 2.4.24 do not use the copy_from_user function when copying data from userspace to kernelspace, which crosses security boundaries and allows local users to cause a denial of service.

Red Hat Enterprise Linux 3 2004-01-16T00:00:00 RHSA-2004:017 kernel-0:2.4.21-9.EL https://www.cve.org/CVERecord?id=CVE-2003-0986 https://nvd.nist.gov/vuln/detail/CVE-2003-0986 Low 2003-12-18T00:00:00 httpd mod_digest nonce not verified

mod_digest for Apache before 1.3.31 does not properly verify the nonce of a client response by using a AuthNonce secret.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2004-12-13T00:00:00 RHSA-2004:600 Red Hat Enterprise Linux ES version 2.1 2004-12-13T00:00:00 RHSA-2004:600 Red Hat Enterprise Linux WS version 2.1 2004-12-13T00:00:00 RHSA-2004:600 Red Hat Linux Advanced Workstation 2.1 2004-12-13T00:00:00 RHSA-2004:600 Red Hat Stronghold 4 2004-12-20T00:00:00 RHSA-2004:653 Stronghold 4.0 for Red Hat Enterprise Linux AS (version 2.1) 2005-11-02T00:00:00 RHSA-2005:816 https://www.cve.org/CVERecord?id=CVE-2003-0987 https://nvd.nist.gov/vuln/detail/CVE-2003-0987 Important 2004-01-14T00:00:00 security flaw

Buffer overflow in the VCF file information reader for KDE Personal Information Management (kdepim) suite in KDE 3.1.0 through 3.1.4 allows attackers to execute arbitrary code via a VCF file.

Red Hat Enterprise Linux 3 2004-01-14T00:00:00 RHSA-2004:005 kdepim-6:3.1.3-3.3 Red Hat Linux 9 2004-01-14T00:00:00 RHSA-2004:006 https://www.cve.org/CVERecord?id=CVE-2003-0988 https://nvd.nist.gov/vuln/detail/CVE-2003-0988 Moderate 2004-01-14T00:00:00 security flaw

tcpdump before 3.8.1 allows remote attackers to cause a denial of service (infinite loop) via certain ISAKMP packets, a different vulnerability than CVE-2004-0057.

Red Hat Enterprise Linux 2.1 2004-01-15T00:00:00 RHSA-2004:008 tcpdump-14:3.6.2-12.2.1AS.5 Red Hat Enterprise Linux 3 2004-01-15T00:00:00 RHSA-2004:008 tcpdump-14:3.7.2-7.E3.1 Red Hat Linux 9 2004-01-14T00:00:00 RHSA-2004:007 https://www.cve.org/CVERecord?id=CVE-2003-0989 https://nvd.nist.gov/vuln/detail/CVE-2003-0989 Important 2004-02-09T00:00:00 security flaw

Unknown vulnerability in the mail command handler in Mailman before 2.0.14 allows remote attackers to cause a denial of service (crash) via malformed e-mail commands.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2004-02-09T00:00:00 RHSA-2004:019 Red Hat Enterprise Linux ES version 2.1 2004-02-09T00:00:00 RHSA-2004:019 Red Hat Linux Advanced Workstation 2.1 2004-02-09T00:00:00 RHSA-2004:019 https://www.cve.org/CVERecord?id=CVE-2003-0991 https://nvd.nist.gov/vuln/detail/CVE-2003-0991 Important 2003-09-29T00:00:00 security flaw

Cross-site scripting (XSS) vulnerability in the create CGI script for Mailman before 2.1.3 allows remote attackers to steal cookies of other users.

Red Hat Linux 9 2004-02-05T00:00:00 RHSA-2004:020 https://www.cve.org/CVERecord?id=CVE-2003-0992 https://nvd.nist.gov/vuln/detail/CVE-2003-0992 Low 2003-12-12T00:00:00 security flaw

The SMB dissector in Ethereal before 0.10.0 allows remote attackers to cause a denial of service via a malformed SMB packet that triggers a segmentation fault during processing of Selected packets.

Red Hat Enterprise Linux 3 2004-01-20T00:00:00 RHSA-2004:002 ethereal-0:0.10.0a-0.30E.1 Red Hat Linux 9 2004-01-07T00:00:00 RHSA-2004:001 https://www.cve.org/CVERecord?id=CVE-2003-1012 https://nvd.nist.gov/vuln/detail/CVE-2003-1012 Low 2003-12-12T00:00:00 security flaw

The Q.931 dissector in Ethereal before 0.10.0, and Tethereal, allows remote attackers to cause a denial of service (crash) via a malformed Q.931, which triggers a null dereference.

Red Hat Enterprise Linux 3 2004-01-20T00:00:00 RHSA-2004:002 ethereal-0:0.10.0a-0.30E.1 Red Hat Linux 9 2004-01-07T00:00:00 RHSA-2004:001 https://www.cve.org/CVERecord?id=CVE-2003-1013 https://nvd.nist.gov/vuln/detail/CVE-2003-1013 Important 2004-01-16T00:00:00 security flaw

Stack-based buffer overflow in vfs_s_resolve_symlink of vfs/direntry.c for Midnight Commander (mc) 4.6.0 and earlier, and possibly later versions, allows remote attackers to execute arbitrary code during symlink conversion.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2004-02-03T00:00:00 RHSA-2004:035 Red Hat Enterprise Linux WS version 2.1 2004-02-03T00:00:00 RHSA-2004:035 Red Hat Linux 9 2004-01-21T00:00:00 RHSA-2004:034 Red Hat Linux Advanced Workstation 2.1 2004-02-03T00:00:00 RHSA-2004:035 https://www.cve.org/CVERecord?id=CVE-2003-1023 https://nvd.nist.gov/vuln/detail/CVE-2003-1023 Important 2003-12-04T00:00:00 security flaw

kmod in the Linux kernel does not set its uid, suid, gid, or sgid to 0, which allows local users to cause a denial of service (crash) by sending certain signals to kmod.

Red Hat Enterprise Linux 3 2004-05-12T00:00:00 RHSA-2004:188 kernel-0:2.4.21-15.EL Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2004-02-18T00:00:00 RHSA-2004:069 Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2004-04-22T00:00:00 RHSA-2004:106 Red Hat Enterprise Linux ES version 2.1 2004-02-18T00:00:00 RHSA-2004:069 Red Hat Enterprise Linux WS version 2.1 2004-02-18T00:00:00 RHSA-2004:069 Red Hat Linux 9 2004-02-18T00:00:00 RHSA-2004:065 Red Hat Linux Advanced Workstation 2.1 2004-04-22T00:00:00 RHSA-2004:106 https://www.cve.org/CVERecord?id=CVE-2003-1040 https://nvd.nist.gov/vuln/detail/CVE-2003-1040

The default configuration of Apache 2.0.40, as shipped with Red Hat Linux 9.0, allows remote attackers to list directory contents, even if auto indexing is turned off and there is a default web page configured, via a GET request containing a double slash (//).

Red Hat Enterprise Linux 5 is not vulnerable to this issue. https://www.cve.org/CVERecord?id=CVE-2003-1138 https://nvd.nist.gov/vuln/detail/CVE-2003-1138 Low 2003-11-28T00:00:00 security flaw

Xscreensaver before 4.15 creates temporary files insecurely in (1) driver/passwd-kerberos.c, (2) driver/xscreensaver-getimage-video, (3) driver/xscreensaver.kss.in, and the (4) vidwhacker and (5) webcollage screensavers, which allows local users to overwrite arbitrary files via a symlink attack.

Red Hat Enterprise Linux 3 2006-05-23T00:00:00 RHSA-2006:0498 xscreensaver-1:4.10-20 https://www.cve.org/CVERecord?id=CVE-2003-1294 https://nvd.nist.gov/vuln/detail/CVE-2003-1294 Moderate 2003-02-04T00:00:00 security flaw

The IMAP functionality in PHP before 4.3.1 allows remote attackers to cause a denial of service via an e-mail message with a (1) To or (2) From header with an address that contains a large number of "\" (backslash) characters.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2006-05-23T00:00:00 RHSA-2006:0501 Red Hat Enterprise Linux ES version 2.1 2006-05-23T00:00:00 RHSA-2006:0501 Red Hat Enterprise Linux WS version 2.1 2006-05-23T00:00:00 RHSA-2006:0501 Red Hat Linux Advanced Workstation 2.1 2006-05-23T00:00:00 RHSA-2006:0501 https://www.cve.org/CVERecord?id=CVE-2003-1302 https://nvd.nist.gov/vuln/detail/CVE-2003-1302 Important 2003-06-12T00:00:00 security flaw

Buffer overflow in the imap_fetch_overview function in the IMAP functionality (php_imap.c) in PHP before 4.3.3 allows remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a long e-mail address in a (1) To or (2) From header.

Red Hat Enterprise Linux 3 2006-04-25T00:00:00 RHSA-2006:0276 php-0:4.3.2-30.ent Red Hat Enterprise Linux 4 2006-04-25T00:00:00 RHSA-2006:0276 php-0:4.3.9-3.12 Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2006-05-23T00:00:00 RHSA-2006:0501 Red Hat Enterprise Linux ES version 2.1 2006-05-23T00:00:00 RHSA-2006:0501 Red Hat Enterprise Linux WS version 2.1 2006-05-23T00:00:00 RHSA-2006:0501 Red Hat Linux Advanced Workstation 2.1 2006-05-23T00:00:00 RHSA-2006:0501 https://www.cve.org/CVERecord?id=CVE-2003-1303 https://nvd.nist.gov/vuln/detail/CVE-2003-1303

The mod_php module for the Apache HTTP Server allows local users with write access to PHP scripts to send signals to the server's process group and use the server's file descriptors, as demonstrated by sending a STOP signal, then intercepting incoming connections on the server's TCP port. NOTE: the PHP developer has disputed this vulnerability, saying "The opened file descriptors are opened by Apache. It is the job of Apache to protect them ... Not a bug in PHP.

This is not a vulnerability. When PHP scripts are interpreted using the dynamically loaded mod_php DSO, the PHP interpreter executes with the privileges of the httpd child process. The PHP intepreter does not "sandbox" PHP scripts from the environment in which they run. On any modern Unix system a process can easily obtain access to all the parent file descriptors anyway, even if they have been closed. https://www.cve.org/CVERecord?id=CVE-2003-1307 https://nvd.nist.gov/vuln/detail/CVE-2003-1307

CRLF injection vulnerability in fvwm-menu-directory for fvwm 2.5.x before 2.5.10 and 2.4.x before 2.4.18 allows local users to execute arbitrary commands via carriage returns in a filename.

Not vulnerable. Red Hat Enterprise Linux 2.1 shipped with fvwm, however this issue does not affect the included version of fvwm. https://www.cve.org/CVERecord?id=CVE-2003-1308 https://nvd.nist.gov/vuln/detail/CVE-2003-1308 Moderate 2003-01-29T00:00:00 security flaw

ftpd.c in wu-ftpd 2.6.2, when running on "operating systems that only allow one non-connected socket bound to the same local address," does not close failed connections, which allows remote attackers to cause a denial of service.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2004-03-08T00:00:00 RHSA-2004:096 Red Hat Enterprise Linux ES version 2.1 2004-03-08T00:00:00 RHSA-2004:096 Red Hat Linux Advanced Workstation 2.1 2004-03-08T00:00:00 RHSA-2004:096 https://www.cve.org/CVERecord?id=CVE-2003-1329 https://nvd.nist.gov/vuln/detail/CVE-2003-1329

Stack-based buffer overflow in the mysql_real_connect function in the MySql client library (libmysqlclient) 4.0.13 and earlier allows local users to execute arbitrary code via a long socket name, a different vulnerability than CVE-2001-1453.

Red Hat does not consider this issue to be a security vulnerability since no trust boundary is crossed. The user must voluntarily interact with the attack mechanism to exploit this flaw, with the result being the ability to run code as themselves. https://www.cve.org/CVERecord?id=CVE-2003-1331 https://nvd.nist.gov/vuln/detail/CVE-2003-1331 Low 2003-02-25T00:00:00 httpd information disclosure in FileEtag 2.6 AV:N/AC:H/Au:N/C:P/I:N/A:N

Apache HTTP Server 1.3.22 through 1.3.27 on OpenBSD allows remote attackers to obtain sensitive information via (1) the ETag header, which reveals the inode number, or (2) multipart MIME boundary, which reveals child process IDs (PID).

Red Hat does not consider this to be a security issue. The information returned poses no threat to the target machine running httpd. Red Hat Enterprise Linux 4 Will not fix httpd Red Hat Enterprise Linux 5 Will not fix httpd Red Hat Enterprise Linux 6 Will not fix httpd https://www.cve.org/CVERecord?id=CVE-2003-1418 https://nvd.nist.gov/vuln/detail/CVE-2003-1418

Off-by-one buffer overflow in spamc of SpamAssassin 2.40 through 2.43, when using BSMTP mode ("-B"), allows remote attackers to execute arbitrary code via email containing headers with leading "." characters.

Not vulnerable. This issue did not affect the versions of SpamAssassin as shipped with Red Hat Enterprise Linux 3, 4, or 5. https://www.cve.org/CVERecord?id=CVE-2003-1557 https://nvd.nist.gov/vuln/detail/CVE-2003-1557 Low 2003-05-01T00:00:00 openssh information disclosure

sshd in OpenSSH 3.6.1p2 and earlier, when PermitRootLogin is disabled and using PAM keyboard-interactive authentication, does not insert a delay after a root login attempt with the correct password, which makes it easier for remote attackers to use timing differences to determine if the password step of a multi-step authentication is successful, a different vulnerability than CVE-2003-0190.

The risks associated with fixing this bug are greater than the low severity security risk. We therefore currently have no plans to fix this flaw in Red Hat Enterprise Linux 2.1 and 3 which is in maintenance mode. https://www.cve.org/CVERecord?id=CVE-2003-1562 https://nvd.nist.gov/vuln/detail/CVE-2003-1562 Moderate 2003-02-02T00:00:00 libxml2: billion laughs DoS attack

libxml2, possibly before 2.5.0, does not properly detect recursion during entity expansion, which allows context-dependent attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, aka the "billion laughs attack."

Red Hat Enterprise Linux 2.1 2008-09-11T00:00:00 RHSA-2008:0886 libxml2-0:2.4.19-11.ent https://www.cve.org/CVERecord?id=CVE-2003-1564 https://nvd.nist.gov/vuln/detail/CVE-2003-1564 Low 2003-03-04T00:00:00 httpd: Injection of arbitrary text into log files when DNS resolution is enabled 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files via an HTTP request in conjunction with a crafted DNS response, as demonstrated by injecting XSS sequences, related to an "Inverse Lookup Log Corruption (ILLC)" issue.

https://www.cve.org/CVERecord?id=CVE-2003-1581 https://nvd.nist.gov/vuln/detail/CVE-2003-1581 Moderate 2003-10-20T00:00:00 kernel: Missing NULL pointer check in nf_nat_redirect_ipv4 5.4 AV:N/AC:H/Au:N/C:N/I:N/A:C CWE-476

The redirect_target function in net/ipv4/netfilter/ipt_REDIRECT.c in the Linux kernel before 2.6.0 allows remote attackers to cause a denial of service (NULL pointer dereference and OOPS) by sending packets to an interface that has a 0.0.0.0 IP address, a related issue to CVE-2015-8787.

Red Hat Enterprise Linux 5 Not affected kernel Red Hat Enterprise Linux 6 Not affected kernel Red Hat Enterprise Linux 7 Not affected kernel Red Hat Enterprise Linux 7 Not affected kernel-rt Red Hat Enterprise MRG 2 Not affected realtime-kernel https://www.cve.org/CVERecord?id=CVE-2003-1604 https://nvd.nist.gov/vuln/detail/CVE-2003-1604 Moderate 2004-01-13T00:00:00 security flaw

Unknown vulnerability in the eflags checking in the 32-bit ptrace emulation for the Linux kernel on AMD64 systems allows local users to gain privileges.

Red Hat Enterprise Linux 3 2004-01-16T00:00:00 RHSA-2004:017 kernel-0:2.4.21-9.EL https://www.cve.org/CVERecord?id=CVE-2004-0001 https://nvd.nist.gov/vuln/detail/CVE-2004-0001 Moderate 2004-01-16T00:00:00 security flaw

Unknown vulnerability in Linux kernel before 2.4.22 allows local users to gain privileges, related to "R128 DRI limits checking."

Red Hat Enterprise Linux 3 2004-05-12T00:00:00 RHSA-2004:188 kernel-0:2.4.21-15.EL Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2004-02-03T00:00:00 RHSA-2004:044 Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2004-04-22T00:00:00 RHSA-2004:106 Red Hat Enterprise Linux ES version 2.1 2004-02-03T00:00:00 RHSA-2004:044 Red Hat Enterprise Linux WS version 2.1 2004-02-03T00:00:00 RHSA-2004:044 Red Hat Linux 9 2004-02-18T00:00:00 RHSA-2004:065 Red Hat Linux 9 2004-04-21T00:00:00 RHSA-2004:166 Red Hat Linux Advanced Workstation 2.1 2004-04-22T00:00:00 RHSA-2004:106 https://www.cve.org/CVERecord?id=CVE-2004-0003 https://nvd.nist.gov/vuln/detail/CVE-2004-0003 Moderate 2004-01-26T00:00:00 security flaw

Multiple buffer overflows in Gaim 0.75 and earlier, and Ultramagnetic before 0.81, allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) cookies in a Yahoo web connection, (2) a long name parameter in the Yahoo login web page, (3) a long value parameter in the Yahoo login page, (4) a YMSG packet, (5) the URL parser, and (6) HTTP proxy connect.

Red Hat would like to thank Jacques A. Vidrine and Steffan Esser for reporting this issue. Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2004-02-09T00:00:00 RHSA-2004:045 Red Hat Enterprise Linux ES version 2.1 2004-02-09T00:00:00 RHSA-2004:045 Red Hat Enterprise Linux WS version 2.1 2004-02-09T00:00:00 RHSA-2004:045 Red Hat Linux 9 2004-01-26T00:00:00 RHSA-2004:032 Red Hat Linux Advanced Workstation 2.1 2004-02-09T00:00:00 RHSA-2004:045 https://www.cve.org/CVERecord?id=CVE-2004-0006 https://nvd.nist.gov/vuln/detail/CVE-2004-0006 Moderate 2004-01-26T00:00:00 security flaw

Buffer overflow in the Extract Info Field Function for (1) MSN and (2) YMSG protocol handlers in Gaim 0.74 and earlier, and Ultramagnetic before 0.81, allows remote attackers to cause a denial of service and possibly execute arbitrary code.

Red Hat would like to thank Jacques A. Vidrine and Steffan Esser for reporting this issue. Red Hat Linux 9 2004-01-26T00:00:00 RHSA-2004:032 https://www.cve.org/CVERecord?id=CVE-2004-0007 https://nvd.nist.gov/vuln/detail/CVE-2004-0007 Critical 2004-01-26T00:00:00 security flaw

Integer overflow in Gaim 0.74 and earlier, and Ultramagnetic before 0.81, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a directIM packet that triggers a heap-based buffer overflow.

Red Hat would like to thank Jacques A. Vidrine and Steffan Esser for reporting this issue. Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2004-02-09T00:00:00 RHSA-2004:045 Red Hat Enterprise Linux ES version 2.1 2004-02-09T00:00:00 RHSA-2004:045 Red Hat Enterprise Linux WS version 2.1 2004-02-09T00:00:00 RHSA-2004:045 Red Hat Linux 9 2004-01-26T00:00:00 RHSA-2004:032 Red Hat Linux Advanced Workstation 2.1 2004-02-09T00:00:00 RHSA-2004:045 https://www.cve.org/CVERecord?id=CVE-2004-0008 https://nvd.nist.gov/vuln/detail/CVE-2004-0008 Moderate 2004-02-18T00:00:00 security flaw

Stack-based buffer overflow in the ncp_lookup function for ncpfs in Linux kernel 2.4.x allows local users to gain privileges.

Red Hat Enterprise Linux 3 2004-05-12T00:00:00 RHSA-2004:188 kernel-0:2.4.21-15.EL Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2004-02-18T00:00:00 RHSA-2004:069 Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2004-04-22T00:00:00 RHSA-2004:106 Red Hat Enterprise Linux ES version 2.1 2004-02-18T00:00:00 RHSA-2004:069 Red Hat Enterprise Linux WS version 2.1 2004-02-18T00:00:00 RHSA-2004:069 Red Hat Linux 9 2004-02-18T00:00:00 RHSA-2004:065 Red Hat Linux Advanced Workstation 2.1 2004-04-22T00:00:00 RHSA-2004:106 https://www.cve.org/CVERecord?id=CVE-2004-0010 https://nvd.nist.gov/vuln/detail/CVE-2004-0010 Moderate 2004-01-04T00:00:00 security flaw

The print_attr_string function in print-radius.c for tcpdump 3.8.1 and earlier allows remote attackers to cause a denial of service (segmentation fault) via a RADIUS attribute with a large length value.

Red Hat Enterprise Linux 2.1 2004-01-15T00:00:00 RHSA-2004:008 tcpdump-14:3.6.2-12.2.1AS.5 Red Hat Enterprise Linux 3 2004-01-15T00:00:00 RHSA-2004:008 tcpdump-14:3.7.2-7.E3.1 Red Hat Linux 9 2004-01-14T00:00:00 RHSA-2004:007 https://www.cve.org/CVERecord?id=CVE-2004-0055 https://nvd.nist.gov/vuln/detail/CVE-2004-0055 Moderate 2004-01-04T00:00:00 security flaw

The rawprint function in the ISAKMP decoding routines (print-isakmp.c) for tcpdump 3.8.1 and earlier allows remote attackers to cause a denial of service (segmentation fault) via malformed ISAKMP packets that cause invalid "len" or "loc" values to be used in a loop, a different vulnerability than CVE-2003-0989.

Red Hat Enterprise Linux 2.1 2004-01-15T00:00:00 RHSA-2004:008 tcpdump-14:3.6.2-12.2.1AS.5 Red Hat Enterprise Linux 3 2004-01-15T00:00:00 RHSA-2004:008 tcpdump-14:3.7.2-7.E3.1 Red Hat Linux 9 2004-01-14T00:00:00 RHSA-2004:007 https://www.cve.org/CVERecord?id=CVE-2004-0057 https://nvd.nist.gov/vuln/detail/CVE-2004-0057 Moderate 2004-02-18T00:00:00 security flaw

The Vicam USB driver in Linux before 2.4.25 does not use the copy_from_user function when copying data from userspace to kernel space, which crosses security boundaries and allows local users to cause a denial of service.

Red Hat Enterprise Linux 3 2005-04-22T00:00:00 RHSA-2005:293 kernel-0:2.4.21-27.0.4.EL Red Hat Linux 9 2004-02-18T00:00:00 RHSA-2004:065 https://www.cve.org/CVERecord?id=CVE-2004-0075 https://nvd.nist.gov/vuln/detail/CVE-2004-0075 Important 2004-02-18T00:00:00 security flaw

The do_mremap function for the mremap system call in Linux 2.2 to 2.2.25, 2.4 to 2.4.24, and 2.6 to 2.6.2, does not properly check the return value from the do_munmap function when the maximum number of VMA descriptors is exceeded, which allows local users to gain root privileges, a different vulnerability than CAN-2003-0985.

Red Hat would like to thank Paul Starzetz (ISEC) for reporting this issue. Red Hat Enterprise Linux 3 2004-02-19T00:00:00 RHSA-2004:066 kernel-0:2.4.21-9.0.1.EL Red Hat Enterprise Linux 3 2004-02-19T00:00:00 RHSA-2004:066 s390utils-2:1.2.4-3 Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2004-02-18T00:00:00 RHSA-2004:069 Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2004-04-22T00:00:00 RHSA-2004:106 Red Hat Enterprise Linux ES version 2.1 2004-02-18T00:00:00 RHSA-2004:069 Red Hat Enterprise Linux WS version 2.1 2004-02-18T00:00:00 RHSA-2004:069 Red Hat Linux 9 2004-02-18T00:00:00 RHSA-2004:065 Red Hat Linux Advanced Workstation 2.1 2004-04-22T00:00:00 RHSA-2004:106 https://www.cve.org/CVERecord?id=CVE-2004-0077 https://nvd.nist.gov/vuln/detail/CVE-2004-0077 Important 2004-02-11T00:00:00 security flaw

Buffer overflow in the index menu code (menu_pad_string of menu.c) for Mutt 1.4.1 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain mail messages.

Red Hat would like to thank Niels Heinen for reporting this issue. Red Hat Enterprise Linux 3 2004-02-11T00:00:00 RHSA-2004:050 mutt-5:1.4.1-3.4 Red Hat Linux 9 2004-02-11T00:00:00 RHSA-2004:051 https://www.cve.org/CVERecord?id=CVE-2004-0078 https://nvd.nist.gov/vuln/detail/CVE-2004-0078 Important 2004-03-17T00:00:00 security flaw

The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference.

Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Red Hat Enterprise Linux 3 2004-03-17T00:00:00 RHSA-2004:120 openssl-0:0.9.7a-33.4 Red Hat Enterprise Linux 3 2004-03-17T00:00:00 RHSA-2004:120 openssl096b-0:0.9.6b-16 Red Hat Enterprise Linux 3 2005-11-02T00:00:00 RHSA-2005:830 openssl096b-0:0.9.6b-16.42 Red Hat Enterprise Linux 4 2005-11-02T00:00:00 RHSA-2005:830 openssl096b-0:0.9.6b-22.42 Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2005-11-02T00:00:00 RHSA-2005:829 Red Hat Enterprise Linux ES version 2.1 2005-11-02T00:00:00 RHSA-2005:829 Red Hat Enterprise Linux WS version 2.1 2005-11-02T00:00:00 RHSA-2005:829 Red Hat Linux 9 2004-03-17T00:00:00 RHSA-2004:121 Red Hat Linux Advanced Workstation 2.1 2005-11-02T00:00:00 RHSA-2005:829 Red Hat Stronghold 4 2004-03-17T00:00:00 RHSA-2004:139 https://www.cve.org/CVERecord?id=CVE-2004-0079 https://nvd.nist.gov/vuln/detail/CVE-2004-0079 Moderate 2004-02-03T00:00:00 security flaw

The login program in util-linux 2.11 and earlier uses a pointer after it has been freed and reallocated, which could cause login to leak sensitive data.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2004-02-03T00:00:00 RHSA-2004:056 Red Hat Enterprise Linux ES version 2.1 2004-02-03T00:00:00 RHSA-2004:056 Red Hat Enterprise Linux WS version 2.1 2004-02-03T00:00:00 RHSA-2004:056 Red Hat Linux Advanced Workstation 2.1 2004-02-03T00:00:00 RHSA-2004:056 https://www.cve.org/CVERecord?id=CVE-2004-0080 https://nvd.nist.gov/vuln/detail/CVE-2004-0080 Low 2004-03-17T00:00:00 security flaw

OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool.

Red Hat Enterprise Linux 3 2004-03-17T00:00:00 RHSA-2004:120 openssl-0:0.9.7a-33.4 Red Hat Enterprise Linux 3 2004-03-17T00:00:00 RHSA-2004:120 openssl096b-0:0.9.6b-16 Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2004-03-17T00:00:00 RHSA-2004:119 Red Hat Enterprise Linux ES version 2.1 2004-03-17T00:00:00 RHSA-2004:119 Red Hat Enterprise Linux WS version 2.1 2004-03-17T00:00:00 RHSA-2004:119 Red Hat Linux 9 2004-03-17T00:00:00 RHSA-2004:121 Red Hat Linux Advanced Workstation 2.1 2004-03-17T00:00:00 RHSA-2004:119 Red Hat Stronghold 4 2004-03-17T00:00:00 RHSA-2004:139 https://www.cve.org/CVERecord?id=CVE-2004-0081 https://nvd.nist.gov/vuln/detail/CVE-2004-0081 Low 2004-02-13T00:00:00 security flaw

The mksmbpasswd shell script (mksmbpasswd.sh) in Samba 3.0.0 and 3.0.1, when creating an account but marking it as disabled, may overwrite the user password with an uninitialized buffer, which could enable the account with a more easily guessable password.

Red Hat would like to thank the Samba team for reporting this issue. Red Hat Enterprise Linux 3 2004-02-18T00:00:00 RHSA-2004:064 samba-0:3.0.2-6.3E https://www.cve.org/CVERecord?id=CVE-2004-0082 https://nvd.nist.gov/vuln/detail/CVE-2004-0082 Important 2004-02-08T00:00:00 security flaw

Buffer overflow in ReadFontAlias from dirfile.c of XFree86 4.1.0 through 4.3.0 allows local users and remote attackers to execute arbitrary code via a font alias file (font.alias) with a long token, a different vulnerability than CVE-2004-0084 and CVE-2004-0106.

Red Hat would like to thank David Dawes (XFree86) and iDefense for reporting this issue. Red Hat Enterprise Linux 3 2004-02-13T00:00:00 RHSA-2004:061 XFree86-0:4.3.0-55.EL Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2004-02-13T00:00:00 RHSA-2004:060 Red Hat Enterprise Linux ES version 2.1 2004-02-13T00:00:00 RHSA-2004:060 Red Hat Enterprise Linux WS version 2.1 2004-02-13T00:00:00 RHSA-2004:060 Red Hat Linux 9 2004-02-13T00:00:00 RHSA-2004:059 Red Hat Linux Advanced Workstation 2.1 2004-02-13T00:00:00 RHSA-2004:060 https://www.cve.org/CVERecord?id=CVE-2004-0083 https://nvd.nist.gov/vuln/detail/CVE-2004-0083 Important 2004-02-12T00:00:00 security flaw

Buffer overflow in the ReadFontAlias function in XFree86 4.1.0 to 4.3.0, when using the CopyISOLatin1Lowered function, allows local or remote authenticated users to execute arbitrary code via a malformed entry in the font alias (font.alias) file, a different vulnerability than CVE-2004-0083 and CVE-2004-0106.

Red Hat would like to thank David Dawes (XFree86) and iDefense for reporting this issue. Red Hat Enterprise Linux 3 2004-02-13T00:00:00 RHSA-2004:061 XFree86-0:4.3.0-55.EL Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2004-02-13T00:00:00 RHSA-2004:060 Red Hat Enterprise Linux ES version 2.1 2004-02-13T00:00:00 RHSA-2004:060 Red Hat Enterprise Linux WS version 2.1 2004-02-13T00:00:00 RHSA-2004:060 Red Hat Linux 9 2004-02-13T00:00:00 RHSA-2004:059 Red Hat Linux Advanced Workstation 2.1 2004-02-13T00:00:00 RHSA-2004:060 https://www.cve.org/CVERecord?id=CVE-2004-0084 https://nvd.nist.gov/vuln/detail/CVE-2004-0084 Important 2004-02-19T00:00:00 security flaw

XFree86 4.1.0 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an out-of-bounds array index when using the GLX extension and Direct Rendering Infrastructure (DRI).

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2004-04-22T00:00:00 RHSA-2004:152 Red Hat Enterprise Linux ES version 2.1 2004-04-22T00:00:00 RHSA-2004:152 Red Hat Enterprise Linux WS version 2.1 2004-04-22T00:00:00 RHSA-2004:152 Red Hat Linux Advanced Workstation 2.1 2004-04-22T00:00:00 RHSA-2004:152 https://www.cve.org/CVERecord?id=CVE-2004-0093 https://nvd.nist.gov/vuln/detail/CVE-2004-0093 Important 2004-02-19T00:00:00 security flaw

Integer signedness errors in XFree86 4.1.0 allow remote attackers to cause a denial of service and possibly execute arbitrary code when using the GLX extension and Direct Rendering Infrastructure (DRI).

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2004-04-22T00:00:00 RHSA-2004:152 Red Hat Enterprise Linux ES version 2.1 2004-04-22T00:00:00 RHSA-2004:152 Red Hat Enterprise Linux WS version 2.1 2004-04-22T00:00:00 RHSA-2004:152 Red Hat Linux Advanced Workstation 2.1 2004-04-22T00:00:00 RHSA-2004:152 https://www.cve.org/CVERecord?id=CVE-2004-0094 https://nvd.nist.gov/vuln/detail/CVE-2004-0094 Moderate 2004-01-22T00:00:00 mod_python remote DoS

Unknown vulnerability in mod_python 2.7.9 allows remote attackers to cause a denial of service (httpd crash) via a certain query string, a variant of CAN-2003-0973.

Red Hat Enterprise Linux 3 2004-02-26T00:00:00 RHSA-2004:058 mod_python-0:3.0.3-3.ent Red Hat Linux 9 2004-02-26T00:00:00 RHSA-2004:063 https://www.cve.org/CVERecord?id=CVE-2004-0096 https://nvd.nist.gov/vuln/detail/CVE-2004-0096 Moderate 2004-01-21T00:00:00 security flaw

Multiple vulnerabilities in PWLib before 1.6.0 allow remote attackers to cause a denial of service and possibly execute arbitrary code, as demonstrated by the NISCC/OUSPG PROTOS test suite for the H.225 protocol.

Red Hat would like to thank Craig Southeren (the OpenH323 project) for reporting this issue. Red Hat Enterprise Linux 3 2004-02-18T00:00:00 RHSA-2004:047 pwlib-0:1.4.7-7.EL Red Hat Linux 9 2004-02-13T00:00:00 RHSA-2004:048 https://www.cve.org/CVERecord?id=CVE-2004-0097 https://nvd.nist.gov/vuln/detail/CVE-2004-0097 Important 2004-02-18T00:00:00 security flaw

Multiple format string vulnerabilities in Metamail 2.7 and earlier allow remote attackers to execute arbitrary code.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2004-02-18T00:00:00 RHSA-2004:073 Red Hat Enterprise Linux ES version 2.1 2004-02-18T00:00:00 RHSA-2004:073 Red Hat Enterprise Linux WS version 2.1 2004-02-18T00:00:00 RHSA-2004:073 Red Hat Linux Advanced Workstation 2.1 2004-02-18T00:00:00 RHSA-2004:073 https://www.cve.org/CVERecord?id=CVE-2004-0104 https://nvd.nist.gov/vuln/detail/CVE-2004-0104 Important 2004-02-18T00:00:00 security flaw

Multiple buffer overflows in Metamail 2.7 and earlier allow remote attackers to execute arbitrary code.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2004-02-18T00:00:00 RHSA-2004:073 Red Hat Enterprise Linux ES version 2.1 2004-02-18T00:00:00 RHSA-2004:073 Red Hat Enterprise Linux WS version 2.1 2004-02-18T00:00:00 RHSA-2004:073 Red Hat Linux Advanced Workstation 2.1 2004-02-18T00:00:00 RHSA-2004:073 https://www.cve.org/CVERecord?id=CVE-2004-0105 https://nvd.nist.gov/vuln/detail/CVE-2004-0105 Important 2004-02-13T00:00:00 security flaw

Multiple unknown vulnerabilities in XFree86 4.1.0 to 4.3.0, related to improper handling of font files, a different set of vulnerabilities than CVE-2004-0083 and CVE-2004-0084.

Red Hat would like to thank David Dawes (XFree86) for reporting this issue. Red Hat Enterprise Linux 3 2004-02-13T00:00:00 RHSA-2004:061 XFree86-0:4.3.0-55.EL Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2004-02-13T00:00:00 RHSA-2004:060 Red Hat Enterprise Linux ES version 2.1 2004-02-13T00:00:00 RHSA-2004:060 Red Hat Enterprise Linux WS version 2.1 2004-02-13T00:00:00 RHSA-2004:060 Red Hat Linux 9 2004-02-13T00:00:00 RHSA-2004:059 Red Hat Linux Advanced Workstation 2.1 2004-02-13T00:00:00 RHSA-2004:060 https://www.cve.org/CVERecord?id=CVE-2004-0106 https://nvd.nist.gov/vuln/detail/CVE-2004-0106 Moderate 2004-03-10T00:00:00 security flaw

The (1) post and (2) trigger scripts in sysstat 4.0.7 and earlier allow local users to overwrite arbitrary files via symlink attacks on temporary files, a different vulnerability than CVE-2004-0108.

Red Hat Enterprise Linux 3 2004-03-10T00:00:00 RHSA-2004:053 sysstat-0:4.0.7-4.EL3.2 Red Hat Linux 9 2004-03-10T00:00:00 RHSA-2004:093 https://www.cve.org/CVERecord?id=CVE-2004-0107 https://nvd.nist.gov/vuln/detail/CVE-2004-0107 Moderate 2004-03-10T00:00:00 security flaw

The isag utility, which processes sysstat data, allows local users to overwrite arbitrary files via a symlink attack on temporary files, a different vulnerability than CAN-2004-0107.

Red Hat Enterprise Linux 3 2004-03-10T00:00:00 RHSA-2004:053 sysstat-0:4.0.7-4.EL3.2 https://www.cve.org/CVERecord?id=CVE-2004-0108 https://nvd.nist.gov/vuln/detail/CVE-2004-0108 Moderate 2004-04-14T00:00:00 security flaw

Buffer overflow in the ISO9660 file system component for Linux kernel 2.4.x, 2.5.x and 2.6.x, allows local users with physical access to overflow kernel memory and execute arbitrary code via a malformed CD containing a long symbolic link entry.

Red Hat Enterprise Linux 3 2004-04-22T00:00:00 RHSA-2004:183 kernel-0:2.4.21-9.0.3.EL Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2004-04-22T00:00:00 RHSA-2004:105 Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2004-04-22T00:00:00 RHSA-2004:106 Red Hat Enterprise Linux ES version 2.1 2004-04-22T00:00:00 RHSA-2004:105 Red Hat Enterprise Linux WS version 2.1 2004-04-22T00:00:00 RHSA-2004:105 Red Hat Linux 9 2004-04-21T00:00:00 RHSA-2004:166 Red Hat Linux Advanced Workstation 2.1 2004-04-22T00:00:00 RHSA-2004:106 https://www.cve.org/CVERecord?id=CVE-2004-0109 https://nvd.nist.gov/vuln/detail/CVE-2004-0109 Moderate 2004-02-12T00:00:00 libxml2 long URL causes SEGV

Buffer overflow in the (1) nanohttp or (2) nanoftp modules in XMLSoft Libxml 2 (Libxml2) 2.6.0 through 2.6.5 allow remote attackers to execute arbitrary code via a long URL.

Red Hat Enterprise Linux 3 2004-02-26T00:00:00 RHSA-2004:090 libxml2-0:2.5.10-6 Red Hat Enterprise Linux 3 2004-12-16T00:00:00 RHSA-2004:650 libxml-1:1.8.17-9.2 Red Hat Linux 9 2004-02-26T00:00:00 RHSA-2004:091 https://www.cve.org/CVERecord?id=CVE-2004-0110 https://nvd.nist.gov/vuln/detail/CVE-2004-0110 Important 2004-03-10T00:00:00 security flaw

gdk-pixbuf before 0.20 allows attackers to cause a denial of service (crash) via a malformed bitmap (BMP) file.

Red Hat Enterprise Linux 3 2004-03-10T00:00:00 RHSA-2004:103 gdk-pixbuf-1:0.22.0-6.1.1 Red Hat Linux 9 2004-03-10T00:00:00 RHSA-2004:102 https://www.cve.org/CVERecord?id=CVE-2004-0111 https://nvd.nist.gov/vuln/detail/CVE-2004-0111 Low 2004-03-17T00:00:00 security flaw

The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that causes an out-of-bounds read.

Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Red Hat Enterprise Linux 3 2004-03-17T00:00:00 RHSA-2004:120 openssl-0:0.9.7a-33.4 Red Hat Enterprise Linux 3 2004-03-17T00:00:00 RHSA-2004:120 openssl096b-0:0.9.6b-16 Red Hat Linux 9 2004-03-17T00:00:00 RHSA-2004:121 https://www.cve.org/CVERecord?id=CVE-2004-0112 https://nvd.nist.gov/vuln/detail/CVE-2004-0112 2004-02-20T00:00:00 security flaw

Memory leak in ssl_engine_io.c for mod_ssl in Apache 2 before 2.0.49 allows remote attackers to cause a denial of service (memory consumption) via plain HTTP requests to the SSL port of an SSL-enabled server.

Red Hat Enterprise Linux 3 2004-03-23T00:00:00 RHSA-2004:084 httpd-0:2.0.46-32.ent Red Hat Linux 9 2004-04-30T00:00:00 RHSA-2004:182 https://www.cve.org/CVERecord?id=CVE-2004-0113 https://nvd.nist.gov/vuln/detail/CVE-2004-0113 Important 2004-10-15T00:00:00 security flaw

The mapelf32exec function call in IRIX 6.5.20 through 6.5.24 allows local users to cause a denial of service (system crash) via a "corrupted binary."

https://www.cve.org/CVERecord?id=CVE-2004-0136 https://nvd.nist.gov/vuln/detail/CVE-2004-0136 Important 2004-10-15T00:00:00 security flaw

The ELF loader in Linux kernel 2.4 before 2.4.25 allows local users to cause a denial of service (crash) via a crafted ELF file with an interpreter with an invalid arch (architecture), which triggers a BUG() when an invalid VMA is unmapped.

Red Hat Enterprise Linux 3 2004-12-02T00:00:00 RHSA-2004:549 kernel-0:2.4.21-20.0.1.EL Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2004-12-13T00:00:00 RHSA-2004:504 Red Hat Linux Advanced Workstation 2.1 2004-12-13T00:00:00 RHSA-2004:504 https://www.cve.org/CVERecord?id=CVE-2004-0138 https://nvd.nist.gov/vuln/detail/CVE-2004-0138 Moderate 2004-03-08T00:00:00 security flaw

wu-ftpd 2.6.2 and earlier, with the restricted-gid option enabled, allows local users to bypass access restrictions by changing the permissions to prevent access to their home directory, which causes wu-ftpd to use the root directory instead.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2004-03-08T00:00:00 RHSA-2004:096 Red Hat Enterprise Linux ES version 2.1 2004-03-08T00:00:00 RHSA-2004:096 Red Hat Linux Advanced Workstation 2.1 2004-03-08T00:00:00 RHSA-2004:096 https://www.cve.org/CVERecord?id=CVE-2004-0148 https://nvd.nist.gov/vuln/detail/CVE-2004-0148 Low 2003-09-09T00:00:00 security flaw

rpc.mountd in nfs-utils after 1.0.3 and before 1.0.6 allows attackers to cause a denial of service (crash) via an NFS mount of a directory from a client whose reverse DNS lookup name is different from the forward lookup name.

Red Hat Enterprise Linux 3 2004-03-11T00:00:00 RHSA-2004:072 nfs-utils-0:1.0.6-7.EL https://www.cve.org/CVERecord?id=CVE-2004-0154 https://nvd.nist.gov/vuln/detail/CVE-2004-0154 Important 2004-04-05T00:00:00 security flaw

The KAME IKE Daemon Racoon, when authenticating a peer during Phase 1, validates the X.509 certificate but does not verify the RSA signature authentication, which allows remote attackers to establish unauthorized IP connections or conduct man-in-the-middle attacks using a valid, trusted X.509 certificate.

Red Hat Enterprise Linux 3 2004-05-12T00:00:00 RHSA-2004:165 ipsec-tools-0:0.2.5-0.4 https://www.cve.org/CVERecord?id=CVE-2004-0155 https://nvd.nist.gov/vuln/detail/CVE-2004-0155 Moderate 2004-01-13T00:00:00 security flaw

KAME IKE daemon (racoon) does not properly handle hash values, which allows remote attackers to delete certificates via (1) a certain delete message that is not properly handled in isakmp.c or isakmp_inf.c, or (2) a certain INITIAL-CONTACT message that is not properly handled in isakmp_inf.c.

Red Hat Enterprise Linux 3 2004-05-12T00:00:00 RHSA-2004:165 ipsec-tools-0:0.2.5-0.4 https://www.cve.org/CVERecord?id=CVE-2004-0164 https://nvd.nist.gov/vuln/detail/CVE-2004-0164 Low 2004-03-19T00:00:00 security flaw

Apache 1.4.x before 1.3.30, and 2.0.x before 2.0.49, when using multiple listening sockets on certain platforms, allows remote attackers to cause a denial of service (blocked new connections) via a "short-lived connection on a rarely-accessed listening socket."

Not vulnerable. This issue did not affect Linux. Red Hat Stronghold 4 2004-07-23T00:00:00 RHSA-2004:405 https://www.cve.org/CVERecord?id=CVE-2004-0174 https://nvd.nist.gov/vuln/detail/CVE-2004-0174 Low 2000-09-01T00:00:00 security flaw

Directory traversal vulnerability in scp for OpenSSH before 3.4p1 allows remote malicious servers to overwrite arbitrary files. NOTE: this may be a rediscovery of CVE-2000-0992.

Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Red Hat would like to thank the MIT Kerberos project for reporting this issue. Red Hat Enterprise Linux 3 2005-05-18T00:00:00 RHSA-2005:074 rsh-0:0.17-17.6 Red Hat Enterprise Linux 3 2005-05-18T00:00:00 RHSA-2005:106 openssh-0:3.6.1p2-33.30.4 Red Hat Enterprise Linux 3 2005-07-12T00:00:00 RHSA-2005:562 krb5-0:1.2.7-47 Red Hat Enterprise Linux 4 2005-06-08T00:00:00 RHSA-2005:165 rsh-0:0.17-25.3 Red Hat Enterprise Linux 4 2005-07-12T00:00:00 RHSA-2005:567 krb5-0:1.3.4-17 Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2005-06-02T00:00:00 RHSA-2005:481 Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2005-06-13T00:00:00 RHSA-2005:495 Red Hat Enterprise Linux ES version 2.1 2005-06-02T00:00:00 RHSA-2005:481 Red Hat Enterprise Linux ES version 2.1 2005-06-13T00:00:00 RHSA-2005:495 Red Hat Enterprise Linux WS version 2.1 2005-06-02T00:00:00 RHSA-2005:481 Red Hat Enterprise Linux WS version 2.1 2005-06-13T00:00:00 RHSA-2005:495 Red Hat Linux Advanced Workstation 2.1 2005-06-02T00:00:00 RHSA-2005:481 Red Hat Linux Advanced Workstation 2.1 2005-06-13T00:00:00 RHSA-2005:495 https://www.cve.org/CVERecord?id=CVE-2004-0175 https://nvd.nist.gov/vuln/detail/CVE-2004-0175 2004-03-04T00:00:00 security flaw

Multiple buffer overflows in Ethereal 0.8.13 to 0.10.2 allow remote attackers to cause a denial of service and possibly execute arbitrary code via the (1) NetFlow, (2) IGAP, (3) EIGRP, (4) PGM, (5) IrDA, (6) BGP, (7) ISUP, or (8) TCAP dissectors.

Red Hat Enterprise Linux 3 2004-03-30T00:00:00 RHSA-2004:136 ethereal-0:0.10.3-0.30E.1 Red Hat Linux 9 2004-03-31T00:00:00 RHSA-2004:137 https://www.cve.org/CVERecord?id=CVE-2004-0176 https://nvd.nist.gov/vuln/detail/CVE-2004-0176 Low 2004-02-28T00:00:00 security flaw

The ext3 code in Linux 2.4.x before 2.4.26 does not properly initialize journal descriptor blocks, which causes an information leak in which in-memory data is written to the device for the ext3 file system, which allows privileged users to obtain portions of kernel memory by reading the raw device.

Red Hat Enterprise Linux 3 2005-04-22T00:00:00 RHSA-2005:293 kernel-0:2.4.21-27.0.4.EL Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2004-12-13T00:00:00 RHSA-2004:504 Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2004-12-13T00:00:00 RHSA-2004:505 Red Hat Enterprise Linux ES version 2.1 2004-12-13T00:00:00 RHSA-2004:505 Red Hat Enterprise Linux WS version 2.1 2004-12-13T00:00:00 RHSA-2004:505 Red Hat Linux 9 2004-04-21T00:00:00 RHSA-2004:166 Red Hat Linux Advanced Workstation 2.1 2004-12-13T00:00:00 RHSA-2004:504 https://www.cve.org/CVERecord?id=CVE-2004-0177 https://nvd.nist.gov/vuln/detail/CVE-2004-0177 2004-03-26T00:00:00 security flaw

The OSS code for the Sound Blaster (sb16) driver in Linux 2.4.x before 2.4.26, when operating in 16 bit mode, does not properly handle certain sample sizes, which allows local users to cause a denial of service (crash) via a sample with an odd number of bytes.

Red Hat Enterprise Linux 3 2004-08-03T00:00:00 RHSA-2004:413 kernel-0:2.4.21-15.0.4.EL Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2004-08-18T00:00:00 RHSA-2004:437 Red Hat Enterprise Linux ES version 2.1 2004-08-18T00:00:00 RHSA-2004:437 Red Hat Enterprise Linux WS version 2.1 2004-08-18T00:00:00 RHSA-2004:437 https://www.cve.org/CVERecord?id=CVE-2004-0178 https://nvd.nist.gov/vuln/detail/CVE-2004-0178 Important 2004-04-14T00:00:00 security flaw

Multiple format string vulnerabilities in (1) neon 0.24.4 and earlier, and other products that use neon including (2) Cadaver, (3) Subversion, and (4) OpenOffice, allow remote malicious WebDAV servers to execute arbitrary code.

Red Hat Enterprise Linux 3 2004-04-14T00:00:00 RHSA-2004:160 openoffice.org-0:1.1.0-15.EL Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2004-04-14T00:00:00 RHSA-2004:157 Red Hat Enterprise Linux ES version 2.1 2004-04-14T00:00:00 RHSA-2004:157 Red Hat Enterprise Linux WS version 2.1 2004-04-14T00:00:00 RHSA-2004:157 Red Hat Linux 9 2004-04-14T00:00:00 RHSA-2004:158 Red Hat Linux 9 2004-04-15T00:00:00 RHSA-2004:159 Red Hat Linux 9 2004-04-30T00:00:00 RHSA-2004:163 Red Hat Linux Advanced Workstation 2.1 2004-04-14T00:00:00 RHSA-2004:157 https://www.cve.org/CVERecord?id=CVE-2004-0179 https://nvd.nist.gov/vuln/detail/CVE-2004-0179 Low 2004-04-14T00:00:00 security flaw

The client for CVS before 1.11 allows a remote malicious CVS server to create arbitrary files using certain RCS diff files that use absolute pathnames during checkouts or updates, a different vulnerability than CVE-2004-0405.

Red Hat Enterprise Linux 3 2004-04-14T00:00:00 RHSA-2004:153 cvs-0:1.11.2-18 Red Hat Linux 9 2004-04-14T00:00:00 RHSA-2004:154 https://www.cve.org/CVERecord?id=CVE-2004-0180 https://nvd.nist.gov/vuln/detail/CVE-2004-0180 Low 2004-02-28T00:00:00 security flaw

The JFS file system code in Linux 2.4.x has an information leak in which in-memory data is written to the device for the JFS file system, which allows local users to obtain sensitive information by reading the raw device.

Red Hat Enterprise Linux 3 2005-09-28T00:00:00 RHSA-2005:663 kernel-0:2.4.21-37.EL Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2004-12-13T00:00:00 RHSA-2004:504 Red Hat Linux Advanced Workstation 2.1 2004-12-13T00:00:00 RHSA-2004:504 https://www.cve.org/CVERecord?id=CVE-2004-0181 https://nvd.nist.gov/vuln/detail/CVE-2004-0181 Important 2004-04-14T00:00:00 security flaw

Mailman before 2.0.13 allows remote attackers to cause a denial of service (crash) via an email message with an empty subject field.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2004-04-14T00:00:00 RHSA-2004:156 Red Hat Enterprise Linux ES version 2.1 2004-04-14T00:00:00 RHSA-2004:156 Red Hat Linux Advanced Workstation 2.1 2004-04-14T00:00:00 RHSA-2004:156 https://www.cve.org/CVERecord?id=CVE-2004-0182 https://nvd.nist.gov/vuln/detail/CVE-2004-0182 Low 2004-03-29T00:00:00 security flaw

TCPDUMP 3.8.1 and earlier allows remote attackers to cause a denial of service (crash) via ISAKMP packets containing a Delete payload with a large number of SPI's, which causes an out-of-bounds read, as demonstrated by the Striker ISAKMP Protocol Test Suite.

Red Hat Enterprise Linux 3 2004-05-26T00:00:00 RHSA-2004:219 tcpdump-14:3.7.2-7.E3.2 https://www.cve.org/CVERecord?id=CVE-2004-0183 https://nvd.nist.gov/vuln/detail/CVE-2004-0183 Low 2004-03-29T00:00:00 security flaw

Integer underflow in the isakmp_id_print for TCPDUMP 3.8.1 and earlier allows remote attackers to cause a denial of service (crash) via an ISAKMP packet with an Identification payload with a length that becomes less than 8 during byte order conversion, which causes an out-of-bounds read, as demonstrated by the Striker ISAKMP Protocol Test Suite.

Red Hat Enterprise Linux 3 2004-05-26T00:00:00 RHSA-2004:219 tcpdump-14:3.7.2-7.E3.2 https://www.cve.org/CVERecord?id=CVE-2004-0184 https://nvd.nist.gov/vuln/detail/CVE-2004-0184 Important 2004-03-08T00:00:00 security flaw

Buffer overflow in the skey_challenge function in ftpd.c for wu-ftp daemon (wu-ftpd) 2.6.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a s/key (SKEY) request with a long name.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2004-03-08T00:00:00 RHSA-2004:096 Red Hat Enterprise Linux ES version 2.1 2004-03-08T00:00:00 RHSA-2004:096 Red Hat Linux Advanced Workstation 2.1 2004-03-08T00:00:00 RHSA-2004:096 https://www.cve.org/CVERecord?id=CVE-2004-0185 https://nvd.nist.gov/vuln/detail/CVE-2004-0185 Low 2004-02-29T00:00:00 security flaw

The "%xx" URL decoding function in Squid 2.5STABLE4 and earlier allows remote attackers to bypass url_regex ACLs via a URL with a NULL ("%00") character, which causes Squid to use only a portion of the requested URL when comparing it against the access control lists.

Red Hat Enterprise Linux 3 2004-04-14T00:00:00 RHSA-2004:133 squid-7:2.5.STABLE3-5.3E Red Hat Linux 9 2004-03-29T00:00:00 RHSA-2004:134 https://www.cve.org/CVERecord?id=CVE-2004-0189 https://nvd.nist.gov/vuln/detail/CVE-2004-0189 Low 2004-02-25T00:00:00 security flaw

Mozilla before 1.4.2 executes Javascript events in the context of a new page while it is being loaded, allowing it to interact with the previous page (zombie document) and enable cross-domain and cross-site scripting (XSS) attacks, as demonstrated using onmousemove events.

Red Hat Linux 9 2004-03-17T00:00:00 RHSA-2004:112 https://www.cve.org/CVERecord?id=CVE-2004-0191 https://nvd.nist.gov/vuln/detail/CVE-2004-0191 Important 2004-04-29T00:00:00 security flaw

Multiple buffer overflows in Midnight Commander (mc) before 4.6.0 may allow attackers to cause a denial of service or execute arbitrary code.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2004-05-19T00:00:00 RHSA-2004:172 Red Hat Enterprise Linux WS version 2.1 2004-05-19T00:00:00 RHSA-2004:172 Red Hat Linux 9 2004-04-30T00:00:00 RHSA-2004:173 Red Hat Linux Advanced Workstation 2.1 2004-05-19T00:00:00 RHSA-2004:172 https://www.cve.org/CVERecord?id=CVE-2004-0226 https://nvd.nist.gov/vuln/detail/CVE-2004-0226

TCP, when using a large Window Size, makes it easier for remote attackers to guess sequence numbers and cause a denial of service (connection loss) to persistent TCP connections by repeatedly injecting a TCP RST packet, especially in protocols that use long-lived connections, such as BGP.

The DHS advisory is a good source of background information about the issue: https://www.cisa.gov/news-events/alerts/2004/04/20/vulnerabilities-tcp It is important to note that the issue described is a known function of TCP. In order to perform a connection reset an attacker would need to know the source and destination ip address and ports as well as being able to guess the sequence number within the window. These requirements seriously reduce the ability to trigger a connection reset on normal TCP connections. The DHS advisory explains that BGP routing is a specific case where being able to trigger a reset is easier than expected as the end points can be easily determined and large window sizes are used. BGP routing is also signficantly affected by having its connections terminated. The major BGP peers have recently switched to requiring md5 signatures which mitigates against this attack. The following article from Linux Weekly News also puts the flaw into context and shows why it does not pose a significant threat: https://lwn.net/Articles/81560/ Red Hat does not have any plans for action regarding this issue. https://www.cve.org/CVERecord?id=CVE-2004-0230 https://nvd.nist.gov/vuln/detail/CVE-2004-0230 Moderate 2004-04-29T00:00:00 security flaw

Multiple vulnerabilities in Midnight Commander (mc) before 4.6.0, with unknown impact, related to "Insecure temporary file and directory creations."

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2004-05-19T00:00:00 RHSA-2004:172 Red Hat Enterprise Linux WS version 2.1 2004-05-19T00:00:00 RHSA-2004:172 Red Hat Linux 9 2004-04-30T00:00:00 RHSA-2004:173 Red Hat Linux Advanced Workstation 2.1 2004-05-19T00:00:00 RHSA-2004:172 https://www.cve.org/CVERecord?id=CVE-2004-0231 https://nvd.nist.gov/vuln/detail/CVE-2004-0231 Important 2004-04-29T00:00:00 security flaw

Multiple format string vulnerabilities in Midnight Commander (mc) before 4.6.0 may allow attackers to cause a denial of service or execute arbitrary code.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2004-05-19T00:00:00 RHSA-2004:172 Red Hat Enterprise Linux WS version 2.1 2004-05-19T00:00:00 RHSA-2004:172 Red Hat Linux 9 2004-04-30T00:00:00 RHSA-2004:173 Red Hat Linux Advanced Workstation 2.1 2004-05-19T00:00:00 RHSA-2004:172 https://www.cve.org/CVERecord?id=CVE-2004-0232 https://nvd.nist.gov/vuln/detail/CVE-2004-0232 2004-04-03T00:00:00 security flaw

Utempter allows device names that contain .. (dot dot) directory traversal sequences, which allows local users to overwrite arbitrary files via a symlink attack on device names in combination with an application that trusts the utmp or wtmp files.

Red Hat Enterprise Linux 3 2004-05-26T00:00:00 RHSA-2004:174 utempter-0:0.5.5-1.3EL.0 Red Hat Linux 9 2004-04-30T00:00:00 RHSA-2004:175 https://www.cve.org/CVERecord?id=CVE-2004-0233 https://nvd.nist.gov/vuln/detail/CVE-2004-0233 Important 2004-05-01T00:00:00 security flaw

Multiple stack-based buffer overflows in the get_header function in header.c for LHA 1.14, as used in products such as Barracuda Spam Firewall, allow remote attackers or local users to execute arbitrary code via long directory or file names in an LHA archive, which triggers the overflow when testing or extracting the archive.

Red Hat would like to thank Ulf Härnhammar for reporting this issue. Red Hat Enterprise Linux 3 2004-05-26T00:00:00 RHSA-2004:178 lha-0:1.14i-10.2 Red Hat Linux 9 2004-04-30T00:00:00 RHSA-2004:179 https://www.cve.org/CVERecord?id=CVE-2004-0234 https://nvd.nist.gov/vuln/detail/CVE-2004-0234 Moderate 2004-05-01T00:00:00 security flaw

Multiple directory traversal vulnerabilities in LHA 1.14 allow remote attackers or local users to create arbitrary files via an LHA archive containing filenames with (1) .. sequences or (2) absolute pathnames with double leading slashes ("//absolute/path").

Red Hat would like to thank Ulf Härnhammar for reporting this issue. Red Hat Enterprise Linux 3 2004-05-26T00:00:00 RHSA-2004:178 lha-0:1.14i-10.2 Red Hat Linux 9 2004-04-30T00:00:00 RHSA-2004:179 https://www.cve.org/CVERecord?id=CVE-2004-0235 https://nvd.nist.gov/vuln/detail/CVE-2004-0235 Low 2004-03-18T00:00:00 security flaw

The dissect_attribute_value_pairs function in packet-radius.c for Ethereal 0.8.13 to 0.10.2 allows remote attackers to cause a denial of service (crash) via a malformed RADIUS packet that triggers a null dereference.

Red Hat Enterprise Linux 3 2004-03-30T00:00:00 RHSA-2004:136 ethereal-0:0.10.3-0.30E.1 Red Hat Linux 9 2004-03-31T00:00:00 RHSA-2004:137 https://www.cve.org/CVERecord?id=CVE-2004-0365 https://nvd.nist.gov/vuln/detail/CVE-2004-0365 Low 2004-03-22T00:00:00 security flaw

Ethereal 0.10.1 to 0.10.2 allows remote attackers to cause a denial of service (crash) via a zero-length Presentation protocol selector.

Red Hat Enterprise Linux 3 2004-03-30T00:00:00 RHSA-2004:136 ethereal-0:0.10.3-0.30E.1 Red Hat Linux 9 2004-03-31T00:00:00 RHSA-2004:137 https://www.cve.org/CVERecord?id=CVE-2004-0367 https://nvd.nist.gov/vuln/detail/CVE-2004-0367 Low 2004-03-24T00:00:00 security flaw

mysqlbug in MySQL allows local users to overwrite arbitrary files via a symlink attack on the failed-mysql-bugreport temporary file.

Red Hat Enterprise Linux 3 2004-10-20T00:00:00 RHSA-2004:569 mysql-0:3.23.58-2.3 Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2004-10-20T00:00:00 RHSA-2004:597 Red Hat Enterprise Linux ES version 2.1 2004-10-20T00:00:00 RHSA-2004:597 Red Hat Enterprise Linux WS version 2.1 2004-10-20T00:00:00 RHSA-2004:597 Red Hat Linux Advanced Workstation 2.1 2004-10-20T00:00:00 RHSA-2004:597 https://www.cve.org/CVERecord?id=CVE-2004-0381 https://nvd.nist.gov/vuln/detail/CVE-2004-0381 Critical 2004-04-06T00:00:00 security flaw

Stack-based buffer overflow in the RT3 plugin, as used in RealPlayer 8, RealOne Player, RealOne Player 10 beta, and RealOne Player Enterprise, allows remote attackers to execute arbitrary code via a malformed .R3T file.

Red Hat Desktop version 3 Extras 2005-03-21T00:00:00 RHSA-2005:299 https://www.cve.org/CVERecord?id=CVE-2004-0387 https://nvd.nist.gov/vuln/detail/CVE-2004-0387 Low 2004-04-14T00:00:00 security flaw

The mysqld_multi script in MySQL allows local users to overwrite arbitrary files via a symlink attack.

Red Hat Enterprise Linux 3 2004-10-20T00:00:00 RHSA-2004:569 mysql-0:3.23.58-2.3 Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2004-10-20T00:00:00 RHSA-2004:597 Red Hat Enterprise Linux ES version 2.1 2004-10-20T00:00:00 RHSA-2004:597 Red Hat Enterprise Linux WS version 2.1 2004-10-20T00:00:00 RHSA-2004:597 Red Hat Linux Advanced Workstation 2.1 2004-10-20T00:00:00 RHSA-2004:597 https://www.cve.org/CVERecord?id=CVE-2004-0388 https://nvd.nist.gov/vuln/detail/CVE-2004-0388 Critical 2004-05-19T00:00:00 security flaw

Heap-based buffer overflow in CVS 1.11.x up to 1.11.15, and 1.12.x up to 1.12.7, when using the pserver mechanism allows remote attackers to execute arbitrary code via Entry lines.

Red Hat would like to thank Derek Price and Stefan Esser for reporting this issue. Red Hat Enterprise Linux 3 2004-05-19T00:00:00 RHSA-2004:190 cvs-0:1.11.2-22 https://www.cve.org/CVERecord?id=CVE-2004-0396 https://nvd.nist.gov/vuln/detail/CVE-2004-0396 Important 2004-05-19T00:00:00 security flaw

Heap-based buffer overflow in the ne_rfc1036_parse date parsing function for the neon library (libneon) 0.24.5 and earlier, as used by cadaver before 0.22, allows remote WebDAV servers to execute arbitrary code on the client.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2004-05-19T00:00:00 RHSA-2004:191 Red Hat Enterprise Linux ES version 2.1 2004-05-19T00:00:00 RHSA-2004:191 Red Hat Enterprise Linux WS version 2.1 2004-05-19T00:00:00 RHSA-2004:191 Red Hat Linux Advanced Workstation 2.1 2004-05-19T00:00:00 RHSA-2004:191 https://www.cve.org/CVERecord?id=CVE-2004-0398 https://nvd.nist.gov/vuln/detail/CVE-2004-0398 2004-03-31T00:00:00 security flaw

Racoon before 20040408a allows remote attackers to cause a denial of service (memory consumption) via an ISAKMP packet with a large length field.

Red Hat Enterprise Linux 3 2004-05-12T00:00:00 RHSA-2004:165 ipsec-tools-0:0.2.5-0.4 https://www.cve.org/CVERecord?id=CVE-2004-0403 https://nvd.nist.gov/vuln/detail/CVE-2004-0403 Moderate 2004-04-14T00:00:00 security flaw

CVS before 1.11 allows CVS clients to read arbitrary files via .. (dot dot) sequences in filenames via CVS client requests, a different vulnerability than CVE-2004-0180.

Red Hat Enterprise Linux 3 2004-04-14T00:00:00 RHSA-2004:153 cvs-0:1.11.2-18 Red Hat Linux 9 2004-04-14T00:00:00 RHSA-2004:154 https://www.cve.org/CVERecord?id=CVE-2004-0405 https://nvd.nist.gov/vuln/detail/CVE-2004-0405 2004-04-05T00:00:00 security flaw

Stack-based buffer overflow in the Socks-5 proxy code for XChat 1.8.0 to 2.0.8, with socks5 traversal enabled, allows remote attackers to execute arbitrary code.

Red Hat Enterprise Linux 3 2004-10-27T00:00:00 RHSA-2004:585 xchat-1:2.0.4-4.EL Red Hat Linux 9 2004-04-30T00:00:00 RHSA-2004:177 https://www.cve.org/CVERecord?id=CVE-2004-0409 https://nvd.nist.gov/vuln/detail/CVE-2004-0409 Important 2004-05-17T00:00:00 security flaw

The URI handlers in Konqueror for KDE 3.2.2 and earlier do not properly filter "-" characters that begin a hostname in a (1) telnet, (2) rlogin, (3) ssh, or (4) mailto URI, which allows remote attackers to manipulate the options that are passed to the associated programs, possibly to read arbitrary files or execute arbitrary code.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2004-05-17T00:00:00 RHSA-2004:222 Red Hat Linux Advanced Workstation 2.1 2004-05-17T00:00:00 RHSA-2004:222 https://www.cve.org/CVERecord?id=CVE-2004-0411 https://nvd.nist.gov/vuln/detail/CVE-2004-0411 Moderate 2021-10-02T00:00:00 mailman: password stealing via a crafted email request 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CWE-639

Mailman before 2.1.5 allows remote attackers to obtain user passwords via a crafted email request to the Mailman server.

Mailman versions 2.1.5 and below allow for user passwords to be obtained via a crafted email which can compromise data confidentiality.

Red Hat Enterprise Linux 6 Not affected mailman Red Hat Enterprise Linux 7 Not affected mailman Red Hat Enterprise Linux 8 Not affected mailman:2.1/mailman https://www.cve.org/CVERecord?id=CVE-2004-0412 https://nvd.nist.gov/vuln/detail/CVE-2004-0412 Critical 2004-06-09T00:00:00 security flaw

CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle malformed "Entry" lines, which prevents a NULL terminator from being used and may lead to a denial of service (crash), modification of critical program data, or arbitrary code execution.

Red Hat would like to thank Derek Price for reporting this issue. Red Hat Enterprise Linux 3 2004-06-09T00:00:00 RHSA-2004:233 cvs-0:1.11.2-24 https://www.cve.org/CVERecord?id=CVE-2004-0414 https://nvd.nist.gov/vuln/detail/CVE-2004-0414 Important 2004-08-03T00:00:00 security flaw

Linux kernel does not properly convert 64-bit file offset pointers to 32 bits, which allows local users to access portions of kernel memory.

Red Hat would like to thank a number of vendor-sec participants and iSEC Security Research for reporting this issue. Red Hat Enterprise Linux 3 2004-08-03T00:00:00 RHSA-2004:413 kernel-0:2.4.21-15.0.4.EL Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2004-08-18T00:00:00 RHSA-2004:327 Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2004-08-03T00:00:00 RHSA-2004:418 Red Hat Enterprise Linux ES version 2.1 2004-08-03T00:00:00 RHSA-2004:418 Red Hat Enterprise Linux WS version 2.1 2004-08-03T00:00:00 RHSA-2004:418 Red Hat Linux Advanced Workstation 2.1 2004-08-18T00:00:00 RHSA-2004:327 https://www.cve.org/CVERecord?id=CVE-2004-0415 https://nvd.nist.gov/vuln/detail/CVE-2004-0415 Important 2004-06-09T00:00:00 security flaw

Double free vulnerability for the error_prog_name string in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, may allow remote attackers to execute arbitrary code.

Red Hat would like to thank Sebastian Krahmer and Stefan Esser for reporting this issue. Red Hat Enterprise Linux 3 2004-06-09T00:00:00 RHSA-2004:233 cvs-0:1.11.2-24 https://www.cve.org/CVERecord?id=CVE-2004-0416 https://nvd.nist.gov/vuln/detail/CVE-2004-0416 Important 2004-06-09T00:00:00 security flaw

Integer overflow in the "Max-dotdot" CVS protocol command (serve_max_dotdot) for CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, may allow remote attackers to cause a server crash, which could cause temporary data to remain undeleted and consume disk space.

Red Hat would like to thank Sebastian Krahmer and Stefan Esser for reporting this issue. Red Hat Enterprise Linux 3 2004-06-09T00:00:00 RHSA-2004:233 cvs-0:1.11.2-24 https://www.cve.org/CVERecord?id=CVE-2004-0417 https://nvd.nist.gov/vuln/detail/CVE-2004-0417 Important 2004-06-09T00:00:00 security flaw

serve_notify in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle empty data lines, which may allow remote attackers to perform an "out-of-bounds" write for a single byte to execute arbitrary code or modify critical program data.

Red Hat would like to thank Sebastian Krahmer and Stefan Esser for reporting this issue. Red Hat Enterprise Linux 3 2004-06-09T00:00:00 RHSA-2004:233 cvs-0:1.11.2-24 https://www.cve.org/CVERecord?id=CVE-2004-0418 https://nvd.nist.gov/vuln/detail/CVE-2004-0418 Moderate 2004-05-19T00:00:00 security flaw

XDM in XFree86 opens a chooserFd TCP socket even when DisplayManager.requestPort is 0, which could allow remote attackers to connect to the port, in violation of the intended restrictions.

Red Hat Enterprise Linux 3 2004-10-04T00:00:00 RHSA-2004:478 XFree86-0:4.3.0-69.EL https://www.cve.org/CVERecord?id=CVE-2004-0419 https://nvd.nist.gov/vuln/detail/CVE-2004-0419 Important 2004-04-29T00:00:00 CAN-2004-0421 libpng can access out of bounds memory

The Portable Network Graphics library (libpng) 1.0.15 and earlier allows attackers to cause a denial of service (crash) via a malformed PNG image file that triggers an error that causes an out-of-bounds read when creating the error message.

Red Hat Enterprise Linux 3 2004-05-19T00:00:00 RHSA-2004:180 libpng-2:1.2.2-21 Red Hat Enterprise Linux 3 2004-05-19T00:00:00 RHSA-2004:180 libpng10-0:1.0.13-12 Red Hat Linux 9 2004-04-30T00:00:00 RHSA-2004:181 https://www.cve.org/CVERecord?id=CVE-2004-0421 https://nvd.nist.gov/vuln/detail/CVE-2004-0421 Low 2004-05-01T00:00:00 security flaw

flim before 1.14.3 creates temporary files insecurely, which allows local users to overwrite arbitrary files of the Emacs user via a symlink attack.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2004-08-18T00:00:00 RHSA-2004:344 Red Hat Enterprise Linux ES version 2.1 2004-08-18T00:00:00 RHSA-2004:344 Red Hat Enterprise Linux WS version 2.1 2004-08-18T00:00:00 RHSA-2004:344 Red Hat Linux Advanced Workstation 2.1 2004-08-18T00:00:00 RHSA-2004:344 https://www.cve.org/CVERecord?id=CVE-2004-0422 https://nvd.nist.gov/vuln/detail/CVE-2004-0422 Important 2004-04-20T00:00:00 security flaw

Integer overflow in the ip_setsockopt function in Linux kernel 2.4.22 through 2.4.25 and 2.6.1 through 2.6.3 allows local users to cause a denial of service (crash) or execute arbitrary code via the MCAST_MSFILTER socket option.

Red Hat Enterprise Linux 3 2004-04-22T00:00:00 RHSA-2004:183 kernel-0:2.4.21-9.0.3.EL https://www.cve.org/CVERecord?id=CVE-2004-0424 https://nvd.nist.gov/vuln/detail/CVE-2004-0424 Important 2004-04-26T00:00:00 security flaw

rsync before 2.6.1 does not properly sanitize paths when running a read/write daemon without using chroot, which allows remote attackers to write files outside of the module's path.

Red Hat Enterprise Linux 3 2004-05-19T00:00:00 RHSA-2004:192 rsync-0:2.5.7-4.3E https://www.cve.org/CVERecord?id=CVE-2004-0426 https://nvd.nist.gov/vuln/detail/CVE-2004-0426 Moderate 2004-04-08T00:00:00 security flaw

The do_fork function in Linux 2.4.x before 2.4.26, and 2.6.x before 2.6.6, does not properly decrement the mm_count counter when an error occurs after the mm_struct for a child process has been activated, which triggers a memory leak that allows local users to cause a denial of service (memory exhaustion) via the clone (CLONE_VM) system call.

Red Hat Enterprise Linux 3 2004-06-18T00:00:00 RHSA-2004:255 kernel-0:2.4.21-15.0.2.EL Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2004-08-18T00:00:00 RHSA-2004:327 Red Hat Linux Advanced Workstation 2.1 2004-08-18T00:00:00 RHSA-2004:327 https://www.cve.org/CVERecord?id=CVE-2004-0427 https://nvd.nist.gov/vuln/detail/CVE-2004-0427 Moderate 2004-06-19T00:00:00 security flaw

Unknown vulnerability in Linux before 2.4.26 for IA64 allows local users to cause a denial of service, with unknown impact. NOTE: due to a typo, this issue was accidentally assigned CVE-2004-0477. This is the proper candidate to use for the Linux local DoS.

Red Hat Enterprise Linux 3 2004-08-03T00:00:00 RHSA-2004:413 kernel-0:2.4.21-15.0.4.EL https://www.cve.org/CVERecord?id=CVE-2004-0447 https://nvd.nist.gov/vuln/detail/CVE-2004-0447 Low 2004-12-23T00:00:00 security flaw

Race condition in the rmtree function in the File::Path module in Perl 5.6.1 and 5.8.4 sets read/write permissions for the world, which allows local users to delete arbitrary files and directories, and possibly read files and directories, via a symlink attack.

Red Hat Enterprise Linux 3 2005-02-07T00:00:00 RHSA-2005:105 perl-2:5.8.0-89.10 Red Hat Enterprise Linux 4 2005-02-15T00:00:00 RHSA-2005:103 perl-3:5.8.5-12.1 https://www.cve.org/CVERecord?id=CVE-2004-0452 https://nvd.nist.gov/vuln/detail/CVE-2004-0452 2004-08-18T00:00:00 security flaw

The mysqlhotcopy script in mysql 4.0.20 and earlier, when using the scp method from the mysql-server package, allows local users to overwrite arbitrary files via a symlink attack on temporary files.

Red Hat Enterprise Linux 3 2004-10-20T00:00:00 RHSA-2004:569 mysql-0:3.23.58-2.3 Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2004-10-20T00:00:00 RHSA-2004:597 Red Hat Enterprise Linux ES version 2.1 2004-10-20T00:00:00 RHSA-2004:597 Red Hat Enterprise Linux WS version 2.1 2004-10-20T00:00:00 RHSA-2004:597 Red Hat Linux Advanced Workstation 2.1 2004-10-20T00:00:00 RHSA-2004:597 https://www.cve.org/CVERecord?id=CVE-2004-0457 https://nvd.nist.gov/vuln/detail/CVE-2004-0457 Moderate 2004-05-17T00:00:00 mod_ssl ssl_util_uuencode_binary CA issue

Stack-based buffer overflow in the ssl_util_uuencode_binary function in ssl_util.c for Apache mod_ssl, when mod_ssl is configured to trust the issuing CA, may allow remote attackers to execute arbitrary code via a client certificate with a long subject DN.

Red Hat Enterprise Linux 3 2004-07-06T00:00:00 RHSA-2004:342 httpd-0:2.0.46-32.ent.3 Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2004-06-14T00:00:00 RHSA-2004:245 Red Hat Enterprise Linux ES version 2.1 2004-06-14T00:00:00 RHSA-2004:245 Red Hat Enterprise Linux WS version 2.1 2004-06-14T00:00:00 RHSA-2004:245 Red Hat Linux Advanced Workstation 2.1 2004-06-14T00:00:00 RHSA-2004:245 Red Hat Network Proxy v 4.2 (RHEL 3) 2008-06-30T00:00:00 RHSA-2008:0523 jabberd-0:2.0s10-3.37.rhn Red Hat Network Proxy v 4.2 (RHEL 3) 2008-06-30T00:00:00 RHSA-2008:0523 rhn-apache-0:1.3.27-36.rhn.rhel3 Red Hat Network Proxy v 4.2 (RHEL 3) 2008-06-30T00:00:00 RHSA-2008:0523 rhn-modperl-0:1.29-16.rhel3 Red Hat Network Proxy v 4.2 (RHEL 4) 2008-06-30T00:00:00 RHSA-2008:0523 jabberd-0:2.0s10-3.38.rhn Red Hat Network Proxy v 4.2 (RHEL 4) 2008-06-30T00:00:00 RHSA-2008:0523 rhn-apache-0:1.3.27-36.rhn.rhel4 Red Hat Network Proxy v 4.2 (RHEL 4) 2008-06-30T00:00:00 RHSA-2008:0523 rhn-modperl-0:1.29-16.rhel4 Red Hat Stronghold 4 2004-07-23T00:00:00 RHSA-2004:405 Stronghold 4.0 for Red Hat Enterprise Linux AS (version 2.1) 2005-11-02T00:00:00 RHSA-2005:816 https://www.cve.org/CVERecord?id=CVE-2004-0488 https://nvd.nist.gov/vuln/detail/CVE-2004-0488 Moderate 2004-06-21T00:00:00 security flaw

The linux-2.4.21-mlock.patch in Red Hat Enterprise Linux 3 does not properly maintain the mlock page count when one process unlocks pages that belong to another process, which allows local users to mlock more memory than specified by the rlimit.

Red Hat Enterprise Linux 3 2005-05-25T00:00:00 RHSA-2005:472 kernel-0:2.4.21-32.0.1.EL https://www.cve.org/CVERecord?id=CVE-2004-0491 https://nvd.nist.gov/vuln/detail/CVE-2004-0491 Low 2004-06-10T00:00:00 httpd mod_proxy buffer overflow

Heap-based buffer overflow in proxy_util.c for mod_proxy in Apache 1.3.25 to 1.3.31 allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via a negative Content-Length HTTP header field, which causes a large amount of data to be copied.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2004-06-14T00:00:00 RHSA-2004:245 Red Hat Enterprise Linux ES version 2.1 2004-06-14T00:00:00 RHSA-2004:245 Red Hat Enterprise Linux WS version 2.1 2004-06-14T00:00:00 RHSA-2004:245 Red Hat Linux Advanced Workstation 2.1 2004-06-14T00:00:00 RHSA-2004:245 https://www.cve.org/CVERecord?id=CVE-2004-0492 https://nvd.nist.gov/vuln/detail/CVE-2004-0492 Important 2004-06-28T00:00:00 security flaw

The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows remote attackers to cause a denial of service (memory exhaustion), and possibly an integer signedness error leading to a heap-based buffer overflow on 64 bit systems, via long header lines with large numbers of space or tab characters.

Red Hat Enterprise Linux 3 2004-07-06T00:00:00 RHSA-2004:342 httpd-0:2.0.46-32.ent.3 https://www.cve.org/CVERecord?id=CVE-2004-0493 https://nvd.nist.gov/vuln/detail/CVE-2004-0493 Low 2004-08-04T00:00:00 security flaw

Multiple extfs backend scripts for GNOME virtual file system (VFS) before 1.0.1 may allow remote attackers to perform certain unauthorized actions via a gnome-vfs URI.

Red Hat Enterprise Linux 3 2004-08-04T00:00:00 RHSA-2004:373 gnome-vfs2-0:2.2.5-2E.1 Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2004-09-15T00:00:00 RHSA-2004:464 Red Hat Enterprise Linux WS version 2.1 2004-09-15T00:00:00 RHSA-2004:464 Red Hat Linux Advanced Workstation 2.1 2004-09-15T00:00:00 RHSA-2004:464 https://www.cve.org/CVERecord?id=CVE-2004-0494 https://nvd.nist.gov/vuln/detail/CVE-2004-0494 2004-06-17T00:00:00 security flaw

Multiple unknown vulnerabilities in Linux kernel 2.4 and 2.6 allow local users to gain privileges or access kernel memory, as found by the Sparse source code checking tool.

Red Hat Enterprise Linux 3 2004-06-18T00:00:00 RHSA-2004:255 kernel-0:2.4.21-15.0.2.EL Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2004-06-18T00:00:00 RHSA-2004:260 Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2004-08-18T00:00:00 RHSA-2004:327 Red Hat Enterprise Linux ES version 2.1 2004-06-18T00:00:00 RHSA-2004:260 Red Hat Enterprise Linux WS version 2.1 2004-06-18T00:00:00 RHSA-2004:260 Red Hat Linux Advanced Workstation 2.1 2004-08-18T00:00:00 RHSA-2004:327 https://www.cve.org/CVERecord?id=CVE-2004-0495 https://nvd.nist.gov/vuln/detail/CVE-2004-0495 Moderate 2004-06-30T00:00:00 security flaw

Unknown vulnerability in Linux kernel 2.x may allow local users to modify the group ID of files, such as NFS exported files in kernel 2.4.

Red Hat Enterprise Linux 3 2004-07-02T00:00:00 RHSA-2004:360 kernel-0:2.4.21-15.0.3.EL Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2004-08-18T00:00:00 RHSA-2004:327 Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2004-07-02T00:00:00 RHSA-2004:354 Red Hat Enterprise Linux ES version 2.1 2004-07-02T00:00:00 RHSA-2004:354 Red Hat Enterprise Linux WS version 2.1 2004-07-02T00:00:00 RHSA-2004:354 Red Hat Linux Advanced Workstation 2.1 2004-08-18T00:00:00 RHSA-2004:327 https://www.cve.org/CVERecord?id=CVE-2004-0497 https://nvd.nist.gov/vuln/detail/CVE-2004-0497 2004-08-05T00:00:00 security flaw

Buffer overflow in the MSN protocol plugins (1) object.c and (2) slp.c for Gaim before 0.82 allows remote attackers to cause a denial of service and possibly execute arbitrary code via MSNSLP protocol messages that are not properly handled in a strncpy call.

https://www.cve.org/CVERecord?id=CVE-2004-0500 https://nvd.nist.gov/vuln/detail/CVE-2004-0500 2004-05-03T00:00:00 security flaw

Ethereal 0.10.3 allows remote attackers to cause a denial of service (crash) via certain SIP messages between Hotsip servers and clients.

Red Hat Enterprise Linux 3 2004-06-09T00:00:00 RHSA-2004:234 ethereal-0:0.10.3-0.30E.2 https://www.cve.org/CVERecord?id=CVE-2004-0504 https://nvd.nist.gov/vuln/detail/CVE-2004-0504 Low 2004-05-13T00:00:00 security flaw

The AIM dissector in Ethereal 0.10.3 allows remote attackers to cause a denial of service (assert error) via unknown attack vectors.

Red Hat Enterprise Linux 3 2004-06-09T00:00:00 RHSA-2004:234 ethereal-0:0.10.3-0.30E.2 https://www.cve.org/CVERecord?id=CVE-2004-0505 https://nvd.nist.gov/vuln/detail/CVE-2004-0505 Low 2004-05-13T00:00:00 security flaw

The SPNEGO dissector in Ethereal 0.9.8 to 0.10.3 allows remote attackers to cause a denial of service (crash) via unknown attack vectors that cause a null pointer dereference.

Red Hat Enterprise Linux 3 2004-06-09T00:00:00 RHSA-2004:234 ethereal-0:0.10.3-0.30E.2 https://www.cve.org/CVERecord?id=CVE-2004-0506 https://nvd.nist.gov/vuln/detail/CVE-2004-0506 Moderate 2004-05-13T00:00:00 security flaw

Buffer overflow in the MMSE dissector for Ethereal 0.10.1 to 0.10.3 allows remote attackers to cause a denial of service and possibly execute arbitrary code.

Red Hat Enterprise Linux 3 2004-06-09T00:00:00 RHSA-2004:234 ethereal-0:0.10.3-0.30E.2 https://www.cve.org/CVERecord?id=CVE-2004-0507 https://nvd.nist.gov/vuln/detail/CVE-2004-0507 Moderate 2004-04-29T00:00:00 security flaw

Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.2 allow remote attackers to execute arbitrary script as other users and possibly steal authentication information via multiple attack vectors, including the mailbox parameter in compose.php.

Red Hat Enterprise Linux 3 2004-06-14T00:00:00 RHSA-2004:240 squirrelmail-0:1.4.3-0.e3.1 https://www.cve.org/CVERecord?id=CVE-2004-0519 https://nvd.nist.gov/vuln/detail/CVE-2004-0519 2004-05-23T00:00:00 security flaw

Cross-site scripting (XSS) vulnerability in mime.php for SquirrelMail before 1.4.3 allows remote attackers to insert arbitrary HTML and script via the content-type mail header, as demonstrated using read_body.php.

Red Hat Enterprise Linux 3 2004-06-14T00:00:00 RHSA-2004:240 squirrelmail-0:1.4.3-0.e3.1 https://www.cve.org/CVERecord?id=CVE-2004-0520 https://nvd.nist.gov/vuln/detail/CVE-2004-0520 Important 2004-04-27T00:00:00 security flaw

SQL injection vulnerability in SquirrelMail before 1.4.3 RC1 allows remote attackers to execute unauthorized SQL statements, with unknown impact, probably via abook_database.php.

Red Hat Enterprise Linux 3 2004-06-14T00:00:00 RHSA-2004:240 squirrelmail-0:1.4.3-0.e3.1 https://www.cve.org/CVERecord?id=CVE-2004-0521 https://nvd.nist.gov/vuln/detail/CVE-2004-0521 Moderate 2004-06-01T00:00:00 security flaw

Multiple buffer overflows in krb5_aname_to_localname for MIT Kerberos 5 (krb5) 1.3.3 and earlier allow remote attackers to execute arbitrary code as root.

Red Hat Enterprise Linux 3 2004-06-09T00:00:00 RHSA-2004:236 krb5-0:1.2.7-24 https://www.cve.org/CVERecord?id=CVE-2004-0523 https://nvd.nist.gov/vuln/detail/CVE-2004-0523 Low 2004-05-14T00:00:00 security flaw

The e1000 driver for Linux kernel 2.4.26 and earlier does not properly initialize memory before using it, which allows local users to read portions of kernel memory. NOTE: this issue was originally incorrectly reported as a "buffer overflow" by some sources.

Red Hat Enterprise Linux 3 2004-08-03T00:00:00 RHSA-2004:413 kernel-0:2.4.21-15.0.4.EL Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2004-08-18T00:00:00 RHSA-2004:327 Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2004-08-03T00:00:00 RHSA-2004:418 Red Hat Enterprise Linux ES version 2.1 2004-08-03T00:00:00 RHSA-2004:418 Red Hat Enterprise Linux WS version 2.1 2004-08-03T00:00:00 RHSA-2004:418 Red Hat Linux Advanced Workstation 2.1 2004-08-18T00:00:00 RHSA-2004:327 https://www.cve.org/CVERecord?id=CVE-2004-0535 https://nvd.nist.gov/vuln/detail/CVE-2004-0535 Important 2004-06-02T00:00:00 security flaw

Format string vulnerability in Tripwire commercial 4.0.1 and earlier, including 2.4, and open source 2.3.1 and earlier, allows local users to gain privileges via format string specifiers in a file name, which is used in the generation of an email report.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2004-06-14T00:00:00 RHSA-2004:244 Red Hat Enterprise Linux ES version 2.1 2004-06-14T00:00:00 RHSA-2004:244 Red Hat Enterprise Linux WS version 2.1 2004-06-14T00:00:00 RHSA-2004:244 https://www.cve.org/CVERecord?id=CVE-2004-0536 https://nvd.nist.gov/vuln/detail/CVE-2004-0536 Moderate 2004-06-08T00:00:00 security flaw

Buffer overflow in the ntlm_check_auth (NTLM authentication) function for Squid Web Proxy Cache 2.5.x and 3.x, when compiled with NTLM handlers enabled, allows remote attackers to execute arbitrary code via a long password ("pass" variable).

Red Hat Enterprise Linux 3 2004-06-09T00:00:00 RHSA-2004:242 squid-7:2.5.STABLE3-6.3E https://www.cve.org/CVERecord?id=CVE-2004-0541 https://nvd.nist.gov/vuln/detail/CVE-2004-0541 Critical 2004-06-10T00:00:00 security flaw

Buffer overflow in Real Networks RealPlayer 10 allows remote attackers to execute arbitrary code via a URL with a large number of "." (period) characters.

Red Hat Desktop version 3 Extras 2005-03-21T00:00:00 RHSA-2005:299 https://www.cve.org/CVERecord?id=CVE-2004-0550 https://nvd.nist.gov/vuln/detail/CVE-2004-0550 Important 2004-06-09T00:00:00 security flaw

Linux kernel 2.4.x and 2.6.x for x86 allows local users to cause a denial of service (system crash), possibly via an infinite loop that triggers a signal handler with a certain sequence of fsave and frstor instructions, as originally demonstrated using a "crash.c" program.

Red Hat Enterprise Linux 3 2004-06-18T00:00:00 RHSA-2004:255 kernel-0:2.4.21-15.0.2.EL Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2004-06-18T00:00:00 RHSA-2004:260 Red Hat Enterprise Linux ES version 2.1 2004-06-18T00:00:00 RHSA-2004:260 Red Hat Enterprise Linux WS version 2.1 2004-06-18T00:00:00 RHSA-2004:260 https://www.cve.org/CVERecord?id=CVE-2004-0554 https://nvd.nist.gov/vuln/detail/CVE-2004-0554 Important 2004-07-28T00:00:00 security flaw

Multiple buffer overflows in the st_wavstartread function in wav.c for Sound eXchange (SoX) 12.17.2 through 12.17.4 allow remote attackers to execute arbitrary code via certain WAV file header fields.

Red Hat Enterprise Linux 3 2004-07-29T00:00:00 RHSA-2004:409 sox-0:12.17.4-4.3 https://www.cve.org/CVERecord?id=CVE-2004-0557 https://nvd.nist.gov/vuln/detail/CVE-2004-0557 2004-08-21T00:00:00 security flaw

The Internet Printing Protocol (IPP) implementation in CUPS before 1.1.21 allows remote attackers to cause a denial of service (service hang) via a certain UDP packet to the IPP port.

Red Hat Enterprise Linux 3 2004-09-15T00:00:00 RHSA-2004:449 cups-1:1.1.17-13.3.13 https://www.cve.org/CVERecord?id=CVE-2004-0558 https://nvd.nist.gov/vuln/detail/CVE-2004-0558 2004-05-28T00:00:00 security flaw

Floating point information leak in the context switch code for Linux 2.4.x only checks the MFH bit but does not verify the FPH owner, which allows local users to read register values of other processes by setting the MFH bit.

Red Hat Enterprise Linux 3 2004-12-23T00:00:00 RHSA-2004:689 kernel-0:2.4.21-27.0.1.EL Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2004-12-13T00:00:00 RHSA-2004:504 Red Hat Linux Advanced Workstation 2.1 2004-12-13T00:00:00 RHSA-2004:504 https://www.cve.org/CVERecord?id=CVE-2004-0565 https://nvd.nist.gov/vuln/detail/CVE-2004-0565 Low 2004-05-04T00:00:00 security flaw

Insecure permissions for the /proc/scsi/qla2300/HbaApiNode file in Linux allows local users to cause a denial of service.

Red Hat Enterprise Linux 3 2004-08-03T00:00:00 RHSA-2004:413 kernel-0:2.4.21-15.0.4.EL Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2004-08-18T00:00:00 RHSA-2004:327 Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2004-08-03T00:00:00 RHSA-2004:418 Red Hat Enterprise Linux ES version 2.1 2004-08-03T00:00:00 RHSA-2004:418 Red Hat Enterprise Linux WS version 2.1 2004-08-03T00:00:00 RHSA-2004:418 Red Hat Linux Advanced Workstation 2.1 2004-08-18T00:00:00 RHSA-2004:327 https://www.cve.org/CVERecord?id=CVE-2004-0587 https://nvd.nist.gov/vuln/detail/CVE-2004-0587 Important 2004-07-13T00:00:00 security flaw

The memory_limit functionality in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, under certain conditions such as when register_globals is enabled, allows remote attackers to execute arbitrary code by triggering a memory_limit abort during execution of the zend_hash_init function and overwriting a HashTable destructor pointer before the initialization of key data structures is complete.

Red Hat Enterprise Linux 3 2004-07-19T00:00:00 RHSA-2004:392 php-0:4.3.2-11.1.ent Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2004-07-19T00:00:00 RHSA-2004:395 Red Hat Enterprise Linux ES version 2.1 2004-07-19T00:00:00 RHSA-2004:395 Red Hat Enterprise Linux WS version 2.1 2004-07-19T00:00:00 RHSA-2004:395 Red Hat Linux Advanced Workstation 2.1 2004-07-19T00:00:00 RHSA-2004:395 Red Hat Stronghold 4 2004-07-23T00:00:00 RHSA-2004:405 Stronghold 4.0 for Red Hat Enterprise Linux AS (version 2.1) 2005-11-02T00:00:00 RHSA-2005:816 https://www.cve.org/CVERecord?id=CVE-2004-0594 https://nvd.nist.gov/vuln/detail/CVE-2004-0594 Moderate 2004-07-14T00:00:00 security flaw

The strip_tags function in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, does not filter null (\0) characters within tag names when restricting input to allowed tags, which allows dangerous tags to be processed by web browsers such as Internet Explorer and Safari, which ignore null characters and facilitate the exploitation of cross-site scripting (XSS) vulnerabilities.

Red Hat Enterprise Linux 3 2004-07-19T00:00:00 RHSA-2004:392 php-0:4.3.2-11.1.ent Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2004-07-19T00:00:00 RHSA-2004:395 Red Hat Enterprise Linux ES version 2.1 2004-07-19T00:00:00 RHSA-2004:395 Red Hat Enterprise Linux WS version 2.1 2004-07-19T00:00:00 RHSA-2004:395 Red Hat Linux Advanced Workstation 2.1 2004-07-19T00:00:00 RHSA-2004:395 Red Hat Stronghold 4 2004-07-23T00:00:00 RHSA-2004:405 Stronghold 4.0 for Red Hat Enterprise Linux AS (version 2.1) 2005-11-02T00:00:00 RHSA-2005:816 https://www.cve.org/CVERecord?id=CVE-2004-0595 https://nvd.nist.gov/vuln/detail/CVE-2004-0595 Critical 2004-08-04T00:00:00 security flaw

Multiple buffer overflows in libpng 1.2.5 and earlier, as used in multiple products, allow remote attackers to execute arbitrary code via malformed PNG images in which (1) the png_handle_tRNS function does not properly validate the length of transparency chunk (tRNS) data, or the (2) png_handle_sBIT or (3) png_handle_hIST functions do not perform sufficient bounds checking.

Red Hat would like to thank Chris Evans for reporting this issue. Red Hat Enterprise Linux 3 2004-08-04T00:00:00 RHSA-2004:402 libpng-2:1.2.2-25 Red Hat Enterprise Linux 3 2004-08-04T00:00:00 RHSA-2004:402 libpng10-0:1.0.13-15 Red Hat Enterprise Linux ES version 2.1 2004-08-18T00:00:00 RHSA-2004:429 Red Hat Enterprise Linux WS version 2.1 2004-08-18T00:00:00 RHSA-2004:429 https://www.cve.org/CVERecord?id=CVE-2004-0597 https://nvd.nist.gov/vuln/detail/CVE-2004-0597 Important 2004-08-04T00:00:00 security flaw

The png_handle_iCCP function in libpng 1.2.5 and earlier allows remote attackers to cause a denial of service (application crash) via a certain PNG image that triggers a null dereference.

Red Hat would like to thank Chris Evans for reporting this issue. Red Hat Enterprise Linux 3 2004-08-04T00:00:00 RHSA-2004:402 libpng-2:1.2.2-25 Red Hat Enterprise Linux 3 2004-08-04T00:00:00 RHSA-2004:402 libpng10-0:1.0.13-15 Red Hat Enterprise Linux ES version 2.1 2004-08-18T00:00:00 RHSA-2004:429 Red Hat Enterprise Linux WS version 2.1 2004-08-18T00:00:00 RHSA-2004:429 https://www.cve.org/CVERecord?id=CVE-2004-0598 https://nvd.nist.gov/vuln/detail/CVE-2004-0598 Important 2004-08-04T00:00:00 security flaw

Multiple integer overflows in the (1) png_read_png in pngread.c or (2) png_handle_sPLT functions in pngrutil.c or (3) progressive display image reading capability in libpng 1.2.5 and earlier allow remote attackers to cause a denial of service (application crash) via a malformed PNG image.

Red Hat would like to thank Chris Evans for reporting this issue. Red Hat Enterprise Linux 3 2004-08-04T00:00:00 RHSA-2004:402 libpng-2:1.2.2-25 Red Hat Enterprise Linux 3 2004-08-04T00:00:00 RHSA-2004:402 libpng10-0:1.0.13-15 Red Hat Enterprise Linux ES version 2.1 2004-08-18T00:00:00 RHSA-2004:429 Red Hat Enterprise Linux WS version 2.1 2004-08-18T00:00:00 RHSA-2004:429 https://www.cve.org/CVERecord?id=CVE-2004-0599 https://nvd.nist.gov/vuln/detail/CVE-2004-0599 Important 2004-07-22T00:00:00 security flaw

Buffer overflow in the Samba Web Administration Tool (SWAT) in Samba 3.0.2 to 3.0.4 allows remote attackers to execute arbitrary code via an invalid base-64 character during HTTP basic authentication.

Red Hat Enterprise Linux 3 2004-07-22T00:00:00 RHSA-2004:259 samba-0:3.0.4-6.3E https://www.cve.org/CVERecord?id=CVE-2004-0600 https://nvd.nist.gov/vuln/detail/CVE-2004-0600

gzexe in gzip 1.3.3 and earlier will execute an argument when the creation of a temp file fails instead of exiting the program, which could allow remote attackers or local users to execute arbitrary commands, a different vulnerability than CVE-1999-1332.

Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. https://www.cve.org/CVERecord?id=CVE-2004-0603 https://nvd.nist.gov/vuln/detail/CVE-2004-0603 Important 2004-06-15T00:00:00 security flaw

The eay_check_x509cert function in KAME Racoon successfully verifies certificates even when OpenSSL validation fails, which could allow remote attackers to bypass authentication.

Red Hat Enterprise Linux 3 2004-07-29T00:00:00 RHSA-2004:308 ipsec-tools-0:0.2.5-0.5 https://www.cve.org/CVERecord?id=CVE-2004-0607 https://nvd.nist.gov/vuln/detail/CVE-2004-0607 Moderate 2004-06-23T00:00:00 security flaw

Integer overflow in the ubsec_keysetup function for Linux Broadcom 5820 cryptonet driver allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a negative add_dsa_buf_bytes variable, which leads to a buffer overflow.

Red Hat Enterprise Linux 3 2004-12-02T00:00:00 RHSA-2004:549 kernel-0:2.4.21-20.0.1.EL Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2005-04-28T00:00:00 RHSA-2005:283 Red Hat Enterprise Linux ES version 2.1 2005-04-28T00:00:00 RHSA-2005:283 Red Hat Enterprise Linux WS version 2.1 2005-04-28T00:00:00 RHSA-2005:283 https://www.cve.org/CVERecord?id=CVE-2004-0619 https://nvd.nist.gov/vuln/detail/CVE-2004-0619 Important 2004-07-05T00:00:00 MySQL: check_scramble_323 authentication bypass and buffer overflow

The check_scramble_323 function in MySQL 4.1.x before 4.1.3, and 5.0, allows remote attackers to bypass authentication via a zero-length scrambled string.

Not vulnerable. This issue did not affect the versions of MySQL as shipped with Red Hat Enterprise Linux 4, 5, or 6. Red Hat Enterprise Linux 4 Not affected mysql Red Hat Enterprise Linux 5 Not affected mysql Red Hat Enterprise Linux 6 Not affected mysql https://www.cve.org/CVERecord?id=CVE-2004-0627 https://nvd.nist.gov/vuln/detail/CVE-2004-0627 Important 2004-07-05T00:00:00 MySQL: check_scramble_323 authentication bypass and buffer overflow

Stack-based buffer overflow in MySQL 4.1.x before 4.1.3, and 5.0, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long scramble string.

Not vulnerable. This issue did not affect the versions of MySQL as shipped with Red Hat Enterprise Linux 4, 5, or 6. Red Hat Enterprise Linux 4 Not affected mysql Red Hat Enterprise Linux 5 Not affected mysql Red Hat Enterprise Linux 6 Not affected mysql https://www.cve.org/CVERecord?id=CVE-2004-0628 https://nvd.nist.gov/vuln/detail/CVE-2004-0628 Important 2004-08-12T00:00:00 security flaw

The uudecoding feature in Adobe Acrobat Reader 5.0.5 and 5.0.6 for Unix and Linux, and possibly other versions including those before 5.0.9, allows remote attackers to execute arbitrary code via shell metacharacters ("`" or backtick) in the filename of the PDF file that is provided to the uudecode command.

Red Hat Desktop version 3 Extras 2004-08-26T00:00:00 RHSA-2004:432 https://www.cve.org/CVERecord?id=CVE-2004-0630 https://nvd.nist.gov/vuln/detail/CVE-2004-0630 Important 2004-08-12T00:00:00 security flaw

Buffer overflow in the uudecoding feature for Adobe Acrobat Reader 5.0.5 and 5.0.6 for Unix and Linux, and possibly other versions including those before 5.0.9, allows remote attackers to execute arbitrary code via a long filename for the PDF file that is provided to the uudecode command.

Red Hat Desktop version 3 Extras 2004-08-26T00:00:00 RHSA-2004:432 https://www.cve.org/CVERecord?id=CVE-2004-0631 https://nvd.nist.gov/vuln/detail/CVE-2004-0631 Moderate 2004-07-06T00:00:00 security flaw

The iSNS dissector for Ethereal 0.10.3 through 0.10.4 allows remote attackers to cause a denial of service (process abort) via an integer overflow.

Red Hat Enterprise Linux 3 2004-08-05T00:00:00 RHSA-2004:378 ethereal-0:0.10.5-0.30E.2 https://www.cve.org/CVERecord?id=CVE-2004-0633 https://nvd.nist.gov/vuln/detail/CVE-2004-0633 Low 2004-07-06T00:00:00 security flaw

The SMB SID snooping capability in Ethereal 0.9.15 to 0.10.4 allows remote attackers to cause a denial of service (process crash) via a handle without a policy name, which causes a null dereference.

Red Hat Enterprise Linux 3 2004-08-05T00:00:00 RHSA-2004:378 ethereal-0:0.10.5-0.30E.2 https://www.cve.org/CVERecord?id=CVE-2004-0634 https://nvd.nist.gov/vuln/detail/CVE-2004-0634 Moderate 2004-07-06T00:00:00 security flaw

The SNMP dissector in Ethereal 0.8.15 through 0.10.4 allows remote attackers to cause a denial of service (process crash) via a (1) malformed or (2) missing community string, which causes an out-of-bounds read.

Red Hat Enterprise Linux 3 2004-08-05T00:00:00 RHSA-2004:378 ethereal-0:0.10.5-0.30E.2 https://www.cve.org/CVERecord?id=CVE-2004-0635 https://nvd.nist.gov/vuln/detail/CVE-2004-0635 Critical 2004-08-31T00:00:00 security flaw

Double free vulnerabilities in the error handling code for ASN.1 decoders in the (1) Key Distribution Center (KDC) library and (2) client library for MIT Kerberos 5 (krb5) 1.3.4 and earlier may allow remote attackers to execute arbitrary code.

Red Hat Enterprise Linux 3 2004-08-31T00:00:00 RHSA-2004:350 krb5-0:1.2.7-28 Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2004-08-31T00:00:00 RHSA-2004:448 Red Hat Enterprise Linux ES version 2.1 2004-08-31T00:00:00 RHSA-2004:448 Red Hat Enterprise Linux WS version 2.1 2004-08-31T00:00:00 RHSA-2004:448 Red Hat Linux Advanced Workstation 2.1 2004-08-31T00:00:00 RHSA-2004:448 https://www.cve.org/CVERecord?id=CVE-2004-0642 https://nvd.nist.gov/vuln/detail/CVE-2004-0642 Critical 2004-08-31T00:00:00 security flaw

Double free vulnerability in the krb5_rd_cred function for MIT Kerberos 5 (krb5) 1.3.1 and earlier may allow local users to execute arbitrary code.

Red Hat Enterprise Linux 3 2004-08-31T00:00:00 RHSA-2004:350 krb5-0:1.2.7-28 Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2004-08-31T00:00:00 RHSA-2004:448 Red Hat Enterprise Linux ES version 2.1 2004-08-31T00:00:00 RHSA-2004:448 Red Hat Enterprise Linux WS version 2.1 2004-08-31T00:00:00 RHSA-2004:448 Red Hat Linux Advanced Workstation 2.1 2004-08-31T00:00:00 RHSA-2004:448 https://www.cve.org/CVERecord?id=CVE-2004-0643 https://nvd.nist.gov/vuln/detail/CVE-2004-0643 Important 2004-08-31T00:00:00 security flaw

The asn1buf_skiptail function in the ASN.1 decoder library for MIT Kerberos 5 (krb5) 1.2.2 through 1.3.4 allows remote attackers to cause a denial of service (infinite loop) via a certain BER encoding.

Red Hat Enterprise Linux 3 2004-08-31T00:00:00 RHSA-2004:350 krb5-0:1.2.7-28 Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2004-08-31T00:00:00 RHSA-2004:448 Red Hat Enterprise Linux ES version 2.1 2004-08-31T00:00:00 RHSA-2004:448 Red Hat Enterprise Linux WS version 2.1 2004-08-31T00:00:00 RHSA-2004:448 Red Hat Linux Advanced Workstation 2.1 2004-08-31T00:00:00 RHSA-2004:448 https://www.cve.org/CVERecord?id=CVE-2004-0644 https://nvd.nist.gov/vuln/detail/CVE-2004-0644 Moderate 2020-06-18T00:00:00 ntp: wrong date/time offset return could lead to integer overflow 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CWE-190

Integer overflow in the NTP daemon (NTPd) before 4.0 causes the NTP server to return the wrong date/time offset when a client requests a date/time that is more than 34 years away from the server's time.

As per the CERT advisory, this issue has been resolved by ntp version 4. All Red Hat products ship ntp-4, therefore there are not affected by this flaw. Red Hat Enterprise Linux 5 Not affected ntp Red Hat Enterprise Linux 6 Not affected ntp Red Hat Enterprise Linux 7 Not affected ntp https://www.cve.org/CVERecord?id=CVE-2004-0657 https://nvd.nist.gov/vuln/detail/CVE-2004-0657 https://www.kb.cert.org/vuls/id/584606 2003-10-23T00:00:00 security flaw

Certain USB drivers in the Linux 2.4 kernel use the copy_to_user function on uninitialized structures, which could allow local users to obtain sensitive information by reading memory that was not cleared from previous usage.

Red Hat Enterprise Linux 3 2004-12-02T00:00:00 RHSA-2004:549 kernel-0:2.4.21-20.0.1.EL Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2004-12-13T00:00:00 RHSA-2004:504 Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2004-12-13T00:00:00 RHSA-2004:505 Red Hat Enterprise Linux ES version 2.1 2004-12-13T00:00:00 RHSA-2004:505 Red Hat Enterprise Linux WS version 2.1 2004-12-13T00:00:00 RHSA-2004:505 Red Hat Linux Advanced Workstation 2.1 2004-12-13T00:00:00 RHSA-2004:504 https://www.cve.org/CVERecord?id=CVE-2004-0685 https://nvd.nist.gov/vuln/detail/CVE-2004-0685 Moderate 2004-07-22T00:00:00 security flaw

Buffer overflow in Samba 2.2.x to 2.2.9, and 3.0.0 to 3.0.4, when the "mangling method = hash" option is enabled in smb.conf, has unknown impact and attack vectors.

Red Hat Enterprise Linux 3 2004-07-22T00:00:00 RHSA-2004:259 samba-0:3.0.4-6.3E Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2004-07-26T00:00:00 RHSA-2004:404 Red Hat Enterprise Linux ES version 2.1 2004-07-26T00:00:00 RHSA-2004:404 Red Hat Enterprise Linux WS version 2.1 2004-07-26T00:00:00 RHSA-2004:404 Red Hat Linux Advanced Workstation 2.1 2004-07-26T00:00:00 RHSA-2004:404 https://www.cve.org/CVERecord?id=CVE-2004-0686 https://nvd.nist.gov/vuln/detail/CVE-2004-0686 Moderate 2004-10-07T00:00:00 openmotif21 stack overflows in libxpm

Multiple stack-based buffer overflows in (1) xpmParseColors in parse.c, (2) ParseAndPutPixels in create.c, and (3) ParsePixels in parse.c for libXpm before 6.8.1 allow remote attackers to execute arbitrary code via a malformed XPM image file.

Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Red Hat Enterprise Linux 3 2004-10-04T00:00:00 RHSA-2004:478 XFree86-0:4.3.0-69.EL Red Hat Enterprise Linux 3 2004-12-02T00:00:00 RHSA-2004:537 openmotif-0:2.2.3-4.RHEL3.4 Red Hat Enterprise Linux 3 2004-12-02T00:00:00 RHSA-2004:537 openmotif21-0:2.1.30-9.RHEL3.4 Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2004-10-06T00:00:00 RHSA-2004:479 Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2005-01-12T00:00:00 RHSA-2005:004 Red Hat Enterprise Linux ES version 2.1 2004-10-06T00:00:00 RHSA-2004:479 Red Hat Enterprise Linux ES version 2.1 2005-01-12T00:00:00 RHSA-2005:004 Red Hat Enterprise Linux WS version 2.1 2004-10-06T00:00:00 RHSA-2004:479 Red Hat Enterprise Linux WS version 2.1 2005-01-12T00:00:00 RHSA-2005:004 Red Hat Linux Advanced Workstation 2.1 2004-10-06T00:00:00 RHSA-2004:479 Red Hat Linux Advanced Workstation 2.1 2005-01-12T00:00:00 RHSA-2005:004 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 jabberd-0:2.0s10-3.38.rhn Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 jfreechart-0:0.9.20-3.rhn Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 openmotif21-0:2.1.30-11.RHEL4.6 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 perl-Crypt-CBC-0:2.24-1.el4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 rhn-apache-0:1.3.27-36.rhn.rhel4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 rhn-modjk-0:1.2.23-2rhn.rhel4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 rhn-modperl-0:1.29-16.rhel4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 rhn-modssl-0:2.8.12-8.rhn.10.rhel4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 tomcat5-0:5.0.30-0jpp_10rh Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 jabberd-0:2.0s10-3.37.rhn Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 jfreechart-0:0.9.20-3.rhn Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 openmotif21-0:2.1.30-9.RHEL3.8 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 perl-Crypt-CBC-0:2.24-1.el3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 rhn-apache-0:1.3.27-36.rhn.rhel3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 rhn-modjk-0:1.2.23-2rhn.rhel3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 rhn-modperl-0:1.29-16.rhel3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 rhn-modssl-0:2.8.12-8.rhn.10.rhel3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 tomcat5-0:5.0.30-0jpp_10rh https://www.cve.org/CVERecord?id=CVE-2004-0687 https://nvd.nist.gov/vuln/detail/CVE-2004-0687 Moderate 2004-09-15T00:00:00 openmotif21 stack overflows in libxpm

Multiple integer overflows in (1) the xpmParseColors function in parse.c, (2) XpmCreateImageFromXpmImage, (3) CreateXImage, (4) ParsePixels, and (5) ParseAndPutPixels for libXpm before 6.8.1 may allow remote attackers to execute arbitrary code via a malformed XPM image file.

Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Red Hat Enterprise Linux 3 2004-10-04T00:00:00 RHSA-2004:478 XFree86-0:4.3.0-69.EL Red Hat Enterprise Linux 3 2004-12-02T00:00:00 RHSA-2004:537 openmotif-0:2.2.3-4.RHEL3.4 Red Hat Enterprise Linux 3 2004-12-02T00:00:00 RHSA-2004:537 openmotif21-0:2.1.30-9.RHEL3.4 Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2004-10-06T00:00:00 RHSA-2004:479 Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2005-01-12T00:00:00 RHSA-2005:004 Red Hat Enterprise Linux ES version 2.1 2004-10-06T00:00:00 RHSA-2004:479 Red Hat Enterprise Linux ES version 2.1 2005-01-12T00:00:00 RHSA-2005:004 Red Hat Enterprise Linux WS version 2.1 2004-10-06T00:00:00 RHSA-2004:479 Red Hat Enterprise Linux WS version 2.1 2005-01-12T00:00:00 RHSA-2005:004 Red Hat Linux Advanced Workstation 2.1 2004-10-06T00:00:00 RHSA-2004:479 Red Hat Linux Advanced Workstation 2.1 2005-01-12T00:00:00 RHSA-2005:004 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 jabberd-0:2.0s10-3.38.rhn Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 jfreechart-0:0.9.20-3.rhn Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 openmotif21-0:2.1.30-11.RHEL4.6 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 perl-Crypt-CBC-0:2.24-1.el4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 rhn-apache-0:1.3.27-36.rhn.rhel4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 rhn-modjk-0:1.2.23-2rhn.rhel4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 rhn-modperl-0:1.29-16.rhel4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 rhn-modssl-0:2.8.12-8.rhn.10.rhel4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 tomcat5-0:5.0.30-0jpp_10rh Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 jabberd-0:2.0s10-3.37.rhn Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 jfreechart-0:0.9.20-3.rhn Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 openmotif21-0:2.1.30-9.RHEL3.8 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 perl-Crypt-CBC-0:2.24-1.el3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 rhn-apache-0:1.3.27-36.rhn.rhel3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 rhn-modjk-0:1.2.23-2rhn.rhel3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 rhn-modperl-0:1.29-16.rhel3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 rhn-modssl-0:2.8.12-8.rhn.10.rhel3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 tomcat5-0:5.0.30-0jpp_10rh https://www.cve.org/CVERecord?id=CVE-2004-0688 https://nvd.nist.gov/vuln/detail/CVE-2004-0688 Moderate 2004-08-11T00:00:00 security flaw

KDE before 3.3.0 does not properly handle when certain symbolic links point to "stale" locations, which could allow local users to create or truncate arbitrary files.

Red Hat Enterprise Linux 3 2004-10-04T00:00:00 RHSA-2004:412 kdebase-6:3.1.3-5.4 Red Hat Enterprise Linux 3 2004-10-04T00:00:00 RHSA-2004:412 kdelibs-6:3.1.3-6.6 https://www.cve.org/CVERecord?id=CVE-2004-0689 https://nvd.nist.gov/vuln/detail/CVE-2004-0689 Important 2004-08-18T00:00:00 security flaw

Heap-based buffer overflow in the BMP image format parser for the QT library (qt3) before 3.3.3 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code.

Red Hat Enterprise Linux 3 2004-08-20T00:00:00 RHSA-2004:414 qt-1:3.1.2-13.4 https://www.cve.org/CVERecord?id=CVE-2004-0691 https://nvd.nist.gov/vuln/detail/CVE-2004-0691 Moderate 2004-08-18T00:00:00 security flaw

The XPM parser in the QT library (qt3) before 3.3.3 allows remote attackers to cause a denial of service (application crash) via a malformed image file that triggers a null dereference, a different vulnerability than CVE-2004-0693.

Red Hat Enterprise Linux 3 2004-08-20T00:00:00 RHSA-2004:414 qt-1:3.1.2-13.4 Red Hat Enterprise Linux 3 2004-10-04T00:00:00 RHSA-2004:478 XFree86-0:4.3.0-69.EL Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2004-10-06T00:00:00 RHSA-2004:479 Red Hat Enterprise Linux ES version 2.1 2004-10-06T00:00:00 RHSA-2004:479 Red Hat Enterprise Linux WS version 2.1 2004-10-06T00:00:00 RHSA-2004:479 Red Hat Linux Advanced Workstation 2.1 2004-10-06T00:00:00 RHSA-2004:479 https://www.cve.org/CVERecord?id=CVE-2004-0692 https://nvd.nist.gov/vuln/detail/CVE-2004-0692 Moderate 2004-08-18T00:00:00 security flaw

The GIF parser in the QT library (qt3) before 3.3.3 allows remote attackers to cause a denial of service (application crash) via a malformed image file that triggers a null dereference, a different vulnerability than CVE-2004-0692.

Red Hat Enterprise Linux 3 2004-08-20T00:00:00 RHSA-2004:414 qt-1:3.1.2-13.4 https://www.cve.org/CVERecord?id=CVE-2004-0693 https://nvd.nist.gov/vuln/detail/CVE-2004-0693 Moderate 2004-08-11T00:00:00 security flaw

Buffer overflow in LHA 1.14 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors related to "command line processing," a different vulnerability than CVE-2004-0771. NOTE: this issue may be REJECTED if there are not any cases in which LHA is setuid or is otherwise used across security boundaries.

Red Hat Enterprise Linux 3 2004-09-01T00:00:00 RHSA-2004:323 lha-0:1.14i-10.4 Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2004-09-07T00:00:00 RHSA-2004:440 Red Hat Enterprise Linux ES version 2.1 2004-09-07T00:00:00 RHSA-2004:440 Red Hat Enterprise Linux WS version 2.1 2004-09-07T00:00:00 RHSA-2004:440 Red Hat Linux Advanced Workstation 2.1 2004-09-07T00:00:00 RHSA-2004:440 https://www.cve.org/CVERecord?id=CVE-2004-0694 https://nvd.nist.gov/vuln/detail/CVE-2004-0694 Important 2004-07-16T00:00:00 mod_proxy hook format string

Format string vulnerability in the mod_proxy hook functions function in ssl_engine_log.c in mod_ssl before 2.8.19 for Apache before 1.3.31 may allow remote attackers to execute arbitrary messages via format string specifiers in certain log messages for HTTPS that are handled by the ssl_log function.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2004-09-07T00:00:00 RHSA-2004:408 Red Hat Enterprise Linux ES version 2.1 2004-09-07T00:00:00 RHSA-2004:408 Red Hat Enterprise Linux WS version 2.1 2004-09-07T00:00:00 RHSA-2004:408 Red Hat Linux Advanced Workstation 2.1 2004-09-07T00:00:00 RHSA-2004:408 Red Hat Network Proxy v 4.2 (RHEL 3) 2008-06-30T00:00:00 RHSA-2008:0523 jabberd-0:2.0s10-3.37.rhn Red Hat Network Proxy v 4.2 (RHEL 3) 2008-06-30T00:00:00 RHSA-2008:0523 rhn-apache-0:1.3.27-36.rhn.rhel3 Red Hat Network Proxy v 4.2 (RHEL 3) 2008-06-30T00:00:00 RHSA-2008:0523 rhn-modperl-0:1.29-16.rhel3 Red Hat Network Proxy v 4.2 (RHEL 4) 2008-06-30T00:00:00 RHSA-2008:0523 jabberd-0:2.0s10-3.38.rhn Red Hat Network Proxy v 4.2 (RHEL 4) 2008-06-30T00:00:00 RHSA-2008:0523 rhn-apache-0:1.3.27-36.rhn.rhel4 Red Hat Network Proxy v 4.2 (RHEL 4) 2008-06-30T00:00:00 RHSA-2008:0523 rhn-modperl-0:1.29-16.rhel4 Red Hat Stronghold 4 2004-07-23T00:00:00 RHSA-2004:405 https://www.cve.org/CVERecord?id=CVE-2004-0700 https://nvd.nist.gov/vuln/detail/CVE-2004-0700 Moderate 2004-07-01T00:00:00 security flaw

The (1) Mozilla 1.6, (2) Firebird 0.7, (3) Firefox 0.8, and (4) Netscape 7.1 web browsers do not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame injection vulnerability.

https://www.cve.org/CVERecord?id=CVE-2004-0718 https://nvd.nist.gov/vuln/detail/CVE-2004-0718 Low 2004-07-01T00:00:00 security flaw

Konqueror 3.1.3, 3.2.2, and possibly other versions does not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame injection vulnerability.

Red Hat Enterprise Linux 3 2004-10-04T00:00:00 RHSA-2004:412 kdebase-6:3.1.3-5.4 Red Hat Enterprise Linux 3 2004-10-04T00:00:00 RHSA-2004:412 kdelibs-6:3.1.3-6.6 https://www.cve.org/CVERecord?id=CVE-2004-0721 https://nvd.nist.gov/vuln/detail/CVE-2004-0721 Critical 2004-07-22T00:00:00 security flaw

Integer overflow in the SOAPParameter object constructor in (1) Netscape version 7.0 and 7.1 and (2) Mozilla 1.6, and possibly earlier versions, allows remote attackers to execute arbitrary code.

https://www.cve.org/CVERecord?id=CVE-2004-0722 https://nvd.nist.gov/vuln/detail/CVE-2004-0722 Moderate 2004-08-11T00:00:00 security flaw

LHA 1.14 and earlier allows attackers to execute arbitrary commands via a directory with shell metacharacters in its name.

Red Hat Enterprise Linux 3 2004-09-01T00:00:00 RHSA-2004:323 lha-0:1.14i-10.4 Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2004-09-07T00:00:00 RHSA-2004:440 Red Hat Enterprise Linux ES version 2.1 2004-09-07T00:00:00 RHSA-2004:440 Red Hat Enterprise Linux WS version 2.1 2004-09-07T00:00:00 RHSA-2004:440 Red Hat Linux Advanced Workstation 2.1 2004-09-07T00:00:00 RHSA-2004:440 https://www.cve.org/CVERecord?id=CVE-2004-0745 https://nvd.nist.gov/vuln/detail/CVE-2004-0745 Moderate 2004-08-20T00:00:00 security flaw

Konqueror in KDE 3.2.3 and earlier allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk and .firm.in, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session.

Red Hat Enterprise Linux 3 2004-10-04T00:00:00 RHSA-2004:412 kdebase-6:3.1.3-5.4 Red Hat Enterprise Linux 3 2004-10-04T00:00:00 RHSA-2004:412 kdelibs-6:3.1.3-6.6 https://www.cve.org/CVERecord?id=CVE-2004-0746 https://nvd.nist.gov/vuln/detail/CVE-2004-0746 Low 2004-09-15T00:00:00 security flaw

Buffer overflow in Apache 2.0.50 and earlier allows local users to gain apache privileges via a .htaccess file that causes the overflow during expansion of environment variables.

Red Hat Enterprise Linux 3 2004-09-15T00:00:00 RHSA-2004:463 httpd-0:2.0.46-40.ent https://www.cve.org/CVERecord?id=CVE-2004-0747 https://nvd.nist.gov/vuln/detail/CVE-2004-0747 Important 2004-07-07T00:00:00 security flaw

mod_ssl in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (CPU consumption) by aborting an SSL connection in a way that causes an Apache child process to enter an infinite loop.

Red Hat Enterprise Linux 3 2004-09-01T00:00:00 RHSA-2004:349 httpd-0:2.0.46-38.ent https://www.cve.org/CVERecord?id=CVE-2004-0748 https://nvd.nist.gov/vuln/detail/CVE-2004-0748 Low 2004-09-22T00:00:00 security flaw

Unknown vulnerability in redhat-config-nfs before 1.0.13, when shares are exported to multiple hosts, can produce incorrect permissions and prevent the all_squash option from being applied.

Red Hat Enterprise Linux 3 2004-09-22T00:00:00 RHSA-2004:434 redhat-config-nfs-0:1.0.13-6 https://www.cve.org/CVERecord?id=CVE-2004-0750 https://nvd.nist.gov/vuln/detail/CVE-2004-0750 Low 2004-09-15T00:00:00 security flaw

The char_buffer_read function in the mod_ssl module for Apache 2.x, when using reverse proxying to an SSL server, allows remote attackers to cause a denial of service (segmentation fault).

Red Hat Enterprise Linux 3 2004-09-15T00:00:00 RHSA-2004:463 httpd-0:2.0.46-40.ent https://www.cve.org/CVERecord?id=CVE-2004-0751 https://nvd.nist.gov/vuln/detail/CVE-2004-0751 2004-08-04T00:00:00 security flaw

OpenOffice (OOo) 1.1.2 creates predictable directory names with insecure permissions during startup, which may allow local users to read or list files of other users.

Red Hat Enterprise Linux 3 2004-09-15T00:00:00 RHSA-2004:446 openoffice.org-0:1.1.0-16.14.EL https://www.cve.org/CVERecord?id=CVE-2004-0752 https://nvd.nist.gov/vuln/detail/CVE-2004-0752 Moderate 2004-08-20T00:00:00 security flaw

The BMP image processor for (1) gdk-pixbuf before 0.22 and (2) gtk2 before 2.2.4 allows remote attackers to cause a denial of service (infinite loop) via a crafted BMP file.

Red Hat Enterprise Linux 3 2004-09-15T00:00:00 RHSA-2004:447 gdk-pixbuf-1:0.22.0-11.3.3 Red Hat Enterprise Linux 3 2004-09-15T00:00:00 RHSA-2004:466 gtk2-0:2.2.4-8.1 https://www.cve.org/CVERecord?id=CVE-2004-0753 https://nvd.nist.gov/vuln/detail/CVE-2004-0753 Important 2004-08-26T00:00:00 security flaw

Integer overflow in Gaim before 0.82 allows remote attackers to cause a denial of service and possibly execute arbitrary code via the size variable in Groupware server messages.

https://www.cve.org/CVERecord?id=CVE-2004-0754 https://nvd.nist.gov/vuln/detail/CVE-2004-0754 Low 2004-07-22T00:00:00 security flaw

The FileStore capability in CGI::Session for Ruby before 1.8.1, and possibly PStore, creates files with insecure permissions, which can allow local users to steal session information and hijack sessions.

Red Hat Enterprise Linux 3 2004-09-30T00:00:00 RHSA-2004:441 ruby-0:1.6.8-9.EL3.2 https://www.cve.org/CVERecord?id=CVE-2004-0755 https://nvd.nist.gov/vuln/detail/CVE-2004-0755 Important 2004-07-22T00:00:00 security flaw

Heap-based buffer overflow in the SendUidl in the POP3 capability for Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, may allow remote POP3 mail servers to execute arbitrary code.

https://www.cve.org/CVERecord?id=CVE-2004-0757 https://nvd.nist.gov/vuln/detail/CVE-2004-0757 Moderate 2004-07-03T00:00:00 security flaw

Mozilla 1.5 through 1.7 allows a CA certificate to be imported even when their DN is the same as that of the built-in CA root certificate, which allows remote attackers to cause a denial of service to SSL pages because the malicious certificate is treated as invalid.

https://www.cve.org/CVERecord?id=CVE-2004-0758 https://nvd.nist.gov/vuln/detail/CVE-2004-0758 Important 2004-07-22T00:00:00 security flaw

Mozilla before 1.7 allows remote web servers to read arbitrary files via Javascript that sets the value of an <input type="file"> tag.

https://www.cve.org/CVERecord?id=CVE-2004-0759 https://nvd.nist.gov/vuln/detail/CVE-2004-0759 Low 2004-07-11T00:00:00 security flaw

Mozilla allows remote attackers to cause Mozilla to open a URI as a different MIME type than expected via a null character (%00) in an FTP URI.

https://www.cve.org/CVERecord?id=CVE-2004-0760 https://nvd.nist.gov/vuln/detail/CVE-2004-0760 Important 2004-07-22T00:00:00 security flaw

Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, allow remote attackers to use certain redirect sequences to spoof the security lock icon that makes a web page appear to be encrypted.

https://www.cve.org/CVERecord?id=CVE-2004-0761 https://nvd.nist.gov/vuln/detail/CVE-2004-0761 Important 2004-07-01T00:00:00 security flaw

Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, allow remote web sites to install arbitrary extensions by using interactive events to manipulate the XPInstall Security dialog box.

https://www.cve.org/CVERecord?id=CVE-2004-0762 https://nvd.nist.gov/vuln/detail/CVE-2004-0762 Moderate 2004-07-26T00:00:00 security flaw

Mozilla Firefox 0.9.1 and 0.9.2 allows remote web sites to spoof certificates of trusted web sites via redirects and Javascript that uses the "onunload" method.

https://www.cve.org/CVERecord?id=CVE-2004-0763 https://nvd.nist.gov/vuln/detail/CVE-2004-0763 Important 2004-07-30T00:00:00 security flaw

Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, allow remote web sites to hijack the user interface via the "chrome" flag and XML User Interface Language (XUL) files.

https://www.cve.org/CVERecord?id=CVE-2004-0764 https://nvd.nist.gov/vuln/detail/CVE-2004-0764 Low 2004-02-12T00:00:00 security flaw

The cert_TestHostName function in Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, only checks the hostname portion of a certificate when the hostname portion of the URI is not a fully qualified domain name (FQDN), which allows remote attackers to spoof trusted certificates.

https://www.cve.org/CVERecord?id=CVE-2004-0765 https://nvd.nist.gov/vuln/detail/CVE-2004-0765 2004-05-15T00:00:00 security flaw

Buffer overflow in LHA allows remote attackers to execute arbitrary code via long pathnames in LHarc format 2 headers for a .LHZ archive, as originally demonstrated using the "x" option but also exploitable through "l" and "v", and fixed in header.c, a different issue than CVE-2004-0771.

Red Hat Enterprise Linux 3 2004-09-01T00:00:00 RHSA-2004:323 lha-0:1.14i-10.4 Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2004-09-07T00:00:00 RHSA-2004:440 Red Hat Enterprise Linux ES version 2.1 2004-09-07T00:00:00 RHSA-2004:440 Red Hat Enterprise Linux WS version 2.1 2004-09-07T00:00:00 RHSA-2004:440 Red Hat Linux Advanced Workstation 2.1 2004-09-07T00:00:00 RHSA-2004:440 https://www.cve.org/CVERecord?id=CVE-2004-0769 https://nvd.nist.gov/vuln/detail/CVE-2004-0769 Moderate 2004-05-15T00:00:00 security flaw

Buffer overflow in the extract_one function from lhext.c in LHA may allow attackers to execute arbitrary code via a long w (working directory) command line option, a different issue than CVE-2004-0769. NOTE: this issue may be REJECTED if there are not any cases in which LHA is setuid or is otherwise used across security boundaries.

Red Hat Enterprise Linux 3 2004-09-01T00:00:00 RHSA-2004:323 lha-0:1.14i-10.4 Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2004-09-07T00:00:00 RHSA-2004:440 Red Hat Enterprise Linux ES version 2.1 2004-09-07T00:00:00 RHSA-2004:440 Red Hat Enterprise Linux WS version 2.1 2004-09-07T00:00:00 RHSA-2004:440 Red Hat Linux Advanced Workstation 2.1 2004-09-07T00:00:00 RHSA-2004:440 https://www.cve.org/CVERecord?id=CVE-2004-0771 https://nvd.nist.gov/vuln/detail/CVE-2004-0771 Important 2003-03-27T00:00:00 security flaw

Double free vulnerabilities in error handling code in krb524d for MIT Kerberos 5 (krb5) 1.2.8 and earlier may allow remote attackers to execute arbitrary code.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2003-03-27T00:00:00 RHSA-2003:052 Red Hat Enterprise Linux ES version 2.1 2003-03-27T00:00:00 RHSA-2003:052 Red Hat Enterprise Linux WS version 2.1 2003-03-27T00:00:00 RHSA-2003:052 Red Hat Linux Advanced Workstation 2.1 2003-03-27T00:00:00 RHSA-2003:052 https://www.cve.org/CVERecord?id=CVE-2004-0772 https://nvd.nist.gov/vuln/detail/CVE-2004-0772 Moderate 2004-06-09T00:00:00 security flaw

CVS 1.11.x before 1.11.17, and 1.12.x before 1.12.9, allows remote attackers to determine the existence of arbitrary files and directories via the -X command for an alternate history file, which causes different error messages to be returned.

Red Hat would like to thank Sebastian Krahmer for reporting this issue. Red Hat Enterprise Linux 3 2004-06-09T00:00:00 RHSA-2004:233 cvs-0:1.11.2-24 https://www.cve.org/CVERecord?id=CVE-2004-0778 https://nvd.nist.gov/vuln/detail/CVE-2004-0778 Important 2004-09-15T00:00:00 security flaw

Integer overflow in pixbuf_create_from_xpm (io-xpm.c) in the XPM image decoder for gtk+ 2.4.4 (gtk2) and earlier, and gdk-pixbuf before 0.22, allows remote attackers to execute arbitrary code via certain n_col and cpp values that enable a heap-based buffer overflow. NOTE: this identifier is ONLY for gtk+. It was incorrectly referenced in an advisory for a different issue (CVE-2004-0687).

Red Hat Enterprise Linux 3 2004-09-15T00:00:00 RHSA-2004:447 gdk-pixbuf-1:0.22.0-11.3.3 Red Hat Enterprise Linux 3 2004-09-15T00:00:00 RHSA-2004:466 gtk2-0:2.2.4-8.1 https://www.cve.org/CVERecord?id=CVE-2004-0782 https://nvd.nist.gov/vuln/detail/CVE-2004-0782 Important 2004-09-15T00:00:00 security flaw

Stack-based buffer overflow in xpm_extract_color (io-xpm.c) in the XPM image decoder for gtk+ 2.4.4 (gtk2) and earlier, and gdk-pixbuf before 0.22, may allow remote attackers to execute arbitrary code via a certain color string. NOTE: this identifier is ONLY for gtk+. It was incorrectly referenced in an advisory for a different issue (CVE-2004-0688).

Red Hat Enterprise Linux 3 2004-09-15T00:00:00 RHSA-2004:447 gdk-pixbuf-1:0.22.0-11.3.3 Red Hat Enterprise Linux 3 2004-09-15T00:00:00 RHSA-2004:466 gtk2-0:2.2.4-8.1 https://www.cve.org/CVERecord?id=CVE-2004-0783 https://nvd.nist.gov/vuln/detail/CVE-2004-0783 Moderate 2004-08-26T00:00:00 security flaw

The smiley theme functionality in Gaim before 0.82 allows remote attackers to execute arbitrary commands via shell metacharacters in the filename of the tar file that is dragged to the smiley selector.

https://www.cve.org/CVERecord?id=CVE-2004-0784 https://nvd.nist.gov/vuln/detail/CVE-2004-0784 2004-08-12T00:00:00 security flaw

Multiple buffer overflows in Gaim before 0.82 allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) Rich Text Format (RTF) messages, (2) a long hostname for the local system as obtained from DNS, or (3) a long URL that is not properly handled by the URL decoder.

https://www.cve.org/CVERecord?id=CVE-2004-0785 https://nvd.nist.gov/vuln/detail/CVE-2004-0785 Moderate 2004-09-15T00:00:00 security flaw

The IPv6 URI parsing routines in the apr-util library for Apache 2.0.50 and earlier allow remote attackers to cause a denial of service (child process crash) via a certain URI, as demonstrated using the Codenomicon HTTP Test Tool.

Red Hat Enterprise Linux 3 2004-09-15T00:00:00 RHSA-2004:463 httpd-0:2.0.46-40.ent https://www.cve.org/CVERecord?id=CVE-2004-0786 https://nvd.nist.gov/vuln/detail/CVE-2004-0786 Moderate 2004-09-15T00:00:00 security flaw

Integer overflow in the ICO image decoder for (1) gdk-pixbuf before 0.22 and (2) gtk2 before 2.2.4 allows remote attackers to cause a denial of service (application crash) via a crafted ICO file.

Red Hat Enterprise Linux 3 2004-09-15T00:00:00 RHSA-2004:447 gdk-pixbuf-1:0.22.0-11.3.3 Red Hat Enterprise Linux 3 2004-09-15T00:00:00 RHSA-2004:466 gtk2-0:2.2.4-8.1 https://www.cve.org/CVERecord?id=CVE-2004-0788 https://nvd.nist.gov/vuln/detail/CVE-2004-0788 Low 2005-04-12T00:00:00 security flaw

Multiple TCP/IP and ICMP implementations allow remote attackers to cause a denial of service (network throughput reduction for TCP connections) via a blind throughput-reduction attack using spoofed Source Quench packets, aka the "ICMP Source Quench attack." NOTE: CVE-2004-0790, CVE-2004-0791, and CVE-2004-1060 have been SPLIT based on different attacks; CVE-2005-0065, CVE-2005-0066, CVE-2005-0067, and CVE-2005-0068 are related identifiers that are SPLIT based on the underlying vulnerability. While CVE normally SPLITs based on vulnerability, the attack-based identifiers exist due to the variety and number of affected implementations and solutions that address the attacks instead of the underlying vulnerabilities.

Red Hat Enterprise Linux 3 2005-01-18T00:00:00 RHSA-2005:043 kernel-0:2.4.21-27.0.2.EL Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2005-01-21T00:00:00 RHSA-2005:016 Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2005-01-21T00:00:00 RHSA-2005:017 Red Hat Enterprise Linux ES version 2.1 2005-01-21T00:00:00 RHSA-2005:016 Red Hat Enterprise Linux WS version 2.1 2005-01-21T00:00:00 RHSA-2005:016 Red Hat Linux Advanced Workstation 2.1 2005-01-21T00:00:00 RHSA-2005:017 https://www.cve.org/CVERecord?id=CVE-2004-0791 https://nvd.nist.gov/vuln/detail/CVE-2004-0791 Moderate 2004-08-12T00:00:00 security flaw

Directory traversal vulnerability in the sanitize_path function in util.c for rsync 2.6.2 and earlier, when chroot is disabled, allows attackers to read or write certain files.

Red Hat Enterprise Linux 3 2004-09-01T00:00:00 RHSA-2004:436 rsync-0:2.5.7-5.3E https://www.cve.org/CVERecord?id=CVE-2004-0792 https://nvd.nist.gov/vuln/detail/CVE-2004-0792 Important 2004-08-05T00:00:00 security flaw

SpamAssassin 2.5x, and 2.6x before 2.64, allows remote attackers to cause a denial of service via certain malformed messages.

Red Hat Enterprise Linux 3 2004-09-30T00:00:00 RHSA-2004:451 spamassassin-0:2.55-3.2 https://www.cve.org/CVERecord?id=CVE-2004-0796 https://nvd.nist.gov/vuln/detail/CVE-2004-0796 Important 2004-10-13T00:00:00 security flaw

Multiple vulnerabilities in the RLE (run length encoding) decoders for libtiff 3.6.1 and earlier, related to buffer overflows and integer overflows, allow remote attackers to execute arbitrary code via TIFF files.

Red Hat Enterprise Linux 3 2004-10-22T00:00:00 RHSA-2004:577 libtiff-0:3.5.7-20.1 Red Hat Enterprise Linux 3 2005-04-12T00:00:00 RHSA-2005:021 kdegraphics-7:3.1.3-3.7 Red Hat Enterprise Linux 3 2005-04-01T00:00:00 RHSA-2005:354 tetex-0:1.0.7-67.7 https://www.cve.org/CVERecord?id=CVE-2004-0803 https://nvd.nist.gov/vuln/detail/CVE-2004-0803 2002-03-15T00:00:00 security flaw

Vulnerability in tif_dirread.c for libtiff allows remote attackers to cause a denial of service (application crash) via a TIFF image that causes a divide-by-zero error when the number of row bytes is zero, a different vulnerability than CVE-2005-2452.

Red Hat Enterprise Linux 3 2004-10-22T00:00:00 RHSA-2004:577 libtiff-0:3.5.7-20.1 Red Hat Enterprise Linux 3 2005-04-12T00:00:00 RHSA-2005:021 kdegraphics-7:3.1.3-3.7 Red Hat Enterprise Linux 3 2005-04-01T00:00:00 RHSA-2005:354 tetex-0:1.0.7-67.7 https://www.cve.org/CVERecord?id=CVE-2004-0804 https://nvd.nist.gov/vuln/detail/CVE-2004-0804 Low 2004-09-09T00:00:00 security flaw

cdrecord in the cdrtools package before 2.01, when installed setuid root, does not properly drop privileges before executing a program specified in the RSH environment variable, which allows local users to gain privileges.

Not vulnerable. cdrecord is not shipped setuid and does not need to be made setuid with Red Hat Enterprise Linux 2.1, 3, or 4 packages. Red Hat Desktop version 3 2005-05-19T00:00:00 RHBA-2005:447 Red Hat Enterprise Linux AS version 3 2005-05-19T00:00:00 RHBA-2005:447 Red Hat Enterprise Linux ES version 3 2005-05-19T00:00:00 RHBA-2005:447 Red Hat Enterprise Linux WS version 3 2005-05-19T00:00:00 RHBA-2005:447 https://www.cve.org/CVERecord?id=CVE-2004-0806 https://nvd.nist.gov/vuln/detail/CVE-2004-0806 Important 2004-09-13T00:00:00 security flaw

Samba 3.0.6 and earlier allows remote attackers to cause a denial of service (infinite loop and memory exhaustion) via certain malformed requests that cause new processes to be spawned and enter an infinite loop.

Red Hat Enterprise Linux 3 2004-09-22T00:00:00 RHSA-2004:467 samba-0:3.0.7-1.3E https://www.cve.org/CVERecord?id=CVE-2004-0807 https://nvd.nist.gov/vuln/detail/CVE-2004-0807 Important 2004-09-13T00:00:00 security flaw

The process_logon_packet function in the nmbd server for Samba 3.0.6 and earlier, when domain logons are enabled, allows remote attackers to cause a denial of service via a SAM_UAS_CHANGE request with a length value that is larger than the number of structures that are provided.

Red Hat Enterprise Linux 3 2004-09-22T00:00:00 RHSA-2004:467 samba-0:3.0.7-1.3E https://www.cve.org/CVERecord?id=CVE-2004-0808 https://nvd.nist.gov/vuln/detail/CVE-2004-0808 Low 2004-09-15T00:00:00 security flaw

The mod_dav module in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (child process crash) via a certain sequence of LOCK requests for a location that allows WebDAV authoring access.

Red Hat Enterprise Linux 3 2004-09-15T00:00:00 RHSA-2004:463 httpd-0:2.0.46-40.ent https://www.cve.org/CVERecord?id=CVE-2004-0809 https://nvd.nist.gov/vuln/detail/CVE-2004-0809

Unknown vulnerability in Apache 2.0.51 prevents "the merging of the Satisfy directive," which could allow attackers to obtain access to restricted resources contrary to the specified authentication configuration.

Not Vulnerable. This issue only affected Apache 2.0.51, which was not shipped in any version of Red Hat Enterprise Linux. https://www.cve.org/CVERecord?id=CVE-2004-0811 https://nvd.nist.gov/vuln/detail/CVE-2004-0811 2003-11-08T00:00:00 security flaw

Unknown vulnerability in the Linux kernel before 2.4.23, on the AMD AMD64 and Intel EM64T architectures, associated with "setting up TSS limits," allows local users to cause a denial of service (crash) and possibly execute arbitrary code.

Red Hat Enterprise Linux 3 2004-12-02T00:00:00 RHSA-2004:549 kernel-0:2.4.21-20.0.1.EL https://www.cve.org/CVERecord?id=CVE-2004-0812 https://nvd.nist.gov/vuln/detail/CVE-2004-0812 Moderate 2004-07-30T00:00:00 security flaw

Unknown vulnerability in the SG_IO functionality in ide-cd allows local users to bypass read-only access and perform unauthorized write and erase operations.

Red Hat Enterprise Linux 3 2007-06-07T00:00:00 RHSA-2007:0465 cdrtools-8:2.01.0.a32-0.EL3.6 Red Hat Enterprise Linux 3 2007-06-07T00:00:00 RHSA-2007:0465 pam-0:0.75-72 https://www.cve.org/CVERecord?id=CVE-2004-0813 https://nvd.nist.gov/vuln/detail/CVE-2004-0813 Important 2004-09-07T00:00:00 security flaw

Multiple race conditions in the terminal layer in Linux 2.4.x, and 2.6.x before 2.6.9, allow (1) local users to obtain portions of kernel data via a TIOCSETD ioctl call to a terminal interface that is being accessed by another thread, or (2) remote attackers to cause a denial of service (panic) by switching from console to PPP line discipline, then quickly sending data that is received during the switch.

Red Hat Enterprise Linux 3 2005-04-22T00:00:00 RHSA-2005:293 kernel-0:2.4.21-27.0.4.EL https://www.cve.org/CVERecord?id=CVE-2004-0814 https://nvd.nist.gov/vuln/detail/CVE-2004-0814 Important 2004-09-30T00:00:00 security flaw

The unix_clean_name function in Samba 2.2.x through 2.2.11, and 3.0.x before 3.0.2a, trims certain directory names down to absolute paths, which could allow remote attackers to bypass the specified share restrictions and read, write, or list arbitrary files via "/.////" style sequences in pathnames.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2004-10-04T00:00:00 RHSA-2004:498 Red Hat Enterprise Linux ES version 2.1 2004-10-04T00:00:00 RHSA-2004:498 Red Hat Enterprise Linux WS version 2.1 2004-10-04T00:00:00 RHSA-2004:498 Red Hat Linux Advanced Workstation 2.1 2004-10-04T00:00:00 RHSA-2004:498 https://www.cve.org/CVERecord?id=CVE-2004-0815 https://nvd.nist.gov/vuln/detail/CVE-2004-0815 Important 2004-08-25T00:00:00 security flaw

Multiple heap-based buffer overflows in the imlib BMP image handler allow remote attackers to execute arbitrary code via a crafted BMP file.

Red Hat Enterprise Linux 3 2004-09-15T00:00:00 RHSA-2004:465 imlib-1:1.9.13-13.3 https://www.cve.org/CVERecord?id=CVE-2004-0817 https://nvd.nist.gov/vuln/detail/CVE-2004-0817 Low 2004-09-07T00:00:00 security flaw

OpenLDAP 1.0 through 2.1.19, as used in Apple Mac OS 10.3.4 and 10.3.5 and possibly other operating systems, may allow certain authentication schemes to use hashed (crypt) passwords in the userPassword attribute as if they were plaintext passwords, which allows remote attackers to re-use hashed passwords without decrypting them.

Red Hat Enterprise Linux 3 2005-10-17T00:00:00 RHSA-2005:751 nss_ldap-0:207-17 Red Hat Enterprise Linux 3 2005-10-17T00:00:00 RHSA-2005:751 openldap-0:2.0.27-20 https://www.cve.org/CVERecord?id=CVE-2004-0823 https://nvd.nist.gov/vuln/detail/CVE-2004-0823 Important 2004-08-24T00:00:00 security flaw

Multiple buffer overflows in the ImageMagick graphics library 5.x before 5.4.4, and 6.x before 6.0.6.2, allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via malformed (1) AVI, (2) BMP, or (3) DIB files.

Red Hat Enterprise Linux 3 2004-10-20T00:00:00 RHSA-2004:480 ImageMagick-0:5.5.6-6 Red Hat Enterprise Linux 3 2004-12-08T00:00:00 RHSA-2004:636 ImageMagick-0:5.5.6-7 Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2004-10-20T00:00:00 RHSA-2004:494 Red Hat Enterprise Linux ES version 2.1 2004-10-20T00:00:00 RHSA-2004:494 Red Hat Enterprise Linux WS version 2.1 2004-10-20T00:00:00 RHSA-2004:494 Red Hat Linux Advanced Workstation 2.1 2004-10-20T00:00:00 RHSA-2004:494 https://www.cve.org/CVERecord?id=CVE-2004-0827 https://nvd.nist.gov/vuln/detail/CVE-2004-0827

smbd in Samba before 2.2.11 allows remote attackers to cause a denial of service (daemon crash) by sending a FindNextPrintChangeNotify request without a previous FindFirstPrintChangeNotify, as demonstrated by the SMB client in Windows XP SP2.

We do not class this as a security issue; this can only cause a denial of service for the attacker. https://www.cve.org/CVERecord?id=CVE-2004-0829 https://nvd.nist.gov/vuln/detail/CVE-2004-0829 Moderate 2004-08-18T00:00:00 security flaw

The (1) ntlm_fetch_string and (2) ntlm_get_string functions in Squid 2.5.6 and earlier, with NTLM authentication enabled, allow remote attackers to cause a denial of service (application crash) via an NTLMSSP packet that causes a negative value to be passed to memcpy.

Red Hat Enterprise Linux 3 2004-09-30T00:00:00 RHSA-2004:462 squid-7:2.5.STABLE3-6.3E.1 https://www.cve.org/CVERecord?id=CVE-2004-0832 https://nvd.nist.gov/vuln/detail/CVE-2004-0832 Moderate 2004-03-23T00:00:00 security flaw

MySQL 3.x before 3.23.59, 4.x before 4.0.19, 4.1.x before 4.1.2, and 5.x before 5.0.1, checks the CREATE/INSERT rights of the original table instead of the target table in an ALTER TABLE RENAME operation, which could allow attackers to conduct unauthorized activities.

Red Hat Desktop version 3 Extras 2004-10-27T00:00:00 RHSA-2004:611 Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2004-10-20T00:00:00 RHSA-2004:597 Red Hat Enterprise Linux ES version 2.1 2004-10-20T00:00:00 RHSA-2004:597 Red Hat Enterprise Linux WS version 2.1 2004-10-20T00:00:00 RHSA-2004:597 Red Hat Linux Advanced Workstation 2.1 2004-10-20T00:00:00 RHSA-2004:597 https://www.cve.org/CVERecord?id=CVE-2004-0835 https://nvd.nist.gov/vuln/detail/CVE-2004-0835 Important 2004-06-04T00:00:00 security flaw

Buffer overflow in the mysql_real_connect function in MySQL 4.x before 4.0.21, and 3.x before 3.23.49, allows remote DNS servers to cause a denial of service and possibly execute arbitrary code via a DNS response with a large address length (h_length).

Red Hat Desktop version 3 Extras 2004-10-27T00:00:00 RHSA-2004:611 Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2004-10-20T00:00:00 RHSA-2004:597 Red Hat Enterprise Linux ES version 2.1 2004-10-20T00:00:00 RHSA-2004:597 Red Hat Enterprise Linux WS version 2.1 2004-10-20T00:00:00 RHSA-2004:597 Red Hat Linux Advanced Workstation 2.1 2004-10-20T00:00:00 RHSA-2004:597 https://www.cve.org/CVERecord?id=CVE-2004-0836 https://nvd.nist.gov/vuln/detail/CVE-2004-0836 Moderate 2004-01-15T00:00:00 security flaw

MySQL 4.x before 4.0.21, and 3.x before 3.23.49, allows attackers to cause a denial of service (crash or hang) via multiple threads that simultaneously alter MERGE table UNIONs.

Red Hat Desktop version 3 Extras 2004-10-27T00:00:00 RHSA-2004:611 Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2004-10-20T00:00:00 RHSA-2004:597 Red Hat Enterprise Linux ES version 2.1 2004-10-20T00:00:00 RHSA-2004:597 Red Hat Enterprise Linux WS version 2.1 2004-10-20T00:00:00 RHSA-2004:597 Red Hat Linux Advanced Workstation 2.1 2004-10-20T00:00:00 RHSA-2004:597 https://www.cve.org/CVERecord?id=CVE-2004-0837 https://nvd.nist.gov/vuln/detail/CVE-2004-0837 Important 2004-11-15T00:00:00 security flaw

Buffer overflow in the QFILEPATHINFO request handler in Samba 3.0.x through 3.0.7 may allow remote attackers to execute arbitrary code via a TRANSACT2_QFILEPATHINFO request with a small "maximum data bytes" value.

Red Hat Enterprise Linux 3 2004-11-16T00:00:00 RHSA-2004:632 samba-0:3.0.7-1.3E.1 https://www.cve.org/CVERecord?id=CVE-2004-0882 https://nvd.nist.gov/vuln/detail/CVE-2004-0882 Important 2004-11-12T00:00:00 security flaw

Multiple vulnerabilities in the samba filesystem (smbfs) in Linux kernel 2.4 and 2.6 allow remote samba servers to cause a denial of service (crash) or gain sensitive information from kernel memory via a samba server (1) returning more data than requested to the smb_proc_read function, (2) returning a data offset from outside the samba packet to the smb_proc_readX function, (3) sending a certain TRANS2 fragmented packet to the smb_receive_trans2 function, (4) sending a samba packet with a certain header size to the smb_proc_readX_data function, or (5) sending a certain packet based offset for the data in a packet to the smb_receive_trans2 function.

Red Hat Enterprise Linux 3 2004-12-02T00:00:00 RHSA-2004:549 kernel-0:2.4.21-20.0.1.EL Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2004-12-13T00:00:00 RHSA-2004:504 Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2004-12-13T00:00:00 RHSA-2004:505 Red Hat Enterprise Linux ES version 2.1 2004-12-13T00:00:00 RHSA-2004:505 Red Hat Enterprise Linux WS version 2.1 2004-12-13T00:00:00 RHSA-2004:505 Red Hat Linux Advanced Workstation 2.1 2004-12-13T00:00:00 RHSA-2004:504 https://www.cve.org/CVERecord?id=CVE-2004-0883 https://nvd.nist.gov/vuln/detail/CVE-2004-0883 Important 2004-10-07T00:00:00 security flaw

The (1) libsasl and (2) libsasl2 libraries in Cyrus-SASL 2.1.18 and earlier trust the SASL_PATH environment variable to find all available SASL plug-ins, which allows local users to execute arbitrary code by modifying the SASL_PATH to point to malicious programs.

Red Hat Enterprise Linux 3 2004-10-07T00:00:00 RHSA-2004:546 cyrus-sasl-0:2.1.15-10 https://www.cve.org/CVERecord?id=CVE-2004-0884 https://nvd.nist.gov/vuln/detail/CVE-2004-0884 Moderate 2004-10-05T00:00:00 mod_ssl SSLCipherSuite bypass

The mod_ssl module in Apache 2.0.35 through 2.0.52, when using the "SSLCipherSuite" directive in directory or location context, allows remote clients to bypass intended restrictions by using any cipher suite that is allowed by the virtual host configuration.

Red Hat Enterprise Linux 3 2004-11-12T00:00:00 RHSA-2004:562 httpd-0:2.0.46-44.ent Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2004-12-13T00:00:00 RHSA-2004:600 Red Hat Enterprise Linux ES version 2.1 2004-12-13T00:00:00 RHSA-2004:600 Red Hat Enterprise Linux WS version 2.1 2004-12-13T00:00:00 RHSA-2004:600 Red Hat Linux Advanced Workstation 2.1 2004-12-13T00:00:00 RHSA-2004:600 Red Hat Network Proxy v 4.2 (RHEL 3) 2008-06-30T00:00:00 RHSA-2008:0523 jabberd-0:2.0s10-3.37.rhn Red Hat Network Proxy v 4.2 (RHEL 3) 2008-06-30T00:00:00 RHSA-2008:0523 rhn-apache-0:1.3.27-36.rhn.rhel3 Red Hat Network Proxy v 4.2 (RHEL 3) 2008-06-30T00:00:00 RHSA-2008:0523 rhn-modperl-0:1.29-16.rhel3 Red Hat Network Proxy v 4.2 (RHEL 4) 2008-06-30T00:00:00 RHSA-2008:0523 jabberd-0:2.0s10-3.38.rhn Red Hat Network Proxy v 4.2 (RHEL 4) 2008-06-30T00:00:00 RHSA-2008:0523 rhn-apache-0:1.3.27-36.rhn.rhel4 Red Hat Network Proxy v 4.2 (RHEL 4) 2008-06-30T00:00:00 RHSA-2008:0523 rhn-modperl-0:1.29-16.rhel4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 jabberd-0:2.0s10-3.38.rhn Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 jfreechart-0:0.9.20-3.rhn Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 openmotif21-0:2.1.30-11.RHEL4.6 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 perl-Crypt-CBC-0:2.24-1.el4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 rhn-apache-0:1.3.27-36.rhn.rhel4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 rhn-modjk-0:1.2.23-2rhn.rhel4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 rhn-modperl-0:1.29-16.rhel4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 rhn-modssl-0:2.8.12-8.rhn.10.rhel4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 tomcat5-0:5.0.30-0jpp_10rh Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 jabberd-0:2.0s10-3.37.rhn Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 jfreechart-0:0.9.20-3.rhn Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 openmotif21-0:2.1.30-9.RHEL3.8 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 perl-Crypt-CBC-0:2.24-1.el3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 rhn-apache-0:1.3.27-36.rhn.rhel3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 rhn-modjk-0:1.2.23-2rhn.rhel3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 rhn-modperl-0:1.29-16.rhel3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 rhn-modssl-0:2.8.12-8.rhn.10.rhel3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 tomcat5-0:5.0.30-0jpp_10rh Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 jabberd-0:2.0s10-3.38.rhn Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 jfreechart-0:0.9.20-3.rhn Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 openmotif21-0:2.1.30-11.RHEL4.6 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 perl-Crypt-CBC-0:2.24-1.el4 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 rhn-apache-0:1.3.27-36.rhn.rhel4 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 rhn-modjk-0:1.2.23-2rhn.rhel4 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 rhn-modperl-0:1.29-16.rhel4 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 rhn-modssl-0:2.8.12-8.rhn.10.rhel4 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 tomcat5-0:5.0.30-0jpp_10rh Red Hat Stronghold 4 2004-12-20T00:00:00 RHSA-2004:653 Stronghold 4.0 for Red Hat Enterprise Linux AS (version 2.1) 2005-11-02T00:00:00 RHSA-2005:816 https://www.cve.org/CVERecord?id=CVE-2004-0885 https://nvd.nist.gov/vuln/detail/CVE-2004-0885 Moderate 2004-10-13T00:00:00 security flaw

Multiple integer overflows in libtiff 3.6.1 and earlier allow remote attackers to cause a denial of service (crash or memory corruption) via TIFF images that lead to incorrect malloc calls.

Red Hat Enterprise Linux 3 2004-10-22T00:00:00 RHSA-2004:577 libtiff-0:3.5.7-20.1 Red Hat Enterprise Linux 3 2005-04-12T00:00:00 RHSA-2005:021 kdegraphics-7:3.1.3-3.7 Red Hat Enterprise Linux 3 2005-04-01T00:00:00 RHSA-2005:354 tetex-0:1.0.7-67.7 https://www.cve.org/CVERecord?id=CVE-2004-0886 https://nvd.nist.gov/vuln/detail/CVE-2004-0886 Important 2004-10-21T00:00:00 security flaw

Multiple integer overflows in xpdf 2.0 and 3.0, and other packages that use xpdf code such as CUPS, gpdf, and kdegraphics, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, a different set of vulnerabilities than those identified by CVE-2004-0889.

Red Hat Enterprise Linux 3 2004-10-22T00:00:00 RHSA-2004:543 cups-1:1.1.17-13.3.16 Red Hat Enterprise Linux 3 2004-10-27T00:00:00 RHSA-2004:592 xpdf-1:2.02-9.3 Red Hat Enterprise Linux 3 2005-04-01T00:00:00 RHSA-2005:354 tetex-0:1.0.7-67.7 Red Hat Enterprise Linux 4 2005-02-15T00:00:00 RHSA-2005:066 kdegraphics-7:3.3.1-3.3 https://www.cve.org/CVERecord?id=CVE-2004-0888 https://nvd.nist.gov/vuln/detail/CVE-2004-0888 Important 2004-10-19T00:00:00 security flaw

Buffer overflow in the MSN protocol handler for gaim 0.79 to 1.0.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an "unexpected sequence of MSNSLP messages" that results in an unbounded copy operation that writes to the wrong buffer.

https://www.cve.org/CVERecord?id=CVE-2004-0891 https://nvd.nist.gov/vuln/detail/CVE-2004-0891 Important 2004-09-04T00:00:00 security flaw

Multiple heap-based buffer overflows in Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allow remote attackers to cause a denial of service (application crash) or execute arbitrary code via (1) the "Send page" functionality, (2) certain responses from a malicious POP3 server, or (3) a link containing a non-ASCII hostname.

https://www.cve.org/CVERecord?id=CVE-2004-0902 https://nvd.nist.gov/vuln/detail/CVE-2004-0902 Important 2004-08-29T00:00:00 security flaw

Stack-based buffer overflow in the writeGroup function in nsVCardObj.cpp for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows remote attackers to execute arbitrary code via malformed VCard attachments that are not properly handled when previewing a message.

https://www.cve.org/CVERecord?id=CVE-2004-0903 https://nvd.nist.gov/vuln/detail/CVE-2004-0903 2004-08-27T00:00:00 security flaw

Integer overflow in the bitmap (BMP) decoder for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allow remote attackers to execute arbitrary code via wide bitmap files that trigger heap-based buffer overflows.

https://www.cve.org/CVERecord?id=CVE-2004-0904 https://nvd.nist.gov/vuln/detail/CVE-2004-0904 Moderate 2004-07-11T00:00:00 security flaw

Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows remote attackers to perform cross-domain scripting and possibly execute arbitrary code by convincing a user to drag and drop javascript: links to a frame or page in another domain.

https://www.cve.org/CVERecord?id=CVE-2004-0905 https://nvd.nist.gov/vuln/detail/CVE-2004-0905 Low 2004-02-26T00:00:00 security flaw

The XPInstall installer in Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 sets insecure permissions for certain installed files within xpi packages, which could allow local users to overwrite arbitrary files or execute arbitrary code.

https://www.cve.org/CVERecord?id=CVE-2004-0906 https://nvd.nist.gov/vuln/detail/CVE-2004-0906 Moderate 2004-08-31T00:00:00 security flaw

Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows untrusted Javascript code to read and write to the clipboard, and possibly obtain sensitive information, via script-generated events such as Ctrl-Ins.

https://www.cve.org/CVERecord?id=CVE-2004-0908 https://nvd.nist.gov/vuln/detail/CVE-2004-0908 Moderate 2004-09-15T00:00:00 openmotif21 stack overflows in libxpm

Multiple vulnerabilities in libXpm for 6.8.1 and earlier, as used in XFree86 and other packages, include (1) multiple integer overflows, (2) out-of-bounds memory accesses, (3) directory traversal, (4) shell metacharacter, (5) endless loops, and (6) memory leaks, which could allow remote attackers to obtain sensitive information, cause a denial of service (application crash), or execute arbitrary code via a certain XPM image file. NOTE: it is highly likely that this candidate will be SPLIT into other candidates in the future, per CVE's content decisions.

Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Red Hat Enterprise Linux 3 2004-12-02T00:00:00 RHSA-2004:537 openmotif-0:2.2.3-4.RHEL3.4 Red Hat Enterprise Linux 3 2004-12-02T00:00:00 RHSA-2004:537 openmotif21-0:2.1.30-9.RHEL3.4 Red Hat Enterprise Linux 3 2004-12-20T00:00:00 RHSA-2004:612 XFree86-0:4.3.0-78.EL Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2004-12-20T00:00:00 RHSA-2004:610 Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2005-01-12T00:00:00 RHSA-2005:004 Red Hat Enterprise Linux ES version 2.1 2004-12-20T00:00:00 RHSA-2004:610 Red Hat Enterprise Linux ES version 2.1 2005-01-12T00:00:00 RHSA-2005:004 Red Hat Enterprise Linux WS version 2.1 2004-12-20T00:00:00 RHSA-2004:610 Red Hat Enterprise Linux WS version 2.1 2005-01-12T00:00:00 RHSA-2005:004 Red Hat Linux Advanced Workstation 2.1 2004-12-20T00:00:00 RHSA-2004:610 Red Hat Linux Advanced Workstation 2.1 2005-01-12T00:00:00 RHSA-2005:004 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 jabberd-0:2.0s10-3.38.rhn Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 jfreechart-0:0.9.20-3.rhn Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 openmotif21-0:2.1.30-11.RHEL4.6 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 perl-Crypt-CBC-0:2.24-1.el4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 rhn-apache-0:1.3.27-36.rhn.rhel4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 rhn-modjk-0:1.2.23-2rhn.rhel4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 rhn-modperl-0:1.29-16.rhel4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 rhn-modssl-0:2.8.12-8.rhn.10.rhel4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 tomcat5-0:5.0.30-0jpp_10rh Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 jabberd-0:2.0s10-3.37.rhn Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 jfreechart-0:0.9.20-3.rhn Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 openmotif21-0:2.1.30-9.RHEL3.8 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 perl-Crypt-CBC-0:2.24-1.el3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 rhn-apache-0:1.3.27-36.rhn.rhel3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 rhn-modjk-0:1.2.23-2rhn.rhel3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 rhn-modperl-0:1.29-16.rhel3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 rhn-modssl-0:2.8.12-8.rhn.10.rhel3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 tomcat5-0:5.0.30-0jpp_10rh https://www.cve.org/CVERecord?id=CVE-2004-0914 https://nvd.nist.gov/vuln/detail/CVE-2004-0914 Important 2004-10-11T00:00:00 Squid SNMP DoS

The asn_parse_header function (asn1.c) in the SNMP module for Squid Web Proxy Cache before 2.4.STABLE7 allows remote attackers to cause a denial of service (server restart) via certain SNMP packets with negative length fields that trigger a memory allocation error.

Red Hat Enterprise Linux 3 2004-10-20T00:00:00 RHSA-2004:591 squid-7:2.5.STABLE3-6.3E.2 https://www.cve.org/CVERecord?id=CVE-2004-0918 https://nvd.nist.gov/vuln/detail/CVE-2004-0918 2004-09-30T00:00:00 security flaw

CUPS 1.1.20 and earlier records authentication information for a device URI in the error_log file, which allows local users to obtain user names and passwords.

Red Hat Enterprise Linux 3 2004-10-22T00:00:00 RHSA-2004:543 cups-1:1.1.17-13.3.16 https://www.cve.org/CVERecord?id=CVE-2004-0923 https://nvd.nist.gov/vuln/detail/CVE-2004-0923 Moderate 2004-11-08T00:00:00 security flaw

The ms_fnmatch function in Samba 3.0.4 and 3.0.7 and possibly other versions allows remote authenticated users to cause a denial of service (CPU consumption) via a SAMBA request that contains multiple * (wildcard) characters.

Red Hat Enterprise Linux 3 2004-11-16T00:00:00 RHSA-2004:632 samba-0:3.0.7-1.3E.1 https://www.cve.org/CVERecord?id=CVE-2004-0930 https://nvd.nist.gov/vuln/detail/CVE-2004-0930 2004-09-20T00:00:00 security flaw

FreeRADIUS before 1.0.1 allows remote attackers to cause a denial of service (server crash) by sending an Ascend-Send-Secret attribute without the required leading packet.

Red Hat Enterprise Linux 3 2004-11-12T00:00:00 RHSA-2004:609 freeradius-0:1.0.1-1.RHEL3 https://www.cve.org/CVERecord?id=CVE-2004-0938 https://nvd.nist.gov/vuln/detail/CVE-2004-0938 Moderate 2004-10-21T00:00:00 httpd mod_include SSI overflow

Buffer overflow in the get_tag function in mod_include for Apache 1.3.x to 1.3.32 allows local users who can create SSI documents to execute arbitrary code as the apache user via SSI (XSSI) documents that trigger a length calculation error.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2004-12-13T00:00:00 RHSA-2004:600 Red Hat Enterprise Linux ES version 2.1 2004-12-13T00:00:00 RHSA-2004:600 Red Hat Enterprise Linux WS version 2.1 2004-12-13T00:00:00 RHSA-2004:600 Red Hat Linux Advanced Workstation 2.1 2004-12-13T00:00:00 RHSA-2004:600 Red Hat Stronghold 4 2004-12-20T00:00:00 RHSA-2004:653 Stronghold 4.0 for Red Hat Enterprise Linux AS (version 2.1) 2005-11-02T00:00:00 RHSA-2005:816 https://www.cve.org/CVERecord?id=CVE-2004-0940 https://nvd.nist.gov/vuln/detail/CVE-2004-0940 Low 2004-11-10T00:00:00 gd: additional overflows

Multiple buffer overflows in the gd graphics library (libgd) 2.0.21 and earlier may allow remote attackers to execute arbitrary code via malformed image files that trigger the overflows due to improper calls to the gdMalloc function, a different set of vulnerabilities than CVE-2004-0990.

Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Red Hat Enterprise Linux 3 2004-12-17T00:00:00 RHSA-2004:638 gd-0:1.8.4-12.3.1 Red Hat Enterprise Linux 4 2006-02-01T00:00:00 RHSA-2006:0194 gd-0:2.0.28-4.4E.1 Red Hat Enterprise Linux 4 Will not fix libwmf Red Hat Enterprise Linux 5 Will not fix libwmf Red Hat Enterprise Linux 6 Will not fix libwmf https://www.cve.org/CVERecord?id=CVE-2004-0941 https://nvd.nist.gov/vuln/detail/CVE-2004-0941 Important 2004-11-01T00:00:00 security flaw

Apache webserver 2.0.52 and earlier allows remote attackers to cause a denial of service (CPU consumption) via an HTTP GET request with a MIME header containing multiple lines with a large number of space characters.

Red Hat Enterprise Linux 3 2004-11-12T00:00:00 RHSA-2004:562 httpd-0:2.0.46-44.ent https://www.cve.org/CVERecord?id=CVE-2004-0942 https://nvd.nist.gov/vuln/detail/CVE-2004-0942 2004-11-22T00:00:00 security flaw

rquotad in nfs-utils (rquota_server.c) before 1.0.6-r6 on 64-bit architectures does not properly perform an integer conversion, which leads to a stack-based buffer overflow and allows remote attackers to execute arbitrary code via a crafted NFS request.

Red Hat Enterprise Linux 3 2004-12-20T00:00:00 RHSA-2004:583 nfs-utils-0:1.0.6-33EL Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2005-01-12T00:00:00 RHSA-2005:014 Red Hat Enterprise Linux ES version 2.1 2005-01-12T00:00:00 RHSA-2005:014 Red Hat Enterprise Linux WS version 2.1 2005-01-12T00:00:00 RHSA-2005:014 Red Hat Linux Advanced Workstation 2.1 2005-01-12T00:00:00 RHSA-2005:014 https://www.cve.org/CVERecord?id=CVE-2004-0946 https://nvd.nist.gov/vuln/detail/CVE-2004-0946 Low 2004-11-09T00:00:00 security flaw

Buffer overflow in unarj before 2.63a-r2 allows remote attackers to execute arbitrary code via an arj archive that contains long filenames.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2005-01-12T00:00:00 RHSA-2005:007 Red Hat Enterprise Linux ES version 2.1 2005-01-12T00:00:00 RHSA-2005:007 Red Hat Enterprise Linux WS version 2.1 2005-01-12T00:00:00 RHSA-2005:007 Red Hat Linux Advanced Workstation 2.1 2005-01-12T00:00:00 RHSA-2005:007 https://www.cve.org/CVERecord?id=CVE-2004-0947 https://nvd.nist.gov/vuln/detail/CVE-2004-0947 Important 2004-11-12T00:00:00 security flaw

The smb_recv_trans2 function call in the samba filesystem (smbfs) in Linux kernel 2.4 and 2.6 does not properly handle the re-assembly of fragmented packets correctly, which could allow remote samba servers to (1) read arbitrary kernel information or (2) raise a counter value to an arbitrary number by sending the first part of the fragmented packet multiple times.

Red Hat Enterprise Linux 3 2004-12-02T00:00:00 RHSA-2004:549 kernel-0:2.4.21-20.0.1.EL Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2004-12-13T00:00:00 RHSA-2004:504 Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2004-12-13T00:00:00 RHSA-2004:505 Red Hat Enterprise Linux ES version 2.1 2004-12-13T00:00:00 RHSA-2004:505 Red Hat Enterprise Linux WS version 2.1 2004-12-13T00:00:00 RHSA-2004:505 Red Hat Linux Advanced Workstation 2.1 2004-12-13T00:00:00 RHSA-2004:504 https://www.cve.org/CVERecord?id=CVE-2004-0949 https://nvd.nist.gov/vuln/detail/CVE-2004-0949 2004-05-29T00:00:00 security flaw

Unknown vulnerability in MySQL 3.23.58 and earlier, when a local user has privileges for a database whose name includes a "_" (underscore), grants privileges to other databases that have similar names, which can allow the user to conduct unauthorized activities.

Red Hat Desktop version 3 Extras 2004-10-27T00:00:00 RHSA-2004:611 Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2004-10-20T00:00:00 RHSA-2004:597 Red Hat Enterprise Linux ES version 2.1 2004-10-20T00:00:00 RHSA-2004:597 Red Hat Enterprise Linux WS version 2.1 2004-10-20T00:00:00 RHSA-2004:597 Red Hat Linux Advanced Workstation 2.1 2004-10-20T00:00:00 RHSA-2004:597 https://www.cve.org/CVERecord?id=CVE-2004-0957 https://nvd.nist.gov/vuln/detail/CVE-2004-0957 2004-09-15T00:00:00 security flaw

php_variables.c in PHP before 5.0.2 allows remote attackers to read sensitive memory contents via (1) GET, (2) POST, or (3) COOKIE GPC variables that end in an open bracket character, which causes PHP to calculate an incorrect string length.

Red Hat Enterprise Linux 3 2004-12-21T00:00:00 RHSA-2004:687 php-0:4.3.2-19.ent https://www.cve.org/CVERecord?id=CVE-2004-0958 https://nvd.nist.gov/vuln/detail/CVE-2004-0958 2004-09-15T00:00:00 security flaw

rfc1867.c in PHP before 5.0.2 allows local users to upload files to arbitrary locations via a PHP script with a certain MIME header that causes the "$_FILES" array to be modified.

Red Hat Enterprise Linux 3 2004-12-21T00:00:00 RHSA-2004:687 php-0:4.3.2-19.ent https://www.cve.org/CVERecord?id=CVE-2004-0959 https://nvd.nist.gov/vuln/detail/CVE-2004-0959 2004-09-20T00:00:00 security flaw

FreeRADIUS before 1.0.1 allows remote attackers to cause a denial of service (core dump) via malformed USR vendor-specific attributes (VSA) that cause a memcpy operation with a -1 argument.

Red Hat Enterprise Linux 3 2004-11-12T00:00:00 RHSA-2004:609 freeradius-0:1.0.1-1.RHEL3 https://www.cve.org/CVERecord?id=CVE-2004-0960 https://nvd.nist.gov/vuln/detail/CVE-2004-0960 2004-09-20T00:00:00 security flaw

Memory leak in FreeRADIUS before 1.0.1 allows remote attackers to cause a denial of service (memory exhaustion) via a series of Access-Request packets with (1) Ascend-Send-Secret, (2) Ascend-Recv-Secret, or (3) Tunnel-Password attributes.

Red Hat Enterprise Linux 3 2004-11-12T00:00:00 RHSA-2004:609 freeradius-0:1.0.1-1.RHEL3 https://www.cve.org/CVERecord?id=CVE-2004-0961 https://nvd.nist.gov/vuln/detail/CVE-2004-0961 Low 2004-09-30T00:00:00 temporary file vulnerabilities in various ghostscript scripts.

The (1) pj-gs.sh, (2) ps2epsi, (3) pv.sh, and (4) sysvlp.sh scripts in the ESP Ghostscript (espgs) package in Trustix Secure Linux 1.5 through 2.1, and other operating systems, allow local users to overwrite files via a symlink attack on temporary files.

The Red Hat Product Security has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: https://access.redhat.com/security/updates/classification/ The risks associated with fixing this bug are greater than the low severity security risk. We therefore currently have no plans to fix this flaw in Red Hat Enterprise Linux 2.1 which is in maintenance mode. Red Hat Enterprise Linux 3 2005-09-28T00:00:00 RHSA-2005:081 ghostscript-0:7.05-32.1.10 https://www.cve.org/CVERecord?id=CVE-2004-0967 https://nvd.nist.gov/vuln/detail/CVE-2004-0967 Low 2004-09-30T00:00:00 security flaw

The catchsegv script in glibc 2.3.2 and earlier allows local users to overwrite files via a symlink attack on temporary files.

Red Hat Enterprise Linux 3 2004-12-20T00:00:00 RHSA-2004:586 glibc-0:2.3.2-95.30 Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2005-04-28T00:00:00 RHSA-2005:261 Red Hat Enterprise Linux ES version 2.1 2005-04-28T00:00:00 RHSA-2005:261 Red Hat Enterprise Linux WS version 2.1 2005-04-28T00:00:00 RHSA-2005:261 Red Hat Linux Advanced Workstation 2.1 2005-04-28T00:00:00 RHSA-2005:261 https://www.cve.org/CVERecord?id=CVE-2004-0968 https://nvd.nist.gov/vuln/detail/CVE-2004-0968 Low 2004-09-30T00:00:00 security flaw

The krb5-send-pr script in the kerberos5 (krb5) package in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files.

Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Red Hat Enterprise Linux 3 2005-01-19T00:00:00 RHSA-2005:012 krb5-0:1.2.7-38 https://www.cve.org/CVERecord?id=CVE-2004-0971 https://nvd.nist.gov/vuln/detail/CVE-2004-0971 Low 2004-09-30T00:00:00 security flaw

The lvmcreate_initrd script in the lvm package in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files.

Red Hat Desktop version 3 2004-09-01T00:00:00 RHBA-2004:232 Red Hat Enterprise Linux AS version 3 2004-09-01T00:00:00 RHBA-2004:232 Red Hat Enterprise Linux ES version 3 2004-09-01T00:00:00 RHBA-2004:232 Red Hat Enterprise Linux WS version 3 2004-09-01T00:00:00 RHBA-2004:232 https://www.cve.org/CVERecord?id=CVE-2004-0972 https://nvd.nist.gov/vuln/detail/CVE-2004-0972 Low 2004-09-30T00:00:00 security flaw

The der_chop script in the openssl package in Trustix Secure Linux 1.5 through 2.1 and other operating systems allows local users to overwrite files via a symlink attack on temporary files.

Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Red Hat Enterprise Linux 3 2005-06-01T00:00:00 RHSA-2005:476 openssl-0:0.9.7a-33.15 Red Hat Enterprise Linux 3 2005-06-01T00:00:00 RHSA-2005:476 openssl096b-0:0.9.6b-16.22.3 Red Hat Enterprise Linux 4 2005-06-01T00:00:00 RHSA-2005:476 openssl-0:0.9.7a-43.2 Red Hat Enterprise Linux 4 2005-06-01T00:00:00 RHSA-2005:476 openssl096b-0:0.9.6b-22.3 https://www.cve.org/CVERecord?id=CVE-2004-0975 https://nvd.nist.gov/vuln/detail/CVE-2004-0975 Low 2004-09-30T00:00:00 security flaw

Multiple scripts in the perl package in Trustix Secure Linux 1.5 through 2.1 and other operating systems allows local users to overwrite files via a symlink attack on temporary files.

Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=140058 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/ Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Red Hat Enterprise Linux 3 2005-12-20T00:00:00 RHSA-2005:881 perl-2:5.8.0-90.4 https://www.cve.org/CVERecord?id=CVE-2004-0976 https://nvd.nist.gov/vuln/detail/CVE-2004-0976 Low 2004-09-30T00:00:00 security flaw

The make_oidjoins_check script in PostgreSQL 7.4.5 and earlier allows local users to overwrite files via a symlink attack on temporary files.

Red Hat Enterprise Linux 3 2004-12-20T00:00:00 RHSA-2004:489 rh-postgresql-0:7.3.8-2 https://www.cve.org/CVERecord?id=CVE-2004-0977 https://nvd.nist.gov/vuln/detail/CVE-2004-0977 2004-10-06T00:00:00 security flaw

Buffer overflow in the EXIF parsing routine in ImageMagick before 6.1.0 allows remote attackers to execute arbitrary code via a certain image file.

Red Hat Enterprise Linux 3 2004-12-08T00:00:00 RHSA-2004:636 ImageMagick-0:5.5.6-7 https://www.cve.org/CVERecord?id=CVE-2004-0981 https://nvd.nist.gov/vuln/detail/CVE-2004-0981 2004-11-08T00:00:00 security flaw

The CGI module in Ruby 1.6 before 1.6.8, and 1.8 before 1.8.2, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a certain HTTP request.

Red Hat Enterprise Linux 3 2004-12-13T00:00:00 RHSA-2004:635 ruby-0:1.6.8-9.EL3.3 https://www.cve.org/CVERecord?id=CVE-2004-0983 https://nvd.nist.gov/vuln/detail/CVE-2004-0983 Moderate 2004-10-26T00:00:00 libxml2 various overflows

Multiple buffer overflows in libXML 2.6.12 and 2.6.13 (libxml2), and possibly other versions, may allow remote attackers to execute arbitrary code via (1) a long FTP URL that is not properly handled by the xmlNanoFTPScanURL function, (2) a long proxy URL containing FTP data that is not properly handled by the xmlNanoFTPScanProxy function, and other overflows related to manipulation of DNS length values, including (3) xmlNanoFTPConnect, (4) xmlNanoHTTPConnectHost, and (5) xmlNanoHTTPConnectHost.

Red Hat Enterprise Linux 3 2004-11-12T00:00:00 RHSA-2004:615 libxml2-0:2.5.10-7 Red Hat Enterprise Linux 3 2004-12-16T00:00:00 RHSA-2004:650 libxml-1:1.8.17-9.2 https://www.cve.org/CVERecord?id=CVE-2004-0989 https://nvd.nist.gov/vuln/detail/CVE-2004-0989 Important 2004-10-26T00:00:00 security flaw

Integer overflow in GD Graphics Library libgd 2.0.28 (libgd2), and possibly other versions, allows remote attackers to cause a denial of service and possibly execute arbitrary code via PNG image files with large image rows values that lead to a heap-based buffer overflow in the gdImageCreateFromPngCtx function, a different set of vulnerabilities than CVE-2004-0941.

Red Hat Enterprise Linux 3 2004-12-17T00:00:00 RHSA-2004:638 gd-0:1.8.4-12.3.1 https://www.cve.org/CVERecord?id=CVE-2004-0990 https://nvd.nist.gov/vuln/detail/CVE-2004-0990

main.c in cscope 15-4 and 15-5 creates temporary files with predictable filenames, which allows local users to overwrite arbitrary files via a symlink attack.

Not vulnerable. cscope packages shipped with Red Hat Enterprise Linux 3, 4, and 5 contain a backported patch since their first release. https://www.cve.org/CVERecord?id=CVE-2004-0996 https://nvd.nist.gov/vuln/detail/CVE-2004-0996

Integer underflow in pppd in cbcp.c for ppp 2.4.1 allows remote attackers to cause a denial of service (daemon crash) via a CBCP packet with an invalid length value that causes pppd to access an incorrect memory location.

This issue is only will only cause a denial of service on the connection the attacker is using. It therefore is not a security issue. https://www.cve.org/CVERecord?id=CVE-2004-1002 https://nvd.nist.gov/vuln/detail/CVE-2004-1002 Important 2005-02-14T00:00:00 security flaw

Multiple format string vulnerabilities in Midnight Commander (mc) 4.5.55 and earlier allow remote attackers to have an unknown impact.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2005-03-04T00:00:00 RHSA-2005:217 Red Hat Enterprise Linux WS version 2.1 2005-03-04T00:00:00 RHSA-2005:217 Red Hat Linux Advanced Workstation 2.1 2005-03-04T00:00:00 RHSA-2005:217 https://www.cve.org/CVERecord?id=CVE-2004-1004 https://nvd.nist.gov/vuln/detail/CVE-2004-1004 Important 2005-02-14T00:00:00 security flaw

Multiple buffer overflows in Midnight Commander (mc) 4.5.55 and earlier allow remote attackers to have an unknown impact.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2005-03-04T00:00:00 RHSA-2005:217 Red Hat Enterprise Linux WS version 2.1 2005-03-04T00:00:00 RHSA-2005:217 Red Hat Linux Advanced Workstation 2.1 2005-03-04T00:00:00 RHSA-2005:217 https://www.cve.org/CVERecord?id=CVE-2004-1005 https://nvd.nist.gov/vuln/detail/CVE-2004-1005 Moderate 2004-11-02T00:00:00 security flaw

Format string vulnerability in the log functions in dhcpd for dhcp 2.x allows remote DNS servers to execute arbitrary code via certain DNS messages, a different vulnerability than CVE-2002-0702.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2005-04-12T00:00:00 RHSA-2005:212 Red Hat Enterprise Linux ES version 2.1 2005-04-12T00:00:00 RHSA-2005:212 Red Hat Linux Advanced Workstation 2.1 2005-04-12T00:00:00 RHSA-2005:212 https://www.cve.org/CVERecord?id=CVE-2004-1006 https://nvd.nist.gov/vuln/detail/CVE-2004-1006 Low 2005-01-14T00:00:00 security flaw

Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service (infinite loop) via unknown attack vectors.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2005-06-16T00:00:00 RHSA-2005:512 Red Hat Enterprise Linux WS version 2.1 2005-06-16T00:00:00 RHSA-2005:512 Red Hat Linux Advanced Workstation 2.1 2005-06-16T00:00:00 RHSA-2005:512 https://www.cve.org/CVERecord?id=CVE-2004-1009 https://nvd.nist.gov/vuln/detail/CVE-2004-1009 Low 2004-11-03T00:00:00 security flaw

Buffer overflow in Info-Zip 2.3 and possibly earlier versions, when using recursive folder compression, allows remote attackers to execute arbitrary code via a ZIP file containing a long pathname.

Red Hat Enterprise Linux 3 2004-12-16T00:00:00 RHSA-2004:634 zip-0:2.3-16.1 https://www.cve.org/CVERecord?id=CVE-2004-1010 https://nvd.nist.gov/vuln/detail/CVE-2004-1010 Important 2004-12-01T00:00:00 security flaw

statd in nfs-utils 1.257 and earlier does not ignore the SIGPIPE signal, which allows remote attackers to cause a denial of service (server process crash) via a TCP connection that is prematurely terminated.

Red Hat Enterprise Linux 3 2004-12-20T00:00:00 RHSA-2004:583 nfs-utils-0:1.0.6-33EL Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2005-01-12T00:00:00 RHSA-2005:014 Red Hat Enterprise Linux ES version 2.1 2005-01-12T00:00:00 RHSA-2005:014 Red Hat Enterprise Linux WS version 2.1 2005-01-12T00:00:00 RHSA-2005:014 Red Hat Linux Advanced Workstation 2.1 2005-01-12T00:00:00 RHSA-2005:014 https://www.cve.org/CVERecord?id=CVE-2004-1014 https://nvd.nist.gov/vuln/detail/CVE-2004-1014 Important 2004-12-08T00:00:00 security flaw

The scm_send function in the scm layer for Linux kernel 2.4.x up to 2.4.28, and 2.6.x up to 2.6.9, allows local users to cause a denial of service (system hang) via crafted auxiliary messages that are passed to the sendmsg function, which causes a deadlock condition.

Red Hat Enterprise Linux 3 2004-12-23T00:00:00 RHSA-2004:689 kernel-0:2.4.21-27.0.1.EL Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2005-01-21T00:00:00 RHSA-2005:016 Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2005-01-21T00:00:00 RHSA-2005:017 Red Hat Enterprise Linux ES version 2.1 2005-01-21T00:00:00 RHSA-2005:016 Red Hat Enterprise Linux WS version 2.1 2005-01-21T00:00:00 RHSA-2005:016 Red Hat Linux Advanced Workstation 2.1 2005-01-21T00:00:00 RHSA-2005:017 https://www.cve.org/CVERecord?id=CVE-2004-1016 https://nvd.nist.gov/vuln/detail/CVE-2004-1016 Moderate 2004-11-26T00:00:00 security flaw

Multiple "overflows" in the io_edgeport driver for Linux kernel 2.4.x have unknown impact and unknown attack vectors.

Red Hat Enterprise Linux 3 2004-12-23T00:00:00 RHSA-2004:689 kernel-0:2.4.21-27.0.1.EL Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2005-01-21T00:00:00 RHSA-2005:016 Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2005-01-21T00:00:00 RHSA-2005:017 Red Hat Enterprise Linux ES version 2.1 2005-01-21T00:00:00 RHSA-2005:016 Red Hat Enterprise Linux WS version 2.1 2005-01-21T00:00:00 RHSA-2005:016 Red Hat Linux Advanced Workstation 2.1 2005-01-21T00:00:00 RHSA-2005:017 https://www.cve.org/CVERecord?id=CVE-2004-1017 https://nvd.nist.gov/vuln/detail/CVE-2004-1017 Low 2004-12-15T00:00:00 security flaw

Multiple integer handling errors in PHP before 4.3.10 allow attackers to bypass safe mode restrictions, cause a denial of service, or execute arbitrary code via (1) a negative offset value to the shmop_write function, (2) an "integer overflow/underflow" in the pack function, or (3) an "integer overflow/underflow" in the unpack function. NOTE: this issue was originally REJECTed by its CNA before publication, but that decision is in active dispute. This candidate may change significantly in the future as a result of further discussion.

Red Hat Enterprise Linux 3 2004-12-21T00:00:00 RHSA-2004:687 php-0:4.3.2-19.ent Red Hat Enterprise Linux 4 2005-02-15T00:00:00 RHSA-2005:032 php-0:4.3.9-3.2 Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2005-01-19T00:00:00 RHSA-2005:031 Red Hat Enterprise Linux ES version 2.1 2005-01-19T00:00:00 RHSA-2005:031 Red Hat Enterprise Linux WS version 2.1 2005-01-19T00:00:00 RHSA-2005:031 Red Hat Linux Advanced Workstation 2.1 2005-01-19T00:00:00 RHSA-2005:031 Red Hat Stronghold 4 2005-12-19T00:00:00 RHSA-2005:882 Stronghold 4.0 for Red Hat Enterprise Linux AS (version 2.1) 2005-11-02T00:00:00 RHSA-2005:816 https://www.cve.org/CVERecord?id=CVE-2004-1018 https://nvd.nist.gov/vuln/detail/CVE-2004-1018 Important 2004-12-15T00:00:00 security flaw

The deserialization code in PHP before 4.3.10 and PHP 5.x up to 5.0.2 allows remote attackers to cause a denial of service and execute arbitrary code via untrusted data to the unserialize function that may trigger "information disclosure, double-free and negative reference index array underflow" results.

Red Hat Enterprise Linux 3 2004-12-21T00:00:00 RHSA-2004:687 php-0:4.3.2-19.ent Red Hat Enterprise Linux 4 2005-02-15T00:00:00 RHSA-2005:032 php-0:4.3.9-3.2 Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2005-01-19T00:00:00 RHSA-2005:031 Red Hat Enterprise Linux ES version 2.1 2005-01-19T00:00:00 RHSA-2005:031 Red Hat Enterprise Linux WS version 2.1 2005-01-19T00:00:00 RHSA-2005:031 Red Hat Linux Advanced Workstation 2.1 2005-01-19T00:00:00 RHSA-2005:031 Red Hat Stronghold 4 2005-12-19T00:00:00 RHSA-2005:882 Stronghold 4.0 for Red Hat Enterprise Linux AS (version 2.1) 2005-11-02T00:00:00 RHSA-2005:816 https://www.cve.org/CVERecord?id=CVE-2004-1019 https://nvd.nist.gov/vuln/detail/CVE-2004-1019

The addslashes function in PHP 4.3.9 does not properly escape a NULL (/0) character, which may allow remote attackers to read arbitrary files in PHP applications that contain a directory traversal vulnerability in require or include statements, but are otherwise protected by the magic_quotes_gpc mechanism. NOTE: this issue was originally REJECTed by its CNA before publication, but that decision is in active dispute. This candidate may change significantly in the future as a result of further discussion.

Red Hat does not consider this issue to be a security vulnerability since no trust boundary is crossed. There are no known uses of this function which could allow a remote attacker to execute arbitrary code. https://www.cve.org/CVERecord?id=CVE-2004-1020 https://nvd.nist.gov/vuln/detail/CVE-2004-1020 Moderate 2004-09-16T00:00:00 security flaw

Multiple heap-based buffer overflows in imlib 1.9.14 and earlier, which is used by gkrellm and several window managers, allow remote attackers to cause a denial of service (application crash) and execute arbitrary code via certain image files.

Red Hat Enterprise Linux 3 2004-12-10T00:00:00 RHSA-2004:651 imlib-1:1.9.13-13.4 https://www.cve.org/CVERecord?id=CVE-2004-1025 https://nvd.nist.gov/vuln/detail/CVE-2004-1025 Moderate 2004-09-16T00:00:00 security flaw

Multiple integer overflows in the image handler for imlib 1.9.14 and earlier, which is used by gkrellm and several window managers, allow remote attackers to cause a denial of service (application crash) and execute arbitrary code via certain image files.

Red Hat Enterprise Linux 3 2004-12-10T00:00:00 RHSA-2004:651 imlib-1:1.9.13-13.4 https://www.cve.org/CVERecord?id=CVE-2004-1026 https://nvd.nist.gov/vuln/detail/CVE-2004-1026 Low 2004-11-09T00:00:00 security flaw

Directory traversal vulnerability in the -x (extract) command line option in unarj allows remote attackers to overwrite arbitrary files via an arj archive with filenames that contain .. (dot dot) sequences.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2005-01-12T00:00:00 RHSA-2005:007 Red Hat Enterprise Linux ES version 2.1 2005-01-12T00:00:00 RHSA-2005:007 Red Hat Enterprise Linux WS version 2.1 2005-01-12T00:00:00 RHSA-2005:007 Red Hat Linux Advanced Workstation 2.1 2005-01-12T00:00:00 RHSA-2005:007 https://www.cve.org/CVERecord?id=CVE-2004-1027 https://nvd.nist.gov/vuln/detail/CVE-2004-1027 Moderate 2004-11-10T00:00:00 security flaw

Cross-site scripting (XSS) vulnerability in the decoding of encoded text in certain headers in mime.php for SquirrelMail 1.4.3a and earlier, and 1.5.1-cvs before 23rd October 2004, allows remote attackers to execute arbitrary web script or HTML.

Red Hat Enterprise Linux 3 2004-12-23T00:00:00 RHSA-2004:654 squirrelmail-0:1.4.3a-7.EL3 https://www.cve.org/CVERecord?id=CVE-2004-1036 https://nvd.nist.gov/vuln/detail/CVE-2004-1036 Low 2004-11-11T00:00:00 CVE-2004-1051 bash scripts run via Sudo can be subverted (CVE-2005-4158, CVE-2006-0151)

sudo before 1.6.8p2 allows local users to execute arbitrary commands by using "()" style environment variables to create functions that have the same name as any program within the bash script that is called without using the program's full pathname.

We do not consider this to be a security issue: http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=139478#c1 https://www.cve.org/CVERecord?id=CVE-2004-1051 https://nvd.nist.gov/vuln/detail/CVE-2004-1051 Important 2004-12-14T00:00:00 security flaw

Direct Rendering Manager (DRM) driver in Linux kernel 2.6 does not properly check the DMA lock, which could allow remote attackers or local users to cause a denial of service (X Server crash) and possibly modify the video output.

Red Hat Enterprise Linux 3 2005-09-28T00:00:00 RHSA-2005:663 kernel-0:2.4.21-37.EL Red Hat Enterprise Linux 4 2005-02-18T00:00:00 RHSA-2005:092 kernel-0:2.6.9-5.0.3.EL Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2005-08-25T00:00:00 RHSA-2005:529 Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2005-08-25T00:00:00 RHSA-2005:551 Red Hat Enterprise Linux ES version 2.1 2005-08-25T00:00:00 RHSA-2005:529 Red Hat Enterprise Linux WS version 2.1 2005-08-25T00:00:00 RHSA-2005:529 Red Hat Linux Advanced Workstation 2.1 2005-08-25T00:00:00 RHSA-2005:551 https://www.cve.org/CVERecord?id=CVE-2004-1056 https://nvd.nist.gov/vuln/detail/CVE-2004-1056 Moderate 2005-01-07T00:00:00 security flaw

Multiple drivers in Linux kernel 2.4.19 and earlier do not properly mark memory with the VM_IO flag, which causes incorrect reference counts and may lead to a denial of service (kernel panic) when accessing freed kernel pages.

Red Hat Enterprise Linux 3 2006-01-19T00:00:00 RHSA-2006:0140 kernel-0:2.4.21-37.0.1.EL Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2005-01-21T00:00:00 RHSA-2005:016 Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2005-01-21T00:00:00 RHSA-2005:017 Red Hat Enterprise Linux ES version 2.1 2005-01-21T00:00:00 RHSA-2005:016 Red Hat Enterprise Linux WS version 2.1 2005-01-21T00:00:00 RHSA-2005:016 Red Hat Linux Advanced Workstation 2.1 2005-01-21T00:00:00 RHSA-2005:017 https://www.cve.org/CVERecord?id=CVE-2004-1057 https://nvd.nist.gov/vuln/detail/CVE-2004-1057 Low 2004-08-23T00:00:00 security flaw

Race condition in Linux kernel 2.6 allows local users to read the environment variables of another process that is still spawning via /proc/.../cmdline.

Red Hat Enterprise Linux 3 2005-04-22T00:00:00 RHSA-2005:293 kernel-0:2.4.21-27.0.4.EL Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2006-02-01T00:00:00 RHSA-2006:0190 Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2006-02-01T00:00:00 RHSA-2006:0191 Red Hat Enterprise Linux ES version 2.1 2006-02-01T00:00:00 RHSA-2006:0191 Red Hat Enterprise Linux WS version 2.1 2006-02-01T00:00:00 RHSA-2006:0191 Red Hat Linux Advanced Workstation 2.1 2006-02-01T00:00:00 RHSA-2006:0190 https://www.cve.org/CVERecord?id=CVE-2004-1058 https://nvd.nist.gov/vuln/detail/CVE-2004-1058

PHP 4.x to 4.3.9, and PHP 5.x to 5.0.2, when running in safe mode on a multithreaded Unix webserver, allows local users to bypass safe_mode_exec_dir restrictions and execute commands outside of the intended safe_mode_exec_dir via shell metacharacters in the current directory name. NOTE: this issue was originally REJECTed by its CNA before publication, but that decision is in active dispute. This candidate may change significantly in the future as a result of further discussion.

We do not consider safe_mode / open_basedir restriction bypass issues being security sensitive. For more details see http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1 and http://www.php.net/security-note.php https://www.cve.org/CVERecord?id=CVE-2004-1063 https://nvd.nist.gov/vuln/detail/CVE-2004-1063

The safe mode checks in PHP 4.x to 4.3.9 and PHP 5.x to 5.0.2 truncate the file path before passing the data to the realpath function, which could allow attackers to bypass safe mode. NOTE: this issue was originally REJECTed by its CNA before publication, but that decision is in active dispute. This candidate may change significantly in the future as a result of further discussion.

We do not consider safe_mode / open_basedir restriction bypass issues being security sensitive. For more details see http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1 and http://www.php.net/security-note.php https://www.cve.org/CVERecord?id=CVE-2004-1064 https://nvd.nist.gov/vuln/detail/CVE-2004-1064 Important 2004-12-15T00:00:00 security flaw

Buffer overflow in the exif_read_data function in PHP before 4.3.10 and PHP 5.x up to 5.0.2 allows remote attackers to execute arbitrary code via a long section name in an image file.

Red Hat Enterprise Linux 3 2004-12-21T00:00:00 RHSA-2004:687 php-0:4.3.2-19.ent Red Hat Enterprise Linux 4 2005-02-15T00:00:00 RHSA-2005:032 php-0:4.3.9-3.2 https://www.cve.org/CVERecord?id=CVE-2004-1065 https://nvd.nist.gov/vuln/detail/CVE-2004-1065 Important 2004-11-15T00:00:00 security flaw

A "missing serialization" error in the unix_dgram_recvmsg function in Linux 2.4.27 and earlier, and 2.6.x up to 2.6.9, allows local users to gain privileges via a race condition.

Red Hat Enterprise Linux 3 2004-12-02T00:00:00 RHSA-2004:549 kernel-0:2.4.21-20.0.1.EL Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2004-12-13T00:00:00 RHSA-2004:504 Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2004-12-13T00:00:00 RHSA-2004:505 Red Hat Enterprise Linux ES version 2.1 2004-12-13T00:00:00 RHSA-2004:505 Red Hat Enterprise Linux WS version 2.1 2004-12-13T00:00:00 RHSA-2004:505 Red Hat Linux Advanced Workstation 2.1 2004-12-13T00:00:00 RHSA-2004:504 https://www.cve.org/CVERecord?id=CVE-2004-1068 https://nvd.nist.gov/vuln/detail/CVE-2004-1068 Important 2004-11-10T00:00:00 security flaw

The load_elf_binary function in the binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, does not properly check return values from calls to the kernel_read function, which may allow local users to modify sensitive memory in a setuid program and execute arbitrary code.

Red Hat Enterprise Linux 3 2004-12-02T00:00:00 RHSA-2004:549 kernel-0:2.4.21-20.0.1.EL Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2004-12-13T00:00:00 RHSA-2004:504 Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2004-12-13T00:00:00 RHSA-2004:505 Red Hat Enterprise Linux ES version 2.1 2004-12-13T00:00:00 RHSA-2004:505 Red Hat Enterprise Linux WS version 2.1 2004-12-13T00:00:00 RHSA-2004:505 Red Hat Linux Advanced Workstation 2.1 2004-12-13T00:00:00 RHSA-2004:504 https://www.cve.org/CVERecord?id=CVE-2004-1070 https://nvd.nist.gov/vuln/detail/CVE-2004-1070 Important 2004-11-10T00:00:00 security flaw

The binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, does not properly handle a failed call to the mmap function, which causes an incorrect mapped image and may allow local users to execute arbitrary code.

Red Hat Enterprise Linux 3 2004-12-02T00:00:00 RHSA-2004:549 kernel-0:2.4.21-20.0.1.EL Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2004-12-13T00:00:00 RHSA-2004:504 Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2004-12-13T00:00:00 RHSA-2004:505 Red Hat Enterprise Linux ES version 2.1 2004-12-13T00:00:00 RHSA-2004:505 Red Hat Enterprise Linux WS version 2.1 2004-12-13T00:00:00 RHSA-2004:505 Red Hat Linux Advanced Workstation 2.1 2004-12-13T00:00:00 RHSA-2004:504 https://www.cve.org/CVERecord?id=CVE-2004-1071 https://nvd.nist.gov/vuln/detail/CVE-2004-1071 Important 2004-11-10T00:00:00 security flaw

The binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, may create an interpreter name string that is not NULL terminated, which could cause strings longer than PATH_MAX to be used, leading to buffer overflows that allow local users to cause a denial of service (hang) and possibly execute arbitrary code.

Red Hat Desktop version 3 Extras 2005-05-18T00:00:00 RHSA-2005:275 Red Hat Enterprise Linux 3 2004-12-02T00:00:00 RHSA-2004:549 kernel-0:2.4.21-20.0.1.EL Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2004-12-13T00:00:00 RHSA-2004:504 Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2004-12-13T00:00:00 RHSA-2004:505 Red Hat Enterprise Linux ES version 2.1 2004-12-13T00:00:00 RHSA-2004:505 Red Hat Enterprise Linux WS version 2.1 2004-12-13T00:00:00 RHSA-2004:505 Red Hat Linux Advanced Workstation 2.1 2004-12-13T00:00:00 RHSA-2004:504 https://www.cve.org/CVERecord?id=CVE-2004-1072 https://nvd.nist.gov/vuln/detail/CVE-2004-1072 Moderate 2004-11-10T00:00:00 security flaw

The open_exec function in the execve functionality (exec.c) in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, allows local users to read non-readable ELF binaries by using the interpreter (PT_INTERP) functionality.

Red Hat Enterprise Linux 3 2004-12-02T00:00:00 RHSA-2004:549 kernel-0:2.4.21-20.0.1.EL Red Hat Enterprise Linux 3 2005-04-22T00:00:00 RHSA-2005:293 kernel-0:2.4.21-27.0.4.EL Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2004-12-13T00:00:00 RHSA-2004:504 Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2004-12-13T00:00:00 RHSA-2004:505 Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2006-02-01T00:00:00 RHSA-2006:0190 Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2006-02-01T00:00:00 RHSA-2006:0191 Red Hat Enterprise Linux ES version 2.1 2004-12-13T00:00:00 RHSA-2004:505 Red Hat Enterprise Linux ES version 2.1 2006-02-01T00:00:00 RHSA-2006:0191 Red Hat Enterprise Linux WS version 2.1 2004-12-13T00:00:00 RHSA-2004:505 Red Hat Enterprise Linux WS version 2.1 2006-02-01T00:00:00 RHSA-2006:0191 Red Hat Linux Advanced Workstation 2.1 2004-12-13T00:00:00 RHSA-2004:504 Red Hat Linux Advanced Workstation 2.1 2006-02-01T00:00:00 RHSA-2006:0190 https://www.cve.org/CVERecord?id=CVE-2004-1073 https://nvd.nist.gov/vuln/detail/CVE-2004-1073 Important 2004-11-11T00:00:00 security flaw

The binfmt functionality in the Linux kernel, when "memory overcommit" is enabled, allows local users to cause a denial of service (kernel oops) via a malformed a.out binary.

Red Hat Enterprise Linux 3 2005-01-18T00:00:00 RHSA-2005:043 kernel-0:2.4.21-27.0.2.EL https://www.cve.org/CVERecord?id=CVE-2004-1074 https://nvd.nist.gov/vuln/detail/CVE-2004-1074 Low 2005-01-14T00:00:00 security flaw

Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service via "a corrupt section header."

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2005-06-16T00:00:00 RHSA-2005:512 Red Hat Enterprise Linux WS version 2.1 2005-06-16T00:00:00 RHSA-2005:512 Red Hat Linux Advanced Workstation 2.1 2005-06-16T00:00:00 RHSA-2005:512 https://www.cve.org/CVERecord?id=CVE-2004-1090 https://nvd.nist.gov/vuln/detail/CVE-2004-1090 Low 2005-01-14T00:00:00 security flaw

Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service by triggering a null dereference.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2005-06-16T00:00:00 RHSA-2005:512 Red Hat Enterprise Linux WS version 2.1 2005-06-16T00:00:00 RHSA-2005:512 Red Hat Linux Advanced Workstation 2.1 2005-06-16T00:00:00 RHSA-2005:512 https://www.cve.org/CVERecord?id=CVE-2004-1091 https://nvd.nist.gov/vuln/detail/CVE-2004-1091 Low 2005-01-14T00:00:00 security flaw

Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service via "use of already freed memory."

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2005-06-16T00:00:00 RHSA-2005:512 Red Hat Enterprise Linux WS version 2.1 2005-06-16T00:00:00 RHSA-2005:512 Red Hat Linux Advanced Workstation 2.1 2005-06-16T00:00:00 RHSA-2005:512 https://www.cve.org/CVERecord?id=CVE-2004-1093 https://nvd.nist.gov/vuln/detail/CVE-2004-1093 Moderate 2004-12-21T00:00:00 security flaw

Buffer overflow in the Gfx::doImage function in Gfx.cc for xpdf 3.00, and other products that share code such as tetex-bin and kpdf in KDE 3.2.x to 3.2.3 and 3.3.x to 3.3.2, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted PDF file that causes the boundaries of a maskColors array to be exceeded.

Red Hat Enterprise Linux 3 2005-01-12T00:00:00 RHSA-2005:013 cups-1:1.1.17-13.3.22 Red Hat Enterprise Linux 3 2005-01-12T00:00:00 RHSA-2005:018 xpdf-1:2.02-9.4 Red Hat Enterprise Linux 3 2005-04-01T00:00:00 RHSA-2005:354 tetex-0:1.0.7-67.7 Red Hat Enterprise Linux 4 2005-03-16T00:00:00 RHSA-2005:026 tetex-0:2.0.2-22.EL4.4 Red Hat Enterprise Linux 4 2005-02-15T00:00:00 RHSA-2005:034 xpdf-1:3.00-11.5 Red Hat Enterprise Linux 4 2005-02-15T00:00:00 RHSA-2005:053 cups-1:1.1.22-0.rc1.9.6 Red Hat Enterprise Linux 4 2005-02-15T00:00:00 RHSA-2005:057 gpdf-0:2.8.2-4.3 Red Hat Enterprise Linux 4 2005-02-15T00:00:00 RHSA-2005:066 kdegraphics-7:3.3.1-3.3 https://www.cve.org/CVERecord?id=CVE-2004-1125 https://nvd.nist.gov/vuln/detail/CVE-2004-1125 Important 2004-12-14T00:00:00 security flaw

Multiple vulnerabilities in the IGMP functionality for Linux kernel 2.4.22 to 2.4.28, and 2.6.x to 2.6.9, allow local and remote attackers to cause a denial of service or execute arbitrary code via (1) the ip_mc_source function, which decrements a counter to -1, or (2) the igmp_marksources function, which does not properly validate IGMP message parameters and performs an out-of-bounds read.

Red Hat Enterprise Linux 3 2004-12-23T00:00:00 RHSA-2004:689 kernel-0:2.4.21-27.0.1.EL Red Hat Enterprise Linux 4 2005-02-18T00:00:00 RHSA-2005:092 kernel-0:2.6.9-5.0.3.EL https://www.cve.org/CVERecord?id=CVE-2004-1137 https://nvd.nist.gov/vuln/detail/CVE-2004-1137 Low 2004-12-15T00:00:00 security flaw

VIM before 6.3 and gVim before 6.3 allow local users to execute arbitrary commands via a file containing a crafted modeline that is executed when the file is viewed using options such as (1) termcap, (2) printdevice, (3) titleold, (4) filetype, (5) syntax, (6) backupext, (7) keymap, (8) patchmode, or (9) langmenu.

Red Hat Enterprise Linux 3 2005-01-05T00:00:00 RHSA-2005:010 vim-1:6.3.046-0.30E.1 Red Hat Enterprise Linux 4 2005-02-15T00:00:00 RHSA-2005:036 vim-1:6.3.046-0.40E.4 https://www.cve.org/CVERecord?id=CVE-2004-1138 https://nvd.nist.gov/vuln/detail/CVE-2004-1138 Moderate 2004-12-15T00:00:00 security flaw

Unknown vulnerability in the DICOM dissector in Ethereal 0.10.4 through 0.10.7 allows remote attackers to cause a denial of service (application crash).

Red Hat Enterprise Linux 3 2005-02-02T00:00:00 RHSA-2005:011 ethereal-0:0.10.9-1.EL3.1 https://www.cve.org/CVERecord?id=CVE-2004-1139 https://nvd.nist.gov/vuln/detail/CVE-2004-1139 Moderate 2004-12-15T00:00:00 security flaw

Ethereal 0.9.0 through 0.10.7 allows remote attackers to cause a denial of service (application hang) and possibly fill available disk space via an invalid RTP timestamp.

Red Hat Enterprise Linux 3 2005-02-02T00:00:00 RHSA-2005:011 ethereal-0:0.10.9-1.EL3.1 https://www.cve.org/CVERecord?id=CVE-2004-1140 https://nvd.nist.gov/vuln/detail/CVE-2004-1140 Moderate 2004-12-15T00:00:00 security flaw

The HTTP dissector in Ethereal 0.10.1 through 0.10.7 allows remote attackers to cause a denial of service (application crash) via a certain packet that causes the dissector to access previously-freed memory.

Red Hat Enterprise Linux 3 2005-02-02T00:00:00 RHSA-2005:011 ethereal-0:0.10.9-1.EL3.1 https://www.cve.org/CVERecord?id=CVE-2004-1141 https://nvd.nist.gov/vuln/detail/CVE-2004-1141 Moderate 2004-12-15T00:00:00 security flaw

Ethereal 0.9.0 through 0.10.7 allows remote attackers to cause a denial of service (CPU consumption) via a certain malformed SMB packet.

Red Hat Enterprise Linux 3 2005-02-02T00:00:00 RHSA-2005:011 ethereal-0:0.10.9-1.EL3.1 https://www.cve.org/CVERecord?id=CVE-2004-1142 https://nvd.nist.gov/vuln/detail/CVE-2004-1142 Important 2004-12-22T00:00:00 security flaw

Unknown vulnerability in the 32bit emulation code in Linux 2.4 on AMD64 systems allows local users to gain privileges.

Red Hat Enterprise Linux 3 2004-12-23T00:00:00 RHSA-2004:689 kernel-0:2.4.21-27.0.1.EL https://www.cve.org/CVERecord?id=CVE-2004-1144 https://nvd.nist.gov/vuln/detail/CVE-2004-1144 Important 2004-12-20T00:00:00 security flaw

Multiple vulnerabilities in Konqueror in KDE 3.3.1 and earlier (1) allow access to restricted Java classes via JavaScript and (2) do not properly restrict access to certain Java classes from the Java applet, which allows remote attackers to bypass sandbox restrictions and read or write arbitrary files.

Red Hat Enterprise Linux 4 2005-02-15T00:00:00 RHSA-2005:065 kdelibs-6:3.3.1-3.3 https://www.cve.org/CVERecord?id=CVE-2004-1145 https://nvd.nist.gov/vuln/detail/CVE-2004-1145 Important 2004-12-12T00:00:00 security flaw

Buffer overflow in the mailListIsPdf function in Adobe Acrobat Reader 5.09 for Unix allows remote attackers to execute arbitrary code via an e-mail message with a crafted PDF attachment.

Red Hat Desktop version 3 Extras 2004-12-23T00:00:00 RHSA-2004:674 https://www.cve.org/CVERecord?id=CVE-2004-1152 https://nvd.nist.gov/vuln/detail/CVE-2004-1152 Important 2004-12-16T00:00:00 security flaw

Integer overflow in the Samba daemon (smbd) in Samba 2.x and 3.0.x through 3.0.9 allows remote authenticated users to cause a denial of service (application crash) and possibly execute arbitrary code via a Samba request with a large number of security descriptors that triggers a heap-based buffer overflow.

Red Hat Enterprise Linux 3 2004-12-16T00:00:00 RHSA-2004:670 samba-0:3.0.9-1.3E.1 Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2004-12-21T00:00:00 RHSA-2004:681 Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2005-01-05T00:00:00 RHSA-2005:020 Red Hat Enterprise Linux ES version 2.1 2004-12-21T00:00:00 RHSA-2004:681 Red Hat Enterprise Linux ES version 2.1 2005-01-05T00:00:00 RHSA-2005:020 Red Hat Enterprise Linux WS version 2.1 2004-12-21T00:00:00 RHSA-2004:681 Red Hat Enterprise Linux WS version 2.1 2005-01-05T00:00:00 RHSA-2005:020 Red Hat Linux Advanced Workstation 2.1 2004-12-21T00:00:00 RHSA-2004:681 Red Hat Linux Advanced Workstation 2.1 2005-01-05T00:00:00 RHSA-2005:020 https://www.cve.org/CVERecord?id=CVE-2004-1154 https://nvd.nist.gov/vuln/detail/CVE-2004-1154 Important 2004-12-08T00:00:00 security flaw

Mozilla before 1.7.6, and Firefox before 1.0.1, allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the "window injection" vulnerability.

Red Hat Enterprise Linux 4 2005-03-01T00:00:00 RHSA-2005:176 firefox-0:1.0.1-1.4.3 https://www.cve.org/CVERecord?id=CVE-2004-1156 https://nvd.nist.gov/vuln/detail/CVE-2004-1156 Important 2004-12-08T00:00:00 security flaw

Konqueror 3.x up to 3.2.2-6, and possibly other versions, allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window or tab whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the "window injection" vulnerability.

Red Hat Enterprise Linux 3 2005-02-10T00:00:00 RHSA-2005:009 kdebase-6:3.1.3-5.8 Red Hat Enterprise Linux 3 2005-02-10T00:00:00 RHSA-2005:009 kdelibs-6:3.1.3-6.9 https://www.cve.org/CVERecord?id=CVE-2004-1158 https://nvd.nist.gov/vuln/detail/CVE-2004-1158 2004-12-05T00:00:00 security flaw

Konqueror 3.3.1 allows remote attackers to execute arbitrary FTP commands via an ftp:// URL that contains a URL-encoded newline ("%0a") before the FTP command, which causes the commands to be inserted into the resulting FTP session, as demonstrated using a PORT command.

Red Hat Enterprise Linux 3 2005-02-10T00:00:00 RHSA-2005:009 kdebase-6:3.1.3-5.8 Red Hat Enterprise Linux 3 2005-02-10T00:00:00 RHSA-2005:009 kdelibs-6:3.1.3-6.9 Red Hat Enterprise Linux 4 2005-02-15T00:00:00 RHSA-2005:065 kdelibs-6:3.3.1-3.3 https://www.cve.org/CVERecord?id=CVE-2004-1165 https://nvd.nist.gov/vuln/detail/CVE-2004-1165

a2ps 4.13 allows remote attackers to execute arbitrary commands via shell metacharacters in the filename.

Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. https://www.cve.org/CVERecord?id=CVE-2004-1170 https://nvd.nist.gov/vuln/detail/CVE-2004-1170 Low 2005-01-14T00:00:00 security flaw

direntry.c in Midnight Commander (mc) 4.5.55 and earlier allows attackers to cause a denial of service by "manipulating non-existing file handles."

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2005-06-16T00:00:00 RHSA-2005:512 Red Hat Enterprise Linux WS version 2.1 2005-06-16T00:00:00 RHSA-2005:512 Red Hat Linux Advanced Workstation 2.1 2005-06-16T00:00:00 RHSA-2005:512 https://www.cve.org/CVERecord?id=CVE-2004-1174 https://nvd.nist.gov/vuln/detail/CVE-2004-1174 Low 2005-01-14T00:00:00 security flaw

fish.c in midnight commander allows remote attackers to execute arbitrary programs via "insecure filename quoting," possibly using shell metacharacters.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2005-06-16T00:00:00 RHSA-2005:512 Red Hat Enterprise Linux WS version 2.1 2005-06-16T00:00:00 RHSA-2005:512 Red Hat Linux Advanced Workstation 2.1 2005-06-16T00:00:00 RHSA-2005:512 https://www.cve.org/CVERecord?id=CVE-2004-1175 https://nvd.nist.gov/vuln/detail/CVE-2004-1175 Low 2004-12-13T00:00:00 security flaw

Buffer underflow in extfs.c in Midnight Commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2005-03-04T00:00:00 RHSA-2005:217 Red Hat Enterprise Linux WS version 2.1 2005-03-04T00:00:00 RHSA-2005:217 Red Hat Linux Advanced Workstation 2.1 2005-03-04T00:00:00 RHSA-2005:217 https://www.cve.org/CVERecord?id=CVE-2004-1176 https://nvd.nist.gov/vuln/detail/CVE-2004-1176 Important 2005-01-10T00:00:00 security flaw

Cross-site scripting (XSS) vulnerability in the driver script in mailman before 2.1.5 allows remote attackers to inject arbitrary web script or HTML via a URL, which is not properly escaped in the resulting error page.

This issue did not affect the versions of mailman shipped with Red Hat Enterprise Linux 2.1, 3, or 4. In addition, we believe this issue does not apply to the 2.0.x versions of mailman due to setting of STEALTH_MODE Red Hat Enterprise Linux 3 2005-03-21T00:00:00 RHSA-2005:235 mailman-3:2.1.5-25.rhel3 Red Hat Enterprise Linux 4 2005-03-21T00:00:00 RHSA-2005:235 mailman-3:2.1.5-33.rhel4 https://www.cve.org/CVERecord?id=CVE-2004-1177 https://nvd.nist.gov/vuln/detail/CVE-2004-1177 Low 2005-01-05T00:00:00 security flaw

Integer overflow in the tiffdump utility for libtiff 3.7.1 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted TIFF file.

Red Hat Enterprise Linux 3 2005-01-13T00:00:00 RHSA-2005:019 libtiff-0:3.5.7-22.el3 Red Hat Enterprise Linux 4 2005-02-15T00:00:00 RHSA-2005:035 libtiff-0:3.6.1-8 https://www.cve.org/CVERecord?id=CVE-2004-1183 https://nvd.nist.gov/vuln/detail/CVE-2004-1183 Low 2005-01-20T00:00:00 security flaw

The EPSF pipe support in enscript 1.6.3 allows remote attackers or local users to execute arbitrary commands via shell metacharacters.

Red Hat Enterprise Linux 3 2005-02-01T00:00:00 RHSA-2005:039 enscript-0:1.6.1-24.4 Red Hat Enterprise Linux 4 2005-02-15T00:00:00 RHSA-2005:040 enscript-0:1.6.1-28.3 https://www.cve.org/CVERecord?id=CVE-2004-1184 https://nvd.nist.gov/vuln/detail/CVE-2004-1184 Low 2005-01-20T00:00:00 security flaw

Enscript 1.6.3 does not sanitize filenames, which allows remote attackers or local users to execute arbitrary commands via crafted filenames.

Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Red Hat Enterprise Linux 3 2005-02-01T00:00:00 RHSA-2005:039 enscript-0:1.6.1-24.4 Red Hat Enterprise Linux 4 2005-02-15T00:00:00 RHSA-2005:040 enscript-0:1.6.1-28.3 https://www.cve.org/CVERecord?id=CVE-2004-1185 https://nvd.nist.gov/vuln/detail/CVE-2004-1185 Low 2005-01-20T00:00:00 security flaw

Multiple buffer overflows in enscript 1.6.3 allow remote attackers or local users to cause a denial of service (application crash).

Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Red Hat Enterprise Linux 3 2005-02-01T00:00:00 RHSA-2005:039 enscript-0:1.6.1-24.4 Red Hat Enterprise Linux 4 2005-02-15T00:00:00 RHSA-2005:040 enscript-0:1.6.1-28.3 https://www.cve.org/CVERecord?id=CVE-2004-1186 https://nvd.nist.gov/vuln/detail/CVE-2004-1186 Moderate 2004-12-21T00:00:00 security flaw

The add_to_history function in svr_principal.c in libkadm5srv for MIT Kerberos 5 (krb5) up to 1.3.5, when performing a password change, does not properly track the password policy's history count and the maximum number of keys, which can cause an array index out-of-bounds error and may allow authenticated users to execute arbitrary code via a heap-based buffer overflow.

Red Hat Enterprise Linux 3 2005-01-19T00:00:00 RHSA-2005:012 krb5-0:1.2.7-38 Red Hat Enterprise Linux 4 2005-02-15T00:00:00 RHSA-2005:045 krb5-0:1.3.4-10 https://www.cve.org/CVERecord?id=CVE-2004-1189 https://nvd.nist.gov/vuln/detail/CVE-2004-1189 Moderate 2004-07-30T00:00:00 security flaw

SUSE Linux before 9.1 and SUSE Linux Enterprise Server before 9 do not properly check commands sent to CD devices that have been opened read-only, which could allow local users to conduct unauthorized write activities to modify the firmware of associated SCSI devices.

Red Hat Enterprise Linux 4 2006-01-17T00:00:00 RHSA-2006:0101 kernel-0:2.6.9-22.0.2.EL https://www.cve.org/CVERecord?id=CVE-2004-1190 https://nvd.nist.gov/vuln/detail/CVE-2004-1190 Important 2004-04-08T00:00:00 security flaw

load_elf_binary in Linux before 2.4.26 allows local users to cause a denial of service (system crash) via an ELF binary in which the interpreter is NULL.

Red Hat Enterprise Linux 3 2004-12-23T00:00:00 RHSA-2004:689 kernel-0:2.4.21-27.0.1.EL Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2005-01-21T00:00:00 RHSA-2005:016 Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2005-01-21T00:00:00 RHSA-2005:017 Red Hat Enterprise Linux ES version 2.1 2005-01-21T00:00:00 RHSA-2005:016 Red Hat Enterprise Linux WS version 2.1 2005-01-21T00:00:00 RHSA-2005:016 Red Hat Linux Advanced Workstation 2.1 2005-01-21T00:00:00 RHSA-2005:017 https://www.cve.org/CVERecord?id=CVE-2004-1234 https://nvd.nist.gov/vuln/detail/CVE-2004-1234 Important 2005-01-06T00:00:00 security flaw

Race condition in the (1) load_elf_library and (2) binfmt_aout function calls for uselib in Linux kernel 2.4 through 2.429-rc2 and 2.6 through 2.6.10 allows local users to execute arbitrary code by manipulating the VMA descriptor.

Red Hat Enterprise Linux 3 2005-01-18T00:00:00 RHSA-2005:043 kernel-0:2.4.21-27.0.2.EL Red Hat Enterprise Linux 4 2005-02-18T00:00:00 RHSA-2005:092 kernel-0:2.6.9-5.0.3.EL Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2005-01-21T00:00:00 RHSA-2005:016 Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2005-01-21T00:00:00 RHSA-2005:017 Red Hat Enterprise Linux ES version 2.1 2005-01-21T00:00:00 RHSA-2005:016 Red Hat Enterprise Linux WS version 2.1 2005-01-21T00:00:00 RHSA-2005:016 Red Hat Linux Advanced Workstation 2.1 2005-01-21T00:00:00 RHSA-2005:017 https://www.cve.org/CVERecord?id=CVE-2004-1235 https://nvd.nist.gov/vuln/detail/CVE-2004-1235 Critical 2004-12-23T00:00:00 security flaw

Buffer overflow in the LDAP component for Netscape Directory Server (NDS) 3.6 on HP-UX and other operating systems allows remote attackers to execute arbitrary code.

Netscape Directory Server 6.21 2005-01-11T00:00:00 RHSA-2005:030 https://www.cve.org/CVERecord?id=CVE-2004-1236 https://nvd.nist.gov/vuln/detail/CVE-2004-1236 Important 2004-09-10T00:00:00 security flaw

Unknown vulnerability in the system call filtering code in the audit subsystem for Red Hat Enterprise Linux 3 allows local users to cause a denial of service (system crash) via unknown vectors.

Red Hat Enterprise Linux 3 2005-01-18T00:00:00 RHSA-2005:043 kernel-0:2.4.21-27.0.2.EL https://www.cve.org/CVERecord?id=CVE-2004-1237 https://nvd.nist.gov/vuln/detail/CVE-2004-1237 Important 2004-12-15T00:00:00 security flaw

Buffer overflow in the ParseCommand function in hpgl-input.c in the hpgltops program for CUPS 1.1.22 allows remote attackers to execute arbitrary code via a crafted HPGL file.

Red Hat Enterprise Linux 3 2005-01-12T00:00:00 RHSA-2005:013 cups-1:1.1.17-13.3.22 Red Hat Enterprise Linux 4 2005-02-15T00:00:00 RHSA-2005:053 cups-1:1.1.22-0.rc1.9.6 https://www.cve.org/CVERecord?id=CVE-2004-1267 https://nvd.nist.gov/vuln/detail/CVE-2004-1267 Important 2004-12-15T00:00:00 security flaw

lppasswd in CUPS 1.1.22 ignores write errors when modifying the CUPS passwd file, which allows local users to corrupt the file by filling the associated file system and triggering the write errors.

Red Hat Enterprise Linux 3 2005-01-12T00:00:00 RHSA-2005:013 cups-1:1.1.17-13.3.22 Red Hat Enterprise Linux 4 2005-02-15T00:00:00 RHSA-2005:053 cups-1:1.1.22-0.rc1.9.6 https://www.cve.org/CVERecord?id=CVE-2004-1268 https://nvd.nist.gov/vuln/detail/CVE-2004-1268 Important 2004-12-15T00:00:00 security flaw

lppasswd in CUPS 1.1.22 does not remove the passwd.new file if it encounters a file-size resource limit while writing to passwd.new, which causes subsequent invocations of lppasswd to fail.

Red Hat Enterprise Linux 3 2005-01-12T00:00:00 RHSA-2005:013 cups-1:1.1.17-13.3.22 Red Hat Enterprise Linux 4 2005-02-15T00:00:00 RHSA-2005:053 cups-1:1.1.22-0.rc1.9.6 https://www.cve.org/CVERecord?id=CVE-2004-1269 https://nvd.nist.gov/vuln/detail/CVE-2004-1269 Important 2004-12-15T00:00:00 security flaw

lppasswd in CUPS 1.1.22, when run in environments that do not ensure that file descriptors 0, 1, and 2 are open when lppasswd is called, does not verify that the passwd.new file is different from STDERR, which allows local users to control output to passwd.new via certain user input that triggers an error message.

Red Hat Enterprise Linux 3 2005-01-12T00:00:00 RHSA-2005:013 cups-1:1.1.17-13.3.22 Red Hat Enterprise Linux 4 2005-02-15T00:00:00 RHSA-2005:053 cups-1:1.1.22-0.rc1.9.6 https://www.cve.org/CVERecord?id=CVE-2004-1270 https://nvd.nist.gov/vuln/detail/CVE-2004-1270 Low 2004-12-15T00:00:00 security flaw

Buffer overflow in the error function in preproc.c for NASM 0.98.38 1.2 allows attackers to execute arbitrary code via a crafted asm file, a different vulnerability than CVE-2005-1194.

Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Red Hat Enterprise Linux 3 2005-05-04T00:00:00 RHSA-2005:381 nasm-0:0.98.35-3.EL3 Red Hat Enterprise Linux 4 2005-05-04T00:00:00 RHSA-2005:381 nasm-0:0.98.38-3.EL4 https://www.cve.org/CVERecord?id=CVE-2004-1287 https://nvd.nist.gov/vuln/detail/CVE-2004-1287

The (1) eqn2graph and (2) pic2graph scripts in groff 1.18.1 allow local users to overwrite arbitrary files via a symlink attack on temporary files.

Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. https://www.cve.org/CVERecord?id=CVE-2004-1296 https://nvd.nist.gov/vuln/detail/CVE-2004-1296 Moderate 2004-12-21T00:00:00 security flaw

Integer overflow in the TIFFFetchStripThing function in tif_dirread.c for libtiff 3.6.1 allows remote attackers to execute arbitrary code via a TIFF file with the STRIPOFFSETS flag and a large number of strips, which causes a zero byte buffer to be allocated and leads to a heap-based buffer overflow.

This issue was resolved in all affected libtiff versions as shipped with Red Hat Enterprise Linux 2.1, 3, and 4 via a patch for CVE-2004-0886. For updates containing patches for CVE-2004-0886, see: https://rhn.redhat.com/errata/CVE-2004-0886.html Red Hat Enterprise Linux 3 2004-10-22T00:00:00 RHSA-2004:577 libtiff-0:3.5.7-20.1 Red Hat Enterprise Linux 3 2005-04-12T00:00:00 RHSA-2005:021 kdegraphics-7:3.1.3-3.7 https://www.cve.org/CVERecord?id=CVE-2004-1307 https://nvd.nist.gov/vuln/detail/CVE-2004-1307 Important 2004-12-21T00:00:00 security flaw

Integer overflow in (1) tif_dirread.c and (2) tif_fax3.c for libtiff 3.5.7 and 3.7.0 allows remote attackers to execute arbitrary code via a TIFF file containing a TIFF_ASCII or TIFF_UNDEFINED directory entry with a -1 entry count, which leads to a heap-based buffer overflow.

Red Hat Enterprise Linux 3 2005-01-13T00:00:00 RHSA-2005:019 libtiff-0:3.5.7-22.el3 Red Hat Enterprise Linux 3 2005-04-12T00:00:00 RHSA-2005:021 kdegraphics-7:3.1.3-3.7 Red Hat Enterprise Linux 4 2005-02-15T00:00:00 RHSA-2005:035 libtiff-0:3.6.1-8 https://www.cve.org/CVERecord?id=CVE-2004-1308 https://nvd.nist.gov/vuln/detail/CVE-2004-1308 Low 2004-12-29T00:00:00 security flaw

Heap-based buffer overflow in MSG_UnEscapeSearchUrl in nsNNTPProtocol.cpp for Mozilla 1.7.3 and earlier allows remote attackers to cause a denial of service (application crash) via an NNTP URL (news:) with a trailing '\' (backslash) character, which prevents a string from being NULL terminated.

https://www.cve.org/CVERecord?id=CVE-2004-1316 https://nvd.nist.gov/vuln/detail/CVE-2004-1316 Important 2004-12-08T00:00:00 security flaw

Memory leak in the ip_options_get function in the Linux kernel before 2.6.10 allows local users to cause a denial of service (memory consumption) by repeatedly calling the ip_cmsg_send function.

Red Hat Enterprise Linux 3 2004-12-23T00:00:00 RHSA-2004:689 kernel-0:2.4.21-27.0.1.EL Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2005-01-21T00:00:00 RHSA-2005:016 Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2005-01-21T00:00:00 RHSA-2005:017 Red Hat Enterprise Linux ES version 2.1 2005-01-21T00:00:00 RHSA-2005:016 Red Hat Enterprise Linux WS version 2.1 2005-01-21T00:00:00 RHSA-2005:016 Red Hat Linux Advanced Workstation 2.1 2005-01-21T00:00:00 RHSA-2005:017 https://www.cve.org/CVERecord?id=CVE-2004-1335 https://nvd.nist.gov/vuln/detail/CVE-2004-1335

The (1) fixps (aka fixps.in) and (2) psmandup (aka psmandup.in) scripts in a2ps before 4.13 allow local users to overwrite arbitrary files via a symlink attack on temporary files.

Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. https://www.cve.org/CVERecord?id=CVE-2004-1377 https://nvd.nist.gov/vuln/detail/CVE-2004-1377 Moderate 2005-01-20T00:00:00 security flaw

Firefox before 1.0 and Mozilla before 1.7.5 allows inactive (background) tabs to launch dialog boxes, which can allow remote attackers to spoof the dialog boxes from web sites in other windows and facilitate phishing attacks, aka the "Dialog Box Spoofing Vulnerability."

Red Hat Enterprise Linux 4 2005-03-23T00:00:00 RHSA-2005:335 devhelp-0:0.9.2-2.4.3 Red Hat Enterprise Linux 4 2005-03-23T00:00:00 RHSA-2005:335 evolution-0:2.0.2-14 https://www.cve.org/CVERecord?id=CVE-2004-1380 https://nvd.nist.gov/vuln/detail/CVE-2004-1380 Low 2004-10-24T00:00:00 security flaw

The glibcbug script in glibc 2.3.4 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files, a different vulnerability than CVE-2004-0968.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2005-04-28T00:00:00 RHSA-2005:261 Red Hat Enterprise Linux ES version 2.1 2005-04-28T00:00:00 RHSA-2005:261 Red Hat Enterprise Linux WS version 2.1 2005-04-28T00:00:00 RHSA-2005:261 Red Hat Linux Advanced Workstation 2.1 2005-04-28T00:00:00 RHSA-2005:261 https://www.cve.org/CVERecord?id=CVE-2004-1382 https://nvd.nist.gov/vuln/detail/CVE-2004-1382 Low 2004-12-15T00:00:00 security flaw

PHP 4.0 with cURL functions allows remote attackers to bypass the open_basedir setting and read arbitrary files via a file: URL argument to the curl_init function.

We do not consider these to be security issues: http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1 Red Hat Enterprise Linux 3 2005-04-28T00:00:00 RHSA-2005:405 php-0:4.3.2-23.ent Red Hat Enterprise Linux 4 2005-05-04T00:00:00 RHSA-2005:406 php-0:4.3.9-3.6 https://www.cve.org/CVERecord?id=CVE-2004-1392 https://nvd.nist.gov/vuln/detail/CVE-2004-1392 Low 2004-08-17T00:00:00 security flaw

GNU glibc 2.3.4 before 2.3.4.20040619, 2.3.3 before 2.3.3.20040420, and 2.3.2 before 2.3.2-r10 does not restrict the use of LD_DEBUG for a setuid program, which allows local users to gain sensitive information, such as the list of symbols used by the program.

Red Hat Enterprise Linux 3 2005-05-18T00:00:00 RHSA-2005:256 glibc-0:2.3.2-95.33 Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2005-04-28T00:00:00 RHSA-2005:261 Red Hat Enterprise Linux ES version 2.1 2005-04-28T00:00:00 RHSA-2005:261 Red Hat Enterprise Linux WS version 2.1 2005-04-28T00:00:00 RHSA-2005:261 Red Hat Linux Advanced Workstation 2.1 2005-04-28T00:00:00 RHSA-2005:261 https://www.cve.org/CVERecord?id=CVE-2004-1453 https://nvd.nist.gov/vuln/detail/CVE-2004-1453 Low 2004-12-10T00:00:00 security flaw

wget 1.8.x and 1.9.x allows a remote malicious web server to overwrite certain files via a redirection URL containing a ".." that resolves to the IP address of the malicious server, which bypasses wget's filtering for ".." sequences.

Red Hat Enterprise Linux 3 2005-09-27T00:00:00 RHSA-2005:771 wget-0:1.10.1-1.30E.1 Red Hat Enterprise Linux 4 2005-09-27T00:00:00 RHSA-2005:771 wget-0:1.10.1-2.4E.1 https://www.cve.org/CVERecord?id=CVE-2004-1487 https://nvd.nist.gov/vuln/detail/CVE-2004-1487 Low 2004-12-10T00:00:00 security flaw

wget 1.8.x and 1.9.x does not filter or quote control characters when displaying HTTP responses to the terminal, which may allow remote malicious web servers to inject terminal escape sequences and execute arbitrary code.

Red Hat Enterprise Linux 3 2005-09-27T00:00:00 RHSA-2005:771 wget-0:1.10.1-1.30E.1 Red Hat Enterprise Linux 4 2005-09-27T00:00:00 RHSA-2005:771 wget-0:1.10.1-2.4E.1 https://www.cve.org/CVERecord?id=CVE-2004-1488 https://nvd.nist.gov/vuln/detail/CVE-2004-1488 Moderate 2004-10-18T00:00:00 security flaw

Mozilla allows remote attackers to cause a denial of service (application crash from null dereference or infinite loop) via a web page that contains a (1) TEXTAREA, (2) INPUT, (3) FRAMESET or (4) IMG tag followed by a null character and some trailing characters, as demonstrated by mangleme.

https://www.cve.org/CVERecord?id=CVE-2004-1613 https://nvd.nist.gov/vuln/detail/CVE-2004-1613

The default configuration for OpenSSH enables AllowTcpForwarding, which could allow remote authenticated users to perform a port bounce, when configured with an anonymous access program such as AnonCVS.

Permitting TCP forwarding is the expected and known default configuration. If it is not desired, it can disabled using the AllowTcpForwarding option in the /etc/ssh/sshd_config configuration file. However, only disabling TCP forwarding does not improve security unless users are also denied shell access. For more information, see man sshd_config. https://www.cve.org/CVERecord?id=CVE-2004-1653 https://nvd.nist.gov/vuln/detail/CVE-2004-1653

Multiple buffer overflows in the psscan function in ps.c for gv (ghostview) allow remote attackers to execute arbitrary code via a Postscript file with a long (1) BoundingBox, (2) comment, (3) Orientation, (4) PageOrder, or (5) Pages value.

This CVE is a duplicate (rediscovery) of CVE-2002-0838 https://www.cve.org/CVERecord?id=CVE-2004-1717 https://nvd.nist.gov/vuln/detail/CVE-2004-1717 Moderate 2004-03-22T00:00:00 security flaw

Unknown vulnerability in Ethereal 0.8.13 to 0.10.2 allows attackers to cause a denial of service (segmentation fault) via a malformed color filter file.

Red Hat Enterprise Linux 3 2004-03-30T00:00:00 RHSA-2004:136 ethereal-0:0.10.3-0.30E.1 Red Hat Linux 9 2004-03-31T00:00:00 RHSA-2004:137 https://www.cve.org/CVERecord?id=CVE-2004-1761 https://nvd.nist.gov/vuln/detail/CVE-2004-1761 Low 2004-04-06T00:00:00 security flaw

Stack-based buffer overflow in shar in GNU sharutils 4.2.1 allows local users to execute arbitrary code via a long -o command line argument.

Red Hat Enterprise Linux 3 2005-04-26T00:00:00 RHSA-2005:377 sharutils-0:4.2.1-16.2 Red Hat Enterprise Linux 4 2005-04-26T00:00:00 RHSA-2005:377 sharutils-0:4.2.1-22.2 https://www.cve.org/CVERecord?id=CVE-2004-1772 https://nvd.nist.gov/vuln/detail/CVE-2004-1772 Low 2004-10-01T00:00:00 security flaw

Multiple buffer overflows in sharutils 4.2.1 and earlier may allow attackers to execute arbitrary code via (1) long output from wc to shar, or (2) unknown vectors in unshar.

Red Hat Enterprise Linux 3 2005-04-26T00:00:00 RHSA-2005:377 sharutils-0:4.2.1-16.2 Red Hat Enterprise Linux 4 2005-04-26T00:00:00 RHSA-2005:377 sharutils-0:4.2.1-22.2 https://www.cve.org/CVERecord?id=CVE-2004-1773 https://nvd.nist.gov/vuln/detail/CVE-2004-1773

Extcompose in metamail does not verify the output file before writing to it, which allows local users to overwrite arbitrary files via a symlink attack.

The Red Hat Security Response Team rated this issue as having low security impact. This issue affected Red Hat Enterprise Linux 2.1 but due to the low severity will not be fixed. metamail was not shipped in Red Hat Enterprise Linux 3, 4, or 5. https://www.cve.org/CVERecord?id=CVE-2004-1808 https://nvd.nist.gov/vuln/detail/CVE-2004-1808 Moderate 2004-03-20T00:00:00 security flaw

mod_disk_cache in Apache 2.0 through 2.0.49 stores client headers, including authentication information, on the hard disk, which could allow local users to gain sensitive information.

Red Hat Enterprise Linux 3 2004-11-12T00:00:00 RHSA-2004:562 httpd-0:2.0.46-44.ent https://www.cve.org/CVERecord?id=CVE-2004-1834 https://nvd.nist.gov/vuln/detail/CVE-2004-1834

Memory leak in the back-bdb backend for OpenLDAP 2.1.12 and earlier allows remote attackers to cause a denial of service (memory consumption).

Not vulnerable. These issues did not affect the versions of OpenLDAP as shipped with Red Hat Enterprise Linux 2.1, 3, or 4. https://www.cve.org/CVERecord?id=CVE-2004-1880 https://nvd.nist.gov/vuln/detail/CVE-2004-1880 Low 2004-05-16T00:00:00 security flaw

Wget 1.9 and 1.9.1 allows local users to overwrite arbitrary files via a symlink attack on the name of the file being downloaded.

Red Hat Enterprise Linux 3 2005-09-27T00:00:00 RHSA-2005:771 wget-0:1.10.1-1.30E.1 Red Hat Enterprise Linux 4 2005-09-27T00:00:00 RHSA-2005:771 wget-0:1.10.1-2.4E.1 https://www.cve.org/CVERecord?id=CVE-2004-2014 https://nvd.nist.gov/vuln/detail/CVE-2004-2014 Low 2004-01-27T00:00:00 security flaw

sshd.c in OpenSSH 3.6.1p2 and 3.7.1p2 and possibly other versions, when using privilege separation, does not properly signal the non-privileged process when a session has been terminated after exceeding the LoginGraceTime setting, which leaves the connection open and allows remote attackers to cause a denial of service (connection consumption).

Red Hat Enterprise Linux 3 2005-09-28T00:00:00 RHSA-2005:550 openssh-0:3.6.1p2-33.30.6 https://www.cve.org/CVERecord?id=CVE-2004-2069 https://nvd.nist.gov/vuln/detail/CVE-2004-2069 Moderate 2004-05-05T00:00:00 security flaw

CUPS before 1.1.21rc1 treats a Location directive in cupsd.conf as case sensitive, which allows attackers to bypass intended ACLs via a printer name containing uppercase or lowercase letters that are different from what is specified in the directive.

Red Hat Enterprise Linux 3 2005-07-14T00:00:00 RHSA-2005:571 cups-1:1.1.17-13.3.29 https://www.cve.org/CVERecord?id=CVE-2004-2154 https://nvd.nist.gov/vuln/detail/CVE-2004-2154 Moderate 2004-03-25T00:00:00 security flaw

vsftpd before 1.2.2, when under heavy load, allows attackers to cause a denial of service (crash) via a SIGCHLD signal during a malloc or free call, which is not re-entrant.

Red Hat Enterprise Linux AS version 3 2004-05-11T00:00:00 RHBA-2004:164 Red Hat Enterprise Linux ES version 3 2004-05-11T00:00:00 RHBA-2004:164 https://www.cve.org/CVERecord?id=CVE-2004-2259 https://nvd.nist.gov/vuln/detail/CVE-2004-2259

Buffer overflow in snmpd in ucd-snmp 4.2.6 and earlier, when installed setuid root, allows local users to execute arbitrary code via a long -p command line argument. NOTE: it is not clear whether there are any standard configurations in which snmpd is installed setuid or setgid. If not, then this issue should not be included in CVE.

Not vulnerable. We did not ship snmpd setuid root in Red Hat Enterprise Linux 2.1, 3, or 4. https://www.cve.org/CVERecord?id=CVE-2004-2300 https://nvd.nist.gov/vuln/detail/CVE-2004-2300

The default configuration of BEA WebLogic Server and Express 8.1 SP2 and earlier, 7.0 SP4 and earlier, 6.1 through SP6, and 5.1 through SP13 responds to the HTTP TRACE request, which can allow remote attackers to steal information using cross-site tracing (XST) attacks in applications that are vulnerable to cross-site scripting.

The Apache Software Foundation do not treat this as a security issue. A configuration change can be made to disable the ability to respond to HTTP TRACE requests if required. For more information please see: http://www.apacheweek.com/issues/03-01-24#news https://www.cve.org/CVERecord?id=CVE-2004-2320 https://nvd.nist.gov/vuln/detail/CVE-2004-2320

Apache HTTP Server 2.0.47 and earlier allows local users to bypass .htaccess file restrictions, as specified in httpd.conf with directives such as Deny From All, by using an ErrorDocument directive. NOTE: the vendor has disputed this issue, since the .htaccess mechanism is only intended to restrict external web access, and a local user already has the privileges to perform the same operations without using ErrorDocument

Red Hat does not consider this to be a security issue. https://www.cve.org/CVERecord?id=CVE-2004-2343 https://nvd.nist.gov/vuln/detail/CVE-2004-2343 Low 2004-04-06T00:00:00 security flaw

libuser 0.51.7 allows attackers to cause a denial of service (crash or disk consumption) via unknown attack vectors, related to read failures and other bugs.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2005-10-11T00:00:00 RHSA-2005:770 Red Hat Enterprise Linux ES version 2.1 2005-10-11T00:00:00 RHSA-2005:770 Red Hat Enterprise Linux WS version 2.1 2005-10-11T00:00:00 RHSA-2005:770 Red Hat Linux Advanced Workstation 2.1 2005-10-11T00:00:00 RHSA-2005:770 https://www.cve.org/CVERecord?id=CVE-2004-2392 https://nvd.nist.gov/vuln/detail/CVE-2004-2392 Low 2004-11-23T00:00:00 security flaw

Squid Web Proxy Cache 2.5 might allow remote attackers to obtain sensitive information via URLs containing invalid hostnames that cause DNS operations to fail, which results in references to previously used error messages.

Red Hat Enterprise Linux 3 2005-09-15T00:00:00 RHSA-2005:766 squid-7:2.5.STABLE3-6.3E.14 Red Hat Enterprise Linux 4 2005-09-15T00:00:00 RHSA-2005:766 squid-7:2.5.STABLE6-3.4E.11 https://www.cve.org/CVERecord?id=CVE-2004-2479 https://nvd.nist.gov/vuln/detail/CVE-2004-2479 Moderate 2009-04-30T00:00:00 cscope: multiple buffer overflows 5.1 AV:N/AC:H/Au:N/C:P/I:P/A:P

Buffer overflow in Cscope 15.5, and possibly multiple overflows, allows remote attackers to execute arbitrary code via a C file with a long #include line that is later browsed by the target.

Red Hat Enterprise Linux 3 2009-06-15T00:00:00 RHSA-2009:1101 cscope-0:15.5-16.RHEL3 Red Hat Enterprise Linux 4 2009-06-15T00:00:00 RHSA-2009:1101 cscope-0:15.5-10.RHEL4.3 Red Hat Enterprise Linux 5 2009-06-15T00:00:00 RHSA-2009:1102 cscope-0:15.5-15.1.el5_3.1 https://www.cve.org/CVERecord?id=CVE-2004-2541 https://nvd.nist.gov/vuln/detail/CVE-2004-2541

Multiple memory leaks in Samba before 3.0.6 allow attackers to cause a denial of service (memory consumption).

Not vulnerable. This issue did not affect the versions of Samba as distributed with Red Hat Enterprise Linux 3, or 4. Red Hat Enterprise Linux 2.1 shipped with a version of Samba prior to 3.0.6, but we verified by code audit that it is not affected by this issue. https://www.cve.org/CVERecord?id=CVE-2004-2546 https://nvd.nist.gov/vuln/detail/CVE-2004-2546

The clientAbortBody function in client_side.c in Squid Web Proxy Cache before 2.6 STABLE6 allows remote attackers to cause a denial of service (segmentation fault) via unspecified vectors that trigger a null dereference. NOTE: in a followup advisory, a researcher claimed that the issue was a buffer overflow that was not fixed in STABLE6. However, the vendor's bug report clearly shows that the researcher later retracted this claim, because the tested product was actually STABLE5.

Not vulnerable. This issue only affected 2.5 STABLE4 and 2.5 STABLE5 versions of Squid and does not affect the versions of Squid distributed with Red Hat Enterprise Linux. https://www.cve.org/CVERecord?id=CVE-2004-2654 https://nvd.nist.gov/vuln/detail/CVE-2004-2654 Moderate 2004-05-12T00:00:00 security flaw

rdesktop 1.3.1 with xscreensaver 4.14, and possibly other versions, when running on Fedora and possibly other platforms, does not release the keyboard focus when xscreensaver starts, which causes the password to be entered into the active window when the user unlocks the screen.

Red Hat Enterprise Linux 3 2006-05-23T00:00:00 RHSA-2006:0498 xscreensaver-1:4.10-20 https://www.cve.org/CVERecord?id=CVE-2004-2655 https://nvd.nist.gov/vuln/detail/CVE-2004-2655 Low 2004-10-28T00:00:00 security flaw

Memory leak in direct-io.c in Linux kernel 2.6.x before 2.6.10 allows local users to cause a denial of service (memory consumption) via certain O_DIRECT (direct IO) write requests.

Red Hat Enterprise Linux 4 2006-08-22T00:00:00 RHSA-2006:0617 kernel-0:2.6.9-42.0.2.EL https://www.cve.org/CVERecord?id=CVE-2004-2660 https://nvd.nist.gov/vuln/detail/CVE-2004-2660 Low 2004-04-16T00:00:00 mod_python arbitrary data disclosure flaw

mod_python (libapache2-mod-python) 3.1.4 and earlier does not properly handle when output filters process more than 16384 bytes, which can cause filter.read to return portions of previously freed memory.

The Red Hat Security Response Team has rated this issue as having low security impact. We no longer plan to fix this flaw in Red Hat Enterprise Linux 4. Red Hat Enterprise Linux 4 Will not fix mod_python Red Hat Enterprise Linux 5 Not affected mod_python https://www.cve.org/CVERecord?id=CVE-2004-2680 https://nvd.nist.gov/vuln/detail/CVE-2004-2680 Low 2004-12-31T00:00:00 kernel: interger overflows in Sbus PROM driver

Multiple integer overflows in Sbus PROM driver (drivers/sbus/char/openprom.c) for the Linux kernel 2.4.x up to 2.4.27, 2.6.x up to 2.6.7, and possibly later versions, allow local users to execute arbitrary code by specifying (1) a small buffer size to the copyin_string function or (2) a negative buffer size to the copyin function.

Not vulnerable. The Linux kernel as shipped with with Red Hat Enterprise Linux 2.1, 3, 4 and 5 did not include the Sbus PROM module and therefore are not affected by this issue. https://www.cve.org/CVERecord?id=CVE-2004-2731 https://nvd.nist.gov/vuln/detail/CVE-2004-2731 Low 2004-04-12T00:00:00 openssh information disclosure

sshd in OpenSSH 3.5p1, when PermitRootLogin is disabled, immediately closes the TCP connection after a root login attempt with the correct password, but leaves the connection open after an attempt with an incorrect password, which makes it easier for remote attackers to guess the password by observing the connection state, a different vulnerability than CVE-2003-0190. NOTE: it could be argued that in most environments, this does not cross privilege boundaries without requiring leverage of a separate vulnerability.

The risks associated with fixing this bug are greater than the low severity security risk. We therefore currently have no plans to fix this flaw in Red Hat Enterprise Linux 2.1 which is in maintenance mode. https://www.cve.org/CVERecord?id=CVE-2004-2760 https://nvd.nist.gov/vuln/detail/CVE-2004-2760 Moderate 2008-12-30T00:00:00 MD5: MD5 Message-Digest Algorithm is not collision resistant 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

The MD5 Message-Digest Algorithm is not collision resistant, which makes it easier for context-dependent attackers to conduct spoofing attacks, as demonstrated by attacks on the use of MD5 in the signature algorithm of an X.509 certificate.

Please see https://access.redhat.com/solutions/15378 Red Hat Certificate System 7.3 2010-11-08T00:00:00 RHSA-2010:0837 rhpki-ca-0:7.3.0-21.el4 Red Hat Certificate System 7.3 2010-11-08T00:00:00 RHSA-2010:0837 rhpki-common-0:7.3.0-41.el4 Red Hat Certificate System 7.3 2010-11-08T00:00:00 RHSA-2010:0837 rhpki-util-0:7.3.0-21.el4 Red Hat Certificate System 8 2010-11-08T00:00:00 RHSA-2010:0838 pki-ca-0:8.0.7-1.el5pki Red Hat Certificate System 8 2010-11-08T00:00:00 RHSA-2010:0838 pki-common-0:8.0.6-2.el5pki Red Hat Certificate System 8 2010-11-08T00:00:00 RHSA-2010:0838 pki-util-0:8.0.5-1.el5pki https://www.cve.org/CVERecord?id=CVE-2004-2761 https://nvd.nist.gov/vuln/detail/CVE-2004-2761 Moderate 2014-12-16T00:00:00 mailx: command execution flaw 3.6 AV:L/AC:L/Au:N/C:P/I:P/A:N CWE-78

The expand function in fio.c in Heirloom mailx 12.5 and earlier and BSD mailx 8.1.2 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in an email address.

A flaw was found in the way mailx handled the parsing of email addresses. A syntactically valid email address could allow a local attacker to cause mailx to execute arbitrary shell commands through shell meta-characters (CVE-2004-2771) and the direct command execution functionality (CVE-2014-7844).

Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/. Red Hat Enterprise Linux 6 2014-12-16T00:00:00 RHSA-2014:1999 mailx-0:12.4-8.el6_6 Red Hat Enterprise Linux 7 2014-12-16T00:00:00 RHSA-2014:1999 mailx-0:12.5-12.el7_0 Red Hat Enterprise Linux 5 Will not fix mailx https://www.cve.org/CVERecord?id=CVE-2004-2771 https://nvd.nist.gov/vuln/detail/CVE-2004-2771 Low 2004-12-31T00:00:00 libid3tag: id3_utf16_deserialize() misparses ID3v2 tags with an odd number of bytes resulting in an endless loop 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CWE-400

id3_utf16_deserialize() in utf16.c in libid3tag through 0.15.1b misparses ID3v2 tags encoded in UTF-16 with an odd number of bytes, triggering an endless loop allocating memory until an OOM condition is reached, leading to denial-of-service (DoS).

Red Hat Enterprise Linux 6 Will not fix libid3tag Red Hat Enterprise Linux 7 Affected libid3tag https://www.cve.org/CVERecord?id=CVE-2004-2779 https://nvd.nist.gov/vuln/detail/CVE-2004-2779 Important 2005-01-12T00:00:00 security flaw

Race condition in the page fault handler (fault.c) for Linux kernel 2.2.x to 2.2.7, 2.4 to 2.4.29, and 2.6 to 2.6.10, when running on multiprocessor machines, allows local users to execute arbitrary code via concurrent threads that share the same virtual memory space and simultaneously request stack expansion.

Red Hat Enterprise Linux 4 2005-02-18T00:00:00 RHSA-2005:092 kernel-0:2.6.9-5.0.3.EL Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2005-01-21T00:00:00 RHSA-2005:016 Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2005-01-21T00:00:00 RHSA-2005:017 Red Hat Enterprise Linux ES version 2.1 2005-01-21T00:00:00 RHSA-2005:016 Red Hat Enterprise Linux WS version 2.1 2005-01-21T00:00:00 RHSA-2005:016 Red Hat Linux Advanced Workstation 2.1 2005-01-21T00:00:00 RHSA-2005:017 https://www.cve.org/CVERecord?id=CVE-2005-0001 https://nvd.nist.gov/vuln/detail/CVE-2005-0001 2004-12-17T00:00:00 security flaw

The 64 bit ELF support in Linux kernel 2.6 before 2.6.10, on 64-bit architectures, does not properly check for overlapping VMA (virtual memory address) allocations, which allows local users to cause a denial of service (system crash) or execute arbitrary code via a crafted ELF or a.out file.

Red Hat Enterprise Linux 3 2005-01-18T00:00:00 RHSA-2005:043 kernel-0:2.4.21-27.0.2.EL Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2005-01-21T00:00:00 RHSA-2005:017 Red Hat Linux Advanced Workstation 2.1 2005-01-21T00:00:00 RHSA-2005:017 https://www.cve.org/CVERecord?id=CVE-2005-0003 https://nvd.nist.gov/vuln/detail/CVE-2005-0003 Moderate 2005-01-19T00:00:00 mysql: mysqlaccess creates/overwrite files on the system 7.9 CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:H CWE-266

The mysqlaccess script in MySQL 4.0.23 and earlier, 4.1.x before 4.1.10, 5.0.x before 5.0.3, and other versions including 3.x, allows local users to overwrite arbitrary files or read temporary files via a symlink attack on temporary files.

Red Hat Enterprise Linux 5 Not affected mysql55-mysql Red Hat Enterprise Linux 6 Not affected mysql Red Hat Enterprise Linux 7 Not affected mariadb Red Hat Enterprise Linux OpenStack Platform 5 (Icehouse) Not affected mariadb-galera Red Hat Enterprise Linux OpenStack Platform 6 (Juno) Not affected mariadb-galera Red Hat Enterprise Linux OpenStack Platform 7 (Kilo) Not affected mariadb-galera Red Hat OpenStack Platform 8 (Liberty) Not affected mariadb-galera Red Hat Software Collections Not affected mariadb55-mariadb Red Hat Software Collections Not affected mysql55-mysql Red Hat Software Collections Not affected rh-mariadb100-mariadb Red Hat Software Collections Not affected rh-mariadb101-mariadb Red Hat Software Collections Not affected rh-mysql56-mysql https://www.cve.org/CVERecord?id=CVE-2005-0004 https://nvd.nist.gov/vuln/detail/CVE-2005-0004 Moderate 2005-01-17T00:00:00 security flaw

Heap-based buffer overflow in psd.c for ImageMagick 6.1.0, 6.1.7, and possibly earlier versions allows remote attackers to execute arbitrary code via a .PSD image file with a large number of layers.

Red Hat Enterprise Linux 3 2005-03-23T00:00:00 RHSA-2005:070 ImageMagick-0:5.5.6-13 Red Hat Enterprise Linux 4 2005-02-15T00:00:00 RHSA-2005:071 ImageMagick-0:6.0.7.1-6 https://www.cve.org/CVERecord?id=CVE-2005-0005 https://nvd.nist.gov/vuln/detail/CVE-2005-0005 Moderate 2005-01-19T00:00:00 security flaw

The COPS dissector in Ethereal 0.10.6 through 0.10.8 allows remote attackers to cause a denial of service (infinite loop).

Red Hat Enterprise Linux 3 2005-02-02T00:00:00 RHSA-2005:011 ethereal-0:0.10.9-1.EL3.1 https://www.cve.org/CVERecord?id=CVE-2005-0006 https://nvd.nist.gov/vuln/detail/CVE-2005-0006 Moderate 2005-01-19T00:00:00 security flaw

Unknown vulnerability in the DLSw dissector in Ethereal 0.10.6 through 0.10.8 allows remote attackers to cause a denial of service (application crash from assertion).

Red Hat Enterprise Linux 3 2005-02-02T00:00:00 RHSA-2005:011 ethereal-0:0.10.9-1.EL3.1 https://www.cve.org/CVERecord?id=CVE-2005-0007 https://nvd.nist.gov/vuln/detail/CVE-2005-0007 Moderate 2005-01-19T00:00:00 security flaw

Unknown vulnerability in the DNP dissector in Ethereal 0.10.5 through 0.10.8 allows remote attackers to cause "memory corruption."

Red Hat Enterprise Linux 3 2005-02-02T00:00:00 RHSA-2005:011 ethereal-0:0.10.9-1.EL3.1 https://www.cve.org/CVERecord?id=CVE-2005-0008 https://nvd.nist.gov/vuln/detail/CVE-2005-0008 Moderate 2005-01-19T00:00:00 security flaw

Unknown vulnerability in the Gnutella dissector in Ethereal 0.10.6 through 0.10.8 allows remote attackers to cause a denial of service (application crash).

Red Hat Enterprise Linux 3 2005-02-02T00:00:00 RHSA-2005:011 ethereal-0:0.10.9-1.EL3.1 https://www.cve.org/CVERecord?id=CVE-2005-0009 https://nvd.nist.gov/vuln/detail/CVE-2005-0009 Moderate 2005-01-19T00:00:00 security flaw

Unknown vulnerability in the MMSE dissector in Ethereal 0.10.4 through 0.10.8 allows remote attackers to cause a denial of service by triggering a free of statically allocated memory.

Red Hat Enterprise Linux 3 2005-02-02T00:00:00 RHSA-2005:011 ethereal-0:0.10.9-1.EL3.1 https://www.cve.org/CVERecord?id=CVE-2005-0010 https://nvd.nist.gov/vuln/detail/CVE-2005-0010 Moderate 2005-01-30T00:00:00 security flaw

nwclient.c in ncpfs before 2.2.6 does not drop root privileges before executing utilities using the NetWare client functions, which allows local users to gain privileges.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2005-05-17T00:00:00 RHSA-2005:371 Red Hat Enterprise Linux ES version 2.1 2005-05-17T00:00:00 RHSA-2005:371 Red Hat Linux Advanced Workstation 2.1 2005-05-17T00:00:00 RHSA-2005:371 https://www.cve.org/CVERecord?id=CVE-2005-0013 https://nvd.nist.gov/vuln/detail/CVE-2005-0013 Moderate 2005-01-04T00:00:00 security flaw

Multiple buffer overflows in Exim before 4.43 may allow attackers to execute arbitrary code via (1) an IPv6 address with more than 8 components, as demonstrated using the -be command line option, which triggers an overflow in the host_aton function, or (2) the -bh command line option or dnsdb PTR lookup, which triggers an overflow in the dns_build_reverse function.

Red Hat Enterprise Linux 4 2005-02-15T00:00:00 RHSA-2005:025 exim-0:4.43-1.RHEL4.3 https://www.cve.org/CVERecord?id=CVE-2005-0021 https://nvd.nist.gov/vuln/detail/CVE-2005-0021 Moderate 2005-01-04T00:00:00 security flaw

Buffer overflow in the spa_base64_to_bits function in Exim before 4.43, as originally obtained from Samba code, and as called by the auth_spa_client function, may allow attackers to execute arbitrary code during SPA authentication.

Red Hat Enterprise Linux 4 2005-02-15T00:00:00 RHSA-2005:025 exim-0:4.43-1.RHEL4.3 https://www.cve.org/CVERecord?id=CVE-2005-0022 https://nvd.nist.gov/vuln/detail/CVE-2005-0022 Important 2005-01-18T00:00:00 security flaw

Buffer overflow in the Decrypt::makeFileKey2 function in Decrypt.cc for xpdf 3.00 and earlier allows remote attackers to execute arbitrary code via a PDF file with a large /Encrypt /Length keyLength value.

Red Hat Enterprise Linux 3 2005-02-01T00:00:00 RHSA-2005:049 cups-1:1.1.17-13.3.24 Red Hat Enterprise Linux 3 2005-01-26T00:00:00 RHSA-2005:059 xpdf-1:2.02-9.5 Red Hat Enterprise Linux 4 2005-03-16T00:00:00 RHSA-2005:026 tetex-0:2.0.2-22.EL4.4 Red Hat Enterprise Linux 4 2005-02-15T00:00:00 RHSA-2005:034 xpdf-1:3.00-11.5 Red Hat Enterprise Linux 4 2005-02-15T00:00:00 RHSA-2005:053 cups-1:1.1.22-0.rc1.9.6 Red Hat Enterprise Linux 4 2005-02-15T00:00:00 RHSA-2005:057 gpdf-0:2.8.2-4.3 Red Hat Enterprise Linux 4 2005-02-15T00:00:00 RHSA-2005:066 kdegraphics-7:3.3.1-3.3 https://www.cve.org/CVERecord?id=CVE-2005-0064 https://nvd.nist.gov/vuln/detail/CVE-2005-0064 Low 2005-01-09T00:00:00 security flaw

The (1) tcltags or (2) vimspell.sh scripts in vim 6.3 allow local users to overwrite or create arbitrary files via a symlink attack on temporary files.

Red Hat Enterprise Linux 3 2005-02-18T00:00:00 RHSA-2005:122 vim-1:6.3.046-0.30E.3 Red Hat Enterprise Linux 4 2005-02-15T00:00:00 RHSA-2005:036 vim-1:6.3.046-0.40E.4 https://www.cve.org/CVERecord?id=CVE-2005-0069 https://nvd.nist.gov/vuln/detail/CVE-2005-0069 Low 2005-01-22T00:00:00 security flaw

prefs.php in SquirrelMail before 1.4.4, with register_globals enabled, allows remote attackers to inject local code into the SquirrelMail code via custom preference handlers.

Red Hat Enterprise Linux 3 2005-02-10T00:00:00 RHSA-2005:135 squirrelmail-0:1.4.3a-9.EL3 Red Hat Enterprise Linux 4 2005-02-15T00:00:00 RHSA-2005:099 squirrelmail-0:1.4.3a-9.EL4 https://www.cve.org/CVERecord?id=CVE-2005-0075 https://nvd.nist.gov/vuln/detail/CVE-2005-0075 Low 2005-01-25T00:00:00 security flaw

The DBI library (libdbi-perl) for Perl allows local users to overwrite arbitrary files via a symlink attack on a temporary PID file.

Red Hat Enterprise Linux 3 2005-02-01T00:00:00 RHSA-2005:069 perl-DBI-0:1.32-9 Red Hat Enterprise Linux 4 2005-02-15T00:00:00 RHSA-2005:072 perl-DBI-0:1.40-8 https://www.cve.org/CVERecord?id=CVE-2005-0077 https://nvd.nist.gov/vuln/detail/CVE-2005-0077 Moderate 2005-01-26T00:00:00 security flaw

The KDE screen saver in KDE before 3.0.5 does not properly check the return value from a certain function call, which allows attackers with physical access to cause a crash and access the desktop session.

Red Hat Enterprise Linux 3 2005-02-10T00:00:00 RHSA-2005:009 kdebase-6:3.1.3-5.8 Red Hat Enterprise Linux 3 2005-02-10T00:00:00 RHSA-2005:009 kdelibs-6:3.1.3-6.9 https://www.cve.org/CVERecord?id=CVE-2005-0078 https://nvd.nist.gov/vuln/detail/CVE-2005-0078 Moderate 2005-01-19T00:00:00 security flaw

Buffer overflow in the X11 dissector in Ethereal 0.8.10 through 0.10.8 allows remote attackers to execute arbitrary code via a crafted packet.

Red Hat Enterprise Linux 3 2005-02-02T00:00:00 RHSA-2005:011 ethereal-0:0.10.9-1.EL3.1 https://www.cve.org/CVERecord?id=CVE-2005-0084 https://nvd.nist.gov/vuln/detail/CVE-2005-0084 Moderate 2005-12-03T00:00:00 security flaw

Cross-site scripting (XSS) vulnerability in ht://dig (htdig) before 3.1.6-r7 allows remote attackers to execute arbitrary web script or HTML via the config parameter, which is not properly sanitized before it is displayed in an error message.

Not vulnerable. These issues did not affect the versions of htdig as shipped with Red Hat Enterprise Linux 2.1, 3, or 4. http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=144263 Red Hat Enterprise Linux 4 2005-02-15T00:00:00 RHSA-2005:090 htdig-3:3.2.0b6-3.40.1 https://www.cve.org/CVERecord?id=CVE-2005-0085 https://nvd.nist.gov/vuln/detail/CVE-2005-0085 Important 2005-01-19T00:00:00 security flaw

Heap-based buffer overflow in less in Red Hat Enterprise Linux 3 allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted file, as demonstrated using the UTF-8 locale.

Red Hat Enterprise Linux 3 2005-01-26T00:00:00 RHSA-2005:068 less-0:378-12 https://www.cve.org/CVERecord?id=CVE-2005-0086 https://nvd.nist.gov/vuln/detail/CVE-2005-0086 Moderate 2005-02-15T00:00:00 security flaw

The alsa-lib package in Red Hat Linux 4 disables stack protection for the libasound.so library, which makes it easier for attackers to execute arbitrary code if there are other vulnerabilities in the library.

Red Hat Enterprise Linux 4 2005-02-15T00:00:00 RHSA-2005:033 alsa-lib-0:1.0.6-5.RHEL4 https://www.cve.org/CVERecord?id=CVE-2005-0087 https://nvd.nist.gov/vuln/detail/CVE-2005-0087 Moderate 2005-02-10T00:00:00 security flaw

The publisher handler for mod_python 2.7.8 and earlier allows remote attackers to obtain access to restricted objects via a crafted URL.

Red Hat Enterprise Linux 3 2005-02-10T00:00:00 RHSA-2005:104 mod_python-0:3.0.3-5.ent Red Hat Enterprise Linux 4 2005-02-15T00:00:00 RHSA-2005:100 mod_python-0:3.1.3-5.1 https://www.cve.org/CVERecord?id=CVE-2005-0088 https://nvd.nist.gov/vuln/detail/CVE-2005-0088 Important 2005-02-03T00:00:00 security flaw

The SimpleXMLRPCServer library module in Python 2.2, 2.3 before 2.3.5, and 2.4, when used by XML-RPC servers that use the register_instance method to register an object without a _dispatch method, allows remote attackers to read or modify globals of the associated module, and possibly execute arbitrary code, via dotted attributes.

Red Hat Enterprise Linux 3 2005-02-14T00:00:00 RHSA-2005:109 python-0:2.2.3-6.1 Red Hat Enterprise Linux 4 2005-02-15T00:00:00 RHSA-2005:108 python-0:2.3.4-14.1 https://www.cve.org/CVERecord?id=CVE-2005-0089 https://nvd.nist.gov/vuln/detail/CVE-2005-0089 Important 2005-02-18T00:00:00 security flaw

A regression error in the Red Hat Enterprise Linux 4 kernel 4GB/4GB split patch omits an "access check," which allows local users to cause a denial of service (crash).

Red Hat Enterprise Linux 4 2005-02-18T00:00:00 RHSA-2005:092 kernel-0:2.6.9-5.0.3.EL https://www.cve.org/CVERecord?id=CVE-2005-0090 https://nvd.nist.gov/vuln/detail/CVE-2005-0090 Important 2005-02-18T00:00:00 security flaw

Unknown vulnerability in the Red Hat Enterprise Linux 4 kernel 4GB/4GB split patch, when using the hugemem kernel, allows local users to read and write to arbitrary kernel memory and gain privileges via certain syscalls.

Red Hat Enterprise Linux 4 2005-02-18T00:00:00 RHSA-2005:092 kernel-0:2.6.9-5.0.3.EL https://www.cve.org/CVERecord?id=CVE-2005-0091 https://nvd.nist.gov/vuln/detail/CVE-2005-0091 Important 2005-02-18T00:00:00 security flaw

Unknown vulnerability in the Red Hat Enterprise Linux 4 kernel 4GB/4GB split patch, when running on x86 with the hugemem kernel, allows local users to cause a denial of service (crash).

Red Hat Enterprise Linux 4 2005-02-18T00:00:00 RHSA-2005:092 kernel-0:2.6.9-5.0.3.EL https://www.cve.org/CVERecord?id=CVE-2005-0092 https://nvd.nist.gov/vuln/detail/CVE-2005-0092 2005-01-12T00:00:00 security flaw

Buffer overflow in the gopherToHTML function in the Gopher reply parser for Squid 2.5.STABLE7 and earlier allows remote malicious Gopher servers to cause a denial of service (crash) via crafted responses.

Red Hat Enterprise Linux 3 2005-02-11T00:00:00 RHSA-2005:061 squid-7:2.5.STABLE3-6.3E.7 Red Hat Enterprise Linux 4 2005-02-15T00:00:00 RHSA-2005:060 squid-7:2.5.STABLE6-3.4E.3 https://www.cve.org/CVERecord?id=CVE-2005-0094 https://nvd.nist.gov/vuln/detail/CVE-2005-0094 2005-01-12T00:00:00 security flaw

The WCCP message parsing code in Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service (crash) via malformed WCCP messages with source addresses that are spoofed to reference Squid's home router and invalid WCCP_I_SEE_YOU cache numbers.

Red Hat Enterprise Linux 3 2005-02-11T00:00:00 RHSA-2005:061 squid-7:2.5.STABLE3-6.3E.7 Red Hat Enterprise Linux 4 2005-02-15T00:00:00 RHSA-2005:060 squid-7:2.5.STABLE6-3.4E.3 https://www.cve.org/CVERecord?id=CVE-2005-0095 https://nvd.nist.gov/vuln/detail/CVE-2005-0095 2005-01-08T00:00:00 security flaw

Memory leak in the NTLM fakeauth_auth helper for Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service (memory consumption).

Red Hat Enterprise Linux 3 2005-02-11T00:00:00 RHSA-2005:061 squid-7:2.5.STABLE3-6.3E.7 Red Hat Enterprise Linux 4 2005-02-15T00:00:00 RHSA-2005:060 squid-7:2.5.STABLE6-3.4E.3 https://www.cve.org/CVERecord?id=CVE-2005-0096 https://nvd.nist.gov/vuln/detail/CVE-2005-0096 2005-01-08T00:00:00 security flaw

The NTLM component in Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service (crash) via a malformed NTLM type 3 message that triggers a NULL dereference.

Red Hat Enterprise Linux 3 2005-02-11T00:00:00 RHSA-2005:061 squid-7:2.5.STABLE3-6.3E.7 Red Hat Enterprise Linux 4 2005-02-15T00:00:00 RHSA-2005:060 squid-7:2.5.STABLE6-3.4E.3 https://www.cve.org/CVERecord?id=CVE-2005-0097 https://nvd.nist.gov/vuln/detail/CVE-2005-0097 Important 2005-02-06T00:00:00 security flaw

Format string vulnerability in the movemail utility in (1) Emacs 20.x, 21.3, and possibly other versions, and (2) XEmacs 21.4 and earlier, allows remote malicious POP3 servers to execute arbitrary code via crafted packets.

Red Hat Enterprise Linux 3 2005-02-10T00:00:00 RHSA-2005:112 emacs-0:21.3-4.1 Red Hat Enterprise Linux 3 2005-02-10T00:00:00 RHSA-2005:134 xemacs-0:21.4.13-8.ent.1 Red Hat Enterprise Linux 4 2005-02-15T00:00:00 RHSA-2005:110 emacs-0:21.3-19.EL.1 Red Hat Enterprise Linux 4 2005-02-15T00:00:00 RHSA-2005:133 xemacs-0:21.4.15-10.EL.1 https://www.cve.org/CVERecord?id=CVE-2005-0100 https://nvd.nist.gov/vuln/detail/CVE-2005-0100 Low 2005-01-18T00:00:00 security flaw

Integer overflow in camel-lock-helper in Evolution 2.0.2 and earlier allows local users or remote malicious POP3 servers to execute arbitrary code via a length value of -1, which leads to a zero byte memory allocation and a buffer overflow.

Red Hat Enterprise Linux 3 2005-05-19T00:00:00 RHSA-2005:238 evolution-0:1.4.5-14 Red Hat Enterprise Linux 4 2005-05-04T00:00:00 RHSA-2005:397 evolution-0:2.0.2-16 https://www.cve.org/CVERecord?id=CVE-2005-0102 https://nvd.nist.gov/vuln/detail/CVE-2005-0102 Low 2005-01-22T00:00:00 security flaw

PHP remote file inclusion vulnerability in webmail.php in SquirrelMail before 1.4.4 allows remote attackers to execute arbitrary PHP code by modifying a URL parameter to reference a URL on a remote web server that contains the code.

Red Hat Enterprise Linux 3 2005-02-10T00:00:00 RHSA-2005:135 squirrelmail-0:1.4.3a-9.EL3 Red Hat Enterprise Linux 4 2005-02-15T00:00:00 RHSA-2005:099 squirrelmail-0:1.4.3a-9.EL4 https://www.cve.org/CVERecord?id=CVE-2005-0103 https://nvd.nist.gov/vuln/detail/CVE-2005-0103 Low 2005-01-22T00:00:00 security flaw

Cross-site scripting (XSS) vulnerability in webmail.php in SquirrelMail before 1.4.4 allows remote attackers to inject arbitrary web script or HTML via certain integer variables.

Red Hat Enterprise Linux 3 2005-02-10T00:00:00 RHSA-2005:135 squirrelmail-0:1.4.3a-9.EL3 Red Hat Enterprise Linux 4 2005-02-15T00:00:00 RHSA-2005:099 squirrelmail-0:1.4.3a-9.EL4 https://www.cve.org/CVERecord?id=CVE-2005-0104 https://nvd.nist.gov/vuln/detail/CVE-2005-0104 Moderate 2005-05-13T00:00:00 security flaw

Hyper-Threading technology, as used in FreeBSD and other operating systems that are run on Intel Pentium and other processors, allows local users to use a malicious thread to create covert channels, monitor the execution of other threads, and obtain sensitive information such as cryptographic keys, via a timing attack on memory cache misses.

Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Red Hat Enterprise Linux 3 2005-06-01T00:00:00 RHSA-2005:476 openssl-0:0.9.7a-33.15 Red Hat Enterprise Linux 3 2005-06-01T00:00:00 RHSA-2005:476 openssl096b-0:0.9.6b-16.22.3 Red Hat Enterprise Linux 3 2005-10-11T00:00:00 RHSA-2005:800 openssl-0:0.9.7a-33.17 Red Hat Enterprise Linux 3 2005-10-11T00:00:00 RHSA-2005:800 openssl096b-0:0.9.6b-16.22.4 Red Hat Enterprise Linux 4 2005-06-01T00:00:00 RHSA-2005:476 openssl-0:0.9.7a-43.2 Red Hat Enterprise Linux 4 2005-06-01T00:00:00 RHSA-2005:476 openssl096b-0:0.9.6b-22.3 Red Hat Enterprise Linux 4 2005-10-11T00:00:00 RHSA-2005:800 openssl-0:0.9.7a-43.4 Red Hat Enterprise Linux 4 2005-10-11T00:00:00 RHSA-2005:800 openssl096b-0:0.9.6b-22.4 Red Hat Stronghold 4 2005-12-19T00:00:00 RHSA-2005:882 https://www.cve.org/CVERecord?id=CVE-2005-0109 https://nvd.nist.gov/vuln/detail/CVE-2005-0109 Moderate 2005-01-10T00:00:00 security flaw

The coda_pioctl function in the coda functionality (pioctl.c) for Linux kernel 2.6.9 and 2.4.x before 2.4.29 may allow local users to cause a denial of service (crash) or execute arbitrary code via negative vi.in_size or vi.out_size values, which may trigger a buffer overflow.

Red Hat Enterprise Linux 3 2005-09-28T00:00:00 RHSA-2005:663 kernel-0:2.4.21-37.EL Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2006-02-01T00:00:00 RHSA-2006:0191 Red Hat Enterprise Linux ES version 2.1 2006-02-01T00:00:00 RHSA-2006:0191 Red Hat Enterprise Linux WS version 2.1 2006-02-01T00:00:00 RHSA-2006:0191 https://www.cve.org/CVERecord?id=CVE-2005-0124 https://nvd.nist.gov/vuln/detail/CVE-2005-0124 Important 2005-03-11T00:00:00 security flaw

The unw_unwind_to_user function in unwind.c on Itanium (ia64) architectures in Linux kernel 2.6 allows local users to cause a denial of service (system crash).

Red Hat Enterprise Linux 3 2005-04-22T00:00:00 RHSA-2005:293 kernel-0:2.4.21-27.0.4.EL Red Hat Enterprise Linux 4 2005-04-19T00:00:00 RHSA-2005:366 kernel-0:2.6.9-5.0.5.EL Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2005-04-28T00:00:00 RHSA-2005:284 Red Hat Linux Advanced Workstation 2.1 2005-04-28T00:00:00 RHSA-2005:284 https://www.cve.org/CVERecord?id=CVE-2005-0135 https://nvd.nist.gov/vuln/detail/CVE-2005-0135 Important 2005-03-11T00:00:00 security flaw

The Linux kernel before 2.6.11 on the Itanium IA64 platform has certain "ptrace corner cases" that allow local users to cause a denial of service (crash) via crafted syscalls, possibly related to MCA/INIT, a different vulnerability than CVE-2005-1761.

Red Hat Enterprise Linux 3 2005-09-28T00:00:00 RHSA-2005:663 kernel-0:2.4.21-37.EL Red Hat Enterprise Linux 4 2005-06-08T00:00:00 RHSA-2005:420 kernel-0:2.6.9-11.EL https://www.cve.org/CVERecord?id=CVE-2005-0136 https://nvd.nist.gov/vuln/detail/CVE-2005-0136 Important 2005-03-11T00:00:00 security flaw

Linux kernel 2.6 on Itanium (ia64) architectures allows local users to cause a denial of service via a "missing Itanium syscall table entry."

Red Hat Enterprise Linux 3 2005-04-22T00:00:00 RHSA-2005:293 kernel-0:2.4.21-27.0.4.EL Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2005-04-28T00:00:00 RHSA-2005:284 Red Hat Linux Advanced Workstation 2.1 2005-04-28T00:00:00 RHSA-2005:284 https://www.cve.org/CVERecord?id=CVE-2005-0137 https://nvd.nist.gov/vuln/detail/CVE-2005-0137 Low 2005-01-19T00:00:00 security flaw

Firefox before 1.0 and Mozilla before 1.7.5 allow remote attackers to load local files via links "with a custom getter and toString method" that are middle-clicked by the user to be opened in a new tab.

Red Hat Enterprise Linux 4 2005-03-23T00:00:00 RHSA-2005:335 devhelp-0:0.9.2-2.4.3 Red Hat Enterprise Linux 4 2005-03-23T00:00:00 RHSA-2005:335 evolution-0:2.0.2-14 https://www.cve.org/CVERecord?id=CVE-2005-0141 https://nvd.nist.gov/vuln/detail/CVE-2005-0141 Moderate 2005-01-20T00:00:00 security flaw

Firefox 0.9, Thunderbird 0.6 and other versions before 0.9, and Mozilla 1.7 before 1.7.5 save temporary files with world-readable permissions, which allows local users to read certain web content or attachments that belong to other users, e.g. content that is managed by helper applications such as PDF.

Red Hat Enterprise Linux 4 2005-03-23T00:00:00 RHSA-2005:335 devhelp-0:0.9.2-2.4.3 Red Hat Enterprise Linux 4 2005-03-23T00:00:00 RHSA-2005:335 evolution-0:2.0.2-14 https://www.cve.org/CVERecord?id=CVE-2005-0142 https://nvd.nist.gov/vuln/detail/CVE-2005-0142 Low 2005-01-20T00:00:00 security flaw

Firefox before 1.0 and Mozilla before 1.7.5 display the SSL lock icon when an insecure page loads a binary file from a trusted site, which could facilitate phishing attacks.

Red Hat Enterprise Linux 4 2005-03-23T00:00:00 RHSA-2005:335 devhelp-0:0.9.2-2.4.3 Red Hat Enterprise Linux 4 2005-03-23T00:00:00 RHSA-2005:335 evolution-0:2.0.2-14 https://www.cve.org/CVERecord?id=CVE-2005-0143 https://nvd.nist.gov/vuln/detail/CVE-2005-0143 Low 2005-01-20T00:00:00 security flaw

Firefox before 1.0 and Mozilla before 1.7.5 display the secure site lock icon when a view-source: URL references a secure SSL site while an insecure page is being loaded, which could facilitate phishing attacks.

Red Hat Enterprise Linux 4 2005-03-23T00:00:00 RHSA-2005:335 devhelp-0:0.9.2-2.4.3 Red Hat Enterprise Linux 4 2005-03-23T00:00:00 RHSA-2005:335 evolution-0:2.0.2-14 https://www.cve.org/CVERecord?id=CVE-2005-0144 https://nvd.nist.gov/vuln/detail/CVE-2005-0144 Moderate 2005-01-20T00:00:00 security flaw

Firefox before 1.0 and Mozilla before 1.7.5 allow remote attackers to obtain sensitive data from the clipboard via Javascript that generates a middle-click event on systems for which a middle-click performs a paste operation.

Red Hat Enterprise Linux 4 2005-02-15T00:00:00 RHSA-2005:094 thunderbird-0:1.0-1.1.EL4 Red Hat Enterprise Linux 4 2005-03-23T00:00:00 RHSA-2005:335 devhelp-0:0.9.2-2.4.3 Red Hat Enterprise Linux 4 2005-03-23T00:00:00 RHSA-2005:335 evolution-0:2.0.2-14 https://www.cve.org/CVERecord?id=CVE-2005-0146 https://nvd.nist.gov/vuln/detail/CVE-2005-0146 Important 2005-01-20T00:00:00 security flaw

Firefox before 1.0 and Mozilla before 1.7.5, when configured to use a proxy, respond to 407 proxy auth requests from arbitrary servers, which allows remote attackers to steal NTLM or SPNEGO credentials.

https://www.cve.org/CVERecord?id=CVE-2005-0147 https://nvd.nist.gov/vuln/detail/CVE-2005-0147 Moderate 2005-01-20T00:00:00 security flaw

Thunderbird 0.6 through 0.9 and Mozilla 1.7 through 1.7.3 does not obey the network.cookie.disableCookieForMailNews preference, which could allow remote attackers to bypass the user's intended privacy and security policy by using cookies in e-mail messages.

Red Hat Enterprise Linux 4 2005-02-15T00:00:00 RHSA-2005:094 thunderbird-0:1.0-1.1.EL4 Red Hat Enterprise Linux 4 2005-03-23T00:00:00 RHSA-2005:335 devhelp-0:0.9.2-2.4.3 Red Hat Enterprise Linux 4 2005-03-23T00:00:00 RHSA-2005:335 evolution-0:2.0.2-14 https://www.cve.org/CVERecord?id=CVE-2005-0149 https://nvd.nist.gov/vuln/detail/CVE-2005-0149 Moderate 2005-02-01T00:00:00 security flaw

The PerlIO implementation in Perl 5.8.0, when installed with setuid support (sperl), allows local users to create arbitrary files via the PERLIO_DEBUG variable.

Red Hat Enterprise Linux 3 2005-02-07T00:00:00 RHSA-2005:105 perl-2:5.8.0-89.10 Red Hat Enterprise Linux 4 2005-02-15T00:00:00 RHSA-2005:103 perl-3:5.8.5-12.1 https://www.cve.org/CVERecord?id=CVE-2005-0155 https://nvd.nist.gov/vuln/detail/CVE-2005-0155 Important 2005-02-01T00:00:00 security flaw

Buffer overflow in the PerlIO implementation in Perl 5.8.0, when installed with setuid support (sperl), allows local users to execute arbitrary code by setting the PERLIO_DEBUG variable and executing a Perl script whose full pathname contains a long directory tree.

Red Hat Enterprise Linux 3 2005-02-07T00:00:00 RHSA-2005:105 perl-2:5.8.0-89.10 Red Hat Enterprise Linux 4 2005-02-15T00:00:00 RHSA-2005:103 perl-3:5.8.5-12.1 https://www.cve.org/CVERecord?id=CVE-2005-0156 https://nvd.nist.gov/vuln/detail/CVE-2005-0156 2005-01-10T00:00:00 security flaw

squid_ldap_auth in Squid 2.5 and earlier allows remote authenticated users to bypass username-based Access Control Lists (ACLs) via a username with a space at the beginning or end, which is ignored by the LDAP server.

Red Hat Enterprise Linux 3 2005-02-11T00:00:00 RHSA-2005:061 squid-7:2.5.STABLE3-6.3E.7 Red Hat Enterprise Linux 4 2005-02-15T00:00:00 RHSA-2005:060 squid-7:2.5.STABLE6-3.4E.3 https://www.cve.org/CVERecord?id=CVE-2005-0173 https://nvd.nist.gov/vuln/detail/CVE-2005-0173 2005-01-31T00:00:00 security flaw

Squid 2.5 up to 2.5.STABLE7 allows remote attackers to poison the cache or conduct certain attacks via headers that do not follow the HTTP specification, including (1) multiple Content-Length headers, (2) carriage return (CR) characters that are not part of a CRLF pair, and (3) header names containing whitespace characters.

Red Hat Enterprise Linux 3 2005-02-11T00:00:00 RHSA-2005:061 squid-7:2.5.STABLE3-6.3E.7 Red Hat Enterprise Linux 4 2005-02-15T00:00:00 RHSA-2005:060 squid-7:2.5.STABLE6-3.4E.3 https://www.cve.org/CVERecord?id=CVE-2005-0174 https://nvd.nist.gov/vuln/detail/CVE-2005-0174 2005-01-31T00:00:00 security flaw

Squid 2.5 up to 2.5.STABLE7 allows remote attackers to poison the cache via an HTTP response splitting attack.

Red Hat Enterprise Linux 3 2005-02-11T00:00:00 RHSA-2005:061 squid-7:2.5.STABLE3-6.3E.7 Red Hat Enterprise Linux 4 2005-02-15T00:00:00 RHSA-2005:060 squid-7:2.5.STABLE6-3.4E.3 https://www.cve.org/CVERecord?id=CVE-2005-0175 https://nvd.nist.gov/vuln/detail/CVE-2005-0175 Moderate 2005-02-15T00:00:00 security flaw

The shmctl function in Linux 2.6.9 and earlier allows local users to unlock the memory of other processes, which could cause sensitive memory to be swapped to disk, which could allow it to be read by other users once it has been released.

Red Hat Enterprise Linux 3 2005-05-25T00:00:00 RHSA-2005:472 kernel-0:2.4.21-32.0.1.EL Red Hat Enterprise Linux 4 2005-02-18T00:00:00 RHSA-2005:092 kernel-0:2.6.9-5.0.3.EL https://www.cve.org/CVERecord?id=CVE-2005-0176 https://nvd.nist.gov/vuln/detail/CVE-2005-0176 Important 2005-02-15T00:00:00 security flaw

nls_ascii.c in Linux before 2.6.8.1 uses an incorrect table size, which allows attackers to cause a denial of service (kernel crash) via a buffer overflow.

Red Hat Enterprise Linux 4 2005-02-18T00:00:00 RHSA-2005:092 kernel-0:2.6.9-5.0.3.EL https://www.cve.org/CVERecord?id=CVE-2005-0177 https://nvd.nist.gov/vuln/detail/CVE-2005-0177 Important 2005-02-15T00:00:00 security flaw

Race condition in the setsid function in Linux before 2.6.8.1 allows local users to cause a denial of service (crash) and possibly access portions of kernel memory, related to TTY changes, locking, and semaphores.

Red Hat Enterprise Linux 4 2005-02-18T00:00:00 RHSA-2005:092 kernel-0:2.6.9-5.0.3.EL https://www.cve.org/CVERecord?id=CVE-2005-0178 https://nvd.nist.gov/vuln/detail/CVE-2005-0178 Important 2005-01-07T00:00:00 security flaw

Linux kernel 2.4.x and 2.6.x allows local users to cause a denial of service (CPU and memory consumption) and bypass RLIM_MEMLOCK limits via the mlockall call.

Red Hat Enterprise Linux 3 2005-09-28T00:00:00 RHSA-2005:663 kernel-0:2.4.21-37.EL Red Hat Enterprise Linux 4 2005-02-18T00:00:00 RHSA-2005:092 kernel-0:2.6.9-5.0.3.EL https://www.cve.org/CVERecord?id=CVE-2005-0179 https://nvd.nist.gov/vuln/detail/CVE-2005-0179 Important 2005-01-07T00:00:00 security flaw

Multiple integer signedness errors in the sg_scsi_ioctl function in scsi_ioctl.c for Linux 2.6.x allow local users to read or modify kernel memory via negative integers in arguments to the scsi ioctl, which bypass a maximum length check before calling the copy_from_user and copy_to_user functions.

Red Hat Enterprise Linux 4 2005-02-18T00:00:00 RHSA-2005:092 kernel-0:2.6.9-5.0.3.EL https://www.cve.org/CVERecord?id=CVE-2005-0180 https://nvd.nist.gov/vuln/detail/CVE-2005-0180 Critical 2004-09-28T00:00:00 security flaw

Stack-based buffer overflow in the HandleAction function in RealPlayer 10.5 (6.0.12.1040) and earlier allows remote attackers to execute arbitrary code via a long ShowPreferences argument.

Red Hat Desktop version 3 Extras 2005-03-21T00:00:00 RHSA-2005:299 https://www.cve.org/CVERecord?id=CVE-2005-0189 https://nvd.nist.gov/vuln/detail/CVE-2005-0189 Critical 2004-09-28T00:00:00 security flaw

Off-by-one buffer overflow in the processing of tags in Real Metadata Package (RMP) files in RealPlayer 10.5 (6.0.12.1040) and earlier could allow remote attackers to execute arbitrary code via a long tag.

Red Hat Desktop version 3 Extras 2005-03-21T00:00:00 RHSA-2005:299 https://www.cve.org/CVERecord?id=CVE-2005-0191 https://nvd.nist.gov/vuln/detail/CVE-2005-0191 Moderate 2005-01-27T00:00:00 security flaw

A logic error in the CRAM-MD5 code for the University of Washington IMAP (UW-IMAP) server, when Challenge-Response Authentication Mechanism with MD5 (CRAM-MD5) is enabled, does not properly enforce all the required conditions for successful authentication, which allows remote attackers to authenticate as arbitrary users.

Red Hat Enterprise Linux 3 2005-02-23T00:00:00 RHSA-2005:128 imap-1:2002d-11 https://www.cve.org/CVERecord?id=CVE-2005-0198 https://nvd.nist.gov/vuln/detail/CVE-2005-0198 Low 2005-01-31T00:00:00 security flaw

D-BUS (dbus) before 0.22 does not properly restrict access to a socket, if the socket address is known, which allows local users to listen or send arbitrary messages on another user's per-user session bus via that socket.

Red Hat Enterprise Linux 4 2005-06-08T00:00:00 RHSA-2005:102 dbus-0:0.22-12.EL.2 https://www.cve.org/CVERecord?id=CVE-2005-0201 https://nvd.nist.gov/vuln/detail/CVE-2005-0201 Important 2005-02-09T00:00:00 security flaw

Directory traversal vulnerability in the true_path function in private.py for Mailman 2.1.5 and earlier allows remote attackers to read arbitrary files via ".../....///" sequences, which are not properly cleansed by regular expressions that are intended to remove "../" and "./" sequences.

Red Hat Enterprise Linux 3 2005-02-10T00:00:00 RHSA-2005:136 mailman-3:2.1.5-24.rhel3 Red Hat Enterprise Linux 4 2005-02-15T00:00:00 RHSA-2005:137 mailman-3:2.1.5-31.rhel4 https://www.cve.org/CVERecord?id=CVE-2005-0202 https://nvd.nist.gov/vuln/detail/CVE-2005-0202 Important 2005-01-26T00:00:00 security flaw

Linux kernel before 2.6.9, when running on the AMD64 and Intel EM64T architectures, allows local users to write to privileged IO ports via the OUTS instruction.

Red Hat Enterprise Linux 3 2005-04-22T00:00:00 RHSA-2005:293 kernel-0:2.4.21-27.0.4.EL Red Hat Enterprise Linux 4 2005-02-18T00:00:00 RHSA-2005:092 kernel-0:2.6.9-5.0.3.EL https://www.cve.org/CVERecord?id=CVE-2005-0204 https://nvd.nist.gov/vuln/detail/CVE-2005-0204 Low 2005-02-28T00:00:00 security flaw

KPPP 2.1.2 in KDE 3.1.5 and earlier, when setuid root without certain wrappers, does not properly close a privileged file descriptor for a domain socket, which allows local users to read and write to /etc/hosts and /etc/resolv.conf and gain control over DNS name resolution by opening a number of file descriptors before executing kppp.

Red Hat Enterprise Linux 3 2005-03-03T00:00:00 RHSA-2005:175 kdenetwork-7:3.1.3-1.8 https://www.cve.org/CVERecord?id=CVE-2005-0205 https://nvd.nist.gov/vuln/detail/CVE-2005-0205 Important 2004-10-20T00:00:00 security flaw

The patch for integer overflow vulnerabilities in Xpdf 2.0 and 3.0 (CVE-2004-0888) is incomplete for 64-bit architectures on certain Linux distributions such as Red Hat, which could leave Xpdf users exposed to the original vulnerabilities.

Red Hat Enterprise Linux 3 2005-02-18T00:00:00 RHSA-2005:132 cups-1:1.1.17-13.3.27 Red Hat Enterprise Linux 3 2005-03-04T00:00:00 RHSA-2005:213 xpdf-1:2.02-9.6 Red Hat Enterprise Linux 4 2005-02-15T00:00:00 RHSA-2005:034 xpdf-1:3.00-11.5 Red Hat Enterprise Linux 4 2005-02-15T00:00:00 RHSA-2005:053 cups-1:1.1.22-0.rc1.9.6 Red Hat Enterprise Linux 4 2005-02-15T00:00:00 RHSA-2005:057 gpdf-0:2.8.2-4.3 https://www.cve.org/CVERecord?id=CVE-2005-0206 https://nvd.nist.gov/vuln/detail/CVE-2005-0206 Important 2005-01-04T00:00:00 security flaw

Unknown vulnerability in Linux kernel 2.4.x, 2.5.x, and 2.6.x allows NFS clients to cause a denial of service via O_DIRECT.

Red Hat Enterprise Linux 4 2005-04-19T00:00:00 RHSA-2005:366 kernel-0:2.6.9-5.0.5.EL https://www.cve.org/CVERecord?id=CVE-2005-0207 https://nvd.nist.gov/vuln/detail/CVE-2005-0207 Important 2005-02-24T00:00:00 security flaw

The HTML parsing functions in Gaim before 1.1.4 allow remote attackers to cause a denial of service (application crash) via malformed HTML that causes "an invalid memory access," a different vulnerability than CVE-2005-0473.

https://www.cve.org/CVERecord?id=CVE-2005-0208 https://nvd.nist.gov/vuln/detail/CVE-2005-0208 Important 2005-01-24T00:00:00 security flaw

Netfilter in Linux kernel 2.6.8.1 allows remote attackers to cause a denial of service (kernel crash) via crafted IP packet fragments.

Red Hat Enterprise Linux 4 2005-06-08T00:00:00 RHSA-2005:420 kernel-0:2.6.9-11.EL https://www.cve.org/CVERecord?id=CVE-2005-0209 https://nvd.nist.gov/vuln/detail/CVE-2005-0209 Moderate 2005-01-30T00:00:00 security flaw

Netfilter in the Linux kernel 2.6.8.1 allows local users to cause a denial of service (memory consumption) via certain packet fragments that are reassembled twice, which causes a data structure to be allocated twice.

Red Hat Enterprise Linux 3 2005-09-28T00:00:00 RHSA-2005:663 kernel-0:2.4.21-37.EL Red Hat Enterprise Linux 4 2005-04-19T00:00:00 RHSA-2005:366 kernel-0:2.6.9-5.0.5.EL https://www.cve.org/CVERecord?id=CVE-2005-0210 https://nvd.nist.gov/vuln/detail/CVE-2005-0210 Important 2005-01-28T00:00:00 security flaw

Buffer overflow in wccp.c in Squid 2.5 before 2.5.STABLE7 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long WCCP packet, which is processed by a recvfrom function call that uses an incorrect length parameter.

Red Hat Enterprise Linux 3 2005-02-11T00:00:00 RHSA-2005:061 squid-7:2.5.STABLE3-6.3E.7 Red Hat Enterprise Linux 4 2005-02-15T00:00:00 RHSA-2005:060 squid-7:2.5.STABLE6-3.4E.3 https://www.cve.org/CVERecord?id=CVE-2005-0211 https://nvd.nist.gov/vuln/detail/CVE-2005-0211 2005-01-21T00:00:00 security flaw

PostgreSQL (pgsql) 7.4.x, 7.2.x, and other versions allows local users to load arbitrary shared libraries and execute code via the LOAD extension.

Red Hat Enterprise Linux 3 2005-02-14T00:00:00 RHSA-2005:141 rh-postgresql-0:7.3.9-2 Red Hat Enterprise Linux 4 2005-02-15T00:00:00 RHSA-2005:138 postgresql-0:7.4.7-2.RHEL4.1 Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2005-02-16T00:00:00 RHSA-2005:150 Red Hat Enterprise Linux ES version 2.1 2005-02-16T00:00:00 RHSA-2005:150 Red Hat Enterprise Linux WS version 2.1 2005-02-16T00:00:00 RHSA-2005:150 Red Hat Linux Advanced Workstation 2.1 2005-02-16T00:00:00 RHSA-2005:150 https://www.cve.org/CVERecord?id=CVE-2005-0227 https://nvd.nist.gov/vuln/detail/CVE-2005-0227 Moderate 2005-02-07T00:00:00 security flaw

Firefox 1.0 does not invoke the Javascript Security Manager when a user drags a javascript: or data: URL to a tab, which allows remote attackers to bypass the security model, aka "firetabbing."

Red Hat Enterprise Linux 4 2005-03-01T00:00:00 RHSA-2005:176 firefox-0:1.0.1-1.4.3 https://www.cve.org/CVERecord?id=CVE-2005-0231 https://nvd.nist.gov/vuln/detail/CVE-2005-0231 Important 2005-02-07T00:00:00 security flaw

Firefox 1.0 allows remote attackers to modify Boolean configuration parameters for the about:config site by using a plugin such as Flash, and the -moz-opacity filter, to display the about:config site then cause the user to double-click at a certain screen position, aka "Fireflashing."

Red Hat Enterprise Linux 4 2005-03-01T00:00:00 RHSA-2005:176 firefox-0:1.0.1-1.4.3 https://www.cve.org/CVERecord?id=CVE-2005-0232 https://nvd.nist.gov/vuln/detail/CVE-2005-0232 Important 2005-02-07T00:00:00 security flaw

The International Domain Name (IDN) support in Firefox 1.0, Camino .8.5, and Mozilla before 1.7.6 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks.

Red Hat Enterprise Linux 4 2005-03-01T00:00:00 RHSA-2005:176 firefox-0:1.0.1-1.4.3 https://www.cve.org/CVERecord?id=CVE-2005-0233 https://nvd.nist.gov/vuln/detail/CVE-2005-0233 Important 2005-02-07T00:00:00 security flaw

The International Domain Name (IDN) support in Konqueror 3.2.1 on KDE 3.2.1 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks.

Red Hat Enterprise Linux 4 2005-03-23T00:00:00 RHSA-2005:325 kdelibs-6:3.3.1-3.6 https://www.cve.org/CVERecord?id=CVE-2005-0237 https://nvd.nist.gov/vuln/detail/CVE-2005-0237 Moderate 2005-01-31T00:00:00 security flaw

The httpProcessReplyHeader function in http.c for Squid 2.5-STABLE7 and earlier does not properly set the debug context when it is handling "oversized" HTTP reply headers, which might allow remote attackers to poison the cache or bypass access controls based on header size.

Red Hat Enterprise Linux 3 2005-02-11T00:00:00 RHSA-2005:061 squid-7:2.5.STABLE3-6.3E.7 Red Hat Enterprise Linux 4 2005-02-15T00:00:00 RHSA-2005:060 squid-7:2.5.STABLE6-3.4E.3 https://www.cve.org/CVERecord?id=CVE-2005-0241 https://nvd.nist.gov/vuln/detail/CVE-2005-0241 Moderate 2005-01-27T00:00:00 security flaw

PostgreSQL 8.0.0 and earlier allows local users to bypass the EXECUTE permission check for functions by using the CREATE AGGREGATE command.

Red Hat Enterprise Linux 3 2005-02-14T00:00:00 RHSA-2005:141 rh-postgresql-0:7.3.9-2 Red Hat Enterprise Linux 4 2005-02-15T00:00:00 RHSA-2005:138 postgresql-0:7.4.7-2.RHEL4.1 https://www.cve.org/CVERecord?id=CVE-2005-0244 https://nvd.nist.gov/vuln/detail/CVE-2005-0244 Moderate 2005-01-20T00:00:00 security flaw

Buffer overflow in gram.y for PostgreSQL 8.0.0 and earlier may allow attackers to execute arbitrary code via a large number of arguments to a refcursor function (gram.y), which leads to a heap-based buffer overflow, a different vulnerability than CVE-2005-0247.

Red Hat Enterprise Linux 3 2005-02-14T00:00:00 RHSA-2005:141 rh-postgresql-0:7.3.9-2 Red Hat Enterprise Linux 4 2005-02-15T00:00:00 RHSA-2005:138 postgresql-0:7.4.7-2.RHEL4.1 Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2005-02-16T00:00:00 RHSA-2005:150 Red Hat Enterprise Linux ES version 2.1 2005-02-16T00:00:00 RHSA-2005:150 Red Hat Enterprise Linux WS version 2.1 2005-02-16T00:00:00 RHSA-2005:150 Red Hat Linux Advanced Workstation 2.1 2005-02-16T00:00:00 RHSA-2005:150 https://www.cve.org/CVERecord?id=CVE-2005-0245 https://nvd.nist.gov/vuln/detail/CVE-2005-0245 Low 2005-01-27T00:00:00 security flaw

The intagg contrib module for PostgreSQL 8.0.0 and earlier allows attackers to cause a denial of service (crash) via crafted arrays.

Red Hat Enterprise Linux 3 2005-02-14T00:00:00 RHSA-2005:141 rh-postgresql-0:7.3.9-2 Red Hat Enterprise Linux 4 2005-02-15T00:00:00 RHSA-2005:138 postgresql-0:7.4.7-2.RHEL4.1 https://www.cve.org/CVERecord?id=CVE-2005-0246 https://nvd.nist.gov/vuln/detail/CVE-2005-0246 2005-02-01T00:00:00 security flaw

Multiple buffer overflows in gram.y for PostgreSQL 8.0.1 and earlier may allow attackers to execute arbitrary code via (1) a large number of variables in a SQL statement being handled by the read_sql_construct function, (2) a large number of INTO variables in a SELECT statement being handled by the make_select_stmt function, (3) a large number of arbitrary variables in a SELECT statement being handled by the make_select_stmt function, and (4) a large number of INTO variables in a FETCH statement being handled by the make_fetch_stmt function, a different set of vulnerabilities than CVE-2005-0245.

Red Hat Enterprise Linux 3 2005-02-14T00:00:00 RHSA-2005:141 rh-postgresql-0:7.3.9-2 Red Hat Enterprise Linux 4 2005-02-15T00:00:00 RHSA-2005:138 postgresql-0:7.4.7-2.RHEL4.1 Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2005-02-16T00:00:00 RHSA-2005:150 Red Hat Enterprise Linux ES version 2.1 2005-02-16T00:00:00 RHSA-2005:150 Red Hat Enterprise Linux WS version 2.1 2005-02-16T00:00:00 RHSA-2005:150 Red Hat Linux Advanced Workstation 2.1 2005-02-16T00:00:00 RHSA-2005:150 https://www.cve.org/CVERecord?id=CVE-2005-0247 https://nvd.nist.gov/vuln/detail/CVE-2005-0247 Important 2005-02-28T00:00:00 security flaw

String handling functions in Mozilla 1.7.3, Firefox 1.0, and Thunderbird before 1.0.2, such as the nsTSubstring_CharT::Replace function, do not properly check the return values of other functions that resize the string, which allows remote attackers to cause a denial of service and possibly execute arbitrary code by forcing an out-of-memory state that causes a reallocation to fail and return a pointer to a fixed address, which leads to heap corruption.

Red Hat Enterprise Linux 4 2005-03-01T00:00:00 RHSA-2005:176 firefox-0:1.0.1-1.4.3 Red Hat Enterprise Linux 4 2005-03-23T00:00:00 RHSA-2005:337 thunderbird-0:1.0.2-1.4.1 https://www.cve.org/CVERecord?id=CVE-2005-0255 https://nvd.nist.gov/vuln/detail/CVE-2005-0255

The wu_fnmatch function in wu_fnmatch.c in wu-ftpd 2.6.1 and 2.6.2 allows remote attackers to cause a denial of service (CPU exhaustion by recursion) via a glob pattern with a large number of * (wildcard) characters, as demonstrated using the dir command.

Not vulnerable. Red Hat Enterprise Linux 2.1 shipped with wu-ftpd, however we were unable to reproduce this issue. Additionally, a code analysis showed that attempts to exploit this issue would be caught in the versions we shipped. http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=149720 https://www.cve.org/CVERecord?id=CVE-2005-0256 https://nvd.nist.gov/vuln/detail/CVE-2005-0256 Low 2005-01-31T00:00:00 security flaw

Postfix 2.1.3, when /proc/net/if_inet6 is not available and permit_mx_backup is enabled in smtpd_recipient_restrictions, allows remote attackers to bypass e-mail restrictions and perform mail relaying by sending mail to an IPv6 hostname.

Red Hat Enterprise Linux 4 2005-03-16T00:00:00 RHSA-2005:152 postfix-2:2.1.5-4.2.RHEL4 https://www.cve.org/CVERecord?id=CVE-2005-0337 https://nvd.nist.gov/vuln/detail/CVE-2005-0337

Multiple TCP implementations with Protection Against Wrapped Sequence Numbers (PAWS) with the timestamps option enabled allow remote attackers to cause a denial of service (connection loss) via a spoofed packet with a large timer value, which causes the host to discard later packets because they appear to be too old.

Not vulnerable. This issue does not affect the versions of the kernel package as shipped with Red Hat Enterprise Linux 5, 6, 7 and Red Hat Enterprise MRG 2. https://www.cve.org/CVERecord?id=CVE-2005-0356 https://nvd.nist.gov/vuln/detail/CVE-2005-0356 Low 2005-01-21T00:00:00 security flaw

The dcopidlng script in KDE 3.2.x and 3.3.x creates temporary files with predictable filenames, which allows local users to overwrite arbitrary files via a symlink attack.

Red Hat Enterprise Linux 4 2005-03-23T00:00:00 RHSA-2005:325 kdelibs-6:3.3.1-3.6 https://www.cve.org/CVERecord?id=CVE-2005-0365 https://nvd.nist.gov/vuln/detail/CVE-2005-0365 Moderate 2005-02-14T00:00:00 security flaw

Directory traversal vulnerability in gftp before 2.0.18 for GTK+ allows remote malicious FTP servers to read arbitrary files via .. (dot dot) sequences in filenames returned from a LIST command.

Red Hat Enterprise Linux 3 2005-06-13T00:00:00 RHSA-2005:410 gftp-1:2.0.14-4 Red Hat Enterprise Linux 4 2005-06-13T00:00:00 RHSA-2005:410 gftp-1:2.0.17-5 https://www.cve.org/CVERecord?id=CVE-2005-0372 https://nvd.nist.gov/vuln/detail/CVE-2005-0372

Buffer overflow in digestmd5.c CVS release 1.170 (also referred to as digestmda5.c), as used in the DIGEST-MD5 SASL plugin for Cyrus-SASL but not in any official releases, allows remote attackers to execute arbitrary code.

Not vulnerable. This issue did not affect the versions of Cyrus SASL as shipped with Red Hat Enterprise Linux 2.1, 3, or 4. https://www.cve.org/CVERecord?id=CVE-2005-0373 https://nvd.nist.gov/vuln/detail/CVE-2005-0373 Important 2005-03-15T00:00:00 security flaw

Unknown vulnerability in the PPP driver for the Linux kernel 2.6.8.1 allows remote attackers to cause a denial of service (kernel crash) via a pppd client.

Red Hat Enterprise Linux 3 2005-04-22T00:00:00 RHSA-2005:293 kernel-0:2.4.21-27.0.4.EL Red Hat Enterprise Linux 4 2005-04-19T00:00:00 RHSA-2005:366 kernel-0:2.6.9-5.0.5.EL Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2005-04-28T00:00:00 RHSA-2005:283 Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2005-04-28T00:00:00 RHSA-2005:284 Red Hat Enterprise Linux ES version 2.1 2005-04-28T00:00:00 RHSA-2005:283 Red Hat Enterprise Linux WS version 2.1 2005-04-28T00:00:00 RHSA-2005:283 Red Hat Linux Advanced Workstation 2.1 2005-04-28T00:00:00 RHSA-2005:284 https://www.cve.org/CVERecord?id=CVE-2005-0384 https://nvd.nist.gov/vuln/detail/CVE-2005-0384 Moderate 2005-03-16T00:00:00 security flaw

Desktop Communication Protocol (DCOP) daemon, aka dcopserver, in KDE before 3.4 allows local users to cause a denial of service (dcopserver consumption) by "stalling the DCOP authentication process."

Red Hat Enterprise Linux 3 2005-04-06T00:00:00 RHSA-2005:307 kdelibs-6:3.1.3-6.10 Red Hat Enterprise Linux 4 2005-03-23T00:00:00 RHSA-2005:325 kdelibs-6:3.3.1-3.6 https://www.cve.org/CVERecord?id=CVE-2005-0396 https://nvd.nist.gov/vuln/detail/CVE-2005-0396 Moderate 2005-02-02T00:00:00 security flaw

Format string vulnerability in the SetImageInfo function in image.c for ImageMagick before 6.0.2.5 may allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via format string specifiers in a filename argument to convert, which may be called by other web applications.

Red Hat Enterprise Linux 3 2005-03-23T00:00:00 RHSA-2005:070 ImageMagick-0:5.5.6-13 Red Hat Enterprise Linux 4 2005-03-23T00:00:00 RHSA-2005:320 ImageMagick-0:6.0.7.1-10 https://www.cve.org/CVERecord?id=CVE-2005-0397 https://nvd.nist.gov/vuln/detail/CVE-2005-0397 Moderate 2005-03-09T00:00:00 security flaw

The KAME racoon daemon in ipsec-tools before 0.5 allows remote attackers to cause a denial of service (crash) via malformed ISAKMP packets.

Red Hat Enterprise Linux 3 2005-03-23T00:00:00 RHSA-2005:232 ipsec-tools-0:0.2.5-0.7 Red Hat Enterprise Linux 4 2005-03-23T00:00:00 RHSA-2005:232 ipsec-tools-0:0.3.3-6 https://www.cve.org/CVERecord?id=CVE-2005-0398 https://nvd.nist.gov/vuln/detail/CVE-2005-0398 Critical 2005-03-23T00:00:00 security flaw

Heap-based buffer overflow in GIF2.cpp in Firefox before 1.0.2, Mozilla before to 1.7.6, and Thunderbird before 1.0.2, and possibly other applications that use the same library, allows remote attackers to execute arbitrary code via a GIF image with a crafted Netscape extension 2 block and buffer size.

Red Hat Enterprise Linux 4 2005-03-23T00:00:00 RHSA-2005:335 devhelp-0:0.9.2-2.4.3 Red Hat Enterprise Linux 4 2005-03-23T00:00:00 RHSA-2005:335 evolution-0:2.0.2-14 Red Hat Enterprise Linux 4 2005-03-23T00:00:00 RHSA-2005:336 firefox-0:1.0.2-1.4.1 Red Hat Enterprise Linux 4 2005-03-23T00:00:00 RHSA-2005:337 thunderbird-0:1.0.2-1.4.1 https://www.cve.org/CVERecord?id=CVE-2005-0399 https://nvd.nist.gov/vuln/detail/CVE-2005-0399 Low 2005-03-21T00:00:00 security flaw

The ext2_make_empty function call in the Linux kernel before 2.6.11.6 does not properly initialize memory when creating a block for a new directory entry, which allows local users to obtain potentially sensitive information by reading the block.

Red Hat Enterprise Linux 3 2005-09-28T00:00:00 RHSA-2005:663 kernel-0:2.4.21-37.EL Red Hat Enterprise Linux 4 2005-04-19T00:00:00 RHSA-2005:366 kernel-0:2.6.9-5.0.5.EL Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2006-02-01T00:00:00 RHSA-2006:0190 Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2006-02-01T00:00:00 RHSA-2006:0191 Red Hat Enterprise Linux ES version 2.1 2006-02-01T00:00:00 RHSA-2006:0191 Red Hat Enterprise Linux WS version 2.1 2006-02-01T00:00:00 RHSA-2006:0191 Red Hat Linux Advanced Workstation 2.1 2006-02-01T00:00:00 RHSA-2006:0190 https://www.cve.org/CVERecord?id=CVE-2005-0400 https://nvd.nist.gov/vuln/detail/CVE-2005-0400 Moderate 2005-03-23T00:00:00 security flaw

FireFox 1.0.1 and Mozilla before 1.7.6 do not sufficiently address all attack vectors for loading chrome files and hijacking drag and drop events, which allows remote attackers to execute arbitrary XUL code by tricking a user into dragging a scrollbar, a variant of CVE-2005-0527, aka "Firescrolling 2."

Red Hat Enterprise Linux 4 2005-03-23T00:00:00 RHSA-2005:335 devhelp-0:0.9.2-2.4.3 Red Hat Enterprise Linux 4 2005-03-23T00:00:00 RHSA-2005:335 evolution-0:2.0.2-14 Red Hat Enterprise Linux 4 2005-03-23T00:00:00 RHSA-2005:336 firefox-0:1.0.2-1.4.1 https://www.cve.org/CVERecord?id=CVE-2005-0401 https://nvd.nist.gov/vuln/detail/CVE-2005-0401 Moderate 2005-03-23T00:00:00 security flaw

Firefox before 1.0.2 allows remote attackers to execute arbitrary code by tricking a user into saving a page as a Firefox sidebar panel, then using the sidebar panel to inject Javascript into a privileged page.

Red Hat Enterprise Linux 4 2005-03-23T00:00:00 RHSA-2005:336 firefox-0:1.0.2-1.4.1 https://www.cve.org/CVERecord?id=CVE-2005-0402 https://nvd.nist.gov/vuln/detail/CVE-2005-0402 Important 2005-03-08T00:00:00 security flaw

init_dev in tty_io.c in the Red Hat backport of NPTL to Red Hat Enterprise Linux 3 does not properly clear controlling tty's in multi-threaded applications, which allows local users to cause a denial of service (crash) and possibly gain tty access via unknown attack vectors that trigger an access of a pointer to a freed structure.

Red Hat Enterprise Linux 3 2005-04-22T00:00:00 RHSA-2005:293 kernel-0:2.4.21-27.0.4.EL https://www.cve.org/CVERecord?id=CVE-2005-0403 https://nvd.nist.gov/vuln/detail/CVE-2005-0403 Moderate 2005-02-13T00:00:00 security flaw

Squid 2.5.STABLE8 and earlier allows remote attackers to cause a denial of service (crash) via certain DNS responses regarding (1) Fully Qualified Domain Names (FQDN) in fqdncache.c or (2) IP addresses in ipcache.c, which trigger an assertion failure.

Red Hat Enterprise Linux 3 2005-03-03T00:00:00 RHSA-2005:173 squid-7:2.5.STABLE3-6.3E.8 Red Hat Enterprise Linux 4 2005-03-16T00:00:00 RHSA-2005:201 squid-7:2.5.STABLE6-3.4E.5 https://www.cve.org/CVERecord?id=CVE-2005-0446 https://nvd.nist.gov/vuln/detail/CVE-2005-0446 Low 2005-03-09T00:00:00 security flaw

Race condition in the rmtree function in File::Path.pm in Perl before 5.8.4 allows local users to create arbitrary setuid binaries in the tree being deleted, a different vulnerability than CVE-2004-0452.

Red Hat Enterprise Linux 3 2005-12-20T00:00:00 RHSA-2005:881 perl-2:5.8.0-90.4 Red Hat Enterprise Linux 4 2005-10-05T00:00:00 RHSA-2005:674 perl-3:5.8.5-16.RHEL4 https://www.cve.org/CVERecord?id=CVE-2005-0448 https://nvd.nist.gov/vuln/detail/CVE-2005-0448 Important 2005-01-24T00:00:00 security flaw

The netfilter/iptables module in Linux before 2.6.8.1 allows remote attackers to cause a denial of service (kernel crash) or bypass firewall rules via crafted packets, which are not properly handled by the skb_checksum_help function.

Red Hat Enterprise Linux 3 2005-04-22T00:00:00 RHSA-2005:293 kernel-0:2.4.21-27.0.4.EL Red Hat Enterprise Linux 4 2005-04-19T00:00:00 RHSA-2005:366 kernel-0:2.6.9-5.0.5.EL Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2005-04-28T00:00:00 RHSA-2005:283 Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2005-04-28T00:00:00 RHSA-2005:284 Red Hat Enterprise Linux ES version 2.1 2005-04-28T00:00:00 RHSA-2005:283 Red Hat Enterprise Linux WS version 2.1 2005-04-28T00:00:00 RHSA-2005:283 Red Hat Linux Advanced Workstation 2.1 2005-04-28T00:00:00 RHSA-2005:284 https://www.cve.org/CVERecord?id=CVE-2005-0449 https://nvd.nist.gov/vuln/detail/CVE-2005-0449 Critical 2005-02-24T00:00:00 security flaw

Stack-based buffer overflow in the CSmil1Parser::testAttributeFailed function in smlparse.cpp for RealNetworks RealPlayer 10.5 (6.0.12.1056 and earlier), 10, 8, and RealOne Player V2 and V1 allows remote attackers to execute arbitrary code via a .SMIL file with a large system-screen-size value.

Red Hat Desktop version 3 Extras 2005-03-21T00:00:00 RHSA-2005:299 Red Hat Desktop version 4 Extras 2005-03-03T00:00:00 RHSA-2005:265 Red Hat Enterprise Linux 4 2005-03-03T00:00:00 RHSA-2005:271 HelixPlayer-1:1.0.3-1 https://www.cve.org/CVERecord?id=CVE-2005-0455 https://nvd.nist.gov/vuln/detail/CVE-2005-0455 Important 2005-03-28T00:00:00 security flaw

Heap-based buffer overflow in the env_opt_add function in telnet.c for various BSD-based Telnet clients allows remote attackers to execute arbitrary code via responses that contain a large number of characters that require escaping, which consumers more memory than allocated.

Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Red Hat would like to thank iDefense for reporting this issue. Red Hat Enterprise Linux 3 2005-03-28T00:00:00 RHSA-2005:327 telnet-1:0.17-26.EL3.2 Red Hat Enterprise Linux 3 2005-03-30T00:00:00 RHSA-2005:330 krb5-0:1.2.7-42 Red Hat Enterprise Linux 4 2005-03-28T00:00:00 RHSA-2005:327 telnet-1:0.17-31.EL4.2 Red Hat Enterprise Linux 4 2005-03-30T00:00:00 RHSA-2005:330 krb5-0:1.3.4-12 https://www.cve.org/CVERecord?id=CVE-2005-0468 https://nvd.nist.gov/vuln/detail/CVE-2005-0468 Important 2005-03-28T00:00:00 security flaw

Buffer overflow in the slc_add_reply function in various BSD-based Telnet clients, when handling LINEMODE suboptions, allows remote attackers to execute arbitrary code via a reply with a large number of Set Local Character (SLC) commands.

Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Red Hat would like to thank iDefense for reporting this issue. Red Hat Enterprise Linux 3 2005-03-28T00:00:00 RHSA-2005:327 telnet-1:0.17-26.EL3.2 Red Hat Enterprise Linux 3 2005-03-30T00:00:00 RHSA-2005:330 krb5-0:1.2.7-42 Red Hat Enterprise Linux 4 2005-03-28T00:00:00 RHSA-2005:327 telnet-1:0.17-31.EL4.2 Red Hat Enterprise Linux 4 2005-03-30T00:00:00 RHSA-2005:330 krb5-0:1.3.4-12 https://www.cve.org/CVERecord?id=CVE-2005-0469 https://nvd.nist.gov/vuln/detail/CVE-2005-0469 Important 2005-02-17T00:00:00 security flaw

Gaim before 1.1.3 allows remote attackers to cause a denial of service (infinite loop) via malformed SNAC packets from (1) AIM or (2) ICQ.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2005-05-11T00:00:00 RHSA-2005:432 Red Hat Enterprise Linux ES version 2.1 2005-05-11T00:00:00 RHSA-2005:432 Red Hat Enterprise Linux WS version 2.1 2005-05-11T00:00:00 RHSA-2005:432 Red Hat Linux Advanced Workstation 2.1 2005-05-11T00:00:00 RHSA-2005:432 https://www.cve.org/CVERecord?id=CVE-2005-0472 https://nvd.nist.gov/vuln/detail/CVE-2005-0472 Important 2005-02-17T00:00:00 security flaw

The HTML parsing functions in Gaim before 1.1.3 allow remote attackers to cause a denial of service (application crash) via malformed HTML that causes "an invalid memory access," a different vulnerability than CVE-2005-0208.

https://www.cve.org/CVERecord?id=CVE-2005-0473 https://nvd.nist.gov/vuln/detail/CVE-2005-0473 Moderate 2005-06-14T00:00:00 security flaw

Certain BSD-based Telnet clients, including those used on Solaris and SuSE Linux, allow remote malicious Telnet servers to read sensitive environment variables via the NEW-ENVIRON option with a SEND ENV_USERVAR command.

Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Red Hat would like to thank Gaël Delalleau and the MIT Kerberos project for reporting this issue. Red Hat Enterprise Linux 3 2005-06-14T00:00:00 RHSA-2005:504 telnet-1:0.17-26.EL3.3 Red Hat Enterprise Linux 3 2005-07-12T00:00:00 RHSA-2005:562 krb5-0:1.2.7-47 Red Hat Enterprise Linux 4 2005-06-14T00:00:00 RHSA-2005:504 telnet-1:0.17-31.EL4.3 https://www.cve.org/CVERecord?id=CVE-2005-0488 https://nvd.nist.gov/vuln/detail/CVE-2005-0488 Low 2005-02-21T00:00:00 security flaw

Multiple stack-based buffer overflows in libcURL and cURL 7.12.1, and possibly other versions, allow remote malicious web servers to execute arbitrary code via base64 encoded replies that exceed the intended buffer lengths when decoded, which is not properly handled by (1) the Curl_input_ntlm function in http_ntlm.c during NTLM authentication or (2) the Curl_krb_kauth and krb4_auth functions in krb4.c during Kerberos authentication.

Red Hat Enterprise Linux 3 2005-04-05T00:00:00 RHSA-2005:340 curl-0:7.10.6-6.rhel3 Red Hat Enterprise Linux 4 2005-04-05T00:00:00 RHSA-2005:340 curl-0:7.12.1-5.rhel4 https://www.cve.org/CVERecord?id=CVE-2005-0490 https://nvd.nist.gov/vuln/detail/CVE-2005-0490 Important 2007-04-30T00:00:00 Buffer overflow in moxa driver

Buffer overflow in the MoxaDriverIoctl function for the moxa serial driver (moxa.c) in Linux 2.2.x, 2.4.x, and 2.6.x before 2.6.22 allows local users to execute arbitrary code via a certain modified length value.

Red Hat Enterprise Linux 3 2005-09-28T00:00:00 RHSA-2005:663 kernel-0:2.4.21-37.EL Red Hat Enterprise Linux 4 2008-05-07T00:00:00 RHSA-2008:0237 kernel-0:2.6.9-67.0.15.EL Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2005-08-25T00:00:00 RHSA-2005:529 Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2005-08-25T00:00:00 RHSA-2005:551 Red Hat Enterprise Linux ES version 2.1 2005-08-25T00:00:00 RHSA-2005:529 Red Hat Enterprise Linux WS version 2.1 2005-08-25T00:00:00 RHSA-2005:529 Red Hat Linux Advanced Workstation 2.1 2005-08-25T00:00:00 RHSA-2005:551 https://www.cve.org/CVERecord?id=CVE-2005-0504 https://nvd.nist.gov/vuln/detail/CVE-2005-0504 Moderate 2005-03-31T00:00:00 security flaw

The php_handle_iff function in image.c for PHP 4.2.2, 4.3.9, 4.3.10 and 5.0.3, as reachable by the getimagesize PHP function, allows remote attackers to cause a denial of service (infinite loop) via a -8 size value.

Red Hat Enterprise Linux 3 2005-04-28T00:00:00 RHSA-2005:405 php-0:4.3.2-23.ent Red Hat Enterprise Linux 4 2005-05-04T00:00:00 RHSA-2005:406 php-0:4.3.9-3.6 https://www.cve.org/CVERecord?id=CVE-2005-0524 https://nvd.nist.gov/vuln/detail/CVE-2005-0524 Moderate 2005-03-31T00:00:00 security flaw

The php_next_marker function in image.c for PHP 4.2.2, 4.3.9, 4.3.10 and 5.0.3, as reachable by the getimagesize PHP function, allows remote attackers to cause a denial of service (infinite loop) via a JPEG image with an invalid marker value, which causes a negative length value to be passed to php_stream_seek.

Red Hat Enterprise Linux 3 2005-04-28T00:00:00 RHSA-2005:405 php-0:4.3.2-23.ent Red Hat Enterprise Linux 4 2005-05-04T00:00:00 RHSA-2005:406 php-0:4.3.9-3.6 https://www.cve.org/CVERecord?id=CVE-2005-0525 https://nvd.nist.gov/vuln/detail/CVE-2005-0525 Important 2005-02-25T00:00:00 security flaw

Firefox 1.0 allows remote attackers to execute arbitrary code via plugins that load "privileged content" into frames, as demonstrated using certain XUL events when a user drags a scrollbar two times, aka "Firescrolling."

Red Hat Enterprise Linux 4 2005-03-01T00:00:00 RHSA-2005:176 firefox-0:1.0.1-1.4.3 https://www.cve.org/CVERecord?id=CVE-2005-0527 https://nvd.nist.gov/vuln/detail/CVE-2005-0527 Moderate 2005-02-15T00:00:00 security flaw

Linux kernel 2.6.10 and 2.6.11rc1-bk6 uses different size types for offset arguments to the proc_file_read and locks_read_proc functions, which leads to a heap-based buffer overflow when a signed comparison causes negative integers to be used in a positive context.

Red Hat Enterprise Linux 4 2005-04-19T00:00:00 RHSA-2005:366 kernel-0:2.6.9-5.0.5.EL https://www.cve.org/CVERecord?id=CVE-2005-0529 https://nvd.nist.gov/vuln/detail/CVE-2005-0529 Important 2005-02-15T00:00:00 security flaw

Signedness error in the copy_from_read_buf function in n_tty.c for Linux kernel 2.6.10 and 2.6.11rc1 allows local users to read kernel memory via a negative argument.

Red Hat Enterprise Linux 4 2005-04-19T00:00:00 RHSA-2005:366 kernel-0:2.6.9-5.0.5.EL https://www.cve.org/CVERecord?id=CVE-2005-0530 https://nvd.nist.gov/vuln/detail/CVE-2005-0530 Moderate 2005-02-15T00:00:00 security flaw

The atm_get_addr function in addr.c for Linux kernel 2.6.10 and 2.6.11 before 2.6.11-rc4 may allow local users to trigger a buffer overflow via negative arguments.

Red Hat Enterprise Linux 4 2005-04-19T00:00:00 RHSA-2005:366 kernel-0:2.6.9-5.0.5.EL https://www.cve.org/CVERecord?id=CVE-2005-0531 https://nvd.nist.gov/vuln/detail/CVE-2005-0531 Moderate 2005-02-14T00:00:00 security flaw

Multiple buffer overflows in Cyrus IMAPd before 2.2.11 may allow attackers to execute arbitrary code via (1) an off-by-one error in the imapd annotate extension, (2) an off-by-one error in "cached header handling," (3) a stack-based buffer overflow in fetchnews, or (4) a stack-based buffer overflow in imapd.

Red Hat Enterprise Linux 4 2005-05-17T00:00:00 RHSA-2005:408 cyrus-imapd-0:2.2.12-3.RHEL4.1 https://www.cve.org/CVERecord?id=CVE-2005-0546 https://nvd.nist.gov/vuln/detail/CVE-2005-0546 Important 2005-02-24T00:00:00 security flaw

Firefox before 1.0.1 and Mozilla Suite before 1.7.6 use a predictable filename for the plugin temporary directory, which allows local users to delete arbitrary files of other users via a symlink attack on the plugtmp directory.

Red Hat Enterprise Linux 4 2005-03-01T00:00:00 RHSA-2005:176 firefox-0:1.0.1-1.4.3 https://www.cve.org/CVERecord?id=CVE-2005-0578 https://nvd.nist.gov/vuln/detail/CVE-2005-0578 Moderate 2005-02-24T00:00:00 security flaw

Firefox before 1.0.1 and Mozilla before 1.7.6, when displaying the HTTP Authentication dialog, do not change the focus to the tab that generated the prompt, which could facilitate spoofing and phishing attacks.

Red Hat Enterprise Linux 4 2005-03-01T00:00:00 RHSA-2005:176 firefox-0:1.0.1-1.4.3 https://www.cve.org/CVERecord?id=CVE-2005-0584 https://nvd.nist.gov/vuln/detail/CVE-2005-0584 Low 2005-01-04T00:00:00 security flaw

Firefox before 1.0.1 and Mozilla before 1.7.6 truncates long sub-domains or paths for display, which may allow remote malicious web sites to spoof legitimate sites and facilitate phishing attacks.

Red Hat Enterprise Linux 4 2005-03-01T00:00:00 RHSA-2005:176 firefox-0:1.0.1-1.4.3 https://www.cve.org/CVERecord?id=CVE-2005-0585 https://nvd.nist.gov/vuln/detail/CVE-2005-0585 Moderate 2005-02-24T00:00:00 security flaw

Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote malicious web sites to spoof the extensions of files to download via the Content-Disposition header, which could be used to trick users into downloading dangerous content.

Red Hat Enterprise Linux 4 2005-03-01T00:00:00 RHSA-2005:176 firefox-0:1.0.1-1.4.3 https://www.cve.org/CVERecord?id=CVE-2005-0586 https://nvd.nist.gov/vuln/detail/CVE-2005-0586 Low 2005-02-24T00:00:00 security flaw

Firefox before 1.0.1 and Mozilla before 1.7.6 does not restrict xsl:include and xsl:import tags in XSLT stylesheets to the current domain, which allows remote attackers to determine the existence of files on the local system.

Red Hat Enterprise Linux 4 2005-03-01T00:00:00 RHSA-2005:176 firefox-0:1.0.1-1.4.3 https://www.cve.org/CVERecord?id=CVE-2005-0588 https://nvd.nist.gov/vuln/detail/CVE-2005-0588 Moderate 2005-02-24T00:00:00 security flaw

The Form Fill feature in Firefox before 1.0.1 allows remote attackers to steal potentially sensitive information via an input control that monitors the values that are generated by the autocomplete capability.

Red Hat Enterprise Linux 4 2005-03-01T00:00:00 RHSA-2005:176 firefox-0:1.0.1-1.4.3 https://www.cve.org/CVERecord?id=CVE-2005-0589 https://nvd.nist.gov/vuln/detail/CVE-2005-0589 Low 2005-02-24T00:00:00 security flaw

The installation confirmation dialog in Firefox before 1.0.1, Thunderbird before 1.0.1, and Mozilla before 1.7.6 allows remote attackers to use InstallTrigger to spoof the hostname of the host performing the installation via a long "user:pass" sequence in the URL, which appears before the real hostname.

Red Hat Enterprise Linux 4 2005-03-01T00:00:00 RHSA-2005:176 firefox-0:1.0.1-1.4.3 https://www.cve.org/CVERecord?id=CVE-2005-0590 https://nvd.nist.gov/vuln/detail/CVE-2005-0590 Low 2005-02-24T00:00:00 security flaw

Firefox before 1.0.1 allows remote attackers to spoof the (1) security and (2) download modal dialog boxes, which could be used to trick users into executing script or downloading and executing a file, aka "Firespoofing."

Red Hat Enterprise Linux 4 2005-03-01T00:00:00 RHSA-2005:176 firefox-0:1.0.1-1.4.3 https://www.cve.org/CVERecord?id=CVE-2005-0591 https://nvd.nist.gov/vuln/detail/CVE-2005-0591 Important 2005-02-24T00:00:00 security flaw

Heap-based buffer overflow in the UTF8ToNewUnicode function for Firefox before 1.0.1 and Mozilla before 1.7.6 might allow remote attackers to cause a denial of service (crash) or execute arbitrary code via invalid sequences in a UTF8 encoded string that result in a zero length value.

Red Hat Enterprise Linux 4 2005-03-01T00:00:00 RHSA-2005:176 firefox-0:1.0.1-1.4.3 https://www.cve.org/CVERecord?id=CVE-2005-0592 https://nvd.nist.gov/vuln/detail/CVE-2005-0592 Moderate 2005-02-24T00:00:00 security flaw

Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote attackers to spoof the SSL "secure site" lock icon via (1) a web site that does not finish loading, which shows the lock of the previous site, (2) a non-HTTP server that uses SSL, which causes the lock to be displayed when the SSL handshake is completed, or (3) a URL that generates an HTTP 204 error, which updates the icon and location information but does not change the display of the original site.

Red Hat Enterprise Linux 4 2005-03-01T00:00:00 RHSA-2005:176 firefox-0:1.0.1-1.4.3 https://www.cve.org/CVERecord?id=CVE-2005-0593 https://nvd.nist.gov/vuln/detail/CVE-2005-0593

Unzip 5.51 and earlier does not properly warn the user when extracting setuid or setgid files, which may allow local users to gain privileges.

We do not consider this a security vulnerability; this is the expected behaviour. https://www.cve.org/CVERecord?id=CVE-2005-0602 https://nvd.nist.gov/vuln/detail/CVE-2005-0602 Moderate 2005-03-01T00:00:00 libxpm buffer overflow

scan.c for LibXPM may allow attackers to execute arbitrary code via a negative bitmap_unit value that leads to a buffer overflow.

Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Red Hat Enterprise Linux 3 2005-03-30T00:00:00 RHSA-2005:331 XFree86-0:4.3.0-81.EL Red Hat Enterprise Linux 3 2005-05-11T00:00:00 RHSA-2005:412 openmotif-0:2.2.3-5.RHEL3.2 Red Hat Enterprise Linux 3 2005-05-11T00:00:00 RHSA-2005:412 openmotif21-0:2.1.30-9.RHEL3.6 Red Hat Enterprise Linux 4 2005-06-08T00:00:00 RHSA-2005:198 fonts-xorg-0:6.8.1.1-1.EL.1 Red Hat Enterprise Linux 4 2005-06-08T00:00:00 RHSA-2005:198 xorg-x11-0:6.8.2-1.EL.13.6 Red Hat Enterprise Linux 4 2005-05-11T00:00:00 RHSA-2005:412 openmotif-0:2.2.3-9.RHEL4.1 Red Hat Enterprise Linux 4 2005-05-11T00:00:00 RHSA-2005:412 openmotif21-0:2.1.30-11.RHEL4.4 Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2005-04-06T00:00:00 RHSA-2005:044 Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2005-05-24T00:00:00 RHSA-2005:473 Red Hat Enterprise Linux ES version 2.1 2005-04-06T00:00:00 RHSA-2005:044 Red Hat Enterprise Linux ES version 2.1 2005-05-24T00:00:00 RHSA-2005:473 Red Hat Enterprise Linux WS version 2.1 2005-04-06T00:00:00 RHSA-2005:044 Red Hat Enterprise Linux WS version 2.1 2005-05-24T00:00:00 RHSA-2005:473 Red Hat Linux Advanced Workstation 2.1 2005-04-06T00:00:00 RHSA-2005:044 Red Hat Linux Advanced Workstation 2.1 2005-05-24T00:00:00 RHSA-2005:473 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 jabberd-0:2.0s10-3.38.rhn Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 jfreechart-0:0.9.20-3.rhn Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 openmotif21-0:2.1.30-11.RHEL4.6 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 perl-Crypt-CBC-0:2.24-1.el4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 rhn-apache-0:1.3.27-36.rhn.rhel4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 rhn-modjk-0:1.2.23-2rhn.rhel4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 rhn-modperl-0:1.29-16.rhel4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 rhn-modssl-0:2.8.12-8.rhn.10.rhel4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 tomcat5-0:5.0.30-0jpp_10rh Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 jabberd-0:2.0s10-3.37.rhn Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 jfreechart-0:0.9.20-3.rhn Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 openmotif21-0:2.1.30-9.RHEL3.8 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 perl-Crypt-CBC-0:2.24-1.el3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 rhn-apache-0:1.3.27-36.rhn.rhel3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 rhn-modjk-0:1.2.23-2rhn.rhel3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 rhn-modperl-0:1.29-16.rhel3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 rhn-modssl-0:2.8.12-8.rhn.10.rhel3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 tomcat5-0:5.0.30-0jpp_10rh Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 jabberd-0:2.0s10-3.38.rhn Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 jfreechart-0:0.9.20-3.rhn Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 openmotif21-0:2.1.30-11.RHEL4.6 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 perl-Crypt-CBC-0:2.24-1.el4 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 rhn-apache-0:1.3.27-36.rhn.rhel4 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 rhn-modjk-0:1.2.23-2rhn.rhel4 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 rhn-modperl-0:1.29-16.rhel4 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 rhn-modssl-0:2.8.12-8.rhn.10.rhel4 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 tomcat5-0:5.0.30-0jpp_10rh https://www.cve.org/CVERecord?id=CVE-2005-0605 https://nvd.nist.gov/vuln/detail/CVE-2005-0605 Moderate 2005-02-24T00:00:00 security flaw

Heap-based buffer overflow in RealNetworks RealPlayer 10.5 (6.0.12.1056 and earlier), 10, 8, and RealOne Player V2 and V1, allows remote attackers to execute arbitrary code via .WAV files.

Red Hat Desktop version 3 Extras 2005-03-21T00:00:00 RHSA-2005:299 Red Hat Desktop version 4 Extras 2005-03-03T00:00:00 RHSA-2005:265 Red Hat Enterprise Linux 4 2005-03-03T00:00:00 RHSA-2005:271 HelixPlayer-1:1.0.3-1 https://www.cve.org/CVERecord?id=CVE-2005-0611 https://nvd.nist.gov/vuln/detail/CVE-2005-0611 Low 2005-03-02T00:00:00 security flaw

Race condition in Squid 2.5.STABLE7 to 2.5.STABLE9, when using the Netscape Set-Cookie recommendations for handling cookies in caches, may cause Set-Cookie headers to be sent to other users, which allows attackers to steal the related cookies.

Red Hat Enterprise Linux 3 2005-06-14T00:00:00 RHSA-2005:415 squid-7:2.5.STABLE3-6.3E.13 Red Hat Enterprise Linux 4 2005-06-14T00:00:00 RHSA-2005:415 squid-7:2.5.STABLE6-3.4E.9 https://www.cve.org/CVERecord?id=CVE-2005-0626 https://nvd.nist.gov/vuln/detail/CVE-2005-0626 Low 2005-02-18T00:00:00 security flaw

xloadimage before 4.1-r2, and xli before 1.17, allows attackers to execute arbitrary commands via shell metacharacters in filenames for compressed images, which are not properly quoted when calling the gunzip command.

Red Hat Enterprise Linux 3 2005-04-19T00:00:00 RHSA-2005:332 xloadimage-0:4.1-34.RHEL3 Red Hat Enterprise Linux 4 2005-04-19T00:00:00 RHSA-2005:332 xloadimage-0:4.1-34.RHEL4 https://www.cve.org/CVERecord?id=CVE-2005-0638 https://nvd.nist.gov/vuln/detail/CVE-2005-0638 Low 2004-03-03T00:00:00 security flaw

Buffer overflow in the EXIF library (libexif) 0.6.9 does not properly validate the structure of the EXIF tags, which allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a JPEG image with a crafted EXIF tag.

Red Hat Enterprise Linux 4 2005-03-21T00:00:00 RHSA-2005:300 libexif-0:0.5.12-5.1 https://www.cve.org/CVERecord?id=CVE-2005-0664 https://nvd.nist.gov/vuln/detail/CVE-2005-0664 Moderate 2005-03-07T00:00:00 security flaw

Buffer overflow in Sylpheed before 1.0.3 and other versions before 1.9.5 allows remote attackers to execute arbitrary code via an e-mail message with certain headers containing non-ASCII characters that are not properly handled when the user replies to the message.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2005-03-18T00:00:00 RHSA-2005:303 Red Hat Enterprise Linux ES version 2.1 2005-03-18T00:00:00 RHSA-2005:303 Red Hat Enterprise Linux WS version 2.1 2005-03-18T00:00:00 RHSA-2005:303 Red Hat Linux Advanced Workstation 2.1 2005-03-18T00:00:00 RHSA-2005:303 https://www.cve.org/CVERecord?id=CVE-2005-0667 https://nvd.nist.gov/vuln/detail/CVE-2005-0667 Moderate 2005-03-11T00:00:00 security flaw

Multiple buffer overflows in the dissect_a11_radius function in the CDMA A11 (3G-A11) dissector (packet-3g-a11.c) for Ethereal 0.10.9 and earlier allow remote attackers to execute arbitrary code via RADIUS authentication packets with large length values.

Red Hat Enterprise Linux 3 2005-03-18T00:00:00 RHSA-2005:306 ethereal-0:0.10.10-1.EL3.1 https://www.cve.org/CVERecord?id=CVE-2005-0699 https://nvd.nist.gov/vuln/detail/CVE-2005-0699 Moderate 2005-03-11T00:00:00 security flaw

Buffer overflow in the Etheric dissector in Ethereal 0.10.7 through 0.10.9 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code.

Red Hat Enterprise Linux 3 2005-03-18T00:00:00 RHSA-2005:306 ethereal-0:0.10.10-1.EL3.1 https://www.cve.org/CVERecord?id=CVE-2005-0704 https://nvd.nist.gov/vuln/detail/CVE-2005-0704 Moderate 2005-03-11T00:00:00 security flaw

The GPRS-LLC dissector in Ethereal 0.10.7 through 0.10.9, with the "ignore cipher bit" option enabled. allows remote attackers to cause a denial of service (application crash).

Red Hat Enterprise Linux 3 2005-03-18T00:00:00 RHSA-2005:306 ethereal-0:0.10.10-1.EL3.1 https://www.cve.org/CVERecord?id=CVE-2005-0705 https://nvd.nist.gov/vuln/detail/CVE-2005-0705 Moderate 2005-03-09T00:00:00 grip,libcdaudio: buffer overflow caused by large amount of CDDB replies

Buffer overflow in discdb.c for grip 3.1.2 allows attackers to cause a denial of service (crash) and possibly execute arbitrary code by causing the cddb lookup to return more matches than expected.

Red Hat Enterprise Linux 2.1 2009-01-07T00:00:00 RHSA-2009:0005 gnome-vfs-0:1.0.1-18.2 Red Hat Enterprise Linux 3 2009-01-07T00:00:00 RHSA-2009:0005 gnome-vfs2-0:2.2.5-2E.3.3 Red Hat Enterprise Linux 4 2009-01-07T00:00:00 RHSA-2009:0005 gnome-vfs2-0:2.8.2-8.7.el4_7.2 Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2005-03-28T00:00:00 RHSA-2005:304 Red Hat Enterprise Linux ES version 2.1 2005-03-28T00:00:00 RHSA-2005:304 Red Hat Enterprise Linux WS version 2.1 2005-03-28T00:00:00 RHSA-2005:304 Red Hat Linux Advanced Workstation 2.1 2005-03-28T00:00:00 RHSA-2005:304 https://www.cve.org/CVERecord?id=CVE-2005-0706 https://nvd.nist.gov/vuln/detail/CVE-2005-0706 Important 2005-03-11T00:00:00 security flaw

MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, allows remote authenticated users with INSERT and DELETE privileges to execute arbitrary code by using CREATE FUNCTION to access libc calls, as demonstrated by using strcat, on_exit, and exit.

Red Hat Desktop version 3 Extras 2005-04-05T00:00:00 RHSA-2005:348 Red Hat Enterprise Linux 3 2005-03-28T00:00:00 RHSA-2005:334 mysql-0:3.23.58-15.RHEL3.1 Red Hat Enterprise Linux 4 2005-03-28T00:00:00 RHSA-2005:334 mysql-0:4.1.10a-1.RHEL4.1 https://www.cve.org/CVERecord?id=CVE-2005-0709 https://nvd.nist.gov/vuln/detail/CVE-2005-0709 Important 2005-03-11T00:00:00 security flaw

MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, allows remote authenticated users with INSERT and DELETE privileges to bypass library path restrictions and execute arbitrary libraries by using INSERT INTO to modify the mysql.func table, which is processed by the udf_init function.

Red Hat Desktop version 3 Extras 2005-04-05T00:00:00 RHSA-2005:348 Red Hat Enterprise Linux 3 2005-03-28T00:00:00 RHSA-2005:334 mysql-0:3.23.58-15.RHEL3.1 Red Hat Enterprise Linux 4 2005-03-28T00:00:00 RHSA-2005:334 mysql-0:4.1.10a-1.RHEL4.1 https://www.cve.org/CVERecord?id=CVE-2005-0710 https://nvd.nist.gov/vuln/detail/CVE-2005-0710 Important 2005-03-11T00:00:00 security flaw

MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, uses predictable file names when creating temporary tables, which allows local users with CREATE TEMPORARY TABLE privileges to overwrite arbitrary files via a symlink attack.

Red Hat Desktop version 3 Extras 2005-04-05T00:00:00 RHSA-2005:348 Red Hat Enterprise Linux 3 2005-03-28T00:00:00 RHSA-2005:334 mysql-0:3.23.58-15.RHEL3.1 Red Hat Enterprise Linux 4 2005-03-28T00:00:00 RHSA-2005:334 mysql-0:4.1.10a-1.RHEL4.1 https://www.cve.org/CVERecord?id=CVE-2005-0711 https://nvd.nist.gov/vuln/detail/CVE-2005-0711 Low 2005-03-04T00:00:00 security flaw

Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service (segmentation fault) by aborting the connection during a (1) PUT or (2) POST request, which causes Squid to access previously freed memory.

Red Hat Enterprise Linux 3 2005-06-14T00:00:00 RHSA-2005:415 squid-7:2.5.STABLE3-6.3E.13 Red Hat Enterprise Linux 4 2005-06-14T00:00:00 RHSA-2005:415 squid-7:2.5.STABLE6-3.4E.9 Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2005-06-13T00:00:00 RHSA-2005:489 Red Hat Enterprise Linux ES version 2.1 2005-06-13T00:00:00 RHSA-2005:489 Red Hat Linux Advanced Workstation 2.1 2005-06-13T00:00:00 RHSA-2005:489 https://www.cve.org/CVERecord?id=CVE-2005-0718 https://nvd.nist.gov/vuln/detail/CVE-2005-0718 Important 2005-03-09T00:00:00 security flaw

Integer overflow in sys_epoll_wait in eventpoll.c for Linux kernel 2.6 to 2.6.11 allows local users to overwrite kernel memory via a large number of events.

Red Hat Enterprise Linux 3 2005-04-22T00:00:00 RHSA-2005:293 kernel-0:2.4.21-27.0.4.EL Red Hat Enterprise Linux 4 2005-04-19T00:00:00 RHSA-2005:366 kernel-0:2.6.9-5.0.5.EL https://www.cve.org/CVERecord?id=CVE-2005-0736 https://nvd.nist.gov/vuln/detail/CVE-2005-0736 Moderate 2005-03-11T00:00:00 security flaw

The IAPP dissector (packet-iapp.c) for Ethereal 0.9.1 to 0.10.9 does not properly use certain routines for formatting strings, which could leave it vulnerable to buffer overflows, as demonstrated using modified length values that are not properly handled by the dissect_pdus and pduval_to_str functions.

Red Hat Enterprise Linux 3 2005-03-18T00:00:00 RHSA-2005:306 ethereal-0:0.10.10-1.EL3.1 https://www.cve.org/CVERecord?id=CVE-2005-0739 https://nvd.nist.gov/vuln/detail/CVE-2005-0739 Important 2005-03-18T00:00:00 security flaw

The load_elf_library in the Linux kernel before 2.6.11.6 allows local users to cause a denial of service (kernel crash) via a crafted ELF library or executable, which causes a free of an invalid pointer.

Red Hat Enterprise Linux 3 2005-04-22T00:00:00 RHSA-2005:293 kernel-0:2.4.21-27.0.4.EL Red Hat Enterprise Linux 4 2005-04-19T00:00:00 RHSA-2005:366 kernel-0:2.6.9-5.0.5.EL Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2005-08-25T00:00:00 RHSA-2005:529 Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2005-08-25T00:00:00 RHSA-2005:551 Red Hat Enterprise Linux ES version 2.1 2005-08-25T00:00:00 RHSA-2005:529 Red Hat Enterprise Linux WS version 2.1 2005-08-25T00:00:00 RHSA-2005:529 Red Hat Linux Advanced Workstation 2.1 2005-08-25T00:00:00 RHSA-2005:551 https://www.cve.org/CVERecord?id=CVE-2005-0749 https://nvd.nist.gov/vuln/detail/CVE-2005-0749 Important 2005-03-24T00:00:00 security flaw

The bluez_sock_create function in the Bluetooth stack for Linux kernel 2.4.6 through 2.4.30-rc1 and 2.6 through 2.6.11.5 allows local users to gain privileges via (1) socket or (2) socketpair call with a negative protocol value.

Red Hat Enterprise Linux 3 2005-04-22T00:00:00 RHSA-2005:293 kernel-0:2.4.21-27.0.4.EL Red Hat Enterprise Linux 4 2005-04-19T00:00:00 RHSA-2005:366 kernel-0:2.6.9-5.0.5.EL Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2005-04-28T00:00:00 RHSA-2005:283 Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2005-04-28T00:00:00 RHSA-2005:284 Red Hat Enterprise Linux ES version 2.1 2005-04-28T00:00:00 RHSA-2005:283 Red Hat Enterprise Linux WS version 2.1 2005-04-28T00:00:00 RHSA-2005:283 Red Hat Linux Advanced Workstation 2.1 2005-04-28T00:00:00 RHSA-2005:284 https://www.cve.org/CVERecord?id=CVE-2005-0750 https://nvd.nist.gov/vuln/detail/CVE-2005-0750 Important 2005-04-15T00:00:00 security flaw

The Plugin Finder Service (PFS) in Firefox before 1.0.3 allows remote attackers to execute arbitrary code via a javascript: URL in the PLUGINSPAGE attribute of an EMBED tag.

Red Hat Enterprise Linux 4 2005-04-21T00:00:00 RHSA-2005:383 firefox-0:1.0.3-1.4.1 https://www.cve.org/CVERecord?id=CVE-2005-0752 https://nvd.nist.gov/vuln/detail/CVE-2005-0752 Moderate 2005-04-18T00:00:00 security flaw

Buffer overflow in CVS before 1.11.20 allows remote attackers to execute arbitrary code.

Red Hat Enterprise Linux 3 2005-04-25T00:00:00 RHSA-2005:387 cvs-0:1.11.2-27 Red Hat Enterprise Linux 4 2005-04-25T00:00:00 RHSA-2005:387 cvs-0:1.11.17-7.RHEL4 https://www.cve.org/CVERecord?id=CVE-2005-0753 https://nvd.nist.gov/vuln/detail/CVE-2005-0753 Critical 2005-04-19T00:00:00 security flaw

Heap-based buffer overflow in RealPlayer 10 and earlier, Helix Player before 10.0.4, and RealOne Player v1 and v2 allows remote attackers to execute arbitrary code via a long hostname in a RAM file.

Red Hat Desktop version 3 Extras 2005-04-20T00:00:00 RHSA-2005:394 Red Hat Desktop version 4 Extras 2005-04-20T00:00:00 RHSA-2005:363 Red Hat Enterprise Linux 4 2005-04-20T00:00:00 RHSA-2005:392 HelixPlayer-1:1.0.4-1.1.EL4.2 https://www.cve.org/CVERecord?id=CVE-2005-0755 https://nvd.nist.gov/vuln/detail/CVE-2005-0755 Important 2005-05-17T00:00:00 security flaw

ptrace in Linux kernel 2.6.8.1 does not properly verify addresses on the amd64 platform, which allows local users to cause a denial of service (kernel crash).

Red Hat Enterprise Linux 3 2005-09-28T00:00:00 RHSA-2005:663 kernel-0:2.4.21-37.EL Red Hat Enterprise Linux 4 2005-10-05T00:00:00 RHSA-2005:514 kernel-0:2.6.9-22.EL https://www.cve.org/CVERecord?id=CVE-2005-0756 https://nvd.nist.gov/vuln/detail/CVE-2005-0756 Moderate 2005-05-18T00:00:00 security flaw

The xattr file system code, as backported in Red Hat Enterprise Linux 3 on 64-bit systems, does not properly handle certain offsets, which allows local users to cause a denial of service (system crash) via certain actions on an ext3 file system with extended attributes enabled.

Red Hat Enterprise Linux 3 2005-05-18T00:00:00 RHSA-2005:294 kernel-0:2.4.21-32.EL https://www.cve.org/CVERecord?id=CVE-2005-0757 https://nvd.nist.gov/vuln/detail/CVE-2005-0757 Low 2005-04-22T00:00:00 security flaw

zgrep in gzip before 1.3.5 does not properly sanitize arguments, which allows local users to execute arbitrary commands via filenames that are injected into a sed script.

Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Red Hat Enterprise Linux 3 2005-06-13T00:00:00 RHSA-2005:357 gzip-0:1.3.3-12.rhel3 Red Hat Enterprise Linux 3 2005-06-16T00:00:00 RHSA-2005:474 bzip2-0:1.0.2-11.EL3.4 Red Hat Enterprise Linux 4 2005-06-13T00:00:00 RHSA-2005:357 gzip-0:1.3.3-15.rhel4 Red Hat Enterprise Linux 4 2005-06-16T00:00:00 RHSA-2005:474 bzip2-0:1.0.2-13.EL4.3 https://www.cve.org/CVERecord?id=CVE-2005-0758 https://nvd.nist.gov/vuln/detail/CVE-2005-0758 Low 2004-03-11T00:00:00 security flaw

ImageMagick before 6.0 allows remote attackers to cause a denial of service (application crash) via a TIFF image with an invalid tag.

Red Hat Enterprise Linux 3 2005-03-23T00:00:00 RHSA-2005:070 ImageMagick-0:5.5.6-13 https://www.cve.org/CVERecord?id=CVE-2005-0759 https://nvd.nist.gov/vuln/detail/CVE-2005-0759 Low 2004-03-11T00:00:00 security flaw

The TIFF decoder in ImageMagick before 6.0 allows remote attackers to cause a denial of service (crash) via a crafted TIFF file.

Red Hat Enterprise Linux 3 2005-03-23T00:00:00 RHSA-2005:070 ImageMagick-0:5.5.6-13 https://www.cve.org/CVERecord?id=CVE-2005-0760 https://nvd.nist.gov/vuln/detail/CVE-2005-0760 Low 2004-06-09T00:00:00 security flaw

Unknown vulnerability in ImageMagick before 6.1.8 allows remote attackers to cause a denial of service (application crash) via a crafted PSD file.

Red Hat Enterprise Linux 3 2005-03-23T00:00:00 RHSA-2005:070 ImageMagick-0:5.5.6-13 https://www.cve.org/CVERecord?id=CVE-2005-0761 https://nvd.nist.gov/vuln/detail/CVE-2005-0761 Moderate 2004-06-09T00:00:00 security flaw

Heap-based buffer overflow in the SGI parser in ImageMagick before 6.0 allows remote attackers to execute arbitrary code via a crafted SGI image file.

Red Hat Enterprise Linux 3 2005-03-23T00:00:00 RHSA-2005:070 ImageMagick-0:5.5.6-13 https://www.cve.org/CVERecord?id=CVE-2005-0762 https://nvd.nist.gov/vuln/detail/CVE-2005-0762 Moderate 2005-03-29T00:00:00 security flaw

Buffer overflow in Midnight Commander (mc) 4.5.55 and earlier may allow attackers to execute arbitrary code.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2005-06-16T00:00:00 RHSA-2005:512 Red Hat Enterprise Linux WS version 2.1 2005-06-16T00:00:00 RHSA-2005:512 Red Hat Linux Advanced Workstation 2.1 2005-06-16T00:00:00 RHSA-2005:512 https://www.cve.org/CVERecord?id=CVE-2005-0763 https://nvd.nist.gov/vuln/detail/CVE-2005-0763 Moderate 2005-03-11T00:00:00 security flaw

Unknown vulnerability in the JXTA dissector in Ethereal 0.10.9 allows remote attackers to cause a denial of service (application crash).

Red Hat Enterprise Linux 3 2005-03-18T00:00:00 RHSA-2005:306 ethereal-0:0.10.10-1.EL3.1 https://www.cve.org/CVERecord?id=CVE-2005-0765 https://nvd.nist.gov/vuln/detail/CVE-2005-0765 Moderate 2005-03-11T00:00:00 security flaw

Unknown vulnerability in the sFlow dissector in Ethereal 0.9.14 through 0.10.9 allows remote attackers to cause a denial of service (application crash).

Red Hat Enterprise Linux 3 2005-03-18T00:00:00 RHSA-2005:306 ethereal-0:0.10.10-1.EL3.1 https://www.cve.org/CVERecord?id=CVE-2005-0766 https://nvd.nist.gov/vuln/detail/CVE-2005-0766 Moderate 2005-02-08T00:00:00 security flaw

Race condition in the Radeon DRI driver for Linux kernel 2.6.8.1 allows local users with DRI privileges to execute arbitrary code as root.

Red Hat Enterprise Linux 4 2005-04-19T00:00:00 RHSA-2005:366 kernel-0:2.6.9-5.0.5.EL https://www.cve.org/CVERecord?id=CVE-2005-0767 https://nvd.nist.gov/vuln/detail/CVE-2005-0767 2004-08-12T00:00:00 security flaw

Multiple cross-site scripting (XSS) vulnerabilities in Phorum before 5.0.15 allow remote attackers to inject arbitrary web script or HTML via (1) the subject line to follow.php or (2) the subject line in the user's personal control panel.

https://www.cve.org/CVERecord?id=CVE-2005-0784 https://nvd.nist.gov/vuln/detail/CVE-2005-0784 Moderate 2005-03-20T00:00:00 security flaw

Evolution 2.0.3 allows remote attackers to cause a denial of service (application crash or hang) via crafted messages, possibly involving charsets in attachment filenames.

Red Hat Enterprise Linux 4 2005-05-04T00:00:00 RHSA-2005:397 evolution-0:2.0.2-16 https://www.cve.org/CVERecord?id=CVE-2005-0806 https://nvd.nist.gov/vuln/detail/CVE-2005-0806 Moderate 2005-03-17T00:00:00 security flaw

Multiple "range checking flaws" in the ISO9660 filesystem handler in Linux 2.6.11 and earlier may allow attackers to cause a denial of service or corrupt memory via a crafted filesystem.

Red Hat Enterprise Linux 3 2005-09-28T00:00:00 RHSA-2005:663 kernel-0:2.4.21-37.EL Red Hat Enterprise Linux 4 2005-04-19T00:00:00 RHSA-2005:366 kernel-0:2.6.9-5.0.5.EL Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2006-02-01T00:00:00 RHSA-2006:0190 Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2006-02-01T00:00:00 RHSA-2006:0191 Red Hat Enterprise Linux ES version 2.1 2006-02-01T00:00:00 RHSA-2006:0191 Red Hat Enterprise Linux WS version 2.1 2006-02-01T00:00:00 RHSA-2006:0191 Red Hat Linux Advanced Workstation 2.1 2006-02-01T00:00:00 RHSA-2006:0190 https://www.cve.org/CVERecord?id=CVE-2005-0815 https://nvd.nist.gov/vuln/detail/CVE-2005-0815 Important 2005-01-28T00:00:00 security flaw

Linux kernel 2.6 before 2.6.11 does not restrict access to the N_MOUSE line discipline for a TTY, which allows local users to gain privileges by injecting mouse or keyboard events into other user sessions.

Red Hat Enterprise Linux 4 2005-04-19T00:00:00 RHSA-2005:366 kernel-0:2.6.9-5.0.5.EL https://www.cve.org/CVERecord?id=CVE-2005-0839 https://nvd.nist.gov/vuln/detail/CVE-2005-0839 Moderate 2005-02-27T00:00:00 security flaw

Integer overflow in Linux kernel 2.6 allows local users to overwrite kernel memory by writing to a sysfs file.

Red Hat Enterprise Linux 4 2005-04-19T00:00:00 RHSA-2005:366 kernel-0:2.6.9-5.0.5.EL https://www.cve.org/CVERecord?id=CVE-2005-0867 https://nvd.nist.gov/vuln/detail/CVE-2005-0867 Moderate 2021-10-02T00:00:00 dnsmasq: DNS cache poisoning from local network may lead to DoS 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CWE-346

Dnsmasq before 2.21 allows remote attackers to poison the DNS cache via answers to queries that were not made by Dnsmasq.

RHOSP deployments are not affected because they pull dnsmasq directly from the rhel-7-server channel. A RHOSP dnsmasq update will therefore not be provided at this time. All RHEL versions are not affected because they have the updated/fixed dnsmasq. Red Hat Enterprise Linux 6 Not affected dnsmasq Red Hat Enterprise Linux 7 Not affected dnsmasq Red Hat Enterprise Linux 8 Not affected dnsmasq Red Hat Enterprise Linux 9 Not affected dnsmasq Red Hat OpenStack Platform 10 (Newton) Not affected dnsmasq Red Hat OpenStack Platform 13 (Queens) Not affected dnsmasq https://www.cve.org/CVERecord?id=CVE-2005-0877 https://nvd.nist.gov/vuln/detail/CVE-2005-0877 Important 2005-03-26T00:00:00 security flaw

Double free vulnerability in gtk 2 (gtk2) before 2.2.4 allows remote attackers to cause a denial of service (crash) via a crafted BMP image.

Red Hat Enterprise Linux 3 2005-04-05T00:00:00 RHSA-2005:343 gdk-pixbuf-1:0.22.0-12.el3 Red Hat Enterprise Linux 3 2005-04-01T00:00:00 RHSA-2005:344 gtk2-0:2.2.4-15 Red Hat Enterprise Linux 4 2005-04-05T00:00:00 RHSA-2005:343 gdk-pixbuf-1:0.22.0-16.el4 Red Hat Enterprise Linux 4 2005-04-01T00:00:00 RHSA-2005:344 gtk2-0:2.4.13-14 https://www.cve.org/CVERecord?id=CVE-2005-0891 https://nvd.nist.gov/vuln/detail/CVE-2005-0891 Important 2005-02-22T00:00:00 security flaw

Some futex functions in futex.c for Linux kernel 2.6.x perform get_user calls while holding the mmap_sem semaphore, which could allow local users to cause a deadlock condition in do_page_fault by triggering get_user faults while another thread is executing mmap or other functions.

Red Hat Enterprise Linux 4 2005-06-08T00:00:00 RHSA-2005:420 kernel-0:2.6.9-11.EL https://www.cve.org/CVERecord?id=CVE-2005-0937 https://nvd.nist.gov/vuln/detail/CVE-2005-0937 Important 2005-04-12T00:00:00 security flaw

The StgCompObjStream::Load function in OpenOffice.org OpenOffice 1.1.4 and earlier allocates memory based on 16 bit length values, but process memory using 32 bit values, which allows remote attackers to cause a denial of service and possibly execute arbitrary code via a DOC document with certain length values, which leads to a heap-based buffer overflow.

Red Hat Enterprise Linux 3 2005-04-25T00:00:00 RHSA-2005:375 openoffice.org-0:1.1.2-24.2.0.EL3 Red Hat Enterprise Linux 4 2005-04-25T00:00:00 RHSA-2005:375 openoffice.org-0:1.1.2-24.6.0.EL4 https://www.cve.org/CVERecord?id=CVE-2005-0941 https://nvd.nist.gov/vuln/detail/CVE-2005-0941 Low 2005-03-30T00:00:00 security flaw

Race condition in bzip2 1.0.2 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by bzip2 after the decompression is complete.

Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Red Hat Enterprise Linux 3 2005-06-16T00:00:00 RHSA-2005:474 bzip2-0:1.0.2-11.EL3.4 Red Hat Enterprise Linux 4 2005-06-16T00:00:00 RHSA-2005:474 bzip2-0:1.0.2-13.EL4.3 https://www.cve.org/CVERecord?id=CVE-2005-0953 https://nvd.nist.gov/vuln/detail/CVE-2005-0953 Important 2005-04-01T00:00:00 security flaw

The gaim_markup_strip_html function in Gaim 1.2.0, and possibly earlier versions, allows remote attackers to cause a denial of service (application crash) via a string that contains malformed HTML, which causes an out-of-bounds read.

https://www.cve.org/CVERecord?id=CVE-2005-0965 https://nvd.nist.gov/vuln/detail/CVE-2005-0965 Important 2005-04-01T00:00:00 security flaw

The IRC protocol plugin in Gaim 1.2.0, and possibly earlier versions, allows (1) remote attackers to inject arbitrary Gaim markup via irc_msg_kick, irc_msg_mode, irc_msg_part, irc_msg_quit, (2) remote attackers to inject arbitrary Pango markup and pop up empty dialog boxes via irc_msg_invite, or (3) malicious IRC servers to cause a denial of service (application crash) by injecting certain Pango markup into irc_msg_badmode, irc_msg_banned, irc_msg_unknown, irc_msg_nochan functions.

https://www.cve.org/CVERecord?id=CVE-2005-0966 https://nvd.nist.gov/vuln/detail/CVE-2005-0966 Moderate 2005-03-28T00:00:00 security flaw

Gaim 1.2.0 allows remote attackers to cause a denial of service (application crash) via a malformed file transfer request to a Jabber user, which leads to an out-of-bounds read.

https://www.cve.org/CVERecord?id=CVE-2005-0967 https://nvd.nist.gov/vuln/detail/CVE-2005-0967 Moderate 2005-02-05T00:00:00 security flaw

The shmem_nopage function in shmem.c for the tmpfs driver in Linux kernel 2.6 does not properly verify the address argument, which allows local users to cause a denial of service (kernel crash) via an invalid address.

Red Hat Enterprise Linux 4 2005-04-19T00:00:00 RHSA-2005:366 kernel-0:2.6.9-5.0.5.EL https://www.cve.org/CVERecord?id=CVE-2005-0977 https://nvd.nist.gov/vuln/detail/CVE-2005-0977 Low 2005-04-04T00:00:00 security flaw

Race condition in gzip 1.2.4, 1.3.3, and earlier, when decompressing a gzipped file, allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by gzip after the decompression is complete.

Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Red Hat Enterprise Linux 3 2005-06-13T00:00:00 RHSA-2005:357 gzip-0:1.3.3-12.rhel3 Red Hat Enterprise Linux 4 2005-06-13T00:00:00 RHSA-2005:357 gzip-0:1.3.3-15.rhel4 https://www.cve.org/CVERecord?id=CVE-2005-0988 https://nvd.nist.gov/vuln/detail/CVE-2005-0988 Important 2005-04-15T00:00:00 security flaw

The find_replen function in jsstr.c in the Javascript engine for Mozilla Suite 1.7.6, Firefox 1.0.1 and 1.0.2, and Netscape 7.2 allows remote attackers to read portions of heap memory in a Javascript string via the lambda replace method.

Red Hat Enterprise Linux 4 2005-04-21T00:00:00 RHSA-2005:383 firefox-0:1.0.3-1.4.1 Red Hat Enterprise Linux 4 2005-04-26T00:00:00 RHSA-2005:386 devhelp-0:0.9.2-2.4.4 Red Hat Enterprise Linux 4 2005-07-21T00:00:00 RHSA-2005:601 thunderbird-0:1.0.6-1.4.1 https://www.cve.org/CVERecord?id=CVE-2005-0989 https://nvd.nist.gov/vuln/detail/CVE-2005-0989 Low 2005-03-31T00:00:00 security flaw

unshar (unshar.c) in sharutils 4.2.1 allows local users to overwrite arbitrary files via a symlink attack on the unsh.X temporary file.

Red Hat Enterprise Linux 3 2005-04-26T00:00:00 RHSA-2005:377 sharutils-0:4.2.1-16.2 Red Hat Enterprise Linux 4 2005-04-26T00:00:00 RHSA-2005:377 sharutils-0:4.2.1-22.2 https://www.cve.org/CVERecord?id=CVE-2005-0990 https://nvd.nist.gov/vuln/detail/CVE-2005-0990 Low 2005-04-06T00:00:00 security flaw

crontab in Vixie cron 4.1, when running with the -e option, allows local users to read the cron files of other users by changing the file being edited to a symlink. NOTE: there is insufficient information to know whether this is a duplicate of CVE-2001-0235.

Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Red Hat Enterprise Linux 3 2006-03-15T00:00:00 RHSA-2006:0117 vixie-cron-0:4.1-10.EL3 Red Hat Enterprise Linux 4 2005-10-05T00:00:00 RHSA-2005:361 vixie-cron-4:4.1-36.EL4 https://www.cve.org/CVERecord?id=CVE-2005-1038 https://nvd.nist.gov/vuln/detail/CVE-2005-1038 Important 2005-03-19T00:00:00 security flaw

The fib_seq_start function in fib_hash.c in Linux kernel allows local users to cause a denial of service (system crash) via /proc/net/route.

Red Hat Enterprise Linux 4 2005-04-19T00:00:00 RHSA-2005:366 kernel-0:2.6.9-5.0.5.EL https://www.cve.org/CVERecord?id=CVE-2005-1041 https://nvd.nist.gov/vuln/detail/CVE-2005-1041 Moderate 2005-03-31T00:00:00 security flaw

Integer overflow in the exif_process_IFD_TAG function in exif.c in PHP before 4.3.11 may allow remote attackers to execute arbitrary code via an IFD tag that leads to a negative byte count.

Red Hat Enterprise Linux 3 2005-04-28T00:00:00 RHSA-2005:405 php-0:4.3.2-23.ent Red Hat Enterprise Linux 4 2005-05-04T00:00:00 RHSA-2005:406 php-0:4.3.9-3.6 https://www.cve.org/CVERecord?id=CVE-2005-1042 https://nvd.nist.gov/vuln/detail/CVE-2005-1042 Moderate 2005-03-31T00:00:00 security flaw

exif.c in PHP before 4.3.11 allows remote attackers to cause a denial of service (memory consumption and crash) via an EXIF header with a large IFD nesting level, which causes significant stack recursion.

Red Hat Enterprise Linux 3 2005-04-28T00:00:00 RHSA-2005:405 php-0:4.3.2-23.ent Red Hat Enterprise Linux 4 2005-05-04T00:00:00 RHSA-2005:406 php-0:4.3.9-3.6 https://www.cve.org/CVERecord?id=CVE-2005-1043 https://nvd.nist.gov/vuln/detail/CVE-2005-1043 Important 2005-03-24T00:00:00 security flaw

Buffer overflow in the kimgio library for KDE 3.4.0 allows remote attackers to execute arbitrary code via a crafted PCX image file.

Red Hat Enterprise Linux 4 2005-05-17T00:00:00 RHSA-2005:393 kdelibs-6:3.3.1-3.10 https://www.cve.org/CVERecord?id=CVE-2005-1046 https://nvd.nist.gov/vuln/detail/CVE-2005-1046 Moderate 2004-10-28T00:00:00 security flaw

The secure script in LogWatch before 2.6-2 allows attackers to prevent LogWatch from detecting malicious activity via certain strings in the secure file that are later used as part of a regular expression, which causes the parser to crash, aka "logwatch log processing regular expression DoS."

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2005-04-19T00:00:00 RHSA-2005:364 Red Hat Enterprise Linux ES version 2.1 2005-04-19T00:00:00 RHSA-2005:364 Red Hat Enterprise Linux WS version 2.1 2005-04-19T00:00:00 RHSA-2005:364 Red Hat Linux Advanced Workstation 2.1 2005-04-19T00:00:00 RHSA-2005:364 https://www.cve.org/CVERecord?id=CVE-2005-1061 https://nvd.nist.gov/vuln/detail/CVE-2005-1061 Low 2005-01-04T00:00:00 jar: directory traversal vulnerability 2.6 AV:N/AC:H/Au:N/C:N/I:P/A:N CWE-22

Directory traversal vulnerability in the Java Archive Tool (Jar) utility in J2SE SDK 1.4.2 and 1.5, and OpenJDK, allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in filenames in a .jar file.

A directory traversal flaw was found in the way the jar tool extracted JAR archive files. A specially crafted JAR archive could cause jar to overwrite arbitrary files writable by the user running jar when the archive was extracted.

Oracle Java for Red Hat Enterprise Linux 5 2015-04-20T00:00:00 RHSA-2015:0857 java-1.7.0-oracle-1:1.7.0.79-1jpp.1.el5_11 Oracle Java for Red Hat Enterprise Linux 5 2015-04-20T00:00:00 RHSA-2015:0858 java-1.6.0-sun-1:1.6.0.95-1jpp.3.el5_11 Oracle Java for Red Hat Enterprise Linux 6 2015-04-17T00:00:00 RHSA-2015:0854 java-1.8.0-oracle-1:1.8.0.45-1jpp.2.el6_6 Oracle Java for Red Hat Enterprise Linux 6 2015-04-20T00:00:00 RHSA-2015:0857 java-1.7.0-oracle-1:1.7.0.79-1jpp.1.el6_6 Oracle Java for Red Hat Enterprise Linux 6 2015-04-20T00:00:00 RHSA-2015:0858 java-1.6.0-sun-1:1.6.0.95-1jpp.3.el6_6 Oracle Java for Red Hat Enterprise Linux 7 2015-04-17T00:00:00 RHSA-2015:0854 java-1.8.0-oracle-1:1.8.0.45-1jpp.2.el7_1 Oracle Java for Red Hat Enterprise Linux 7 2015-04-20T00:00:00 RHSA-2015:0857 java-1.7.0-oracle-1:1.7.0.79-1jpp.1.el7_1 Oracle Java for Red Hat Enterprise Linux 7 2015-04-20T00:00:00 RHSA-2015:0858 java-1.6.0-sun-1:1.6.0.95-1jpp.3.el7_1 Red Hat Enterprise Linux 5 2015-04-14T00:00:00 RHSA-2015:0807 java-1.7.0-openjdk-1:1.7.0.79-2.5.5.2.el5_11 Red Hat Enterprise Linux 5 2015-04-15T00:00:00 RHSA-2015:0808 java-1.6.0-openjdk-1:1.6.0.35-1.13.7.1.el5_11 Red Hat Enterprise Linux 5 Supplementary 2015-05-13T00:00:00 RHSA-2015:1006 java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el5 Red Hat Enterprise Linux 5 Supplementary 2015-05-13T00:00:00 RHSA-2015:1007 java-1.7.0-ibm-1:1.7.0.9.0-1jpp.1.el5 Red Hat Enterprise Linux 5 Supplementary 2015-05-20T00:00:00 RHSA-2015:1021 java-1.5.0-ibm-1:1.5.0.16.10-1jpp.1.el5 Red Hat Enterprise Linux 6 2015-04-15T00:00:00 RHSA-2015:0806 java-1.7.0-openjdk-1:1.7.0.79-2.5.5.1.el6_6 Red Hat Enterprise Linux 6 2015-04-15T00:00:00 RHSA-2015:0808 java-1.6.0-openjdk-1:1.6.0.35-1.13.7.1.el6_6 Red Hat Enterprise Linux 6 2015-04-15T00:00:00 RHSA-2015:0809 java-1.8.0-openjdk-1:1.8.0.45-28.b13.el6_6 Red Hat Enterprise Linux 7 2015-04-15T00:00:00 RHSA-2015:0806 java-1.7.0-openjdk-1:1.7.0.79-2.5.5.1.ael7b_1 Red Hat Enterprise Linux 7 2015-04-15T00:00:00 RHSA-2015:0808 java-1.6.0-openjdk-1:1.6.0.35-1.13.7.1.el7_1 Red Hat Enterprise Linux 7 2015-04-15T00:00:00 RHSA-2015:0809 java-1.8.0-openjdk-1:1.8.0.45-30.b13.ael7b_1 Red Hat Satellite 5.6 2015-06-11T00:00:00 RHSA-2015:1091 java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el5 Red Hat Satellite 5.7 2015-06-11T00:00:00 RHSA-2015:1091 java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6 Supplementary for Red Hat Enterprise Linux 6 2015-05-13T00:00:00 RHSA-2015:1006 java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6 Supplementary for Red Hat Enterprise Linux 6 2015-05-20T00:00:00 RHSA-2015:1020 java-1.7.1-ibm-1:1.7.1.3.0-1jpp.2.el6_6 Supplementary for Red Hat Enterprise Linux 6 2015-05-20T00:00:00 RHSA-2015:1021 java-1.5.0-ibm-1:1.5.0.16.10-1jpp.1.el6_6 Supplementary for Red Hat Enterprise Linux 7 2015-05-20T00:00:00 RHSA-2015:1020 java-1.7.1-ibm-1:1.7.1.3.0-1jpp.2.ael7b_1 https://www.cve.org/CVERecord?id=CVE-2005-1080 https://nvd.nist.gov/vuln/detail/CVE-2005-1080 Moderate 2005-04-13T00:00:00 security flaw

Race condition in cpio 2.6 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by cpio after the decompression is complete.

Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Red Hat Enterprise Linux 3 2005-07-21T00:00:00 RHSA-2005:378 cpio-0:2.5-4.RHEL3 Red Hat Enterprise Linux 4 2005-07-21T00:00:00 RHSA-2005:378 cpio-0:2.5-8.RHEL4 Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2005-11-10T00:00:00 RHSA-2005:806 Red Hat Enterprise Linux ES version 2.1 2005-11-10T00:00:00 RHSA-2005:806 Red Hat Enterprise Linux WS version 2.1 2005-11-10T00:00:00 RHSA-2005:806 Red Hat Linux Advanced Workstation 2.1 2005-11-10T00:00:00 RHSA-2005:806 https://www.cve.org/CVERecord?id=CVE-2005-1111 https://nvd.nist.gov/vuln/detail/CVE-2005-1111

Sudo VISudo 1.6.8 and earlier allows local users to corrupt arbitrary files via a symlink attack on temporary files.

We do not consider this a security issue, the bug can only manifest if the software is invoked on a sudoers file that is contained in a world writable directory. https://www.cve.org/CVERecord?id=CVE-2005-1119 https://nvd.nist.gov/vuln/detail/CVE-2005-1119 Moderate 2005-04-15T00:00:00 security flaw

Firefox before 1.0.3 and Mozilla Suite before 1.7.7, when blocking a popup, allows remote attackers to execute arbitrary code via a javascript: URL that is executed when the user selects the "Show javascript" option.

Red Hat Enterprise Linux 4 2005-04-21T00:00:00 RHSA-2005:383 firefox-0:1.0.3-1.4.1 Red Hat Enterprise Linux 4 2005-04-26T00:00:00 RHSA-2005:386 devhelp-0:0.9.2-2.4.4 https://www.cve.org/CVERecord?id=CVE-2005-1153 https://nvd.nist.gov/vuln/detail/CVE-2005-1153 Moderate 2005-04-15T00:00:00 security flaw

Firefox before 1.0.3 and Mozilla Suite before 1.7.7 allows remote attackers to execute arbitrary script in other domains via a setter function for a variable in the target domain, which is executed when the user visits that domain, aka "Cross-site scripting through global scope pollution."

Red Hat Enterprise Linux 4 2005-04-21T00:00:00 RHSA-2005:383 firefox-0:1.0.3-1.4.1 Red Hat Enterprise Linux 4 2005-04-26T00:00:00 RHSA-2005:386 devhelp-0:0.9.2-2.4.4 https://www.cve.org/CVERecord?id=CVE-2005-1154 https://nvd.nist.gov/vuln/detail/CVE-2005-1154 Important 2005-04-15T00:00:00 security flaw

The favicon functionality in Firefox before 1.0.3 and Mozilla Suite before 1.7.7 allows remote attackers to execute arbitrary code via a <LINK rel="icon"> tag with a javascript: URL in the href attribute, aka "Firelinking."

Red Hat Enterprise Linux 4 2005-04-21T00:00:00 RHSA-2005:383 firefox-0:1.0.3-1.4.1 Red Hat Enterprise Linux 4 2005-04-26T00:00:00 RHSA-2005:386 devhelp-0:0.9.2-2.4.4 https://www.cve.org/CVERecord?id=CVE-2005-1155 https://nvd.nist.gov/vuln/detail/CVE-2005-1155 Moderate 2005-04-15T00:00:00 security flaw

Firefox before 1.0.3, Mozilla Suite before 1.7.7, and Netscape 7.2 allows remote attackers to execute arbitrary script and code via a new search plugin using sidebar.addSearchEngine, aka "Firesearching 1."

Red Hat Enterprise Linux 4 2005-04-21T00:00:00 RHSA-2005:383 firefox-0:1.0.3-1.4.1 Red Hat Enterprise Linux 4 2005-04-26T00:00:00 RHSA-2005:386 devhelp-0:0.9.2-2.4.4 https://www.cve.org/CVERecord?id=CVE-2005-1156 https://nvd.nist.gov/vuln/detail/CVE-2005-1156 Moderate 2005-04-15T00:00:00 security flaw

Firefox before 1.0.3, Mozilla Suite before 1.7.7, and Netscape 7.2 allows remote attackers to replace existing search plugins with malicious ones using sidebar.addSearchEngine and the same filename as the target engine, which may not be displayed in the GUI, which could then be used to execute malicious script, aka "Firesearching 2."

Red Hat Enterprise Linux 4 2005-04-21T00:00:00 RHSA-2005:383 firefox-0:1.0.3-1.4.1 Red Hat Enterprise Linux 4 2005-04-26T00:00:00 RHSA-2005:386 devhelp-0:0.9.2-2.4.4 https://www.cve.org/CVERecord?id=CVE-2005-1157 https://nvd.nist.gov/vuln/detail/CVE-2005-1157 Important 2005-04-15T00:00:00 security flaw

Multiple "missing security checks" in Firefox before 1.0.3 allow remote attackers to inject arbitrary Javascript into privileged pages using the _search target of the Firefox sidebar.

Red Hat Enterprise Linux 4 2005-04-21T00:00:00 RHSA-2005:383 firefox-0:1.0.3-1.4.1 https://www.cve.org/CVERecord?id=CVE-2005-1158 https://nvd.nist.gov/vuln/detail/CVE-2005-1158 Moderate 2005-04-15T00:00:00 security flaw

The native implementations of InstallTrigger and other functions in Firefox before 1.0.3 and Mozilla Suite before 1.7.7 do not properly verify the types of objects being accessed, which causes the Javascript interpreter to continue execution at the wrong memory address, which may allow attackers to cause a denial of service (application crash) and possibly execute arbitrary code by passing objects of the wrong type.

Red Hat Enterprise Linux 4 2005-04-21T00:00:00 RHSA-2005:383 firefox-0:1.0.3-1.4.1 Red Hat Enterprise Linux 4 2005-04-26T00:00:00 RHSA-2005:386 devhelp-0:0.9.2-2.4.4 Red Hat Enterprise Linux 4 2005-07-21T00:00:00 RHSA-2005:601 thunderbird-0:1.0.6-1.4.1 https://www.cve.org/CVERecord?id=CVE-2005-1159 https://nvd.nist.gov/vuln/detail/CVE-2005-1159 Important 2005-04-15T00:00:00 security flaw

The privileged "chrome" UI code in Firefox before 1.0.3 and Mozilla Suite before 1.7.7 allows remote attackers to gain privileges by overriding certain properties or methods of DOM nodes, as demonstrated using multiple attacks involving the eval function or the Script object.

Red Hat Enterprise Linux 4 2005-04-21T00:00:00 RHSA-2005:383 firefox-0:1.0.3-1.4.1 Red Hat Enterprise Linux 4 2005-04-26T00:00:00 RHSA-2005:386 devhelp-0:0.9.2-2.4.4 Red Hat Enterprise Linux 4 2005-07-21T00:00:00 RHSA-2005:601 thunderbird-0:1.0.6-1.4.1 https://www.cve.org/CVERecord?id=CVE-2005-1160 https://nvd.nist.gov/vuln/detail/CVE-2005-1160 Important 2005-07-12T00:00:00 security flaw

MIT Kerberos 5 (krb5) 1.3 through 1.4.1 Key Distribution Center (KDC) allows remote attackers to cause a denial of service (application crash) via a certain valid TCP connection that causes a free of unallocated memory.

Red Hat would like to thank Daniel Wachdorf and the MIT Kerberos project for reporting this issue. Red Hat Enterprise Linux 4 2005-07-12T00:00:00 RHSA-2005:567 krb5-0:1.3.4-17 https://www.cve.org/CVERecord?id=CVE-2005-1174 https://nvd.nist.gov/vuln/detail/CVE-2005-1174 Moderate 2005-07-12T00:00:00 security flaw

Heap-based buffer overflow in the Key Distribution Center (KDC) in MIT Kerberos 5 (krb5) 1.4.1 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a certain valid TCP or UDP request.

Red Hat would like to thank Daniel Wachdorf and the MIT Kerberos project for reporting this issue. Red Hat Enterprise Linux 3 2005-07-12T00:00:00 RHSA-2005:562 krb5-0:1.2.7-47 Red Hat Enterprise Linux 4 2005-07-12T00:00:00 RHSA-2005:567 krb5-0:1.3.4-17 https://www.cve.org/CVERecord?id=CVE-2005-1175 https://nvd.nist.gov/vuln/detail/CVE-2005-1175 Low 2005-03-31T00:00:00 security flaw

Stack-based buffer overflow in the ieee_putascii function for nasm 0.98 and earlier allows attackers to execute arbitrary code via a crafted asm file, a different vulnerability than CVE-2004-1287.

Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Red Hat Enterprise Linux 3 2005-05-04T00:00:00 RHSA-2005:381 nasm-0:0.98.35-3.EL3 Red Hat Enterprise Linux 4 2005-05-04T00:00:00 RHSA-2005:381 nasm-0:0.98.38-3.EL4 https://www.cve.org/CVERecord?id=CVE-2005-1194 https://nvd.nist.gov/vuln/detail/CVE-2005-1194 Low 2005-04-18T00:00:00 security flaw

Directory traversal vulnerability in gunzip -N in gzip 1.2.4 through 1.3.5 allows remote attackers to write to arbitrary directories via a .. (dot dot) in the original filename within a compressed file.

Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Red Hat Enterprise Linux 3 2005-06-13T00:00:00 RHSA-2005:357 gzip-0:1.3.3-12.rhel3 Red Hat Enterprise Linux 4 2005-06-13T00:00:00 RHSA-2005:357 gzip-0:1.3.3-15.rhel4 https://www.cve.org/CVERecord?id=CVE-2005-1228 https://nvd.nist.gov/vuln/detail/CVE-2005-1228 Low 2005-04-20T00:00:00 cpio directory traversal issue

Directory traversal vulnerability in cpio 2.6 and earlier allows remote attackers to write to arbitrary directories via a .. (dot dot) in a cpio file.

This is defined and documented behaviour: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=156313 https://www.cve.org/CVERecord?id=CVE-2005-1229 https://nvd.nist.gov/vuln/detail/CVE-2005-1229 Low 2005-02-15T00:00:00 security flaw

bzip2 allows remote attackers to cause a denial of service (hard drive consumption) via a crafted bzip2 file that causes an infinite loop (a.k.a "decompression bomb").

Red Hat Enterprise Linux 3 2005-06-16T00:00:00 RHSA-2005:474 bzip2-0:1.0.2-11.EL3.4 Red Hat Enterprise Linux 4 2005-06-16T00:00:00 RHSA-2005:474 bzip2-0:1.0.2-13.EL4.3 https://www.cve.org/CVERecord?id=CVE-2005-1260 https://nvd.nist.gov/vuln/detail/CVE-2005-1260 Critical 2005-05-11T00:00:00 security flaw

Stack-based buffer overflow in the URL parsing function in Gaim before 1.3.0 allows remote attackers to execute arbitrary code via an instant message (IM) with a large URL.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2005-05-11T00:00:00 RHSA-2005:432 Red Hat Enterprise Linux ES version 2.1 2005-05-11T00:00:00 RHSA-2005:432 Red Hat Enterprise Linux WS version 2.1 2005-05-11T00:00:00 RHSA-2005:432 Red Hat Linux Advanced Workstation 2.1 2005-05-11T00:00:00 RHSA-2005:432 https://www.cve.org/CVERecord?id=CVE-2005-1261 https://nvd.nist.gov/vuln/detail/CVE-2005-1261 Important 2005-05-11T00:00:00 security flaw

Gaim 1.2.1 and earlier allows remote attackers to cause a denial of service (application crash) via a malformed MSN message.

https://www.cve.org/CVERecord?id=CVE-2005-1262 https://nvd.nist.gov/vuln/detail/CVE-2005-1262 Important 2005-05-11T00:00:00 security flaw

The elf_core_dump function in binfmt_elf.c for Linux kernel 2.x.x to 2.2.27-rc2, 2.4.x to 2.4.31-pre1, and 2.6.x to 2.6.12-rc4 allows local users to execute arbitrary code via an ELF binary that, in certain conditions involving the create_elf_tables function, causes a negative length argument to pass a signed integer comparison, leading to a buffer overflow.

Red Hat Enterprise Linux 3 2005-05-25T00:00:00 RHSA-2005:472 kernel-0:2.4.21-32.0.1.EL Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2005-08-25T00:00:00 RHSA-2005:529 Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2005-08-25T00:00:00 RHSA-2005:551 Red Hat Enterprise Linux ES version 2.1 2005-08-25T00:00:00 RHSA-2005:529 Red Hat Enterprise Linux WS version 2.1 2005-08-25T00:00:00 RHSA-2005:529 Red Hat Linux Advanced Workstation 2.1 2005-08-25T00:00:00 RHSA-2005:551 https://www.cve.org/CVERecord?id=CVE-2005-1263 https://nvd.nist.gov/vuln/detail/CVE-2005-1263 Moderate 2005-05-17T00:00:00 security flaw

Raw character devices (raw.c) in the Linux kernel 2.6.x call the wrong function before passing an ioctl to the block device, which crosses security boundaries by making kernel address space accessible from user space, a similar vulnerability to CVE-2005-1589.

Red Hat Enterprise Linux 4 2005-06-08T00:00:00 RHSA-2005:420 kernel-0:2.6.9-11.EL https://www.cve.org/CVERecord?id=CVE-2005-1264 https://nvd.nist.gov/vuln/detail/CVE-2005-1264 Important 2005-05-19T00:00:00 security flaw

The mmap function in the Linux Kernel 2.6.10 can be used to create memory maps with a start address beyond the end address, which allows local users to cause a denial of service (kernel crash).

Red Hat Enterprise Linux 4 2005-10-05T00:00:00 RHSA-2005:514 kernel-0:2.6.9-22.EL https://www.cve.org/CVERecord?id=CVE-2005-1265 https://nvd.nist.gov/vuln/detail/CVE-2005-1265 Moderate 2005-06-15T00:00:00 security flaw

Apache SpamAssassin 3.0.1, 3.0.2, and 3.0.3 allows remote attackers to cause a denial of service (CPU consumption and slowdown) via a message with a long Content-Type header without any boundaries.

Red Hat Enterprise Linux 4 2005-06-23T00:00:00 RHSA-2005:498 spamassassin-0:3.0.4-1.el4 https://www.cve.org/CVERecord?id=CVE-2005-1266 https://nvd.nist.gov/vuln/detail/CVE-2005-1266 Low 2005-06-06T00:00:00 security flaw

The bgp_update_print function in tcpdump 3.x does not properly handle a -1 return value from the decode_prefix4 function, which allows remote attackers to cause a denial of service (infinite loop) via a crafted BGP packet.

Red Hat Enterprise Linux 4 2005-06-13T00:00:00 RHSA-2005:505 tcpdump-14:3.8.2-10.RHEL4 https://www.cve.org/CVERecord?id=CVE-2005-1267 https://nvd.nist.gov/vuln/detail/CVE-2005-1267 Low 2005-06-08T00:00:00 security flaw

Off-by-one error in the mod_ssl Certificate Revocation List (CRL) verification callback in Apache, when configured to use a CRL, allows remote attackers to cause a denial of service (child process crash) via a CRL that causes a buffer overflow of one null byte.

Red Hat Enterprise Linux 3 2005-07-25T00:00:00 RHSA-2005:582 httpd-0:2.0.46-46.2.ent Red Hat Enterprise Linux 4 2005-07-25T00:00:00 RHSA-2005:582 httpd-0:2.0.52-12.1.ent https://www.cve.org/CVERecord?id=CVE-2005-1268 https://nvd.nist.gov/vuln/detail/CVE-2005-1268 Moderate 2005-06-09T00:00:00 security flaw

Gaim before 1.3.1 allows remote attackers to cause a denial of service (application crash) via a Yahoo! message with non-ASCII characters in a file name.

https://www.cve.org/CVERecord?id=CVE-2005-1269 https://nvd.nist.gov/vuln/detail/CVE-2005-1269 Important 2005-04-24T00:00:00 security flaw

Heap-based buffer overflow in the ReadPNMImage function in pnm.c for ImageMagick 6.2.1 and earlier allows remote attackers to cause a denial of service (application crash) via a PNM file with a small colors value.

Red Hat Enterprise Linux 3 2005-05-25T00:00:00 RHSA-2005:413 ImageMagick-0:5.5.6-14 Red Hat Enterprise Linux 4 2005-05-25T00:00:00 RHSA-2005:413 ImageMagick-0:6.0.7.1-11 https://www.cve.org/CVERecord?id=CVE-2005-1275 https://nvd.nist.gov/vuln/detail/CVE-2005-1275 Moderate 2005-04-26T00:00:00 security flaw

The isis_print function, as called by isoclns_print, in tcpdump 3.9.1 and earlier allows remote attackers to cause a denial of service (infinite loop) via a zero length, as demonstrated using a GRE packet.

Red Hat Enterprise Linux 3 2005-05-11T00:00:00 RHSA-2005:421 tcpdump-14:3.7.2-7.E3.5 Red Hat Enterprise Linux 4 2005-05-11T00:00:00 RHSA-2005:417 tcpdump-14:3.8.2-9.RHEL4 https://www.cve.org/CVERecord?id=CVE-2005-1278 https://nvd.nist.gov/vuln/detail/CVE-2005-1278 Moderate 2005-04-26T00:00:00 security flaw

tcpdump 3.8.3 and earlier allows remote attackers to cause a denial of service (infinite loop) via a crafted (1) BGP packet, which is not properly handled by RT_ROUTING_INFO, or (2) LDP packet, which is not properly handled by the ldp_print function.

Red Hat Enterprise Linux 3 2005-05-11T00:00:00 RHSA-2005:421 tcpdump-14:3.7.2-7.E3.5 Red Hat Enterprise Linux 4 2005-05-11T00:00:00 RHSA-2005:417 tcpdump-14:3.8.2-9.RHEL4 https://www.cve.org/CVERecord?id=CVE-2005-1279 https://nvd.nist.gov/vuln/detail/CVE-2005-1279 Moderate 2005-04-26T00:00:00 security flaw

The rsvp_print function in tcpdump 3.9.1 and earlier allows remote attackers to cause a denial of service (infinite loop) via a crafted RSVP packet of length 4.

Red Hat Enterprise Linux 3 2005-05-11T00:00:00 RHSA-2005:421 tcpdump-14:3.7.2-7.E3.5 Red Hat Enterprise Linux 4 2005-05-11T00:00:00 RHSA-2005:417 tcpdump-14:3.8.2-9.RHEL4 https://www.cve.org/CVERecord?id=CVE-2005-1280 https://nvd.nist.gov/vuln/detail/CVE-2005-1280

The Adobe Reader control in Adobe Reader and Acrobat 7.0 and 7.0.1 allows remote attackers to determine the existence of files via Javascript containing XML script, aka the "XML External Entity vulnerability."

Not vulnerable. Adobe told us this issue did not affect the Linux version of Adobe Reader. https://www.cve.org/CVERecord?id=CVE-2005-1306 https://nvd.nist.gov/vuln/detail/CVE-2005-1306

Buffer overflow in htdigest in Apache 2.0.52 may allow attackers to execute arbitrary code via a long realm argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.

Red Hat does not consider this to be a vulnerability. htdigest is not supplied setuid or setgid and should not be run from a CGI program. https://www.cve.org/CVERecord?id=CVE-2005-1344 https://nvd.nist.gov/vuln/detail/CVE-2005-1344 Low 2005-03-04T00:00:00 security flaw

Squid 2.5.STABLE9 and earlier does not trigger a fatal error when it identifies missing or invalid ACLs in the http_access configuration, which could lead to less restrictive ACLs than intended by the administrator.

Red Hat Enterprise Linux 3 2005-06-14T00:00:00 RHSA-2005:415 squid-7:2.5.STABLE3-6.3E.13 Red Hat Enterprise Linux 4 2005-06-14T00:00:00 RHSA-2005:415 squid-7:2.5.STABLE6-3.4E.9 https://www.cve.org/CVERecord?id=CVE-2005-1345 https://nvd.nist.gov/vuln/detail/CVE-2005-1345 Moderate 2005-05-02T00:00:00 security flaw

PostgreSQL 7.3.x through 8.0.x gives public EXECUTE access to certain character conversion functions, which allows unprivileged users to call those functions with malicious values, with unknown impact, aka the "Character conversion vulnerability."

Red Hat Enterprise Linux 3 2005-06-01T00:00:00 RHSA-2005:433 rh-postgresql-0:7.3.10-1 Red Hat Enterprise Linux 4 2005-06-01T00:00:00 RHSA-2005:433 postgresql-0:7.4.8-1.RHEL4.1 https://www.cve.org/CVERecord?id=CVE-2005-1409 https://nvd.nist.gov/vuln/detail/CVE-2005-1409 Moderate 2005-05-02T00:00:00 security flaw

The tsearch2 module in PostgreSQL 7.4 through 8.0.x declares the (1) dex_init, (2) snb_en_init, (3) snb_ru_init, (4) spell_init, and (5) syn_init functions as "internal" even when they do not take an internal argument, which allows attackers to cause a denial of service (application crash) and possibly have other impacts via SQL commands that call other functions that accept internal arguments.

Red Hat Enterprise Linux 3 2005-06-01T00:00:00 RHSA-2005:433 rh-postgresql-0:7.3.10-1 Red Hat Enterprise Linux 4 2005-06-01T00:00:00 RHSA-2005:433 postgresql-0:7.4.8-1.RHEL4.1 https://www.cve.org/CVERecord?id=CVE-2005-1410 https://nvd.nist.gov/vuln/detail/CVE-2005-1410 Moderate 2005-04-28T00:00:00 gnutls record packet parsing DoS [GNUTLS-SA-2005-1]

The "record packet parsing" in GnuTLS 1.2 before 1.2.3 and 1.0 before 1.0.25 allows remote attackers to cause a denial of service, possibly related to padding bytes in gnutils_cipher.c.

Red Hat Enterprise Linux 4 2005-06-01T00:00:00 RHSA-2005:430 gnutls-0:1.0.20-3.2.1 https://www.cve.org/CVERecord?id=CVE-2005-1431 https://nvd.nist.gov/vuln/detail/CVE-2005-1431 Moderate 2005-05-04T00:00:00 security flaw

SQL injection vulnerability in the radius_xlat function in the SQL module for FreeRADIUS 1.0.2 and earlier allows remote authenticated users to execute arbitrary SQL commands via (1) group_membership_query, (2) simul_count_query, or (3) simul_verify_query configuration entries.

Red Hat Enterprise Linux 3 2005-06-23T00:00:00 RHSA-2005:524 freeradius-0:1.0.1-1.1.RHEL3 Red Hat Enterprise Linux 4 2005-06-23T00:00:00 RHSA-2005:524 freeradius-0:1.0.1-3.RHEL4 https://www.cve.org/CVERecord?id=CVE-2005-1454 https://nvd.nist.gov/vuln/detail/CVE-2005-1454 Moderate 2005-05-04T00:00:00 security flaw

Buffer overflow in the sql_escape_func function in the SQL module for FreeRADIUS 1.0.2 and earlier allows remote attackers to cause a denial of service (crash).

Red Hat Enterprise Linux 3 2005-06-23T00:00:00 RHSA-2005:524 freeradius-0:1.0.1-1.1.RHEL3 Red Hat Enterprise Linux 4 2005-06-23T00:00:00 RHSA-2005:524 freeradius-0:1.0.1-3.RHEL4 https://www.cve.org/CVERecord?id=CVE-2005-1455 https://nvd.nist.gov/vuln/detail/CVE-2005-1455 Moderate 2005-05-04T00:00:00 security flaw

Multiple unknown vulnerabilities in the (1) DHCP and (2) Telnet dissectors in Ethereal before 0.10.11 allow remote attackers to cause a denial of service (abort).

Red Hat Enterprise Linux 3 2005-05-24T00:00:00 RHSA-2005:427 ethereal-0:0.10.11-1.EL3.1 https://www.cve.org/CVERecord?id=CVE-2005-1456 https://nvd.nist.gov/vuln/detail/CVE-2005-1456 Moderate 2005-05-04T00:00:00 security flaw

Multiple unknown vulnerabilities in the (1) AIM, (2) LDAP, (3) FibreChannel, (4) GSM_MAP, (5) SRVLOC, and (6) NTLMSSP dissectors in Ethereal before 0.10.11 allow remote attackers to cause a denial of service (crash).

Red Hat Enterprise Linux 3 2005-05-24T00:00:00 RHSA-2005:427 ethereal-0:0.10.11-1.EL3.1 https://www.cve.org/CVERecord?id=CVE-2005-1457 https://nvd.nist.gov/vuln/detail/CVE-2005-1457 Moderate 2005-05-04T00:00:00 security flaw

Multiple unknown "other problems" in the KINK dissector in Ethereal before 0.10.11 have unknown impact and attack vectors.

Red Hat Enterprise Linux 3 2005-05-24T00:00:00 RHSA-2005:427 ethereal-0:0.10.11-1.EL3.1 https://www.cve.org/CVERecord?id=CVE-2005-1458 https://nvd.nist.gov/vuln/detail/CVE-2005-1458 Moderate 2005-05-04T00:00:00 security flaw

Multiple unknown vulnerabilities in the (1) WSP, (2) BER, (3) SMB, (4) NDPS, (5) IAX2, (6) RADIUS, (7) TCAP, (8) MRDISC, (9) 802.3 Slow, (10) SMBMailslot, or (11) SMB PIPE dissectors in Ethereal before 0.10.11 allow remote attackers to cause a denial of service (assert error).

Red Hat Enterprise Linux 3 2005-05-24T00:00:00 RHSA-2005:427 ethereal-0:0.10.11-1.EL3.1 https://www.cve.org/CVERecord?id=CVE-2005-1459 https://nvd.nist.gov/vuln/detail/CVE-2005-1459 Moderate 2005-05-04T00:00:00 security flaw

Multiple unknown dissectors in Ethereal before 0.10.11 allow remote attackers to cause a denial of service (assert error) via an invalid protocol tree item length.

Red Hat Enterprise Linux 3 2005-05-24T00:00:00 RHSA-2005:427 ethereal-0:0.10.11-1.EL3.1 https://www.cve.org/CVERecord?id=CVE-2005-1460 https://nvd.nist.gov/vuln/detail/CVE-2005-1460 Moderate 2005-05-04T00:00:00 security flaw

Multiple buffer overflows in the (1) SIP, (2) CMIP, (3) CMP, (4) CMS, (5) CRMF, (6) ESS, (7) OCSP, (8) X.509, (9) ISIS, (10) DISTCC, (11) FCELS, (12) Q.931, (13) NCP, (14) TCAP, (15) ISUP, (16) MEGACO, (17) PKIX1Explitit, (18) PKIX_Qualified, (19) Presentation dissectors in Ethereal before 0.10.11 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code.

Red Hat Enterprise Linux 3 2005-05-24T00:00:00 RHSA-2005:427 ethereal-0:0.10.11-1.EL3.1 https://www.cve.org/CVERecord?id=CVE-2005-1461 https://nvd.nist.gov/vuln/detail/CVE-2005-1461 Moderate 2005-05-04T00:00:00 security flaw

Double free vulnerability in the ICEP dissector in Ethereal before 0.10.11 may allow remote attackers to execute arbitrary code.

Red Hat Enterprise Linux 3 2005-05-24T00:00:00 RHSA-2005:427 ethereal-0:0.10.11-1.EL3.1 https://www.cve.org/CVERecord?id=CVE-2005-1462 https://nvd.nist.gov/vuln/detail/CVE-2005-1462 Moderate 2005-05-04T00:00:00 security flaw

Multiple format string vulnerabilities in the (1) DHCP and (2) ANSI A dissectors in Ethereal before 0.10.11 may allow remote attackers to execute arbitrary code.

Red Hat Enterprise Linux 3 2005-05-24T00:00:00 RHSA-2005:427 ethereal-0:0.10.11-1.EL3.1 https://www.cve.org/CVERecord?id=CVE-2005-1463 https://nvd.nist.gov/vuln/detail/CVE-2005-1463 Moderate 2005-05-04T00:00:00 security flaw

Multiple unknown vulnerabilities in the (1) KINK, (2) L2TP, (3) MGCP, (4) EIGRP, (5) DLSw, (6) MEGACO, (7) LMP, and (8) RSVP dissectors in Ethereal before 0.10.11 allow remote attackers to cause a denial of service (infinite loop).

Red Hat Enterprise Linux 3 2005-05-24T00:00:00 RHSA-2005:427 ethereal-0:0.10.11-1.EL3.1 https://www.cve.org/CVERecord?id=CVE-2005-1464 https://nvd.nist.gov/vuln/detail/CVE-2005-1464 Moderate 2005-05-04T00:00:00 security flaw

Unknown vulnerability in the NCP dissector in Ethereal before 0.10.11 allow remote attackers to cause a denial of service (long loop).

Red Hat Enterprise Linux 3 2005-05-24T00:00:00 RHSA-2005:427 ethereal-0:0.10.11-1.EL3.1 https://www.cve.org/CVERecord?id=CVE-2005-1465 https://nvd.nist.gov/vuln/detail/CVE-2005-1465 Moderate 2005-05-04T00:00:00 security flaw

Unknown vulnerability in the DICOM dissector in Ethereal before 0.10.11 allows remote attackers to cause a denial of service (large memory allocation) via unknown vectors.

Red Hat Enterprise Linux 3 2005-05-24T00:00:00 RHSA-2005:427 ethereal-0:0.10.11-1.EL3.1 https://www.cve.org/CVERecord?id=CVE-2005-1466 https://nvd.nist.gov/vuln/detail/CVE-2005-1466 Moderate 2005-05-04T00:00:00 security flaw

Unknown vulnerability in the NDPS dissector in Ethereal before 0.10.11 allows remote attackers to cause a denial of service (memory exhaustion) via unknown vectors.

Red Hat Enterprise Linux 3 2005-05-24T00:00:00 RHSA-2005:427 ethereal-0:0.10.11-1.EL3.1 https://www.cve.org/CVERecord?id=CVE-2005-1467 https://nvd.nist.gov/vuln/detail/CVE-2005-1467 Moderate 2005-05-04T00:00:00 security flaw

Multiple unknown vulnerabilities in the (1) WSP, (2) Q.931, (3) H.245, (4) KINK, (5) MGCP, (6) RPC, (7) SMBMailslot, and (8) SMB NETLOGON dissectors in Ethereal before 0.10.11 allow remote attackers to cause a denial of service (crash) via unknown vectors that lead to a null dereference.

Red Hat Enterprise Linux 3 2005-05-24T00:00:00 RHSA-2005:427 ethereal-0:0.10.11-1.EL3.1 https://www.cve.org/CVERecord?id=CVE-2005-1468 https://nvd.nist.gov/vuln/detail/CVE-2005-1468 Moderate 2005-05-04T00:00:00 security flaw

Unknown vulnerability in the GSM dissector in Ethereal before 0.10.11 allows remote attackers to cause the dissector to access an invalid pointer.

Red Hat Enterprise Linux 3 2005-05-24T00:00:00 RHSA-2005:427 ethereal-0:0.10.11-1.EL3.1 https://www.cve.org/CVERecord?id=CVE-2005-1469 https://nvd.nist.gov/vuln/detail/CVE-2005-1469 Moderate 2005-05-04T00:00:00 security flaw

Multiple unknown vulnerabilities in the (1) TZSP, (2) MGCP, (3) ISUP, (4) SMB, or (5) Bittorrent dissectors in Ethereal before 0.10.11 allow remote attackers to cause a denial of service (segmentation fault) via unknown vectors.

Red Hat Enterprise Linux 3 2005-05-24T00:00:00 RHSA-2005:427 ethereal-0:0.10.11-1.EL3.1 https://www.cve.org/CVERecord?id=CVE-2005-1470 https://nvd.nist.gov/vuln/detail/CVE-2005-1470 Important 2005-05-08T00:00:00 security flaw

Firefox 1.0.3 allows remote attackers to execute arbitrary Javascript in other domains by using an IFRAME and causing the browser to navigate to a previous javascript: URL, which can lead to arbitrary code execution when combined with CVE-2005-1477.

Red Hat Enterprise Linux 4 2005-05-23T00:00:00 RHSA-2005:434 firefox-0:1.0.4-1.4.1 Red Hat Enterprise Linux 4 2005-05-23T00:00:00 RHSA-2005:435 devhelp-0:0.9.2-2.4.5 https://www.cve.org/CVERecord?id=CVE-2005-1476 https://nvd.nist.gov/vuln/detail/CVE-2005-1476 Important 2005-05-08T00:00:00 security flaw

The install function in Firefox 1.0.3 allows remote web sites on the browser's whitelist, such as update.mozilla.org or addon.mozilla.org, to execute arbitrary Javascript with chrome privileges, leading to arbitrary code execution on the system when combined with vulnerabilities such as CVE-2005-1476, as demonstrated using a javascript: URL as the package icon and a cross-site scripting (XSS) attack on a vulnerable whitelist site.

Red Hat Enterprise Linux 4 2005-05-23T00:00:00 RHSA-2005:434 firefox-0:1.0.4-1.4.1 Red Hat Enterprise Linux 4 2005-05-23T00:00:00 RHSA-2005:435 devhelp-0:0.9.2-2.4.5 https://www.cve.org/CVERecord?id=CVE-2005-1477 https://nvd.nist.gov/vuln/detail/CVE-2005-1477 Low 2005-05-11T00:00:00 security flaw

Squid 2.5 STABLE9 and earlier, when the DNS client port is unfiltered and the environment does not prevent IP spoofing, allows remote attackers to spoof DNS lookups.

Red Hat Enterprise Linux 3 2005-06-14T00:00:00 RHSA-2005:415 squid-7:2.5.STABLE3-6.3E.13 Red Hat Enterprise Linux 4 2005-06-14T00:00:00 RHSA-2005:415 squid-7:2.5.STABLE6-3.4E.9 Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2005-06-13T00:00:00 RHSA-2005:489 Red Hat Enterprise Linux ES version 2.1 2005-06-13T00:00:00 RHSA-2005:489 Red Hat Linux Advanced Workstation 2.1 2005-06-13T00:00:00 RHSA-2005:489 https://www.cve.org/CVERecord?id=CVE-2005-1519 https://nvd.nist.gov/vuln/detail/CVE-2005-1519 Important 2005-05-18T00:00:00 security flaw

Firefox before 1.0.4 and Mozilla Suite before 1.7.8 does not properly implement certain security checks for script injection, which allows remote attackers to execute script via "Wrapped" javascript: URLs, as demonstrated using (1) a javascript: URL in a view-source: URL, (2) a javascript: URL in a jar: URL, or (3) "a nested variant."

Red Hat Enterprise Linux 4 2005-05-23T00:00:00 RHSA-2005:434 firefox-0:1.0.4-1.4.1 Red Hat Enterprise Linux 4 2005-05-23T00:00:00 RHSA-2005:435 devhelp-0:0.9.2-2.4.5 https://www.cve.org/CVERecord?id=CVE-2005-1531 https://nvd.nist.gov/vuln/detail/CVE-2005-1531 Important 2005-05-18T00:00:00 security flaw

Firefox before 1.0.4 and Mozilla Suite before 1.7.8 do not properly limit privileges of Javascript eval and Script objects in the calling context, which allows remote attackers to conduct unauthorized activities via "non-DOM property overrides," a variant of CVE-2005-1160.

Red Hat Enterprise Linux 4 2005-05-23T00:00:00 RHSA-2005:434 firefox-0:1.0.4-1.4.1 Red Hat Enterprise Linux 4 2005-05-23T00:00:00 RHSA-2005:435 devhelp-0:0.9.2-2.4.5 Red Hat Enterprise Linux 4 2005-07-21T00:00:00 RHSA-2005:601 thunderbird-0:1.0.6-1.4.1 https://www.cve.org/CVERecord?id=CVE-2005-1532 https://nvd.nist.gov/vuln/detail/CVE-2005-1532

Stack-based buffer overflow in libTIFF before 3.7.2 allows remote attackers to execute arbitrary code via a TIFF file with a malformed BitsPerSample tag.

Not vulnerable. This issue did not affect the versions of libtiff as shipped with Red Hat Enterprise Linux 2.1, 3, or 4. https://www.cve.org/CVERecord?id=CVE-2005-1544 https://nvd.nist.gov/vuln/detail/CVE-2005-1544 Critical 2005-07-06T00:00:00 security flaw

Stack-based buffer overflow in the UnixAppOpenFilePerform function in Adobe Reader 5.0.9 and 5.0.10 for Unix allows remote attackers to execute arbitrary code via a PDF document with a long /Filespec tag.

Red Hat Desktop version 3 Extras 2005-07-08T00:00:00 RHSA-2005:575 Red Hat Desktop version 4 Extras 2005-07-08T00:00:00 RHSA-2005:575 https://www.cve.org/CVERecord?id=CVE-2005-1625 https://nvd.nist.gov/vuln/detail/CVE-2005-1625 Low 2005-05-17T00:00:00 security flaw

mysql_install_db in MySQL 4.1.x before 4.1.12 and 5.x up to 5.0.4 creates the mysql_install_db.X file with a predictable filename and insecure permissions, which allows local users to execute arbitrary SQL commands by modifying the file's contents.

Red Hat Enterprise Linux 4 2005-10-05T00:00:00 RHSA-2005:685 mysql-0:4.1.12-3.RHEL4.1 https://www.cve.org/CVERecord?id=CVE-2005-1636 https://nvd.nist.gov/vuln/detail/CVE-2005-1636 Moderate 2005-05-20T00:00:00 security flaw

Format string vulnerability in gedit 2.10.2 may allow attackers to cause a denial of service (application crash) via a bin file with format string specifiers in the filename. NOTE: while this issue is triggered on the command line by the gedit user, it has been reported that web browsers and email clients could be configured to provide a file name as an argument to gedit, so there is a valid attack that crosses security boundaries.

Red Hat Enterprise Linux 3 2005-06-13T00:00:00 RHSA-2005:499 gedit-1:2.2.2-4.rhel3 Red Hat Enterprise Linux 4 2005-06-13T00:00:00 RHSA-2005:499 gedit-1:2.8.1-4 https://www.cve.org/CVERecord?id=CVE-2005-1686 https://nvd.nist.gov/vuln/detail/CVE-2005-1686 Critical 2005-07-12T00:00:00 security flaw

Double free vulnerability in the krb5_recvauth function in MIT Kerberos 5 (krb5) 1.4.1 and earlier allows remote attackers to execute arbitrary code via certain error conditions.

Red Hat would like to thank the MIT Kerberos project for reporting this issue. Red Hat Enterprise Linux 3 2005-07-12T00:00:00 RHSA-2005:562 krb5-0:1.2.7-47 Red Hat Enterprise Linux 4 2005-07-12T00:00:00 RHSA-2005:567 krb5-0:1.3.4-17 https://www.cve.org/CVERecord?id=CVE-2005-1689 https://nvd.nist.gov/vuln/detail/CVE-2005-1689 Low 2005-05-25T00:00:00 security flaw

Integer overflow in the Binary File Descriptor (BFD) library for gdb before 6.3, binutils, elfutils, and possibly other packages, allows user-assisted attackers to execute arbitrary code via a crafted object file that specifies a large number of section headers, leading to a heap-based buffer overflow.

Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Red Hat Desktop version 3 2005-09-28T00:00:00 RHBA-2005:675 Red Hat Enterprise Linux 3 2005-09-28T00:00:00 RHSA-2005:659 binutils-0:2.14.90.0.4-39 Red Hat Enterprise Linux 3 2006-07-20T00:00:00 RHSA-2006:0368 elfutils-0:0.94.1-2 Red Hat Enterprise Linux 4 2005-10-05T00:00:00 RHSA-2005:673 binutils-0:2.15.92.0.2-15 Red Hat Enterprise Linux 4 2005-10-05T00:00:00 RHSA-2005:709 gdb-0:6.3.0.0-1.63 Red Hat Enterprise Linux 4 2006-08-10T00:00:00 RHSA-2006:0354 elfutils-0:0.97.1-3 Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2005-10-11T00:00:00 RHSA-2005:763 Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2005-10-18T00:00:00 RHSA-2005:801 Red Hat Enterprise Linux AS version 3 2005-09-28T00:00:00 RHBA-2005:675 Red Hat Enterprise Linux ES version 2.1 2005-10-11T00:00:00 RHSA-2005:763 Red Hat Enterprise Linux ES version 2.1 2005-10-18T00:00:00 RHSA-2005:801 Red Hat Enterprise Linux ES version 3 2005-09-28T00:00:00 RHBA-2005:675 Red Hat Enterprise Linux WS version 2.1 2005-10-11T00:00:00 RHSA-2005:763 Red Hat Enterprise Linux WS version 2.1 2005-10-18T00:00:00 RHSA-2005:801 Red Hat Enterprise Linux WS version 3 2005-09-28T00:00:00 RHBA-2005:675 Red Hat Linux Advanced Workstation 2.1 2005-10-11T00:00:00 RHSA-2005:763 Red Hat Linux Advanced Workstation 2.1 2005-10-18T00:00:00 RHSA-2005:801 https://www.cve.org/CVERecord?id=CVE-2005-1704 https://nvd.nist.gov/vuln/detail/CVE-2005-1704 Low 2005-05-25T00:00:00 security flaw

gdb before 6.3 searches the current working directory to load the .gdbinit configuration file, which allows local users to execute arbitrary commands as the user running gdb.

Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Red Hat Desktop version 3 2005-09-28T00:00:00 RHBA-2005:675 Red Hat Enterprise Linux 4 2005-10-05T00:00:00 RHSA-2005:709 gdb-0:6.3.0.0-1.63 Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2005-10-18T00:00:00 RHSA-2005:801 Red Hat Enterprise Linux AS version 3 2005-09-28T00:00:00 RHBA-2005:675 Red Hat Enterprise Linux ES version 2.1 2005-10-18T00:00:00 RHSA-2005:801 Red Hat Enterprise Linux ES version 3 2005-09-28T00:00:00 RHBA-2005:675 Red Hat Enterprise Linux WS version 2.1 2005-10-18T00:00:00 RHSA-2005:801 Red Hat Enterprise Linux WS version 3 2005-09-28T00:00:00 RHBA-2005:675 Red Hat Linux Advanced Workstation 2.1 2005-10-18T00:00:00 RHSA-2005:801 https://www.cve.org/CVERecord?id=CVE-2005-1705 https://nvd.nist.gov/vuln/detail/CVE-2005-1705

Multiple vulnerabilities in the OpenSSL ASN.1 parser, as used in Novell iManager 2.0.2, allows remote attackers to cause a denial of service (NULL pointer dereference) via crafted packets, as demonstrated by "OpenSSL ASN.1 brute forcer." NOTE: this issue might overlap CVE-2004-0079, CVE-2004-0081, or CVE-2004-0112.

Based on our research we believe that the "OpenSSL ASN.1 brute forcer." is actually exploiting flaws CVE-2003-0543, CVE-2003-0544, CVE-2003-0545. Those issues are all addressed in Red Hat Enterprise Linux and therefore CVE-2005-1730 is a duplicate assignment. https://www.cve.org/CVERecord?id=CVE-2005-1730 https://nvd.nist.gov/vuln/detail/CVE-2005-1730 Moderate 2005-04-25T00:00:00 security flaw

The XWD Decoder in ImageMagick before 6.2.2.3, and GraphicsMagick before 1.1.6-r1, allows remote attackers to cause a denial of service (infinite loop) via an image with a zero color mask.

Red Hat Enterprise Linux 3 2005-06-02T00:00:00 RHSA-2005:480 ImageMagick-0:5.5.6-15 Red Hat Enterprise Linux 4 2005-06-02T00:00:00 RHSA-2005:480 ImageMagick-0:6.0.7.1-12 https://www.cve.org/CVERecord?id=CVE-2005-1739 https://nvd.nist.gov/vuln/detail/CVE-2005-1739 Low 2005-05-18T00:00:00 security flaw

fixproc in Net-snmp 5.x before 5.2.1-r1 creates temporary files insecurely, which allows local users to modify the contents of those files to execute arbitrary commands, or overwrite arbitrary files via a symlink attack.

Red Hat Enterprise Linux 3 2005-09-28T00:00:00 RHSA-2005:373 net-snmp-0:5.0.9-2.30E.19 Red Hat Enterprise Linux 4 2005-10-05T00:00:00 RHSA-2005:395 net-snmp-0:5.1.2-11.EL4.6 https://www.cve.org/CVERecord?id=CVE-2005-1740 https://nvd.nist.gov/vuln/detail/CVE-2005-1740 Low 2005-05-24T00:00:00 shtool: insecure temporary file creation CWE-377

Race condition in shtool 2.0.1 and earlier allows local users to create or modify arbitrary files via a symlink attack on the .shtool.$$ temporary file, a different vulnerability than CVE-2005-1759.

Red Hat Enterprise Linux 3 2005-07-07T00:00:00 RHSA-2005:564 php-0:4.3.2-24.ent Red Hat Enterprise Linux 4 2005-07-07T00:00:00 RHSA-2005:564 php-0:4.3.9-3.7 Red Hat Enterprise Linux 4 Not affected nmap Red Hat Enterprise Linux 5 Not affected nmap https://www.cve.org/CVERecord?id=CVE-2005-1751 https://nvd.nist.gov/vuln/detail/CVE-2005-1751

ReadMessage.jsp in JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to view other users' e-mail attachments via a direct request to /mailboxesdir/username@domainname. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to source code and files that do not exist in the mentioned products.

We do not believe this is a security issue; this is a deliberate circumvention of the Javamail API. The Javamail API provides a comprehensive and secure method to retrieve mail. In this example, the author retreives the message directly from the mail directory on the filesystem. Even if the user insists on using this incorrect way of accessing mail, then the permissions set by the dovecot and tomcat packages are enough to protect against direct access to most of the files listed in the bug report. https://www.cve.org/CVERecord?id=CVE-2005-1753 https://nvd.nist.gov/vuln/detail/CVE-2005-1753 Moderate 2005-06-13T00:00:00 security flaw

sysreport 1.3.15 and earlier includes contents of the up2date file in a report, which leaks the password for a proxy server in plaintext and allows local users to gain privileges.

Red Hat Enterprise Linux 3 2005-06-13T00:00:00 RHSA-2005:502 sysreport-0:1.3.7.2-6 https://www.cve.org/CVERecord?id=CVE-2005-1760 https://nvd.nist.gov/vuln/detail/CVE-2005-1760 Important 2005-06-21T00:00:00 security flaw

Linux kernel 2.6 and 2.4 on the IA64 architecture allows local users to cause a denial of service (kernel crash) via ptrace and the restore_sigcontext function.

Red Hat Enterprise Linux 3 2005-09-28T00:00:00 RHSA-2005:663 kernel-0:2.4.21-37.EL Red Hat Enterprise Linux 4 2005-10-05T00:00:00 RHSA-2005:514 kernel-0:2.6.9-22.EL Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2005-08-25T00:00:00 RHSA-2005:551 Red Hat Linux Advanced Workstation 2.1 2005-08-25T00:00:00 RHSA-2005:551 https://www.cve.org/CVERecord?id=CVE-2005-1761 https://nvd.nist.gov/vuln/detail/CVE-2005-1761 Important 2005-05-17T00:00:00 security flaw

The ptrace call in the Linux kernel 2.6.8.1 and 2.6.10 for the AMD64 platform allows local users to cause a denial of service (kernel crash) via a "non-canonical" address.

Red Hat Enterprise Linux 3 2005-09-28T00:00:00 RHSA-2005:663 kernel-0:2.4.21-37.EL Red Hat Enterprise Linux 4 2005-10-05T00:00:00 RHSA-2005:514 kernel-0:2.6.9-22.EL https://www.cve.org/CVERecord?id=CVE-2005-1762 https://nvd.nist.gov/vuln/detail/CVE-2005-1762 Important 2005-05-20T00:00:00 security flaw

Buffer overflow in ptrace in the Linux Kernel for 64-bit architectures allows local users to write bytes into kernel memory.

Red Hat Enterprise Linux 4 2005-10-05T00:00:00 RHSA-2005:514 kernel-0:2.6.9-22.EL https://www.cve.org/CVERecord?id=CVE-2005-1763 https://nvd.nist.gov/vuln/detail/CVE-2005-1763 Critical 2005-06-23T00:00:00 security flaw

Heap-based buffer overflow in rtffplin.cpp in RealPlayer 10.5 6.0.12.1056 on Windows, and 10, 10.0.1.436, and other versions before 10.0.5 on Linux, allows remote attackers to execute arbitrary code via a RealMedia file with a long RealText string, such as an SMIL file.

Red Hat Desktop version 3 Extras 2005-06-23T00:00:00 RHSA-2005:523 Red Hat Desktop version 4 Extras 2005-06-23T00:00:00 RHSA-2005:523 Red Hat Enterprise Linux 4 2005-06-23T00:00:00 RHSA-2005:517 HelixPlayer-1:1.0.5-0.EL4.1 https://www.cve.org/CVERecord?id=CVE-2005-1766 https://nvd.nist.gov/vuln/detail/CVE-2005-1766 Important 2005-06-30T00:00:00 security flaw

traps.c in the Linux kernel 2.6.x and 2.4.x executes stack segment faults on an exception stack, which allows local users to cause a denial of service (oops and stack fault exception).

Red Hat Enterprise Linux 3 2005-09-28T00:00:00 RHSA-2005:663 kernel-0:2.4.21-37.EL https://www.cve.org/CVERecord?id=CVE-2005-1767 https://nvd.nist.gov/vuln/detail/CVE-2005-1767 Important 2005-07-04T00:00:00 security flaw

Race condition in the ia32 compatibility code for the execve system call in Linux kernel 2.4 before 2.4.31 and 2.6 before 2.6.6 allows local users to cause a denial of service (kernel panic) and possibly execute arbitrary code via a concurrent thread that increments a pointer count after the nargs function has counted the pointers, but before the count is copied from user space to kernel space, which leads to a buffer overflow.

Red Hat Enterprise Linux 3 2005-09-28T00:00:00 RHSA-2005:663 kernel-0:2.4.21-37.EL Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2005-08-25T00:00:00 RHSA-2005:551 Red Hat Linux Advanced Workstation 2.1 2005-08-25T00:00:00 RHSA-2005:551 https://www.cve.org/CVERecord?id=CVE-2005-1768 https://nvd.nist.gov/vuln/detail/CVE-2005-1768 Moderate 2005-06-15T00:00:00 security flaw

Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.0 through 1.4.4 allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors in (1) the URL or (2) an e-mail message.

Red Hat Enterprise Linux 3 2005-08-03T00:00:00 RHSA-2005:595 squirrelmail-0:1.4.3a-11.EL3 Red Hat Enterprise Linux 4 2005-08-03T00:00:00 RHSA-2005:595 squirrelmail-0:1.4.3a-12.EL4 https://www.cve.org/CVERecord?id=CVE-2005-1769 https://nvd.nist.gov/vuln/detail/CVE-2005-1769

The design of Advanced Encryption Standard (AES), aka Rijndael, allows remote attackers to recover AES keys via timing attacks on S-box lookups, which are difficult to perform in constant time in AES implementations.

The OpenSSL Team do not consider this issue to be a practical threat. Conducting an attack such as this has shown to be impractical outside of a controlled lab environment. If the OpenSSL Team decide to produce an update to correct this issue, we will consider including it in a future security update. https://www.cve.org/CVERecord?id=CVE-2005-1797 https://nvd.nist.gov/vuln/detail/CVE-2005-1797 Moderate 2005-07-07T00:00:00 security flaw

The control for Adobe Reader 5.0.9 and 5.0.10 on Linux, Solaris, HP-UX, and AIX creates temporary files with the permissions as specified in a user's umask, which could allow local users to read PDF documents of that user if the umask allows it.

Red Hat Desktop version 3 Extras 2005-07-08T00:00:00 RHSA-2005:575 Red Hat Desktop version 4 Extras 2005-07-08T00:00:00 RHSA-2005:575 https://www.cve.org/CVERecord?id=CVE-2005-1841 https://nvd.nist.gov/vuln/detail/CVE-2005-1841 Moderate 2005-07-11T00:00:00 security flaw

The dhcpcd DHCP client before 1.3.22 allows remote attackers to cause a denial of service (daemon crash) via unknown vectors that cause an out-of-bounds memory read.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2005-07-27T00:00:00 RHSA-2005:603 Red Hat Enterprise Linux ES version 2.1 2005-07-27T00:00:00 RHSA-2005:603 Red Hat Enterprise Linux WS version 2.1 2005-07-27T00:00:00 RHSA-2005:603 Red Hat Linux Advanced Workstation 2.1 2005-07-27T00:00:00 RHSA-2005:603 https://www.cve.org/CVERecord?id=CVE-2005-1848 https://nvd.nist.gov/vuln/detail/CVE-2005-1848 Important 2005-08-20T00:00:00 zlib DoS

inftrees.h in zlib 1.2.2 allows remote attackers to cause a denial of service (application crash) via an invalid file that causes a large dynamic tree to be produced.

Red Hat Enterprise Linux 4 2005-07-21T00:00:00 RHSA-2005:584 zlib-0:1.2.1.2-1.2 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0525 rhn-solaris-bootstrap-0:5.0.2-3 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0525 rhn_solaris_bootstrap_5_0_2_3-0:1-0 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0525 rhn-solaris-bootstrap-0:5.0.2-3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0525 rhn_solaris_bootstrap_5_0_2_3-0:1-0 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0264 rhn-solaris-bootstrap-0:5.0.2-3 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0264 rhn_solaris_bootstrap_5_0_2_3-0:1-0 Red Hat Network Satellite Server v 5.1 2008-08-13T00:00:00 RHSA-2008:0629 rhn-solaris-bootstrap-0:5.1.1-3 Red Hat Network Satellite Server v 5.1 2008-08-13T00:00:00 RHSA-2008:0629 rhn_solaris_bootstrap_5_1_1_3-0:1-0 https://www.cve.org/CVERecord?id=CVE-2005-1849 https://nvd.nist.gov/vuln/detail/CVE-2005-1849 Critical 2005-07-21T00:00:00 security flaw

Multiple integer overflows in libgadu, as used in Kopete in KDE 3.2.3 to 3.4.1, ekg before 1.6rc3, GNU Gadu, CenterICQ, Kadu, and other packages, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an incoming message.

Red Hat Enterprise Linux 4 2005-07-22T00:00:00 RHSA-2005:639 kdenetwork-7:3.3.1-2.3 https://www.cve.org/CVERecord?id=CVE-2005-1852 https://nvd.nist.gov/vuln/detail/CVE-2005-1852 Low 2003-07-21T00:00:00 tar archive path traversal issue

The original patch for a GNU tar directory traversal vulnerability (CVE-2002-0399) in Red Hat Enterprise Linux 3 and 2.1 uses an "incorrect optimization" that allows user-assisted attackers to overwrite arbitrary files via a crafted tar file, probably involving "/../" sequences with a leading "/".

Red Hat Enterprise Linux 3 2006-02-21T00:00:00 RHSA-2006:0195 tar-0:1.13.25-14.RHEL3 https://www.cve.org/CVERecord?id=CVE-2005-1918 https://nvd.nist.gov/vuln/detail/CVE-2005-1918 Moderate 2005-07-18T00:00:00 security flaw

The (1) Kate and (2) Kwrite applications in KDE KDE 3.2.x through 3.4.0 do not properly set the same permissions on the backup file as were set on the original file, which could allow local users and possibly remote attackers to obtain sensitive information.

Red Hat Enterprise Linux 4 2005-07-27T00:00:00 RHSA-2005:612 kdelibs-6:3.3.1-3.11 https://www.cve.org/CVERecord?id=CVE-2005-1920 https://nvd.nist.gov/vuln/detail/CVE-2005-1920 Important 2005-06-29T00:00:00 security flaw

Eval injection vulnerability in PEAR XML_RPC 1.3.0 and earlier (aka XML-RPC or xmlrpc) and PHPXMLRPC (aka XML-RPC For PHP or php-xmlrpc) 1.1 and earlier, as used in products such as (1) WordPress, (2) Serendipity, (3) Drupal, (4) egroupware, (5) MailWatch, (6) TikiWiki, (7) phpWebSite, (8) Ampache, and others, allows remote attackers to execute arbitrary PHP code via an XML file, which is not properly sanitized before being used in an eval statement.

Red Hat Enterprise Linux 3 2005-07-07T00:00:00 RHSA-2005:564 php-0:4.3.2-24.ent Red Hat Enterprise Linux 4 2005-07-07T00:00:00 RHSA-2005:564 php-0:4.3.9-3.7 https://www.cve.org/CVERecord?id=CVE-2005-1921 https://nvd.nist.gov/vuln/detail/CVE-2005-1921 Moderate 2005-06-09T00:00:00 security flaw

Gaim before 1.3.1 allows remote attackers to cause a denial of service (crash) via a malformed MSN message that leads to a memory allocation of a large size, possibly due to an integer signedness error.

https://www.cve.org/CVERecord?id=CVE-2005-1934 https://nvd.nist.gov/vuln/detail/CVE-2005-1934 Important 2005-06-06T00:00:00 security flaw

A regression error in Firefox 1.0.3 and Mozilla 1.7.7 allows remote attackers to inject arbitrary Javascript from one page into the frameset of another site, aka the frame injection spoofing vulnerability, a re-introduction of a vulnerability that was originally identified and addressed by CVE-2004-0718.

Red Hat Enterprise Linux 4 2005-07-21T00:00:00 RHSA-2005:586 firefox-0:1.0.6-1.4.1 Red Hat Enterprise Linux 4 2005-07-22T00:00:00 RHSA-2005:587 devhelp-0:0.9.2-2.4.6 https://www.cve.org/CVERecord?id=CVE-2005-1937 https://nvd.nist.gov/vuln/detail/CVE-2005-1937 Moderate 2005-06-17T00:00:00 security flaw

The XMLRPC server in utils.rb for the ruby library (libruby) 1.8 sets an invalid default value that prevents "security protection" using handlers, which allows remote attackers to execute arbitrary commands.

Red Hat Enterprise Linux 4 2005-08-05T00:00:00 RHSA-2005:543 ruby-0:1.8.1-7.EL4.1 https://www.cve.org/CVERecord?id=CVE-2005-1992 https://nvd.nist.gov/vuln/detail/CVE-2005-1992 Moderate 2005-06-20T00:00:00 security flaw

Race condition in sudo 1.3.1 up to 1.6.8p8, when the ALL pseudo-command is used after a user entry in the sudoers file, allows local users to gain privileges via a symlink attack.

Red Hat Enterprise Linux 3 2005-06-29T00:00:00 RHSA-2005:535 sudo-0:1.6.7p5-1.1 Red Hat Enterprise Linux 4 2005-06-29T00:00:00 RHSA-2005:535 sudo-0:1.6.7p5-30.1.1 https://www.cve.org/CVERecord?id=CVE-2005-1993 https://nvd.nist.gov/vuln/detail/CVE-2005-1993 Moderate 2005-06-28T00:00:00 security flaw

pam_ldap and nss_ldap, when used with OpenLDAP and connecting to a slave using TLS, does not use TLS for the subsequent connection if the client is referred to a master, which may cause a password to be sent in cleartext and allows remote attackers to sniff the password.

Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Red Hat Enterprise Linux 3 2005-10-17T00:00:00 RHSA-2005:751 nss_ldap-0:207-17 Red Hat Enterprise Linux 3 2005-10-17T00:00:00 RHSA-2005:751 openldap-0:2.0.27-20 Red Hat Enterprise Linux 4 2005-10-17T00:00:00 RHSA-2005:767 nss_ldap-0:226-10 Red Hat Enterprise Linux 4 2005-10-17T00:00:00 RHSA-2005:767 openldap-0:2.2.13-4 https://www.cve.org/CVERecord?id=CVE-2005-2069 https://nvd.nist.gov/vuln/detail/CVE-2005-2069 Moderate 2005-06-12T00:00:00 security flaw

The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."

Red Hat Enterprise Linux 3 2005-07-25T00:00:00 RHSA-2005:582 httpd-0:2.0.46-46.2.ent Red Hat Enterprise Linux 4 2005-07-25T00:00:00 RHSA-2005:582 httpd-0:2.0.52-12.1.ent https://www.cve.org/CVERecord?id=CVE-2005-2088 https://nvd.nist.gov/vuln/detail/CVE-2005-2088 Moderate 2005-06-06T00:00:00 tomcat multiple content-length header poisioning

Jakarta Tomcat 5.0.19 (Coyote/1.1) and Tomcat 4.1.24 (Coyote/1.0) allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Tomcat to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."

Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 ant-0:1.6.5-1jpp_1rh Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 avalon-logkit-0:1.2-2jpp_4rh Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 axis-0:1.2.1-1jpp_3rh Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 classpathx-jaf-0:1.0-2jpp_6rh Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 classpathx-mail-0:1.1.1-2jpp_8rh Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 geronimo-specs-0:1.0-0.M4.1jpp_10rh Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 jakarta-commons-modeler-0:2.0-3jpp_2rh Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 log4j-0:1.2.12-1jpp_1rh Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 mx4j-1:3.0.1-1jpp_4rh Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 pcsc-lite-0:1.3.3-3.el4 Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 rhpki-ca-0:7.3.0-20.el4 Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 rhpki-java-tools-0:7.3.0-10.el4 Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 rhpki-kra-0:7.3.0-14.el4 Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 rhpki-manage-0:7.3.0-19.el4 Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 rhpki-native-tools-0:7.3.0-6.el4 Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 rhpki-ocsp-0:7.3.0-13.el4 Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 rhpki-tks-0:7.3.0-13.el4 Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 tomcat5-0:5.5.23-0jpp_4rh.16 Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 xerces-j2-0:2.7.1-1jpp_1rh Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 xml-commons-0:1.3.02-2jpp_1rh Red Hat Developer Suite V.3 2007-05-24T00:00:00 RHSA-2007:0328 jakarta-commons-modeler-0:2.0-3jpp_3rh Red Hat Developer Suite V.3 2007-05-24T00:00:00 RHSA-2007:0328 tomcat5-0:5.5.23-0jpp_6rh Red Hat Enterprise Linux 5 2007-05-14T00:00:00 RHSA-2007:0327 jakarta-commons-modeler-0:1.1-8jpp.1.0.2.el5 Red Hat Enterprise Linux 5 2007-05-14T00:00:00 RHSA-2007:0327 tomcat5-0:5.5.23-0jpp.1.0.3.el5 Red Hat Network Satellite Server v 4.0 2007-11-26T00:00:00 RHSA-2007:1069 jakarta-commons-pool-0:1.2-2jpp_2rh Red Hat Network Satellite Server v 4.0 2007-11-26T00:00:00 RHSA-2007:1069 tomcat5-0:5.0.30-0jpp_6rh Red Hat Network Satellite Server v 4.0 2007-11-26T00:00:00 RHSA-2007:1069 tyrex-0:1.0.1-2jpp_2rh Red Hat Network Satellite Server v 4.0 (RHEL3) 2007-11-26T00:00:00 RHSA-2007:1069 jakarta-commons-pool-0:1.2-2jpp_2rh Red Hat Network Satellite Server v 4.0 (RHEL3) 2007-11-26T00:00:00 RHSA-2007:1069 tomcat5-0:5.0.30-0jpp_6rh Red Hat Network Satellite Server v 4.0 (RHEL3) 2007-11-26T00:00:00 RHSA-2007:1069 tyrex-0:1.0.1-2jpp_2rh Red Hat Network Satellite Server v 4.1 2007-11-26T00:00:00 RHSA-2007:1069 jakarta-commons-pool-0:1.2-2jpp_2rh Red Hat Network Satellite Server v 4.1 2007-11-26T00:00:00 RHSA-2007:1069 tomcat5-0:5.0.30-0jpp_6rh Red Hat Network Satellite Server v 4.1 2007-11-26T00:00:00 RHSA-2007:1069 tyrex-0:1.0.1-2jpp_2rh Red Hat Network Satellite Server v 4.1 (RHEL3) 2007-11-26T00:00:00 RHSA-2007:1069 jakarta-commons-pool-0:1.2-2jpp_2rh Red Hat Network Satellite Server v 4.1 (RHEL3) 2007-11-26T00:00:00 RHSA-2007:1069 tomcat5-0:5.0.30-0jpp_6rh Red Hat Network Satellite Server v 4.1 (RHEL3) 2007-11-26T00:00:00 RHSA-2007:1069 tyrex-0:1.0.1-2jpp_2rh Red Hat Network Satellite Server v 4.2 2007-11-26T00:00:00 RHSA-2007:1069 jakarta-commons-pool-0:1.2-2jpp_2rh Red Hat Network Satellite Server v 4.2 2007-11-26T00:00:00 RHSA-2007:1069 tomcat5-0:5.0.30-0jpp_6rh Red Hat Network Satellite Server v 4.2 2007-11-26T00:00:00 RHSA-2007:1069 tyrex-0:1.0.1-2jpp_2rh Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 jabberd-0:2.0s10-3.38.rhn Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 jfreechart-0:0.9.20-3.rhn Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 openmotif21-0:2.1.30-11.RHEL4.6 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 perl-Crypt-CBC-0:2.24-1.el4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 rhn-apache-0:1.3.27-36.rhn.rhel4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 rhn-modjk-0:1.2.23-2rhn.rhel4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 rhn-modperl-0:1.29-16.rhel4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 rhn-modssl-0:2.8.12-8.rhn.10.rhel4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 tomcat5-0:5.0.30-0jpp_10rh Red Hat Network Satellite Server v 4.2 (RHEL3) 2007-11-26T00:00:00 RHSA-2007:1069 jakarta-commons-pool-0:1.2-2jpp_2rh Red Hat Network Satellite Server v 4.2 (RHEL3) 2007-11-26T00:00:00 RHSA-2007:1069 tomcat5-0:5.0.30-0jpp_6rh Red Hat Network Satellite Server v 4.2 (RHEL3) 2007-11-26T00:00:00 RHSA-2007:1069 tyrex-0:1.0.1-2jpp_2rh Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 jabberd-0:2.0s10-3.37.rhn Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 jfreechart-0:0.9.20-3.rhn Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 openmotif21-0:2.1.30-9.RHEL3.8 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 perl-Crypt-CBC-0:2.24-1.el3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 rhn-apache-0:1.3.27-36.rhn.rhel3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 rhn-modjk-0:1.2.23-2rhn.rhel3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 rhn-modperl-0:1.29-16.rhel3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 rhn-modssl-0:2.8.12-8.rhn.10.rhel3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 tomcat5-0:5.0.30-0jpp_10rh Red Hat Network Satellite Server v 5.0 2007-11-26T00:00:00 RHSA-2007:1069 jakarta-commons-pool-0:1.2-2jpp_2rh Red Hat Network Satellite Server v 5.0 2007-11-26T00:00:00 RHSA-2007:1069 tomcat5-0:5.0.30-0jpp_6rh Red Hat Network Satellite Server v 5.0 2007-11-26T00:00:00 RHSA-2007:1069 tyrex-0:1.0.1-2jpp_2rh Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 jabberd-0:2.0s10-3.38.rhn Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 jfreechart-0:0.9.20-3.rhn Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 openmotif21-0:2.1.30-11.RHEL4.6 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 perl-Crypt-CBC-0:2.24-1.el4 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 rhn-apache-0:1.3.27-36.rhn.rhel4 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 rhn-modjk-0:1.2.23-2rhn.rhel4 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 rhn-modperl-0:1.29-16.rhel4 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 rhn-modssl-0:2.8.12-8.rhn.10.rhel4 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 tomcat5-0:5.0.30-0jpp_10rh Red Hat Web Application Stack for RHEL 4 2007-05-24T00:00:00 RHSA-2007:0360 jbossas-0:4.0.5-2.CP04.el4s1.2 RHAPS Version 1 for RHEL 3 2007-05-08T00:00:00 RHSA-2007:0340 tomcat5-0:5.0.30-0jpp_5rh RHAPS Version 2 for RHEL 4 2007-05-21T00:00:00 RHSA-2007:0326 jakarta-commons-modeler-0:2.0-3jpp_2rh RHAPS Version 2 for RHEL 4 2007-05-21T00:00:00 RHSA-2007:0326 tomcat5-0:5.5.23-0jpp_4rh.3 https://www.cve.org/CVERecord?id=CVE-2005-2090 https://nvd.nist.gov/vuln/detail/CVE-2005-2090 Moderate 2005-07-13T00:00:00 security flaw

options_identities.php in SquirrelMail 1.4.4 and earlier uses the extract function to process the $_POST variable, which allows remote attackers to modify or read the preferences of other users, conduct cross-site scripting XSS) attacks, and write arbitrary files.

Red Hat Enterprise Linux 3 2005-08-03T00:00:00 RHSA-2005:595 squirrelmail-0:1.4.3a-11.EL3 Red Hat Enterprise Linux 4 2005-08-03T00:00:00 RHSA-2005:595 squirrelmail-0:1.4.3a-12.EL4 https://www.cve.org/CVERecord?id=CVE-2005-2095 https://nvd.nist.gov/vuln/detail/CVE-2005-2095 Important 2005-07-06T00:00:00 zlib DoS

zlib 1.2 and later versions allows remote attackers to cause a denial of service (crash) via a crafted compressed stream with an incomplete code description of a length greater than 1, which leads to a buffer overflow, as demonstrated using a crafted PNG file.

Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Red Hat Enterprise Linux 4 2005-07-06T00:00:00 RHSA-2005:569 zlib-0:1.2.1.2-1.1 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0525 rhn-solaris-bootstrap-0:5.0.2-3 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0525 rhn_solaris_bootstrap_5_0_2_3-0:1-0 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0525 rhn-solaris-bootstrap-0:5.0.2-3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0525 rhn_solaris_bootstrap_5_0_2_3-0:1-0 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0264 rhn-solaris-bootstrap-0:5.0.2-3 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0264 rhn_solaris_bootstrap_5_0_2_3-0:1-0 Red Hat Network Satellite Server v 5.1 2008-08-13T00:00:00 RHSA-2008:0629 rhn-solaris-bootstrap-0:5.1.1-3 Red Hat Network Satellite Server v 5.1 2008-08-13T00:00:00 RHSA-2008:0629 rhn_solaris_bootstrap_5_1_1_3-0:1-0 https://www.cve.org/CVERecord?id=CVE-2005-2096 https://nvd.nist.gov/vuln/detail/CVE-2005-2096 Important 2005-08-09T00:00:00 security flaw

xpdf and kpdf do not properly validate the "loca" table in PDF files, which allows local users to cause a denial of service (disk consumption and hang) via a PDF file with a "broken" loca table, which causes a large temporary file to be created when xpdf attempts to reconstruct the information.

Red Hat Enterprise Linux 3 2005-08-09T00:00:00 RHSA-2005:706 cups-1:1.1.17-13.3.31 Red Hat Enterprise Linux 4 2005-08-09T00:00:00 RHSA-2005:670 xpdf-1:3.00-11.8 Red Hat Enterprise Linux 4 2005-08-09T00:00:00 RHSA-2005:671 kdegraphics-7:3.3.1-3.4 Red Hat Enterprise Linux 4 2005-08-09T00:00:00 RHSA-2005:706 cups-1:1.1.22-0.rc1.9.7 Red Hat Enterprise Linux 4 2005-08-10T00:00:00 RHSA-2005:708 gpdf-0:2.8.2-4.4 https://www.cve.org/CVERecord?id=CVE-2005-2097 https://nvd.nist.gov/vuln/detail/CVE-2005-2097 Important 2005-08-04T00:00:00 security flaw

The KEYCTL_JOIN_SESSION_KEYRING operation in the Linux kernel before 2.6.12.5 contains an error path that does not properly release the session management semaphore, which allows local users or remote attackers to cause a denial of service (semaphore hang) via a new session keyring (1) with an empty name string, (2) with a long name string, (3) with the key quota reached, or (4) ENOMEM.

Red Hat Enterprise Linux 4 2005-10-05T00:00:00 RHSA-2005:514 kernel-0:2.6.9-22.EL https://www.cve.org/CVERecord?id=CVE-2005-2098 https://nvd.nist.gov/vuln/detail/CVE-2005-2098 Important 2005-08-04T00:00:00 security flaw

The Linux kernel before 2.6.12.5 does not properly destroy a keyring that is not instantiated properly, which allows local users or remote attackers to cause a denial of service (kernel oops) via a keyring with a payload that is not empty, which causes the creation to fail, leading to a null dereference in the keyring destructor.

Red Hat Enterprise Linux 4 2005-10-05T00:00:00 RHSA-2005:514 kernel-0:2.6.9-22.EL https://www.cve.org/CVERecord?id=CVE-2005-2099 https://nvd.nist.gov/vuln/detail/CVE-2005-2099 Important 2005-10-05T00:00:00 security flaw

The rw_vm function in usercopy.c in the 4GB split patch for the Linux kernel in Red Hat Enterprise Linux 4 does not perform proper bounds checking, which allows local users to cause a denial of service (crash).

Red Hat Enterprise Linux 4 2005-10-05T00:00:00 RHSA-2005:514 kernel-0:2.6.9-22.EL https://www.cve.org/CVERecord?id=CVE-2005-2100 https://nvd.nist.gov/vuln/detail/CVE-2005-2100 Low 2005-08-08T00:00:00 security flaw

The AIM/ICQ module in Gaim before 1.5.0 allows remote attackers to cause a denial of service (application crash) via a filename that contains invalid UTF-8 characters.

https://www.cve.org/CVERecord?id=CVE-2005-2102 https://nvd.nist.gov/vuln/detail/CVE-2005-2102 Critical 2005-08-08T00:00:00 security flaw

Buffer overflow in the AIM and ICQ module in Gaim before 1.5.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an away message with a large number of AIM substitution strings, such as %t or %n.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2005-08-10T00:00:00 RHSA-2005:589 Red Hat Enterprise Linux ES version 2.1 2005-08-10T00:00:00 RHSA-2005:589 Red Hat Enterprise Linux WS version 2.1 2005-08-10T00:00:00 RHSA-2005:589 Red Hat Linux Advanced Workstation 2.1 2005-08-10T00:00:00 RHSA-2005:589 https://www.cve.org/CVERecord?id=CVE-2005-2103 https://nvd.nist.gov/vuln/detail/CVE-2005-2103 Low 2005-08-09T00:00:00 security flaw

sysreport before 1.3.7 allows local users to obtain sensitive information via a symlink attack on a temporary directory.

Red Hat Enterprise Linux 3 2005-08-09T00:00:00 RHSA-2005:598 sysreport-0:1.3.7.2-9 https://www.cve.org/CVERecord?id=CVE-2005-2104 https://nvd.nist.gov/vuln/detail/CVE-2005-2104 Moderate 2005-06-29T00:00:00 security flaw

Mozilla 1.7.8, Firefox 1.0.4, Camino 0.8.4, Netscape 8.0.2, and K-Meleon 0.9, and possibly other products that use the Gecko engine, allow remote attackers to cause a denial of service (application crash) via JavaScript that repeatedly calls an empty function.

Red Hat Enterprise Linux 4 2005-07-21T00:00:00 RHSA-2005:586 firefox-0:1.0.6-1.4.1 Red Hat Enterprise Linux 4 2005-07-22T00:00:00 RHSA-2005:587 devhelp-0:0.9.2-2.4.6 https://www.cve.org/CVERecord?id=CVE-2005-2114 https://nvd.nist.gov/vuln/detail/CVE-2005-2114 Low 2005-07-01T00:00:00 security flaw

Net-SNMP 5.0.x before 5.0.10.2, 5.2.x before 5.2.1.2, and 5.1.3, when net-snmp is using stream sockets such as TCP, allows remote attackers to cause a denial of service (daemon hang and CPU consumption) via a TCP packet of length 1, which triggers an infinite loop.

Red Hat Enterprise Linux 3 2005-09-28T00:00:00 RHSA-2005:373 net-snmp-0:5.0.9-2.30E.19 Red Hat Enterprise Linux 4 2005-10-05T00:00:00 RHSA-2005:395 net-snmp-0:5.1.2-11.EL4.6 Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2005-08-09T00:00:00 RHSA-2005:720 Red Hat Enterprise Linux ES version 2.1 2005-08-09T00:00:00 RHSA-2005:720 Red Hat Enterprise Linux WS version 2.1 2005-08-09T00:00:00 RHSA-2005:720 Red Hat Linux Advanced Workstation 2.1 2005-08-09T00:00:00 RHSA-2005:720 https://www.cve.org/CVERecord?id=CVE-2005-2177 https://nvd.nist.gov/vuln/detail/CVE-2005-2177 Moderate 2005-07-12T00:00:00 security flaw

The browser user interface in Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 and 7.2 does not properly distinguish between user-generated events and untrusted synthetic events, which makes it easier for remote attackers to perform dangerous actions that normally could only be performed manually by the user.

Red Hat Enterprise Linux 4 2005-07-21T00:00:00 RHSA-2005:586 firefox-0:1.0.6-1.4.1 Red Hat Enterprise Linux 4 2005-07-22T00:00:00 RHSA-2005:587 devhelp-0:0.9.2-2.4.6 https://www.cve.org/CVERecord?id=CVE-2005-2260 https://nvd.nist.gov/vuln/detail/CVE-2005-2260 Low 2005-07-12T00:00:00 security flaw

Firefox before 1.0.5, Thunderbird before 1.0.5, Mozilla before 1.7.9, Netscape 8.0.2, and K-Meleon 0.9 runs XBL scripts even when Javascript has been disabled, which makes it easier for remote attackers to bypass such protection.

Red Hat Enterprise Linux 4 2005-07-21T00:00:00 RHSA-2005:586 firefox-0:1.0.6-1.4.1 Red Hat Enterprise Linux 4 2005-07-22T00:00:00 RHSA-2005:587 devhelp-0:0.9.2-2.4.6 Red Hat Enterprise Linux 4 2005-07-21T00:00:00 RHSA-2005:601 thunderbird-0:1.0.6-1.4.1 https://www.cve.org/CVERecord?id=CVE-2005-2261 https://nvd.nist.gov/vuln/detail/CVE-2005-2261 Moderate 2005-07-12T00:00:00 security flaw

Firefox 1.0.3 and 1.0.4, and Netscape 8.0.2, allows remote attackers to execute arbitrary code by tricking the user into using the "Set As Wallpaper" (in Firefox) or "Set as Background" (in Netscape) context menu on an image URL that is really a javascript: URL with an eval statement, aka "Firewalling."

Red Hat Enterprise Linux 4 2005-07-21T00:00:00 RHSA-2005:586 firefox-0:1.0.6-1.4.1 https://www.cve.org/CVERecord?id=CVE-2005-2262 https://nvd.nist.gov/vuln/detail/CVE-2005-2262 Moderate 2005-07-12T00:00:00 security flaw

The InstallTrigger.install method in Firefox before 1.0.5 and Mozilla before 1.7.9 allows remote attackers to execute a callback function in the context of another domain by forcing a page navigation after the install method has been called, which causes the callback to be run in the context of the new page and results in a same origin violation.

Red Hat Enterprise Linux 4 2005-07-21T00:00:00 RHSA-2005:586 firefox-0:1.0.6-1.4.1 Red Hat Enterprise Linux 4 2005-07-22T00:00:00 RHSA-2005:587 devhelp-0:0.9.2-2.4.6 https://www.cve.org/CVERecord?id=CVE-2005-2263 https://nvd.nist.gov/vuln/detail/CVE-2005-2263 Important 2005-07-12T00:00:00 security flaw

Firefox before 1.0.5 allows remote attackers to steal sensitive information by opening a malicious link in the Firefox sidebar using the _search target, then injecting script into other pages via a data: URL.

Red Hat Enterprise Linux 4 2005-07-21T00:00:00 RHSA-2005:586 firefox-0:1.0.6-1.4.1 https://www.cve.org/CVERecord?id=CVE-2005-2264 https://nvd.nist.gov/vuln/detail/CVE-2005-2264 Important 2005-07-12T00:00:00 security flaw

Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 and 7.2 allows remote attackers to cause a denial of service (access violation and crash), and possibly execute arbitrary code, by calling InstallVersion.compareTo with an object instead of a string.

Red Hat Enterprise Linux 4 2005-07-21T00:00:00 RHSA-2005:586 firefox-0:1.0.6-1.4.1 Red Hat Enterprise Linux 4 2005-07-22T00:00:00 RHSA-2005:587 devhelp-0:0.9.2-2.4.6 Red Hat Enterprise Linux 4 2005-07-21T00:00:00 RHSA-2005:601 thunderbird-0:1.0.6-1.4.1 https://www.cve.org/CVERecord?id=CVE-2005-2265 https://nvd.nist.gov/vuln/detail/CVE-2005-2265 Moderate 2005-07-12T00:00:00 security flaw

Firefox before 1.0.5 and Mozilla before 1.7.9 allows a child frame to call top.focus and other methods in a parent frame, even when the parent is in a different domain, which violates the same origin policy and allows remote attackers to steal sensitive information such as cookies and passwords from web sites whose child frames do not verify that they are in the same domain as their parents.

Red Hat Enterprise Linux 4 2005-07-21T00:00:00 RHSA-2005:586 firefox-0:1.0.6-1.4.1 Red Hat Enterprise Linux 4 2005-07-22T00:00:00 RHSA-2005:587 devhelp-0:0.9.2-2.4.6 Red Hat Enterprise Linux 4 2005-07-21T00:00:00 RHSA-2005:601 thunderbird-0:1.0.6-1.4.1 https://www.cve.org/CVERecord?id=CVE-2005-2266 https://nvd.nist.gov/vuln/detail/CVE-2005-2266 Moderate 2005-07-12T00:00:00 security flaw

Firefox before 1.0.5 allows remote attackers to steal information and possibly execute arbitrary code by using standalone applications such as Flash and QuickTime to open a javascript: URL, which is run in the context of the previous page, and may lead to code execution if the standalone application loads a privileged chrome: URL.

Red Hat Enterprise Linux 4 2005-07-21T00:00:00 RHSA-2005:586 firefox-0:1.0.6-1.4.1 Red Hat Enterprise Linux 4 2005-07-22T00:00:00 RHSA-2005:587 devhelp-0:0.9.2-2.4.6 https://www.cve.org/CVERecord?id=CVE-2005-2267 https://nvd.nist.gov/vuln/detail/CVE-2005-2267 Low 2005-06-07T00:00:00 security flaw

Firefox before 1.0.5 and Mozilla before 1.7.9 does not clearly associate a Javascript dialog box with the web page that generated it, which allows remote attackers to spoof a dialog box from a trusted site and facilitates phishing attacks, aka the "Dialog Origin Spoofing Vulnerability."

Red Hat Enterprise Linux 4 2005-07-21T00:00:00 RHSA-2005:586 firefox-0:1.0.6-1.4.1 Red Hat Enterprise Linux 4 2005-07-22T00:00:00 RHSA-2005:587 devhelp-0:0.9.2-2.4.6 https://www.cve.org/CVERecord?id=CVE-2005-2268 https://nvd.nist.gov/vuln/detail/CVE-2005-2268 Moderate 2005-07-12T00:00:00 security flaw

Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 does not properly verify the associated types of DOM node names within the context of their namespaces, which allows remote attackers to modify certain tag properties, possibly leading to execution of arbitrary script or code, as demonstrated using an XHTML document with IMG tags with custom properties ("XHTML node spoofing").

Red Hat Enterprise Linux 4 2005-07-21T00:00:00 RHSA-2005:586 firefox-0:1.0.6-1.4.1 Red Hat Enterprise Linux 4 2005-07-22T00:00:00 RHSA-2005:587 devhelp-0:0.9.2-2.4.6 Red Hat Enterprise Linux 4 2005-07-21T00:00:00 RHSA-2005:601 thunderbird-0:1.0.6-1.4.1 https://www.cve.org/CVERecord?id=CVE-2005-2269 https://nvd.nist.gov/vuln/detail/CVE-2005-2269 Important 2005-07-12T00:00:00 security flaw

Firefox before 1.0.5 and Mozilla before 1.7.9 does not properly clone base objects, which allows remote attackers to execute arbitrary code by navigating the prototype chain to reach a privileged object.

Red Hat Enterprise Linux 4 2005-07-21T00:00:00 RHSA-2005:586 firefox-0:1.0.6-1.4.1 Red Hat Enterprise Linux 4 2005-07-22T00:00:00 RHSA-2005:587 devhelp-0:0.9.2-2.4.6 Red Hat Enterprise Linux 4 2005-07-21T00:00:00 RHSA-2005:601 thunderbird-0:1.0.6-1.4.1 https://www.cve.org/CVERecord?id=CVE-2005-2270 https://nvd.nist.gov/vuln/detail/CVE-2005-2270 Important 2005-07-21T00:00:00 security flaw

Buffer overflow in the POP3 client in Fetchmail before 6.2.5.2 allows remote POP3 servers to cause a denial of service and possibly execute arbitrary code via long UIDL responses. NOTE: a typo in an advisory accidentally used the wrong CVE identifier for the Fetchmail issue. This is the correct identifier.

Red Hat Enterprise Linux 3 2005-07-25T00:00:00 RHSA-2005:640 fetchmail-0:6.2.0-3.el3.2 Red Hat Enterprise Linux 4 2005-07-25T00:00:00 RHSA-2005:640 fetchmail-0:6.2.5-6.el4.2 https://www.cve.org/CVERecord?id=CVE-2005-2335 https://nvd.nist.gov/vuln/detail/CVE-2005-2335 Moderate 2005-09-23T00:00:00 security flaw

Ruby 1.6.x up to 1.6.8, 1.8.x up to 1.8.2, and 1.9.0 development up to 2005-09-01 allows attackers to bypass safe level and taint flag protections and execute disallowed code when Ruby processes a program through standard input (stdin).

Red Hat Enterprise Linux 3 2005-10-11T00:00:00 RHSA-2005:799 ruby-0:1.6.8-9.EL3.4 Red Hat Enterprise Linux 4 2005-10-11T00:00:00 RHSA-2005:799 ruby-0:1.8.1-7.EL4.2 https://www.cve.org/CVERecord?id=CVE-2005-2337 https://nvd.nist.gov/vuln/detail/CVE-2005-2337 Low 2005-05-30T00:00:00 mutt: denial of service via a series of requests to temporary files 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CWE-377

Mutt before 1.5.20 patch 7 allows an attacker to cause a denial of service via a series of requests to mutt temporary files.

An insecure temporary file vulnerability was found in the way mutt created temporary files under /tmp. Specifically, mutt created temporary files in an insecure way, using only predictable elements such as the hostname, user ID (uid) and process ID (pid). A local attacker could exploit this flaw to create those temporary files beforehand, causing a denial of service by preventing the user from using mutt.

This flaw does not affect versions of mutt as shipped with Red Hat Enterprise Linux 7 and 8 as they already include the patch. Red Hat Enterprise Linux 5 Out of support scope mutt Red Hat Enterprise Linux 6 Out of support scope mutt Red Hat Enterprise Linux 7 Not affected mutt Red Hat Enterprise Linux 8 Not affected mutt https://www.cve.org/CVERecord?id=CVE-2005-2351 https://nvd.nist.gov/vuln/detail/CVE-2005-2351 Low 2005-07-27T00:00:00 security flaw

Unknown vulnerability in the LDAP dissector in Ethereal 0.8.5 through 0.10.11 allows remote attackers to cause a denial of service (free static memory and application crash) via unknown attack vectors.

Red Hat Enterprise Linux 3 2005-08-10T00:00:00 RHSA-2005:687 ethereal-0:0.10.12-1.EL3.1 https://www.cve.org/CVERecord?id=CVE-2005-2360 https://nvd.nist.gov/vuln/detail/CVE-2005-2360 Low 2005-07-27T00:00:00 security flaw

Unknown vulnerability in the (1) AgentX dissector, (2) PER dissector, (3) DOCSIS dissector, (4) SCTP graphs, (5) HTTP dissector, (6) DCERPC, (7) DHCP, (8) RADIUS dissector, (9) Telnet dissector, (10) IS-IS LSP dissector, or (11) NCP dissector in Ethereal 0.8.19 through 0.10.11 allows remote attackers to cause a denial of service (application crash or abort) via unknown attack vectors.

Red Hat Enterprise Linux 3 2005-08-10T00:00:00 RHSA-2005:687 ethereal-0:0.10.12-1.EL3.1 https://www.cve.org/CVERecord?id=CVE-2005-2361 https://nvd.nist.gov/vuln/detail/CVE-2005-2361 Low 2005-07-27T00:00:00 security flaw

Unknown vulnerability several dissectors in Ethereal 0.9.0 through 0.10.11 allows remote attackers to cause a denial of service (application crash) by reassembling certain packets.

Red Hat Enterprise Linux 3 2005-08-10T00:00:00 RHSA-2005:687 ethereal-0:0.10.12-1.EL3.1 https://www.cve.org/CVERecord?id=CVE-2005-2362 https://nvd.nist.gov/vuln/detail/CVE-2005-2362 Low 2005-07-27T00:00:00 security flaw

Unknown vulnerability in the (1) SMPP dissector, (2) 802.3 dissector, (3) DHCP, (4) MEGACO dissector, or (5) H1 dissector in Ethereal 0.8.15 through 0.10.11 allows remote attackers to cause a denial of service (infinite loop) via unknown attack vectors.

Red Hat Enterprise Linux 3 2005-08-10T00:00:00 RHSA-2005:687 ethereal-0:0.10.12-1.EL3.1 https://www.cve.org/CVERecord?id=CVE-2005-2363 https://nvd.nist.gov/vuln/detail/CVE-2005-2363 Low 2005-07-27T00:00:00 security flaw

Unknown vulnerability in the (1) GIOP dissector, (2) WBXML, or (3) CAMEL dissector in Ethereal 0.8.20 through 0.10.11 allows remote attackers to cause a denial of service (application crash) via certain packets that cause a null pointer dereference.

Red Hat Enterprise Linux 3 2005-08-10T00:00:00 RHSA-2005:687 ethereal-0:0.10.12-1.EL3.1 https://www.cve.org/CVERecord?id=CVE-2005-2364 https://nvd.nist.gov/vuln/detail/CVE-2005-2364 Moderate 2005-07-27T00:00:00 security flaw

Unknown vulnerability in the SMB dissector in Ethereal 0.9.0 through 0.10.11 allows remote attackers to cause a buffer overflow or a denial of service (memory consumption) via unknown attack vectors.

Red Hat Enterprise Linux 3 2005-08-10T00:00:00 RHSA-2005:687 ethereal-0:0.10.12-1.EL3.1 https://www.cve.org/CVERecord?id=CVE-2005-2365 https://nvd.nist.gov/vuln/detail/CVE-2005-2365 Low 2005-07-27T00:00:00 security flaw

Unknown vulnerability in the BER dissector in Ethereal 0.10.11 allows remote attackers to cause a denial of service (abort or infinite loop) via unknown attack vectors.

Red Hat Enterprise Linux 3 2005-08-10T00:00:00 RHSA-2005:687 ethereal-0:0.10.12-1.EL3.1 https://www.cve.org/CVERecord?id=CVE-2005-2366 https://nvd.nist.gov/vuln/detail/CVE-2005-2366 Moderate 2005-07-27T00:00:00 security flaw

Format string vulnerability in the proto_item_set_text function in Ethereal 0.9.4 through 0.10.11, as used in multiple dissectors, allows remote attackers to write to arbitrary memory locations and gain privileges via a crafted AFP packet.

Red Hat Enterprise Linux 3 2005-08-10T00:00:00 RHSA-2005:687 ethereal-0:0.10.12-1.EL3.1 https://www.cve.org/CVERecord?id=CVE-2005-2367 https://nvd.nist.gov/vuln/detail/CVE-2005-2367 Low 2005-07-25T00:00:00 security flaw

vim 6.3 before 6.3.082, with modelines enabled, allows external user-assisted attackers to execute arbitrary commands via shell metacharacters in the (1) glob or (2) expand commands of a foldexpr expression for calculating fold levels.

Red Hat Enterprise Linux 3 2005-08-22T00:00:00 RHSA-2005:745 vim-1:6.3.046-0.30E.4 Red Hat Enterprise Linux 4 2005-08-22T00:00:00 RHSA-2005:745 vim-1:6.3.046-0.40E.7 https://www.cve.org/CVERecord?id=CVE-2005-2368 https://nvd.nist.gov/vuln/detail/CVE-2005-2368 Important 2005-07-21T00:00:00 security flaw

Multiple integer signedness errors in libgadu, as used in ekg before 1.6rc2 and other packages, may allow remote attackers to cause a denial of service or execute arbitrary code.

Red Hat Enterprise Linux 4 2005-07-22T00:00:00 RHSA-2005:639 kdenetwork-7:3.3.1-2.3 https://www.cve.org/CVERecord?id=CVE-2005-2369 https://nvd.nist.gov/vuln/detail/CVE-2005-2369 Low 2005-07-21T00:00:00 security flaw

Multiple "memory alignment errors" in libgadu, as used in ekg before 1.6rc2, Gaim before 1.5.0, and other packages, allows remote attackers to cause a denial of service (bus error) on certain architectures such as SPARC via an incoming message.

Red Hat Enterprise Linux 4 2005-07-22T00:00:00 RHSA-2005:639 kdenetwork-7:3.3.1-2.3 https://www.cve.org/CVERecord?id=CVE-2005-2370 https://nvd.nist.gov/vuln/detail/CVE-2005-2370 Low 2004-01-17T00:00:00 firefox: Does not choose the challenge with the strongest authentication scheme available as required by RFC2617 2.6 AV:N/AC:H/Au:N/C:P/I:N/A:N

Mozilla Firefox 1.0.4 and 1.0.5 does not choose the challenge with the strongest authentication scheme available as required by RFC2617, which might cause credentials to be sent in plaintext even if an encrypted channel is available.

Red Hat Enterprise Linux 5 Affected firefox Red Hat Enterprise Linux 6 Affected firefox https://www.cve.org/CVERecord?id=CVE-2005-2395 https://nvd.nist.gov/vuln/detail/CVE-2005-2395 Important 2005-07-21T00:00:00 security flaw

Multiple "endianness errors" in libgadu in ekg before 1.6rc2 allow remote attackers to cause a denial of service (invalid behavior in applications) on big-endian systems.

Red Hat Enterprise Linux 4 2005-07-22T00:00:00 RHSA-2005:639 kdenetwork-7:3.3.1-2.3 https://www.cve.org/CVERecord?id=CVE-2005-2448 https://nvd.nist.gov/vuln/detail/CVE-2005-2448 Important 2005-07-25T00:00:00 security flaw

Array index overflow in the xfrm_sk_policy_insert function in xfrm_user.c in Linux kernel 2.6 allows local users to cause a denial of service (oops or deadlock) and possibly execute arbitrary code via a p->dir value that is larger than XFRM_POLICY_OUT, which is used as an index in the sock->sk_policy array.

Red Hat Enterprise Linux 3 2005-09-28T00:00:00 RHSA-2005:663 kernel-0:2.4.21-37.EL Red Hat Enterprise Linux 4 2005-10-05T00:00:00 RHSA-2005:514 kernel-0:2.6.9-22.EL https://www.cve.org/CVERecord?id=CVE-2005-2456 https://nvd.nist.gov/vuln/detail/CVE-2005-2456 Low 1999-06-25T00:00:00 security flaw

inflate.c in the zlib routines in the Linux kernel before 2.6.12.5 allows remote attackers to cause a denial of service (kernel crash) via a compressed file with "improper tables".

Red Hat Enterprise Linux 3 2006-03-15T00:00:00 RHSA-2006:0144 kernel-0:2.4.21-40.EL Red Hat Enterprise Linux 4 2006-01-17T00:00:00 RHSA-2006:0101 kernel-0:2.6.9-22.0.2.EL Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2006-02-01T00:00:00 RHSA-2006:0190 Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2006-02-01T00:00:00 RHSA-2006:0191 Red Hat Enterprise Linux ES version 2.1 2006-02-01T00:00:00 RHSA-2006:0191 Red Hat Enterprise Linux WS version 2.1 2006-02-01T00:00:00 RHSA-2006:0191 Red Hat Linux Advanced Workstation 2.1 2006-02-01T00:00:00 RHSA-2006:0190 https://www.cve.org/CVERecord?id=CVE-2005-2458 https://nvd.nist.gov/vuln/detail/CVE-2005-2458 Critical 2005-08-16T00:00:00 security flaw

Buffer overflow in a "core application plug-in" for Adobe Reader 5.1 through 7.0.2 and Acrobat 5.0 through 7.0.2 allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors.

Red Hat Desktop version 3 Extras 2005-08-16T00:00:00 RHSA-2005:750 Red Hat Desktop version 4 Extras 2005-08-16T00:00:00 RHSA-2005:750 https://www.cve.org/CVERecord?id=CVE-2005-2470 https://nvd.nist.gov/vuln/detail/CVE-2005-2470 Low 2005-07-24T00:00:00 security flaw

pstopnm in netpbm does not properly use the "-dSAFER" option when calling Ghostscript to convert a PostScript file into a (1) PBM, (2) PGM, or (3) PNM file, which allows external user-assisted attackers to execute arbitrary commands.

Red Hat Enterprise Linux 3 2005-08-22T00:00:00 RHSA-2005:743 netpbm-0:9.24-11.30.2 Red Hat Enterprise Linux 4 2005-08-22T00:00:00 RHSA-2005:743 netpbm-0:10.25-2.EL4.1 https://www.cve.org/CVERecord?id=CVE-2005-2471 https://nvd.nist.gov/vuln/detail/CVE-2005-2471 Low 2005-08-02T00:00:00 security flaw

Race condition in Unzip 5.52 allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by Unzip after the decompression is complete.

This issue was addressed in unzip packages as shipped with Red Hat Enterprise Linux 3 and 4 via RHBA-2007:0418 and RHSA-2007:0203 respectively. Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Red Hat Enterprise Linux 3 2007-07-11T00:00:00 RHBA-2007:0418 unzip-0:5.50-35.EL3 Red Hat Enterprise Linux 4 2007-05-01T00:00:00 RHSA-2007:0203 unzip-0:5.51-9.EL4.5 https://www.cve.org/CVERecord?id=CVE-2005-2475 https://nvd.nist.gov/vuln/detail/CVE-2005-2475 Important 2005-09-08T00:00:00 security flaw

Stack-based buffer overflow in the sendmsg function call in the Linux kernel 2.6 before 2.6.13.1 allows local users to execute arbitrary code by calling sendmsg and modifying the message contents in another thread.

Red Hat Enterprise Linux 3 2005-09-28T00:00:00 RHSA-2005:663 kernel-0:2.4.21-37.EL Red Hat Enterprise Linux 4 2005-10-05T00:00:00 RHSA-2005:514 kernel-0:2.6.9-22.EL https://www.cve.org/CVERecord?id=CVE-2005-2490 https://nvd.nist.gov/vuln/detail/CVE-2005-2490 Moderate 2005-08-01T00:00:00 pcre heap overflow

Integer overflow in pcre_compile.c in Perl Compatible Regular Expressions (PCRE) before 6.2, as used in multiple products such as Python, Ethereal, and PHP, allows attackers to execute arbitrary code via quantifier values in regular expressions, which leads to a heap-based buffer overflow.

Red Hat Enterprise Linux 3 2005-09-08T00:00:00 RHSA-2005:761 pcre-0:3.9-10.2 Red Hat Enterprise Linux 3 2006-03-09T00:00:00 RHSA-2006:0197 python-0:2.2.3-6.2 Red Hat Enterprise Linux 4 2005-09-08T00:00:00 RHSA-2005:358 exim-0:4.43-1.RHEL4.5 Red Hat Enterprise Linux 4 2005-09-08T00:00:00 RHSA-2005:761 pcre-0:4.5-3.2.RHEL4 Red Hat Enterprise Linux 4 2006-03-09T00:00:00 RHSA-2006:0197 python-0:2.3.4-14.2 https://www.cve.org/CVERecord?id=CVE-2005-2491 https://nvd.nist.gov/vuln/detail/CVE-2005-2491 Important 2005-09-09T00:00:00 security flaw

The raw_sendmsg function in the Linux kernel 2.6 before 2.6.13.1 allows local users to cause a denial of service (change hardware state) or read from arbitrary memory via crafted input.

Red Hat Enterprise Linux 4 2005-10-05T00:00:00 RHSA-2005:514 kernel-0:2.6.9-22.EL https://www.cve.org/CVERecord?id=CVE-2005-2492 https://nvd.nist.gov/vuln/detail/CVE-2005-2492 Low 2005-09-05T00:00:00 security flaw

kcheckpass in KDE 3.2.0 up to 3.4.2 allows local users to gain root access via a symlink attack on lock files.

Red Hat Enterprise Linux 4 2006-08-10T00:00:00 RHSA-2006:0582 kdebase-6:3.3.1-5.13 https://www.cve.org/CVERecord?id=CVE-2005-2494 https://nvd.nist.gov/vuln/detail/CVE-2005-2494 Important 2005-09-08T00:00:00 security flaw

Multiple integer overflows in XFree86 before 4.3.0 allow user-assisted attackers to execute arbitrary code via a crafted pixmap image.

Red Hat Enterprise Linux 3 2005-09-15T00:00:00 RHSA-2005:501 XFree86-0:4.3.0-95.EL Red Hat Enterprise Linux 4 2005-09-13T00:00:00 RHSA-2005:396 xorg-x11-0:6.8.2-1.EL.13.16 Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2005-09-12T00:00:00 RHSA-2005:329 Red Hat Enterprise Linux ES version 2.1 2005-09-12T00:00:00 RHSA-2005:329 Red Hat Enterprise Linux WS version 2.1 2005-09-12T00:00:00 RHSA-2005:329 Red Hat Linux Advanced Workstation 2.1 2005-09-12T00:00:00 RHSA-2005:329 https://www.cve.org/CVERecord?id=CVE-2005-2495 https://nvd.nist.gov/vuln/detail/CVE-2005-2495 Low 2005-08-25T00:00:00 security flaw

The xntpd ntp (ntpd) daemon before 4.2.0b, when run with the -u option and using a string to specify the group, uses the group ID of the user instead of the group, which causes xntpd to run with different privileges than intended.

Red Hat Enterprise Linux 4 2006-08-10T00:00:00 RHSA-2006:0393 ntp-0:4.2.0.a.20040617-4.EL4.1 https://www.cve.org/CVERecord?id=CVE-2005-2496 https://nvd.nist.gov/vuln/detail/CVE-2005-2496 Important 2005-08-14T00:00:00 security flaw

Eval injection vulnerability in PHPXMLRPC 1.1.1 and earlier (PEAR XML-RPC for PHP), as used in multiple products including (1) Drupal, (2) phpAdsNew, (3) phpPgAds, and (4) phpgroupware, allows remote attackers to execute arbitrary PHP code via certain nested XML tags in a PHP document that should not be nested, which are injected into an eval function call, a different vulnerability than CVE-2005-1921.

Red Hat Enterprise Linux 3 2005-08-19T00:00:00 RHSA-2005:748 php-0:4.3.2-25.ent Red Hat Enterprise Linux 4 2005-08-19T00:00:00 RHSA-2005:748 php-0:4.3.9-3.8 https://www.cve.org/CVERecord?id=CVE-2005-2498 https://nvd.nist.gov/vuln/detail/CVE-2005-2498 Low 2005-08-12T00:00:00 security flaw

slocate before 2.7 does not properly process very long paths, which allows local users to cause a denial of service (updatedb exit and incomplete slocate database) via a certain crafted directory structure.

Red Hat Enterprise Linux 3 2005-09-28T00:00:00 RHSA-2005:345 slocate-0:2.7-3.RHEL3.6 Red Hat Enterprise Linux 4 2005-10-05T00:00:00 RHSA-2005:346 slocate-0:2.7-13.el4.6 Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2005-08-22T00:00:00 RHSA-2005:747 Red Hat Enterprise Linux ES version 2.1 2005-08-22T00:00:00 RHSA-2005:747 Red Hat Enterprise Linux WS version 2.1 2005-08-22T00:00:00 RHSA-2005:747 Red Hat Linux Advanced Workstation 2.1 2005-08-22T00:00:00 RHSA-2005:747 https://www.cve.org/CVERecord?id=CVE-2005-2499 https://nvd.nist.gov/vuln/detail/CVE-2005-2499 Moderate 2005-08-04T00:00:00 tar: does not properly warn the user when extracting setuid or setgid files 7.0 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Tar 1.15.1 does not properly warn the user when extracting setuid or setgid files, which may allow local users or remote attackers to gain privileges.

A flaw was found in tar utility that can allow the root user to extract files with preserved setuid and setgid permissions without any warning. This behavior can lead to the creation of malicious setuid executables owned by root from a crafted tar file, posing significant security risks.

Currently, there are no plans to change tar behaviour to strip setuid and setgid bits when extracting archives. This vulnerability is considered moderate rather than important because the exploitation scenario requires specific conditions: the `tar` extraction must be performed by the root user, and the tarball itself must be crafted maliciously with setuid or setgid bits. In typical use cases, users do not routinely extract untrusted tar files as root, reducing the likelihood of exploitation. Additionally, non-root extractions do not preserve these bits unless explicitly requested with the `-p` option. To mitigate the risks associated with this vulnerability, avoid extracting tar files as the root user, especially when dealing with untrusted sources. Instead, perform extractions as a non-root user or in a restricted environment. Use a dedicated, empty directory for extracting archives to prevent accidental exposure of sensitive files. After extraction, review the file permissions to check for unexpected setuid or setgid bits before granting access. When extraction as root is necessary, use the --no-same-permissions option to prevent preserving the setuid and setgid bits. Red Hat Enterprise Linux 10 Will not fix tar Red Hat Enterprise Linux 6 Will not fix tar Red Hat Enterprise Linux 7 Will not fix tar Red Hat Enterprise Linux 8 Will not fix tar Red Hat Enterprise Linux 9 Will not fix tar https://www.cve.org/CVERecord?id=CVE-2005-2541 https://nvd.nist.gov/vuln/detail/CVE-2005-2541

security.c in hcid for BlueZ 2.16, 2.17, and 2.18 allows remote attackers to execute arbitrary commands via shell metacharacters in the Bluetooth device name when invoking the PIN helper.

Not vulnerable. These issues did not affect the version of BlueZ as shipped with Red Hat Enterprise Linux 4. https://www.cve.org/CVERecord?id=CVE-2005-2547 https://nvd.nist.gov/vuln/detail/CVE-2005-2547 Important 2005-08-10T00:00:00 security flaw

Multiple format string vulnerabilities in Evolution 1.5 through 2.3.6.1 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) full vCard data, (2) contact data from remote LDAP servers, or (3) task list data from remote servers.

Red Hat Enterprise Linux 3 2005-08-29T00:00:00 RHSA-2005:267 evolution-0:1.4.5-16 Red Hat Enterprise Linux 4 2005-08-29T00:00:00 RHSA-2005:267 evolution-0:2.0.2-16.3 https://www.cve.org/CVERecord?id=CVE-2005-2549 https://nvd.nist.gov/vuln/detail/CVE-2005-2549 Moderate 2005-08-10T00:00:00 security flaw

Format string vulnerability in Evolution 1.4 through 2.3.6.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the calendar entries such as task lists, which are not properly handled when the user selects the Calendars tab.

Red Hat Enterprise Linux 3 2005-08-29T00:00:00 RHSA-2005:267 evolution-0:1.4.5-16 Red Hat Enterprise Linux 4 2005-08-29T00:00:00 RHSA-2005:267 evolution-0:2.0.2-16.3 https://www.cve.org/CVERecord?id=CVE-2005-2550 https://nvd.nist.gov/vuln/detail/CVE-2005-2550 Important 2005-01-06T00:00:00 security flaw

The find_target function in ptrace32.c in the Linux kernel 2.4.x before 2.4.29 does not properly handle a NULL return value from another function, which allows local users to cause a denial of service (kernel crash/oops) by running a 32-bit ltrace program with the -i option on a 64-bit executable program.

Red Hat Enterprise Linux 3 2005-09-28T00:00:00 RHSA-2005:663 kernel-0:2.4.21-37.EL https://www.cve.org/CVERecord?id=CVE-2005-2553 https://nvd.nist.gov/vuln/detail/CVE-2005-2553 Important 2005-08-06T00:00:00 security flaw

Linux kernel 2.6.x does not properly restrict socket policy access to users with the CAP_NET_ADMIN capability, which could allow local users to conduct unauthorized activities via (1) ipv4/ip_sockglue.c and (2) ipv6/ipv6_sockglue.c.

Red Hat Enterprise Linux 3 2005-09-28T00:00:00 RHSA-2005:663 kernel-0:2.4.21-37.EL Red Hat Enterprise Linux 4 2005-10-05T00:00:00 RHSA-2005:514 kernel-0:2.6.9-22.EL https://www.cve.org/CVERecord?id=CVE-2005-2555 https://nvd.nist.gov/vuln/detail/CVE-2005-2555 Critical 2005-11-04T00:00:00 security flaw

Macromedia Flash 6 and 7 (Flash.ocx) allows remote attackers to execute arbitrary code via a SWF file with a modified frame type identifier that is used as an out-of-bounds array index to a function pointer.

Red Hat Desktop version 3 Extras 2005-11-09T00:00:00 RHSA-2005:835 Red Hat Desktop version 4 Extras 2005-11-09T00:00:00 RHSA-2005:835 https://www.cve.org/CVERecord?id=CVE-2005-2628 https://nvd.nist.gov/vuln/detail/CVE-2005-2628 Critical 2005-11-10T00:00:00 security flaw

Integer overflow in RealNetworks RealPlayer 8, 10, and 10.5, RealOne Player 1 and 2, and Helix Player 10.0.0 allows remote attackers to execute arbitrary code via an .rm movie file with a large value in the length field of the first data packet, which leads to a stack-based buffer overflow, a different vulnerability than CVE-2004-1481.

Red Hat Desktop version 3 Extras 2005-09-27T00:00:00 RHSA-2005:762 Red Hat Desktop version 4 Extras 2005-09-27T00:00:00 RHSA-2005:762 Red Hat Enterprise Linux 4 2005-09-27T00:00:00 RHSA-2005:788 HelixPlayer-1:1.0.6-0.EL4.1 https://www.cve.org/CVERecord?id=CVE-2005-2629 https://nvd.nist.gov/vuln/detail/CVE-2005-2629 Low 2005-08-22T00:00:00 security flaw

Unknown vulnerability in pam_ldap before 180 does not properly handle a new password policy control, which could allow attackers to gain privileges. NOTE: CVE-2005-2497 had also been assigned to this issue, but CVE-2005-2641 is the correct candidate.

Red Hat Enterprise Linux 4 2005-10-17T00:00:00 RHSA-2005:767 nss_ldap-0:226-10 Red Hat Enterprise Linux 4 2005-10-17T00:00:00 RHSA-2005:767 openldap-0:2.2.13-4 https://www.cve.org/CVERecord?id=CVE-2005-2641 https://nvd.nist.gov/vuln/detail/CVE-2005-2641

Buffer overflow in the mutt_decode_xbit function in Handler.c for Mutt 1.5.10 allows remote attackers to execute arbitrary code, possibly due to interactions with libiconv or gettext.

Not vulnerable. This issue did not affect the Linux versions of Mutt. https://www.cve.org/CVERecord?id=CVE-2005-2642 https://nvd.nist.gov/vuln/detail/CVE-2005-2642 Critical 2005-08-20T00:00:00 security flaw

Stack-based buffer overflow in expires.c in Elm 2.5 PL5 through PL7, and possibly other versions, allows remote attackers to execute arbitrary code via an e-mail message with a long Expires header.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2005-08-23T00:00:00 RHSA-2005:755 Red Hat Linux Advanced Workstation 2.1 2005-08-23T00:00:00 RHSA-2005:755 https://www.cve.org/CVERecord?id=CVE-2005-2665 https://nvd.nist.gov/vuln/detail/CVE-2005-2665 Low 2005-07-07T00:00:00 openssh vulnerable to known_hosts address harvesting

SSH, as implemented in OpenSSH before 4.0 and possibly other implementations, stores hostnames, IP addresses, and keys in plaintext in the known_hosts file, which makes it easier for an attacker that has compromised an SSH user's account to generate a list of additional targets that are more likely to have the same password or key.

The Red Hat Product Security has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: https://access.redhat.com/security/updates/classification/ Red Hat Enterprise Linux 4 2007-05-01T00:00:00 RHSA-2007:0257 openssh-0:3.9p1-8.RHEL4.20 https://www.cve.org/CVERecord?id=CVE-2005-2666 https://nvd.nist.gov/vuln/detail/CVE-2005-2666 Low 2005-08-14T00:00:00 security flaw

pwmconfig in LM_sensors before 2.9.1 creates temporary files insecurely, which allows local users to overwrite arbitrary files via a symlink attack on the fancontrol temporary file.

Red Hat Enterprise Linux 4 2005-11-10T00:00:00 RHSA-2005:825 lm_sensors-0:2.8.7-2.40.3 https://www.cve.org/CVERecord?id=CVE-2005-2672 https://nvd.nist.gov/vuln/detail/CVE-2005-2672 Low 2005-08-19T00:00:00 security flaw

cvsbug in CVS 1.12.12 and earlier creates temporary files insecurely, which allows local users to overwrite arbitrary files and execute arbitrary code via a symlink attack.

Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Red Hat Enterprise Linux 3 2005-09-06T00:00:00 RHSA-2005:756 cvs-0:1.11.2-28 Red Hat Enterprise Linux 4 2005-09-06T00:00:00 RHSA-2005:756 cvs-0:1.11.17-8.RHEL4 https://www.cve.org/CVERecord?id=CVE-2005-2693 https://nvd.nist.gov/vuln/detail/CVE-2005-2693 Important 2005-08-30T00:00:00 security flaw

ssl_engine_kernel.c in mod_ssl before 2.8.24, when using "SSLVerifyClient optional" in the global virtual host configuration, does not properly enforce "SSLVerifyClient require" in a per-location context, which allows remote attackers to bypass intended access restrictions.

Red Hat Enterprise Linux 3 2005-09-06T00:00:00 RHSA-2005:608 httpd-0:2.0.46-46.3.ent Red Hat Enterprise Linux 4 2005-09-06T00:00:00 RHSA-2005:608 httpd-0:2.0.52-12.2.ent Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2005-09-15T00:00:00 RHSA-2005:773 Red Hat Enterprise Linux ES version 2.1 2005-09-15T00:00:00 RHSA-2005:773 Red Hat Enterprise Linux WS version 2.1 2005-09-15T00:00:00 RHSA-2005:773 Red Hat Linux Advanced Workstation 2.1 2005-09-15T00:00:00 RHSA-2005:773 Red Hat Stronghold 4 2005-12-19T00:00:00 RHSA-2005:882 Stronghold 4.0 for Red Hat Enterprise Linux AS (version 2.1) 2005-11-02T00:00:00 RHSA-2005:816 https://www.cve.org/CVERecord?id=CVE-2005-2700 https://nvd.nist.gov/vuln/detail/CVE-2005-2700 Critical 2005-09-22T00:00:00 security flaw

Heap-based buffer overflow in Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to execute arbitrary code via an XBM image file that ends in a large number of spaces instead of the expected end tag.

Red Hat Enterprise Linux 4 2005-09-22T00:00:00 RHSA-2005:785 firefox-0:1.0.7-1.4.1 Red Hat Enterprise Linux 4 2005-09-22T00:00:00 RHSA-2005:789 devhelp-0:0.9.2-2.4.7 https://www.cve.org/CVERecord?id=CVE-2005-2701 https://nvd.nist.gov/vuln/detail/CVE-2005-2701 Critical 2005-09-22T00:00:00 security flaw

Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via Unicode sequences with "zero-width non-joiner" characters.

Red Hat Enterprise Linux 4 2005-09-22T00:00:00 RHSA-2005:785 firefox-0:1.0.7-1.4.1 Red Hat Enterprise Linux 4 2005-09-22T00:00:00 RHSA-2005:789 devhelp-0:0.9.2-2.4.7 Red Hat Enterprise Linux 4 2005-10-06T00:00:00 RHSA-2005:791 thunderbird-0:1.0.7-1.4.1 https://www.cve.org/CVERecord?id=CVE-2005-2702 https://nvd.nist.gov/vuln/detail/CVE-2005-2702 Important 2005-09-22T00:00:00 security flaw

Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to modify HTTP headers of XML HTTP requests via XMLHttpRequest, and possibly use the client to exploit vulnerabilities in servers or proxies, including HTTP request smuggling and HTTP request splitting.

Red Hat Enterprise Linux 4 2005-09-22T00:00:00 RHSA-2005:785 firefox-0:1.0.7-1.4.1 Red Hat Enterprise Linux 4 2005-09-22T00:00:00 RHSA-2005:789 devhelp-0:0.9.2-2.4.7 Red Hat Enterprise Linux 4 2005-10-06T00:00:00 RHSA-2005:791 thunderbird-0:1.0.7-1.4.1 https://www.cve.org/CVERecord?id=CVE-2005-2703 https://nvd.nist.gov/vuln/detail/CVE-2005-2703 Moderate 2005-09-22T00:00:00 security flaw

Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to spoof DOM objects via an XBL control that implements an internal XPCOM interface.

Red Hat Enterprise Linux 4 2005-09-22T00:00:00 RHSA-2005:785 firefox-0:1.0.7-1.4.1 Red Hat Enterprise Linux 4 2005-09-22T00:00:00 RHSA-2005:789 devhelp-0:0.9.2-2.4.7 Red Hat Enterprise Linux 4 2005-10-06T00:00:00 RHSA-2005:791 thunderbird-0:1.0.7-1.4.1 https://www.cve.org/CVERecord?id=CVE-2005-2704 https://nvd.nist.gov/vuln/detail/CVE-2005-2704 Critical 2005-09-22T00:00:00 security flaw

Integer overflow in the JavaScript engine in Firefox before 1.0.7 and Mozilla Suite before 1.7.12 might allow remote attackers to execute arbitrary code.

Red Hat Enterprise Linux 4 2005-09-22T00:00:00 RHSA-2005:785 firefox-0:1.0.7-1.4.1 Red Hat Enterprise Linux 4 2005-09-22T00:00:00 RHSA-2005:789 devhelp-0:0.9.2-2.4.7 Red Hat Enterprise Linux 4 2005-10-06T00:00:00 RHSA-2005:791 thunderbird-0:1.0.7-1.4.1 https://www.cve.org/CVERecord?id=CVE-2005-2705 https://nvd.nist.gov/vuln/detail/CVE-2005-2705 Moderate 2005-09-22T00:00:00 security flaw

Firefox before 1.0.7 and Mozilla before Suite 1.7.12 allows remote attackers to execute Javascript with chrome privileges via an about: page such as about:mozilla.

Red Hat Enterprise Linux 4 2005-09-22T00:00:00 RHSA-2005:785 firefox-0:1.0.7-1.4.1 Red Hat Enterprise Linux 4 2005-09-22T00:00:00 RHSA-2005:789 devhelp-0:0.9.2-2.4.7 Red Hat Enterprise Linux 4 2005-10-06T00:00:00 RHSA-2005:791 thunderbird-0:1.0.7-1.4.1 https://www.cve.org/CVERecord?id=CVE-2005-2706 https://nvd.nist.gov/vuln/detail/CVE-2005-2706 Moderate 2005-09-22T00:00:00 security flaw

Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to spawn windows without user interface components such as the address and status bar, which could be used to conduct spoofing or phishing attacks.

Red Hat Enterprise Linux 4 2005-09-22T00:00:00 RHSA-2005:785 firefox-0:1.0.7-1.4.1 Red Hat Enterprise Linux 4 2005-09-22T00:00:00 RHSA-2005:789 devhelp-0:0.9.2-2.4.7 Red Hat Enterprise Linux 4 2005-10-06T00:00:00 RHSA-2005:791 thunderbird-0:1.0.7-1.4.1 https://www.cve.org/CVERecord?id=CVE-2005-2707 https://nvd.nist.gov/vuln/detail/CVE-2005-2707 Important 2005-06-28T00:00:00 security flaw

The search_binary_handler function in exec.c in Linux 2.4 kernel on 64-bit x86 architectures does not check a return code for a particular function call when virtual memory is low, which allows local users to cause a denial of service (panic), as demonstrated by running a process using the bash ulimit -v command.

Red Hat Enterprise Linux 3 2006-01-19T00:00:00 RHSA-2006:0140 kernel-0:2.4.21-37.0.1.EL Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2006-02-01T00:00:00 RHSA-2006:0190 Red Hat Linux Advanced Workstation 2.1 2006-02-01T00:00:00 RHSA-2006:0190 https://www.cve.org/CVERecord?id=CVE-2005-2708 https://nvd.nist.gov/vuln/detail/CVE-2005-2708 Moderate 2005-11-08T14:00:00 security flaw

The sysctl functionality (sysctl.c) in Linux kernel before 2.6.14.1 allows local users to cause a denial of service (kernel oops) and possibly execute code by opening an interface file in /proc/sys/net/ipv4/conf/, waiting until the interface is unregistered, then obtaining and modifying function pointers in memory that was used for the ctl_table.

Red Hat Enterprise Linux 3 2006-01-19T00:00:00 RHSA-2006:0140 kernel-0:2.4.21-37.0.1.EL Red Hat Enterprise Linux 4 2006-01-17T00:00:00 RHSA-2006:0101 kernel-0:2.6.9-22.0.2.EL Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2006-02-01T00:00:00 RHSA-2006:0190 Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2006-02-01T00:00:00 RHSA-2006:0191 Red Hat Enterprise Linux ES version 2.1 2006-02-01T00:00:00 RHSA-2006:0191 Red Hat Enterprise Linux WS version 2.1 2006-02-01T00:00:00 RHSA-2006:0191 Red Hat Linux Advanced Workstation 2.1 2006-02-01T00:00:00 RHSA-2006:0190 https://www.cve.org/CVERecord?id=CVE-2005-2709 https://nvd.nist.gov/vuln/detail/CVE-2005-2709 Critical 2005-09-26T00:00:00 security flaw

Format string vulnerability in Real HelixPlayer and RealPlayer 10 allows remote attackers to execute arbitrary code via the (1) image handle or (2) timeformat attribute in a RealPix (.rp) or RealText (.rt) file.

Red Hat Desktop version 3 Extras 2005-09-27T00:00:00 RHSA-2005:762 Red Hat Desktop version 4 Extras 2005-09-27T00:00:00 RHSA-2005:762 Red Hat Enterprise Linux 4 2005-09-27T00:00:00 RHSA-2005:788 HelixPlayer-1:1.0.6-0.EL4.1 https://www.cve.org/CVERecord?id=CVE-2005-2710 https://nvd.nist.gov/vuln/detail/CVE-2005-2710 Moderate 2004-07-07T00:00:00 security flaw

The byte-range filter in Apache 2.0 before 2.0.54 allows remote attackers to cause a denial of service (memory consumption) via an HTTP header with a large Range field.

Red Hat Enterprise Linux 3 2005-09-06T00:00:00 RHSA-2005:608 httpd-0:2.0.46-46.3.ent Red Hat Enterprise Linux 4 2005-09-06T00:00:00 RHSA-2005:608 httpd-0:2.0.52-12.2.ent https://www.cve.org/CVERecord?id=CVE-2005-2728 https://nvd.nist.gov/vuln/detail/CVE-2005-2728 Important 2005-09-01T00:00:00 security flaw

store.c in Squid 2.5.STABLE10 and earlier allows remote attackers to cause a denial of service (crash) via certain aborted requests that trigger an assert error related to STORE_PENDING.

Red Hat Enterprise Linux 3 2005-09-15T00:00:00 RHSA-2005:766 squid-7:2.5.STABLE3-6.3E.14 Red Hat Enterprise Linux 4 2005-09-15T00:00:00 RHSA-2005:766 squid-7:2.5.STABLE6-3.4E.11 https://www.cve.org/CVERecord?id=CVE-2005-2794 https://nvd.nist.gov/vuln/detail/CVE-2005-2794 Important 2005-09-01T00:00:00 security flaw

The sslConnectTimeout function in ssl.c for Squid 2.5.STABLE10 and earlier allows remote attackers to cause a denial of service (segmentation fault) via certain crafted requests.

Red Hat Enterprise Linux 3 2005-09-15T00:00:00 RHSA-2005:766 squid-7:2.5.STABLE3-6.3E.14 Red Hat Enterprise Linux 4 2005-09-15T00:00:00 RHSA-2005:766 squid-7:2.5.STABLE6-3.4E.11 https://www.cve.org/CVERecord?id=CVE-2005-2796 https://nvd.nist.gov/vuln/detail/CVE-2005-2796

OpenSSH 4.0, and other versions before 4.2, does not properly handle dynamic port forwarding ("-D" option) when a listen address is not provided, which may cause OpenSSH to enable the GatewayPorts functionality.

Not vulnerable. This issue did not affect the versions of OpenSSH as shipped with Red Hat Enterprise Linux 2.1, 3 or 4. https://www.cve.org/CVERecord?id=CVE-2005-2797 https://nvd.nist.gov/vuln/detail/CVE-2005-2797 Moderate 2005-09-01T00:00:00 security flaw

sshd in OpenSSH before 4.2, when GSSAPIDelegateCredentials is enabled, allows GSSAPI credentials to be delegated to clients who log in using non-GSSAPI methods, which could cause those credentials to be exposed to untrusted users or hosts.

This issue does not affect Red Hat Enterprise Linux 2.1 and 3. This flaw was fixed in Red Hat Enterprise Linux 4 via errata RHSA-2005:527: http://rhn.redhat.com/errata/RHSA-2005-527.html Red Hat Enterprise Linux 4 2005-10-05T00:00:00 RHSA-2005:527 openssh-0:3.9p1-8.RHEL4.9 https://www.cve.org/CVERecord?id=CVE-2005-2798 https://nvd.nist.gov/vuln/detail/CVE-2005-2798 Moderate 2005-08-27T00:00:00 security flaw

Memory leak in the seq_file implementation in the SCSI procfs interface (sg.c) in Linux kernel 2.6.13 and earlier allows local users to cause a denial of service (memory consumption) via certain repeated reads from the /proc/scsi/sg/devices file, which is not properly handled when the next() iterator returns NULL or an error.

Red Hat Enterprise Linux 4 2006-01-17T00:00:00 RHSA-2006:0101 kernel-0:2.6.9-22.0.2.EL https://www.cve.org/CVERecord?id=CVE-2005-2800 https://nvd.nist.gov/vuln/detail/CVE-2005-2800 Moderate 2005-02-05T00:00:00 security flaw

xattr.c in the ext2 and ext3 file system code for Linux kernel 2.6 does not properly compare the name_index fields when sharing xattr blocks, which could prevent default ACLs from being applied.

Red Hat Enterprise Linux 3 2006-03-15T00:00:00 RHSA-2006:0144 kernel-0:2.4.21-40.EL Red Hat Enterprise Linux 4 2005-10-05T00:00:00 RHSA-2005:514 kernel-0:2.6.9-22.EL https://www.cve.org/CVERecord?id=CVE-2005-2801 https://nvd.nist.gov/vuln/detail/CVE-2005-2801 Critical 2005-09-09T00:00:00 security flaw

Buffer overflow in the International Domain Name (IDN) support in Mozilla Firefox 1.0.6 and earlier, and Netscape 8.0.3.3 and 7.2, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a hostname with all "soft" hyphens (character 0xAD), which is not properly handled by the NormalizeIDN call in nsStandardURL::BuildNormalizedSpec.

Red Hat Enterprise Linux 4 2005-09-09T00:00:00 RHSA-2005:768 firefox-0:1.0.6-1.4.2 Red Hat Enterprise Linux 4 2005-10-06T00:00:00 RHSA-2005:791 thunderbird-0:1.0.7-1.4.1 https://www.cve.org/CVERecord?id=CVE-2005-2871 https://nvd.nist.gov/vuln/detail/CVE-2005-2871 Important 2005-05-09T00:00:00 security flaw

The ipt_recent kernel module (ipt_recent.c) in Linux kernel before 2.6.12, when running on 64-bit processors such as AMD64, allows remote attackers to cause a denial of service (kernel panic) via certain attacks such as SSH brute force, which leads to memset calls using a length based on the u_int32_t type, acting on an array of unsigned long elements, a different vulnerability than CVE-2005-2873.

Red Hat Enterprise Linux 4 2005-10-05T00:00:00 RHSA-2005:514 kernel-0:2.6.9-22.EL https://www.cve.org/CVERecord?id=CVE-2005-2872 https://nvd.nist.gov/vuln/detail/CVE-2005-2872 Low 2005-05-09T00:00:00 security flaw

The ipt_recent kernel module (ipt_recent.c) in Linux kernel 2.6.12 and earlier does not properly perform certain time tests when the jiffies value is greater than LONG_MAX, which can cause ipt_recent netfilter rules to block too early, a different vulnerability than CVE-2005-2872.

Red Hat Enterprise Linux 4 2007-04-28T00:00:00 RHBA-2007:0304 kernel-0:2.6.9-55.EL https://www.cve.org/CVERecord?id=CVE-2005-2873 https://nvd.nist.gov/vuln/detail/CVE-2005-2873 Moderate 2005-01-07T00:00:00 security flaw

The is_path_absolute function in scheduler/client.c for the daemon in CUPS before 1.1.23 allows remote attackers to cause a denial of service (CPU consumption by tight loop) via a "..\.." URL in an HTTP request.

Red Hat Enterprise Linux 4 2005-09-27T00:00:00 RHSA-2005:772 cups-1:1.1.22-0.rc1.9.8 https://www.cve.org/CVERecord?id=CVE-2005-2874 https://nvd.nist.gov/vuln/detail/CVE-2005-2874 Moderate 2005-09-13T00:00:00 security flaw

umount in util-linux 2.8 to 2.12q, 2.13-pre1, and 2.13-pre2, and other packages such as loop-aes-utils, allows local users with unmount permissions to gain privileges via the -r (remount) option, which causes the file system to be remounted with just the read-only flag, which effectively clears the nosuid, nodev, and other flags.

Red Hat Enterprise Linux 3 2005-10-11T00:00:00 RHSA-2005:782 util-linux-0:2.11y-31.11 Red Hat Enterprise Linux 4 2005-10-11T00:00:00 RHSA-2005:782 util-linux-0:2.12a-16.EL4.12 https://www.cve.org/CVERecord?id=CVE-2005-2876 https://nvd.nist.gov/vuln/detail/CVE-2005-2876 Moderate 2005-09-15T00:00:00 security flaw

Squid 2.5.STABLE10 and earlier, while performing NTLM authentication, does not properly handle certain request sequences, which allows attackers to cause a denial of service (daemon restart).

Red Hat Enterprise Linux 3 2006-03-15T00:00:00 RHSA-2006:0045 squid-7:2.5.STABLE3-6.3E.16 Red Hat Enterprise Linux 4 2006-03-07T00:00:00 RHSA-2006:0052 squid-7:2.5.STABLE6-3.4E.12 https://www.cve.org/CVERecord?id=CVE-2005-2917 https://nvd.nist.gov/vuln/detail/CVE-2005-2917 Critical 2006-03-22T00:00:00 security flaw

Heap-based buffer overflow in the embedded player in multiple RealNetworks products and versions including RealPlayer 10.x, RealOne Player, and Helix Player allows remote malicious servers to cause a denial of service (crash) and possibly execute arbitrary code via a chunked Transfer-Encoding HTTP response in which either (1) the chunk header length is specified as -1, (2) the chunk header with a length that is less than the actual amount of sent data, or (3) a missing chunk header.

Red Hat Desktop version 3 Extras 2005-09-27T00:00:00 RHSA-2005:762 Red Hat Desktop version 4 Extras 2005-09-27T00:00:00 RHSA-2005:762 Red Hat Enterprise Linux 4 2005-09-27T00:00:00 RHSA-2005:788 HelixPlayer-1:1.0.6-0.EL4.1 https://www.cve.org/CVERecord?id=CVE-2005-2922 https://nvd.nist.gov/vuln/detail/CVE-2005-2922 Critical 2005-11-11T16:45:00 lynx arbitrary command execution

Lynx 2.8.5, and other versions before 2.8.6dev.15, allows remote attackers to execute arbitrary commands via (1) lynxcgi:, (2) lynxexec, and (3) lynxprog links, which are not properly restricted in the default configuration in some environments.

Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Red Hat Enterprise Linux 3 2005-11-12T00:00:00 RHSA-2005:839 lynx-0:2.8.5-11.2 Red Hat Enterprise Linux 4 2005-11-12T00:00:00 RHSA-2005:839 lynx-0:2.8.5-18.2 https://www.cve.org/CVERecord?id=CVE-2005-2929 https://nvd.nist.gov/vuln/detail/CVE-2005-2929 Moderate 2005-10-04T00:00:00 security flaw

Buffer overflow in the mail_valid_net_parse_work function in mail.c for Washington's IMAP Server (UW-IMAP) before imap-2004g allows remote attackers to execute arbitrary code via a mailbox name containing a single double-quote (") character without a closing quote, which causes bytes after the double-quote to be copied into a buffer indefinitely.

Red Hat Enterprise Linux 3 2005-12-06T00:00:00 RHSA-2005:850 imap-1:2002d-12 Red Hat Enterprise Linux 3 2006-04-25T00:00:00 RHSA-2006:0276 php-0:4.3.2-30.ent Red Hat Enterprise Linux 4 2005-12-06T00:00:00 RHSA-2005:848 libc-client-0:2002e-14 Red Hat Enterprise Linux 4 2006-04-25T00:00:00 RHSA-2006:0276 php-0:4.3.9-3.12 Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2006-05-23T00:00:00 RHSA-2006:0501 Red Hat Enterprise Linux ES version 2.1 2006-05-23T00:00:00 RHSA-2006:0501 Red Hat Enterprise Linux WS version 2.1 2006-05-23T00:00:00 RHSA-2006:0501 Red Hat Linux Advanced Workstation 2.1 2006-05-23T00:00:00 RHSA-2006:0501 Stronghold 4.0 for Red Hat Enterprise Linux AS (version 2.1) 2006-07-27T00:00:00 RHSA-2006:0549 https://www.cve.org/CVERecord?id=CVE-2005-2933 https://nvd.nist.gov/vuln/detail/CVE-2005-2933

The default configuration on OpenSSL before 0.9.8 uses MD5 for creating message digests instead of a more cryptographically strong algorithm, which makes it easier for remote attackers to forge certificates with a valid certificate authority signature.

Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169803 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/ https://www.cve.org/CVERecord?id=CVE-2005-2946 https://nvd.nist.gov/vuln/detail/CVE-2005-2946

Incomplete blacklist vulnerability in sudo 1.6.8 and earlier allows local users to gain privileges via the (1) SHELLOPTS and (2) PS4 environment variables before executing a bash script on behalf of another user, which are not cleared even though other variables are.

We do not consider this to be a security issue: http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=139478#c1 https://www.cve.org/CVERecord?id=CVE-2005-2959 https://nvd.nist.gov/vuln/detail/CVE-2005-2959 Important 2005-09-06T00:00:00 security flaw

Firefox 1.0.6 and Mozilla 1.7.10 allows attackers to execute arbitrary commands via shell metacharacters in a URL that is provided to the browser on the command line, which is sent unfiltered to bash.

Not vulnerable. These issues did not affect the versions of Mozilla and Firefox as shipped with Red Hat Enterprise Linux 2.1, 3, or 4. Red Hat Enterprise Linux 4 2005-09-22T00:00:00 RHSA-2005:785 firefox-0:1.0.7-1.4.1 Red Hat Enterprise Linux 4 2005-10-06T00:00:00 RHSA-2005:791 thunderbird-0:1.0.7-1.4.1 https://www.cve.org/CVERecord?id=CVE-2005-2968 https://nvd.nist.gov/vuln/detail/CVE-2005-2968 Moderate 2005-10-11T00:00:00 openssl mitm downgrade attack

The SSL/TLS server implementation in OpenSSL 0.9.7 before 0.9.7h and 0.9.8 before 0.9.8a, when using the SSL_OP_MSIE_SSLV2_RSA_PADDING option, disables a verification step that is required for preventing protocol version rollback attacks, which allows remote attackers to force a client and server to use a weaker protocol than needed via a man-in-the-middle attack.

Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Red Hat Enterprise Linux 3 2005-10-11T00:00:00 RHSA-2005:800 openssl-0:0.9.7a-33.17 Red Hat Enterprise Linux 3 2005-10-11T00:00:00 RHSA-2005:800 openssl096b-0:0.9.6b-16.22.4 Red Hat Enterprise Linux 4 2005-10-11T00:00:00 RHSA-2005:800 openssl-0:0.9.7a-43.4 Red Hat Enterprise Linux 4 2005-10-11T00:00:00 RHSA-2005:800 openssl096b-0:0.9.6b-22.4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0525 rhn-solaris-bootstrap-0:5.0.2-3 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0525 rhn_solaris_bootstrap_5_0_2_3-0:1-0 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0525 rhn-solaris-bootstrap-0:5.0.2-3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0525 rhn_solaris_bootstrap_5_0_2_3-0:1-0 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0264 rhn-solaris-bootstrap-0:5.0.2-3 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0264 rhn_solaris_bootstrap_5_0_2_3-0:1-0 Red Hat Network Satellite Server v 5.1 2008-08-13T00:00:00 RHSA-2008:0629 rhn-solaris-bootstrap-0:5.1.1-3 Red Hat Network Satellite Server v 5.1 2008-08-13T00:00:00 RHSA-2008:0629 rhn_solaris_bootstrap_5_1_1_3-0:1-0 Red Hat Stronghold 4 2005-12-19T00:00:00 RHSA-2005:882 https://www.cve.org/CVERecord?id=CVE-2005-2969 https://nvd.nist.gov/vuln/detail/CVE-2005-2969 Low 2005-10-25T00:00:00 security flaw

Memory leak in the worker MPM (worker.c) for Apache 2, in certain circumstances, allows remote attackers to cause a denial of service (memory consumption) via aborted connections, which prevents the memory for the transaction pool from being reused for other connections.

Red Hat Enterprise Linux 3 2006-01-05T00:00:00 RHSA-2006:0159 httpd-0:2.0.46-56.ent Red Hat Enterprise Linux 4 2006-01-05T00:00:00 RHSA-2006:0159 httpd-0:2.0.52-22.ent https://www.cve.org/CVERecord?id=CVE-2005-2970 https://nvd.nist.gov/vuln/detail/CVE-2005-2970 Important 2005-10-04T00:00:00 security flaw

The udp_v6_get_port function in udp.c in Linux 2.6 before 2.6.14-rc5, when running IPv6, allows local users to cause a denial of service (infinite loop and crash).

Red Hat Enterprise Linux 3 2006-01-19T00:00:00 RHSA-2006:0140 kernel-0:2.4.21-37.0.1.EL Red Hat Enterprise Linux 4 2006-05-24T00:00:00 RHSA-2006:0493 kernel-0:2.6.9-34.0.1.EL Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2006-02-01T00:00:00 RHSA-2006:0190 Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2006-02-01T00:00:00 RHSA-2006:0191 Red Hat Enterprise Linux ES version 2.1 2006-02-01T00:00:00 RHSA-2006:0191 Red Hat Enterprise Linux WS version 2.1 2006-02-01T00:00:00 RHSA-2006:0191 Red Hat Linux Advanced Workstation 2.1 2006-02-01T00:00:00 RHSA-2006:0190 https://www.cve.org/CVERecord?id=CVE-2005-2973 https://nvd.nist.gov/vuln/detail/CVE-2005-2973 Low 2005-11-03T00:00:00 giflib/libunfig: NULL pointer dereference crash CWE-476

libungif library before 4.1.0 allows attackers to cause a denial of service via a crafted GIF file that triggers a null dereference.

Red Hat Enterprise Linux 3 2005-11-03T00:00:00 RHSA-2005:828 libungif-0:4.1.0-15.el3.3 Red Hat Enterprise Linux 4 2005-11-03T00:00:00 RHSA-2005:828 libungif-0:4.1.3-1.el4.2 Red Hat Enterprise Linux 5 2009-04-22T00:00:00 RHSA-2009:0444 giflib-0:4.1.3-7.1.el5_3.1 https://www.cve.org/CVERecord?id=CVE-2005-2974 https://nvd.nist.gov/vuln/detail/CVE-2005-2974 Important 2005-11-15T14:00:00 security flaw

io-xpm.c in the gdk-pixbuf XPM image rendering library in GTK+ before 2.8.7 allows attackers to cause a denial of service (infinite loop) via a crafted XPM image with a large number of colors.

Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Red Hat Enterprise Linux 3 2005-11-15T00:00:00 RHSA-2005:810 gdk-pixbuf-1:0.22.0-13.el3.3 Red Hat Enterprise Linux 3 2005-11-15T00:00:00 RHSA-2005:811 gtk2-0:2.2.4-19 Red Hat Enterprise Linux 4 2005-11-15T00:00:00 RHSA-2005:810 gdk-pixbuf-1:0.22.0-17.el4.3 Red Hat Enterprise Linux 4 2005-11-15T00:00:00 RHSA-2005:811 gtk2-0:2.4.13-18 https://www.cve.org/CVERecord?id=CVE-2005-2975 https://nvd.nist.gov/vuln/detail/CVE-2005-2975 Important 2005-11-15T14:00:00 security flaw

Integer overflow in io-xpm.c in gdk-pixbuf 0.22.0 in GTK+ before 2.8.7 allows attackers to cause a denial of service (crash) or execute arbitrary code via an XPM file with large height, width, and colour values, a different vulnerability than CVE-2005-3186.

Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Red Hat Enterprise Linux 3 2005-11-15T00:00:00 RHSA-2005:810 gdk-pixbuf-1:0.22.0-13.el3.3 Red Hat Enterprise Linux 4 2005-11-15T00:00:00 RHSA-2005:810 gdk-pixbuf-1:0.22.0-17.el4.3 https://www.cve.org/CVERecord?id=CVE-2005-2976 https://nvd.nist.gov/vuln/detail/CVE-2005-2976 Low 2005-10-26T00:00:00 security flaw

The SELinux version of PAM before 0.78 r3 allows local users to perform brute force password guessing attacks via unix_chkpwd, which does not log failed guesses or delay its responses.

Red Hat Enterprise Linux 4 2005-10-26T00:00:00 RHSA-2005:805 pam-0:0.77-66.13 https://www.cve.org/CVERecord?id=CVE-2005-2977 https://nvd.nist.gov/vuln/detail/CVE-2005-2977 Moderate 2005-10-18T00:00:00 security flaw

pnmtopng in netpbm before 10.25, when using the -trans option, uses uninitialized size and index variables when converting Portable Anymap (PNM) images to Portable Network Graphics (PNG), which might allow attackers to execute arbitrary code by modifying the stack.

Red Hat Enterprise Linux 4 2005-10-18T00:00:00 RHSA-2005:793 netpbm-0:10.25-2.EL4.2 https://www.cve.org/CVERecord?id=CVE-2005-2978 https://nvd.nist.gov/vuln/detail/CVE-2005-2978 Low 2021-11-09T00:00:00 ncompress: insecure tmp file handling may lead to file overwrite 5.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L CWE-59

ncompress 4.2.4 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files using (1) zdiff or (2) zcmp, a different vulnerability than CVE-2004-0970.

Not vulnerable. This issue did not affect the ncompress packages as distributed with Red Hat Enterprise Linux 2.1, 3, or 4. Red Hat Enterprise Linux 6 Not affected ncompress Red Hat Enterprise Linux 7 Not affected ncompress Red Hat Enterprise Linux 8 Not affected ncompress https://www.cve.org/CVERecord?id=CVE-2005-2991 https://nvd.nist.gov/vuln/detail/CVE-2005-2991 Low 2000-02-09T00:00:00 security flaw

The sort_offline function for texindex in texinfo 4.8 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files.

Updated packages to correct this issue are available along with our advisory: http://rhn.redhat.com/errata/CVE-2005-3011.html Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Red Hat Enterprise Linux 2.1 2006-11-08T00:00:00 RHSA-2006:0727 texinfo-0:4.0b-3.el2.1 Red Hat Enterprise Linux 3 2006-11-08T00:00:00 RHSA-2006:0727 texinfo-0:4.5-3.el3.1 Red Hat Enterprise Linux 4 2006-11-08T00:00:00 RHSA-2006:0727 texinfo-0:4.7-5.el4.2 https://www.cve.org/CVERecord?id=CVE-2005-3011 https://nvd.nist.gov/vuln/detail/CVE-2005-3011 Important 2005-09-09T00:00:00 security flaw

Multiple vulnerabilities in Linux kernel before 2.6.13.2 allow local users to cause a denial of service (kernel OOPS from null dereference) via (1) fput in a 32-bit ioctl on 64-bit x86 systems or (2) sockfd_put in the 32-bit routing_ioctl function on 64-bit systems.

Red Hat Enterprise Linux 3 2006-01-19T00:00:00 RHSA-2006:0140 kernel-0:2.4.21-37.0.1.EL Red Hat Enterprise Linux 4 2006-01-17T00:00:00 RHSA-2006:0101 kernel-0:2.6.9-22.0.2.EL https://www.cve.org/CVERecord?id=CVE-2005-3044 https://nvd.nist.gov/vuln/detail/CVE-2005-3044 Important 2005-08-01T00:00:00 security flaw

The sys_set_mempolicy function in mempolicy.c in Linux kernel 2.6.x allows local users to cause a denial of service (kernel BUG()) via a negative first argument.

Red Hat Enterprise Linux 4 2005-10-27T00:00:00 RHSA-2005:808 kernel-0:2.6.9-22.0.1.EL https://www.cve.org/CVERecord?id=CVE-2005-3053 https://nvd.nist.gov/vuln/detail/CVE-2005-3053

fopen_wrappers.c in PHP 4.4.0, and possibly other versions, does not properly restrict access to other directories when the open_basedir directive includes a trailing slash, which allows PHP scripts in one directory to access files in other directories whose names are substrings of the original directory.

We do not consider these to be security issues: http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1 https://www.cve.org/CVERecord?id=CVE-2005-3054 https://nvd.nist.gov/vuln/detail/CVE-2005-3054 Moderate 2005-09-25T00:00:00 security flaw

Linux kernel 2.6.8 to 2.6.14-rc2 allows local users to cause a denial of service (kernel OOPS) via a userspace process that issues a USB Request Block (URB) to a USB device and terminates before the URB is finished, which leads to a stale pointer reference.

Red Hat Enterprise Linux 3 2006-07-20T00:00:00 RHSA-2006:0437 kernel-0:2.4.21-47.EL Red Hat Enterprise Linux 4 2006-08-10T00:00:00 RHSA-2006:0575 kernel-0:2.6.9-42.EL Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2006-07-13T00:00:00 RHSA-2006:0579 Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2006-07-13T00:00:00 RHSA-2006:0580 Red Hat Enterprise Linux ES version 2.1 2006-07-13T00:00:00 RHSA-2006:0579 Red Hat Enterprise Linux WS version 2.1 2006-07-13T00:00:00 RHSA-2006:0579 Red Hat Linux Advanced Workstation 2.1 2006-07-13T00:00:00 RHSA-2006:0580 https://www.cve.org/CVERecord?id=CVE-2005-3055 https://nvd.nist.gov/vuln/detail/CVE-2005-3055 Low 2005-10-21T00:00:00 security flaw

fetchmailconf before 1.49 in fetchmail 6.2.0, 6.2.5 and 6.2.5.2 creates configuration files with insecure world-readable permissions, which allows local users to obtain sensitive information such as passwords.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2005-10-26T00:00:00 RHSA-2005:823 Red Hat Enterprise Linux ES version 2.1 2005-10-26T00:00:00 RHSA-2005:823 Red Hat Enterprise Linux WS version 2.1 2005-10-26T00:00:00 RHSA-2005:823 Red Hat Linux Advanced Workstation 2.1 2005-10-26T00:00:00 RHSA-2005:823 https://www.cve.org/CVERecord?id=CVE-2005-3088 https://nvd.nist.gov/vuln/detail/CVE-2005-3088 Low 2005-07-25T22:56:00 security flaw

Firefox 1.0.6 allows attackers to cause a denial of service (crash) via a Proxy Auto-Config (PAC) script that uses an eval statement. NOTE: it is not clear whether an untrusted party has any role in triggering this issue, so it might not be a vulnerability.

Red Hat Enterprise Linux 4 2005-09-22T00:00:00 RHSA-2005:785 firefox-0:1.0.7-1.4.1 Red Hat Enterprise Linux 4 2005-09-22T00:00:00 RHSA-2005:789 devhelp-0:0.9.2-2.4.7 https://www.cve.org/CVERecord?id=CVE-2005-3089 https://nvd.nist.gov/vuln/detail/CVE-2005-3089 Important 2005-03-28T00:00:00 security flaw

The mprotect code (mprotect.c) in Linux 2.6 on Itanium IA64 Montecito processors does not properly maintain cache coherency as required by the architecture, which allows local users to cause a denial of service and possibly corrupt data by modifying PTE protections.

Red Hat Enterprise Linux 4 2005-10-05T00:00:00 RHSA-2005:514 kernel-0:2.6.9-22.EL https://www.cve.org/CVERecord?id=CVE-2005-3105 https://nvd.nist.gov/vuln/detail/CVE-2005-3105 Important 2005-01-15T00:00:00 security flaw

Race condition in Linux 2.6, when threads are sharing memory mapping via CLONE_VM (such as linuxthreads and vfork), might allow local users to cause a denial of service (deadlock) by triggering a core dump while waiting for a thread that has just performed an exec.

Red Hat Enterprise Linux 4 2006-01-17T00:00:00 RHSA-2006:0101 kernel-0:2.6.9-22.0.2.EL https://www.cve.org/CVERecord?id=CVE-2005-3106 https://nvd.nist.gov/vuln/detail/CVE-2005-3106 Low 2005-01-11T00:00:00 security flaw

fs/exec.c in Linux 2.6, when one thread is tracing another thread that shares the same memory map, might allow local users to cause a denial of service (deadlock) by forcing a core dump when the traced thread is in the TASK_TRACED state.

Red Hat Enterprise Linux 3 2006-07-20T00:00:00 RHSA-2006:0437 kernel-0:2.4.21-47.EL Red Hat Enterprise Linux 4 2005-06-08T00:00:00 RHSA-2005:420 kernel-0:2.6.9-11.EL https://www.cve.org/CVERecord?id=CVE-2005-3107 https://nvd.nist.gov/vuln/detail/CVE-2005-3107 Moderate 2005-05-17T00:00:00 security flaw

mm/ioremap.c in Linux 2.6 on 64-bit x86 systems allows local users to cause a denial of service or an information leak via an ioremap on a certain memory map that causes the iounmap to perform a lookup of a page that does not exist.

Red Hat Enterprise Linux 4 2005-10-27T00:00:00 RHSA-2005:808 kernel-0:2.6.9-22.0.1.EL https://www.cve.org/CVERecord?id=CVE-2005-3108 https://nvd.nist.gov/vuln/detail/CVE-2005-3108 Moderate 2005-05-01T00:00:00 security flaw

The HFS and HFS+ (hfsplus) modules in Linux 2.6 allow attackers to cause a denial of service (oops) by using hfsplus to mount a filesystem that is not hfsplus.

Red Hat Enterprise Linux 4 2006-01-17T00:00:00 RHSA-2006:0101 kernel-0:2.6.9-22.0.2.EL https://www.cve.org/CVERecord?id=CVE-2005-3109 https://nvd.nist.gov/vuln/detail/CVE-2005-3109 Important 2005-03-14T00:00:00 security flaw

Race condition in ebtables netfilter module (ebtables.c) in Linux 2.6, when running on an SMP system that is operating under a heavy load, might allow remote attackers to cause a denial of service (crash) via a series of packets that cause a value to be modified after it has been read but before it has been locked.

Red Hat Enterprise Linux 4 2005-10-27T00:00:00 RHSA-2005:808 kernel-0:2.6.9-22.0.1.EL https://www.cve.org/CVERecord?id=CVE-2005-3110 https://nvd.nist.gov/vuln/detail/CVE-2005-3110 Important 2005-10-08T00:00:00 security flaw

Memory leak in the request_key_auth_destroy function in request_key_auth in Linux kernel 2.6.10 up to 2.6.13 allows local users to cause a denial of service (memory consumption) via a large number of authorization token keys.

Red Hat Enterprise Linux 4 2005-10-27T00:00:00 RHSA-2005:808 kernel-0:2.6.9-22.0.1.EL https://www.cve.org/CVERecord?id=CVE-2005-3119 https://nvd.nist.gov/vuln/detail/CVE-2005-3119 Critical 2005-10-17T00:00:00 CAN-2005-3120 lynx buffer overflow

Stack-based buffer overflow in the HTrjis function in Lynx 2.8.6 and earlier allows remote NNTP servers to execute arbitrary code via certain article headers containing Asian characters that cause Lynx to add extra escape (ESC) characters.

Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Red Hat Enterprise Linux 3 2005-10-17T00:00:00 RHSA-2005:803 lynx-0:2.8.5-11.1 Red Hat Enterprise Linux 4 2005-10-17T00:00:00 RHSA-2005:803 lynx-0:2.8.5-18.1 https://www.cve.org/CVERecord?id=CVE-2005-3120 https://nvd.nist.gov/vuln/detail/CVE-2005-3120 Low 2005-10-05T00:00:00 security flaw

Buffer overflow in xloadimage 4.1 and earlier, and xli, might allow user-assisted attackers to execute arbitrary code via a long title name in a NIFF file, which triggers the overflow during (1) zoom, (2) reduce, or (3) rotate operations.

Red Hat Enterprise Linux 3 2005-10-18T00:00:00 RHSA-2005:802 xloadimage-0:4.1-36.RHEL3 Red Hat Enterprise Linux 4 2005-10-18T00:00:00 RHSA-2005:802 xloadimage-0:4.1-36.RHEL4 https://www.cve.org/CVERecord?id=CVE-2005-3178 https://nvd.nist.gov/vuln/detail/CVE-2005-3178 Important 2005-10-04T00:00:00 security flaw

The Orinoco driver (orinoco.c) in Linux kernel 2.6.13 and earlier does not properly clear memory from a previously used packet whose length is increased, which allows remote attackers to obtain sensitive information.

Red Hat Enterprise Linux 3 2006-01-19T00:00:00 RHSA-2006:0140 kernel-0:2.4.21-37.0.1.EL Red Hat Enterprise Linux 4 2005-10-27T00:00:00 RHSA-2005:808 kernel-0:2.6.9-22.0.1.EL Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2006-02-01T00:00:00 RHSA-2006:0190 Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2006-02-01T00:00:00 RHSA-2006:0191 Red Hat Enterprise Linux ES version 2.1 2006-02-01T00:00:00 RHSA-2006:0191 Red Hat Enterprise Linux WS version 2.1 2006-02-01T00:00:00 RHSA-2006:0191 Red Hat Linux Advanced Workstation 2.1 2006-02-01T00:00:00 RHSA-2006:0190 https://www.cve.org/CVERecord?id=CVE-2005-3180 https://nvd.nist.gov/vuln/detail/CVE-2005-3180 Important 2005-10-07T00:00:00 security flaw

The audit system in Linux kernel 2.6.6, and other versions before 2.6.13.4, when CONFIG_AUDITSYSCALL is enabled, uses an incorrect function to free names_cache memory, which prevents the memory from being tracked by AUDITSYSCALL code and leads to a memory leak that allows attackers to cause a denial of service (memory consumption).

Red Hat Enterprise Linux 4 2005-10-27T00:00:00 RHSA-2005:808 kernel-0:2.6.9-22.0.1.EL https://www.cve.org/CVERecord?id=CVE-2005-3181 https://nvd.nist.gov/vuln/detail/CVE-2005-3181 Low 2005-10-07T00:00:00 Multiple bugs in libwww - one exploitable - in Library/src/HTBound.c

The HTBoundary_put_block function in HTBound.c for W3C libwww (w3c-libwww) allows remote servers to cause a denial of service (segmentation fault) via a crafted multipart/byteranges MIME message that triggers an out-of-bounds read.

The Red Hat Product Security has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: https://access.redhat.com/security/updates/classification/ The risks associated with fixing this bug are greater than the low severity security risk. We therefore currently have no plans to fix this flaw in Red Hat Enterprise Linux 2.1 and 3 which are in maintenance mode. Red Hat Enterprise Linux 4 2007-05-01T00:00:00 RHSA-2007:0208 w3c-libwww-0:5.4.0-10.1.RHEL4.2 https://www.cve.org/CVERecord?id=CVE-2005-3183 https://nvd.nist.gov/vuln/detail/CVE-2005-3183 Moderate 2005-10-19T00:00:00 security flaw

Buffer overflow vulnerability in the unicode_to_bytes in the Service Location Protocol (srvloc) dissector (packet-srvloc.c) in Ethereal allows remote attackers to execute arbitrary code via a srvloc packet with a modified length value.

Red Hat Enterprise Linux 3 2005-10-25T00:00:00 RHSA-2005:809 ethereal-0:0.10.13-1.EL3.1 https://www.cve.org/CVERecord?id=CVE-2005-3184 https://nvd.nist.gov/vuln/detail/CVE-2005-3184 Important 2005-10-12T00:00:00 security flaw

Stack-based buffer overflow in the ntlm_output function in http-ntlm.c for (1) wget 1.10, (2) curl 7.13.2, and (3) libcurl 7.13.2, and other products that use libcurl, when NTLM authentication is enabled, allows remote servers to execute arbitrary code via a long NTLM username.

Red Hat Enterprise Linux 3 2005-11-02T00:00:00 RHSA-2005:807 curl-0:7.10.6-7.rhel3 Red Hat Enterprise Linux 3 2005-11-02T00:00:00 RHSA-2005:812 wget-0:1.10.2-0.30E Red Hat Enterprise Linux 4 2005-11-02T00:00:00 RHSA-2005:807 curl-0:7.12.1-6.rhel4 Red Hat Enterprise Linux 4 2005-11-02T00:00:00 RHSA-2005:812 wget-0:1.10.2-0.40E https://www.cve.org/CVERecord?id=CVE-2005-3185 https://nvd.nist.gov/vuln/detail/CVE-2005-3185 Important 2005-11-03T00:00:00 security flaw

Integer overflow in the GTK+ gdk-pixbuf XPM image rendering library in GTK+ 2.4.0 allows attackers to execute arbitrary code via an XPM file with a number of colors that causes insufficient memory to be allocated, which leads to a heap-based buffer overflow.

Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Red Hat Enterprise Linux 3 2005-11-15T00:00:00 RHSA-2005:810 gdk-pixbuf-1:0.22.0-13.el3.3 Red Hat Enterprise Linux 3 2005-11-15T00:00:00 RHSA-2005:811 gtk2-0:2.2.4-19 Red Hat Enterprise Linux 4 2005-11-15T00:00:00 RHSA-2005:810 gdk-pixbuf-1:0.22.0-17.el4.3 Red Hat Enterprise Linux 4 2005-11-15T00:00:00 RHSA-2005:811 gtk2-0:2.4.13-18 https://www.cve.org/CVERecord?id=CVE-2005-3186 https://nvd.nist.gov/vuln/detail/CVE-2005-3186 Important 2005-12-06T00:00:00 security flaw

Multiple heap-based buffer overflows in the (1) DCTStream::readProgressiveSOF and (2) DCTStream::readBaselineSOF functions in the DCT stream parsing code (Stream.cc) in xpdf 3.01 and earlier, as used in products such as (a) Poppler, (b) teTeX, (c) KDE kpdf, (d) pdftohtml, (e) KOffice KWord, (f) CUPS, and (g) libextractor allow user-assisted attackers to cause a denial of service (heap corruption) and possibly execute arbitrary code via a crafted PDF file with an out-of-range number of components (numComps), which is used as an array index.

Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Red Hat would like to thank Derek B. Noonburg for reporting this issue. Red Hat Enterprise Linux 3 2005-12-06T00:00:00 RHSA-2005:840 xpdf-1:2.02-9.8 Red Hat Enterprise Linux 3 2005-12-20T00:00:00 RHSA-2005:878 cups-1:1.1.17-13.3.34 Red Hat Enterprise Linux 3 2006-01-19T00:00:00 RHSA-2006:0160 tetex-0:1.0.7-67.9 Red Hat Enterprise Linux 4 2005-12-06T00:00:00 RHSA-2005:840 xpdf-1:3.00-11.10 Red Hat Enterprise Linux 4 2005-12-20T00:00:00 RHSA-2005:867 gpdf-0:2.8.2-7.3 Red Hat Enterprise Linux 4 2005-12-20T00:00:00 RHSA-2005:868 kdegraphics-7:3.3.1-3.6 Red Hat Enterprise Linux 4 2005-12-20T00:00:00 RHSA-2005:878 cups-1:1.1.22-0.rc1.9.9 Red Hat Enterprise Linux 4 2006-01-19T00:00:00 RHSA-2006:0160 tetex-0:2.0.2-22.EL4.7 https://www.cve.org/CVERecord?id=CVE-2005-3191 https://nvd.nist.gov/vuln/detail/CVE-2005-3191 Important 2005-12-06T00:00:00 security flaw

Heap-based buffer overflow in the StreamPredictor function in Xpdf 3.01, as used in products such as (1) Poppler, (2) teTeX, (3) KDE kpdf, and (4) pdftohtml, (5) KOffice KWord, (6) CUPS, and (7) libextractor allows remote attackers to execute arbitrary code via a PDF file with an out-of-range numComps (number of components) field.

Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Red Hat would like to thank Derek B. Noonburg for reporting this issue. Red Hat Enterprise Linux 3 2005-12-06T00:00:00 RHSA-2005:840 xpdf-1:2.02-9.8 Red Hat Enterprise Linux 3 2005-12-20T00:00:00 RHSA-2005:878 cups-1:1.1.17-13.3.34 Red Hat Enterprise Linux 3 2006-01-19T00:00:00 RHSA-2006:0160 tetex-0:1.0.7-67.9 Red Hat Enterprise Linux 4 2005-12-06T00:00:00 RHSA-2005:840 xpdf-1:3.00-11.10 Red Hat Enterprise Linux 4 2005-12-20T00:00:00 RHSA-2005:867 gpdf-0:2.8.2-7.3 Red Hat Enterprise Linux 4 2005-12-20T00:00:00 RHSA-2005:868 kdegraphics-7:3.3.1-3.6 Red Hat Enterprise Linux 4 2005-12-20T00:00:00 RHSA-2005:878 cups-1:1.1.22-0.rc1.9.9 Red Hat Enterprise Linux 4 2006-01-19T00:00:00 RHSA-2006:0160 tetex-0:2.0.2-22.EL4.7 https://www.cve.org/CVERecord?id=CVE-2005-3192 https://nvd.nist.gov/vuln/detail/CVE-2005-3192 Important 2005-12-06T00:00:00 security flaw

Heap-based buffer overflow in the JPXStream::readCodestream function in the JPX stream parsing code (JPXStream.c) for xpdf 3.01 and earlier, as used in products such as (1) Poppler, (2) teTeX, (3) KDE kpdf, (4) CUPS, and (5) libextractor allows user-assisted attackers to cause a denial of service (heap corruption) and possibly execute arbitrary code via a crafted PDF file with large size values that cause insufficient memory to be allocated.

Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Red Hat would like to thank Derek B. Noonburg for reporting this issue. Red Hat Enterprise Linux 3 2005-12-06T00:00:00 RHSA-2005:840 xpdf-1:2.02-9.8 Red Hat Enterprise Linux 3 2005-12-20T00:00:00 RHSA-2005:878 cups-1:1.1.17-13.3.34 Red Hat Enterprise Linux 3 2006-01-19T00:00:00 RHSA-2006:0160 tetex-0:1.0.7-67.9 Red Hat Enterprise Linux 4 2005-12-06T00:00:00 RHSA-2005:840 xpdf-1:3.00-11.10 Red Hat Enterprise Linux 4 2005-12-20T00:00:00 RHSA-2005:867 gpdf-0:2.8.2-7.3 Red Hat Enterprise Linux 4 2005-12-20T00:00:00 RHSA-2005:868 kdegraphics-7:3.3.1-3.6 Red Hat Enterprise Linux 4 2005-12-20T00:00:00 RHSA-2005:878 cups-1:1.1.22-0.rc1.9.9 Red Hat Enterprise Linux 4 2006-01-19T00:00:00 RHSA-2006:0160 tetex-0:2.0.2-22.EL4.7 https://www.cve.org/CVERecord?id=CVE-2005-3193 https://nvd.nist.gov/vuln/detail/CVE-2005-3193 Low 2005-10-19T00:00:00 security flaw

Multiple vulnerabilities in Ethereal 0.10.12 and earlier allow remote attackers to cause a denial of service (memory consumption) via unspecified vectors in the (1) ISAKMP, (2) FC-FCS, (3) RSVP, and (4) ISIS LSP dissector.

Red Hat Enterprise Linux 3 2005-10-25T00:00:00 RHSA-2005:809 ethereal-0:0.10.13-1.EL3.1 https://www.cve.org/CVERecord?id=CVE-2005-3241 https://nvd.nist.gov/vuln/detail/CVE-2005-3241 Low 2005-10-19T00:00:00 security flaw

Ethereal 0.10.12 and earlier allows remote attackers to cause a denial of service (crash) via unknown vectors in (1) the IrDA dissector and (2) the SMB dissector when SMB transaction payload reassembly is enabled.

Red Hat Enterprise Linux 3 2005-10-25T00:00:00 RHSA-2005:809 ethereal-0:0.10.13-1.EL3.1 https://www.cve.org/CVERecord?id=CVE-2005-3242 https://nvd.nist.gov/vuln/detail/CVE-2005-3242 Moderate 2005-10-19T00:00:00 security flaw

Multiple buffer overflows in Ethereal 0.10.12 and earlier might allow remote attackers to execute arbitrary code via unknown vectors in the (1) SLIMP3 and (2) AgentX dissector.

Red Hat Enterprise Linux 3 2005-10-25T00:00:00 RHSA-2005:809 ethereal-0:0.10.13-1.EL3.1 https://www.cve.org/CVERecord?id=CVE-2005-3243 https://nvd.nist.gov/vuln/detail/CVE-2005-3243 Low 2005-10-19T00:00:00 security flaw

The BER dissector in Ethereal 0.10.3 to 0.10.12 allows remote attackers to cause a denial of service (infinite loop) via unknown vectors.

Red Hat Enterprise Linux 3 2005-10-25T00:00:00 RHSA-2005:809 ethereal-0:0.10.13-1.EL3.1 https://www.cve.org/CVERecord?id=CVE-2005-3244 https://nvd.nist.gov/vuln/detail/CVE-2005-3244 Low 2005-10-19T00:00:00 security flaw

Unspecified vulnerability in the ONC RPC dissector in Ethereal 0.10.3 to 0.10.12, when the "Dissect unknown RPC program numbers" option is enabled, allows remote attackers to cause a denial of service (memory consumption).

Red Hat Enterprise Linux 3 2005-10-25T00:00:00 RHSA-2005:809 ethereal-0:0.10.13-1.EL3.1 https://www.cve.org/CVERecord?id=CVE-2005-3245 https://nvd.nist.gov/vuln/detail/CVE-2005-3245 Low 2005-10-19T00:00:00 security flaw

Ethereal 0.10.12 and earlier allows remote attackers to cause a denial of service (null dereference) via unknown vectors in the (1) SCSI, (2) sFlow, or (3) RTnet dissectors.

Red Hat Enterprise Linux 3 2005-10-25T00:00:00 RHSA-2005:809 ethereal-0:0.10.13-1.EL3.1 https://www.cve.org/CVERecord?id=CVE-2005-3246 https://nvd.nist.gov/vuln/detail/CVE-2005-3246 Low 2005-10-19T00:00:00 security flaw

The SigComp UDVM in Ethereal 0.10.12 allows remote attackers to cause a denial of service (infinite loop) via unknown vectors.

Red Hat Enterprise Linux 3 2005-10-25T00:00:00 RHSA-2005:809 ethereal-0:0.10.13-1.EL3.1 https://www.cve.org/CVERecord?id=CVE-2005-3247 https://nvd.nist.gov/vuln/detail/CVE-2005-3247 Low 2005-10-19T00:00:00 security flaw

Unspecified vulnerability in the X11 dissector in Ethereal 0.10.12 and earlier allows remote attackers to cause a denial of service (divide-by-zero) via unknown vectors.

Red Hat Enterprise Linux 3 2005-10-25T00:00:00 RHSA-2005:809 ethereal-0:0.10.13-1.EL3.1 https://www.cve.org/CVERecord?id=CVE-2005-3248 https://nvd.nist.gov/vuln/detail/CVE-2005-3248 Low 2005-10-19T00:00:00 security flaw

Unspecified vulnerability in the WSP dissector in Ethereal 0.10.1 to 0.10.12 allows remote attackers to cause a denial of service or corrupt memory via unknown vectors that cause Ethereal to free an invalid pointer.

Red Hat Enterprise Linux 3 2005-10-25T00:00:00 RHSA-2005:809 ethereal-0:0.10.13-1.EL3.1 https://www.cve.org/CVERecord?id=CVE-2005-3249 https://nvd.nist.gov/vuln/detail/CVE-2005-3249 Low 2005-10-15T00:00:00 security flaw

The VT implementation (vt_ioctl.c) in Linux kernel 2.6.12, and possibly other versions including 2.6.14.4, allows local users to use the KDSKBSENT ioctl on terminals of other users and gain privileges, as demonstrated by modifying key bindings using loadkeys.

Red Hat Enterprise Linux 4 2007-04-28T00:00:00 RHBA-2007:0304 kernel-0:2.6.9-55.EL https://www.cve.org/CVERecord?id=CVE-2005-3257 https://nvd.nist.gov/vuln/detail/CVE-2005-3257

The rfc1738_do_escape function in ftp.c for Squid 2.5 STABLE11 and earlier allows remote FTP servers to cause a denial of service (segmentation fault) via certain "odd" responses.

Not vulnerable. These issues do not affect the versions of Squid as shipped with Red Hat Enterprise Linux 2.1, 3, or 4. https://www.cve.org/CVERecord?id=CVE-2005-3258 https://nvd.nist.gov/vuln/detail/CVE-2005-3258 Moderate 2005-05-29T00:00:00 security flaw

Linux kernel before 2.6.12 allows remote attackers to poison the bridge forwarding table using frames that have already been dropped by filtering, which can cause the bridge to forward spoofed packets.

Red Hat Enterprise Linux 4 2006-05-24T00:00:00 RHSA-2006:0493 kernel-0:2.6.9-34.0.1.EL https://www.cve.org/CVERecord?id=CVE-2005-3272 https://nvd.nist.gov/vuln/detail/CVE-2005-3272 Moderate 2004-12-16T00:00:00 security flaw

The rose_rt_ioctl function in rose_route.c for Radionet Open Source Environment (ROSE) in Linux 2.6 kernels before 2.6.12, and 2.4 before 2.4.29, does not properly verify the ndigis argument for a new route, which allows attackers to trigger array out-of-bounds errors with a large number of digipeats.

Red Hat Enterprise Linux 3 2005-09-28T00:00:00 RHSA-2005:663 kernel-0:2.4.21-37.EL Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2006-07-13T00:00:00 RHSA-2006:0579 Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2006-07-13T00:00:00 RHSA-2006:0580 Red Hat Enterprise Linux ES version 2.1 2006-07-13T00:00:00 RHSA-2006:0579 Red Hat Enterprise Linux WS version 2.1 2006-07-13T00:00:00 RHSA-2006:0579 Red Hat Linux Advanced Workstation 2.1 2006-07-13T00:00:00 RHSA-2006:0580 https://www.cve.org/CVERecord?id=CVE-2005-3273 https://nvd.nist.gov/vuln/detail/CVE-2005-3273 Important 2005-06-28T00:00:00 security flaw

Race condition in ip_vs_conn_flush in Linux 2.6 before 2.6.13 and 2.4 before 2.4.32-pre2, when running on SMP systems, allows local users to cause a denial of service (null dereference) by causing a connection timer to expire while the connection table is being flushed before the appropriate lock is acquired.

Red Hat Enterprise Linux 3 2005-09-28T00:00:00 RHSA-2005:663 kernel-0:2.4.21-37.EL Red Hat Enterprise Linux 4 2005-10-05T00:00:00 RHSA-2005:514 kernel-0:2.6.9-22.EL Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2006-02-01T00:00:00 RHSA-2006:0190 Red Hat Linux Advanced Workstation 2.1 2006-02-01T00:00:00 RHSA-2006:0190 https://www.cve.org/CVERecord?id=CVE-2005-3274 https://nvd.nist.gov/vuln/detail/CVE-2005-3274 Important 2005-07-22T00:00:00 security flaw

The NAT code (1) ip_nat_proto_tcp.c and (2) ip_nat_proto_udp.c in Linux kernel 2.6 before 2.6.13 and 2.4 before 2.4.32-rc1 incorrectly declares a variable to be static, which allows remote attackers to cause a denial of service (memory corruption) by causing two packets for the same protocol to be NATed at the same time, which leads to memory corruption.

Red Hat Enterprise Linux 3 2006-01-19T00:00:00 RHSA-2006:0140 kernel-0:2.4.21-37.0.1.EL Red Hat Enterprise Linux 4 2005-10-05T00:00:00 RHSA-2005:514 kernel-0:2.6.9-22.EL Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2006-02-01T00:00:00 RHSA-2006:0190 Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2006-02-01T00:00:00 RHSA-2006:0191 Red Hat Enterprise Linux ES version 2.1 2006-02-01T00:00:00 RHSA-2006:0191 Red Hat Enterprise Linux WS version 2.1 2006-02-01T00:00:00 RHSA-2006:0191 Red Hat Linux Advanced Workstation 2.1 2006-02-01T00:00:00 RHSA-2006:0190 https://www.cve.org/CVERecord?id=CVE-2005-3275 https://nvd.nist.gov/vuln/detail/CVE-2005-3275 Low 2005-07-27T00:00:00 security flaw

The sys_get_thread_area function in process.c in Linux 2.6 before 2.6.12.4 and 2.6.13 does not clear a data structure before copying it to userspace, which might allow a user process to obtain sensitive information.

Red Hat Enterprise Linux 3 2006-03-15T00:00:00 RHSA-2006:0144 kernel-0:2.4.21-40.EL Red Hat Enterprise Linux 4 2006-01-17T00:00:00 RHSA-2006:0101 kernel-0:2.6.9-22.0.2.EL https://www.cve.org/CVERecord?id=CVE-2005-3276 https://nvd.nist.gov/vuln/detail/CVE-2005-3276 Moderate 2005-10-23T00:00:00 security flaw

The IRC protocol dissector in Ethereal 0.10.13 allows remote attackers to cause a denial of service (infinite loop).

Red Hat Enterprise Linux 3 2006-01-11T00:00:00 RHSA-2006:0156 ethereal-0:0.10.14-1.EL3.1 https://www.cve.org/CVERecord?id=CVE-2005-3313 https://nvd.nist.gov/vuln/detail/CVE-2005-3313

The apache2handler SAPI (sapi_apache2.c) in the Apache module (mod_php) for PHP 5.x before 5.1.0 final and 4.4 before 4.4.1 final allows attackers to cause a denial of service (segmentation fault) via the session.save_path option in a .htaccess file or VirtualHost.

We do not class this as a security issue as it only allows local users who have the privileges to create .htaccess files the ability to cause a denial of service. Untrusted users should never be given the ability to create .htaccess files. https://www.cve.org/CVERecord?id=CVE-2005-3319 https://nvd.nist.gov/vuln/detail/CVE-2005-3319 Important 2005-11-03T00:00:00 giflib/libunfig: memory corruption via a crafted GIF

libungif library before 4.1.0 allows attackers to corrupt memory and possibly execute arbitrary code via a crafted GIF file that leads to an out-of-bounds write.

Red Hat Enterprise Linux 3 2005-11-03T00:00:00 RHSA-2005:828 libungif-0:4.1.0-15.el3.3 Red Hat Enterprise Linux 4 2005-11-03T00:00:00 RHSA-2005:828 libungif-0:4.1.3-1.el4.2 Red Hat Enterprise Linux 5 2009-04-22T00:00:00 RHSA-2009:0444 giflib-0:4.1.3-7.1.el5_3.1 https://www.cve.org/CVERecord?id=CVE-2005-3350 https://nvd.nist.gov/vuln/detail/CVE-2005-3350 Moderate 2005-09-05T00:00:00 security flaw

SpamAssassin 3.0.4 allows attackers to bypass spam detection via an e-mail with a large number of recipients ("To" addresses), which triggers a bus error in Perl.

Red Hat Enterprise Linux 4 2006-03-07T00:00:00 RHSA-2006:0129 spamassassin-0:3.0.5-3.el4 https://www.cve.org/CVERecord?id=CVE-2005-3351 https://nvd.nist.gov/vuln/detail/CVE-2005-3351 Moderate 2005-12-12T00:00:00 httpd cross-site scripting flaw in mod_imap CWE-79

Cross-site scripting (XSS) vulnerability in the mod_imap module of Apache httpd before 1.3.35-dev and Apache httpd 2.0.x before 2.0.56-dev allows remote attackers to inject arbitrary web script or HTML via the Referer when using image maps.

Red Hat Enterprise Linux 3 2006-01-05T00:00:00 RHSA-2006:0159 httpd-0:2.0.46-56.ent Red Hat Enterprise Linux 4 2006-01-05T00:00:00 RHSA-2006:0159 httpd-0:2.0.52-22.ent Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2006-01-17T00:00:00 RHSA-2006:0158 Red Hat Enterprise Linux ES version 2.1 2006-01-17T00:00:00 RHSA-2006:0158 Red Hat Enterprise Linux WS version 2.1 2006-01-17T00:00:00 RHSA-2006:0158 Red Hat Linux Advanced Workstation 2.1 2006-01-17T00:00:00 RHSA-2006:0158 Red Hat Network Proxy v 4.2 (RHEL 3) 2008-06-30T00:00:00 RHSA-2008:0523 jabberd-0:2.0s10-3.37.rhn Red Hat Network Proxy v 4.2 (RHEL 3) 2008-06-30T00:00:00 RHSA-2008:0523 rhn-apache-0:1.3.27-36.rhn.rhel3 Red Hat Network Proxy v 4.2 (RHEL 3) 2008-06-30T00:00:00 RHSA-2008:0523 rhn-modperl-0:1.29-16.rhel3 Red Hat Network Proxy v 4.2 (RHEL 4) 2008-06-30T00:00:00 RHSA-2008:0523 jabberd-0:2.0s10-3.38.rhn Red Hat Network Proxy v 4.2 (RHEL 4) 2008-06-30T00:00:00 RHSA-2008:0523 rhn-apache-0:1.3.27-36.rhn.rhel4 Red Hat Network Proxy v 4.2 (RHEL 4) 2008-06-30T00:00:00 RHSA-2008:0523 rhn-modperl-0:1.29-16.rhel4 Red Hat Stronghold 4 2005-12-19T00:00:00 RHSA-2005:882 Stronghold 4.0 for Red Hat Enterprise Linux AS (version 2.1) 2006-09-29T00:00:00 RHSA-2006:0692 https://www.cve.org/CVERecord?id=CVE-2005-3352 https://nvd.nist.gov/vuln/detail/CVE-2005-3352 Moderate 2005-10-02T00:00:00 security flaw

The exif_read_data function in the Exif module in PHP before 4.4.1 allows remote attackers to cause a denial of service (infinite loop) via a malformed JPEG image.

Red Hat Enterprise Linux 3 2005-11-10T00:00:00 RHSA-2005:831 php-0:4.3.2-26.ent Red Hat Enterprise Linux 4 2005-11-10T00:00:00 RHSA-2005:831 php-0:4.3.9-3.9 https://www.cve.org/CVERecord?id=CVE-2005-3353 https://nvd.nist.gov/vuln/detail/CVE-2005-3353 Important 2006-01-14T00:00:00 security flaw

The mq_open system call in Linux kernel 2.6.9, in certain situations, can decrement a counter twice ("double decrement") as a result of multiple calls to the mntput function when the dentry_open function call fails, which allows local users to cause a denial of service (panic) via unspecified attack vectors.

Red Hat Enterprise Linux 4 2006-01-17T00:00:00 RHSA-2006:0101 kernel-0:2.6.9-22.0.2.EL https://www.cve.org/CVERecord?id=CVE-2005-3356 https://nvd.nist.gov/vuln/detail/CVE-2005-3356 Low 2005-12-05T00:00:00 security flaw

mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost with access control and a custom error 400 error page, allows remote attackers to cause a denial of service (application crash) via a non-SSL request to an SSL port, which triggers a NULL pointer dereference.

Red Hat Enterprise Linux 3 2006-01-05T00:00:00 RHSA-2006:0159 httpd-0:2.0.46-56.ent Red Hat Enterprise Linux 4 2006-01-05T00:00:00 RHSA-2006:0159 httpd-0:2.0.52-22.ent https://www.cve.org/CVERecord?id=CVE-2005-3357 https://nvd.nist.gov/vuln/detail/CVE-2005-3357 Important 2005-12-13T00:00:00 security flaw

Linux kernel before 2.6.15 allows local users to cause a denial of service (panic) via a set_mempolicy call with a 0 bitmask, which causes a panic when a page fault occurs.

Red Hat Enterprise Linux 4 2006-01-17T00:00:00 RHSA-2006:0101 kernel-0:2.6.9-22.0.2.EL https://www.cve.org/CVERecord?id=CVE-2005-3358 https://nvd.nist.gov/vuln/detail/CVE-2005-3358 Important 2005-12-14T00:00:00 security flaw

The atm module in Linux kernel 2.6 before 2.6.14 allows local users to cause a denial of service (panic) via certain socket calls that produce inconsistent reference counts for loadable protocol modules.

Red Hat Enterprise Linux 4 2006-05-24T00:00:00 RHSA-2006:0493 kernel-0:2.6.9-34.0.1.EL https://www.cve.org/CVERecord?id=CVE-2005-3359 https://nvd.nist.gov/vuln/detail/CVE-2005-3359 Low 2005-10-31T00:00:00 security flaw

Cross-site scripting (XSS) vulnerability in the phpinfo function in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5 allows remote attackers to inject arbitrary web script or HTML via a crafted URL with a "stacked array assignment."

Red Hat Enterprise Linux 3 2005-11-10T00:00:00 RHSA-2005:831 php-0:4.3.2-26.ent Red Hat Enterprise Linux 4 2005-11-10T00:00:00 RHSA-2005:831 php-0:4.3.9-3.9 Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2005-11-10T00:00:00 RHSA-2005:838 Red Hat Enterprise Linux ES version 2.1 2005-11-10T00:00:00 RHSA-2005:838 Red Hat Enterprise Linux WS version 2.1 2005-11-10T00:00:00 RHSA-2005:838 Red Hat Linux Advanced Workstation 2.1 2005-11-10T00:00:00 RHSA-2005:838 Red Hat Stronghold 4 2005-12-19T00:00:00 RHSA-2005:882 Stronghold 4.0 for Red Hat Enterprise Linux AS (version 2.1) 2006-07-27T00:00:00 RHSA-2006:0549 https://www.cve.org/CVERecord?id=CVE-2005-3388 https://nvd.nist.gov/vuln/detail/CVE-2005-3388 Low 2005-10-31T00:00:00 security flaw

The parse_str function in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5, when called with only one parameter, allows remote attackers to enable the register_globals directive via inputs that cause a request to be terminated due to the memory_limit setting, which causes PHP to set an internal flag that enables register_globals and allows attackers to exploit vulnerabilities in PHP applications that would otherwise be protected.

Red Hat Enterprise Linux 3 2005-11-10T00:00:00 RHSA-2005:831 php-0:4.3.2-26.ent Red Hat Enterprise Linux 4 2005-11-10T00:00:00 RHSA-2005:831 php-0:4.3.9-3.9 Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2005-11-10T00:00:00 RHSA-2005:838 Red Hat Enterprise Linux ES version 2.1 2005-11-10T00:00:00 RHSA-2005:838 Red Hat Enterprise Linux WS version 2.1 2005-11-10T00:00:00 RHSA-2005:838 Red Hat Linux Advanced Workstation 2.1 2005-11-10T00:00:00 RHSA-2005:838 Red Hat Stronghold 4 2005-12-19T00:00:00 RHSA-2005:882 Stronghold 4.0 for Red Hat Enterprise Linux AS (version 2.1) 2006-07-27T00:00:00 RHSA-2006:0549 https://www.cve.org/CVERecord?id=CVE-2005-3389 https://nvd.nist.gov/vuln/detail/CVE-2005-3389 Moderate 2005-10-31T00:00:00 security flaw

The RFC1867 file upload feature in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5, when register_globals is enabled, allows remote attackers to modify the GLOBALS array and bypass security protections of PHP applications via a multipart/form-data POST request with a "GLOBALS" fileupload field.

Red Hat Enterprise Linux 3 2005-11-10T00:00:00 RHSA-2005:831 php-0:4.3.2-26.ent Red Hat Enterprise Linux 4 2005-11-10T00:00:00 RHSA-2005:831 php-0:4.3.9-3.9 Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2005-11-10T00:00:00 RHSA-2005:838 Red Hat Enterprise Linux ES version 2.1 2005-11-10T00:00:00 RHSA-2005:838 Red Hat Enterprise Linux WS version 2.1 2005-11-10T00:00:00 RHSA-2005:838 Red Hat Linux Advanced Workstation 2.1 2005-11-10T00:00:00 RHSA-2005:838 Red Hat Stronghold 4 2005-12-19T00:00:00 RHSA-2005:882 Stronghold 4.0 for Red Hat Enterprise Linux AS (version 2.1) 2006-07-27T00:00:00 RHSA-2006:0549 https://www.cve.org/CVERecord?id=CVE-2005-3390 https://nvd.nist.gov/vuln/detail/CVE-2005-3390 Low 2005-10-31T00:00:00 CVE-2005-3391 Two PHP safemode bypass issues (CVE-2005-3392)

Multiple vulnerabilities in PHP before 4.4.1 allow remote attackers to bypass safe_mode and open_basedir restrictions via unknown attack vectors in (1) ext/curl and (2) ext/gd.

We do not consider these to be security issues: http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1 https://www.cve.org/CVERecord?id=CVE-2005-3391 https://nvd.nist.gov/vuln/detail/CVE-2005-3391

Unspecified vulnerability in PHP before 4.4.1, when using the virtual function on Apache 2, allows remote attackers to bypass safe_mode and open_basedir directives.

We do not consider these to be security issues: http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1 https://www.cve.org/CVERecord?id=CVE-2005-3392 https://nvd.nist.gov/vuln/detail/CVE-2005-3392 Moderate 2005-11-03T00:00:00 tomcat DoS

Apache Tomcat 5.5.0 to 5.5.11 allows remote attackers to cause a denial of service (CPU consumption) via a large number of simultaneous requests to list a web directory that has a large number of files.

Red Hat Application Server v2 4AS 2006-03-07T00:00:00 RHSA-2006:0161 Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 ant-0:1.6.5-1jpp_1rh Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 avalon-logkit-0:1.2-2jpp_4rh Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 axis-0:1.2.1-1jpp_3rh Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 classpathx-jaf-0:1.0-2jpp_6rh Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 classpathx-mail-0:1.1.1-2jpp_8rh Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 geronimo-specs-0:1.0-0.M4.1jpp_10rh Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 jakarta-commons-modeler-0:2.0-3jpp_2rh Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 log4j-0:1.2.12-1jpp_1rh Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 mx4j-1:3.0.1-1jpp_4rh Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 pcsc-lite-0:1.3.3-3.el4 Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 rhpki-ca-0:7.3.0-20.el4 Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 rhpki-java-tools-0:7.3.0-10.el4 Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 rhpki-kra-0:7.3.0-14.el4 Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 rhpki-manage-0:7.3.0-19.el4 Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 rhpki-native-tools-0:7.3.0-6.el4 Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 rhpki-ocsp-0:7.3.0-13.el4 Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 rhpki-tks-0:7.3.0-13.el4 Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 tomcat5-0:5.5.23-0jpp_4rh.16 Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 xerces-j2-0:2.7.1-1jpp_1rh Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 xml-commons-0:1.3.02-2jpp_1rh Red Hat Network Satellite Server v 4.0 2007-11-26T00:00:00 RHSA-2007:1069 jakarta-commons-pool-0:1.2-2jpp_2rh Red Hat Network Satellite Server v 4.0 2007-11-26T00:00:00 RHSA-2007:1069 tomcat5-0:5.0.30-0jpp_6rh Red Hat Network Satellite Server v 4.0 2007-11-26T00:00:00 RHSA-2007:1069 tyrex-0:1.0.1-2jpp_2rh Red Hat Network Satellite Server v 4.0 (RHEL3) 2007-11-26T00:00:00 RHSA-2007:1069 jakarta-commons-pool-0:1.2-2jpp_2rh Red Hat Network Satellite Server v 4.0 (RHEL3) 2007-11-26T00:00:00 RHSA-2007:1069 tomcat5-0:5.0.30-0jpp_6rh Red Hat Network Satellite Server v 4.0 (RHEL3) 2007-11-26T00:00:00 RHSA-2007:1069 tyrex-0:1.0.1-2jpp_2rh Red Hat Network Satellite Server v 4.1 2007-11-26T00:00:00 RHSA-2007:1069 jakarta-commons-pool-0:1.2-2jpp_2rh Red Hat Network Satellite Server v 4.1 2007-11-26T00:00:00 RHSA-2007:1069 tomcat5-0:5.0.30-0jpp_6rh Red Hat Network Satellite Server v 4.1 2007-11-26T00:00:00 RHSA-2007:1069 tyrex-0:1.0.1-2jpp_2rh Red Hat Network Satellite Server v 4.1 (RHEL3) 2007-11-26T00:00:00 RHSA-2007:1069 jakarta-commons-pool-0:1.2-2jpp_2rh Red Hat Network Satellite Server v 4.1 (RHEL3) 2007-11-26T00:00:00 RHSA-2007:1069 tomcat5-0:5.0.30-0jpp_6rh Red Hat Network Satellite Server v 4.1 (RHEL3) 2007-11-26T00:00:00 RHSA-2007:1069 tyrex-0:1.0.1-2jpp_2rh Red Hat Network Satellite Server v 4.2 2007-11-26T00:00:00 RHSA-2007:1069 jakarta-commons-pool-0:1.2-2jpp_2rh Red Hat Network Satellite Server v 4.2 2007-11-26T00:00:00 RHSA-2007:1069 tomcat5-0:5.0.30-0jpp_6rh Red Hat Network Satellite Server v 4.2 2007-11-26T00:00:00 RHSA-2007:1069 tyrex-0:1.0.1-2jpp_2rh Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 jabberd-0:2.0s10-3.38.rhn Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 jfreechart-0:0.9.20-3.rhn Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 openmotif21-0:2.1.30-11.RHEL4.6 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 perl-Crypt-CBC-0:2.24-1.el4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 rhn-apache-0:1.3.27-36.rhn.rhel4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 rhn-modjk-0:1.2.23-2rhn.rhel4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 rhn-modperl-0:1.29-16.rhel4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 rhn-modssl-0:2.8.12-8.rhn.10.rhel4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 tomcat5-0:5.0.30-0jpp_10rh Red Hat Network Satellite Server v 4.2 (RHEL3) 2007-11-26T00:00:00 RHSA-2007:1069 jakarta-commons-pool-0:1.2-2jpp_2rh Red Hat Network Satellite Server v 4.2 (RHEL3) 2007-11-26T00:00:00 RHSA-2007:1069 tomcat5-0:5.0.30-0jpp_6rh Red Hat Network Satellite Server v 4.2 (RHEL3) 2007-11-26T00:00:00 RHSA-2007:1069 tyrex-0:1.0.1-2jpp_2rh Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 jabberd-0:2.0s10-3.37.rhn Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 jfreechart-0:0.9.20-3.rhn Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 openmotif21-0:2.1.30-9.RHEL3.8 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 perl-Crypt-CBC-0:2.24-1.el3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 rhn-apache-0:1.3.27-36.rhn.rhel3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 rhn-modjk-0:1.2.23-2rhn.rhel3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 rhn-modperl-0:1.29-16.rhel3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 rhn-modssl-0:2.8.12-8.rhn.10.rhel3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 tomcat5-0:5.0.30-0jpp_10rh Red Hat Network Satellite Server v 5.0 2007-11-26T00:00:00 RHSA-2007:1069 jakarta-commons-pool-0:1.2-2jpp_2rh Red Hat Network Satellite Server v 5.0 2007-11-26T00:00:00 RHSA-2007:1069 tomcat5-0:5.0.30-0jpp_6rh Red Hat Network Satellite Server v 5.0 2007-11-26T00:00:00 RHSA-2007:1069 tyrex-0:1.0.1-2jpp_2rh Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 jabberd-0:2.0s10-3.38.rhn Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 jfreechart-0:0.9.20-3.rhn Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 openmotif21-0:2.1.30-11.RHEL4.6 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 perl-Crypt-CBC-0:2.24-1.el4 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 rhn-apache-0:1.3.27-36.rhn.rhel4 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 rhn-modjk-0:1.2.23-2rhn.rhel4 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 rhn-modperl-0:1.29-16.rhel4 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 rhn-modssl-0:2.8.12-8.rhn.10.rhel4 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 tomcat5-0:5.0.30-0jpp_10rh RHAPS Version 1 for RHEL 3 2007-05-08T00:00:00 RHSA-2007:0340 tomcat5-0:5.0.30-0jpp_5rh https://www.cve.org/CVERecord?id=CVE-2005-3510 https://nvd.nist.gov/vuln/detail/CVE-2005-3510 Moderate 2005-09-12T00:00:00 security flaw

Scrubber.py in Mailman 2.1.5-8 does not properly handle UTF8 character encodings in filenames of e-mail attachments, which allows remote attackers to cause a denial of service (application crash).

Red Hat Enterprise Linux 3 2006-03-07T00:00:00 RHSA-2006:0204 mailman-3:2.1.5.1-25.rhel3.4 Red Hat Enterprise Linux 4 2006-03-07T00:00:00 RHSA-2006:0204 mailman-3:2.1.5.1-34.rhel4.2 https://www.cve.org/CVERecord?id=CVE-2005-3573 https://nvd.nist.gov/vuln/detail/CVE-2005-3573

ImageMagick before 6.2.4.2-r1 allows local users in the portage group to increase privileges via a shared object in the Portage temporary build directory, which is added to the search path allowing objects in it to be loaded at runtime.

Not vulnerable. This issue is caused by the way ImageMagick was packaged by Gentoo and does not affect Red Hat Enterprise Linux packages. https://www.cve.org/CVERecord?id=CVE-2005-3582 https://nvd.nist.gov/vuln/detail/CVE-2005-3582 Low 2019-04-10T00:00:00 glibc: buffer overflow in getgrouplist function leading to corrupted memory 5.6 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L CWE-120

The getgrouplist function in the GNU C library (glibc) before version 2.3.5, when invoked with a zero argument, writes to the passed pointer even if the specified array size is zero, leading to a buffer overflow and potentially allowing attackers to corrupt memory.

Red Hat Enterprise Linux 5 Not affected compat-glibc Red Hat Enterprise Linux 5 Not affected glibc Red Hat Enterprise Linux 6 Not affected compat-glibc Red Hat Enterprise Linux 6 Not affected glibc Red Hat Enterprise Linux 7 Not affected compat-glibc Red Hat Enterprise Linux 7 Not affected glibc Red Hat Enterprise Linux 8 Not affected glibc https://www.cve.org/CVERecord?id=CVE-2005-3590 https://nvd.nist.gov/vuln/detail/CVE-2005-3590 Moderate 2005-12-20T00:00:00 security flaw

nfs2acl.c in the Linux kernel 2.6.14.4 does not check for MAY_SATTR privilege before setting access controls (ACL) on files on exported NFS filesystems, which allows remote attackers to bypass ACLs for readonly mounted NFS filesystems.

Red Hat Enterprise Linux 4 2006-08-10T00:00:00 RHSA-2006:0575 kernel-0:2.6.9-42.EL https://www.cve.org/CVERecord?id=CVE-2005-3623 https://nvd.nist.gov/vuln/detail/CVE-2005-3623 Important 2006-01-03T00:00:00 security flaw

The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others allows attackers to corrupt the heap via negative or large integers in a CCITTFaxDecode stream, which lead to integer overflows and integer underflows.

Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Red Hat would like to thank Chris Evans for reporting this issue. Red Hat Enterprise Linux 3 2005-12-06T00:00:00 RHSA-2005:840 xpdf-1:2.02-9.8 Red Hat Enterprise Linux 3 2006-01-19T00:00:00 RHSA-2006:0160 tetex-0:1.0.7-67.9 Red Hat Enterprise Linux 3 2006-01-11T00:00:00 RHSA-2006:0163 cups-1:1.1.17-13.3.36 Red Hat Enterprise Linux 4 2005-12-06T00:00:00 RHSA-2005:840 xpdf-1:3.00-11.10 Red Hat Enterprise Linux 4 2005-12-20T00:00:00 RHSA-2005:868 kdegraphics-7:3.3.1-3.6 Red Hat Enterprise Linux 4 2006-01-19T00:00:00 RHSA-2006:0160 tetex-0:2.0.2-22.EL4.7 Red Hat Enterprise Linux 4 2006-01-11T00:00:00 RHSA-2006:0163 cups-1:1.1.22-0.rc1.9.10 Red Hat Enterprise Linux 4 2006-01-11T00:00:00 RHSA-2006:0177 gpdf-0:2.8.2-7.4 https://www.cve.org/CVERecord?id=CVE-2005-3624 https://nvd.nist.gov/vuln/detail/CVE-2005-3624 Important 2006-01-03T00:00:00 security flaw

Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (infinite loop) via streams that end prematurely, as demonstrated using the (1) CCITTFaxDecode and (2) DCTDecode streams, aka "Infinite CPU spins."

Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Red Hat would like to thank Chris Evans for reporting this issue. Red Hat Enterprise Linux 3 2005-12-06T00:00:00 RHSA-2005:840 xpdf-1:2.02-9.8 Red Hat Enterprise Linux 3 2006-01-19T00:00:00 RHSA-2006:0160 tetex-0:1.0.7-67.9 Red Hat Enterprise Linux 3 2006-01-11T00:00:00 RHSA-2006:0163 cups-1:1.1.17-13.3.36 Red Hat Enterprise Linux 4 2005-12-06T00:00:00 RHSA-2005:840 xpdf-1:3.00-11.10 Red Hat Enterprise Linux 4 2005-12-20T00:00:00 RHSA-2005:868 kdegraphics-7:3.3.1-3.6 Red Hat Enterprise Linux 4 2006-01-19T00:00:00 RHSA-2006:0160 tetex-0:2.0.2-22.EL4.7 Red Hat Enterprise Linux 4 2006-01-11T00:00:00 RHSA-2006:0163 cups-1:1.1.22-0.rc1.9.10 Red Hat Enterprise Linux 4 2006-01-11T00:00:00 RHSA-2006:0177 gpdf-0:2.8.2-7.4 https://www.cve.org/CVERecord?id=CVE-2005-3625 https://nvd.nist.gov/vuln/detail/CVE-2005-3625 Important 2006-01-03T00:00:00 security flaw

Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (crash) via a crafted FlateDecode stream that triggers a null dereference.

Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Red Hat would like to thank Chris Evans for reporting this issue. Red Hat Enterprise Linux 3 2005-12-06T00:00:00 RHSA-2005:840 xpdf-1:2.02-9.8 Red Hat Enterprise Linux 3 2006-01-19T00:00:00 RHSA-2006:0160 tetex-0:1.0.7-67.9 Red Hat Enterprise Linux 3 2006-01-11T00:00:00 RHSA-2006:0163 cups-1:1.1.17-13.3.36 Red Hat Enterprise Linux 4 2005-12-06T00:00:00 RHSA-2005:840 xpdf-1:3.00-11.10 Red Hat Enterprise Linux 4 2005-12-20T00:00:00 RHSA-2005:868 kdegraphics-7:3.3.1-3.6 Red Hat Enterprise Linux 4 2006-01-19T00:00:00 RHSA-2006:0160 tetex-0:2.0.2-22.EL4.7 Red Hat Enterprise Linux 4 2006-01-11T00:00:00 RHSA-2006:0163 cups-1:1.1.22-0.rc1.9.10 Red Hat Enterprise Linux 4 2006-01-11T00:00:00 RHSA-2006:0177 gpdf-0:2.8.2-7.4 https://www.cve.org/CVERecord?id=CVE-2005-3626 https://nvd.nist.gov/vuln/detail/CVE-2005-3626 Important 2006-01-03T00:00:00 security flaw

Stream.cc in Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to modify memory and possibly execute arbitrary code via a DCTDecode stream with (1) a large "number of components" value that is not checked by DCTStream::readBaselineSOF or DCTStream::readProgressiveSOF, (2) a large "Huffman table index" value that is not checked by DCTStream::readHuffmanTables, and (3) certain uses of the scanInfo.numComps value by DCTStream::readScanInfo.

Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Red Hat would like to thank Chris Evans for reporting this issue. Red Hat Enterprise Linux 3 2005-12-06T00:00:00 RHSA-2005:840 xpdf-1:2.02-9.8 Red Hat Enterprise Linux 3 2006-01-19T00:00:00 RHSA-2006:0160 tetex-0:1.0.7-67.9 Red Hat Enterprise Linux 3 2006-01-11T00:00:00 RHSA-2006:0163 cups-1:1.1.17-13.3.36 Red Hat Enterprise Linux 4 2005-12-06T00:00:00 RHSA-2005:840 xpdf-1:3.00-11.10 Red Hat Enterprise Linux 4 2005-12-20T00:00:00 RHSA-2005:868 kdegraphics-7:3.3.1-3.6 Red Hat Enterprise Linux 4 2006-01-19T00:00:00 RHSA-2006:0160 tetex-0:2.0.2-22.EL4.7 Red Hat Enterprise Linux 4 2006-01-11T00:00:00 RHSA-2006:0163 cups-1:1.1.22-0.rc1.9.10 Red Hat Enterprise Linux 4 2006-01-11T00:00:00 RHSA-2006:0177 gpdf-0:2.8.2-7.4 https://www.cve.org/CVERecord?id=CVE-2005-3627 https://nvd.nist.gov/vuln/detail/CVE-2005-3627 Important 2005-12-06T00:00:00 security flaw

Buffer overflow in the JBIG2Bitmap::JBIG2Bitmap function in JBIG2Stream.cc in Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to modify memory and possibly execute arbitrary code via unknown attack vectors.

Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Red Hat would like to thank Dirk Mueller for reporting this issue. Red Hat Enterprise Linux 3 2005-12-06T00:00:00 RHSA-2005:840 xpdf-1:2.02-9.8 Red Hat Enterprise Linux 3 2005-12-20T00:00:00 RHSA-2005:878 cups-1:1.1.17-13.3.34 Red Hat Enterprise Linux 3 2006-01-19T00:00:00 RHSA-2006:0160 tetex-0:1.0.7-67.9 Red Hat Enterprise Linux 4 2005-12-06T00:00:00 RHSA-2005:840 xpdf-1:3.00-11.10 Red Hat Enterprise Linux 4 2005-12-20T00:00:00 RHSA-2005:867 gpdf-0:2.8.2-7.3 Red Hat Enterprise Linux 4 2005-12-20T00:00:00 RHSA-2005:868 kdegraphics-7:3.3.1-3.6 Red Hat Enterprise Linux 4 2005-12-20T00:00:00 RHSA-2005:878 cups-1:1.1.22-0.rc1.9.9 Red Hat Enterprise Linux 4 2006-01-19T00:00:00 RHSA-2006:0160 tetex-0:2.0.2-22.EL4.7 https://www.cve.org/CVERecord?id=CVE-2005-3628 https://nvd.nist.gov/vuln/detail/CVE-2005-3628 Moderate 2005-03-07T00:00:00 security flaw

initscripts in Red Hat Enterprise Linux 4 does not properly handle certain environment variables when /sbin/service is executed, which allows local users with sudo permissions for /sbin/service to gain root privileges via unknown vectors.

Red Hat Enterprise Linux 3 2006-03-15T00:00:00 RHSA-2006:0015 initscripts-0:7.31.30.EL-1 Red Hat Enterprise Linux 4 2006-03-07T00:00:00 RHSA-2006:0016 initscripts-0:7.93.24.EL-1.1 https://www.cve.org/CVERecord?id=CVE-2005-3629 https://nvd.nist.gov/vuln/detail/CVE-2005-3629 Important 2005-12-20T00:00:00 security flaw

udev does not properly set permissions on certain files in /dev/input, which allows local users to obtain sensitive data that is entered at the console, such as user passwords.

Red Hat Enterprise Linux 4 2005-12-20T00:00:00 RHSA-2005:864 udev-0:039-10.10.EL4.3 https://www.cve.org/CVERecord?id=CVE-2005-3631 https://nvd.nist.gov/vuln/detail/CVE-2005-3631 Moderate 2005-11-12T00:00:00 security flaw

Multiple buffer overflows in pnmtopng in netpbm 10.0 and earlier allow attackers to execute arbitrary code via a crafted PNM file.

Red Hat Enterprise Linux 3 2005-12-20T00:00:00 RHSA-2005:843 netpbm-0:9.24-11.30.4 https://www.cve.org/CVERecord?id=CVE-2005-3632 https://nvd.nist.gov/vuln/detail/CVE-2005-3632 Moderate 2005-12-09T21:45:00 security flaw

Stack-based buffer overflow in the dissect_ospf_v3_address_prefix function in the OSPF protocol dissector in Ethereal 0.10.12, and possibly other versions, allows remote attackers to execute arbitrary code via crafted packets.

Red Hat Enterprise Linux 3 2006-01-11T00:00:00 RHSA-2006:0156 ethereal-0:0.10.14-1.EL3.1 https://www.cve.org/CVERecord?id=CVE-2005-3651 https://nvd.nist.gov/vuln/detail/CVE-2005-3651 Critical 2006-01-09T22:16:00 security flaw

Multiple format string vulnerabilities in logging functions in mod_auth_pgsql before 2.0.3, when used for user authentication against a PostgreSQL database, allows remote unauthenticated attackers to execute arbitrary code, as demonstrated via the username.

Red Hat would like to thank iDefense for reporting this issue. Red Hat Enterprise Linux 3 2006-01-06T00:00:00 RHSA-2006:0164 mod_auth_pgsql-0:2.0.1-4.ent.1 Red Hat Enterprise Linux 4 2006-01-06T00:00:00 RHSA-2006:0164 mod_auth_pgsql-0:2.0.1-7.1 https://www.cve.org/CVERecord?id=CVE-2005-3656 https://nvd.nist.gov/vuln/detail/CVE-2005-3656 Moderate 2005-11-12T00:00:00 security flaw

Off-by-one buffer overflow in pnmtopng before 2.39, when using the -alpha command line option (Alphas_Of_Color), allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PNM file with exactly 256 colors.

Red Hat Enterprise Linux 3 2005-12-20T00:00:00 RHSA-2005:843 netpbm-0:9.24-11.30.4 https://www.cve.org/CVERecord?id=CVE-2005-3662 https://nvd.nist.gov/vuln/detail/CVE-2005-3662 Low 2005-11-20T00:00:00 security flaw

The Internet Key Exchange version 1 (IKEv1) implementation (isakmp_agg.c) in racoon in ipsec-tools before 0.6.3, when running in aggressive mode, allows remote attackers to cause a denial of service (null dereference and crash) via crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1.

Red Hat Enterprise Linux 3 2006-04-25T00:00:00 RHSA-2006:0267 ipsec-tools-0:0.2.5-0.7.rhel3.3 Red Hat Enterprise Linux 4 2006-04-25T00:00:00 RHSA-2006:0267 ipsec-tools-0:0.3.3-6.rhel4.1 https://www.cve.org/CVERecord?id=CVE-2005-3732 https://nvd.nist.gov/vuln/detail/CVE-2005-3732 Low 2005-11-21T00:00:00 security flaw

Cross-site scripting (XSS) vulnerability in Apache Struts 1.2.7, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly quoted or filtered when the request handler generates an error message.

Red Hat Application Server 3AS 2006-01-11T00:00:00 RHSA-2006:0157 Red Hat Application Server v2 4AS 2006-03-07T00:00:00 RHSA-2006:0161 https://www.cve.org/CVERecord?id=CVE-2005-3745 https://nvd.nist.gov/vuln/detail/CVE-2005-3745 Important 2005-11-10T00:00:00 security flaw

The auto-reap of child processes in Linux kernel 2.6 before 2.6.15 includes processes with ptrace attached, which leads to a dangling ptrace reference and allows local users to cause a denial of service (crash) and gain root privileges.

Red Hat Enterprise Linux 4 2006-01-17T00:00:00 RHSA-2006:0101 kernel-0:2.6.9-22.0.2.EL https://www.cve.org/CVERecord?id=CVE-2005-3784 https://nvd.nist.gov/vuln/detail/CVE-2005-3784 Important 2005-10-25T00:00:00 security flaw

The IPv6 flow label handling code (ip6_flowlabel.c) in Linux kernels 2.4 up to 2.4.32 and 2.6 before 2.6.14 modifies the wrong variable in certain circumstances, which allows local users to corrupt kernel memory or cause a denial of service (crash) by triggering a free of non-allocated memory.

Red Hat Enterprise Linux 3 2006-01-19T00:00:00 RHSA-2006:0140 kernel-0:2.4.21-37.0.1.EL Red Hat Enterprise Linux 4 2006-01-17T00:00:00 RHSA-2006:0101 kernel-0:2.6.9-22.0.2.EL Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2006-02-01T00:00:00 RHSA-2006:0190 Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2006-02-01T00:00:00 RHSA-2006:0191 Red Hat Enterprise Linux ES version 2.1 2006-02-01T00:00:00 RHSA-2006:0191 Red Hat Enterprise Linux WS version 2.1 2006-02-01T00:00:00 RHSA-2006:0191 Red Hat Linux Advanced Workstation 2.1 2006-02-01T00:00:00 RHSA-2006:0190 https://www.cve.org/CVERecord?id=CVE-2005-3806 https://nvd.nist.gov/vuln/detail/CVE-2005-3806 Important 2005-08-18T00:00:00 security flaw

Memory leak in the icmp_push_reply function in Linux 2.6 before 2.6.12.6 and 2.6.13 allows remote attackers to cause a denial of service (memory consumption) via a large number of crafted packets that cause the ip_append_data function to fail, aka "DST leak in icmp_push_reply."

Red Hat Enterprise Linux 3 2006-01-19T00:00:00 RHSA-2006:0140 kernel-0:2.4.21-37.0.1.EL Red Hat Enterprise Linux 4 2006-01-17T00:00:00 RHSA-2006:0101 kernel-0:2.6.9-22.0.2.EL https://www.cve.org/CVERecord?id=CVE-2005-3848 https://nvd.nist.gov/vuln/detail/CVE-2005-3848 Moderate 2005-11-13T00:00:00 security flaw

The time_out_leases function in locks.c for Linux kernel before 2.6.15-rc3 allows local users to cause a denial of service (kernel log message consumption) by causing a large number of broken leases, which is recorded to the log using the printk function.

Red Hat Enterprise Linux 3 2006-01-19T00:00:00 RHSA-2006:0140 kernel-0:2.4.21-37.0.1.EL Red Hat Enterprise Linux 4 2006-01-17T00:00:00 RHSA-2006:0101 kernel-0:2.6.9-22.0.2.EL https://www.cve.org/CVERecord?id=CVE-2005-3857 https://nvd.nist.gov/vuln/detail/CVE-2005-3857 Important 2005-08-26T00:00:00 security flaw

Memory leak in the ip6_input_finish function in ip6_input.c in Linux kernel 2.6.12 and earlier might allow attackers to cause a denial of service via malformed IPv6 packets with unspecified parameter problems, which prevents the SKB from being freed.

Red Hat Enterprise Linux 3 2006-01-19T00:00:00 RHSA-2006:0140 kernel-0:2.4.21-37.0.1.EL Red Hat Enterprise Linux 4 2006-01-17T00:00:00 RHSA-2006:0101 kernel-0:2.6.9-22.0.2.EL https://www.cve.org/CVERecord?id=CVE-2005-3858 https://nvd.nist.gov/vuln/detail/CVE-2005-3858 Moderate 2005-11-24T00:00:00 security flaw

CRLF injection vulnerability in the mb_send_mail function in PHP before 5.1.0 might allow remote attackers to inject arbitrary e-mail headers via line feeds (LF) in the "To" address argument.

Red Hat Enterprise Linux 3 2006-04-25T00:00:00 RHSA-2006:0276 php-0:4.3.2-30.ent Red Hat Enterprise Linux 4 2006-04-25T00:00:00 RHSA-2006:0276 php-0:4.3.9-3.12 https://www.cve.org/CVERecord?id=CVE-2005-3883 https://nvd.nist.gov/vuln/detail/CVE-2005-3883 Moderate 2005-12-01T00:00:00 security flaw

Integer overflow in the format string functionality (Perl_sv_vcatpvfn) in Perl 5.9.2 and 5.8.6 Perl allows attackers to overwrite arbitrary memory and possibly execute arbitrary code via format string specifiers with large values, which causes an integer wrap and leads to a buffer overflow, as demonstrated using format string vulnerabilities in Perl applications.

Red Hat Enterprise Linux 3 2005-12-20T00:00:00 RHSA-2005:881 perl-2:5.8.0-90.4 Red Hat Enterprise Linux 4 2005-12-20T00:00:00 RHSA-2005:880 perl-3:5.8.5-24.RHEL4 https://www.cve.org/CVERecord?id=CVE-2005-3962 https://nvd.nist.gov/vuln/detail/CVE-2005-3962 Moderate 2005-12-02T00:00:00 openmotif libUil buffer overflows

Multiple buffer overflows in libUil (libUil.so) in OpenMotif 2.2.3, and possibly other versions, allows attackers to execute arbitrary code via the (1) diag_issue_diagnostic function in UilDiags.c and (2) open_source_file function in UilSrcSrc.c.

Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Red Hat Enterprise Linux 3 2006-04-04T00:00:00 RHSA-2006:0272 openmotif-0:2.2.3-5.RHEL3.3 Red Hat Enterprise Linux 3 2006-04-04T00:00:00 RHSA-2006:0272 openmotif21-0:2.1.30-9.RHEL3.7 Red Hat Enterprise Linux 4 2006-04-04T00:00:00 RHSA-2006:0272 openmotif-0:2.2.3-10.RHEL4.1 Red Hat Enterprise Linux 4 2006-04-04T00:00:00 RHSA-2006:0272 openmotif21-0:2.1.30-11.RHEL4.5 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 jabberd-0:2.0s10-3.38.rhn Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 jfreechart-0:0.9.20-3.rhn Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 openmotif21-0:2.1.30-11.RHEL4.6 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 perl-Crypt-CBC-0:2.24-1.el4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 rhn-apache-0:1.3.27-36.rhn.rhel4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 rhn-modjk-0:1.2.23-2rhn.rhel4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 rhn-modperl-0:1.29-16.rhel4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 rhn-modssl-0:2.8.12-8.rhn.10.rhel4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 tomcat5-0:5.0.30-0jpp_10rh Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 jabberd-0:2.0s10-3.37.rhn Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 jfreechart-0:0.9.20-3.rhn Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 openmotif21-0:2.1.30-9.RHEL3.8 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 perl-Crypt-CBC-0:2.24-1.el3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 rhn-apache-0:1.3.27-36.rhn.rhel3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 rhn-modjk-0:1.2.23-2rhn.rhel3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 rhn-modperl-0:1.29-16.rhel3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 rhn-modssl-0:2.8.12-8.rhn.10.rhel3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 tomcat5-0:5.0.30-0jpp_10rh Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 jabberd-0:2.0s10-3.38.rhn Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 jfreechart-0:0.9.20-3.rhn Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 openmotif21-0:2.1.30-11.RHEL4.6 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 perl-Crypt-CBC-0:2.24-1.el4 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 rhn-apache-0:1.3.27-36.rhn.rhel4 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 rhn-modjk-0:1.2.23-2rhn.rhel4 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 rhn-modperl-0:1.29-16.rhel4 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 rhn-modssl-0:2.8.12-8.rhn.10.rhel4 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 tomcat5-0:5.0.30-0jpp_10rh https://www.cve.org/CVERecord?id=CVE-2005-3964 https://nvd.nist.gov/vuln/detail/CVE-2005-3964 Moderate 2005-12-07T00:00:00 security flaw

Multiple off-by-one errors in the cURL library (libcurl) 7.11.2 through 7.15.0 allow local users to trigger a buffer overflow and cause a denial of service or bypass PHP security restrictions via certain URLs that (1) are malformed in a way that prevents a terminating null byte from being added to either a hostname or path buffer, or (2) contain a "?" separator in the hostname portion, which causes a "/" to be prepended to the resulting string.

Red Hat Enterprise Linux 4 2005-12-20T00:00:00 RHSA-2005:875 curl-0:7.12.1-8.rhel4 https://www.cve.org/CVERecord?id=CVE-2005-4077 https://nvd.nist.gov/vuln/detail/CVE-2005-4077 Moderate 2005-12-03T00:00:00 security flaw

Mozilla Firefox 1.5, Netscape 8.0.4 and 7.2, and K-Meleon before 0.9.12 allows remote attackers to cause a denial of service (CPU consumption and delayed application startup) via a web site with a large title, which is recorded in history.dat but not processed efficiently during startup. NOTE: despite initial reports, the Mozilla vendor does not believe that this issue can be used to trigger a crash or buffer overflow in Firefox. Also, it has been independently reported that Netscape 8.1 does not have this issue.

Red Hat Enterprise Linux 4 2006-02-02T00:00:00 RHSA-2006:0200 firefox-0:1.0.7-1.4.3 https://www.cve.org/CVERecord?id=CVE-2005-4134 https://nvd.nist.gov/vuln/detail/CVE-2005-4134 Moderate 2005-09-01T00:00:00 security flaw

Mailman 2.1.4 through 2.1.6 allows remote attackers to cause a denial of service via a message that causes the server to "fail with an Overflow on bad date data in a processed message," a different vulnerability than CVE-2005-3573.

Red Hat Enterprise Linux 3 2006-03-07T00:00:00 RHSA-2006:0204 mailman-3:2.1.5.1-25.rhel3.4 Red Hat Enterprise Linux 4 2006-03-07T00:00:00 RHSA-2006:0204 mailman-3:2.1.5.1-34.rhel4.2 https://www.cve.org/CVERecord?id=CVE-2005-4153 https://nvd.nist.gov/vuln/detail/CVE-2005-4153 Low 2004-11-11T00:00:00 CVE-2004-1051 bash scripts run via Sudo can be subverted (CVE-2005-4158, CVE-2006-0151)

Sudo before 1.6.8 p12, when the Perl taint flag is off, does not clear the (1) PERLLIB, (2) PERL5LIB, and (3) PERL5OPT environment variables, which allows limited local users to cause a Perl script to include and execute arbitrary library files that have the same name as library files that are included by the script.

We do not consider this to be a security issue. https://bugzilla.redhat.com/show_bug.cgi?id=139478#c1 https://www.cve.org/CVERecord?id=CVE-2005-4158 https://nvd.nist.gov/vuln/detail/CVE-2005-4158 Low 2005-11-07T00:00:00 cpio large filesize buffer overflow

Buffer overflow in cpio 2.6-8.FC4 on 64-bit platforms, when creating a cpio archive, allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a file whose size is represented by more than 8 digits.

Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Red Hat Enterprise Linux 3 2010-03-16T00:00:00 RHSA-2010:0145 cpio-0:2.5-6.RHEL3 Red Hat Enterprise Linux 4 2007-05-01T00:00:00 RHSA-2007:0245 cpio-0:2.5-13.RHEL4 https://www.cve.org/CVERecord?id=CVE-2005-4268 https://nvd.nist.gov/vuln/detail/CVE-2005-4268 Low 2005-12-19T00:00:00 security flaw

fetchmail before 6.3.1 and before 6.2.5.5, when configured for multidrop mode, allows remote attackers to cause a denial of service (application crash) by sending messages without headers from upstream mail servers.

The Red Hat Security Response Team has rated this issue as having low security impact. An update is available for Red Hat Enterprise Linux 4 to correct this issue: http://rhn.redhat.com/errata/RHSA-2007-0018.html This issue did not affect Red Hat Enterprise Linux 2.1 and 3. Red Hat Enterprise Linux 2.1 2007-01-31T00:00:00 RHSA-2007:0018 fetchmail-0:5.9.0-21.7.3.el2.1.4 Red Hat Enterprise Linux 3 2007-01-31T00:00:00 RHSA-2007:0018 fetchmail-0:6.2.0-3.el3.3 Red Hat Enterprise Linux 4 2007-01-31T00:00:00 RHSA-2007:0018 fetchmail-0:6.2.5-6.el4.5 https://www.cve.org/CVERecord?id=CVE-2005-4348 https://nvd.nist.gov/vuln/detail/CVE-2005-4348

Untrusted search path vulnerability in OpenLDAP before 2.2.28-r3 on Gentoo Linux allows local users in the portage group to gain privileges via a malicious shared object in the Portage temporary build directory, which is part of the RUNPATH.

This issue did not affect the versions of OpenLDAP as distributed with Red Hat Enterprise Linux 2.1, 3, or 4. https://www.cve.org/CVERecord?id=CVE-2005-4442 https://nvd.nist.gov/vuln/detail/CVE-2005-4442 Low 2005-12-27T00:00:00 security flaw

Unspecified vulnerability in the GTP dissector for Ethereal 0.9.1 to 0.10.13 allows remote attackers to cause a denial of service (infinite loop) via unknown attack vectors.

Red Hat Enterprise Linux 3 2006-01-11T00:00:00 RHSA-2006:0156 ethereal-0:0.10.14-1.EL3.1 https://www.cve.org/CVERecord?id=CVE-2005-4585 https://nvd.nist.gov/vuln/detail/CVE-2005-4585 Moderate 2005-12-29T00:00:00 security flaw

The delegate code in ImageMagick 6.2.4.5-0.3 allows remote attackers to execute arbitrary commands via shell metacharacters in a filename that is processed by the display command.

Red Hat Enterprise Linux 3 2006-02-14T00:00:00 RHSA-2006:0178 ImageMagick-0:5.5.6-18 Red Hat Enterprise Linux 4 2006-02-14T00:00:00 RHSA-2006:0178 ImageMagick-0:6.0.7.1-14 https://www.cve.org/CVERecord?id=CVE-2005-4601 https://nvd.nist.gov/vuln/detail/CVE-2005-4601 Important 2005-12-23T00:00:00 security flaw

The procfs code (proc_misc.c) in Linux 2.6.14.3 and other versions before 2.6.15 allows attackers to read sensitive kernel memory via unspecified vectors in which a signed value is added to an unsigned value.

Red Hat Enterprise Linux 4 2006-01-17T00:00:00 RHSA-2006:0101 kernel-0:2.6.9-22.0.2.EL https://www.cve.org/CVERecord?id=CVE-2005-4605 https://nvd.nist.gov/vuln/detail/CVE-2005-4605

OpenOffice.org 2.0 and earlier, when hyperlinks has been disabled, does not prevent the user from clicking the WWW-browser button in the Hyperlink dialog, which makes it easier for attackers to trick the user into bypassing intended security settings.

This issue did not affect the versions of OpenOffice.org as distributed with Red Hat Enterprise Linux 2.1, 3, or 4. https://www.cve.org/CVERecord?id=CVE-2005-4636 https://nvd.nist.gov/vuln/detail/CVE-2005-4636 Low 2005-12-19T00:00:00 security flaw

Buffer overflow in UnZip 5.50 and earlier allows user-assisted attackers to execute arbitrary code via a long filename command line argument. NOTE: since the overflow occurs in a non-setuid program, there are not many scenarios under which it poses a vulnerability, unless unzip is passed long arguments when it is invoked from other programs.

Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=178960 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/ Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. The risks associated with fixing this bug are greater than the low severity security risk. We therefore currently have no plans to fix this flaw in Red Hat Enterprise Linux 2.1 which is in maintenance mode. Red Hat Enterprise Linux 3 2007-07-11T00:00:00 RHBA-2007:0418 unzip-0:5.50-35.EL3 Red Hat Enterprise Linux 4 2007-05-01T00:00:00 RHSA-2007:0203 unzip-0:5.51-9.EL4.5 https://www.cve.org/CVERecord?id=CVE-2005-4667 https://nvd.nist.gov/vuln/detail/CVE-2005-4667 Low 2005-09-09T00:00:00 security flaw

Off-by-one error in the sql_error function in sql_unixodbc.c in FreeRADIUS 1.0.2.5-5, and possibly other versions including 1.0.4, might allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by causing the external database query to fail. NOTE: this single issue is part of a larger-scale disclosure, originally by SUSE, which reported multiple issues that were disputed by FreeRADIUS. Disputed issues included file descriptor leaks, memory disclosure, LDAP injection, and other issues. Without additional information, the most recent FreeRADIUS report is being regarded as the authoritative source for this CVE identifier.

Red Hat Enterprise Linux 3 2006-04-04T00:00:00 RHSA-2006:0271 freeradius-0:1.0.1-2.RHEL3.2 Red Hat Enterprise Linux 4 2006-04-04T00:00:00 RHSA-2006:0271 freeradius-0:1.0.1-3.RHEL4.3 https://www.cve.org/CVERecord?id=CVE-2005-4744 https://nvd.nist.gov/vuln/detail/CVE-2005-4744

SQL injection vulnerability in the rlm_sqlcounter module in FreeRADIUS 1.0.3 and 1.0.4 allows remote attackers to execute arbitrary SQL commands via unknown attack vectors.

Not vulnerable. This issue did not affect the FreeRADIUS packages as distributed with Red Hat Enterprise Linux 2.1, 3, or 4. https://www.cve.org/CVERecord?id=CVE-2005-4745 https://nvd.nist.gov/vuln/detail/CVE-2005-4745

Multiple buffer overflows in FreeRADIUS 1.0.3 and 1.0.4 allow remote attackers to cause denial of service (crash) via (1) the rlm_sqlcounter module or (2) unknown vectors "while expanding %t".

Not vulnerable. This issue did not affect the FreeRADIUS packages as distributed with Red Hat Enterprise Linux 2.1, 3, or 4. https://www.cve.org/CVERecord?id=CVE-2005-4746 https://nvd.nist.gov/vuln/detail/CVE-2005-4746

Multiple buffer overflows in the POSIX readdir_r function, as used in multiple packages, allow local users to cause a denial of service and possibly execute arbitrary code via (1) a symlink attack that exploits a race condition between opendir and pathcon calls and changes the filesystem to one with a larger maximum directory-entry name length, or (2) possibly via programmer-introduced errors on operating systems with a small struct dirent, such as Solaris or BeOS, as demonstrated in packages including (a) gcj, (b) KDE, (c) libwww, (d) the Rudiments library, (e) teTeX, (f) xmail, (g) bfbtester, (h) ncftp, (i) netwib, (j) OpenOffice.org, (k) Pike, (l) reprepro, (m) Tcl, and (n) xgsmlib.

This issue did not affect the Linux glibc. https://www.cve.org/CVERecord?id=CVE-2005-4784 https://nvd.nist.gov/vuln/detail/CVE-2005-4784 tomboy and blam uses insecure LD_LIBRARY_PATH

Multiple untrusted search path vulnerabilities in SUSE Linux 9.3 and 10.0, and possibly other distributions, cause the working directory to be added to LD_LIBRARY_PATH, which might allow local users to execute arbitrary code via (1) beagle, (2) tomboy, or (3) blam. NOTE: in August 2007, the tomboy vector was reported for other distributions.

https://www.cve.org/CVERecord?id=CVE-2005-4790 https://nvd.nist.gov/vuln/detail/CVE-2005-4790 liferea uses insecure LD_LIBRARY_PATH

Multiple untrusted search path vulnerabilities in SUSE Linux 10.0 cause the working directory to be added to LD_LIBRARY_PATH, which might allow local users to execute arbitrary code via (1) liferea or (2) banshee.

https://www.cve.org/CVERecord?id=CVE-2005-4791 https://nvd.nist.gov/vuln/detail/CVE-2005-4791 Moderate 2005-09-25T00:00:00 security flaw

Buffer overflow in NFS readlink handling in the Linux Kernel 2.4 up to 2.4.31 allows remote NFS servers to cause a denial of service (crash) via a long symlink, which is not properly handled in (1) nfs2xdr.c or (2) nfs3xdr.c and causes a crash in the NFS client.

Red Hat Enterprise Linux 3 2006-03-15T00:00:00 RHSA-2006:0144 kernel-0:2.4.21-40.EL https://www.cve.org/CVERecord?id=CVE-2005-4798 https://nvd.nist.gov/vuln/detail/CVE-2005-4798

Stack-based buffer overflow in the as_bad function in messages.c in the GNU as (gas) assembler in Free Software Foundation GNU Binutils before 20050721 allows attackers to execute arbitrary code via a .c file with crafted inline assembly code.

gas (and gcc) make no promise that they are fault tolerant to bad input. We do not plan on producing security updates for Red Hat Enterprise Linux to correct these bugs. https://www.cve.org/CVERecord?id=CVE-2005-4807 https://nvd.nist.gov/vuln/detail/CVE-2005-4807

Buffer overflow in reset_vars in config/tc-crx.c in the GNU as (gas) assembler in Free Software Foundation GNU Binutils before 20050714 allows user-assisted attackers to have an unknown impact via a crafted .s file.

gas (and gcc) make no promise that they are fault tolerant to bad input. We do not plan on producing security updates for Red Hat Enterprise Linux to correct these bugs. https://www.cve.org/CVERecord?id=CVE-2005-4808 https://nvd.nist.gov/vuln/detail/CVE-2005-4808 Important 2005-08-05T00:00:00 security flaw

The hugepage code (hugetlb.c) in Linux kernel 2.6, possibly 2.6.12 and 2.6.13, in certain configurations, allows local users to cause a denial of service (crash) by triggering an mmap error before a prefault, which causes an error in the unmap_hugepage_area function.

Red Hat Enterprise Linux 4 2006-10-05T00:00:00 RHSA-2006:0689 kernel-0:2.6.9-42.0.3.EL https://www.cve.org/CVERecord?id=CVE-2005-4811 https://nvd.nist.gov/vuln/detail/CVE-2005-4811

The ath_rate_sample function in the ath_rate/sample/sample.c sample code in MadWifi before 0.9.3 allows remote attackers to cause a denial of service (failed KASSERT and system crash) by moving a connected system to a location with low signal strength, and possibly other vectors related to a race condition between interface enabling and packet transmission.

Not vulnerable. The MadWiFi wireless driver is not shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5. https://www.cve.org/CVERecord?id=CVE-2005-4835 https://nvd.nist.gov/vuln/detail/CVE-2005-4835 Moderate 2005-05-23T00:00:00 security flaw

snmp_api.c in snmpd in Net-SNMP 5.2.x before 5.2.2, 5.1.x before 5.1.3, and 5.0.x before 5.0.10.2, when running in master agentx mode, allows remote attackers to cause a denial of service (crash) by causing a particular TCP disconnect, which triggers a free of an incorrect variable, a different vulnerability than CVE-2005-2177.

Red Hat Enterprise Linux 3 2005-09-28T00:00:00 RHSA-2005:373 net-snmp-0:5.0.9-2.30E.19 Red Hat Enterprise Linux 4 2005-10-05T00:00:00 RHSA-2005:395 net-snmp-0:5.1.2-11.EL4.6 https://www.cve.org/CVERecord?id=CVE-2005-4837 https://nvd.nist.gov/vuln/detail/CVE-2005-4837 Low 2005-01-03T00:00:00 tomcat manager example DoS

Multiple cross-site scripting (XSS) vulnerabilities in the example web applications for Jakarta Tomcat 5.5.6 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) el/functions.jsp, (2) el/implicit-objects.jsp, and (3) jspx/textRotate.jspx in examples/jsp2/, as demonstrated via script in a request to snp/snoop.jsp. NOTE: other XSS issues in the manager were simultaneously reported, but these require admin access and do not cross privilege boundaries.

Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 jabberd-0:2.0s10-3.38.rhn Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 jfreechart-0:0.9.20-3.rhn Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 openmotif21-0:2.1.30-11.RHEL4.6 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 perl-Crypt-CBC-0:2.24-1.el4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 rhn-apache-0:1.3.27-36.rhn.rhel4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 rhn-modjk-0:1.2.23-2rhn.rhel4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 rhn-modperl-0:1.29-16.rhel4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 rhn-modssl-0:2.8.12-8.rhn.10.rhel4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 tomcat5-0:5.0.30-0jpp_10rh Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 jabberd-0:2.0s10-3.37.rhn Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 jfreechart-0:0.9.20-3.rhn Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 openmotif21-0:2.1.30-9.RHEL3.8 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 perl-Crypt-CBC-0:2.24-1.el3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 rhn-apache-0:1.3.27-36.rhn.rhel3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 rhn-modjk-0:1.2.23-2rhn.rhel3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 rhn-modperl-0:1.29-16.rhel3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 rhn-modssl-0:2.8.12-8.rhn.10.rhel3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 tomcat5-0:5.0.30-0jpp_10rh Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 jabberd-0:2.0s10-3.38.rhn Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 jfreechart-0:0.9.20-3.rhn Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 openmotif21-0:2.1.30-11.RHEL4.6 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 perl-Crypt-CBC-0:2.24-1.el4 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 rhn-apache-0:1.3.27-36.rhn.rhel4 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 rhn-modjk-0:1.2.23-2rhn.rhel4 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 rhn-modperl-0:1.29-16.rhel4 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 rhn-modssl-0:2.8.12-8.rhn.10.rhel4 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 tomcat5-0:5.0.30-0jpp_10rh Red Hat Network Satellite Server v 5.1 2008-08-13T00:00:00 RHSA-2008:0630 jfreechart-0:0.9.20-3.rhn Red Hat Network Satellite Server v 5.1 2008-08-13T00:00:00 RHSA-2008:0630 mod_perl-0:2.0.2-12.el4 Red Hat Network Satellite Server v 5.1 2008-08-13T00:00:00 RHSA-2008:0630 perl-Crypt-CBC-0:2.24-1.el4 Red Hat Network Satellite Server v 5.1 2008-08-13T00:00:00 RHSA-2008:0630 rhn-web-0:5.1.1-7 Red Hat Network Satellite Server v 5.1 2008-08-13T00:00:00 RHSA-2008:0630 tomcat5-0:5.0.30-0jpp_10rh RHAPS Version 1 for RHEL 3 2007-05-08T00:00:00 RHSA-2007:0340 tomcat5-0:5.0.30-0jpp_5rh https://www.cve.org/CVERecord?id=CVE-2005-4838 https://nvd.nist.gov/vuln/detail/CVE-2005-4838 Important 2007-11-07T00:00:00 pcre incorrect memory requirement computation

Perl-Compatible Regular Expression (PCRE) library before 6.2 does not properly count the number of named capturing subpatterns, which allows context-dependent attackers to cause a denial of service (crash) via a regular expression with a large number of named subpatterns, which triggers a buffer overflow. NOTE: this issue was originally subsumed by CVE-2006-7224, but that CVE has been REJECTED and split.

Red Hat Enterprise Linux 4 2007-11-10T00:00:00 RHSA-2007:1052 pcre-0:4.5-4.el4_5.4 Red Hat Enterprise Linux 5 2007-11-10T00:00:00 RHSA-2007:1052 pcre-0:6.6-2.el5_1.1 https://www.cve.org/CVERecord?id=CVE-2005-4872 https://nvd.nist.gov/vuln/detail/CVE-2005-4872 Moderate 2005-06-28T00:00:00 kernel: netlink: fix numerous padding memleaks 2.1 AV:L/AC:L/Au:N/C:P/I:N/A:N

The netlink subsystem in the Linux kernel 2.4.x before 2.4.37.6 and 2.6.x before 2.6.13-rc1 does not initialize certain padding fields in structures, which might allow local users to obtain sensitive information from kernel memory via unspecified vectors, related to the (1) tc_fill_qdisc, (2) tcf_fill_node, (3) neightbl_fill_info, (4) neightbl_fill_param_info, (5) neigh_fill_info, (6) rtnetlink_fill_ifinfo, (7) rtnetlink_fill_iwinfo, (8) vif_delete, (9) ipmr_destroy_unres, (10) ipmr_cache_alloc_unres, (11) ipmr_cache_resolve, (12) inet6_fill_ifinfo, (13) tca_get_fill, (14) tca_action_flush, (15) tcf_add_notify, (16) tc_dump_action, (17) cbq_dump_police, (18) __nlmsg_put, (19) __rta_fill, (20) __rta_reserve, (21) inet6_fill_prefix, (22) rsvp_dump, and (23) cbq_dump_ovl functions.

This issue has been rated as having moderate security impact. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 5, and Red Hat Enterprise MRG. It affects Red Hat Enterprise Linux 3, and 4. This issue is not planned to be fixed in Red Hat Enterprise Linux 3, due to this product being in Production 3 of its maintenance life-cycle, where only qualified security errata of important and critical impact are addressed. For further information about Errata Support Policy, visit: https://access.redhat.com/support/policy/updates/errata/ Red Hat Enterprise Linux 4 2009-10-22T00:00:00 RHSA-2009:1522 kernel-0:2.6.9-89.0.15.EL https://www.cve.org/CVERecord?id=CVE-2005-4881 https://nvd.nist.gov/vuln/detail/CVE-2005-4881 Important 2005-04-24T00:00:00 Fix ipv6 exthdr bug causing Oops 7.8 AV:N/AC:L/Au:N/C:N/I:N/A:C

The selinux_parse_skb_ipv6 function in security/selinux/hooks.c in the Linux kernel before 2.6.12-rc4 allows remote attackers to cause a denial of service (OOPS) via vectors associated with an incorrect call to the ipv6_skip_exthdr function.

Red Hat Enterprise Linux 4 2005-10-05T00:00:00 RHSA-2005:514 kernel-0:2.6.9-22.EL https://www.cve.org/CVERecord?id=CVE-2005-4886 https://nvd.nist.gov/vuln/detail/CVE-2005-4886 Moderate 2010-06-01T00:00:00 rpm: fails to drop SUID/SGID bits on package removal 1.9 AV:L/AC:M/Au:N/C:N/I:P/A:N

lib/fsm.c in RPM before 4.4.3 does not properly reset the metadata of an executable file during deletion of the file in an RPM package removal, which might allow local users to gain privileges by creating a hard link to a vulnerable (1) setuid or (2) setgid file, a related issue to CVE-2010-2059.

Red Hat Enterprise Linux 4 2010-09-07T00:00:00 RHSA-2010:0678 rpm-0:4.3.3-33_nonptl.el4_8.1 https://www.cve.org/CVERecord?id=CVE-2005-4889 https://nvd.nist.gov/vuln/detail/CVE-2005-4889 Important 2004-07-26T00:00:00 coreutils: tty hijacking possible in "su" via TIOCSTI ioctl 6.2 AV:L/AC:H/Au:N/C:C/I:C/A:C

There is a possible tty hijacking in shadow 4.x before 4.1.5 and sudo 1.x before 1.7.4 via "su - user -c program". The user session can be escaped to the parent session by using the TIOCSTI ioctl to push characters into the input buffer to be read by the next process.

This issue affects the version of coreutils package, as shipped with Red Hat Enterprise Linux 4. Red Hat Enterprise Linux 4 is however in the Extended Life Cycle Support (ELS) phase. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/. Red Hat Enterprise Linux 4 Will not fix coreutils Red Hat Enterprise Linux 5 Not affected coreutils Red Hat Enterprise Linux 6 Not affected coreutils https://www.cve.org/CVERecord?id=CVE-2005-4890 https://nvd.nist.gov/vuln/detail/CVE-2005-4890 Critical 2006-01-19T17:00:00 security flaw

Heap-based buffer overflow in the encodeURI and decodeURI functions in the kjs JavaScript interpreter engine in KDE 3.2.0 through 3.5.0 allows remote attackers to execute arbitrary code via a crafted, UTF-8 encoded URI.

Red Hat Enterprise Linux 4 2006-01-19T00:00:00 RHSA-2006:0184 kdelibs-6:3.3.1-3.14 https://www.cve.org/CVERecord?id=CVE-2006-0019 https://nvd.nist.gov/vuln/detail/CVE-2006-0019 Critical 2006-03-14T00:00:00 security flaw

Multiple unspecified vulnerabilities in Adobe Flash Player 8.0.22.0 and earlier allow remote attackers to execute arbitrary code via a crafted SWF file.

Red Hat Desktop version 3 Extras 2006-03-15T00:00:00 RHSA-2006:0268 Red Hat Desktop version 4 Extras 2006-03-15T00:00:00 RHSA-2006:0268 https://www.cve.org/CVERecord?id=CVE-2006-0024 https://nvd.nist.gov/vuln/detail/CVE-2006-0024 Low 2006-03-21T00:00:00 security flaw

Integer overflow in the do_replace function in netfilter for Linux before 2.6.16-rc3, when using "virtualization solutions" such as OpenVZ, allows local users with CAP_NET_ADMIN rights to cause a buffer overflow in the copy_from_user function.

Red Hat Enterprise Linux 4 2006-08-10T00:00:00 RHSA-2006:0575 kernel-0:2.6.9-42.EL https://www.cve.org/CVERecord?id=CVE-2006-0038 https://nvd.nist.gov/vuln/detail/CVE-2006-0038 Low 2006-05-16T00:00:00 security flaw

Race condition in the do_add_counters function in netfilter for Linux kernel 2.6.16 allows local users with CAP_NET_ADMIN capabilities to read kernel memory by triggering the race condition in a way that produces a size value that is inconsistent with allocated memory, which leads to a buffer over-read in IPT_ENTRY_ITERATE.

Red Hat would like to thank Solar Designer for reporting this issue. Red Hat Enterprise Linux 4 2006-10-05T00:00:00 RHSA-2006:0689 kernel-0:2.6.9-42.0.3.EL https://www.cve.org/CVERecord?id=CVE-2006-0039 https://nvd.nist.gov/vuln/detail/CVE-2006-0039 Moderate 2006-03-01T00:00:00 DoS from large email

GNOME Evolution 2.4.2.1 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via a text e-mail with a large number of URLs, possibly due to unknown problems in gtkhtml.

Red Hat Enterprise Linux 4 Will not fix evolution Red Hat Enterprise Linux 5 Not affected evolution https://www.cve.org/CVERecord?id=CVE-2006-0040 https://nvd.nist.gov/vuln/detail/CVE-2006-0040

Buffer overflow in the realpath function in nfs-server rpc.mountd, as used in SUSE Linux 9.1 through 10.0, allows local users to execute arbitrary code via unspecified vectors involving mount requests and symlinks.

This issue did not affect Red Hat Enterprise Linux 2.1, 3, or 4. https://www.cve.org/CVERecord?id=CVE-2006-0043 https://nvd.nist.gov/vuln/detail/CVE-2006-0043 Important 2006-03-09T00:00:00 security flaw

gpg in GnuPG before 1.4.2.2 does not properly verify non-detached signatures, which allows attackers to inject unsigned data via a data packet that is not associated with a control packet, which causes the check for concatenated signatures to report that the signature is valid, a different vulnerability than CVE-2006-0455.

Red Hat Enterprise Linux 3 2006-03-15T00:00:00 RHSA-2006:0266 gnupg-0:1.2.1-15 Red Hat Enterprise Linux 4 2006-03-15T00:00:00 RHSA-2006:0266 gnupg-0:1.2.6-3 https://www.cve.org/CVERecord?id=CVE-2006-0049 https://nvd.nist.gov/vuln/detail/CVE-2006-0049 Moderate 2005-06-06T00:00:00 security flaw

The attachment scrubber (Scrubber.py) in Mailman 2.1.5 and earlier, when using Python's library email module 2.5, allows remote attackers to cause a denial of service (mailing list delivery failure) via a multipart MIME message with a single part that has two blank lines between the first boundary and the end boundary.

Red Hat Enterprise Linux 3 2006-06-09T00:00:00 RHSA-2006:0486 mailman-3:2.1.5.1-25.rhel3.5 Red Hat Enterprise Linux 4 2006-06-09T00:00:00 RHSA-2006:0486 mailman-3:2.1.5.1-34.rhel4.3 https://www.cve.org/CVERecord?id=CVE-2006-0052 https://nvd.nist.gov/vuln/detail/CVE-2006-0052 Critical 2006-03-22T16:00:00 security flaw

Signal handler race condition in Sendmail 8.13.x before 8.13.6 allows remote attackers to execute arbitrary code by triggering timeouts in a way that causes the setjmp and longjmp function calls to be interrupted and modify unexpected memory locations.

Red Hat Enterprise Linux 3 2006-03-22T00:00:00 RHSA-2006:0264 sendmail-0:8.12.11-4.RHEL3.4 Red Hat Enterprise Linux 4 2006-03-22T00:00:00 RHSA-2006:0264 sendmail-0:8.13.1-3.RHEL4.3 Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2006-03-22T00:00:00 RHSA-2006:0265 Red Hat Enterprise Linux ES version 2.1 2006-03-22T00:00:00 RHSA-2006:0265 Red Hat Enterprise Linux WS version 2.1 2006-03-22T00:00:00 RHSA-2006:0265 Red Hat Linux Advanced Workstation 2.1 2006-03-22T00:00:00 RHSA-2006:0265 https://www.cve.org/CVERecord?id=CVE-2006-0058 https://nvd.nist.gov/vuln/detail/CVE-2006-0058 Moderate 2006-01-04T00:00:00 security flaw

Format string vulnerability in the SetImageInfo function in image.c for ImageMagick 6.2.3 and other versions, and GraphicsMagick, allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a numeric format string specifier such as %d in the file name, a variant of CVE-2005-0397, and as demonstrated using the convert program.

Red Hat Enterprise Linux 3 2006-02-14T00:00:00 RHSA-2006:0178 ImageMagick-0:5.5.6-18 Red Hat Enterprise Linux 4 2006-02-14T00:00:00 RHSA-2006:0178 ImageMagick-0:6.0.7.1-14 https://www.cve.org/CVERecord?id=CVE-2006-0082 https://nvd.nist.gov/vuln/detail/CVE-2006-0082 Moderate 2006-01-04T00:00:00 security flaw

dm-crypt in Linux kernel 2.6.15 and earlier does not clear a structure before it is freed, which leads to a memory disclosure that could allow local users to obtain sensitive information about a cryptographic key.

Red Hat Enterprise Linux 4 2006-03-07T00:00:00 RHSA-2006:0132 kernel-0:2.6.9-34.EL https://www.cve.org/CVERecord?id=CVE-2006-0095 https://nvd.nist.gov/vuln/detail/CVE-2006-0095

Stack-based buffer overflow in the create_named_pipe function in libmysql.c in PHP 4.3.10 and 4.4.x before 4.4.3 for Windows allows attackers to execute arbitrary code via a long (1) arg_host or (2) arg_unix_socket argument, as demonstrated by a long named pipe variable in the host argument to the mysql_connect function.

Not vulnerable. This issue did not affect the versions of php as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5. https://www.cve.org/CVERecord?id=CVE-2006-0097 https://nvd.nist.gov/vuln/detail/CVE-2006-0097 Critical 2006-01-09T18:36:00 security flaw

Multiple format string vulnerabilities in the auth_ldap_log_reason function in Apache auth_ldap 1.6.0 and earlier allows remote attackers to execute arbitrary code via various vectors, including the username.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2006-01-10T00:00:00 RHSA-2006:0179 Red Hat Enterprise Linux ES version 2.1 2006-01-10T00:00:00 RHSA-2006:0179 Red Hat Enterprise Linux WS version 2.1 2006-01-10T00:00:00 RHSA-2006:0179 Red Hat Linux Advanced Workstation 2.1 2006-01-10T00:00:00 RHSA-2006:0179 https://www.cve.org/CVERecord?id=CVE-2006-0150 https://nvd.nist.gov/vuln/detail/CVE-2006-0150 Low 2004-11-11T00:00:00 CVE-2004-1051 bash scripts run via Sudo can be subverted (CVE-2005-4158, CVE-2006-0151)

sudo 1.6.8 and other versions does not clear the PYTHONINSPECT environment variable, which allows limited local users to gain privileges via a Python script, a variant of CVE-2005-4158.

We do not consider this to be a security issue. https://bugzilla.redhat.com/show_bug.cgi?id=139478#c1 https://www.cve.org/CVERecord?id=CVE-2006-0151 https://nvd.nist.gov/vuln/detail/CVE-2006-0151 Moderate 2006-02-01T00:00:00 security flaw

webmail.php in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to inject arbitrary web pages into the right frame via a URL in the right_frame parameter. NOTE: this has been called a cross-site scripting (XSS) issue, but it is different than what is normally identified as XSS.

Red Hat Enterprise Linux 3 2006-05-03T00:00:00 RHSA-2006:0283 squirrelmail-0:1.4.6-5.el3 Red Hat Enterprise Linux 4 2006-05-03T00:00:00 RHSA-2006:0283 squirrelmail-0:1.4.6-5.el4 https://www.cve.org/CVERecord?id=CVE-2006-0188 https://nvd.nist.gov/vuln/detail/CVE-2006-0188 Moderate 2006-02-10T00:00:00 security flaw

Interpretation conflict in the MagicHTML filter in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to conduct cross-site scripting (XSS) attacks via style sheet specifiers with invalid (1) "/*" and "*/" comments, or (2) a newline in a "url" specifier, which is processed by certain web browsers including Internet Explorer.

Red Hat Enterprise Linux 3 2006-05-03T00:00:00 RHSA-2006:0283 squirrelmail-0:1.4.6-5.el3 Red Hat Enterprise Linux 4 2006-05-03T00:00:00 RHSA-2006:0283 squirrelmail-0:1.4.6-5.el4 https://www.cve.org/CVERecord?id=CVE-2006-0195 https://nvd.nist.gov/vuln/detail/CVE-2006-0195 Low 2006-01-12T00:00:00 security flaw

Multiple cross-site scripting (XSS) vulnerabilities in PHP 4.4.1 and 5.1.1, when display_errors and html_errors are on, allow remote attackers to inject arbitrary web script or HTML via inputs to PHP applications that are not filtered when they are included in the resulting error message.

Red Hat Enterprise Linux 3 2006-04-25T00:00:00 RHSA-2006:0276 php-0:4.3.2-30.ent Red Hat Enterprise Linux 4 2006-04-25T00:00:00 RHSA-2006:0276 php-0:4.3.9-3.12 Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2006-05-23T00:00:00 RHSA-2006:0501 Red Hat Enterprise Linux ES version 2.1 2006-05-23T00:00:00 RHSA-2006:0501 Red Hat Enterprise Linux WS version 2.1 2006-05-23T00:00:00 RHSA-2006:0501 Red Hat Linux Advanced Workstation 2.1 2006-05-23T00:00:00 RHSA-2006:0501 Stronghold 4.0 for Red Hat Enterprise Linux AS (version 2.1) 2006-07-27T00:00:00 RHSA-2006:0549 https://www.cve.org/CVERecord?id=CVE-2006-0208 https://nvd.nist.gov/vuln/detail/CVE-2006-0208 Low 2005-09-28T00:00:00 local to local copy uses shell expansion twice

scp in OpenSSH 4.2p1 allows attackers to execute arbitrary commands via filenames that contain shell metacharacters or spaces, which are expanded twice.

Issue was fixed upstream in version 4.3. The openssh packages in Red Hat Enterprise Linux 5 are based on the fixed upstream version and were not affected by this flaw. Red Hat Enterprise Linux 2.1 2006-09-29T00:00:00 RHSA-2006:0698 openssh-0:3.1p1-21 Red Hat Enterprise Linux 3 2006-07-20T00:00:00 RHSA-2006:0298 openssh-0:3.6.1p2-33.30.9 Red Hat Enterprise Linux 4 2006-03-07T00:00:00 RHSA-2006:0044 openssh-0:3.9p1-8.RHEL4.12 https://www.cve.org/CVERecord?id=CVE-2006-0225 https://nvd.nist.gov/vuln/detail/CVE-2006-0225

GUI display truncation vulnerability in Mozilla Thunderbird 1.0.2, 1.0.6, and 1.0.7 allows user-assisted attackers to execute arbitrary code via an attachment with a filename containing a large number of spaces ending with a dangerous extension that is not displayed by Thunderbird, along with an inconsistent Content-Type header, which could be used to trick a user into downloading dangerous content by dragging or saving the attachment.

Not vulnerable. We verified that this issue does not affect Linux versions of Thunderbird. https://www.cve.org/CVERecord?id=CVE-2006-0236 https://nvd.nist.gov/vuln/detail/CVE-2006-0236 Moderate 2006-01-15T00:00:00 tomcat examples XSS CWE-79

Multiple cross-site scripting (XSS) vulnerabilities in Apache Geronimo 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) time parameter to cal2.jsp and (2) any invalid parameter, which causes an XSS when the log file is viewed by the Web-Access-Log viewer.

Red Hat Application Server 3AS 2006-07-14T00:00:00 RHSA-2006:0592 Red Hat Application Server v2 4AS 2006-03-07T00:00:00 RHSA-2006:0161 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 jabberd-0:2.0s10-3.38.rhn Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 jfreechart-0:0.9.20-3.rhn Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 openmotif21-0:2.1.30-11.RHEL4.6 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 perl-Crypt-CBC-0:2.24-1.el4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 rhn-apache-0:1.3.27-36.rhn.rhel4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 rhn-modjk-0:1.2.23-2rhn.rhel4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 rhn-modperl-0:1.29-16.rhel4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 rhn-modssl-0:2.8.12-8.rhn.10.rhel4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 tomcat5-0:5.0.30-0jpp_10rh Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 jabberd-0:2.0s10-3.37.rhn Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 jfreechart-0:0.9.20-3.rhn Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 openmotif21-0:2.1.30-9.RHEL3.8 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 perl-Crypt-CBC-0:2.24-1.el3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 rhn-apache-0:1.3.27-36.rhn.rhel3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 rhn-modjk-0:1.2.23-2rhn.rhel3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 rhn-modperl-0:1.29-16.rhel3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 rhn-modssl-0:2.8.12-8.rhn.10.rhel3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 tomcat5-0:5.0.30-0jpp_10rh Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 jabberd-0:2.0s10-3.38.rhn Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 jfreechart-0:0.9.20-3.rhn Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 openmotif21-0:2.1.30-11.RHEL4.6 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 perl-Crypt-CBC-0:2.24-1.el4 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 rhn-apache-0:1.3.27-36.rhn.rhel4 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 rhn-modjk-0:1.2.23-2rhn.rhel4 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 rhn-modperl-0:1.29-16.rhel4 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 rhn-modssl-0:2.8.12-8.rhn.10.rhel4 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 tomcat5-0:5.0.30-0jpp_10rh Red Hat Network Satellite Server v 5.1 2008-08-13T00:00:00 RHSA-2008:0630 jfreechart-0:0.9.20-3.rhn Red Hat Network Satellite Server v 5.1 2008-08-13T00:00:00 RHSA-2008:0630 mod_perl-0:2.0.2-12.el4 Red Hat Network Satellite Server v 5.1 2008-08-13T00:00:00 RHSA-2008:0630 perl-Crypt-CBC-0:2.24-1.el4 Red Hat Network Satellite Server v 5.1 2008-08-13T00:00:00 RHSA-2008:0630 rhn-web-0:5.1.1-7 Red Hat Network Satellite Server v 5.1 2008-08-13T00:00:00 RHSA-2008:0630 tomcat5-0:5.0.30-0jpp_10rh https://www.cve.org/CVERecord?id=CVE-2006-0254 https://nvd.nist.gov/vuln/detail/CVE-2006-0254 Critical 2006-02-02T00:00:00 security flaw

The Javascript interpreter (jsinterp.c) in Mozilla and Firefox before 1.5.1 does not properly dereference objects, which allows remote attackers to cause a denial of service (crash) or execute arbitrary code via unknown attack vectors related to garbage collection.

Red Hat Enterprise Linux 4 2006-02-02T00:00:00 RHSA-2006:0200 firefox-0:1.0.7-1.4.3 Red Hat Enterprise Linux 4 2006-04-21T00:00:00 RHSA-2006:0330 thunderbird-0:1.0.8-1.4.1 https://www.cve.org/CVERecord?id=CVE-2006-0292 https://nvd.nist.gov/vuln/detail/CVE-2006-0292 Important 2006-02-02T00:00:00 security flaw

The XULDocument.persist function in Mozilla, Firefox before 1.5.0.1, and SeaMonkey before 1.0 does not validate the attribute name, which allows remote attackers to execute arbitrary Javascript by injecting RDF data into the user's localstore.rdf file.

Red Hat Enterprise Linux 4 2006-02-02T00:00:00 RHSA-2006:0200 firefox-0:1.0.7-1.4.3 Red Hat Enterprise Linux 4 2006-04-21T00:00:00 RHSA-2006:0330 thunderbird-0:1.0.8-1.4.1 https://www.cve.org/CVERecord?id=CVE-2006-0296 https://nvd.nist.gov/vuln/detail/CVE-2006-0296 Moderate 2005-06-17T00:00:00 security flaw

Buffer overflow in tar 1.14 through 1.15.90 allows user-assisted attackers to cause a denial of service (application crash) and possibly execute code via unspecified vectors involving PAX extended headers.

Red Hat Enterprise Linux 4 2006-03-01T00:00:00 RHSA-2006:0232 tar-0:1.14-9.RHEL4 https://www.cve.org/CVERecord?id=CVE-2006-0300 https://nvd.nist.gov/vuln/detail/CVE-2006-0300 Important 2006-01-05T00:00:00 security flaw

Heap-based buffer overflow in Splash.cc in xpdf, as used in other products such as (1) poppler, (2) kdegraphics, (3) gpdf, (4) pdfkit.framework, and others, allows attackers to cause a denial of service and possibly execute arbitrary code via crafted splash images that produce certain values that exceed the width or height of the associated bitmap.

Red Hat would like to thank Dirk Mueller for reporting this issue. Red Hat Enterprise Linux 4 2006-02-13T00:00:00 RHSA-2006:0201 xpdf-1:3.00-11.12 Red Hat Enterprise Linux 4 2006-02-13T00:00:00 RHSA-2006:0206 kdegraphics-7:3.3.1-3.7 https://www.cve.org/CVERecord?id=CVE-2006-0301 https://nvd.nist.gov/vuln/detail/CVE-2006-0301

fetchmail 6.3.0 and other versions before 6.3.2 allows remote attackers to cause a denial of service (crash) via crafted e-mail messages that cause a free of an invalid pointer when fetchmail bounces the message to the originator or local postmaster.

This issue did not affect the versions of Fetchmail as distributed with Red Hat Enterprise Linux 2.1, 3, or 4. https://www.cve.org/CVERecord?id=CVE-2006-0321 https://nvd.nist.gov/vuln/detail/CVE-2006-0321 Critical 2006-03-22T20:00:00 security flaw

Buffer overflow in swfformat.dll in multiple RealNetworks products and versions including RealPlayer 10.x, RealOne Player, Rhapsody 3, and Helix Player allows remote attackers to execute arbitrary code via a crafted SWF (Flash) file with (1) a size value that is less than the actual size, or (2) other unspecified manipulations.

Red Hat Desktop version 3 Extras 2006-03-22T00:00:00 RHSA-2006:0257 Red Hat Desktop version 4 Extras 2006-03-22T00:00:00 RHSA-2006:0257 https://www.cve.org/CVERecord?id=CVE-2006-0323 https://nvd.nist.gov/vuln/detail/CVE-2006-0323 Moderate 2006-02-15T00:00:00 security flaw

CRLF injection vulnerability in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to inject arbitrary IMAP commands via newline characters in the mailbox parameter of the sqimap_mailbox_select command, aka "IMAP injection."

Red Hat Enterprise Linux 3 2006-05-03T00:00:00 RHSA-2006:0283 squirrelmail-0:1.4.6-5.el3 Red Hat Enterprise Linux 4 2006-05-03T00:00:00 RHSA-2006:0283 squirrelmail-0:1.4.6-5.el4 https://www.cve.org/CVERecord?id=CVE-2006-0377 https://nvd.nist.gov/vuln/detail/CVE-2006-0377

The TIFFFetchShortPair function in tif_dirread.c in libtiff 3.8.0 allows remote attackers to cause a denial of service (application crash) via a crafted TIFF image that triggers a NULL pointer dereference, possibly due to changes in type declarations and/or the TIFFVSetField function.

This issue did not affect the versions of libtiff as distributed with Red Hat Enterprise Linux 2.1, 3, or 4. https://www.cve.org/CVERecord?id=CVE-2006-0405 https://nvd.nist.gov/vuln/detail/CVE-2006-0405 Important 2007-02-13T00:00:00 memory leaks using ber_scanf when handling bad BER packets (CVE-2006-0453)

Multiple memory leaks in the LDAP component in Fedora Directory Server 1.0 allow remote attackers to cause a denial of service (memory consumption) via invalid BER packets that trigger an error, which might prevent memory from being freed if it was allocated during the ber_scanf call, as demonstrated using the ProtoVer LDAP test suite.

RHEL 4 Directory Server AS 2006-05-17T00:00:00 RHSA-2006:0270 https://www.cve.org/CVERecord?id=CVE-2006-0451 https://nvd.nist.gov/vuln/detail/CVE-2006-0451 Low 2004-12-23T00:00:00 recursion causes OOM with bad DN in dn2ancestor

dn2ancestor in the LDAP component in Fedora Directory Server 1.0 allows remote attackers to cause a denial of service (CPU and memory consumption) via a ModDN operation with a DN that contains a large number of "," (comma) characters, which results in a large amount of recursion, as demonstrated using the ProtoVer LDAP test suite.

RHEL 4 Directory Server AS 2006-05-17T00:00:00 RHSA-2006:0270 https://www.cve.org/CVERecord?id=CVE-2006-0452 https://nvd.nist.gov/vuln/detail/CVE-2006-0452 Moderate 2005-02-14T00:00:00 security flaw

The LDAP component in Fedora Directory Server 1.0 allow remote attackers to cause a denial of service (crash) via a certain "bad BER sequence" that results in a free of uninitialized memory, as demonstrated using the ProtoVer LDAP test suite.

RHEL 4 Directory Server AS 2006-05-17T00:00:00 RHSA-2006:0270 https://www.cve.org/CVERecord?id=CVE-2006-0453 https://nvd.nist.gov/vuln/detail/CVE-2006-0453

Linux kernel before 2.6.15.3 down to 2.6.12, while constructing an ICMP response in icmp_send, does not properly handle when the ip_options_echo function in icmp.c fails, which allows remote attackers to cause a denial of service (crash) via vectors such as (1) record-route and (2) timestamp IP options with the needaddr bit set and a truncated value.

Not vulnerable. This vulnerability was introduced into the Linux kernel in version 2.6.12 and therefore does not affect users of Red Hat Enterprise Linux 2.1, 3, or 4. https://www.cve.org/CVERecord?id=CVE-2006-0454 https://nvd.nist.gov/vuln/detail/CVE-2006-0454 Moderate 2006-02-15T00:00:00 security flaw

gpgv in GnuPG before 1.4.2.1, when using unattended signature verification, returns a 0 exit code in certain cases even when the detached signature file does not carry a signature, which could cause programs that use gpgv to assume that the signature verification has succeeded. Note: this also occurs when running the equivalent command "gpg --verify".

Red Hat Enterprise Linux 3 2006-03-15T00:00:00 RHSA-2006:0266 gnupg-0:1.2.1-15 Red Hat Enterprise Linux 4 2006-03-15T00:00:00 RHSA-2006:0266 gnupg-0:1.2.6-3 https://www.cve.org/CVERecord?id=CVE-2006-0455 https://nvd.nist.gov/vuln/detail/CVE-2006-0455 Important 2006-03-07T00:00:00 security flaw

The strnlen_user function in Linux kernel before 2.6.16 on IBM S/390 can return an incorrect value, which allows local users to cause a denial of service via unknown vectors.

Red Hat Enterprise Linux 4 2006-08-10T00:00:00 RHSA-2006:0575 kernel-0:2.6.9-42.EL https://www.cve.org/CVERecord?id=CVE-2006-0456 https://nvd.nist.gov/vuln/detail/CVE-2006-0456 Important 2006-02-03T00:00:00 security flaw

Race condition in the (1) add_key, (2) request_key, and (3) keyctl functions in Linux kernel 2.6.x allows local users to cause a denial of service (crash) or read sensitive kernel memory by modifying the length of a string argument between the time that the kernel calculates the length and when it copies the data into kernel memory.

Red Hat Enterprise Linux 4 2006-08-10T00:00:00 RHSA-2006:0575 kernel-0:2.6.9-42.EL https://www.cve.org/CVERecord?id=CVE-2006-0457 https://nvd.nist.gov/vuln/detail/CVE-2006-0457

flex.skl in Will Estes and John Millaway Fast Lexical Analyzer Generator (flex) before 2.5.33 does not allocate enough memory for grammars containing (1) REJECT statements or (2) trailing context rules, which causes flex to generate code that contains a buffer overflow that might allow context-dependent attackers to execute arbitrary code.

This issue only affects parsers which are generated by grammars which either use REJECT or rules with a variable trailing context (in these rules the parser has to keep all backtracking paths). The Red Hat Security Response Team analysed all packages that include flex generated parsers in Red Hat Enterprise Linux (2.1, 3, and 4) and found none were vulnerable. https://www.cve.org/CVERecord?id=CVE-2006-0459 https://nvd.nist.gov/vuln/detail/CVE-2006-0459 Moderate 2004-12-03T00:00:00 security flaw

Heap-based buffer overflow in the alpha strip capability in libpng 1.2.7 allows context-dependent attackers to cause a denial of service (crash) when the png_do_strip_filler function is used to strip alpha channels out of the image.

Red Hat Enterprise Linux 4 2006-02-13T00:00:00 RHSA-2006:0205 libpng-2:1.2.7-1.el4.2 https://www.cve.org/CVERecord?id=CVE-2006-0481 https://nvd.nist.gov/vuln/detail/CVE-2006-0481

PostgreSQL 8.1.0 through 8.1.2 allows authenticated database users to gain additional privileges via "knowledge of the backend protocol" using a crafted SET ROLE to other database users, a different vulnerability than CVE-2006-0678.

This issue did not affect the versions of PostgreSQL as distributed with Red Hat Enterprise Linux 2.1, 3, or 4. https://www.cve.org/CVERecord?id=CVE-2006-0553 https://nvd.nist.gov/vuln/detail/CVE-2006-0553 Important 2006-02-27T00:00:00 NFS client panic using O_DIRECT

The Linux Kernel before 2.6.15.5 allows local users to cause a denial of service (NFS client panic) via unknown attack vectors related to the use of O_DIRECT (direct I/O).

Red Hat Enterprise Linux 4 2006-05-24T00:00:00 RHSA-2006:0493 kernel-0:2.6.9-34.0.1.EL https://www.cve.org/CVERecord?id=CVE-2006-0555 https://nvd.nist.gov/vuln/detail/CVE-2006-0555 Low 2006-02-17T00:00:00 security flaw

sys_mbind in mempolicy.c in Linux kernel 2.6.16 and earlier does not sanity check the maxnod variable before making certain computations for the get_nodes function, which has unknown impact and attack vectors.

Red Hat Enterprise Linux 4 2007-04-28T00:00:00 RHBA-2007:0304 kernel-0:2.6.9-55.EL https://www.cve.org/CVERecord?id=CVE-2006-0557 https://nvd.nist.gov/vuln/detail/CVE-2006-0557 Important 2006-02-01T00:00:00 ia64 crash

perfmon (perfmon.c) in Linux kernel on IA64 architectures allows local users to cause a denial of service (crash) by interrupting a task while another process is accessing the mm_struct, which triggers a BUG_ON action in the put_page_testzero function.

Red Hat Enterprise Linux 4 2007-09-04T00:00:00 RHSA-2007:0774 kernel-0:2.6.9-55.0.6.EL https://www.cve.org/CVERecord?id=CVE-2006-0558 https://nvd.nist.gov/vuln/detail/CVE-2006-0558 Low 2006-02-07T00:00:00 security flaw

Untrusted search path vulnerability in opcontrol in OProfile 0.9.1 and earlier allows local users to execute arbitrary commands via a modified PATH that references malicious (1) which or (2) dirname programs. NOTE: while opcontrol normally is not run setuid, a common configuration suggests accessing opcontrol using sudo. In such a context, this is a vulnerability.

Red Hat is aware of this issue and is tracking it via the following bug for Red Hat Enterprise Linux 3 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=207347 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/ This issue was fixed for Red Hat Enterprise Linux 4 in the following errata: http://rhn.redhat.com/errata/RHEA-2006-0355.html This issue does not affect Red Hat Enterprise Linux 2 Red Hat Enterprise Linux AS version 4 2006-08-09T00:00:00 RHEA-2006:0355 Red Hat Enterprise Linux Desktop version 4 2006-08-09T00:00:00 RHEA-2006:0355 Red Hat Enterprise Linux ES version 4 2006-08-09T00:00:00 RHEA-2006:0355 Red Hat Enterprise Linux WS version 4 2006-08-09T00:00:00 RHEA-2006:0355 https://www.cve.org/CVERecord?id=CVE-2006-0576 https://nvd.nist.gov/vuln/detail/CVE-2006-0576 Low 2006-02-07T00:00:00 security flaw

The crypt_gensalt functions for BSDI-style extended DES-based and FreeBSD-sytle MD5-based password hashes in crypt_blowfish 0.4.7 and earlier do not evenly and randomly distribute salts, which makes it easier for attackers to guess passwords from a stolen password file due to the increased number of collisions.

Red Hat Enterprise Linux 3 2006-05-23T00:00:00 RHSA-2006:0526 rh-postgresql-0:7.3.15-2 Red Hat Enterprise Linux 4 2006-05-23T00:00:00 RHSA-2006:0526 postgresql-0:7.4.13-2.RHEL4.1 https://www.cve.org/CVERecord?id=CVE-2006-0591 https://nvd.nist.gov/vuln/detail/CVE-2006-0591 Important 2006-02-09T15:38:00 - libtasn1 buffer overflow

Tiny ASN.1 Library (libtasn1) before 0.2.18, as used by (1) GnuTLS 1.2.x before 1.2.10 and 1.3.x before 1.3.4, and (2) GNU Shishi, allows attackers to crash the DER decoder and possibly execute arbitrary code via "out-of-bounds access" caused by invalid input, as demonstrated by the ProtoVer SSL test suite.

Red Hat Enterprise Linux 4 2006-02-10T00:00:00 RHSA-2006:0207 gnutls-0:1.0.20-3.2.2 https://www.cve.org/CVERecord?id=CVE-2006-0645 https://nvd.nist.gov/vuln/detail/CVE-2006-0645 Low 2006-02-05T00:00:00 bluez-hcidump Denial of Service

Buffer overflow in l2cap.c in hcidump 1.29 allows remote attackers to cause a denial of service (crash) through a wireless Bluetooth connection via a malformed Logical Link Control and Adaptation Protocol (L2CAP) packet.

Red Hat no longer plans to fix this issue in Red Hat Enterprise Linux 4. This issue is corrected in bluez-hcidump 1.32 as provided by Red Hat Enterprise Linux 5. Red Hat Enterprise Linux 4 Will not fix bluez-hcidump https://www.cve.org/CVERecord?id=CVE-2006-0670 https://nvd.nist.gov/vuln/detail/CVE-2006-0670 Important 2006-02-12T00:00:00 security flaw

Buffer overflow in Metamail 2.7-50 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via e-mail messages with a long boundary attribute, a different vulnerability than CVE-2004-0105.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2006-02-21T00:00:00 RHSA-2006:0217 Red Hat Enterprise Linux ES version 2.1 2006-02-21T00:00:00 RHSA-2006:0217 Red Hat Enterprise Linux WS version 2.1 2006-02-21T00:00:00 RHSA-2006:0217 Red Hat Linux Advanced Workstation 2.1 2006-02-21T00:00:00 RHSA-2006:0217 https://www.cve.org/CVERecord?id=CVE-2006-0709 https://nvd.nist.gov/vuln/detail/CVE-2006-0709

Multiple unspecified vulnerabilities in Dovecot before 1.0beta3 allow remote attackers to cause a denial of service (application crash or hang) via unspecified vectors involving (1) "potential hangs" in the APPEND command and "potential crashes" in (2) dovecot-auth and (3) imap/pop3-login. NOTE: vector 2 might be related to a double free vulnerability.

This issue only affected Dovecot versions 1.0beta1 and 1.0beta2. Red Hat Enterprise Linux 4 shipped with an earlier version of Dovecot and is therefore not vulnerable to this issue. https://www.cve.org/CVERecord?id=CVE-2006-0730 https://nvd.nist.gov/vuln/detail/CVE-2006-0730 Important 2006-02-26T00:00:00 security flaw

Linux kernel before 2.6.15.5, when running on Intel processors, allows local users to cause a denial of service ("endless recursive fault") via unknown attack vectors related to a "bad elf entry address."

Red Hat Enterprise Linux 3 2006-07-20T00:00:00 RHSA-2006:0437 kernel-0:2.4.21-47.EL Red Hat Enterprise Linux 4 2006-05-24T00:00:00 RHSA-2006:0493 kernel-0:2.6.9-34.0.1.EL https://www.cve.org/CVERecord?id=CVE-2006-0741 https://nvd.nist.gov/vuln/detail/CVE-2006-0741 Important 2006-02-28T00:00:00 security flaw

The die_if_kernel function in arch/ia64/kernel/unaligned.c in Linux kernel 2.6.x before 2.6.15.6, possibly when compiled with certain versions of gcc, has the "noreturn" attribute set, which allows local users to cause a denial of service by causing user faults on Itanium systems.

Red Hat Enterprise Linux 3 2006-07-20T00:00:00 RHSA-2006:0437 kernel-0:2.4.21-47.EL Red Hat Enterprise Linux 4 2006-08-10T00:00:00 RHSA-2006:0575 kernel-0:2.6.9-42.EL https://www.cve.org/CVERecord?id=CVE-2006-0742 https://nvd.nist.gov/vuln/detail/CVE-2006-0742

Format string vulnerability in LocalSyslogAppender in Apache log4net 1.2.9 might allow remote attackers to cause a denial of service (memory corruption and termination) via unknown vectors.

Not vulnerable. Red Hat Enterprise Linux 2.1, 3, and 4 do not include log4net. https://www.cve.org/CVERecord?id=CVE-2006-0743 https://nvd.nist.gov/vuln/detail/CVE-2006-0743 Important 2006-03-09T00:00:00 security flaw

Linux kernel before 2.6.16.5 does not properly handle uncanonical return addresses on Intel EM64T CPUs, which reports an exception in the SYSRET instead of the next instruction, which causes the kernel exception handler to run on the user stack with the wrong GS.

Red Hat Enterprise Linux 3 2006-07-20T00:00:00 RHSA-2006:0437 kernel-0:2.4.21-47.EL Red Hat Enterprise Linux 4 2006-05-24T00:00:00 RHSA-2006:0493 kernel-0:2.6.9-34.0.1.EL https://www.cve.org/CVERecord?id=CVE-2006-0744 https://nvd.nist.gov/vuln/detail/CVE-2006-0744 Important 2006-01-03T00:00:00 security flaw

Certain patches for kpdf do not include all relevant patches from xpdf that were associated with CVE-2005-3627, which allows context-dependent attackers to exploit vulnerabilities that were present in CVE-2005-3627.

Red Hat Enterprise Linux 4 2006-03-09T00:00:00 RHSA-2006:0262 kdegraphics-7:3.3.1-3.9 https://www.cve.org/CVERecord?id=CVE-2006-0746 https://nvd.nist.gov/vuln/detail/CVE-2006-0746 Moderate 2006-05-15T00:00:00 security flaw

Integer underflow in Freetype before 2.2 allows remote attackers to cause a denial of service (crash) via a font file with an odd number of blue values, which causes the underflow when decrementing by 2 in a context that assumes an even number of values.

Red Hat Enterprise Linux 3 2006-07-18T00:00:00 RHSA-2006:0500 freetype-0:2.1.4-4.0.rhel3.2 Red Hat Enterprise Linux 4 2006-07-18T00:00:00 RHSA-2006:0500 freetype-0:2.1.9-1.rhel4.4 https://www.cve.org/CVERecord?id=CVE-2006-0747 https://nvd.nist.gov/vuln/detail/CVE-2006-0747 Critical 2006-04-21T00:00:00 security flaw

Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to execute arbitrary code via "an invalid and non-sensical ordering of table-related tags" that results in a negative array index.

Red Hat Enterprise Linux 4 2006-04-14T00:00:00 RHSA-2006:0328 firefox-0:1.0.8-1.4.1 Red Hat Enterprise Linux 4 2006-04-18T00:00:00 RHSA-2006:0329 devhelp-0:0.9.2-2.4.8 Red Hat Enterprise Linux 4 2006-04-21T00:00:00 RHSA-2006:0330 thunderbird-0:1.0.8-1.4.1 https://www.cve.org/CVERecord?id=CVE-2006-0748 https://nvd.nist.gov/vuln/detail/CVE-2006-0748 Critical 2006-04-14T00:00:00 Firefox Tag Order Vulnerability

nsHTMLContentSink.cpp in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors involving a "particular sequence of HTML tags" that leads to memory corruption.

Red Hat Enterprise Linux 4 2006-04-14T00:00:00 RHSA-2006:0328 firefox-0:1.0.8-1.4.1 Red Hat Enterprise Linux 4 2006-04-18T00:00:00 RHSA-2006:0329 devhelp-0:0.9.2-2.4.8 Red Hat Enterprise Linux 4 2006-04-21T00:00:00 RHSA-2006:0330 thunderbird-0:1.0.8-1.4.1 https://www.cve.org/CVERecord?id=CVE-2006-0749 https://nvd.nist.gov/vuln/detail/CVE-2006-0749

OpenSSH on FreeBSD 5.3 and 5.4, when used with OpenPAM, does not properly handle when a forked child process terminates during PAM authentication, which allows remote attackers to cause a denial of service (client connection refusal) by connecting multiple times to the SSH server, waiting for the password prompt, then disconnecting.

This issue did not affect the versions of OpenSSH as distributed with Red Hat Enterprise Linux 2.1, 3, or 4. https://www.cve.org/CVERecord?id=CVE-2006-0883 https://nvd.nist.gov/vuln/detail/CVE-2006-0883 Moderate 2006-04-21T00:00:00 security flaw

The WYSIWYG rendering engine ("rich mail" editor) in Mozilla Thunderbird 1.0.7 and earlier allows user-assisted attackers to bypass javascript security settings and obtain sensitive information or cause a crash via an e-mail containing a javascript URI in the SRC attribute of an IFRAME tag, which is executed when the user edits the e-mail.

Red Hat Enterprise Linux 4 2006-04-18T00:00:00 RHSA-2006:0329 devhelp-0:0.9.2-2.4.8 Red Hat Enterprise Linux 4 2006-04-21T00:00:00 RHSA-2006:0330 thunderbird-0:1.0.8-1.4.1 https://www.cve.org/CVERecord?id=CVE-2006-0884 https://nvd.nist.gov/vuln/detail/CVE-2006-0884 Low 2006-02-23T00:00:00 perl-Crypt-CBC weaker encryption with some ciphers

Crypt::CBC Perl module 2.16 and earlier, when running in RandomIV mode, uses an initialization vector (IV) of 8 bytes, which results in weaker encryption when used with a cipher that requires a larger block size than 8 bytes, such as Rijndael.

Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 jabberd-0:2.0s10-3.38.rhn Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 jfreechart-0:0.9.20-3.rhn Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 openmotif21-0:2.1.30-11.RHEL4.6 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 perl-Crypt-CBC-0:2.24-1.el4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 rhn-apache-0:1.3.27-36.rhn.rhel4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 rhn-modjk-0:1.2.23-2rhn.rhel4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 rhn-modperl-0:1.29-16.rhel4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 rhn-modssl-0:2.8.12-8.rhn.10.rhel4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 tomcat5-0:5.0.30-0jpp_10rh Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 jabberd-0:2.0s10-3.37.rhn Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 jfreechart-0:0.9.20-3.rhn Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 openmotif21-0:2.1.30-9.RHEL3.8 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 perl-Crypt-CBC-0:2.24-1.el3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 rhn-apache-0:1.3.27-36.rhn.rhel3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 rhn-modjk-0:1.2.23-2rhn.rhel3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 rhn-modperl-0:1.29-16.rhel3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 rhn-modssl-0:2.8.12-8.rhn.10.rhel3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 tomcat5-0:5.0.30-0jpp_10rh Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 jabberd-0:2.0s10-3.38.rhn Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 jfreechart-0:0.9.20-3.rhn Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 openmotif21-0:2.1.30-11.RHEL4.6 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 perl-Crypt-CBC-0:2.24-1.el4 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 rhn-apache-0:1.3.27-36.rhn.rhel4 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 rhn-modjk-0:1.2.23-2rhn.rhel4 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 rhn-modperl-0:1.29-16.rhel4 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 rhn-modssl-0:2.8.12-8.rhn.10.rhel4 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 tomcat5-0:5.0.30-0jpp_10rh Red Hat Network Satellite Server v 5.1 2008-08-13T00:00:00 RHSA-2008:0630 jfreechart-0:0.9.20-3.rhn Red Hat Network Satellite Server v 5.1 2008-08-13T00:00:00 RHSA-2008:0630 mod_perl-0:2.0.2-12.el4 Red Hat Network Satellite Server v 5.1 2008-08-13T00:00:00 RHSA-2008:0630 perl-Crypt-CBC-0:2.24-1.el4 Red Hat Network Satellite Server v 5.1 2008-08-13T00:00:00 RHSA-2008:0630 rhn-web-0:5.1.1-7 Red Hat Network Satellite Server v 5.1 2008-08-13T00:00:00 RHSA-2008:0630 tomcat5-0:5.0.30-0jpp_10rh https://www.cve.org/CVERecord?id=CVE-2006-0898 https://nvd.nist.gov/vuln/detail/CVE-2006-0898 Low 2006-02-20T00:00:00 Mysql log file obfuscation

MySQL 5.0.18 and earlier allows local users to bypass logging mechanisms via SQL queries that contain the NULL character, which are not properly handled by the mysql_real_query function. NOTE: this issue was originally reported for the mysql_query function, but the vendor states that since mysql_query expects a null character, this is not an issue for mysql_query.

Red Hat Enterprise Linux 4 2006-06-09T00:00:00 RHSA-2006:0544 mysql-0:4.1.20-1.RHEL4.1 Red Hat Enterprise Linux 5 2008-05-20T00:00:00 RHSA-2008:0364 mysql-0:5.0.45-7.el5 Red Hat Web Application Stack for RHEL 4 2007-02-19T00:00:00 RHSA-2007:0083 mysql-0:5.0.30-1.el4s1.1 https://www.cve.org/CVERecord?id=CVE-2006-0903 https://nvd.nist.gov/vuln/detail/CVE-2006-0903 Moderate 2006-03-03T00:00:00 bind: DDoS (traffic amplification) via DNS queries with spoofed IP addresses due to additional information delegation to arbitrary IP addresses 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P

The default configuration of ISC BIND before 9.4.1-P1, when configured as a caching name server, allows recursive queries and provides additional delegation information to arbitrary IP addresses, which allows remote attackers to cause a denial of service (traffic amplification) via DNS queries with spoofed source IP addresses.

Not vulnerable. This issue did not affect the versions of bind as shipped with Red Hat Enterprise Linux 5 and 6 and version of bind97 as shipped with Red Hat Enterprise Linux 5 as in the default configuration the named service accept DNS queries only from localhost. Red Hat Enterprise Linux 5 Not affected bind Red Hat Enterprise Linux 6 Not affected bind https://www.cve.org/CVERecord?id=CVE-2006-0987 https://nvd.nist.gov/vuln/detail/CVE-2006-0987 Low 2006-03-30T00:00:00 security flaw

Cross-site scripting (XSS) vulnerability in phpinfo (info.c) in PHP 5.1.2 and 4.4.2 allows remote attackers to inject arbitrary web script or HTML via long array variables, including (1) a large number of dimensions or (2) long values, which prevents HTML tags from being removed.

Red Hat Enterprise Linux 3 2006-04-25T00:00:00 RHSA-2006:0276 php-0:4.3.2-30.ent Red Hat Enterprise Linux 4 2006-04-25T00:00:00 RHSA-2006:0276 php-0:4.3.9-3.12 Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2006-05-23T00:00:00 RHSA-2006:0501 Red Hat Enterprise Linux ES version 2.1 2006-05-23T00:00:00 RHSA-2006:0501 Red Hat Enterprise Linux WS version 2.1 2006-05-23T00:00:00 RHSA-2006:0501 Red Hat Linux Advanced Workstation 2.1 2006-05-23T00:00:00 RHSA-2006:0501 Stronghold 4.0 for Red Hat Enterprise Linux AS (version 2.1) 2006-07-27T00:00:00 RHSA-2006:0549 https://www.cve.org/CVERecord?id=CVE-2006-0996 https://nvd.nist.gov/vuln/detail/CVE-2006-0996

Argument injection vulnerability in certain PHP 4.x and 5.x applications, when used with sendmail and when accepting remote input for the additional_parameters argument to the mb_send_mail function, allows context-dependent attackers to read and create arbitrary files by providing extra -C and -X arguments to sendmail. NOTE: it could be argued that this is a class of technology-specific vulnerability, instead of a particular instance; if so, then this should not be included in CVE.

We do not consider these to be security issues: http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1 https://www.cve.org/CVERecord?id=CVE-2006-1014 https://nvd.nist.gov/vuln/detail/CVE-2006-1014

Argument injection vulnerability in certain PHP 3.x, 4.x, and 5.x applications, when used with sendmail and when accepting remote input for the additional_parameters argument to the mail function, allows remote attackers to read and create arbitrary files via the sendmail -C and -X arguments. NOTE: it could be argued that this is a class of technology-specific vulnerability, instead of a particular instance; if so, then this should not be included in CVE.

We do not consider these to be security issues: http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1 https://www.cve.org/CVERecord?id=CVE-2006-1015 https://nvd.nist.gov/vuln/detail/CVE-2006-1015

The c-client library 2000, 2001, or 2004 for PHP before 4.4.4 and 5.x before 5.1.5 do not check the (1) safe_mode or (2) open_basedir functions, and when used in applications that accept user-controlled input for the mailbox argument to the imap_open function, allow remote attackers to obtain access to an IMAP stream data structure and conduct unauthorized IMAP actions.

We do not consider safe_mode / open_basedir restriction bypass issues being security sensitive. For more details see http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1 and http://www.php.net/security-note.php https://www.cve.org/CVERecord?id=CVE-2006-1017 https://nvd.nist.gov/vuln/detail/CVE-2006-1017 Moderate 2006-02-28T00:00:00 security flaw

The HTML rendering engine in Mozilla Thunderbird 1.5, when "Block loading of remote images in mail messages" is enabled, does not properly block external images from inline HTML attachments, which could allow remote attackers to obtain sensitive information, such as application version or IP address, when the user reads the email and the external image is accessed.

Red Hat Enterprise Linux 4 2006-04-21T00:00:00 RHSA-2006:0330 thunderbird-0:1.0.8-1.4.1 https://www.cve.org/CVERecord?id=CVE-2006-1045 https://nvd.nist.gov/vuln/detail/CVE-2006-1045 Moderate 2006-03-11T00:00:00 security flaw

The selinux_ptrace logic in hooks.c in SELinux for Linux 2.6.6 allows local users with ptrace permissions to change the tracer SID to an SID of another process.

Red Hat Enterprise Linux 4 2006-08-10T00:00:00 RHSA-2006:0575 kernel-0:2.6.9-42.EL https://www.cve.org/CVERecord?id=CVE-2006-1052 https://nvd.nist.gov/vuln/detail/CVE-2006-1052 Important 2006-04-19T00:00:00 security flaw

The Linux kernel before 2.6.16.9 and the FreeBSD kernel, when running on AMD64 and other 7th and 8th generation AuthenticAMD processors, only save/restore the FOP, FIP, and FDP x87 registers in FXSAVE/FXRSTOR when an exception is pending, which allows one process to determine portions of the state of floating point instructions of other processes, which can be leveraged to obtain sensitive information such as cryptographic keys. NOTE: this is the documented behavior of AMD64 processors, but it is inconsistent with Intel processors in a security-relevant fashion that was not addressed by the kernels.

Red Hat Enterprise Linux 3 2006-07-20T00:00:00 RHSA-2006:0437 kernel-0:2.4.21-47.EL Red Hat Enterprise Linux 4 2006-08-10T00:00:00 RHSA-2006:0575 kernel-0:2.6.9-42.EL Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2006-07-13T00:00:00 RHSA-2006:0579 Red Hat Enterprise Linux ES version 2.1 2006-07-13T00:00:00 RHSA-2006:0579 Red Hat Enterprise Linux WS version 2.1 2006-07-13T00:00:00 RHSA-2006:0579 https://www.cve.org/CVERecord?id=CVE-2006-1056 https://nvd.nist.gov/vuln/detail/CVE-2006-1056 Low 2006-04-19T00:00:00 security flaw

Race condition in daemon/slave.c in gdm before 2.14.1 allows local users to gain privileges via a symlink attack when gdm performs chown and chgrp operations on the .ICEauthority file.

Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=188302 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/ This issue does not affect Red Hat Enterprise Linux 2.1 and 3. Red Hat Enterprise Linux 4 2007-05-01T00:00:00 RHSA-2007:0286 gdm-1:2.6.0.5-7.rhel4.15 https://www.cve.org/CVERecord?id=CVE-2006-1057 https://nvd.nist.gov/vuln/detail/CVE-2006-1057 Low 2005-12-19T00:00:00 security flaw

BusyBox 1.1.1 does not use a salt when generating passwords, which makes it easier for local users to guess passwords from a stolen password file using techniques such as rainbow tables.

Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=187385 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/ This issue does not affect Red Hat Enterprise Linux 2.1 or 3. Red Hat Enterprise Linux 4 2007-05-01T00:00:00 RHSA-2007:0244 busybox-0:1.00.rc1-7.el4 https://www.cve.org/CVERecord?id=CVE-2006-1058 https://nvd.nist.gov/vuln/detail/CVE-2006-1058

Directory traversal vulnerability in the FileSession object in Mod_python module 3.2.7 for Apache allows local users to execute arbitrary code via a crafted session cookie.

This issue did not affect the versions of mod_python as distributed with Red Hat Enterprise Linux 2.1, 3, or 4. https://www.cve.org/CVERecord?id=CVE-2006-1095 https://nvd.nist.gov/vuln/detail/CVE-2006-1095 Moderate 2006-08-08T00:00:00 ncompress: .bss buffer underflow in decompression 5.1 AV:N/AC:H/Au:N/C:P/I:P/A:P

The decompress function in compress42.c in (1) ncompress 4.2.4 and (2) liblzw allows remote attackers to cause a denial of service (crash), and possibly execute arbitrary code, via crafted data that leads to a buffer underflow.

Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Red Hat would like to thank Tavis Ormandy (Google Security Team) for reporting this issue. Red Hat Enterprise Linux 3 2006-09-12T00:00:00 RHSA-2006:0663 ncompress-0:4.2.4-39.rhel3 Red Hat Enterprise Linux 4 2006-09-12T00:00:00 RHSA-2006:0663 ncompress-0:4.2.4-43.rhel4 Red Hat Enterprise Linux 5 2012-02-21T00:00:00 RHSA-2012:0308 busybox-1:1.2.0-13.el5 Red Hat Enterprise Linux 6 2012-06-19T00:00:00 RHSA-2012:0810 busybox-1:1.15.1-15.el6 Red Hat Enterprise Linux 4 Not affected busybox Red Hat Enterprise Linux 5 Not affected ncompress Red Hat Enterprise Linux 6 Not affected ncompress https://www.cve.org/CVERecord?id=CVE-2006-1168 https://nvd.nist.gov/vuln/detail/CVE-2006-1168 Important 2006-06-14T01:06:00 security flaw

Sendmail before 8.13.7 allows remote attackers to cause a denial of service via deeply nested, malformed multipart MIME messages that exhaust the stack during the recursive mime8to7 function for performing 8-bit to 7-bit conversion, which prevents Sendmail from delivering queued messages and might lead to disk consumption by core dump files.

Red Hat Enterprise Linux 3 2006-06-14T00:00:00 RHSA-2006:0515 sendmail-0:8.12.11-4.RHEL3.6 Red Hat Enterprise Linux 4 2006-06-14T00:00:00 RHSA-2006:0515 sendmail-0:8.13.1-3.RHEL4.5 https://www.cve.org/CVERecord?id=CVE-2006-1173 https://nvd.nist.gov/vuln/detail/CVE-2006-1173 Low 2005-02-23T00:00:00 security flaw

useradd in shadow-utils before 4.0.3, and possibly other versions before 4.0.8, does not provide a required argument to the open function when creating a new user mailbox, which causes the mailbox to be created with unpredictable permissions and possibly allows attackers to read or modify the mailbox.

Red Hat is aware of this issue and is tracking it via the following bugs: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=193053 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=229194 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/ The risks associated with fixing this bug are greater than the low severity security risk. We therefore currently have no plans to fix this flaw in Red Hat Enterprise Linux 2.1 which is in maintenance mode. Red Hat Enterprise Linux 3 2007-06-07T00:00:00 RHSA-2007:0431 shadow-utils-2:4.0.3-29.RHEL3 Red Hat Enterprise Linux 4 2007-05-01T00:00:00 RHSA-2007:0276 shadow-utils-2:4.0.3-61.RHEL4 https://www.cve.org/CVERecord?id=CVE-2006-1174 https://nvd.nist.gov/vuln/detail/CVE-2006-1174 Low 2006-03-14T00:00:00 security flaw

The ip_push_pending_frames function in Linux 2.4.x and 2.6.x before 2.6.16 increments the IP ID field when sending a RST after receiving unsolicited TCP SYN-ACK packets, which allows remote attackers to conduct an Idle Scan (nmap -sI) attack, which bypasses intended protections against such attacks.

Red Hat Enterprise Linux 3 2006-07-20T00:00:00 RHSA-2006:0437 kernel-0:2.4.21-47.EL Red Hat Enterprise Linux 4 2006-08-10T00:00:00 RHSA-2006:0575 kernel-0:2.6.9-42.EL https://www.cve.org/CVERecord?id=CVE-2006-1242 https://nvd.nist.gov/vuln/detail/CVE-2006-1242 sa-exim 4.2 vulnerability

Argument injection vulnerability in greylistclean.cron in sa-exim 4.2 allows remote attackers to delete arbitrary files via an email with a To field that contains a filename separated by whitespace, which is not quoted when greylistclean.cron provides the argument to the rm command.

Not vulnerable. greylistclean.cron is not supplied in the exim packages as distributed with Red Hat Enterprise Linux. https://www.cve.org/CVERecord?id=CVE-2006-1251 https://nvd.nist.gov/vuln/detail/CVE-2006-1251 Moderate 2006-03-09T00:00:00 jabberd SASL DoS

The SASL negotiation in Jabber Studio jabberd before 2.0s11 allows remote attackers to cause a denial of service ("c2s segfault") by sending a "response stanza before an auth stanza".

Red Hat Network Proxy v 4.2 (RHEL 3) 2008-06-30T00:00:00 RHSA-2008:0523 jabberd-0:2.0s10-3.37.rhn Red Hat Network Proxy v 4.2 (RHEL 3) 2008-06-30T00:00:00 RHSA-2008:0523 rhn-apache-0:1.3.27-36.rhn.rhel3 Red Hat Network Proxy v 4.2 (RHEL 3) 2008-06-30T00:00:00 RHSA-2008:0523 rhn-modperl-0:1.29-16.rhel3 Red Hat Network Proxy v 4.2 (RHEL 4) 2008-06-30T00:00:00 RHSA-2008:0523 jabberd-0:2.0s10-3.38.rhn Red Hat Network Proxy v 4.2 (RHEL 4) 2008-06-30T00:00:00 RHSA-2008:0523 rhn-apache-0:1.3.27-36.rhn.rhel4 Red Hat Network Proxy v 4.2 (RHEL 4) 2008-06-30T00:00:00 RHSA-2008:0523 rhn-modperl-0:1.29-16.rhel4 Red Hat Network Proxy v 5.0 2008-05-20T00:00:00 RHSA-2008:0263 jabberd-0:2.0s10-3.38.rhn Red Hat Network Proxy v 5.0 2008-05-20T00:00:00 RHSA-2008:0263 rhn-apache-0:1.3.27-36.rhn.rhel4 Red Hat Network Proxy v 5.0 2008-05-20T00:00:00 RHSA-2008:0263 rhn-modperl-0:1.29-16.rhel4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 jabberd-0:2.0s10-3.38.rhn Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 jfreechart-0:0.9.20-3.rhn Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 openmotif21-0:2.1.30-11.RHEL4.6 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 perl-Crypt-CBC-0:2.24-1.el4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 rhn-apache-0:1.3.27-36.rhn.rhel4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 rhn-modjk-0:1.2.23-2rhn.rhel4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 rhn-modperl-0:1.29-16.rhel4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 rhn-modssl-0:2.8.12-8.rhn.10.rhel4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 tomcat5-0:5.0.30-0jpp_10rh Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 jabberd-0:2.0s10-3.37.rhn Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 jfreechart-0:0.9.20-3.rhn Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 openmotif21-0:2.1.30-9.RHEL3.8 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 perl-Crypt-CBC-0:2.24-1.el3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 rhn-apache-0:1.3.27-36.rhn.rhel3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 rhn-modjk-0:1.2.23-2rhn.rhel3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 rhn-modperl-0:1.29-16.rhel3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 rhn-modssl-0:2.8.12-8.rhn.10.rhel3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 tomcat5-0:5.0.30-0jpp_10rh Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 jabberd-0:2.0s10-3.38.rhn Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 jfreechart-0:0.9.20-3.rhn Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 openmotif21-0:2.1.30-11.RHEL4.6 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 perl-Crypt-CBC-0:2.24-1.el4 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 rhn-apache-0:1.3.27-36.rhn.rhel4 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 rhn-modjk-0:1.2.23-2rhn.rhel4 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 rhn-modperl-0:1.29-16.rhel4 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 rhn-modssl-0:2.8.12-8.rhn.10.rhel4 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 tomcat5-0:5.0.30-0jpp_10rh https://www.cve.org/CVERecord?id=CVE-2006-1329 https://nvd.nist.gov/vuln/detail/CVE-2006-1329 Low 2006-03-04T00:00:00 security flaw

net/ipv4/af_inet.c in Linux kernel 2.4 does not clear sockaddr_in.sin_zero before returning IPv4 socket names from the (1) getsockname, (2) getpeername, and (3) accept functions, which allows local users to obtain portions of potentially sensitive memory.

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2006-07-13T00:00:00 RHSA-2006:0579 Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2006-07-13T00:00:00 RHSA-2006:0580 Red Hat Enterprise Linux ES version 2.1 2006-07-13T00:00:00 RHSA-2006:0579 Red Hat Enterprise Linux WS version 2.1 2006-07-13T00:00:00 RHSA-2006:0579 Red Hat Linux Advanced Workstation 2.1 2006-07-13T00:00:00 RHSA-2006:0580 https://www.cve.org/CVERecord?id=CVE-2006-1342 https://nvd.nist.gov/vuln/detail/CVE-2006-1342 Low 2006-03-04T00:00:00 security flaw

net/ipv4/netfilter/ip_conntrack_core.c in Linux kernel 2.4 and 2.6, and possibly net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c in 2.6, does not clear sockaddr_in.sin_zero before returning IPv4 socket names from the getsockopt function with SO_ORIGINAL_DST, which allows local users to obtain portions of potentially sensitive memory.

Red Hat Enterprise Linux 3 2006-07-20T00:00:00 RHSA-2006:0437 kernel-0:2.4.21-47.EL Red Hat Enterprise Linux 4 2006-08-10T00:00:00 RHSA-2006:0575 kernel-0:2.6.9-42.EL Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2006-07-13T00:00:00 RHSA-2006:0579 Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2006-07-13T00:00:00 RHSA-2006:0580 Red Hat Enterprise Linux ES version 2.1 2006-07-13T00:00:00 RHSA-2006:0579 Red Hat Enterprise Linux WS version 2.1 2006-07-13T00:00:00 RHSA-2006:0579 Red Hat Linux Advanced Workstation 2.1 2006-07-13T00:00:00 RHSA-2006:0580 https://www.cve.org/CVERecord?id=CVE-2006-1343 https://nvd.nist.gov/vuln/detail/CVE-2006-1343 Important 2006-03-20T00:00:00 security flaw

Unspecified vulnerability in FreeRADIUS 1.0.0 up to 1.1.0 allows remote attackers to bypass authentication or cause a denial of service (server crash) via "Insufficient input validation" in the EAP-MSCHAPv2 state machine module.

Red Hat Enterprise Linux 3 2006-04-04T00:00:00 RHSA-2006:0271 freeradius-0:1.0.1-2.RHEL3.2 Red Hat Enterprise Linux 4 2006-04-04T00:00:00 RHSA-2006:0271 freeradius-0:1.0.1-3.RHEL4.3 https://www.cve.org/CVERecord?id=CVE-2006-1354 https://nvd.nist.gov/vuln/detail/CVE-2006-1354 nethack: Local privilege escalation via crafted score file

The configuration of NetHack 3.4.3-r1 and earlier, Falcon's Eye 1.9.4a and earlier, and Slash'EM 0.0.760 and earlier on Gentoo Linux allows local users in the games group to modify saved games files to execute arbitrary code via buffer overflows and overwrite arbitrary files via symlink attacks.

https://www.cve.org/CVERecord?id=CVE-2006-1390 https://nvd.nist.gov/vuln/detail/CVE-2006-1390 Moderate 2006-03-28T00:00:00 security flaw

PHP before 5.1.3-RC1 might allow remote attackers to obtain portions of memory via crafted binary data sent to a script that processes user input in the html_entity_decode function and sends the encoded results back to the client, aka a "binary safety" issue. NOTE: this issue has been referred to as a "memory leak," but it is an information leak that discloses memory contents.

Red Hat Enterprise Linux 3 2006-04-25T00:00:00 RHSA-2006:0276 php-0:4.3.2-30.ent Red Hat Enterprise Linux 4 2006-04-25T00:00:00 RHSA-2006:0276 php-0:4.3.9-3.12 https://www.cve.org/CVERecord?id=CVE-2006-1490 https://nvd.nist.gov/vuln/detail/CVE-2006-1490 Low 2006-04-08T00:00:00 security flaw

Directory traversal vulnerability in file.c in PHP 4.4.2 and 5.1.2 allows local users to bypass open_basedir restrictions allows remote attackers to create files in arbitrary directories via the tempnam function.

This issue did not affect the versions of OpenSSH as distributed with Red Hat Enterprise Linux 2.1, 3, or 4. Red Hat Enterprise Linux 3 2006-07-12T00:00:00 RHSA-2006:0568 php-0:4.3.2-33.ent Red Hat Enterprise Linux 4 2006-07-12T00:00:00 RHSA-2006:0568 php-0:4.3.9-3.15 Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2006-07-25T00:00:00 RHSA-2006:0567 Red Hat Enterprise Linux ES version 2.1 2006-07-25T00:00:00 RHSA-2006:0567 Red Hat Enterprise Linux WS version 2.1 2006-07-25T00:00:00 RHSA-2006:0567 Red Hat Linux Advanced Workstation 2.1 2006-07-25T00:00:00 RHSA-2006:0567 Stronghold 4.0 for Red Hat Enterprise Linux AS (version 2.1) 2006-07-27T00:00:00 RHSA-2006:0549 https://www.cve.org/CVERecord?id=CVE-2006-1494 https://nvd.nist.gov/vuln/detail/CVE-2006-1494 Moderate 2006-05-02T00:00:00 security flaw

The check_connection function in sql_parse.cc in MySQL 4.0.x up to 4.0.26, 4.1.x up to 4.1.18, and 5.0.x up to 5.0.20 allows remote attackers to read portions of memory via a username without a trailing null byte, which causes a buffer over-read.

Red Hat Enterprise Linux 4 2006-06-09T00:00:00 RHSA-2006:0544 mysql-0:4.1.20-1.RHEL4.1 https://www.cve.org/CVERecord?id=CVE-2006-1516 https://nvd.nist.gov/vuln/detail/CVE-2006-1516 Moderate 2006-05-02T00:00:00 security flaw

sql_parse.cc in MySQL 4.0.x up to 4.0.26, 4.1.x up to 4.1.18, and 5.0.x up to 5.0.20 allows remote attackers to obtain sensitive information via a COM_TABLE_DUMP request with an incorrect packet length, which includes portions of memory in an error message.

Red Hat Enterprise Linux 4 2006-06-09T00:00:00 RHSA-2006:0544 mysql-0:4.1.20-1.RHEL4.1 https://www.cve.org/CVERecord?id=CVE-2006-1517 https://nvd.nist.gov/vuln/detail/CVE-2006-1517 Important 2006-04-10T00:00:00 security flaw

The sys_add_key function in the keyring code in Linux kernel 2.6.16.1 and 2.6.17-rc1, and possibly earlier versions, allows local users to cause a denial of service (OOPS) via keyctl requests that add a key to a user key instead of a keyring key, which causes an invalid dereference in the __keyring_search_one function.

Red Hat Enterprise Linux 4 2006-05-24T00:00:00 RHSA-2006:0493 kernel-0:2.6.9-34.0.1.EL https://www.cve.org/CVERecord?id=CVE-2006-1522 https://nvd.nist.gov/vuln/detail/CVE-2006-1522 Important 2006-04-14T00:00:00 security flaw

ip_route_input in Linux kernel 2.6 before 2.6.16.8 allows local users to cause a denial of service (panic) via a request for a route for a multicast IP address, which triggers a null dereference.

Red Hat Enterprise Linux 4 2006-05-24T00:00:00 RHSA-2006:0493 kernel-0:2.6.9-34.0.1.EL https://www.cve.org/CVERecord?id=CVE-2006-1525 https://nvd.nist.gov/vuln/detail/CVE-2006-1525 Important 2006-05-02T14:00:00 security flaw

Buffer overflow in the X render (Xrender) extension in X.org X server 6.8.0 up to allows attackers to cause a denial of service (crash), as demonstrated by the (1) XRenderCompositeTriStrip and (2) XRenderCompositeTriFan requests in the rendertest from XCB xcb/xcb-demo, which leads to an incorrect memory allocation due to a typo in an expression that uses a "&" instead of a "*" operator. NOTE: the subject line of the original announcement used an incorrect CVE number for this issue.

Red Hat Enterprise Linux 4 2006-05-04T00:00:00 RHSA-2006:0451 xorg-x11-0:6.8.2-1.EL.13.25.1 https://www.cve.org/CVERecord?id=CVE-2006-1526 https://nvd.nist.gov/vuln/detail/CVE-2006-1526 Important 2006-05-02T00:00:00 security flaw

The SCTP-netfilter code in Linux kernel before 2.6.16.13 allows remote attackers to trigger a denial of service (infinite loop) via unknown vectors that cause an invalid SCTP chunk size to be processed by the for_each_sctp_chunk function.

Red Hat Enterprise Linux 4 2006-05-24T00:00:00 RHSA-2006:0493 kernel-0:2.6.9-34.0.1.EL https://www.cve.org/CVERecord?id=CVE-2006-1527 https://nvd.nist.gov/vuln/detail/CVE-2006-1527 Important 2005-08-30T00:00:00 security flaw

Linux kernel before 2.6.13 allows local users to cause a denial of service (crash) via a dio transfer from the sg driver to memory mapped (mmap) IO space.

Red Hat Enterprise Linux 4 2006-05-24T00:00:00 RHSA-2006:0493 kernel-0:2.6.9-34.0.1.EL https://www.cve.org/CVERecord?id=CVE-2006-1528 https://nvd.nist.gov/vuln/detail/CVE-2006-1528 Low 2005-09-22T00:00:00 python buffer overflow

Stack-based buffer overflow in Python 2.4.2 and earlier, running on Linux 2.6.12.5 under gcc 4.0.3 with libc 2.3.5, allows local users to cause a "stack overflow," and possibly gain privileges, by running a script from a current working directory that has a long name, related to the realpath function. NOTE: this might not be a vulnerability. However, the fact that it appears in a programming language interpreter could mean that some applications are affected, although attack scenarios might be limited because the attacker might already need to cross privilege boundaries to cause an exploitable program to be placed in a directory with a long name; or, depending on the method that Python uses to determine the current working directory, setuid applications might be affected.

The Red Hat Product Security has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: https://access.redhat.com/security/updates/classification/ Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0525 rhn-solaris-bootstrap-0:5.0.2-3 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0525 rhn_solaris_bootstrap_5_0_2_3-0:1-0 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0525 rhn-solaris-bootstrap-0:5.0.2-3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0525 rhn_solaris_bootstrap_5_0_2_3-0:1-0 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0264 rhn-solaris-bootstrap-0:5.0.2-3 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0264 rhn_solaris_bootstrap_5_0_2_3-0:1-0 Red Hat Network Satellite Server v 5.1 2008-08-13T00:00:00 RHSA-2008:0629 rhn-solaris-bootstrap-0:5.1.1-3 Red Hat Network Satellite Server v 5.1 2008-08-13T00:00:00 RHSA-2008:0629 rhn_solaris_bootstrap_5_1_1_3-0:1-0 https://www.cve.org/CVERecord?id=CVE-2006-1542 https://nvd.nist.gov/vuln/detail/CVE-2006-1542 Moderate 2006-03-22T00:00:00 struts bypass validation

Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to bypass validation via a request with a 'org.apache.struts.taglib.html.Constants.CANCEL' parameter, which causes the action to be canceled but would not be detected from applications that do not use the isCancelled check.

Red Hat Application Server 3AS 2006-05-03T00:00:00 RHSA-2006:0281 Red Hat Application Server v2 4AS 2006-05-03T00:00:00 RHSA-2006:0281 https://www.cve.org/CVERecord?id=CVE-2006-1546 https://nvd.nist.gov/vuln/detail/CVE-2006-1546 Moderate 2006-03-22T00:00:00 security flaw

ActionForm in Apache Software Foundation (ASF) Struts before 1.2.9 with BeanUtils 1.7 allows remote attackers to cause a denial of service via a multipart/form-data encoded form with a parameter name that references the public getMultipartRequestHandler method, which provides further access to elements in the CommonsMultipartRequestHandler implementation and BeanUtils.

Red Hat Application Server 3AS 2006-05-03T00:00:00 RHSA-2006:0281 Red Hat Application Server v2 4AS 2006-05-03T00:00:00 RHSA-2006:0281 https://www.cve.org/CVERecord?id=CVE-2006-1547 https://nvd.nist.gov/vuln/detail/CVE-2006-1547 https://www.cisa.gov/known-exploited-vulnerabilities-catalog Moderate 2006-03-22T00:00:00 struts LookupDispatchAction XSS CWE-79

Cross-site scripting (XSS) vulnerability in (1) LookupDispatchAction and possibly (2) DispatchAction and (3) ActionDispatcher in Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to inject arbitrary web script or HTML via the parameter name, which is not filtered in the resulting error message.

Red Hat Application Server 3AS 2006-05-03T00:00:00 RHSA-2006:0281 Red Hat Application Server v2 4AS 2006-05-03T00:00:00 RHSA-2006:0281 https://www.cve.org/CVERecord?id=CVE-2006-1548 https://nvd.nist.gov/vuln/detail/CVE-2006-1548

PHP 4.4.2 and 5.1.2 allows local users to cause a crash (segmentation fault) by defining and executing a recursive function. NOTE: it has been reported by a reliable third party that some later versions are also affected.

The PHP interpreter does not offer a reliable "sandboxed" security layer (as found in, say, a JVM) in which untrusted scripts can be run; any script run by the PHP interpreter must be trusted with the privileges of the interpreter itself. We therefore do not classify this issue as security-sensitive since no trust boundary is crossed. https://www.cve.org/CVERecord?id=CVE-2006-1549 https://nvd.nist.gov/vuln/detail/CVE-2006-1549 Moderate 2006-03-29T00:00:00 Dia multiple buffer overflows

Multiple buffer overflows in the xfig import code (xfig-import.c) in Dia 0.87 and later before 0.95-pre6 allow user-assisted attackers to have an unknown impact via a crafted xfig file, possibly involving an invalid (1) color index, (2) number of points, or (3) depth.

Red Hat Enterprise Linux 4 2006-05-03T00:00:00 RHSA-2006:0280 dia-1:0.94-5.4 https://www.cve.org/CVERecord?id=CVE-2006-1550 https://nvd.nist.gov/vuln/detail/CVE-2006-1550

The copy function in file.c in PHP 4.4.2 and 5.1.2 allows local users to bypass safe mode and read arbitrary files via a source argument containing a compress.zlib:// URI.

We do not consider these to be security issues: http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1 https://www.cve.org/CVERecord?id=CVE-2006-1608 https://nvd.nist.gov/vuln/detail/CVE-2006-1608

The default configuration of syslogd in the Linux sysklogd package does not enable the -x (disable name lookups) option, which allows remote attackers to cause a denial of service (traffic amplification) via messages with spoofed source IP addresses.

Red Hat does not consider this to be a security issue. Enabling the -r option is not suggested without the -x option which is clearly documented in the /etc/sysconfig/syslog configuration file. https://www.cve.org/CVERecord?id=CVE-2006-1624 https://nvd.nist.gov/vuln/detail/CVE-2006-1624 Moderate 2005-05-15T00:00:00 cyrus-sasl digest-md5 DoS

digestmd5.c in the CMU Cyrus Simple Authentication and Security Layer (SASL) library 2.1.18, and possibly other versions before 2.1.21, allows remote unauthenticated attackers to cause a denial of service (segmentation fault) via malformed inputs in DIGEST-MD5 negotiation.

Red Hat Enterprise Linux 3 2007-09-04T00:00:00 RHSA-2007:0878 cyrus-sasl-0:2.1.15-15 Red Hat Enterprise Linux 4 2007-09-04T00:00:00 RHSA-2007:0795 cyrus-sasl-0:2.1.19-14 https://www.cve.org/CVERecord?id=CVE-2006-1721 https://nvd.nist.gov/vuln/detail/CVE-2006-1721 Critical 2006-04-14T00:00:00 security flaw

Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via attack vectors related to DHTML.

Red Hat Enterprise Linux 4 2006-04-14T00:00:00 RHSA-2006:0328 firefox-0:1.0.8-1.4.1 Red Hat Enterprise Linux 4 2006-04-18T00:00:00 RHSA-2006:0329 devhelp-0:0.9.2-2.4.8 Red Hat Enterprise Linux 4 2006-04-21T00:00:00 RHSA-2006:0330 thunderbird-0:1.0.8-1.4.1 https://www.cve.org/CVERecord?id=CVE-2006-1724 https://nvd.nist.gov/vuln/detail/CVE-2006-1724 Moderate 2006-04-14T00:00:00 security flaw

Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to gain chrome privileges via multiple attack vectors related to the use of XBL scripts with "Print Preview".

Red Hat Enterprise Linux 4 2006-04-14T00:00:00 RHSA-2006:0328 firefox-0:1.0.8-1.4.1 Red Hat Enterprise Linux 4 2006-04-18T00:00:00 RHSA-2006:0329 devhelp-0:0.9.2-2.4.8 Red Hat Enterprise Linux 4 2006-04-21T00:00:00 RHSA-2006:0330 thunderbird-0:1.0.8-1.4.1 https://www.cve.org/CVERecord?id=CVE-2006-1727 https://nvd.nist.gov/vuln/detail/CVE-2006-1727 Critical 2006-04-14T00:00:00 security flaw

Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to execute arbitrary code via unknown vectors related to the crypto.generateCRMFRequest method.

Red Hat Enterprise Linux 4 2006-04-14T00:00:00 RHSA-2006:0328 firefox-0:1.0.8-1.4.1 Red Hat Enterprise Linux 4 2006-04-18T00:00:00 RHSA-2006:0329 devhelp-0:0.9.2-2.4.8 Red Hat Enterprise Linux 4 2006-04-21T00:00:00 RHSA-2006:0330 thunderbird-0:1.0.8-1.4.1 https://www.cve.org/CVERecord?id=CVE-2006-1728 https://nvd.nist.gov/vuln/detail/CVE-2006-1728 Moderate 2006-04-14T00:00:00 security flaw

Mozilla Firefox 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to read arbitrary files by (1) inserting the target filename into a text box, then turning that box into a file upload control, or (2) changing the type of the input control that is associated with an event handler.

Red Hat Enterprise Linux 4 2006-04-14T00:00:00 RHSA-2006:0328 firefox-0:1.0.8-1.4.1 Red Hat Enterprise Linux 4 2006-04-18T00:00:00 RHSA-2006:0329 devhelp-0:0.9.2-2.4.8 https://www.cve.org/CVERecord?id=CVE-2006-1729 https://nvd.nist.gov/vuln/detail/CVE-2006-1729 Critical 2006-04-14T00:00:00 security flaw

Integer overflow in Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to execute arbitrary code via a large number in the CSS letter-spacing property that leads to a heap-based buffer overflow.

Red Hat Enterprise Linux 4 2006-04-14T00:00:00 RHSA-2006:0328 firefox-0:1.0.8-1.4.1 Red Hat Enterprise Linux 4 2006-04-18T00:00:00 RHSA-2006:0329 devhelp-0:0.9.2-2.4.8 Red Hat Enterprise Linux 4 2006-04-21T00:00:00 RHSA-2006:0330 thunderbird-0:1.0.8-1.4.1 https://www.cve.org/CVERecord?id=CVE-2006-1730 https://nvd.nist.gov/vuln/detail/CVE-2006-1730 Moderate 2006-04-14T00:00:00 security flaw

Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 returns the Object class prototype instead of the global window object when (1) .valueOf.call or (2) .valueOf.apply are called without any arguments, which allows remote attackers to conduct cross-site scripting (XSS) attacks.

Red Hat Enterprise Linux 4 2006-04-14T00:00:00 RHSA-2006:0328 firefox-0:1.0.8-1.4.1 Red Hat Enterprise Linux 4 2006-04-18T00:00:00 RHSA-2006:0329 devhelp-0:0.9.2-2.4.8 Red Hat Enterprise Linux 4 2006-04-21T00:00:00 RHSA-2006:0330 thunderbird-0:1.0.8-1.4.1 https://www.cve.org/CVERecord?id=CVE-2006-1731 https://nvd.nist.gov/vuln/detail/CVE-2006-1731 Moderate 2006-04-14T00:00:00 security flaw

Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to bypass same-origin protections and conduct cross-site scripting (XSS) attacks via unspecified vectors involving the window.controllers array.

Red Hat Enterprise Linux 4 2006-04-14T00:00:00 RHSA-2006:0328 firefox-0:1.0.8-1.4.1 Red Hat Enterprise Linux 4 2006-04-18T00:00:00 RHSA-2006:0329 devhelp-0:0.9.2-2.4.8 Red Hat Enterprise Linux 4 2006-04-21T00:00:00 RHSA-2006:0330 thunderbird-0:1.0.8-1.4.1 https://www.cve.org/CVERecord?id=CVE-2006-1732 https://nvd.nist.gov/vuln/detail/CVE-2006-1732 Critical 2006-04-14T00:00:00 security flaw

Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 does not properly protect the compilation scope of privileged built-in XBL bindings, which allows remote attackers to execute arbitrary code via the (1) valueOf.call or (2) valueOf.apply methods of an XBL binding, or (3) "by inserting an XBL method into the DOM's document.body prototype chain."

Red Hat Enterprise Linux 4 2006-04-14T00:00:00 RHSA-2006:0328 firefox-0:1.0.8-1.4.1 Red Hat Enterprise Linux 4 2006-04-18T00:00:00 RHSA-2006:0329 devhelp-0:0.9.2-2.4.8 Red Hat Enterprise Linux 4 2006-04-21T00:00:00 RHSA-2006:0330 thunderbird-0:1.0.8-1.4.1 https://www.cve.org/CVERecord?id=CVE-2006-1733 https://nvd.nist.gov/vuln/detail/CVE-2006-1733 Critical 2006-04-14T00:00:00 security flaw

Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to execute arbitrary code by using the Object.watch method to access the "clone parent" internal function.

Red Hat Enterprise Linux 4 2006-04-14T00:00:00 RHSA-2006:0328 firefox-0:1.0.8-1.4.1 Red Hat Enterprise Linux 4 2006-04-18T00:00:00 RHSA-2006:0329 devhelp-0:0.9.2-2.4.8 Red Hat Enterprise Linux 4 2006-04-21T00:00:00 RHSA-2006:0330 thunderbird-0:1.0.8-1.4.1 https://www.cve.org/CVERecord?id=CVE-2006-1734 https://nvd.nist.gov/vuln/detail/CVE-2006-1734 Critical 2006-04-14T00:00:00 security flaw

Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to execute arbitrary code by using an eval in an XBL method binding (XBL.method.eval) to create Javascript functions that are compiled with extra privileges.

Red Hat Enterprise Linux 4 2006-04-14T00:00:00 RHSA-2006:0328 firefox-0:1.0.8-1.4.1 Red Hat Enterprise Linux 4 2006-04-18T00:00:00 RHSA-2006:0329 devhelp-0:0.9.2-2.4.8 Red Hat Enterprise Linux 4 2006-04-21T00:00:00 RHSA-2006:0330 thunderbird-0:1.0.8-1.4.1 https://www.cve.org/CVERecord?id=CVE-2006-1735 https://nvd.nist.gov/vuln/detail/CVE-2006-1735 Critical 2006-04-14T00:00:00 security flaw

Integer overflow in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary bytecode via JavaScript with a large regular expression.

Red Hat Enterprise Linux 4 2006-04-14T00:00:00 RHSA-2006:0328 firefox-0:1.0.8-1.4.1 Red Hat Enterprise Linux 4 2006-04-18T00:00:00 RHSA-2006:0329 devhelp-0:0.9.2-2.4.8 Red Hat Enterprise Linux 4 2006-04-21T00:00:00 RHSA-2006:0330 thunderbird-0:1.0.8-1.4.1 https://www.cve.org/CVERecord?id=CVE-2006-1737 https://nvd.nist.gov/vuln/detail/CVE-2006-1737 Critical 2006-04-14T00:00:00 security flaw

Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to cause a denial of service (crash) by changing the (1) -moz-grid and (2) -moz-grid-group display styles.

Red Hat Enterprise Linux 4 2006-04-14T00:00:00 RHSA-2006:0328 firefox-0:1.0.8-1.4.1 Red Hat Enterprise Linux 4 2006-04-18T00:00:00 RHSA-2006:0329 devhelp-0:0.9.2-2.4.8 Red Hat Enterprise Linux 4 2006-04-21T00:00:00 RHSA-2006:0330 thunderbird-0:1.0.8-1.4.1 https://www.cve.org/CVERecord?id=CVE-2006-1738 https://nvd.nist.gov/vuln/detail/CVE-2006-1738 Critical 2006-04-14T00:00:00 security flaw

The CSS border-rendering code in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain Cascading Style Sheets (CSS) that causes an out-of-bounds array write and buffer overflow.

Red Hat Enterprise Linux 4 2006-04-14T00:00:00 RHSA-2006:0328 firefox-0:1.0.8-1.4.1 Red Hat Enterprise Linux 4 2006-04-18T00:00:00 RHSA-2006:0329 devhelp-0:0.9.2-2.4.8 Red Hat Enterprise Linux 4 2006-04-21T00:00:00 RHSA-2006:0330 thunderbird-0:1.0.8-1.4.1 https://www.cve.org/CVERecord?id=CVE-2006-1739 https://nvd.nist.gov/vuln/detail/CVE-2006-1739 Low 2006-04-14T00:00:00 security flaw

Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to spoof secure site indicators such as the locked icon by opening the trusted site in a popup window, then changing the location to a malicious site.

Red Hat Enterprise Linux 4 2006-04-14T00:00:00 RHSA-2006:0328 firefox-0:1.0.8-1.4.1 Red Hat Enterprise Linux 4 2006-04-18T00:00:00 RHSA-2006:0329 devhelp-0:0.9.2-2.4.8 https://www.cve.org/CVERecord?id=CVE-2006-1740 https://nvd.nist.gov/vuln/detail/CVE-2006-1740 Moderate 2006-04-14T00:00:00 security flaw

Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to inject arbitrary Javascript into other sites by (1) "using a modal alert to suspend an event handler while a new page is being loaded", (2) using eval(), and using certain variants involving (3) "new Script;" and (4) using window.__proto__ to extend eval, aka "cross-site JavaScript injection".

Red Hat Enterprise Linux 4 2006-04-14T00:00:00 RHSA-2006:0328 firefox-0:1.0.8-1.4.1 Red Hat Enterprise Linux 4 2006-04-18T00:00:00 RHSA-2006:0329 devhelp-0:0.9.2-2.4.8 Red Hat Enterprise Linux 4 2006-04-21T00:00:00 RHSA-2006:0330 thunderbird-0:1.0.8-1.4.1 https://www.cve.org/CVERecord?id=CVE-2006-1741 https://nvd.nist.gov/vuln/detail/CVE-2006-1741 Critical 2006-04-14T00:00:00 security flaw

The JavaScript engine in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 does not properly handle temporary variables that are not garbage collected, which might allow remote attackers to trigger operations on freed memory and cause memory corruption.

Red Hat Enterprise Linux 4 2006-04-14T00:00:00 RHSA-2006:0328 firefox-0:1.0.8-1.4.1 Red Hat Enterprise Linux 4 2006-04-18T00:00:00 RHSA-2006:0329 devhelp-0:0.9.2-2.4.8 Red Hat Enterprise Linux 4 2006-04-21T00:00:00 RHSA-2006:0330 thunderbird-0:1.0.8-1.4.1 https://www.cve.org/CVERecord?id=CVE-2006-1742 https://nvd.nist.gov/vuln/detail/CVE-2006-1742 Critical 2006-04-14T00:00:00 security flaw

A regression fix in Mozilla Firefox 1.0.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the InstallTrigger.install method, which leads to memory corruption.

Red Hat Enterprise Linux 4 2006-04-14T00:00:00 RHSA-2006:0328 firefox-0:1.0.8-1.4.1 Red Hat Enterprise Linux 4 2006-04-18T00:00:00 RHSA-2006:0329 devhelp-0:0.9.2-2.4.8 Red Hat Enterprise Linux 4 2006-04-21T00:00:00 RHSA-2006:0330 thunderbird-0:1.0.8-1.4.1 https://www.cve.org/CVERecord?id=CVE-2006-1790 https://nvd.nist.gov/vuln/detail/CVE-2006-1790 Important 2006-05-18T00:00:00 security flaw

choose_new_parent in Linux kernel before 2.6.11.12 includes certain debugging code, which allows local users to cause a denial of service (panic) by causing certain circumstances involving termination of a parent process.

Red Hat Enterprise Linux 4 2006-05-24T00:00:00 RHSA-2006:0493 kernel-0:2.6.9-34.0.1.EL https://www.cve.org/CVERecord?id=CVE-2006-1855 https://nvd.nist.gov/vuln/detail/CVE-2006-1855 Moderate 2005-09-28T00:00:00 security flaw

Certain modifications to the Linux kernel 2.6.16 and earlier do not add the appropriate Linux Security Modules (LSM) file_permission hooks to the (1) readv and (2) writev functions, which might allow attackers to bypass intended access restrictions.

Red Hat Enterprise Linux 4 2006-05-24T00:00:00 RHSA-2006:0493 kernel-0:2.6.9-34.0.1.EL https://www.cve.org/CVERecord?id=CVE-2006-1856 https://nvd.nist.gov/vuln/detail/CVE-2006-1856 Moderate 2006-05-19T00:00:00 security flaw

Buffer overflow in SCTP in Linux kernel before 2.6.16.17 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a malformed HB-ACK chunk.

Red Hat Enterprise Linux 4 2006-08-10T00:00:00 RHSA-2006:0575 kernel-0:2.6.9-42.EL https://www.cve.org/CVERecord?id=CVE-2006-1857 https://nvd.nist.gov/vuln/detail/CVE-2006-1857 Low 2006-05-19T00:00:00 security flaw

SCTP in Linux kernel before 2.6.16.17 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a chunk length that is inconsistent with the actual length of provided parameters.

Red Hat Enterprise Linux 4 2006-08-22T00:00:00 RHSA-2006:0617 kernel-0:2.6.9-42.0.2.EL https://www.cve.org/CVERecord?id=CVE-2006-1858 https://nvd.nist.gov/vuln/detail/CVE-2006-1858 Moderate 2006-05-15T00:00:00 freetype: multiple integer overflow vulnerabilities CWE-190

Multiple integer overflows in FreeType before 2.2 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via attack vectors related to (1) bdf/bdflib.c, (2) sfnt/ttcmap.c, (3) cff/cffgload.c, and (4) the read_lwfn function and a crafted LWFN file in base/ftmac.c. NOTE: item 4 was originally identified by CVE-2006-2493.

Red Hat Enterprise Linux 2.1 2009-05-22T00:00:00 RHSA-2009:1062 freetype-0:2.0.3-17.el21 Red Hat Enterprise Linux 3 2006-07-18T00:00:00 RHSA-2006:0500 freetype-0:2.1.4-4.0.rhel3.2 Red Hat Enterprise Linux 3 2009-05-22T00:00:00 RHSA-2009:0329 freetype-0:2.1.4-12.el3 Red Hat Enterprise Linux 4 2006-07-18T00:00:00 RHSA-2006:0500 freetype-0:2.1.9-1.rhel4.4 Red Hat Enterprise Linux 4 2009-05-22T00:00:00 RHSA-2009:0329 freetype-0:2.1.9-10.el4.7 https://www.cve.org/CVERecord?id=CVE-2006-1861 https://nvd.nist.gov/vuln/detail/CVE-2006-1861 Important 2006-05-18T00:00:00 security flaw

The virtual memory implementation in Linux kernel 2.6.x allows local users to cause a denial of service (panic) by running lsof a large number of times in a way that produces a heavy system load.

Red Hat Enterprise Linux 4 2006-05-24T00:00:00 RHSA-2006:0493 kernel-0:2.6.9-34.0.1.EL https://www.cve.org/CVERecord?id=CVE-2006-1862 https://nvd.nist.gov/vuln/detail/CVE-2006-1862 Moderate 2006-04-20T00:00:00 security flaw

Directory traversal vulnerability in CIFS in Linux 2.6.16 and earlier allows local users to escape chroot restrictions for an SMB-mounted filesystem via "..\\" sequences, a similar vulnerability to CVE-2006-1864.

Red Hat Enterprise Linux 4 2007-04-28T00:00:00 RHBA-2007:0304 kernel-0:2.6.9-55.EL https://www.cve.org/CVERecord?id=CVE-2006-1863 https://nvd.nist.gov/vuln/detail/CVE-2006-1863 Moderate 2006-04-26T00:00:00 security flaw

Directory traversal vulnerability in smbfs in Linux 2.6.16 and earlier allows local users to escape chroot restrictions for an SMB-mounted filesystem via "..\\" sequences, a similar vulnerability to CVE-2006-1863.

Red Hat Enterprise Linux 3 2006-10-20T00:00:00 RHSA-2006:0710 kernel-0:2.4.21-47.0.1.EL Red Hat Enterprise Linux 4 2006-05-24T00:00:00 RHSA-2006:0493 kernel-0:2.6.9-34.0.1.EL Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2006-07-13T00:00:00 RHSA-2006:0579 Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2006-07-13T00:00:00 RHSA-2006:0580 Red Hat Enterprise Linux ES version 2.1 2006-07-13T00:00:00 RHSA-2006:0579 Red Hat Enterprise Linux WS version 2.1 2006-07-13T00:00:00 RHSA-2006:0579 Red Hat Linux Advanced Workstation 2.1 2006-07-13T00:00:00 RHSA-2006:0580 https://www.cve.org/CVERecord?id=CVE-2006-1864 https://nvd.nist.gov/vuln/detail/CVE-2006-1864 Moderate 2005-06-30T00:00:00 security flaw

The HTTP/XMLRPC server in Ruby before 1.8.2 uses blocking sockets, which allows attackers to cause a denial of service (blocked connections) via a large amount of data.

Red Hat Enterprise Linux 4 2006-05-09T00:00:00 RHSA-2006:0427 ruby-0:1.8.1-7.EL4.3 https://www.cve.org/CVERecord?id=CVE-2006-1931 https://nvd.nist.gov/vuln/detail/CVE-2006-1931 Low 2006-04-24T00:00:00 security flaw

Off-by-one error in the OID printing routine in Ethereal 0.10.x up to 0.10.14 has unknown impact and remote attack vectors.

Red Hat Enterprise Linux 3 2006-05-03T00:00:00 RHSA-2006:0420 ethereal-0:0.99.0-EL3.2 https://www.cve.org/CVERecord?id=CVE-2006-1932 https://nvd.nist.gov/vuln/detail/CVE-2006-1932 Low 2006-04-24T00:00:00 security flaw

Multiple unspecified vulnerabilities in Ethereal 0.10.x up to 0.10.14 allow remote attackers to cause a denial of service (large or infinite loops) viarafted packets to the (1) UMA and (2) BER dissectors.

Red Hat Enterprise Linux 3 2006-05-03T00:00:00 RHSA-2006:0420 ethereal-0:0.99.0-EL3.2 https://www.cve.org/CVERecord?id=CVE-2006-1933 https://nvd.nist.gov/vuln/detail/CVE-2006-1933 Moderate 2006-04-24T00:00:00 security flaw

Multiple buffer overflows in Ethereal 0.10.x up to 0.10.14 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the (1) ALCAP dissector, (2) Network Instruments file code, or (3) NetXray/Windows Sniffer file code.

Red Hat Enterprise Linux 3 2006-05-03T00:00:00 RHSA-2006:0420 ethereal-0:0.99.0-EL3.2 https://www.cve.org/CVERecord?id=CVE-2006-1934 https://nvd.nist.gov/vuln/detail/CVE-2006-1934 Moderate 2006-04-24T00:00:00 security flaw

Buffer overflow in Ethereal 0.9.15 up to 0.10.14 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the COPS dissector.

Red Hat Enterprise Linux 3 2006-05-03T00:00:00 RHSA-2006:0420 ethereal-0:0.99.0-EL3.2 https://www.cve.org/CVERecord?id=CVE-2006-1935 https://nvd.nist.gov/vuln/detail/CVE-2006-1935 Moderate 2006-04-24T00:00:00 security flaw

Buffer overflow in Ethereal 0.8.5 up to 0.10.14 allows remote attackers to execute arbitrary code via the telnet dissector.

Red Hat Enterprise Linux 3 2006-05-03T00:00:00 RHSA-2006:0420 ethereal-0:0.99.0-EL3.2 https://www.cve.org/CVERecord?id=CVE-2006-1936 https://nvd.nist.gov/vuln/detail/CVE-2006-1936 Low 2006-04-24T00:00:00 security flaw

Multiple unspecified vulnerabilities in Ethereal 0.10.x up to 0.10.14 allow remote attackers to cause a denial of service (crash from null dereference) via (1) multiple vectors in H.248, and the (2) X.509if, (3) SRVLOC, (4) H.245, (5) AIM, and (6) general packet dissectors; and (7) the statistics counter.

Red Hat Enterprise Linux 3 2006-05-03T00:00:00 RHSA-2006:0420 ethereal-0:0.99.0-EL3.2 https://www.cve.org/CVERecord?id=CVE-2006-1937 https://nvd.nist.gov/vuln/detail/CVE-2006-1937 Low 2006-04-24T00:00:00 security flaw

Multiple unspecified vulnerabilities in Ethereal 0.8.x up to 0.10.14 allow remote attackers to cause a denial of service (crash from null dereference) via the (1) Sniffer capture or (2) SMB PIPE dissector.

Red Hat Enterprise Linux 3 2006-05-03T00:00:00 RHSA-2006:0420 ethereal-0:0.99.0-EL3.2 https://www.cve.org/CVERecord?id=CVE-2006-1938 https://nvd.nist.gov/vuln/detail/CVE-2006-1938 Low 2006-04-24T00:00:00 security flaw

Multiple unspecified vulnerabilities in Ethereal 0.9.x up to 0.10.14 allow remote attackers to cause a denial of service (crash from null dereference) via (1) an invalid display filter, or the (2) GSM SMS, (3) ASN.1-based, (4) DCERPC NT, (5) PER, (6) RPC, (7) DCERPC, and (8) ASN.1 dissectors.

Red Hat Enterprise Linux 3 2006-05-03T00:00:00 RHSA-2006:0420 ethereal-0:0.99.0-EL3.2 https://www.cve.org/CVERecord?id=CVE-2006-1939 https://nvd.nist.gov/vuln/detail/CVE-2006-1939 Low 2006-04-24T00:00:00 security flaw

Unspecified vulnerability in Ethereal 0.10.4 up to 0.10.14 allows remote attackers to cause a denial of service (abort) via the SNDCP dissector.

Red Hat Enterprise Linux 3 2006-05-03T00:00:00 RHSA-2006:0420 ethereal-0:0.99.0-EL3.2 https://www.cve.org/CVERecord?id=CVE-2006-1940 https://nvd.nist.gov/vuln/detail/CVE-2006-1940 Low 2006-04-24T00:00:00 security flaw

Integer overflow in the wordwrap function in string.c in PHP 4.4.2 and 5.1.2 might allow context-dependent attackers to execute arbitrary code via certain long arguments that cause a small buffer to be allocated, which triggers a heap-based buffer overflow in a memcpy function call, a different vulnerability than CVE-2002-1396.

Red Hat Enterprise Linux 3 2006-07-12T00:00:00 RHSA-2006:0568 php-0:4.3.2-33.ent Red Hat Enterprise Linux 4 2006-07-12T00:00:00 RHSA-2006:0568 php-0:4.3.9-3.15 Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2006-05-23T00:00:00 RHSA-2006:0501 Red Hat Enterprise Linux ES version 2.1 2006-05-23T00:00:00 RHSA-2006:0501 Red Hat Enterprise Linux WS version 2.1 2006-05-23T00:00:00 RHSA-2006:0501 Red Hat Linux Advanced Workstation 2.1 2006-05-23T00:00:00 RHSA-2006:0501 Stronghold 4.0 for Red Hat Enterprise Linux AS (version 2.1) 2006-07-27T00:00:00 RHSA-2006:0549 https://www.cve.org/CVERecord?id=CVE-2006-1990 https://nvd.nist.gov/vuln/detail/CVE-2006-1990 Important 2006-03-03T00:00:00 security flaw

Multiple vulnerabilities in libtiff before 3.8.1 allow context-dependent attackers to cause a denial of service via a TIFF image that triggers errors in (1) the TIFFFetchAnyArray function in (a) tif_dirread.c; (2) certain "codec cleanup methods" in (b) tif_lzw.c, (c) tif_pixarlog.c, and (d) tif_zip.c; (3) and improper restoration of setfield and getfield methods in cleanup functions within (e) tif_jpeg.c, tif_pixarlog.c, (f) tif_fax3.c, and tif_zip.c.

Red Hat Enterprise Linux 3 2006-05-09T00:00:00 RHSA-2006:0425 libtiff-0:3.5.7-25.el3.1 Red Hat Enterprise Linux 3 2006-08-28T00:00:00 RHSA-2006:0648 kdegraphics-7:3.1.3-3.10 Red Hat Enterprise Linux 4 2006-05-09T00:00:00 RHSA-2006:0425 libtiff-0:3.6.1-10 https://www.cve.org/CVERecord?id=CVE-2006-2024 https://nvd.nist.gov/vuln/detail/CVE-2006-2024 Important 2006-03-03T00:00:00 security flaw

Integer overflow in the TIFFFetchData function in tif_dirread.c for libtiff before 3.8.1 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via a crafted TIFF image.

Red Hat Enterprise Linux 3 2006-05-09T00:00:00 RHSA-2006:0425 libtiff-0:3.5.7-25.el3.1 Red Hat Enterprise Linux 3 2006-08-28T00:00:00 RHSA-2006:0648 kdegraphics-7:3.1.3-3.10 Red Hat Enterprise Linux 4 2006-05-09T00:00:00 RHSA-2006:0425 libtiff-0:3.6.1-10 https://www.cve.org/CVERecord?id=CVE-2006-2025 https://nvd.nist.gov/vuln/detail/CVE-2006-2025 Important 2006-03-03T00:00:00 security flaw

Double free vulnerability in tif_jpeg.c in libtiff before 3.8.1 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF image that triggers errors related to "setfield/getfield methods in cleanup functions."

Red Hat Enterprise Linux 3 2006-05-09T00:00:00 RHSA-2006:0425 libtiff-0:3.5.7-25.el3.1 Red Hat Enterprise Linux 3 2006-08-28T00:00:00 RHSA-2006:0648 kdegraphics-7:3.1.3-3.10 Red Hat Enterprise Linux 4 2006-05-09T00:00:00 RHSA-2006:0425 libtiff-0:3.6.1-10 https://www.cve.org/CVERecord?id=CVE-2006-2026 https://nvd.nist.gov/vuln/detail/CVE-2006-2026

SQL injection vulnerability in dcboard.cgi in DCScripts DCForumLite 3.0 allows remote attackers to execute arbitrary SQL commands via the az parameter.

Red Hat does not consider this to be a security issue. The FastCGI server is local trusted code and not under the control of an attacker, no trust boundary is crossed. For more information please see: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-2050 https://www.cve.org/CVERecord?id=CVE-2006-2050 https://nvd.nist.gov/vuln/detail/CVE-2006-2050 Moderate 2006-04-17T00:00:00 security flaw

Linux kernel 2.4.x and 2.6.x up to 2.6.16 allows local users to bypass IPC permissions and modify a readonly attachment of shared memory by using mprotect to give write permission to the attachment. NOTE: some original raw sources combined this issue with CVE-2006-1524, but they are different bugs.

Red Hat Enterprise Linux 3 2006-10-20T00:00:00 RHSA-2006:0710 kernel-0:2.4.21-47.0.1.EL Red Hat Enterprise Linux 4 2006-10-05T00:00:00 RHSA-2006:0689 kernel-0:2.6.9-42.0.3.EL Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2006-07-13T00:00:00 RHSA-2006:0579 Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2006-07-13T00:00:00 RHSA-2006:0580 Red Hat Enterprise Linux ES version 2.1 2006-07-13T00:00:00 RHSA-2006:0579 Red Hat Enterprise Linux WS version 2.1 2006-07-13T00:00:00 RHSA-2006:0579 Red Hat Linux Advanced Workstation 2.1 2006-07-13T00:00:00 RHSA-2006:0580 https://www.cve.org/CVERecord?id=CVE-2006-2071 https://nvd.nist.gov/vuln/detail/CVE-2006-2071

Unspecified vulnerability in ISC BIND allows remote attackers to cause a denial of service via a crafted DNS message with a "broken" TSIG, as demonstrated by the OUSPG PROTOS DNS test suite.

This issue did not affect the version of bind as shipped with Red Hat Enterprise Linux 5. We do not believe this issue has a security consequence for earlier versions of Red Hat Enterprise Linux. For details please see https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=192192 https://www.cve.org/CVERecord?id=CVE-2006-2073 https://nvd.nist.gov/vuln/detail/CVE-2006-2073 Moderate 2006-04-22T00:00:00 CVE-2006-2083 rsync buffer overflow issue

Integer overflow in the receive_xattr function in the extended attributes patch (xattr.c) for rsync before 2.6.8 might allow attackers to execute arbitrary code via crafted extended attributes that trigger a buffer overflow.

Not vulnerable. This issue does not affect the versions of rsync distributed with Red Hat Enterprise Linux 2.1, 3, or 4. https://www.cve.org/CVERecord?id=CVE-2006-2083 https://nvd.nist.gov/vuln/detail/CVE-2006-2083 Moderate 2006-02-08T00:00:00 security flaw

The TIFFToRGB function in libtiff before 3.8.1 allows remote attackers to cause a denial of service (crash) via a crafted TIFF image with Yr/Yg/Yb values that exceed the YCR/YCG/YCB values, which triggers an out-of-bounds read.

Red Hat Enterprise Linux 3 2006-05-09T00:00:00 RHSA-2006:0425 libtiff-0:3.5.7-25.el3.1 Red Hat Enterprise Linux 4 2006-05-09T00:00:00 RHSA-2006:0425 libtiff-0:3.6.1-10 https://www.cve.org/CVERecord?id=CVE-2006-2120 https://nvd.nist.gov/vuln/detail/CVE-2006-2120 Low 2006-06-07T00:00:00 tiff2pdf buffer overflow

Buffer overflow in the t2p_write_pdf_string function in tiff2pdf in libtiff 3.8.2 and earlier allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a TIFF file with a DocumentName tag that contains UTF-8 characters, which triggers the overflow when a character is sign extended to an integer that produces more digits than expected in an sprintf call.

This issue does not affect Red Hat Enterprise Linux 2.1 and 3 Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Red Hat Enterprise Linux 4 2008-08-28T00:00:00 RHSA-2008:0848 libtiff-0:3.6.1-12.el4_7.2 https://www.cve.org/CVERecord?id=CVE-2006-2193 https://nvd.nist.gov/vuln/detail/CVE-2006-2193

The winbind plugin in pppd for ppp 2.4.4 and earlier does not check the return code from the setuid function call, which might allow local users to gain privileges by causing setuid to fail, such as exceeding PAM limits for the maximum number of user processes, which prevents the winbind NTLM authentication helper from dropping privileges.

Not vulnerable. The winbind plugin is not shipped with Red Hat Enterprise Linux 2.1, 3, or 4. https://www.cve.org/CVERecord?id=CVE-2006-2194 https://nvd.nist.gov/vuln/detail/CVE-2006-2194 Important 2006-06-29T00:00:00 security flaw

OpenOffice.org (aka StarOffice) 1.1.x up to 1.1.5 and 2.0.x before 2.0.3 allows user-assisted attackers to conduct unauthorized activities via an OpenOffice document with a malicious BASIC macro, which is executed without prompting the user.

Red Hat Enterprise Linux 3 2006-07-03T00:00:00 RHSA-2006:0573 openoffice.org-0:1.1.2-34.2.0.EL3 Red Hat Enterprise Linux 4 2006-07-03T00:00:00 RHSA-2006:0573 openoffice.org-0:1.1.2-34.6.0.EL4 https://www.cve.org/CVERecord?id=CVE-2006-2198 https://nvd.nist.gov/vuln/detail/CVE-2006-2198 Important 2006-06-29T00:00:00 security flaw

Unspecified vulnerability in Java Applets in OpenOffice.org 1.1.x (aka StarOffice) up to 1.1.5 and 2.0.x before 2.0.3 allows user-assisted attackers to escape the Java sandbox and conduct unauthorized activities via certain applets in OpenOffice documents.

Red Hat Enterprise Linux 3 2006-07-03T00:00:00 RHSA-2006:0573 openoffice.org-0:1.1.2-34.2.0.EL3 Red Hat Enterprise Linux 4 2006-07-03T00:00:00 RHSA-2006:0573 openoffice.org-0:1.1.2-34.6.0.EL4 https://www.cve.org/CVERecord?id=CVE-2006-2199 https://nvd.nist.gov/vuln/detail/CVE-2006-2199 Moderate 2006-05-03T00:00:00 security flaw

RIPd in Quagga 0.98 and 0.99 before 20060503 does not properly implement configurations that (1) disable RIPv1 or (2) require plaintext or MD5 authentication, which allows remote attackers to obtain sensitive information (routing state) via REQUEST packets such as SEND UPDATE.

Red Hat Enterprise Linux 3 2006-06-01T00:00:00 RHSA-2006:0525 quagga-0:0.96.2-11.3E Red Hat Enterprise Linux 4 2006-06-01T00:00:00 RHSA-2006:0525 quagga-0:0.98.3-2.4E Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2006-06-01T00:00:00 RHSA-2006:0533 Red Hat Linux Advanced Workstation 2.1 2006-06-01T00:00:00 RHSA-2006:0533 https://www.cve.org/CVERecord?id=CVE-2006-2223 https://nvd.nist.gov/vuln/detail/CVE-2006-2223 Moderate 2006-05-03T00:00:00 security flaw

RIPd in Quagga 0.98 and 0.99 before 20060503 does not properly enforce RIPv2 authentication requirements, which allows remote attackers to modify routing state via RIPv1 RESPONSE packets.

Red Hat Enterprise Linux 3 2006-06-01T00:00:00 RHSA-2006:0525 quagga-0:0.96.2-11.3E Red Hat Enterprise Linux 4 2006-06-01T00:00:00 RHSA-2006:0525 quagga-0:0.98.3-2.4E Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2006-06-01T00:00:00 RHSA-2006:0533 Red Hat Linux Advanced Workstation 2.1 2006-06-01T00:00:00 RHSA-2006:0533 https://www.cve.org/CVERecord?id=CVE-2006-2224 https://nvd.nist.gov/vuln/detail/CVE-2006-2224 Moderate 2006-05-08T00:00:00 security flaw

The ECNE chunk handling in Linux SCTP (lksctp) before 2.6.17 allows remote attackers to cause a denial of service (kernel panic) via an unexpected chunk when the session is in CLOSED state.

Red Hat Enterprise Linux 4 2006-05-24T00:00:00 RHSA-2006:0493 kernel-0:2.6.9-34.0.1.EL https://www.cve.org/CVERecord?id=CVE-2006-2271 https://nvd.nist.gov/vuln/detail/CVE-2006-2271 Moderate 2006-05-08T00:00:00 security flaw

Linux SCTP (lksctp) before 2.6.17 allows remote attackers to cause a denial of service (kernel panic) via incoming IP fragmented (1) COOKIE_ECHO and (2) HEARTBEAT SCTP control chunks.

Red Hat Enterprise Linux 4 2006-05-24T00:00:00 RHSA-2006:0493 kernel-0:2.6.9-34.0.1.EL https://www.cve.org/CVERecord?id=CVE-2006-2272 https://nvd.nist.gov/vuln/detail/CVE-2006-2272 Moderate 2006-05-09T00:00:00 security flaw

Linux SCTP (lksctp) before 2.6.17 allows remote attackers to cause a denial of service (infinite recursion and crash) via a packet that contains two or more DATA fragments, which causes an skb pointer to refer back to itself when the full message is reassembled, leading to infinite recursion in the sctp_skb_pull function.

Red Hat Enterprise Linux 4 2006-05-24T00:00:00 RHSA-2006:0493 kernel-0:2.6.9-34.0.1.EL https://www.cve.org/CVERecord?id=CVE-2006-2274 https://nvd.nist.gov/vuln/detail/CVE-2006-2274 Moderate 2006-05-09T00:00:00 security flaw

Linux SCTP (lksctp) before 2.6.17 allows remote attackers to cause a denial of service (deadlock) via a large number of small messages to a receiver application that cannot process the messages quickly enough, which leads to "spillover of the receive buffer."

Red Hat Enterprise Linux 4 2006-08-10T00:00:00 RHSA-2006:0575 kernel-0:2.6.9-42.EL https://www.cve.org/CVERecord?id=CVE-2006-2275 https://nvd.nist.gov/vuln/detail/CVE-2006-2275 Moderate 2006-03-29T00:00:00 security flaw

bgpd in Quagga 0.98 and 0.99 before 20060504 allows local users to cause a denial of service (CPU consumption) via a certain sh ip bgp command entered in the telnet interface.

Red Hat Enterprise Linux 3 2006-06-01T00:00:00 RHSA-2006:0525 quagga-0:0.96.2-11.3E Red Hat Enterprise Linux 4 2006-06-01T00:00:00 RHSA-2006:0525 quagga-0:0.98.3-2.4E Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2006-06-01T00:00:00 RHSA-2006:0533 Red Hat Linux Advanced Workstation 2.1 2006-06-01T00:00:00 RHSA-2006:0533 https://www.cve.org/CVERecord?id=CVE-2006-2276 https://nvd.nist.gov/vuln/detail/CVE-2006-2276 Important 2005-05-23T00:00:00 security flaw

PostgreSQL 8.1.x before 8.1.4, 8.0.x before 8.0.8, 7.4.x before 7.4.13, 7.3.x before 7.3.15, and earlier versions allows context-dependent attackers to bypass SQL injection protection methods in applications via invalid encodings of multibyte characters, aka one variant of "Encoding-Based SQL Injection."

Red Hat Enterprise Linux 3 2006-05-23T00:00:00 RHSA-2006:0526 rh-postgresql-0:7.3.15-2 Red Hat Enterprise Linux 4 2006-05-23T00:00:00 RHSA-2006:0526 postgresql-0:7.4.13-2.RHEL4.1 https://www.cve.org/CVERecord?id=CVE-2006-2313 https://nvd.nist.gov/vuln/detail/CVE-2006-2313 Important 2005-05-23T00:00:00 security flaw

PostgreSQL 8.1.x before 8.1.4, 8.0.x before 8.0.8, 7.4.x before 7.4.13, 7.3.x before 7.3.15, and earlier versions allows context-dependent attackers to bypass SQL injection protection methods in applications that use multibyte encodings that allow the "\" (backslash) byte 0x5c to be the trailing byte of a multibyte character, such as SJIS, BIG5, GBK, GB18030, and UHC, which cannot be handled correctly by a client that does not understand multibyte encodings, aka a second variant of "Encoding-Based SQL Injection." NOTE: it could be argued that this is a class of issue related to interaction errors between the client and PostgreSQL, but a CVE has been assigned since PostgreSQL is treating this as a preventative measure against this class of problem.

Red Hat Enterprise Linux 3 2006-05-23T00:00:00 RHSA-2006:0526 rh-postgresql-0:7.3.15-2 Red Hat Enterprise Linux 4 2006-05-23T00:00:00 RHSA-2006:0526 postgresql-0:7.4.13-2.RHEL4.1 https://www.cve.org/CVERecord?id=CVE-2006-2314 https://nvd.nist.gov/vuln/detail/CVE-2006-2314

RealVNC 4.1.1, and other products that use RealVNC such as AdderLink IP and Cisco CallManager, allows remote attackers to bypass authentication via a request in which the client specifies an insecure security type such as "Type 1 - None", which is accepted even if it is not offered by the server, as originally demonstrated using a long password.

This issue only affected version 4.1.1 and not the versions distributed with Red Hat Enterprise Linux 2.1, 3, or 4. https://www.cve.org/CVERecord?id=CVE-2006-2369 https://nvd.nist.gov/vuln/detail/CVE-2006-2369

Directory traversal vulnerability in Dovecot 1.0 beta and 1.0 allows remote attackers to list files and directories under the mbox parent directory and obtain mailbox names via ".." sequences in the (1) LIST or (2) DELETE IMAP command.

Not vulnerable. This issue does not affect the versions of Dovecot distributed with Red Hat Enterprise Linux. https://www.cve.org/CVERecord?id=CVE-2006-2414 https://nvd.nist.gov/vuln/detail/CVE-2006-2414 Low 2006-05-14T00:00:00 Untrusted applet causes DoS by filling up disk space

Sun Java Runtime Environment (JRE) 1.5.0_6 and earlier, JDK 1.5.0_6 and earlier, and SDK 1.5.0_6 and earlier allows remote attackers to cause a denial of service (disk consumption) by using the Font.createFont function to create temporary files of arbitrary size in the %temp% directory.

Extras for RHEL 4 2009-03-26T00:00:00 RHSA-2009:0392 java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4 Extras for RHEL 4 2009-03-26T00:00:00 RHSA-2009:0394 java-1.5.0-sun-0:1.5.0.18-1jpp.1.el4 Red Hat Enterprise Linux 5 2009-04-07T00:00:00 RHSA-2009:0377 java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5 Red Hat Network Satellite Server v 5.1 2009-12-11T00:00:00 RHSA-2009:1662 java-1.5.0-sun-0:1.5.0.22-1jpp.1.el4 Supplementary for Red Hat Enterprise Linux 5 2009-03-26T00:00:00 RHSA-2009:0392 java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5 Supplementary for Red Hat Enterprise Linux 5 2009-03-26T00:00:00 RHSA-2009:0394 java-1.5.0-sun-0:1.5.0.18-1jpp.1.el5 https://www.cve.org/CVERecord?id=CVE-2006-2426 https://nvd.nist.gov/vuln/detail/CVE-2006-2426 Low 2006-01-02T00:00:00 security flaw

Heap-based buffer overflow in the libMagick component of ImageMagick 6.0.6.2 might allow attackers to execute arbitrary code via an image index array that triggers the overflow during filename glob expansion by the ExpandFilenames function.

Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=192278 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/ This issue does not affect Red Hat Enterprise Linux 2.1 or 3. Red Hat Enterprise Linux 2.1 2007-02-15T00:00:00 RHSA-2007:0015 ImageMagick-0:5.3.8-18 Red Hat Enterprise Linux 3 2007-02-15T00:00:00 RHSA-2007:0015 ImageMagick-0:5.5.6-24 Red Hat Enterprise Linux 4 2007-02-15T00:00:00 RHSA-2007:0015 ImageMagick-0:6.0.7.1-16.0.3 https://www.cve.org/CVERecord?id=CVE-2006-2440 https://nvd.nist.gov/vuln/detail/CVE-2006-2440 Moderate 2006-05-20T00:00:00 security flaw

The snmp_trap_decode function in the SNMP NAT helper for Linux kernel before 2.6.16.18 allows remote attackers to cause a denial of service (crash) via unspecified remote attack vectors that cause failures in snmp_trap_decode that trigger (1) frees of random memory or (2) frees of previously-freed memory (double-free) by snmp_trap_decode as well as its calling function, as demonstrated via certain test cases of the PROTOS SNMP test suite.

Red Hat Enterprise Linux 3 2006-07-20T00:00:00 RHSA-2006:0437 kernel-0:2.4.21-47.EL Red Hat Enterprise Linux 4 2006-08-22T00:00:00 RHSA-2006:0617 kernel-0:2.6.9-42.0.2.EL Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2006-07-13T00:00:00 RHSA-2006:0580 Red Hat Linux Advanced Workstation 2.1 2006-07-13T00:00:00 RHSA-2006:0580 https://www.cve.org/CVERecord?id=CVE-2006-2444 https://nvd.nist.gov/vuln/detail/CVE-2006-2444 Moderate 2006-08-10T00:00:00 security flaw

Race condition between the kfree_skb and __skb_unlink functions in the socket buffer handling in Linux kernel 2.6.9, and possibly other versions, allows remote attackers to cause a denial of service (crash), as demonstrated using the TCP stress tests from the LTP test suite.

Red Hat Enterprise Linux 4 2006-08-10T00:00:00 RHSA-2006:0575 kernel-0:2.6.9-42.EL https://www.cve.org/CVERecord?id=CVE-2006-2446 https://nvd.nist.gov/vuln/detail/CVE-2006-2446 Moderate 2006-06-06T00:00:00 security flaw

SpamAssassin before 3.1.3, when running with vpopmail and the paranoid (-P) switch, allows remote attackers to execute arbitrary commands via a crafted message that is not properly handled when invoking spamd with the virtual pop username.

Red Hat Enterprise Linux 4 2006-06-06T00:00:00 RHSA-2006:0543 spamassassin-0:3.0.6-1.el4 https://www.cve.org/CVERecord?id=CVE-2006-2447 https://nvd.nist.gov/vuln/detail/CVE-2006-2447 Important 2006-06-09T00:00:00 security flaw

Linux kernel before 2.6.16.21 and 2.6.17, when running on PowerPC, does not perform certain required access_ok checks, which allows local users to read arbitrary kernel memory on 64-bit systems (signal_64.c) and cause a denial of service (crash) and possibly read kernel memory on 32-bit systems (signal_32.c).

Red Hat Enterprise Linux 4 2006-08-10T00:00:00 RHSA-2006:0575 kernel-0:2.6.9-42.EL https://www.cve.org/CVERecord?id=CVE-2006-2448 https://nvd.nist.gov/vuln/detail/CVE-2006-2448 Important 2006-06-14T00:00:00 security flaw

KDE Display Manager (KDM) in KDE 3.2.0 up to 3.5.3 allows local users to read arbitrary files via a symlink attack related to the session type for login.

Red Hat Enterprise Linux 4 2006-06-14T00:00:00 RHSA-2006:0548 kdebase-6:3.3.1-5.12 https://www.cve.org/CVERecord?id=CVE-2006-2449 https://nvd.nist.gov/vuln/detail/CVE-2006-2449

auth.c in LibVNCServer 0.7.1 allows remote attackers to bypass authentication via a request in which the client specifies an insecure security type such as "Type 1 - None", which is accepted even if it is not offered by the server, a different issue than CVE-2006-2369.

Not vulnerable. This issue does not affect the versions of LibVNCServer as distributed with Red Hat Enterprise Linux 2.1, 3, or 4. https://www.cve.org/CVERecord?id=CVE-2006-2450 https://nvd.nist.gov/vuln/detail/CVE-2006-2450 Important 2006-07-06T00:00:00 Possible privilege escalation through prctl() and suid_dumpable

The suid_dumpable support in Linux kernel 2.6.13 up to versions before 2.6.17.4, and 2.6.16 before 2.6.16.24, allows a local user to cause a denial of service (disk consumption) and possibly gain privileges via the PR_SET_DUMPABLE argument of the prctl function and a program that causes a core dump file to be created in a directory for which the user does not have permissions.

Red Hat Enterprise Linux 4 2006-07-07T00:00:00 RHSA-2006:0574 kernel-0:2.6.9-34.0.2.EL https://www.cve.org/CVERecord?id=CVE-2006-2451 https://nvd.nist.gov/vuln/detail/CVE-2006-2451 Moderate 2006-05-06T00:00:00 security flaw

Multiple unspecified format string vulnerabilities in Dia have unspecified impact and attack vectors, a different set of issues than CVE-2006-2480.

Red Hat Enterprise Linux 4 2006-06-01T00:00:00 RHSA-2006:0541 dia-1:0.94-5.7.1 https://www.cve.org/CVERecord?id=CVE-2006-2453 https://nvd.nist.gov/vuln/detail/CVE-2006-2453 Low 2004-05-10T00:00:00 security flaw

Format string vulnerability in Dia 0.94 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code by triggering errors or warnings, as demonstrated via format string specifiers in a .bmp filename. NOTE: the original exploit was demonstrated through a command line argument, but there are other mechanisms for input that are automatically processed by Dia, such as a crafted .dia file.

Red Hat Enterprise Linux 4 2006-06-01T00:00:00 RHSA-2006:0541 dia-1:0.94-5.7.1 https://www.cve.org/CVERecord?id=CVE-2006-2480 https://nvd.nist.gov/vuln/detail/CVE-2006-2480

Stack-based buffer overflow in pop3d in Cyrus IMAPD (cyrus-imapd) 2.3.2, when the popsubfolders option is enabled, allows remote attackers to execute arbitrary code via a long USER command.

Not vulnerable. This issue does not affect the versions of cyrus-imapd distributed with Red Hat Enterprise Linux. https://www.cve.org/CVERecord?id=CVE-2006-2502 https://nvd.nist.gov/vuln/detail/CVE-2006-2502

The cURL library (libcurl) in PHP 4.4.2 and 5.1.4 allows attackers to bypass safe mode and read files via a file:// request containing null characters.

We do not consider these to be security issues. For more details see http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1 and http://www.php.net/security-note.php https://www.cve.org/CVERecord?id=CVE-2006-2563 https://nvd.nist.gov/vuln/detail/CVE-2006-2563 Important 2006-01-20T00:00:00 Jobs start from root when pam_limits enabled

do_command.c in Vixie cron (vixie-cron) 4.1 does not check the return code of a setuid call, which might allow local users to gain root privileges if setuid fails in cases such as PAM failures or resource limits, as originally demonstrated by a program that exceeds the process limits as defined in /etc/security/limits.conf.

Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Red Hat Enterprise Linux 4 2006-07-12T00:00:00 RHSA-2006:0539 vixie-cron-4:4.1-44.EL4 https://www.cve.org/CVERecord?id=CVE-2006-2607 https://nvd.nist.gov/vuln/detail/CVE-2006-2607 Low 2006-05-25T00:00:00 tiffsplit buffer overflow

Stack-based buffer overflow in the tiffsplit command in libtiff 3.8.2 and earlier might might allow attackers to execute arbitrary code via a long filename. NOTE: tiffsplit is not setuid. If there is not a common scenario under which tiffsplit is called with attacker-controlled command line arguments, then perhaps this issue should not be included in CVE.

Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Red Hat Enterprise Linux 3 2006-08-02T00:00:00 RHSA-2006:0603 libtiff-0:3.5.7-25.el3.4 Red Hat Enterprise Linux 4 2006-08-02T00:00:00 RHSA-2006:0603 libtiff-0:3.6.1-12 https://www.cve.org/CVERecord?id=CVE-2006-2656 https://nvd.nist.gov/vuln/detail/CVE-2006-2656 Low 2006-07-11T00:00:00 CVE-2006-2660 tempnam() unique filename bypass

Buffer consumption vulnerability in the tempnam function in PHP 5.1.4 and 4.x before 4.4.3 allows local users to bypass restrictions and create PHP files with fixed names in other directories via a pathname argument longer than MAXPATHLEN, which prevents a unique string from being appended to the filename.

This is not an issue that affects users of Red Hat Enterprise Linux. http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=196255 https://www.cve.org/CVERecord?id=CVE-2006-2660 https://nvd.nist.gov/vuln/detail/CVE-2006-2660 Low 2006-05-15T00:00:00 security flaw

ftutil.c in Freetype before 2.2 allows remote attackers to cause a denial of service (crash) via a crafted font file that triggers a null dereference.

Red Hat Enterprise Linux 3 2006-07-18T00:00:00 RHSA-2006:0500 freetype-0:2.1.4-4.0.rhel3.2 Red Hat Enterprise Linux 4 2006-07-18T00:00:00 RHSA-2006:0500 freetype-0:2.1.9-1.rhel4.4 https://www.cve.org/CVERecord?id=CVE-2006-2661 https://nvd.nist.gov/vuln/detail/CVE-2006-2661 Important 2006-05-31T00:00:00 security flaw

SQL injection vulnerability in MySQL 4.1.x before 4.1.20 and 5.0.x before 5.0.22 allows context-dependent attackers to execute arbitrary SQL commands via crafted multibyte encodings in character sets such as SJIS, BIG5, and GBK, which are not properly handled when the mysql_real_escape function is used to escape the input.

Red Hat Enterprise Linux 4 2006-06-09T00:00:00 RHSA-2006:0544 mysql-0:4.1.20-1.RHEL4.1 https://www.cve.org/CVERecord?id=CVE-2006-2753 https://nvd.nist.gov/vuln/detail/CVE-2006-2753

Stack-based buffer overflow in st.c in slurpd for OpenLDAP before 2.3.22 might allow attackers to execute arbitrary code via a long hostname.

This issue is not exploitable as the status file is only written to and read by the slurpd process. Therefore this is not a vulnerability that affects Red Hat Enterprise Linux 2.1, 3, or 4. https://www.cve.org/CVERecord?id=CVE-2006-2754 https://nvd.nist.gov/vuln/detail/CVE-2006-2754 Low 2005-11-18T00:00:00 jetty: Jetty URL encoded format directory traversal 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CWE-22

Directory traversal vulnerability in jetty 6.0.x (jetty6) beta16 allows remote attackers to read arbitrary files via a %2e%2e%5c (encoded ../) in the URL. NOTE: this might be the same issue as CVE-2005-3747.

A flaw was found in Jetty. This issue could allow a remote attacker to send a specially-crafted URL request containing hexadecimal URL encoded "dot-dot" sequences (%2e%2e%5c) to traverse directories and view files and folders outside of the web root directory.

Red Hat Enterprise Linux 7 Not affected jetty https://www.cve.org/CVERecord?id=CVE-2006-2758 https://nvd.nist.gov/vuln/detail/CVE-2006-2758 https://www.eclipse.org/jetty/security_reports.php Low 2006-06-01T00:00:00 jetty: .jsp extension source code disclosure 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CWE-178

jetty 6.0.x (jetty6) beta16 allows remote attackers to read arbitrary script source code via a capital P in the .jsp extension, and probably other mixed case manipulations.

A flaw was found in Jetty that could allow a remote attacker to obtain sensitive information. If an attacker sends a specially-crafted request for a known ".jsp" file using an uppercase letter P in the file extension (.jsP), the requested file's source code will be returned if the file system being used is case-sensitive.

Red Hat Enterprise Linux 7 Not affected jetty https://www.cve.org/CVERecord?id=CVE-2006-2759 https://nvd.nist.gov/vuln/detail/CVE-2006-2759 https://www.eclipse.org/jetty/security_reports.php Moderate 2006-06-01T00:00:00 security flaw

Certain privileged UI code in Mozilla Firefox and Thunderbird before 1.5.0.4 calls content-defined setters on an object prototype, which allows remote attackers to execute code at a higher privilege than intended.

Red Hat Enterprise Linux 3 2006-07-20T00:00:00 RHSA-2006:0578 seamonkey-0:1.0.2-0.1.0.EL3 Red Hat Enterprise Linux 4 2006-08-02T00:00:00 RHSA-2006:0609 devhelp-0:0.10-0.2.el4 Red Hat Enterprise Linux 4 2006-08-02T00:00:00 RHSA-2006:0609 seamonkey-0:1.0.3-0.el4.1 Red Hat Enterprise Linux 4 2006-07-28T00:00:00 RHSA-2006:0610 firefox-0:1.5.0.5-0.el4.1 Red Hat Enterprise Linux 4 2006-07-29T00:00:00 RHSA-2006:0611 thunderbird-0:1.5.0.5-0.el4.1 Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2006-08-28T00:00:00 RHSA-2006:0594 Red Hat Enterprise Linux ES version 2.1 2006-08-28T00:00:00 RHSA-2006:0594 Red Hat Enterprise Linux WS version 2.1 2006-08-28T00:00:00 RHSA-2006:0594 Red Hat Linux Advanced Workstation 2.1 2006-08-28T00:00:00 RHSA-2006:0594 https://www.cve.org/CVERecord?id=CVE-2006-2776 https://nvd.nist.gov/vuln/detail/CVE-2006-2776 Moderate 2006-06-01T00:00:00 security flaw

The crypto.signText function in Mozilla Firefox and Thunderbird before 1.5.0.4 allows remote attackers to execute arbitrary code via certain optional Certificate Authority name arguments, which causes an invalid array index and triggers a buffer overflow.

Red Hat Enterprise Linux 3 2006-07-20T00:00:00 RHSA-2006:0578 seamonkey-0:1.0.2-0.1.0.EL3 Red Hat Enterprise Linux 4 2006-08-02T00:00:00 RHSA-2006:0609 devhelp-0:0.10-0.2.el4 Red Hat Enterprise Linux 4 2006-08-02T00:00:00 RHSA-2006:0609 seamonkey-0:1.0.3-0.el4.1 Red Hat Enterprise Linux 4 2006-07-28T00:00:00 RHSA-2006:0610 firefox-0:1.5.0.5-0.el4.1 Red Hat Enterprise Linux 4 2006-07-29T00:00:00 RHSA-2006:0611 thunderbird-0:1.5.0.5-0.el4.1 Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2006-08-28T00:00:00 RHSA-2006:0594 Red Hat Enterprise Linux ES version 2.1 2006-08-28T00:00:00 RHSA-2006:0594 Red Hat Enterprise Linux WS version 2.1 2006-08-28T00:00:00 RHSA-2006:0594 Red Hat Linux Advanced Workstation 2.1 2006-08-28T00:00:00 RHSA-2006:0594 https://www.cve.org/CVERecord?id=CVE-2006-2778 https://nvd.nist.gov/vuln/detail/CVE-2006-2778 Critical 2006-06-02T00:00:00 security flaw

Mozilla Firefox and Thunderbird before 1.5.0.4 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) nested <option> tags in a select tag, (2) a DOMNodeRemoved mutation event, (3) "Content-implemented tree views," (4) BoxObjects, (5) the XBL implementation, (6) an iframe that attempts to remove itself, which leads to memory corruption.

Red Hat Enterprise Linux 3 2006-07-20T00:00:00 RHSA-2006:0578 seamonkey-0:1.0.2-0.1.0.EL3 Red Hat Enterprise Linux 4 2006-08-02T00:00:00 RHSA-2006:0609 devhelp-0:0.10-0.2.el4 Red Hat Enterprise Linux 4 2006-08-02T00:00:00 RHSA-2006:0609 seamonkey-0:1.0.3-0.el4.1 Red Hat Enterprise Linux 4 2006-07-28T00:00:00 RHSA-2006:0610 firefox-0:1.5.0.5-0.el4.1 Red Hat Enterprise Linux 4 2006-07-29T00:00:00 RHSA-2006:0611 thunderbird-0:1.5.0.5-0.el4.1 Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2006-08-28T00:00:00 RHSA-2006:0594 Red Hat Enterprise Linux ES version 2.1 2006-08-28T00:00:00 RHSA-2006:0594 Red Hat Enterprise Linux WS version 2.1 2006-08-28T00:00:00 RHSA-2006:0594 Red Hat Linux Advanced Workstation 2.1 2006-08-28T00:00:00 RHSA-2006:0594 https://www.cve.org/CVERecord?id=CVE-2006-2779 https://nvd.nist.gov/vuln/detail/CVE-2006-2779 Critical 2006-06-02T00:00:00 security flaw

Integer overflow in Mozilla Firefox and Thunderbird before 1.5.0.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via "jsstr tagify," which leads to memory corruption.

Red Hat Enterprise Linux 3 2006-07-20T00:00:00 RHSA-2006:0578 seamonkey-0:1.0.2-0.1.0.EL3 Red Hat Enterprise Linux 4 2006-08-02T00:00:00 RHSA-2006:0609 devhelp-0:0.10-0.2.el4 Red Hat Enterprise Linux 4 2006-08-02T00:00:00 RHSA-2006:0609 seamonkey-0:1.0.3-0.el4.1 Red Hat Enterprise Linux 4 2006-07-28T00:00:00 RHSA-2006:0610 firefox-0:1.5.0.5-0.el4.1 Red Hat Enterprise Linux 4 2006-07-29T00:00:00 RHSA-2006:0611 thunderbird-0:1.5.0.5-0.el4.1 Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2006-08-28T00:00:00 RHSA-2006:0594 Red Hat Enterprise Linux ES version 2.1 2006-08-28T00:00:00 RHSA-2006:0594 Red Hat Enterprise Linux WS version 2.1 2006-08-28T00:00:00 RHSA-2006:0594 Red Hat Linux Advanced Workstation 2.1 2006-08-28T00:00:00 RHSA-2006:0594 https://www.cve.org/CVERecord?id=CVE-2006-2780 https://nvd.nist.gov/vuln/detail/CVE-2006-2780 Critical 2006-06-02T00:00:00 (seamonkey): DOS/arbitrary code execution vuln with vcards

Double free vulnerability in nsVCard.cpp in Mozilla Thunderbird before 1.5.0.4 and SeaMonkey before 1.0.2 allows remote attackers to cause a denial of service (hang) and possibly execute arbitrary code via a VCard that contains invalid base64 characters.

Red Hat Enterprise Linux 3 2006-07-20T00:00:00 RHSA-2006:0578 seamonkey-0:1.0.2-0.1.0.EL3 Red Hat Enterprise Linux 4 2006-08-02T00:00:00 RHSA-2006:0609 devhelp-0:0.10-0.2.el4 Red Hat Enterprise Linux 4 2006-08-02T00:00:00 RHSA-2006:0609 seamonkey-0:1.0.3-0.el4.1 Red Hat Enterprise Linux 4 2006-07-29T00:00:00 RHSA-2006:0611 thunderbird-0:1.5.0.5-0.el4.1 Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2006-08-28T00:00:00 RHSA-2006:0594 Red Hat Enterprise Linux ES version 2.1 2006-08-28T00:00:00 RHSA-2006:0594 Red Hat Enterprise Linux WS version 2.1 2006-08-28T00:00:00 RHSA-2006:0594 Red Hat Linux Advanced Workstation 2.1 2006-08-28T00:00:00 RHSA-2006:0594 https://www.cve.org/CVERecord?id=CVE-2006-2781 https://nvd.nist.gov/vuln/detail/CVE-2006-2781 Moderate 2006-06-01T00:00:00 security flaw

Firefox 1.5.0.2 does not fix all test cases associated with CVE-2006-1729, which allows remote attackers to read arbitrary files by inserting the target filename into a text box, then turning that box into a file upload control.

Red Hat Enterprise Linux 3 2006-07-20T00:00:00 RHSA-2006:0578 seamonkey-0:1.0.2-0.1.0.EL3 Red Hat Enterprise Linux 4 2006-08-02T00:00:00 RHSA-2006:0609 devhelp-0:0.10-0.2.el4 Red Hat Enterprise Linux 4 2006-08-02T00:00:00 RHSA-2006:0609 seamonkey-0:1.0.3-0.el4.1 Red Hat Enterprise Linux 4 2006-07-28T00:00:00 RHSA-2006:0610 firefox-0:1.5.0.5-0.el4.1 Red Hat Enterprise Linux 4 2006-07-29T00:00:00 RHSA-2006:0611 thunderbird-0:1.5.0.5-0.el4.1 Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2006-08-28T00:00:00 RHSA-2006:0594 Red Hat Enterprise Linux ES version 2.1 2006-08-28T00:00:00 RHSA-2006:0594 Red Hat Enterprise Linux WS version 2.1 2006-08-28T00:00:00 RHSA-2006:0594 Red Hat Linux Advanced Workstation 2.1 2006-08-28T00:00:00 RHSA-2006:0594 https://www.cve.org/CVERecord?id=CVE-2006-2782 https://nvd.nist.gov/vuln/detail/CVE-2006-2782 Moderate 2006-06-01T00:00:00 security flaw

Mozilla Firefox and Thunderbird before 1.5.0.4 strip the Unicode Byte-order-Mark (BOM) from a UTF-8 page before the page is passed to the parser, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a BOM sequence in the middle of a dangerous tag such as SCRIPT.

Red Hat Enterprise Linux 3 2006-07-20T00:00:00 RHSA-2006:0578 seamonkey-0:1.0.2-0.1.0.EL3 Red Hat Enterprise Linux 4 2006-08-02T00:00:00 RHSA-2006:0609 devhelp-0:0.10-0.2.el4 Red Hat Enterprise Linux 4 2006-08-02T00:00:00 RHSA-2006:0609 seamonkey-0:1.0.3-0.el4.1 Red Hat Enterprise Linux 4 2006-07-28T00:00:00 RHSA-2006:0610 firefox-0:1.5.0.5-0.el4.1 Red Hat Enterprise Linux 4 2006-07-29T00:00:00 RHSA-2006:0611 thunderbird-0:1.5.0.5-0.el4.1 Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2006-08-28T00:00:00 RHSA-2006:0594 Red Hat Enterprise Linux ES version 2.1 2006-08-28T00:00:00 RHSA-2006:0594 Red Hat Enterprise Linux WS version 2.1 2006-08-28T00:00:00 RHSA-2006:0594 Red Hat Linux Advanced Workstation 2.1 2006-08-28T00:00:00 RHSA-2006:0594 https://www.cve.org/CVERecord?id=CVE-2006-2783 https://nvd.nist.gov/vuln/detail/CVE-2006-2783 Moderate 2006-06-01T00:00:00 security flaw

The PLUGINSPAGE functionality in Mozilla Firefox before 1.5.0.4 allows remote user-assisted attackers to execute privileged code by tricking a user into installing missing plugins and selecting the "Manual Install" button, then using nested javascript: URLs. NOTE: the manual install button is used for downloading software from a remote web site, so this issue would not cross privilege boundaries if the user progresses to the point of installing malicious software from the attacker-controlled site.

Red Hat Enterprise Linux 3 2006-07-20T00:00:00 RHSA-2006:0578 seamonkey-0:1.0.2-0.1.0.EL3 Red Hat Enterprise Linux 4 2006-08-02T00:00:00 RHSA-2006:0609 devhelp-0:0.10-0.2.el4 Red Hat Enterprise Linux 4 2006-08-02T00:00:00 RHSA-2006:0609 seamonkey-0:1.0.3-0.el4.1 Red Hat Enterprise Linux 4 2006-07-28T00:00:00 RHSA-2006:0610 firefox-0:1.5.0.5-0.el4.1 Red Hat Enterprise Linux 4 2006-07-29T00:00:00 RHSA-2006:0611 thunderbird-0:1.5.0.5-0.el4.1 Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2006-08-28T00:00:00 RHSA-2006:0594 Red Hat Enterprise Linux ES version 2.1 2006-08-28T00:00:00 RHSA-2006:0594 Red Hat Enterprise Linux WS version 2.1 2006-08-28T00:00:00 RHSA-2006:0594 Red Hat Linux Advanced Workstation 2.1 2006-08-28T00:00:00 RHSA-2006:0594 https://www.cve.org/CVERecord?id=CVE-2006-2784 https://nvd.nist.gov/vuln/detail/CVE-2006-2784 Moderate 2006-06-01T00:00:00 security flaw

Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 1.5.0.4 allows user-assisted remote attackers to inject arbitrary web script or HTML by tricking a user into (1) performing a "View Image" on a broken image in which the SRC attribute contains a Javascript URL, or (2) selecting "Show only this frame" on a frame whose SRC attribute contains a Javascript URL.

Red Hat Enterprise Linux 3 2006-07-20T00:00:00 RHSA-2006:0578 seamonkey-0:1.0.2-0.1.0.EL3 Red Hat Enterprise Linux 4 2006-08-02T00:00:00 RHSA-2006:0609 devhelp-0:0.10-0.2.el4 Red Hat Enterprise Linux 4 2006-08-02T00:00:00 RHSA-2006:0609 seamonkey-0:1.0.3-0.el4.1 Red Hat Enterprise Linux 4 2006-07-28T00:00:00 RHSA-2006:0610 firefox-0:1.5.0.5-0.el4.1 Red Hat Enterprise Linux 4 2006-07-29T00:00:00 RHSA-2006:0611 thunderbird-0:1.5.0.5-0.el4.1 Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2006-08-28T00:00:00 RHSA-2006:0594 Red Hat Enterprise Linux ES version 2.1 2006-08-28T00:00:00 RHSA-2006:0594 Red Hat Enterprise Linux WS version 2.1 2006-08-28T00:00:00 RHSA-2006:0594 Red Hat Linux Advanced Workstation 2.1 2006-08-28T00:00:00 RHSA-2006:0594 https://www.cve.org/CVERecord?id=CVE-2006-2785 https://nvd.nist.gov/vuln/detail/CVE-2006-2785 Moderate 2006-06-01T00:00:00 security flaw

HTTP response smuggling vulnerability in Mozilla Firefox and Thunderbird before 1.5.0.4, when used with certain proxy servers, allows remote attackers to cause Firefox to interpret certain responses as if they were responses from two different sites via (1) invalid HTTP response headers with spaces between the header name and the colon, which might not be ignored in some cases, or (2) HTTP 1.1 headers through an HTTP 1.0 proxy, which are ignored by the proxy but processed by the client.

Red Hat Enterprise Linux 3 2006-07-20T00:00:00 RHSA-2006:0578 seamonkey-0:1.0.2-0.1.0.EL3 Red Hat Enterprise Linux 4 2006-08-02T00:00:00 RHSA-2006:0609 devhelp-0:0.10-0.2.el4 Red Hat Enterprise Linux 4 2006-08-02T00:00:00 RHSA-2006:0609 seamonkey-0:1.0.3-0.el4.1 Red Hat Enterprise Linux 4 2006-07-28T00:00:00 RHSA-2006:0610 firefox-0:1.5.0.5-0.el4.1 Red Hat Enterprise Linux 4 2006-07-29T00:00:00 RHSA-2006:0611 thunderbird-0:1.5.0.5-0.el4.1 Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2006-08-28T00:00:00 RHSA-2006:0594 Red Hat Enterprise Linux ES version 2.1 2006-08-28T00:00:00 RHSA-2006:0594 Red Hat Enterprise Linux WS version 2.1 2006-08-28T00:00:00 RHSA-2006:0594 Red Hat Linux Advanced Workstation 2.1 2006-08-28T00:00:00 RHSA-2006:0594 https://www.cve.org/CVERecord?id=CVE-2006-2786 https://nvd.nist.gov/vuln/detail/CVE-2006-2786 Moderate 2006-06-01T00:00:00 security flaw

EvalInSandbox in Mozilla Firefox and Thunderbird before 1.5.0.4 allows remote attackers to gain privileges via javascript that calls the valueOf method on objects that were created outside of the sandbox.

Red Hat Enterprise Linux 3 2006-07-20T00:00:00 RHSA-2006:0578 seamonkey-0:1.0.2-0.1.0.EL3 Red Hat Enterprise Linux 4 2006-08-02T00:00:00 RHSA-2006:0609 devhelp-0:0.10-0.2.el4 Red Hat Enterprise Linux 4 2006-08-02T00:00:00 RHSA-2006:0609 seamonkey-0:1.0.3-0.el4.1 Red Hat Enterprise Linux 4 2006-07-28T00:00:00 RHSA-2006:0610 firefox-0:1.5.0.5-0.el4.1 Red Hat Enterprise Linux 4 2006-07-29T00:00:00 RHSA-2006:0611 thunderbird-0:1.5.0.5-0.el4.1 Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2006-08-28T00:00:00 RHSA-2006:0594 Red Hat Enterprise Linux ES version 2.1 2006-08-28T00:00:00 RHSA-2006:0594 Red Hat Enterprise Linux WS version 2.1 2006-08-28T00:00:00 RHSA-2006:0594 Red Hat Linux Advanced Workstation 2.1 2006-08-28T00:00:00 RHSA-2006:0594 https://www.cve.org/CVERecord?id=CVE-2006-2787 https://nvd.nist.gov/vuln/detail/CVE-2006-2787 Moderate 2006-06-01T00:00:00 security flaw

Double free vulnerability in the getRawDER function for nsIX509Cert in Firefox allows remote attackers to cause a denial of service (hang) and possibly execute arbitrary code via certain Javascript code.

Red Hat Enterprise Linux 3 2006-07-20T00:00:00 RHSA-2006:0578 seamonkey-0:1.0.2-0.1.0.EL3 Red Hat Enterprise Linux 4 2006-08-02T00:00:00 RHSA-2006:0609 devhelp-0:0.10-0.2.el4 Red Hat Enterprise Linux 4 2006-08-02T00:00:00 RHSA-2006:0609 seamonkey-0:1.0.3-0.el4.1 Red Hat Enterprise Linux 4 2006-07-28T00:00:00 RHSA-2006:0610 firefox-0:1.5.0.5-0.el4.1 Red Hat Enterprise Linux 4 2006-07-29T00:00:00 RHSA-2006:0611 thunderbird-0:1.5.0.5-0.el4.1 Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2006-08-28T00:00:00 RHSA-2006:0594 Red Hat Enterprise Linux ES version 2.1 2006-08-28T00:00:00 RHSA-2006:0594 Red Hat Enterprise Linux WS version 2.1 2006-08-28T00:00:00 RHSA-2006:0594 Red Hat Linux Advanced Workstation 2.1 2006-08-28T00:00:00 RHSA-2006:0594 https://www.cve.org/CVERecord?id=CVE-2006-2788 https://nvd.nist.gov/vuln/detail/CVE-2006-2788

Evolution 2.2.x and 2.3.x in GNOME 2.7 and 2.8, when "load images if sender in addressbook" is enabled, allows remote attackers to cause a denial of service (persistent crash) via a crafted "From" header that triggers an assert error in camel-internet-address.c when a null pointer is used.

Not vulnerable. This issue does not affect the versions of Evolution as distributed with Red Hat Enterprise Linux. https://www.cve.org/CVERecord?id=CVE-2006-2789 https://nvd.nist.gov/vuln/detail/CVE-2006-2789 Moderate 2006-06-01T00:00:00 security flaw

PHP remote file inclusion vulnerability in functions/plugin.php in SquirrelMail 1.4.6 and earlier, if register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the plugins array parameter. NOTE: this issue has been disputed by third parties, who state that Squirrelmail provides prominent warnings to the administrator when register_globals is enabled. Since the varieties of administrator negligence are uncountable, perhaps this type of issue should not be included in CVE. However, the original developer has posted a security advisory, so there might be relevant real-world environments under which this vulnerability is applicable

Red Hat Enterprise Linux 3 2006-07-03T00:00:00 RHSA-2006:0547 squirrelmail-0:1.4.6-7.el3 Red Hat Enterprise Linux 4 2006-07-03T00:00:00 RHSA-2006:0547 squirrelmail-0:1.4.6-7.el4 https://www.cve.org/CVERecord?id=CVE-2006-2842 https://nvd.nist.gov/vuln/detail/CVE-2006-2842

The LZW decoding in the gdImageCreateFromGifPtr function in the Thomas Boutell graphics draw (GD) library (aka libgd) 2.0.33 allows remote attackers to cause a denial of service (CPU consumption) via malformed GIF data that causes an infinite loop.

Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. https://www.cve.org/CVERecord?id=CVE-2006-2906 https://nvd.nist.gov/vuln/detail/CVE-2006-2906 Moderate 2024-01-21T00:00:00 arts: does not check the return value of the setuid which prevents artsd from dropping privileges 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CWE-273

artswrapper in aRts, when running setuid root on Linux 2.6.0 or later versions, does not check the return value of the setuid function call, which allows local users to gain root privileges by causing setuid to fail, which prevents artsd from dropping privileges.

A vulnerability was found in artswrapper in aRts. When running a setuid root, it does not check the return value of the setuid function call. This flaw allows local users to gain root privileges by causing setuid to fail, which prevents artsd from dropping privileges.

Not vulnerable. We do not ship aRts as setuid root on Red Hat Enterprise Linux 2.1, 3, or 4. Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability. Red Hat Enterprise Linux 6 Not affected arts https://www.cve.org/CVERecord?id=CVE-2006-2916 https://nvd.nist.gov/vuln/detail/CVE-2006-2916 https://mail.gnome.org/archives/beast/2006-December/msg00025.html Important 2006-08-22T00:00:00 security flaw

A regression error in the restore_all code path of the 4/4GB split support for non-hugemem Linux kernels on Red Hat Linux Desktop and Enterprise Linux 4 allows local users to cause a denial of service (panic) via unspecified vectors.

Red Hat would like to thank Kirill Korotaev for reporting this issue. Red Hat Enterprise Linux 4 2006-08-22T00:00:00 RHSA-2006:0617 kernel-0:2.6.9-42.0.2.EL https://www.cve.org/CVERecord?id=CVE-2006-2932 https://nvd.nist.gov/vuln/detail/CVE-2006-2932 Moderate 2006-06-25T00:00:00 security flaw

kdesktop_lock in kdebase before 3.1.3-5.11 for KDE in Red Hat Enterprise Linux (RHEL) 3 does not properly terminate, which can prevent the screensaver from activating or prevent users from manually locking the desktop.

Red Hat Enterprise Linux 3 2006-07-25T00:00:00 RHSA-2006:0576 kdebase-6:3.1.3-5.11 https://www.cve.org/CVERecord?id=CVE-2006-2933 https://nvd.nist.gov/vuln/detail/CVE-2006-2933 Important 2006-06-30T00:00:00 security flaw

SCTP conntrack (ip_conntrack_proto_sctp.c) in netfilter for Linux kernel 2.6.17 before 2.6.17.3 and 2.6.16 before 2.6.16.23 allows remote attackers to cause a denial of service (crash) via a packet without any chunks, which causes a variable to contain an invalid value that is later used to dereference a pointer.

Red Hat Enterprise Linux 4 2006-08-10T00:00:00 RHSA-2006:0575 kernel-0:2.6.9-42.EL https://www.cve.org/CVERecord?id=CVE-2006-2934 https://nvd.nist.gov/vuln/detail/CVE-2006-2934 Moderate 2006-06-27T00:00:00 security flaw

The dvd_read_bca function in the DVD handling code in drivers/cdrom/cdrom.c in Linux kernel 2.2.16, and later versions, assigns the wrong value to a length variable, which allows local users to execute arbitrary code via a crafted USB Storage device that triggers a buffer overflow.

Red Hat Enterprise Linux 2.1 2007-01-17T00:00:00 RHSA-2007:0012 kernel-0:2.4.18-e.64 Red Hat Enterprise Linux 2.1 2007-01-17T00:00:00 RHSA-2007:0013 kernel-0:2.4.9-e.71 Red Hat Enterprise Linux 3 2006-10-20T00:00:00 RHSA-2006:0710 kernel-0:2.4.21-47.0.1.EL Red Hat Enterprise Linux 4 2006-08-22T00:00:00 RHSA-2006:0617 kernel-0:2.6.9-42.0.2.EL https://www.cve.org/CVERecord?id=CVE-2006-2935 https://nvd.nist.gov/vuln/detail/CVE-2006-2935 Low 2006-06-26T00:00:00 security flaw

The ftdi_sio driver (usb/serial/ftdi_sio.c) in Linux kernel 2.6.x up to 2.6.17, and possibly later versions, allows local users to cause a denial of service (memory consumption) by writing more data to the serial port than the hardware can handle, which causes the data to be queued.

Red Hat Enterprise Linux 4 2006-08-22T00:00:00 RHSA-2006:0617 kernel-0:2.6.9-42.0.2.EL https://www.cve.org/CVERecord?id=CVE-2006-2936 https://nvd.nist.gov/vuln/detail/CVE-2006-2936 Low 2006-09-28T00:00:00 openssl ASN.1 DoS

OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d allows remote attackers to cause a denial of service (infinite loop and memory consumption) via malformed ASN.1 structures that trigger an improperly handled error condition.

Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Red Hat Enterprise Linux 2.1 2006-09-28T00:00:00 RHSA-2006:0695 openssl-0:0.9.6b-46 Red Hat Enterprise Linux 2.1 2006-09-28T00:00:00 RHSA-2006:0695 openssl095a-0:0.9.5a-32 Red Hat Enterprise Linux 2.1 2006-09-28T00:00:00 RHSA-2006:0695 openssl096-0:0.9.6-32 Red Hat Enterprise Linux 3 2006-09-28T00:00:00 RHSA-2006:0695 openssl-0:0.9.7a-33.21 Red Hat Enterprise Linux 3 2006-09-28T00:00:00 RHSA-2006:0695 openssl096b-0:0.9.6b-16.46 Red Hat Enterprise Linux 4 2006-09-28T00:00:00 RHSA-2006:0695 openssl-0:0.9.7a-43.14 Red Hat Enterprise Linux 4 2006-09-28T00:00:00 RHSA-2006:0695 openssl096b-0:0.9.6b-22.46 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0525 rhn-solaris-bootstrap-0:5.0.2-3 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0525 rhn_solaris_bootstrap_5_0_2_3-0:1-0 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0525 rhn-solaris-bootstrap-0:5.0.2-3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0525 rhn_solaris_bootstrap_5_0_2_3-0:1-0 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0264 rhn-solaris-bootstrap-0:5.0.2-3 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0264 rhn_solaris_bootstrap_5_0_2_3-0:1-0 Red Hat Network Satellite Server v 5.1 2008-08-13T00:00:00 RHSA-2008:0629 rhn-solaris-bootstrap-0:5.1.1-3 Red Hat Network Satellite Server v 5.1 2008-08-13T00:00:00 RHSA-2008:0629 rhn_solaris_bootstrap_5_1_1_3-0:1-0 https://www.cve.org/CVERecord?id=CVE-2006-2937 https://nvd.nist.gov/vuln/detail/CVE-2006-2937 Moderate 2006-09-28T00:00:00 openssl public key DoS

OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows attackers to cause a denial of service (CPU consumption) via parasitic public keys with large (1) "public exponent" or (2) "public modulus" values in X.509 certificates that require extra time to process when using RSA signature verification.

Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Red Hat Enterprise Linux 2.1 2006-09-28T00:00:00 RHSA-2006:0695 openssl-0:0.9.6b-46 Red Hat Enterprise Linux 2.1 2006-09-28T00:00:00 RHSA-2006:0695 openssl095a-0:0.9.5a-32 Red Hat Enterprise Linux 2.1 2006-09-28T00:00:00 RHSA-2006:0695 openssl096-0:0.9.6-32 Red Hat Enterprise Linux 3 2006-09-28T00:00:00 RHSA-2006:0695 openssl-0:0.9.7a-33.21 Red Hat Enterprise Linux 3 2006-09-28T00:00:00 RHSA-2006:0695 openssl096b-0:0.9.6b-16.46 Red Hat Enterprise Linux 4 2006-09-28T00:00:00 RHSA-2006:0695 openssl-0:0.9.7a-43.14 Red Hat Enterprise Linux 4 2006-09-28T00:00:00 RHSA-2006:0695 openssl096b-0:0.9.6b-22.46 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0525 rhn-solaris-bootstrap-0:5.0.2-3 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0525 rhn_solaris_bootstrap_5_0_2_3-0:1-0 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0525 rhn-solaris-bootstrap-0:5.0.2-3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0525 rhn_solaris_bootstrap_5_0_2_3-0:1-0 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0264 rhn-solaris-bootstrap-0:5.0.2-3 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0264 rhn_solaris_bootstrap_5_0_2_3-0:1-0 Red Hat Network Satellite Server v 5.1 2008-08-13T00:00:00 RHSA-2008:0629 rhn-solaris-bootstrap-0:5.1.1-3 Red Hat Network Satellite Server v 5.1 2008-08-13T00:00:00 RHSA-2008:0629 rhn_solaris_bootstrap_5_1_1_3-0:1-0 https://www.cve.org/CVERecord?id=CVE-2006-2940 https://nvd.nist.gov/vuln/detail/CVE-2006-2940 Moderate 2006-09-04T00:00:00 security flaw

Mailman before 2.1.9rc1 allows remote attackers to cause a denial of service via unspecified vectors involving "standards-breaking RFC 2231 formatted headers".

Red Hat would like to thank Barry Warsaw for reporting this issue. Red Hat Enterprise Linux 3 2006-09-06T00:00:00 RHSA-2006:0600 mailman-3:2.1.5.1-25.rhel3.7 Red Hat Enterprise Linux 4 2006-09-06T00:00:00 RHSA-2006:0600 mailman-3:2.1.5.1-34.rhel4.5 https://www.cve.org/CVERecord?id=CVE-2006-2941 https://nvd.nist.gov/vuln/detail/CVE-2006-2941

The JPEG library in media-libs/jpeg before 6b-r7 on Gentoo Linux is built without the -maxmem feature, which could allow context-dependent attackers to cause a denial of service (memory exhaustion) via a crafted JPEG file that exceeds the intended memory limits.

Red Hat does not consider this a security issue. It is expected behavior that a large input file will cause the processing program to use a large amount of memory. https://www.cve.org/CVERecord?id=CVE-2006-3005 https://nvd.nist.gov/vuln/detail/CVE-2006-3005 Low 2006-06-26T00:00:00 CVE-2006-3011 multiple PHP safe mode bypasses (CVE-2006-4481, CVE-2006-2563)

The error_log function in basic_functions.c in PHP before 4.4.4 and 5.x before 5.1.5 allows local users to bypass safe mode and open_basedir restrictions via a "php://" or other scheme in the third argument, which disables safe mode.

We do not consider these to be security issues. For more details see http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1 and http://www.php.net/security-note.php https://www.cve.org/CVERecord?id=CVE-2006-3011 https://nvd.nist.gov/vuln/detail/CVE-2006-3011 Moderate 2006-05-02T00:00:00 security flaw

Unspecified vulnerability in session.c in PHP before 5.1.3 has unknown impact and attack vectors, related to "certain characters in session names," including special characters that are frequently associated with CRLF injection, SQL injection, cross-site scripting (XSS), and HTTP response splitting vulnerabilities. NOTE: while the nature of the vulnerability is unspecified, it is likely that this is related to a violation of an expectation by PHP applications that the session name is alphanumeric, as implied in the PHP manual for session_name().

Red Hat Enterprise Linux 3 2006-09-21T00:00:00 RHSA-2006:0669 php-0:4.3.2-36.ent Red Hat Enterprise Linux 4 2006-09-21T00:00:00 RHSA-2006:0669 php-0:4.3.9-3.18 Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2006-09-21T00:00:00 RHSA-2006:0682 Red Hat Enterprise Linux ES version 2.1 2006-09-21T00:00:00 RHSA-2006:0682 Red Hat Enterprise Linux WS version 2.1 2006-09-21T00:00:00 RHSA-2006:0682 Red Hat Linux Advanced Workstation 2.1 2006-09-21T00:00:00 RHSA-2006:0682 Stronghold 4.0 for Red Hat Enterprise Linux AS (version 2.1) 2006-12-11T00:00:00 RHSA-2006:0736 https://www.cve.org/CVERecord?id=CVE-2006-3016 https://nvd.nist.gov/vuln/detail/CVE-2006-3016 Moderate 2006-06-14T00:00:00 security flaw

zend_hash_del_key_or_index in zend_hash.c in PHP before 4.4.3 and 5.x before 5.1.3 can cause zend_hash_del to delete the wrong element, which prevents a variable from being unset even when the PHP unset function is called, which might cause the variable's value to be used in security-relevant operations.

Red Hat Enterprise Linux 3 2006-07-12T00:00:00 RHSA-2006:0568 php-0:4.3.2-33.ent Red Hat Enterprise Linux 4 2006-07-12T00:00:00 RHSA-2006:0568 php-0:4.3.9-3.15 Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2006-07-25T00:00:00 RHSA-2006:0567 Red Hat Enterprise Linux ES version 2.1 2006-07-25T00:00:00 RHSA-2006:0567 Red Hat Enterprise Linux WS version 2.1 2006-07-25T00:00:00 RHSA-2006:0567 Red Hat Linux Advanced Workstation 2.1 2006-07-25T00:00:00 RHSA-2006:0567 Stronghold 4.0 for Red Hat Enterprise Linux AS (version 2.1) 2006-07-27T00:00:00 RHSA-2006:0549 https://www.cve.org/CVERecord?id=CVE-2006-3017 https://nvd.nist.gov/vuln/detail/CVE-2006-3017

Unspecified vulnerability in the session extension functionality in PHP before 5.1.3 has unknown impact and attack vectors related to heap corruption.

Unknown: CVE-2006-3018 has been assigned to an issue in PHP where the cause and fix are unknown, and the impact cannot be verified. The source of the CVE assignment was a single line statement in the PHP 5.1.3 release announcement, http://www.php.net/release_5_1_3.php, reading: "Fixed a heap corruption inside the session extension." Of the changes made to the session extension between releases 5.1.2 and 5.1.3, none would fix a bug matching this description by our analysis. https://www.cve.org/CVERecord?id=CVE-2006-3018 https://nvd.nist.gov/vuln/detail/CVE-2006-3018 Low 2006-06-14T00:00:00 security flaw

mysqld in MySQL 4.1.x before 4.1.18, 5.0.x before 5.0.19, and 5.1.x before 5.1.6 allows remote authorized users to cause a denial of service (crash) via a NULL second argument to the str_to_date function.

Red Hat Enterprise Linux 4 2006-06-09T00:00:00 RHSA-2006:0544 mysql-0:4.1.20-1.RHEL4.1 Red Hat Web Application Stack for RHEL 4 2007-02-19T00:00:00 RHSA-2007:0083 mysql-0:5.0.30-1.el4s1.1 https://www.cve.org/CVERecord?id=CVE-2006-3081 https://nvd.nist.gov/vuln/detail/CVE-2006-3081 Moderate 2006-05-31T00:00:00 security flaw

parse-packet.c in GnuPG (gpg) 1.4.3 and 1.9.20, and earlier versions, allows remote attackers to cause a denial of service (gpg crash) and possibly overwrite memory via a message packet with a large length (long user ID string), which could lead to an integer overflow, as demonstrated using the --no-armor option.

Red Hat Enterprise Linux 3 2006-07-18T00:00:00 RHSA-2006:0571 gnupg-0:1.2.1-16 Red Hat Enterprise Linux 4 2006-07-18T00:00:00 RHSA-2006:0571 gnupg-0:1.2.6-5 https://www.cve.org/CVERecord?id=CVE-2006-3082 https://nvd.nist.gov/vuln/detail/CVE-2006-3082 Important 2006-08-08T00:00:00 security flaw

The (1) krshd and (2) v4rcp applications in (a) MIT Kerberos 5 (krb5) up to 1.5, and 1.4.x before 1.4.4, when running on Linux and AIX, and (b) Heimdal 0.7.2 and earlier, do not check return codes for setuid calls, which allows local users to gain privileges by causing setuid to fail to drop privileges using attacks such as resource exhaustion.

Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Red Hat Enterprise Linux 4 2006-08-08T00:00:00 RHSA-2006:0612 krb5-0:1.3.4-33 https://www.cve.org/CVERecord?id=CVE-2006-3083 https://nvd.nist.gov/vuln/detail/CVE-2006-3083

Multiple unspecified vulnerabilities in Adobe Acrobat Reader (acroread) before 7.0.8 have unknown impact and unknown vectors.

Not vulnerable. Adobe told us that this issue does not affect the Linux versions of Adobe Acrobat Reader. https://www.cve.org/CVERecord?id=CVE-2006-3093 https://nvd.nist.gov/vuln/detail/CVE-2006-3093 Critical 2006-07-26T00:00:00 security flaw

Mozilla Firefox 1.5 before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via simultaneous XPCOM events, which causes a timer object to be deleted in a way that triggers memory corruption.

Red Hat Enterprise Linux 3 2006-07-27T00:00:00 RHSA-2006:0608 seamonkey-0:1.0.3-0.el3.1 Red Hat Enterprise Linux 4 2006-08-02T00:00:00 RHSA-2006:0609 devhelp-0:0.10-0.2.el4 Red Hat Enterprise Linux 4 2006-08-02T00:00:00 RHSA-2006:0609 seamonkey-0:1.0.3-0.el4.1 Red Hat Enterprise Linux 4 2006-07-28T00:00:00 RHSA-2006:0610 firefox-0:1.5.0.5-0.el4.1 Red Hat Enterprise Linux 4 2006-07-29T00:00:00 RHSA-2006:0611 thunderbird-0:1.5.0.5-0.el4.1 Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2006-08-28T00:00:00 RHSA-2006:0594 Red Hat Enterprise Linux ES version 2.1 2006-08-28T00:00:00 RHSA-2006:0594 Red Hat Enterprise Linux WS version 2.1 2006-08-28T00:00:00 RHSA-2006:0594 Red Hat Linux Advanced Workstation 2.1 2006-08-28T00:00:00 RHSA-2006:0594 https://www.cve.org/CVERecord?id=CVE-2006-3113 https://nvd.nist.gov/vuln/detail/CVE-2006-3113 Important 2006-06-29T00:00:00 security flaw

Heap-based buffer overflow in OpenOffice.org (aka StarOffice) 1.1.x up to 1.1.5 and 2.0.x before 2.0.3 allows user-assisted attackers to execute arbitrary code via a crafted OpenOffice XML document that is not properly handled by (1) Calc, (2) Draw, (3) Impress, (4) Math, or (5) Writer, aka "File Format / Buffer Overflow Vulnerability."

Red Hat Enterprise Linux 3 2006-07-03T00:00:00 RHSA-2006:0573 openoffice.org-0:1.1.2-34.2.0.EL3 Red Hat Enterprise Linux 4 2006-07-03T00:00:00 RHSA-2006:0573 openoffice.org-0:1.1.2-34.6.0.EL4 https://www.cve.org/CVERecord?id=CVE-2006-3117 https://nvd.nist.gov/vuln/detail/CVE-2006-3117

Buffer overflow in pamtofits of NetPBM 10.30 through 10.33 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code when assembling the header, possibly related to an off-by-one error.

This issue did not affect the versions of NetPBM distributed with Red Hat Enterprise Linux 2.1, 3, or 4. https://www.cve.org/CVERecord?id=CVE-2006-3145 https://nvd.nist.gov/vuln/detail/CVE-2006-3145

Cross-site scripting (XSS) vulnerability in search.php in SquirrelMail 1.5.1 and earlier, when register_globals is enabled, allows remote attackers to inject arbitrary HTML via the mailbox parameter.

This issue has not been able to be reproduced by upstream or after a Red Hat code review. We therefore do not believe this is a security vulnerability. https://www.cve.org/CVERecord?id=CVE-2006-3174 https://nvd.nist.gov/vuln/detail/CVE-2006-3174 Moderate 2006-06-19T00:00:00 security flaw

Stack-based buffer overflow in the browse_get_namespace function in imap/browse.c of Mutt 1.4.2.1 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via long namespaces received from the IMAP server.

Red Hat Enterprise Linux 3 2006-07-12T00:00:00 RHSA-2006:0577 mutt-5:1.4.1-3.5.rhel3 Red Hat Enterprise Linux 4 2006-07-12T00:00:00 RHSA-2006:0577 mutt-5:1.4.1-11.rhel4 https://www.cve.org/CVERecord?id=CVE-2006-3242 https://nvd.nist.gov/vuln/detail/CVE-2006-3242 Critical 2006-09-12T18:00:00 security flaw

Buffer overflow in Adobe Flash Player 8.0.24.0 and earlier, Flash Professional 8, Flash MX 2004, and Flex 1.5 allows user-assisted remote attackers to execute arbitrary code via a long, dynamically created string in a SWF movie.

Red Hat Desktop version 3 Extras 2006-09-12T00:00:00 RHSA-2006:0674 Red Hat Desktop version 4 Extras 2006-09-12T00:00:00 RHSA-2006:0674 https://www.cve.org/CVERecord?id=CVE-2006-3311 https://nvd.nist.gov/vuln/detail/CVE-2006-3311

Buffer overflow in the png_decompress_chunk function in pngrutil.c in libpng before 1.2.12 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors related to "chunk error processing," possibly involving the "chunk_name".

On Red Hat Enterprise Linux 2.1, 3, 4, and 5 this is a two-byte overflow into the middle of the stack and is not exploitable. https://www.cve.org/CVERecord?id=CVE-2006-3334 https://nvd.nist.gov/vuln/detail/CVE-2006-3334 Moderate 2006-06-30T00:00:00 security flaw

Integer overflow in player.c in libwmf 0.2.8.4, as used in multiple products including (1) wv, (2) abiword, (3) freetype, (4) gimp, (5) libgsf, and (6) imagemagick allows remote attackers to execute arbitrary code via the MaxRecordSize header field in a WMF file.

Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Red Hat Enterprise Linux 4 2006-07-18T00:00:00 RHSA-2006:0597 libwmf-0:0.2.8.3-5.3 https://www.cve.org/CVERecord?id=CVE-2006-3376 https://nvd.nist.gov/vuln/detail/CVE-2006-3376

passwd command in shadow in Ubuntu 5.04 through 6.06 LTS, when called with the -f, -g, or -s flag, does not check the return code of a setuid call, which might allow local users to gain root privileges if setuid fails in cases such as PAM failures or resource limits.

This issue affects the version of the passwd command from the shadow-utils package. Red Hat Enterprise Linux 2.1, 3, and 4 are not vulnerable to this issue. https://www.cve.org/CVERecord?id=CVE-2006-3378 https://nvd.nist.gov/vuln/detail/CVE-2006-3378 Important 2006-07-10T00:00:00 security flaw

The smdb daemon (smbd/service.c) in Samba 3.0.1 through 3.0.22 allows remote attackers to cause a denial of service (memory consumption) via a large number of share connection requests.

Red Hat Enterprise Linux 3 2006-07-25T00:00:00 RHSA-2006:0591 samba-0:3.0.9-1.3E.10 Red Hat Enterprise Linux 4 2006-07-25T00:00:00 RHSA-2006:0591 samba-0:3.0.10-1.4E.6.2 https://www.cve.org/CVERecord?id=CVE-2006-3403 https://nvd.nist.gov/vuln/detail/CVE-2006-3403 Moderate 2006-07-06T00:00:00 security flaw

Buffer overflow in the xcf_load_vector function in app/xcf/xcf-load.c for gimp before 2.2.12 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via an XCF file with a large num_axes value in the VECTORS property.

Red Hat Enterprise Linux 4 2006-07-18T00:00:00 RHSA-2006:0598 gimp-1:2.0.5-6 https://www.cve.org/CVERecord?id=CVE-2006-3404 https://nvd.nist.gov/vuln/detail/CVE-2006-3404 Important 2006-08-01T00:00:00 Multiple libtiff flaws (CVE-2006-3460 CVE-2006-3461 CVE-2006-3462 CVE-2006-3463 CVE-2006-3464 CVE-2006-3465)

Multiple stack-based buffer overflows in the TIFF library (libtiff) before 3.8.2, as used in Adobe Reader 9.3.0 and other products, allow context-dependent attackers to execute arbitrary code or cause a denial of service via unspecified vectors, including a large tdir_count value in the TIFFFetchShortPair function in tif_dirread.c.

Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Red Hat Enterprise Linux 3 2006-08-02T00:00:00 RHSA-2006:0603 libtiff-0:3.5.7-25.el3.4 Red Hat Enterprise Linux 3 2006-08-28T00:00:00 RHSA-2006:0648 kdegraphics-7:3.1.3-3.10 Red Hat Enterprise Linux 4 2006-08-02T00:00:00 RHSA-2006:0603 libtiff-0:3.6.1-12 https://www.cve.org/CVERecord?id=CVE-2006-3459 https://nvd.nist.gov/vuln/detail/CVE-2006-3459 Important 2006-08-01T00:00:00 Multiple libtiff flaws (CVE-2006-3460 CVE-2006-3461 CVE-2006-3462 CVE-2006-3463 CVE-2006-3464 CVE-2006-3465)

Heap-based buffer overflow in the JPEG decoder in the TIFF library (libtiff) before 3.8.2 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via an encoded JPEG stream that is longer than the scan line size (TiffScanLineSize).

Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Red Hat Enterprise Linux 3 2006-08-02T00:00:00 RHSA-2006:0603 libtiff-0:3.5.7-25.el3.4 Red Hat Enterprise Linux 3 2006-08-28T00:00:00 RHSA-2006:0648 kdegraphics-7:3.1.3-3.10 Red Hat Enterprise Linux 4 2006-08-02T00:00:00 RHSA-2006:0603 libtiff-0:3.6.1-12 https://www.cve.org/CVERecord?id=CVE-2006-3460 https://nvd.nist.gov/vuln/detail/CVE-2006-3460 Important 2006-08-01T00:00:00 Multiple libtiff flaws (CVE-2006-3460 CVE-2006-3461 CVE-2006-3462 CVE-2006-3463 CVE-2006-3464 CVE-2006-3465)

Heap-based buffer overflow in the PixarLog decoder in the TIFF library (libtiff) before 3.8.2 might allow context-dependent attackers to execute arbitrary code via unknown vectors.

Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Red Hat Enterprise Linux 3 2006-08-02T00:00:00 RHSA-2006:0603 libtiff-0:3.5.7-25.el3.4 Red Hat Enterprise Linux 3 2006-08-28T00:00:00 RHSA-2006:0648 kdegraphics-7:3.1.3-3.10 Red Hat Enterprise Linux 4 2006-08-02T00:00:00 RHSA-2006:0603 libtiff-0:3.6.1-12 https://www.cve.org/CVERecord?id=CVE-2006-3461 https://nvd.nist.gov/vuln/detail/CVE-2006-3461 Important 2006-08-01T00:00:00 Multiple libtiff flaws (CVE-2006-3460 CVE-2006-3461 CVE-2006-3462 CVE-2006-3463 CVE-2006-3464 CVE-2006-3465)

Heap-based buffer overflow in the NeXT RLE decoder in the TIFF library (libtiff) before 3.8.2 might allow context-dependent attackers to execute arbitrary code via unknown vectors involving decoding large RLE images.

Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Red Hat Enterprise Linux 3 2006-08-02T00:00:00 RHSA-2006:0603 libtiff-0:3.5.7-25.el3.4 Red Hat Enterprise Linux 3 2006-08-28T00:00:00 RHSA-2006:0648 kdegraphics-7:3.1.3-3.10 Red Hat Enterprise Linux 4 2006-08-02T00:00:00 RHSA-2006:0603 libtiff-0:3.6.1-12 https://www.cve.org/CVERecord?id=CVE-2006-3462 https://nvd.nist.gov/vuln/detail/CVE-2006-3462 Important 2006-08-01T00:00:00 Multiple libtiff flaws (CVE-2006-3460 CVE-2006-3461 CVE-2006-3462 CVE-2006-3463 CVE-2006-3464 CVE-2006-3465)

The EstimateStripByteCounts function in TIFF library (libtiff) before 3.8.2 uses a 16-bit unsigned short when iterating over an unsigned 32-bit value, which allows context-dependent attackers to cause a denial of service via a large td_nstrips value, which triggers an infinite loop.

Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Red Hat Enterprise Linux 3 2006-08-02T00:00:00 RHSA-2006:0603 libtiff-0:3.5.7-25.el3.4 Red Hat Enterprise Linux 3 2006-08-28T00:00:00 RHSA-2006:0648 kdegraphics-7:3.1.3-3.10 Red Hat Enterprise Linux 4 2006-08-02T00:00:00 RHSA-2006:0603 libtiff-0:3.6.1-12 https://www.cve.org/CVERecord?id=CVE-2006-3463 https://nvd.nist.gov/vuln/detail/CVE-2006-3463 Important 2006-08-01T00:00:00 Multiple libtiff flaws (CVE-2006-3460 CVE-2006-3461 CVE-2006-3462 CVE-2006-3463 CVE-2006-3464 CVE-2006-3465)

TIFF library (libtiff) before 3.8.2 allows context-dependent attackers to pass numeric range checks and possibly execute code, and trigger assert errors, via large offset values in a TIFF directory that lead to an integer overflow and other unspecified vectors involving "unchecked arithmetic operations".

Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Red Hat Enterprise Linux 3 2006-08-02T00:00:00 RHSA-2006:0603 libtiff-0:3.5.7-25.el3.4 Red Hat Enterprise Linux 3 2006-08-28T00:00:00 RHSA-2006:0648 kdegraphics-7:3.1.3-3.10 Red Hat Enterprise Linux 4 2006-08-02T00:00:00 RHSA-2006:0603 libtiff-0:3.6.1-12 https://www.cve.org/CVERecord?id=CVE-2006-3464 https://nvd.nist.gov/vuln/detail/CVE-2006-3464 Important 2006-08-01T00:00:00 Multiple libtiff flaws (CVE-2006-3460 CVE-2006-3461 CVE-2006-3462 CVE-2006-3463 CVE-2006-3464 CVE-2006-3465)

Unspecified vulnerability in the custom tag support for the TIFF library (libtiff) before 3.8.2 allows remote attackers to cause a denial of service (instability or crash) and execute arbitrary code via unknown vectors.

Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Red Hat Enterprise Linux 3 2006-08-02T00:00:00 RHSA-2006:0603 libtiff-0:3.5.7-25.el3.4 Red Hat Enterprise Linux 3 2006-08-28T00:00:00 RHSA-2006:0648 kdegraphics-7:3.1.3-3.10 Red Hat Enterprise Linux 4 2006-08-02T00:00:00 RHSA-2006:0603 libtiff-0:3.6.1-12 https://www.cve.org/CVERecord?id=CVE-2006-3465 https://nvd.nist.gov/vuln/detail/CVE-2006-3465 Moderate 2006-07-18T00:00:00 freetype: integer overflow vulnerability due to incomplete fix for CVE-2006-1861 CWE-190

Integer overflow in FreeType before 2.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PCF file, as demonstrated by the Red Hat bad1.pcf test file, due to a partial fix of CVE-2006-1861.

Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Red Hat Enterprise Linux 3 2006-07-18T00:00:00 RHSA-2006:0500 freetype-0:2.1.4-4.0.rhel3.2 Red Hat Enterprise Linux 3 2006-08-21T00:00:00 RHSA-2006:0635 XFree86-0:4.3.0-111.EL Red Hat Enterprise Linux 4 2006-07-18T00:00:00 RHSA-2006:0500 freetype-0:2.1.9-1.rhel4.4 Red Hat Enterprise Linux 4 2006-08-21T00:00:00 RHSA-2006:0634 xorg-x11-0:6.8.2-1.EL.13.37 https://www.cve.org/CVERecord?id=CVE-2006-3467 https://nvd.nist.gov/vuln/detail/CVE-2006-3467 Important 2006-07-17T00:00:00 security flaw

Linux kernel 2.6.x, when using both NFS and EXT3, allows remote attackers to cause a denial of service (file system panic) via a crafted UDP packet with a V2 lookup procedure that specifies a bad file handle (inode number), which triggers an error and causes an exported directory to be remounted read-only.

Red Hat Enterprise Linux 4 2006-08-22T00:00:00 RHSA-2006:0617 kernel-0:2.6.9-42.0.2.EL https://www.cve.org/CVERecord?id=CVE-2006-3468 https://nvd.nist.gov/vuln/detail/CVE-2006-3468 Low 2006-06-27T00:00:00 mysql server DoS

Format string vulnerability in time.cc in MySQL Server 4.1 before 4.1.21 and 5.0 before 1 April 2006 allows remote authenticated users to cause a denial of service (crash) via a format string instead of a date as the first parameter to the date_format function, which is later used in a formatted print call to display the error message.

This issue did not affect mysql packages as shipped with Red Hat Enterprise Linux 2.1, 3, or 5, and Red Hat Application Stack v1 and v2. Red Hat Enterprise Linux 4 2008-07-24T00:00:00 RHSA-2008:0768 mysql-0:4.1.22-2.el4 https://www.cve.org/CVERecord?id=CVE-2006-3469 https://nvd.nist.gov/vuln/detail/CVE-2006-3469

Off-by-one buffer overflow in the Instance_options::complete_initialization function in instance_options.cc in the Instance Manager in MySQL before 5.0.23 and 5.1 before 5.1.12 might allow local users to cause a denial of service (application crash) via unspecified vectors, which triggers the overflow when the convert_dirname function is called. NOTE: the vendor has disputed this issue via e-mail to CVE, saying that it is only exploitable when the user has access to the configuration file or the Instance Manager daemon. Due to intended functionality, this level of access would already allow the user to disrupt program operation, so this does not cross security boundaries and is not a vulnerability

We do not consider this issue to have security implications, and therefore have no plans to issue MySQL updates for Red Hat Enterprise Linux 2.1, 3, or 4 to correct this issue. https://www.cve.org/CVERecord?id=CVE-2006-3486 https://nvd.nist.gov/vuln/detail/CVE-2006-3486 Critical 2006-09-12T18:00:00 security flaw

Unspecified vulnerability in Adobe (Macromedia) Flash Player 8.0.24.0 allows remote attackers to execute arbitrary commands via a malformed .swf file that results in "multiple improper memory access" errors.

Adobe gave a statement that these issues do not affect the Linux versions of Macromedia Flash Player. Red Hat Desktop version 3 Extras 2006-09-12T00:00:00 RHSA-2006:0674 Red Hat Desktop version 4 Extras 2006-09-12T00:00:00 RHSA-2006:0674 https://www.cve.org/CVERecord?id=CVE-2006-3587 https://nvd.nist.gov/vuln/detail/CVE-2006-3587 Critical 2006-09-12T18:00:00 security flaw

Unspecified vulnerability in Adobe (Macromedia) Flash Player 8.0.24.0 allows remote attackers to cause a denial of service (browser crash) via a malformed, compressed .swf file, a different issue than CVE-2006-3587.

Adobe gave a statement that these issues do not affect the Linux versions of Macromedia Flash Player. Red Hat Desktop version 3 Extras 2006-09-12T00:00:00 RHSA-2006:0674 Red Hat Desktop version 4 Extras 2006-09-12T00:00:00 RHSA-2006:0674 https://www.cve.org/CVERecord?id=CVE-2006-3588 https://nvd.nist.gov/vuln/detail/CVE-2006-3588 Moderate 2006-07-13T00:00:00 Directory traversal issue in fastjar

Directory traversal vulnerability in FastJar 0.93, as used in Gnu GCC 4.1.1 and earlier, and 3.4.6 and earlier, allows user-assisted attackers to overwrite arbitrary files via a .jar file containing filenames with "../" sequences.

Red Hat Enterprise Linux 3 2007-06-08T00:00:00 RHSA-2007:0473 gcc-0:3.2.3-59 Red Hat Enterprise Linux 4 2007-05-01T00:00:00 RHSA-2007:0220 gcc-0:3.4.6-8 https://www.cve.org/CVERecord?id=CVE-2006-3619 https://nvd.nist.gov/vuln/detail/CVE-2006-3619 Moderate 2006-07-14T00:00:00 security flaw

Race condition in Linux kernel 2.6.17.4 and earlier allows local users to gain root privileges by using prctl with PR_SET_DUMPABLE in a way that causes /proc/self/environ to become setuid root.

This vulnerability does not affect Red Hat Enterprise Linux 2.1 or 3 as they are based on 2.4 kernels. The exploit relies on the kernel supporting the a.out binary format. Red Hat Enterprise Linux 4, Fedora Core 4, and Fedora Core 5 do not support the a.out binary format, causing the exploit to fail. We are not currently aware of any way to exploit this vulnerability if a.out binary format is not enabled. In addition, a default installation of these OS enables SELinux in enforcing mode. SELinux also completely blocks attempts to exploit this issue. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=198973#c10 Red Hat Enterprise Linux 4 2006-08-22T00:00:00 RHSA-2006:0617 kernel-0:2.6.9-42.0.2.EL https://www.cve.org/CVERecord?id=CVE-2006-3626 https://nvd.nist.gov/vuln/detail/CVE-2006-3626 Low 2006-07-17T00:00:00 security flaw

Unspecified vulnerability in the GSM BSSMAP dissector in Wireshark (aka Ethereal) 0.10.11 to 0.99.0 allows remote attackers to cause a denial of service (crash) via unspecified vectors.

Red Hat Enterprise Linux 3 2006-08-16T00:00:00 RHSA-2006:0602 wireshark-0:0.99.2-EL3.1 Red Hat Enterprise Linux 4 2006-08-16T00:00:00 RHSA-2006:0602 wireshark-0:0.99.2-EL4.1 https://www.cve.org/CVERecord?id=CVE-2006-3627 https://nvd.nist.gov/vuln/detail/CVE-2006-3627 Moderate 2006-07-17T00:00:00 security flaw

Multiple format string vulnerabilities in Wireshark (aka Ethereal) 0.10.x to 0.99.0 allow remote attackers to cause a denial of service and possibly execute arbitrary code via the (1) ANSI MAP, (2) Checkpoint FW-1, (3) MQ, (4) XML, and (5) NTP dissectors.

Red Hat Enterprise Linux 3 2006-08-16T00:00:00 RHSA-2006:0602 wireshark-0:0.99.2-EL3.1 Red Hat Enterprise Linux 4 2006-08-16T00:00:00 RHSA-2006:0602 wireshark-0:0.99.2-EL4.1 https://www.cve.org/CVERecord?id=CVE-2006-3628 https://nvd.nist.gov/vuln/detail/CVE-2006-3628 Low 2006-07-17T00:00:00 security flaw

Unspecified vulnerability in the MOUNT dissector in Wireshark (aka Ethereal) 0.9.4 to 0.99.0 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors.

Red Hat Enterprise Linux 3 2006-08-16T00:00:00 RHSA-2006:0602 wireshark-0:0.99.2-EL3.1 Red Hat Enterprise Linux 4 2006-08-16T00:00:00 RHSA-2006:0602 wireshark-0:0.99.2-EL4.1 https://www.cve.org/CVERecord?id=CVE-2006-3629 https://nvd.nist.gov/vuln/detail/CVE-2006-3629 Moderate 2006-07-17T00:00:00 security flaw

Multiple off-by-one errors in Wireshark (aka Ethereal) 0.9.7 to 0.99.0 have unknown impact and remote attack vectors via the (1) NCP NMAS and (2) NDPS dissectors.

Red Hat Enterprise Linux 3 2006-08-16T00:00:00 RHSA-2006:0602 wireshark-0:0.99.2-EL3.1 Red Hat Enterprise Linux 4 2006-08-16T00:00:00 RHSA-2006:0602 wireshark-0:0.99.2-EL4.1 https://www.cve.org/CVERecord?id=CVE-2006-3630 https://nvd.nist.gov/vuln/detail/CVE-2006-3630 Low 2006-07-17T00:00:00 security flaw

Unspecified vulnerability in the SSH dissector in Wireshark (aka Ethereal) 0.9.10 to 0.99.0 allows remote attackers to cause a denial of service (infinite loop) via unknown attack vectors.

Red Hat Enterprise Linux 3 2006-08-16T00:00:00 RHSA-2006:0602 wireshark-0:0.99.2-EL3.1 Red Hat Enterprise Linux 4 2006-08-16T00:00:00 RHSA-2006:0602 wireshark-0:0.99.2-EL4.1 https://www.cve.org/CVERecord?id=CVE-2006-3631 https://nvd.nist.gov/vuln/detail/CVE-2006-3631 Moderate 2006-07-17T00:00:00 security flaw

Buffer overflow in Wireshark (aka Ethereal) 0.8.16 to 0.99.0 allows remote attackers to cause a denial of service and possibly execute arbitrary code via the NFS dissector.

Red Hat Enterprise Linux 3 2006-08-16T00:00:00 RHSA-2006:0602 wireshark-0:0.99.2-EL3.1 Red Hat Enterprise Linux 4 2006-08-16T00:00:00 RHSA-2006:0602 wireshark-0:0.99.2-EL4.1 https://www.cve.org/CVERecord?id=CVE-2006-3632 https://nvd.nist.gov/vuln/detail/CVE-2006-3632 Moderate 2008-05-27T00:00:00 kernel: Mishandling of invalid Register Stack Engine (RSE) state causes stack consumption and system crash 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CWE-400

The ia64 subsystem in the Linux kernel before 2.6.26 allows local users to cause a denial of service (stack consumption and system crash) via a crafted application that leverages the mishandling of invalid Register Stack Engine (RSE) state.

Red Hat Enterprise Linux 5 Will not fix kernel Red Hat Enterprise Linux 6 Not affected kernel Red Hat Enterprise Linux 7 Not affected kernel Red Hat Enterprise Linux 7 Not affected kernel-alt Red Hat Enterprise Linux 7 Not affected kernel-rt Red Hat Enterprise MRG 2 Not affected realtime-kernel https://www.cve.org/CVERecord?id=CVE-2006-3635 https://nvd.nist.gov/vuln/detail/CVE-2006-3635 Moderate 2006-09-04T00:00:00 security flaw

Multiple cross-site scripting (XSS) vulnerabilities in Mailman before 2.1.9rc1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Red Hat would like to thank Barry Warsaw for reporting this issue. Red Hat Enterprise Linux 3 2006-09-06T00:00:00 RHSA-2006:0600 mailman-3:2.1.5.1-25.rhel3.7 Red Hat Enterprise Linux 4 2006-09-06T00:00:00 RHSA-2006:0600 mailman-3:2.1.5.1-34.rhel4.5 https://www.cve.org/CVERecord?id=CVE-2006-3636 https://nvd.nist.gov/vuln/detail/CVE-2006-3636

KDE Konqueror 3.5.1 and earlier allows remote attackers to cause a denial of service (application crash) by calling the replaceChild method on a DOM object, which triggers a null dereference, as demonstrated by calling document.replaceChild with a 0 (zero) argument.

We do not consider a crash of a client application such as Konqueror to be a security issue. https://www.cve.org/CVERecord?id=CVE-2006-3672 https://nvd.nist.gov/vuln/detail/CVE-2006-3672 Critical 2006-07-26T00:00:00 security flaw

Mozilla Firefox 1.5 before 1.5.0.5 and SeaMonkey before 1.0.3 allows remote attackers to execute arbitrary code by changing certain properties of the window navigator object (window.navigator) that are accessed when Java starts up, which causes a crash that leads to code execution.

Red Hat Enterprise Linux 3 2006-07-27T00:00:00 RHSA-2006:0608 seamonkey-0:1.0.3-0.el3.1 Red Hat Enterprise Linux 4 2006-08-02T00:00:00 RHSA-2006:0609 devhelp-0:0.10-0.2.el4 Red Hat Enterprise Linux 4 2006-08-02T00:00:00 RHSA-2006:0609 seamonkey-0:1.0.3-0.el4.1 Red Hat Enterprise Linux 4 2006-07-28T00:00:00 RHSA-2006:0610 firefox-0:1.5.0.5-0.el4.1 Red Hat Enterprise Linux 4 2006-07-29T00:00:00 RHSA-2006:0611 thunderbird-0:1.5.0.5-0.el4.1 Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2006-08-28T00:00:00 RHSA-2006:0594 Red Hat Enterprise Linux ES version 2.1 2006-08-28T00:00:00 RHSA-2006:0594 Red Hat Enterprise Linux WS version 2.1 2006-08-28T00:00:00 RHSA-2006:0594 Red Hat Linux Advanced Workstation 2.1 2006-08-28T00:00:00 RHSA-2006:0594 https://www.cve.org/CVERecord?id=CVE-2006-3677 https://nvd.nist.gov/vuln/detail/CVE-2006-3677 Moderate 2006-07-11T00:00:00 security flaw

Multiple unspecified vulnerabilities in Ruby before 1.8.5 allow remote attackers to bypass "safe level" checks via unspecified vectors involving (1) the alias function and (2) "directory operations".

Red Hat Enterprise Linux 3 2006-07-27T00:00:00 RHSA-2006:0604 ruby-0:1.6.8-9.EL3.6 Red Hat Enterprise Linux 4 2006-07-27T00:00:00 RHSA-2006:0604 ruby-0:1.8.1-7.EL4.6 https://www.cve.org/CVERecord?id=CVE-2006-3694 https://nvd.nist.gov/vuln/detail/CVE-2006-3694

Mozilla Firefox 1.5.0.4 and earlier allows remote user-assisted attackers to cause a denial of service (crash) via a form with a multipart/form-data encoding and a user-uploaded file. NOTE: a third party has claimed that this issue might be related to the LiveHTTPHeaders extension.

We do not consider a user-assisted crash of a client application such as Firefox to be a security issue. https://www.cve.org/CVERecord?id=CVE-2006-3731 https://nvd.nist.gov/vuln/detail/CVE-2006-3731 Important 2006-09-28T00:00:00 openssl get_shared_ciphers overflow

Buffer overflow in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions has unspecified impact and remote attack vectors involving a long list of ciphers.

Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Red Hat Enterprise Linux 2.1 2006-09-28T00:00:00 RHSA-2006:0695 openssl-0:0.9.6b-46 Red Hat Enterprise Linux 2.1 2006-09-28T00:00:00 RHSA-2006:0695 openssl095a-0:0.9.5a-32 Red Hat Enterprise Linux 2.1 2006-09-28T00:00:00 RHSA-2006:0695 openssl096-0:0.9.6-32 Red Hat Enterprise Linux 3 2006-09-28T00:00:00 RHSA-2006:0695 openssl-0:0.9.7a-33.21 Red Hat Enterprise Linux 3 2006-09-28T00:00:00 RHSA-2006:0695 openssl096b-0:0.9.6b-16.46 Red Hat Enterprise Linux 4 2006-09-28T00:00:00 RHSA-2006:0695 openssl-0:0.9.7a-43.14 Red Hat Enterprise Linux 4 2006-09-28T00:00:00 RHSA-2006:0695 openssl096b-0:0.9.6b-22.46 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0525 rhn-solaris-bootstrap-0:5.0.2-3 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0525 rhn_solaris_bootstrap_5_0_2_3-0:1-0 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0525 rhn-solaris-bootstrap-0:5.0.2-3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0525 rhn_solaris_bootstrap_5_0_2_3-0:1-0 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0264 rhn-solaris-bootstrap-0:5.0.2-3 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0264 rhn_solaris_bootstrap_5_0_2_3-0:1-0 Red Hat Network Satellite Server v 5.1 2008-08-13T00:00:00 RHSA-2008:0629 rhn-solaris-bootstrap-0:5.1.1-3 Red Hat Network Satellite Server v 5.1 2008-08-13T00:00:00 RHSA-2008:0629 rhn_solaris_bootstrap_5_1_1_3-0:1-0 https://www.cve.org/CVERecord?id=CVE-2006-3738 https://nvd.nist.gov/vuln/detail/CVE-2006-3738 Important 2006-09-12T00:00:00 security flaw

Integer overflow in the CIDAFM function in X.Org 6.8.2 and XFree86 X server allows local users to execute arbitrary code via crafted Adobe Font Metrics (AFM) files with a modified number of character metrics (StartCharMetrics), which leads to a heap-based buffer overflow.

Red Hat Enterprise Linux 3 2006-09-12T00:00:00 RHSA-2006:0666 XFree86-0:4.3.0-113.EL Red Hat Enterprise Linux 4 2006-09-12T00:00:00 RHSA-2006:0665 xorg-x11-0:6.8.2-1.EL.13.37.2 https://www.cve.org/CVERecord?id=CVE-2006-3739 https://nvd.nist.gov/vuln/detail/CVE-2006-3739 Important 2006-09-12T00:00:00 security flaw

Integer overflow in the scan_cidfont function in X.Org 6.8.2 and XFree86 X server allows local users to execute arbitrary code via crafted (1) CMap and (2) CIDFont font data with modified item counts in the (a) begincodespacerange, (b) cidrange, and (c) notdefrange sections.

Red Hat Enterprise Linux 3 2006-09-12T00:00:00 RHSA-2006:0666 XFree86-0:4.3.0-113.EL Red Hat Enterprise Linux 4 2006-09-12T00:00:00 RHSA-2006:0665 xorg-x11-0:6.8.2-1.EL.13.37.2 https://www.cve.org/CVERecord?id=CVE-2006-3740 https://nvd.nist.gov/vuln/detail/CVE-2006-3740 Moderate 2006-09-08T00:00:00 security flaw

The perfmonctl system call (sys_perfmonctl) in Linux kernel 2.4.x and 2.6 before 2.6.18, when running on Itanium systems, does not properly track the reference count for file descriptors, which allows local users to cause a denial of service (file descriptor consumption).

Red Hat would like to thank Stephane Eranian for reporting this issue. Red Hat Enterprise Linux 4 2006-10-05T00:00:00 RHSA-2006:0689 kernel-0:2.6.9-42.0.3.EL https://www.cve.org/CVERecord?id=CVE-2006-3741 https://nvd.nist.gov/vuln/detail/CVE-2006-3741

The KDE PAM configuration shipped with Fedora Core 5 causes KDM passwords to be cached, which allows attackers to login without a password by attempting to log in multiple times.

Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. https://www.cve.org/CVERecord?id=CVE-2006-3742 https://nvd.nist.gov/vuln/detail/CVE-2006-3742 Moderate 2006-08-22T00:00:00 security flaw

Multiple buffer overflows in ImageMagick before 6.2.9 allow user-assisted attackers to execute arbitrary code via crafted XCF images.

Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Red Hat Enterprise Linux 3 2006-08-24T00:00:00 RHSA-2006:0633 ImageMagick-0:5.5.6-20 Red Hat Enterprise Linux 4 2006-08-24T00:00:00 RHSA-2006:0633 ImageMagick-0:6.0.7.1-16 https://www.cve.org/CVERecord?id=CVE-2006-3743 https://nvd.nist.gov/vuln/detail/CVE-2006-3743 Moderate 2006-08-22T00:00:00 security flaw

Multiple integer overflows in ImageMagick before 6.2.9 allows user-assisted attackers to execute arbitrary code via crafted Sun Rasterfile (bitmap) images that trigger heap-based buffer overflows.

Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Red Hat Enterprise Linux 3 2006-08-24T00:00:00 RHSA-2006:0633 ImageMagick-0:5.5.6-20 Red Hat Enterprise Linux 4 2006-08-24T00:00:00 RHSA-2006:0633 ImageMagick-0:6.0.7.1-16 https://www.cve.org/CVERecord?id=CVE-2006-3744 https://nvd.nist.gov/vuln/detail/CVE-2006-3744 Important 2006-08-22T00:00:00 security flaw

Unspecified vulnerability in the sctp_make_abort_user function in the SCTP implementation in Linux 2.6.x before 2.6.17.10 and 2.4.23 up to 2.4.33 allows local users to cause a denial of service (panic) and possibly gain root privileges via unknown attack vectors.

Red Hat would like to thank Wei Wang (McAfee Avert Labs) for reporting this issue. Red Hat Enterprise Linux 4 2006-08-22T00:00:00 RHSA-2006:0617 kernel-0:2.6.9-42.0.2.EL https://www.cve.org/CVERecord?id=CVE-2006-3745 https://nvd.nist.gov/vuln/detail/CVE-2006-3745 Moderate 2006-07-21T00:00:00 GnuPG Parse_Comment Remote Buffer Overflow

Integer overflow in parse_comment in GnuPG (gpg) 1.4.4 allows remote attackers to cause a denial of service (segmentation fault) via a crafted message.

Red Hat Enterprise Linux 3 2006-08-02T00:00:00 RHSA-2006:0615 gnupg-0:1.2.1-17 Red Hat Enterprise Linux 4 2006-08-02T00:00:00 RHSA-2006:0615 gnupg-0:1.2.6-6 https://www.cve.org/CVERecord?id=CVE-2006-3746 https://nvd.nist.gov/vuln/detail/CVE-2006-3746

Off-by-one error in the ldap scheme handling in the Rewrite module (mod_rewrite) in Apache 1.3 from 1.3.28, 2.0.46 and other versions before 2.0.59, and 2.2, when RewriteEngine is enabled, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted URLs that are not properly handled using certain rewrite rules.

The ability to exploit this issue is dependent on the stack layout for a particular compiled version of mod_rewrite. If the compiler has added padding to the stack immediately after the buffer being overwritten, this issue can not be exploited, and Apache httpd will continue operating normally. The Red Hat Security Response Team analyzed Red Hat Enterprise Linux 3 and Red Hat Enterprise Linux 4 binaries for all architectures as shipped by Red Hat and determined that these versions cannot be exploited. This issue does not affect the version of Apache httpd as supplied with Red Hat Enterprise Linux 2.1 https://www.cve.org/CVERecord?id=CVE-2006-3747 https://nvd.nist.gov/vuln/detail/CVE-2006-3747 Critical 2006-07-26T00:00:00 security flaw

Mozilla Firefox 1.5 before 1.5.0.5 and SeaMonkey before 1.0.3 does not properly clear a JavaScript reference to a frame or window, which leaves a pointer to a deleted object that allows remote attackers to execute arbitrary native code.

Red Hat Enterprise Linux 3 2006-07-27T00:00:00 RHSA-2006:0608 seamonkey-0:1.0.3-0.el3.1 Red Hat Enterprise Linux 4 2006-08-02T00:00:00 RHSA-2006:0609 devhelp-0:0.10-0.2.el4 Red Hat Enterprise Linux 4 2006-08-02T00:00:00 RHSA-2006:0609 seamonkey-0:1.0.3-0.el4.1 Red Hat Enterprise Linux 4 2006-07-28T00:00:00 RHSA-2006:0610 firefox-0:1.5.0.5-0.el4.1 Red Hat Enterprise Linux 4 2006-07-29T00:00:00 RHSA-2006:0611 thunderbird-0:1.5.0.5-0.el4.1 Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2006-08-28T00:00:00 RHSA-2006:0594 Red Hat Enterprise Linux ES version 2.1 2006-08-28T00:00:00 RHSA-2006:0594 Red Hat Enterprise Linux WS version 2.1 2006-08-28T00:00:00 RHSA-2006:0594 Red Hat Linux Advanced Workstation 2.1 2006-08-28T00:00:00 RHSA-2006:0594 https://www.cve.org/CVERecord?id=CVE-2006-3801 https://nvd.nist.gov/vuln/detail/CVE-2006-3801 Important 2006-07-26T00:00:00 security flaw

Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows remote attackers to hijack native DOM methods from objects in another domain and conduct cross-site scripting (XSS) attacks using DOM methods of the top-level object.

Red Hat Enterprise Linux 3 2006-07-27T00:00:00 RHSA-2006:0608 seamonkey-0:1.0.3-0.el3.1 Red Hat Enterprise Linux 4 2006-08-02T00:00:00 RHSA-2006:0609 devhelp-0:0.10-0.2.el4 Red Hat Enterprise Linux 4 2006-08-02T00:00:00 RHSA-2006:0609 seamonkey-0:1.0.3-0.el4.1 Red Hat Enterprise Linux 4 2006-07-28T00:00:00 RHSA-2006:0610 firefox-0:1.5.0.5-0.el4.1 Red Hat Enterprise Linux 4 2006-07-29T00:00:00 RHSA-2006:0611 thunderbird-0:1.5.0.5-0.el4.1 Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2006-08-28T00:00:00 RHSA-2006:0594 Red Hat Enterprise Linux ES version 2.1 2006-08-28T00:00:00 RHSA-2006:0594 Red Hat Enterprise Linux WS version 2.1 2006-08-28T00:00:00 RHSA-2006:0594 Red Hat Linux Advanced Workstation 2.1 2006-08-28T00:00:00 RHSA-2006:0594 https://www.cve.org/CVERecord?id=CVE-2006-3802 https://nvd.nist.gov/vuln/detail/CVE-2006-3802 Critical 2006-07-26T00:00:00 security flaw

Race condition in the JavaScript garbage collection in Mozilla Firefox 1.5 before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 might allow remote attackers to execute arbitrary code by causing the garbage collector to delete a temporary variable while it is still being used during the creation of a new Function object.

Red Hat Enterprise Linux 3 2006-07-27T00:00:00 RHSA-2006:0608 seamonkey-0:1.0.3-0.el3.1 Red Hat Enterprise Linux 4 2006-08-02T00:00:00 RHSA-2006:0609 devhelp-0:0.10-0.2.el4 Red Hat Enterprise Linux 4 2006-08-02T00:00:00 RHSA-2006:0609 seamonkey-0:1.0.3-0.el4.1 Red Hat Enterprise Linux 4 2006-07-28T00:00:00 RHSA-2006:0610 firefox-0:1.5.0.5-0.el4.1 Red Hat Enterprise Linux 4 2006-07-29T00:00:00 RHSA-2006:0611 thunderbird-0:1.5.0.5-0.el4.1 Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2006-08-28T00:00:00 RHSA-2006:0594 Red Hat Enterprise Linux ES version 2.1 2006-08-28T00:00:00 RHSA-2006:0594 Red Hat Enterprise Linux WS version 2.1 2006-08-28T00:00:00 RHSA-2006:0594 Red Hat Linux Advanced Workstation 2.1 2006-08-28T00:00:00 RHSA-2006:0594 https://www.cve.org/CVERecord?id=CVE-2006-3803 https://nvd.nist.gov/vuln/detail/CVE-2006-3803 Critical 2006-07-26T00:00:00 security flaw

Heap-based buffer overflow in Mozilla Thunderbird before 1.5.0.5 and SeaMonkey before 1.0.3 allows remote attackers to cause a denial of service (crash) via a VCard attachment with a malformed base64 field, which copies more data than expected due to an integer underflow.

Red Hat Enterprise Linux 3 2006-07-27T00:00:00 RHSA-2006:0608 seamonkey-0:1.0.3-0.el3.1 Red Hat Enterprise Linux 4 2006-08-02T00:00:00 RHSA-2006:0609 devhelp-0:0.10-0.2.el4 Red Hat Enterprise Linux 4 2006-08-02T00:00:00 RHSA-2006:0609 seamonkey-0:1.0.3-0.el4.1 Red Hat Enterprise Linux 4 2006-07-29T00:00:00 RHSA-2006:0611 thunderbird-0:1.5.0.5-0.el4.1 Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2006-08-28T00:00:00 RHSA-2006:0594 Red Hat Enterprise Linux ES version 2.1 2006-08-28T00:00:00 RHSA-2006:0594 Red Hat Enterprise Linux WS version 2.1 2006-08-28T00:00:00 RHSA-2006:0594 Red Hat Linux Advanced Workstation 2.1 2006-08-28T00:00:00 RHSA-2006:0594 https://www.cve.org/CVERecord?id=CVE-2006-3804 https://nvd.nist.gov/vuln/detail/CVE-2006-3804 Critical 2006-07-26T00:00:00 security flaw

The Javascript engine in Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 might allow remote attackers to execute arbitrary code via vectors involving garbage collection that causes deletion of a temporary object that is still being used.

Red Hat Enterprise Linux 3 2006-07-27T00:00:00 RHSA-2006:0608 seamonkey-0:1.0.3-0.el3.1 Red Hat Enterprise Linux 4 2006-08-02T00:00:00 RHSA-2006:0609 devhelp-0:0.10-0.2.el4 Red Hat Enterprise Linux 4 2006-08-02T00:00:00 RHSA-2006:0609 seamonkey-0:1.0.3-0.el4.1 Red Hat Enterprise Linux 4 2006-07-28T00:00:00 RHSA-2006:0610 firefox-0:1.5.0.5-0.el4.1 Red Hat Enterprise Linux 4 2006-07-29T00:00:00 RHSA-2006:0611 thunderbird-0:1.5.0.5-0.el4.1 Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2006-08-28T00:00:00 RHSA-2006:0594 Red Hat Enterprise Linux ES version 2.1 2006-08-28T00:00:00 RHSA-2006:0594 Red Hat Enterprise Linux WS version 2.1 2006-08-28T00:00:00 RHSA-2006:0594 Red Hat Linux Advanced Workstation 2.1 2006-08-28T00:00:00 RHSA-2006:0594 https://www.cve.org/CVERecord?id=CVE-2006-3805 https://nvd.nist.gov/vuln/detail/CVE-2006-3805 Critical 2006-07-26T00:00:00 security flaw

Multiple integer overflows in the Javascript engine in Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 might allow remote attackers to execute arbitrary code via vectors involving (1) long strings in the toSource method of the Object, Array, and String objects; and (2) unspecified "string function arguments."

Red Hat Enterprise Linux 3 2006-07-27T00:00:00 RHSA-2006:0608 seamonkey-0:1.0.3-0.el3.1 Red Hat Enterprise Linux 4 2006-08-02T00:00:00 RHSA-2006:0609 devhelp-0:0.10-0.2.el4 Red Hat Enterprise Linux 4 2006-08-02T00:00:00 RHSA-2006:0609 seamonkey-0:1.0.3-0.el4.1 Red Hat Enterprise Linux 4 2006-07-28T00:00:00 RHSA-2006:0610 firefox-0:1.5.0.5-0.el4.1 Red Hat Enterprise Linux 4 2006-07-29T00:00:00 RHSA-2006:0611 thunderbird-0:1.5.0.5-0.el4.1 Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2006-08-28T00:00:00 RHSA-2006:0594 Red Hat Enterprise Linux ES version 2.1 2006-08-28T00:00:00 RHSA-2006:0594 Red Hat Enterprise Linux WS version 2.1 2006-08-28T00:00:00 RHSA-2006:0594 Red Hat Linux Advanced Workstation 2.1 2006-08-28T00:00:00 RHSA-2006:0594 https://www.cve.org/CVERecord?id=CVE-2006-3806 https://nvd.nist.gov/vuln/detail/CVE-2006-3806 Critical 2006-07-26T00:00:00 security flaw

Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows remote attackers to execute arbitrary code via script that changes the standard Object() constructor to return a reference to a privileged object and calling "named JavaScript functions" that use the constructor.

Red Hat Enterprise Linux 3 2006-07-27T00:00:00 RHSA-2006:0608 seamonkey-0:1.0.3-0.el3.1 Red Hat Enterprise Linux 4 2006-08-02T00:00:00 RHSA-2006:0609 devhelp-0:0.10-0.2.el4 Red Hat Enterprise Linux 4 2006-08-02T00:00:00 RHSA-2006:0609 seamonkey-0:1.0.3-0.el4.1 Red Hat Enterprise Linux 4 2006-07-28T00:00:00 RHSA-2006:0610 firefox-0:1.5.0.5-0.el4.1 Red Hat Enterprise Linux 4 2006-07-29T00:00:00 RHSA-2006:0611 thunderbird-0:1.5.0.5-0.el4.1 Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2006-08-28T00:00:00 RHSA-2006:0594 Red Hat Enterprise Linux ES version 2.1 2006-08-28T00:00:00 RHSA-2006:0594 Red Hat Enterprise Linux WS version 2.1 2006-08-28T00:00:00 RHSA-2006:0594 Red Hat Linux Advanced Workstation 2.1 2006-08-28T00:00:00 RHSA-2006:0594 https://www.cve.org/CVERecord?id=CVE-2006-3807 https://nvd.nist.gov/vuln/detail/CVE-2006-3807 Important 2006-07-26T00:00:00 security flaw

Mozilla Firefox before 1.5.0.5 and SeaMonkey before 1.0.3 allows remote Proxy AutoConfig (PAC) servers to execute code with elevated privileges via a PAC script that sets the FindProxyForURL function to an eval method on a privileged object.

Red Hat Enterprise Linux 3 2006-07-27T00:00:00 RHSA-2006:0608 seamonkey-0:1.0.3-0.el3.1 Red Hat Enterprise Linux 4 2006-08-02T00:00:00 RHSA-2006:0609 devhelp-0:0.10-0.2.el4 Red Hat Enterprise Linux 4 2006-08-02T00:00:00 RHSA-2006:0609 seamonkey-0:1.0.3-0.el4.1 Red Hat Enterprise Linux 4 2006-07-28T00:00:00 RHSA-2006:0610 firefox-0:1.5.0.5-0.el4.1 Red Hat Enterprise Linux 4 2006-07-29T00:00:00 RHSA-2006:0611 thunderbird-0:1.5.0.5-0.el4.1 Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2006-08-28T00:00:00 RHSA-2006:0594 Red Hat Enterprise Linux ES version 2.1 2006-08-28T00:00:00 RHSA-2006:0594 Red Hat Enterprise Linux WS version 2.1 2006-08-28T00:00:00 RHSA-2006:0594 Red Hat Linux Advanced Workstation 2.1 2006-08-28T00:00:00 RHSA-2006:0594 https://www.cve.org/CVERecord?id=CVE-2006-3808 https://nvd.nist.gov/vuln/detail/CVE-2006-3808 Critical 2006-07-26T00:00:00 security flaw

Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows scripts with the UniversalBrowserRead privilege to gain UniversalXPConnect privileges and possibly execute code or obtain sensitive data by reading into a privileged context.

Red Hat Enterprise Linux 3 2006-07-27T00:00:00 RHSA-2006:0608 seamonkey-0:1.0.3-0.el3.1 Red Hat Enterprise Linux 4 2006-08-02T00:00:00 RHSA-2006:0609 devhelp-0:0.10-0.2.el4 Red Hat Enterprise Linux 4 2006-08-02T00:00:00 RHSA-2006:0609 seamonkey-0:1.0.3-0.el4.1 Red Hat Enterprise Linux 4 2006-07-28T00:00:00 RHSA-2006:0610 firefox-0:1.5.0.5-0.el4.1 Red Hat Enterprise Linux 4 2006-07-29T00:00:00 RHSA-2006:0611 thunderbird-0:1.5.0.5-0.el4.1 Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2006-08-28T00:00:00 RHSA-2006:0594 Red Hat Enterprise Linux ES version 2.1 2006-08-28T00:00:00 RHSA-2006:0594 Red Hat Enterprise Linux WS version 2.1 2006-08-28T00:00:00 RHSA-2006:0594 Red Hat Linux Advanced Workstation 2.1 2006-08-28T00:00:00 RHSA-2006:0594 https://www.cve.org/CVERecord?id=CVE-2006-3809 https://nvd.nist.gov/vuln/detail/CVE-2006-3809 Important 2006-07-26T00:00:00 security flaw

Cross-site scripting (XSS) vulnerability in Mozilla Firefox 1.5 before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows remote attackers to inject arbitrary web script or HTML via the XPCNativeWrapper(window).Function construct.

Red Hat Enterprise Linux 3 2006-07-27T00:00:00 RHSA-2006:0608 seamonkey-0:1.0.3-0.el3.1 Red Hat Enterprise Linux 4 2006-08-02T00:00:00 RHSA-2006:0609 devhelp-0:0.10-0.2.el4 Red Hat Enterprise Linux 4 2006-08-02T00:00:00 RHSA-2006:0609 seamonkey-0:1.0.3-0.el4.1 Red Hat Enterprise Linux 4 2006-07-28T00:00:00 RHSA-2006:0610 firefox-0:1.5.0.5-0.el4.1 Red Hat Enterprise Linux 4 2006-07-29T00:00:00 RHSA-2006:0611 thunderbird-0:1.5.0.5-0.el4.1 Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2006-08-28T00:00:00 RHSA-2006:0594 Red Hat Enterprise Linux ES version 2.1 2006-08-28T00:00:00 RHSA-2006:0594 Red Hat Enterprise Linux WS version 2.1 2006-08-28T00:00:00 RHSA-2006:0594 Red Hat Linux Advanced Workstation 2.1 2006-08-28T00:00:00 RHSA-2006:0594 https://www.cve.org/CVERecord?id=CVE-2006-3810 https://nvd.nist.gov/vuln/detail/CVE-2006-3810 Critical 2006-07-26T00:00:00 security flaw

Multiple vulnerabilities in Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via Javascript that leads to memory corruption, including (1) nsListControlFrame::FireMenuItemActiveEvent, (2) buffer overflows in the string class in out-of-memory conditions, (3) table row and column groups, (4) "anonymous box selectors outside of UA stylesheets," (5) stale references to "removed nodes," and (6) running the crypto.generateCRMFRequest callback on deleted context.

Red Hat Enterprise Linux 3 2006-07-27T00:00:00 RHSA-2006:0608 seamonkey-0:1.0.3-0.el3.1 Red Hat Enterprise Linux 4 2006-08-02T00:00:00 RHSA-2006:0609 devhelp-0:0.10-0.2.el4 Red Hat Enterprise Linux 4 2006-08-02T00:00:00 RHSA-2006:0609 seamonkey-0:1.0.3-0.el4.1 Red Hat Enterprise Linux 4 2006-07-28T00:00:00 RHSA-2006:0610 firefox-0:1.5.0.5-0.el4.1 Red Hat Enterprise Linux 4 2006-07-29T00:00:00 RHSA-2006:0611 thunderbird-0:1.5.0.5-0.el4.1 Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2006-08-28T00:00:00 RHSA-2006:0594 Red Hat Enterprise Linux ES version 2.1 2006-08-28T00:00:00 RHSA-2006:0594 Red Hat Enterprise Linux WS version 2.1 2006-08-28T00:00:00 RHSA-2006:0594 Red Hat Linux Advanced Workstation 2.1 2006-08-28T00:00:00 RHSA-2006:0594 https://www.cve.org/CVERecord?id=CVE-2006-3811 https://nvd.nist.gov/vuln/detail/CVE-2006-3811 Important 2006-07-26T00:00:00 vulnerabilities: CVE-2006-{3113,3677,3801-3812}

Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows remote attackers to reference remote files and possibly load chrome: URLs by tricking the user into copying or dragging links.

Red Hat Enterprise Linux 3 2006-07-27T00:00:00 RHSA-2006:0608 seamonkey-0:1.0.3-0.el3.1 Red Hat Enterprise Linux 4 2006-08-02T00:00:00 RHSA-2006:0609 devhelp-0:0.10-0.2.el4 Red Hat Enterprise Linux 4 2006-08-02T00:00:00 RHSA-2006:0609 seamonkey-0:1.0.3-0.el4.1 Red Hat Enterprise Linux 4 2006-07-28T00:00:00 RHSA-2006:0610 firefox-0:1.5.0.5-0.el4.1 Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2006-08-28T00:00:00 RHSA-2006:0594 Red Hat Enterprise Linux ES version 2.1 2006-08-28T00:00:00 RHSA-2006:0594 Red Hat Enterprise Linux WS version 2.1 2006-08-28T00:00:00 RHSA-2006:0594 Red Hat Linux Advanced Workstation 2.1 2006-08-28T00:00:00 RHSA-2006:0594 https://www.cve.org/CVERecord?id=CVE-2006-3812 https://nvd.nist.gov/vuln/detail/CVE-2006-3812 Important 2006-08-10T00:00:00 security flaw

A regression error in the Perl package for Red Hat Enterprise Linux 4 omits the patch for CVE-2005-0155, which allows local users to overwrite arbitrary files with debugging information.

Red Hat Enterprise Linux 4 2006-08-10T00:00:00 RHSA-2006:0605 perl-3:5.8.5-36.RHEL4 https://www.cve.org/CVERecord?id=CVE-2006-3813 https://nvd.nist.gov/vuln/detail/CVE-2006-3813 Low 2006-07-21T00:00:00 tomcat directory listing issue

Apache Tomcat 5 before 5.5.17 allows remote attackers to list directories via a semicolon (;) preceding a filename with a mapped extension, as demonstrated by URLs ending with /;index.jsp and /;help.do.

This issue is not a security issue in Tomcat itself, but is caused when directory listings are enabled. Details on how to disable directory listings are available at: http://tomcat.apache.org/faq/misc.html#listing Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 ant-0:1.6.5-1jpp_1rh Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 avalon-logkit-0:1.2-2jpp_4rh Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 axis-0:1.2.1-1jpp_3rh Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 classpathx-jaf-0:1.0-2jpp_6rh Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 classpathx-mail-0:1.1.1-2jpp_8rh Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 geronimo-specs-0:1.0-0.M4.1jpp_10rh Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 jakarta-commons-modeler-0:2.0-3jpp_2rh Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 log4j-0:1.2.12-1jpp_1rh Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 mx4j-1:3.0.1-1jpp_4rh Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 pcsc-lite-0:1.3.3-3.el4 Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 rhpki-ca-0:7.3.0-20.el4 Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 rhpki-java-tools-0:7.3.0-10.el4 Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 rhpki-kra-0:7.3.0-14.el4 Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 rhpki-manage-0:7.3.0-19.el4 Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 rhpki-native-tools-0:7.3.0-6.el4 Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 rhpki-ocsp-0:7.3.0-13.el4 Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 rhpki-tks-0:7.3.0-13.el4 Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 tomcat5-0:5.5.23-0jpp_4rh.16 Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 xerces-j2-0:2.7.1-1jpp_1rh Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 xml-commons-0:1.3.02-2jpp_1rh Red Hat Network Satellite Server v 4.0 2007-11-26T00:00:00 RHSA-2007:1069 jakarta-commons-pool-0:1.2-2jpp_2rh Red Hat Network Satellite Server v 4.0 2007-11-26T00:00:00 RHSA-2007:1069 tomcat5-0:5.0.30-0jpp_6rh Red Hat Network Satellite Server v 4.0 2007-11-26T00:00:00 RHSA-2007:1069 tyrex-0:1.0.1-2jpp_2rh Red Hat Network Satellite Server v 4.0 (RHEL3) 2007-11-26T00:00:00 RHSA-2007:1069 jakarta-commons-pool-0:1.2-2jpp_2rh Red Hat Network Satellite Server v 4.0 (RHEL3) 2007-11-26T00:00:00 RHSA-2007:1069 tomcat5-0:5.0.30-0jpp_6rh Red Hat Network Satellite Server v 4.0 (RHEL3) 2007-11-26T00:00:00 RHSA-2007:1069 tyrex-0:1.0.1-2jpp_2rh Red Hat Network Satellite Server v 4.1 2007-11-26T00:00:00 RHSA-2007:1069 jakarta-commons-pool-0:1.2-2jpp_2rh Red Hat Network Satellite Server v 4.1 2007-11-26T00:00:00 RHSA-2007:1069 tomcat5-0:5.0.30-0jpp_6rh Red Hat Network Satellite Server v 4.1 2007-11-26T00:00:00 RHSA-2007:1069 tyrex-0:1.0.1-2jpp_2rh Red Hat Network Satellite Server v 4.1 (RHEL3) 2007-11-26T00:00:00 RHSA-2007:1069 jakarta-commons-pool-0:1.2-2jpp_2rh Red Hat Network Satellite Server v 4.1 (RHEL3) 2007-11-26T00:00:00 RHSA-2007:1069 tomcat5-0:5.0.30-0jpp_6rh Red Hat Network Satellite Server v 4.1 (RHEL3) 2007-11-26T00:00:00 RHSA-2007:1069 tyrex-0:1.0.1-2jpp_2rh Red Hat Network Satellite Server v 4.2 2007-11-26T00:00:00 RHSA-2007:1069 jakarta-commons-pool-0:1.2-2jpp_2rh Red Hat Network Satellite Server v 4.2 2007-11-26T00:00:00 RHSA-2007:1069 tomcat5-0:5.0.30-0jpp_6rh Red Hat Network Satellite Server v 4.2 2007-11-26T00:00:00 RHSA-2007:1069 tyrex-0:1.0.1-2jpp_2rh Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 jabberd-0:2.0s10-3.38.rhn Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 jfreechart-0:0.9.20-3.rhn Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 openmotif21-0:2.1.30-11.RHEL4.6 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 perl-Crypt-CBC-0:2.24-1.el4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 rhn-apache-0:1.3.27-36.rhn.rhel4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 rhn-modjk-0:1.2.23-2rhn.rhel4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 rhn-modperl-0:1.29-16.rhel4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 rhn-modssl-0:2.8.12-8.rhn.10.rhel4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 tomcat5-0:5.0.30-0jpp_10rh Red Hat Network Satellite Server v 4.2 (RHEL3) 2007-11-26T00:00:00 RHSA-2007:1069 jakarta-commons-pool-0:1.2-2jpp_2rh Red Hat Network Satellite Server v 4.2 (RHEL3) 2007-11-26T00:00:00 RHSA-2007:1069 tomcat5-0:5.0.30-0jpp_6rh Red Hat Network Satellite Server v 4.2 (RHEL3) 2007-11-26T00:00:00 RHSA-2007:1069 tyrex-0:1.0.1-2jpp_2rh Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 jabberd-0:2.0s10-3.37.rhn Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 jfreechart-0:0.9.20-3.rhn Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 openmotif21-0:2.1.30-9.RHEL3.8 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 perl-Crypt-CBC-0:2.24-1.el3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 rhn-apache-0:1.3.27-36.rhn.rhel3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 rhn-modjk-0:1.2.23-2rhn.rhel3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 rhn-modperl-0:1.29-16.rhel3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 rhn-modssl-0:2.8.12-8.rhn.10.rhel3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 tomcat5-0:5.0.30-0jpp_10rh Red Hat Network Satellite Server v 5.0 2007-11-26T00:00:00 RHSA-2007:1069 jakarta-commons-pool-0:1.2-2jpp_2rh Red Hat Network Satellite Server v 5.0 2007-11-26T00:00:00 RHSA-2007:1069 tomcat5-0:5.0.30-0jpp_6rh Red Hat Network Satellite Server v 5.0 2007-11-26T00:00:00 RHSA-2007:1069 tyrex-0:1.0.1-2jpp_2rh Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 jabberd-0:2.0s10-3.38.rhn Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 jfreechart-0:0.9.20-3.rhn Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 openmotif21-0:2.1.30-11.RHEL4.6 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 perl-Crypt-CBC-0:2.24-1.el4 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 rhn-apache-0:1.3.27-36.rhn.rhel4 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 rhn-modjk-0:1.2.23-2rhn.rhel4 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 rhn-modperl-0:1.29-16.rhel4 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 rhn-modssl-0:2.8.12-8.rhn.10.rhel4 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 tomcat5-0:5.0.30-0jpp_10rh RHAPS Version 1 for RHEL 3 2007-05-08T00:00:00 RHSA-2007:0340 tomcat5-0:5.0.30-0jpp_5rh RHAPS Version 2 for RHEL 4 2007-05-21T00:00:00 RHSA-2007:0326 jakarta-commons-modeler-0:2.0-3jpp_2rh RHAPS Version 2 for RHEL 4 2007-05-21T00:00:00 RHSA-2007:0326 tomcat5-0:5.5.23-0jpp_4rh.3 https://www.cve.org/CVERecord?id=CVE-2006-3835 https://nvd.nist.gov/vuln/detail/CVE-2006-3835

Integer overflow in the loadChunk function in loaders/load_gt2.c in libmikmod in Mikmod Sound System 3.2.2 allows remote attackers to cause a denial of service via a GRAOUMF TRACKER (GT2) module file with a large (0xffffffff) comment length value in an XCOM chunk.

This issue does not affect versions of Mikmod 3.2.0-beta2 or prior. Versions of Mikmod distributed with Red Hat Enterprise Linux 2.1, 3, and 4 are based on version 3.1.11 and are therefore not vulnerable to this issue. https://www.cve.org/CVERecord?id=CVE-2006-3879 https://nvd.nist.gov/vuln/detail/CVE-2006-3879 Moderate 2006-05-08T00:00:00 httpd: Expect header XSS CWE-79

http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file.

Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 ant-0:1.6.5-1jpp_1rh Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 avalon-logkit-0:1.2-2jpp_4rh Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 axis-0:1.2.1-1jpp_3rh Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 classpathx-jaf-0:1.0-2jpp_6rh Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 classpathx-mail-0:1.1.1-2jpp_8rh Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 geronimo-specs-0:1.0-0.M4.1jpp_10rh Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 jakarta-commons-modeler-0:2.0-3jpp_2rh Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 log4j-0:1.2.12-1jpp_1rh Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 mx4j-1:3.0.1-1jpp_4rh Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 pcsc-lite-0:1.3.3-3.el4 Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 rhpki-ca-0:7.3.0-20.el4 Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 rhpki-java-tools-0:7.3.0-10.el4 Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 rhpki-kra-0:7.3.0-14.el4 Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 rhpki-manage-0:7.3.0-19.el4 Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 rhpki-native-tools-0:7.3.0-6.el4 Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 rhpki-ocsp-0:7.3.0-13.el4 Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 rhpki-tks-0:7.3.0-13.el4 Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 tomcat5-0:5.5.23-0jpp_4rh.16 Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 xerces-j2-0:2.7.1-1jpp_1rh Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 xml-commons-0:1.3.02-2jpp_1rh Red Hat Enterprise Linux 3 2006-08-10T00:00:00 RHSA-2006:0619 httpd-0:2.0.46-61.ent Red Hat Enterprise Linux 4 2006-08-10T00:00:00 RHSA-2006:0619 httpd-0:2.0.52-28.ent Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2006-08-08T00:00:00 RHSA-2006:0618 Red Hat Enterprise Linux ES version 2.1 2006-08-08T00:00:00 RHSA-2006:0618 Red Hat Enterprise Linux WS version 2.1 2006-08-08T00:00:00 RHSA-2006:0618 Red Hat Linux Advanced Workstation 2.1 2006-08-08T00:00:00 RHSA-2006:0618 Red Hat Network Proxy v 4.2 (RHEL 3) 2008-06-30T00:00:00 RHSA-2008:0523 jabberd-0:2.0s10-3.37.rhn Red Hat Network Proxy v 4.2 (RHEL 3) 2008-06-30T00:00:00 RHSA-2008:0523 rhn-apache-0:1.3.27-36.rhn.rhel3 Red Hat Network Proxy v 4.2 (RHEL 3) 2008-06-30T00:00:00 RHSA-2008:0523 rhn-modperl-0:1.29-16.rhel3 Red Hat Network Proxy v 4.2 (RHEL 4) 2008-06-30T00:00:00 RHSA-2008:0523 jabberd-0:2.0s10-3.38.rhn Red Hat Network Proxy v 4.2 (RHEL 4) 2008-06-30T00:00:00 RHSA-2008:0523 rhn-apache-0:1.3.27-36.rhn.rhel4 Red Hat Network Proxy v 4.2 (RHEL 4) 2008-06-30T00:00:00 RHSA-2008:0523 rhn-modperl-0:1.29-16.rhel4 Stronghold 4.0 for Red Hat Enterprise Linux AS (version 2.1) 2006-09-29T00:00:00 RHSA-2006:0692 https://www.cve.org/CVERecord?id=CVE-2006-3918 https://nvd.nist.gov/vuln/detail/CVE-2006-3918 Moderate 2006-08-11T00:00:00 security flaw

Dynamic variable evaluation vulnerability in compose.php in SquirrelMail 1.4.0 to 1.4.7 allows remote attackers to overwrite arbitrary program variables and read or write the attachments and preferences of other users.

Red Hat Enterprise Linux 3 2006-09-26T00:00:00 RHSA-2006:0668 squirrelmail-0:1.4.8-2.el3 Red Hat Enterprise Linux 4 2006-09-26T00:00:00 RHSA-2006:0668 squirrelmail-0:1.4.8-2.el4 https://www.cve.org/CVERecord?id=CVE-2006-4019 https://nvd.nist.gov/vuln/detail/CVE-2006-4019 Low 2006-08-04T00:00:00 security flaw

scanf.c in PHP 5.1.4 and earlier, and 4.4.3 and earlier, allows context-dependent attackers to execute arbitrary code via a sscanf PHP function call that performs argument swapping, which increments an index past the end of an array and triggers a buffer over-read.

Red Hat Enterprise Linux 3 2006-09-21T00:00:00 RHSA-2006:0669 php-0:4.3.2-36.ent Red Hat Enterprise Linux 4 2006-09-21T00:00:00 RHSA-2006:0669 php-0:4.3.9-3.18 Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2006-09-21T00:00:00 RHSA-2006:0682 Red Hat Enterprise Linux ES version 2.1 2006-09-21T00:00:00 RHSA-2006:0682 Red Hat Enterprise Linux WS version 2.1 2006-09-21T00:00:00 RHSA-2006:0682 Red Hat Linux Advanced Workstation 2.1 2006-09-21T00:00:00 RHSA-2006:0682 Red Hat Web Application Stack for RHEL 4 2006-10-05T00:00:00 RHSA-2006:0688 php-0:5.1.4-1.el4s1.4 Stronghold 4.0 for Red Hat Enterprise Linux AS (version 2.1) 2006-12-11T00:00:00 RHSA-2006:0736 https://www.cve.org/CVERecord?id=CVE-2006-4020 https://nvd.nist.gov/vuln/detail/CVE-2006-4020 Low 2006-07-29T00:00:00 php: Improper validation of strings in ip2long function (remote attackers able to obtain network information and facilitate other attacks) 2.6 AV:N/AC:H/Au:N/C:P/I:N/A:N CWE-20

The ip2long function in PHP 5.1.4 and earlier may incorrectly validate an arbitrary string and return a valid network IP address, which allows remote attackers to obtain network information and facilitate other attacks, as demonstrated using SQL injection in the X-FORWARDED-FOR Header in index.php in MiniBB 2.0. NOTE: it could be argued that the ip2long behavior represents a risk for security-relevant issues in a way that is similar to strcpy's role in buffer overflows, in which case this would be a class of implementation bugs that would require separate CVE items for each PHP application that uses ip2long in a security-relevant manner.

Red Hat Enterprise Linux 5 Will not fix php Red Hat Enterprise Linux 5 Will not fix php53 Red Hat Enterprise Linux 6 Will not fix php https://www.cve.org/CVERecord?id=CVE-2006-4023 https://nvd.nist.gov/vuln/detail/CVE-2006-4023 Low 2005-11-23T00:00:00 MySQL improper permission revocation

MySQL 4.1 before 4.1.21 and 5.0 before 5.0.24 allows a local user to access a table through a previously created MERGE table, even after the user's privileges are revoked for the original table, which might violate intended security policy.

This issue did not affect mysql packages as shipped with Red Hat Enterprise Linux 2.1 or 3 Red Hat Enterprise Linux 4 2008-07-24T00:00:00 RHSA-2008:0768 mysql-0:4.1.22-2.el4 Red Hat Enterprise Linux 5 2008-05-20T00:00:00 RHSA-2008:0364 mysql-0:5.0.45-7.el5 Red Hat Web Application Stack for RHEL 4 2007-02-19T00:00:00 RHSA-2007:0083 mysql-0:5.0.30-1.el4s1.1 https://www.cve.org/CVERecord?id=CVE-2006-4031 https://nvd.nist.gov/vuln/detail/CVE-2006-4031 Moderate 2006-08-17T00:00:00 security flaw

Linux kernel 2.x.6 before 2.6.17.9 and 2.4.x before 2.4.33.1 on PowerPC PPC970 systems allows local users to cause a denial of service (crash) related to the "HID0 attention enable on PPC970 at boot time."

Red Hat would like to thank Olof Johansson for reporting this issue. Red Hat Enterprise Linux 4 2006-10-05T00:00:00 RHSA-2006:0689 kernel-0:2.6.9-42.0.3.EL https://www.cve.org/CVERecord?id=CVE-2006-4093 https://nvd.nist.gov/vuln/detail/CVE-2006-4093

BIND before 9.2.6-P1 and 9.3.x before 9.3.2-P1 allows remote attackers to cause a denial of service (crash) via certain SIG queries, which cause an assertion failure when multiple RRsets are returned.

Not Vulnerable. The version of BIND that ships with Red Hat Enterprise Linux is not vulnerable to this issue as it does not handle signed RR records. https://www.cve.org/CVERecord?id=CVE-2006-4095 https://nvd.nist.gov/vuln/detail/CVE-2006-4095 Important 2006-09-05T00:00:00 INSIST failure in ISC BIND recursive query

BIND before 9.2.6-P1 and 9.3.x before 9.3.2-P1 allows remote attackers to cause a denial of service (crash) via a flood of recursive queries, which cause an INSIST failure when the response is received after the recursion queue is empty.

This issue does not affect Red Hat Enterprise Linux 2.1 Red Hat Desktop version 3 2006-07-20T00:00:00 RHBA-2006:0287 Red Hat Enterprise Linux AS version 3 2006-07-20T00:00:00 RHBA-2006:0287 Red Hat Enterprise Linux AS version 4 2006-08-09T00:00:00 RHBA-2006:0288 Red Hat Enterprise Linux Desktop version 4 2006-08-09T00:00:00 RHBA-2006:0288 Red Hat Enterprise Linux ES version 3 2006-07-20T00:00:00 RHBA-2006:0287 Red Hat Enterprise Linux ES version 4 2006-08-09T00:00:00 RHBA-2006:0288 Red Hat Enterprise Linux WS version 3 2006-07-20T00:00:00 RHBA-2006:0287 Red Hat Enterprise Linux WS version 4 2006-08-09T00:00:00 RHBA-2006:0288 https://www.cve.org/CVERecord?id=CVE-2006-4096 https://nvd.nist.gov/vuln/detail/CVE-2006-4096

The libXm library in LessTif 0.95.0 and earlier allows local users to gain privileges via the DEBUG_FILE environment variable, which is used to create world-writable files when libXm is run from a setuid program.

LessTif is shipped with Red Hat Enterprise Linux 2.1 but not 3 or 4. On Enterprise Linux 2.1 we build LessTif with debugging disabled, so the DEBUG_FILE environment variable is ignored and this issue cannot be exploited. https://www.cve.org/CVERecord?id=CVE-2006-4124 https://nvd.nist.gov/vuln/detail/CVE-2006-4124 Moderate 2006-08-14T00:00:00 security flaw

Integer overflow in the ReadSGIImage function in sgi.c in ImageMagick before 6.2.9 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via large (1) bytes_per_pixel, (2) columns, and (3) rows values, which trigger a heap-based buffer overflow.

Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Red Hat Enterprise Linux 3 2006-08-24T00:00:00 RHSA-2006:0633 ImageMagick-0:5.5.6-20 Red Hat Enterprise Linux 4 2006-08-24T00:00:00 RHSA-2006:0633 ImageMagick-0:6.0.7.1-16 https://www.cve.org/CVERecord?id=CVE-2006-4144 https://nvd.nist.gov/vuln/detail/CVE-2006-4144 Low 2006-06-16T00:00:00 UDF truncating issue

The Universal Disk Format (UDF) filesystem driver in Linux kernel 2.6.17 and earlier allows local users to cause a denial of service (hang and crash) via certain operations involving truncated files, as demonstrated via the dd command.

Red Hat Enterprise Linux 4 2008-07-24T00:00:00 RHSA-2008:0665 kernel-0:2.6.9-78.EL https://www.cve.org/CVERecord?id=CVE-2006-4145 https://nvd.nist.gov/vuln/detail/CVE-2006-4145 Low 2006-08-31T00:00:00 GDB buffer overflow

Buffer overflow in the (1) DWARF (dwarfread.c) and (2) DWARF2 (dwarf2read.c) debugging code in GNU Debugger (GDB) 6.5 allows user-assisted attackers, or restricted users, to execute arbitrary code via a crafted file with a location block (DW_FORM_block) that contains a large number of operations.

Red Hat Enterprise Linux 5 was not vulnerable to this issue as it contained a backported patch. Red Hat Enterprise Linux 3 2007-06-07T00:00:00 RHSA-2007:0469 gdb-0:6.3.0.0-1.138.el3 Red Hat Enterprise Linux 4 2007-05-01T00:00:00 RHSA-2007:0229 gdb-0:6.3.0.0-1.143.el4 https://www.cve.org/CVERecord?id=CVE-2006-4146 https://nvd.nist.gov/vuln/detail/CVE-2006-4146 Moderate 2007-06-13T00:00:00 libexif integer overflow CWE-190

Integer overflow in the exif_data_load_data_entry function in libexif/exif-data.c in Libexif before 0.6.16 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via an image with many EXIF components, which triggers a heap-based buffer overflow.

Red Hat Enterprise Linux 4 2007-06-14T00:00:00 RHSA-2007:0501 libexif-0:0.5.12-5.1.0.2 Red Hat Enterprise Linux 5 2007-06-14T00:00:00 RHSA-2007:0501 libexif-0:0.6.13-4.0.2.el5 https://www.cve.org/CVERecord?id=CVE-2006-4168 https://nvd.nist.gov/vuln/detail/CVE-2006-4168

Format string vulnerability in the sqllog function in the SQL accounting code for radiusd in GNU Radius 1.2 and 1.3 allows remote attackers to execute arbitrary code via unknown vectors.

Not Vulnerable. Red Hat does not ship GNU Radius in Red Hat Enterprise Linux 2.1, 3, or 4. https://www.cve.org/CVERecord?id=CVE-2006-4181 https://nvd.nist.gov/vuln/detail/CVE-2006-4181 Low 2006-10-06T00:00:00 libmodplug: Integer overflow when reading samples of AMF files 5.1 AV:N/AC:H/Au:N/C:P/I:P/A:P CWE-190->CWE-122

Multiple buffer overflows in MODPlug Tracker (OpenMPT) 1.17.02.43 and earlier and libmodplug 0.8 and earlier, as used in GStreamer and possibly other products, allow user-assisted remote attackers to execute arbitrary code via (1) long strings in ITP files used by the CSoundFile::ReadITProject function in soundlib/Load_it.cpp and (2) crafted modules used by the CSoundFile::ReadSample function in soundlib/Sndfile.cpp, as demonstrated by crafted AMF files.

Red Hat Enterprise Linux 4 2011-05-02T00:00:00 RHSA-2011:0477 gstreamer-plugins-0:0.8.5-1.EL.3 https://www.cve.org/CVERecord?id=CVE-2006-4192 https://nvd.nist.gov/vuln/detail/CVE-2006-4192 Low 2006-02-22T00:00:00 mysql-server create database privilege escalation

MySQL before 4.1.21, 5.0 before 5.0.25, and 5.1 before 5.1.12, when run on case-sensitive filesystems, allows remote authenticated users to create or access a database when the database name differs only in case from a database for which they have permissions.

This issue does not affect Red Hat Enterprise Linux 2.1 or 3 Red Hat Enterprise Linux 4 2007-04-03T00:00:00 RHSA-2007:0152 mysql-0:4.1.20-2.RHEL4.1 Red Hat Web Application Stack for RHEL 4 2007-02-19T00:00:00 RHSA-2007:0083 mysql-0:5.0.30-1.el4s1.1 https://www.cve.org/CVERecord?id=CVE-2006-4226 https://nvd.nist.gov/vuln/detail/CVE-2006-4226 Moderate 2006-03-29T00:00:00 mysql improper suid argument evaluation

MySQL before 5.0.25 and 5.1 before 5.1.12 evaluates arguments of suid routines in the security context of the routine's definer instead of the routine's caller, which allows remote authenticated users to gain privileges through a routine that has been made available using GRANT EXECUTE.

This issue did not affect the versions of MySQL as shipped with Red Hat Enterprise Linux 2.1, 3, or 4. Red Hat Enterprise Linux 5 2008-05-20T00:00:00 RHSA-2008:0364 mysql-0:5.0.45-7.el5 Red Hat Web Application Stack for RHEL 4 2007-02-19T00:00:00 RHSA-2007:0083 mysql-0:5.0.30-1.el4s1.1 https://www.cve.org/CVERecord?id=CVE-2006-4227 https://nvd.nist.gov/vuln/detail/CVE-2006-4227 Important 2006-08-12T00:00:00 security flaw

Concurrency vulnerability in Mozilla Firefox 1.5.0.6 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via multiple Javascript timed events that load a deeply nested XML file, followed by redirecting the browser to another page, which leads to a concurrency failure that causes structures to be freed incorrectly, as demonstrated by (1) ffoxdie and (2) ffoxdie3. NOTE: it has been reported that Netscape 8.1 and K-Meleon 1.0.1 are also affected by ffoxdie. Mozilla confirmed to CVE that ffoxdie and ffoxdie3 trigger the same underlying vulnerability. NOTE: it was later reported that Firefox 2.0 RC2 and 1.5.0.7 are also affected.

Red Hat Enterprise Linux 3 2006-09-15T00:00:00 RHSA-2006:0676 seamonkey-0:1.0.5-0.1.el3 Red Hat Enterprise Linux 4 2006-09-15T00:00:00 RHSA-2006:0675 firefox-0:1.5.0.7-0.1.el4 Red Hat Enterprise Linux 4 2006-09-15T00:00:00 RHSA-2006:0676 devhelp-0:0.10-0.4.el4 Red Hat Enterprise Linux 4 2006-09-15T00:00:00 RHSA-2006:0676 seamonkey-0:1.0.5-0.1.el4 Red Hat Enterprise Linux 4 2006-09-15T00:00:00 RHSA-2006:0677 thunderbird-0:1.5.0.7-0.1.el4 https://www.cve.org/CVERecord?id=CVE-2006-4253 https://nvd.nist.gov/vuln/detail/CVE-2006-4253 Low 2006-08-20T00:00:00 cscope: multiple buffer overflows 3.7 AV:L/AC:H/Au:N/C:P/I:P/A:P

Multiple buffer overflows in cscope 15.5 and earlier allow user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via multiple vectors including (1) a long pathname that is not properly handled during file list parsing, (2) long pathnames that result from path variable expansion such as tilde expansion for the HOME environment variable, and (3) a long -f (aka reffile) command line argument.

Red Hat Enterprise Linux 5 was not vulnerable to this issue as it contained a backported patch since its first release. Red Hat Enterprise Linux 3 2009-06-15T00:00:00 RHSA-2009:1101 cscope-0:15.5-16.RHEL3 Red Hat Enterprise Linux 4 2009-06-15T00:00:00 RHSA-2009:1101 cscope-0:15.5-10.RHEL4.3 https://www.cve.org/CVERecord?id=CVE-2006-4262 https://nvd.nist.gov/vuln/detail/CVE-2006-4262

Mozilla Firefox 1.5.0.6 allows remote attackers to cause a denial of service (crash) via a crafted FTP response, when attempting to connect with a username and password via the FTP URI.

Red Hat does not consider this flaw a security issue. This flaw is the result of a NULL pointer dereference, which is not exploitable and can only cause a client crash. https://www.cve.org/CVERecord?id=CVE-2006-4310 https://nvd.nist.gov/vuln/detail/CVE-2006-4310 Low 2006-08-23T00:00:00 security flaw

Unspecified vulnerability in the SCSI dissector in Wireshark (formerly Ethereal) 0.99.2 allows remote attackers to cause a denial of service (crash) via unspecified vectors.

Red Hat Enterprise Linux 3 2006-09-12T00:00:00 RHSA-2006:0658 wireshark-0:0.99.3-EL3.2 Red Hat Enterprise Linux 4 2006-09-12T00:00:00 RHSA-2006:0658 wireshark-0:0.99.3-EL4.2 https://www.cve.org/CVERecord?id=CVE-2006-4330 https://nvd.nist.gov/vuln/detail/CVE-2006-4330 Low 2006-08-23T00:00:00 security flaw

Multiple off-by-one errors in the IPSec ESP preference parser in Wireshark (formerly Ethereal) 0.99.2 allow remote attackers to cause a denial of service (crash) via unspecified vectors.

Red Hat Enterprise Linux 3 2006-09-12T00:00:00 RHSA-2006:0658 wireshark-0:0.99.3-EL3.2 Red Hat Enterprise Linux 4 2006-09-12T00:00:00 RHSA-2006:0658 wireshark-0:0.99.3-EL4.2 https://www.cve.org/CVERecord?id=CVE-2006-4331 https://nvd.nist.gov/vuln/detail/CVE-2006-4331 Low 2006-08-23T00:00:00 security flaw

The SSCOP dissector in Wireshark (formerly Ethereal) before 0.99.3 allows remote attackers to cause a denial of service (resource consumption) via malformed packets that cause the Q.2391 dissector to use excessive memory.

Red Hat Enterprise Linux 3 2006-09-12T00:00:00 RHSA-2006:0658 wireshark-0:0.99.3-EL3.2 Red Hat Enterprise Linux 4 2006-09-12T00:00:00 RHSA-2006:0658 wireshark-0:0.99.3-EL4.2 https://www.cve.org/CVERecord?id=CVE-2006-4333 https://nvd.nist.gov/vuln/detail/CVE-2006-4333 Low 2006-09-19T00:00:00 security flaw

Unspecified vulnerability in gzip 1.3.5 allows context-dependent attackers to cause a denial of service (crash) via a crafted GZIP (gz) archive, which results in a NULL dereference.

Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Red Hat Enterprise Linux 3 2006-09-19T00:00:00 RHSA-2006:0667 gzip-0:1.3.3-13.rhel3 Red Hat Enterprise Linux 4 2006-09-19T00:00:00 RHSA-2006:0667 gzip-0:1.3.3-16.rhel4 https://www.cve.org/CVERecord?id=CVE-2006-4334 https://nvd.nist.gov/vuln/detail/CVE-2006-4334 Low 2006-12-02T00:00:00 multiple vulnerabilities in lha

Array index error in the make_table function in unlzh.c in the LZH decompression component in gzip 1.3.5, when running on certain platforms, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted GZIP archive that triggers an out-of-bounds write, aka a "stack modification vulnerability."

Red Hat no longer plans to fix this issue in lha for Red Hat Enterprise Linux 4. Red Hat Enterprise Linux 3 2006-09-19T00:00:00 RHSA-2006:0667 gzip-0:1.3.3-13.rhel3 Red Hat Enterprise Linux 4 2006-09-19T00:00:00 RHSA-2006:0667 gzip-0:1.3.3-16.rhel4 Red Hat Enterprise Linux 4 Will not fix lha https://www.cve.org/CVERecord?id=CVE-2006-4335 https://nvd.nist.gov/vuln/detail/CVE-2006-4335 Low 2006-12-02T00:00:00 multiple vulnerabilities in lha

Buffer underflow in the build_tree function in unpack.c in gzip 1.3.5 allows context-dependent attackers to execute arbitrary code via a crafted leaf count table that causes a write to a negative index.

Red Hat no longer plans to fix this issue in lha for Red Hat Enterprise Linux 4. Red Hat Enterprise Linux 3 2006-09-19T00:00:00 RHSA-2006:0667 gzip-0:1.3.3-13.rhel3 Red Hat Enterprise Linux 4 2006-09-19T00:00:00 RHSA-2006:0667 gzip-0:1.3.3-16.rhel4 Red Hat Enterprise Linux 4 Will not fix lha https://www.cve.org/CVERecord?id=CVE-2006-4336 https://nvd.nist.gov/vuln/detail/CVE-2006-4336 Low 2006-12-02T00:00:00 multiple vulnerabilities in lha

Buffer overflow in the make_table function in the LHZ component in gzip 1.3.5 allows context-dependent attackers to execute arbitrary code via a crafted decoding table in a GZIP archive.

Red Hat no longer plans to fix this issue in lha for Red Hat Enterprise Linux 4. Red Hat Enterprise Linux 3 2006-09-19T00:00:00 RHSA-2006:0667 gzip-0:1.3.3-13.rhel3 Red Hat Enterprise Linux 4 2006-09-19T00:00:00 RHSA-2006:0667 gzip-0:1.3.3-16.rhel4 Red Hat Enterprise Linux 4 Will not fix lha https://www.cve.org/CVERecord?id=CVE-2006-4337 https://nvd.nist.gov/vuln/detail/CVE-2006-4337 Low 2006-09-19T00:00:00 security flaw

unlzh.c in the LHZ component in gzip 1.3.5 allows context-dependent attackers to cause a denial of service (infinite loop) via a crafted GZIP archive.

Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=220595 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Red Hat Enterprise Linux 3 2006-09-19T00:00:00 RHSA-2006:0667 gzip-0:1.3.3-13.rhel3 Red Hat Enterprise Linux 4 2006-09-19T00:00:00 RHSA-2006:0667 gzip-0:1.3.3-16.rhel4 https://www.cve.org/CVERecord?id=CVE-2006-4338 https://nvd.nist.gov/vuln/detail/CVE-2006-4338 Critical 2006-09-05T17:00:00 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CWE-347

OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8 before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents OpenSSL from correctly verifying X.509 and other certificates that use PKCS #1.

A flaw was found in OpenSSL. When configured to use an RSA key with exponent 3, OpenSSL improperly removes PKCS-1 padding before generating a hash. This allows remote attackers to forge PKCS #1 v1.5 signatures. Consequently, OpenSSL may incorrectly verify X.509 and other certificates, leading to a bypass of trust and authentication mechanisms.

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability. Red Hat Enterprise Linux 10 Not affected edk2 Red Hat Enterprise Linux 10 Not affected openssl Red Hat Enterprise Linux 10 Not affected shim Red Hat Enterprise Linux 10 Not affected shim-unsigned-aarch64 Red Hat Enterprise Linux 10 Not affected shim-unsigned-x64 Red Hat Enterprise Linux 6 Not affected openssl Red Hat Enterprise Linux 7 Not affected openssl Red Hat Enterprise Linux 7 Not affected ovmf Red Hat Enterprise Linux 8 Not affected compat-openssl10 Red Hat Enterprise Linux 8 Not affected edk2 Red Hat Enterprise Linux 8 Not affected mingw-openssl Red Hat Enterprise Linux 8 Not affected openssl Red Hat Enterprise Linux 8 Not affected shim Red Hat Enterprise Linux 8 Not affected shim-unsigned-x64 Red Hat Enterprise Linux 9 Not affected compat-openssl11 Red Hat Enterprise Linux 9 Not affected edk2 Red Hat Enterprise Linux 9 Not affected openssl Red Hat Enterprise Linux 9 Not affected shim Red Hat Enterprise Linux 9 Not affected shim-unsigned-aarch64 Red Hat Enterprise Linux 9 Not affected shim-unsigned-x64 Red Hat JBoss Core Services Not affected openssl Red Hat OpenShift Container Platform 4 Not affected rhcos https://www.cve.org/CVERecord?id=CVE-2006-4339 https://nvd.nist.gov/vuln/detail/CVE-2006-4339 http://dev2dev.bea.com/pub/advisory/238 http://docs.info.apple.com/article.html?artnum=304829 http://docs.info.apple.com/article.html?artnum=307177 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01070495 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01118771 http://itrc.hp.com/service/cki/docDisplay.do?docId=c00849540 http://jvn.jp/en/jp/JVN51615542/index.html http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-000079.html http://lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html http://lists.vmware.com/pipermail/security-announce/2008/000008.html http://marc.info/?l=bind-announce&m=116253119512445&w=2 http://marc.info/?l=bugtraq&m=130497311408250&w=2 http://openvpn.net/changelog.html http://secunia.com/advisories/21709 http://secunia.com/advisories/21767 http://secunia.com/advisories/21776 http://secunia.com/advisories/21778 http://secunia.com/advisories/21785 http://secunia.com/advisories/21791 http://secunia.com/advisories/21812 http://secunia.com/advisories/21823 http://secunia.com/advisories/21846 http://secunia.com/advisories/21852 http://secunia.com/advisories/21870 http://secunia.com/advisories/21873 http://secunia.com/advisories/21906 http://secunia.com/advisories/21927 http://secunia.com/advisories/21930 http://secunia.com/advisories/21982 http://secunia.com/advisories/22036 http://secunia.com/advisories/22044 http://secunia.com/advisories/22066 http://secunia.com/advisories/22161 http://secunia.com/advisories/22226 http://secunia.com/advisories/22232 http://secunia.com/advisories/22259 http://secunia.com/advisories/22260 http://secunia.com/advisories/22284 http://secunia.com/advisories/22325 http://secunia.com/advisories/22446 http://secunia.com/advisories/22509 http://secunia.com/advisories/22513 http://secunia.com/advisories/22523 http://secunia.com/advisories/22545 http://secunia.com/advisories/22585 http://secunia.com/advisories/22671 http://secunia.com/advisories/22689 http://secunia.com/advisories/22711 http://secunia.com/advisories/22733 http://secunia.com/advisories/22758 http://secunia.com/advisories/22799 http://secunia.com/advisories/22932 http://secunia.com/advisories/22934 http://secunia.com/advisories/22936 http://secunia.com/advisories/22937 http://secunia.com/advisories/22938 http://secunia.com/advisories/22939 http://secunia.com/advisories/22940 http://secunia.com/advisories/22948 http://secunia.com/advisories/22949 http://secunia.com/advisories/23155 http://secunia.com/advisories/23455 http://secunia.com/advisories/23680 http://secunia.com/advisories/23794 http://secunia.com/advisories/23841 http://secunia.com/advisories/23915 http://secunia.com/advisories/24099 http://secunia.com/advisories/24930 http://secunia.com/advisories/24950 http://secunia.com/advisories/25284 http://secunia.com/advisories/25399 http://secunia.com/advisories/25649 http://secunia.com/advisories/26329 http://secunia.com/advisories/26893 http://secunia.com/advisories/28115 http://secunia.com/advisories/31492 http://secunia.com/advisories/38567 http://secunia.com/advisories/38568 http://secunia.com/advisories/41818 http://secunia.com/advisories/60799 http://security.freebsd.org/advisories/FreeBSD-SA-06:19.openssl.asc http://security.gentoo.org/glsa/glsa-200609-05.xml http://security.gentoo.org/glsa/glsa-200609-18.xml http://securitytracker.com/id?1016791 http://securitytracker.com/id?1017522 http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.566955 http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.605306 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102648-1 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102656-1 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102657-1 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102686-1 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102696-1 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102722-1 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102744-1 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102759-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-200708-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-201247-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-201534-1 http://sunsolve.sun.com/search/document.do?assetkey=1-77-1000148.1-1 http://support.attachmate.com/techdocs/2127.html http://support.attachmate.com/techdocs/2128.html http://support.attachmate.com/techdocs/2137.html http://support.avaya.com/elmodocs2/security/ASA-2006-188.htm http://www.arkoon.fr/upload/alertes/40AK-2006-04-FR-1.1_SSL360_OPENSSL_RSA.pdf http://www.bluecoat.com/support/knowledge/openSSL_RSA_Signature_forgery.html http://www.cisco.com/en/US/products/hw/contnetw/ps4162/tsd_products_security_response09186a008077af1b.html http://www.cisco.com/warp/public/707/cisco-sr-20061108-openssl.shtml http://www.debian.org/security/2006/dsa-1174 http://www.gentoo.org/security/en/glsa/glsa-200610-06.xml http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml http://www.imc.org/ietf-openpgp/mail-archive/msg14307.html http://www.kb.cert.org/vuls/id/845620 http://www.mandriva.com/security/advisories?name=MDKSA-2006:161 http://www.mandriva.com/security/advisories?name=MDKSA-2006:177 http://www.mandriva.com/security/advisories?name=MDKSA-2006:178 http://www.mandriva.com/security/advisories?name=MDKSA-2006:207 http://www.matasano.com/log/469/many-rsa-signatures-may-be-forgeable-in-openssl-and-elsewhere/ http://www.novell.com/linux/security/advisories/2006_26_sr.html http://www.novell.com/linux/security/advisories/2006_55_ssl.html http://www.novell.com/linux/security/advisories/2006_61_opera.html http://www.novell.com/linux/security/advisories/2007_10_ibmjava.html http://www.openbsd.org/errata.html http://www.openoffice.org/security/cves/CVE-2006-4339.html http://www.openpkg.com/security/advisories/OpenPKG-SA-2006.018.html http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.029-bind.html http://www.openssl.org/news/secadv_20060905.txt http://www.opera.com/support/search/supsearch.dml?index=845 http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html http://www.osvdb.org/28549 http://www.redhat.com/support/errata/RHSA-2006-0661.html http://www.redhat.com/support/errata/RHSA-2007-0062.html http://www.redhat.com/support/errata/RHSA-2007-0072.html http://www.redhat.com/support/errata/RHSA-2007-0073.html http://www.redhat.com/support/errata/RHSA-2008-0629.html http://www.securityfocus.com/archive/1/445231/100/0/threaded http://www.securityfocus.com/archive/1/445822/100/0/threaded http://www.securityfocus.com/archive/1/450327/100/0/threaded http://www.securityfocus.com/archive/1/456546/100/200/threaded http://www.securityfocus.com/archive/1/489739/100/0/threaded http://www.securityfocus.com/bid/19849 http://www.securityfocus.com/bid/22083 http://www.securityfocus.com/bid/28276 http://www.serv-u.com/releasenotes/ http://www.sybase.com/detail?id=1047991 http://www.ubuntu.com/usn/usn-339-1 http://www.us-cert.gov/cas/techalerts/TA06-333A.html http://www.us.debian.org/security/2006/dsa-1173 http://www.vmware.com/security/advisories/VMSA-2008-0005.html http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html http://www.vmware.com/support/player/doc/releasenotes_player.html http://www.vmware.com/support/player2/doc/releasenotes_player2.html http://www.vmware.com/support/server/doc/releasenotes_server.html http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html http://www.vupen.com/english/advisories/2006/3453 http://www.vupen.com/english/advisories/2006/3566 http://www.vupen.com/english/advisories/2006/3730 http://www.vupen.com/english/advisories/2006/3748 http://www.vupen.com/english/advisories/2006/3793 http://www.vupen.com/english/advisories/2006/3899 http://www.vupen.com/english/advisories/2006/3936 http://www.vupen.com/english/advisories/2006/4205 http://www.vupen.com/english/advisories/2006/4206 http://www.vupen.com/english/advisories/2006/4207 http://www.vupen.com/english/advisories/2006/4216 http://www.vupen.com/english/advisories/2006/4327 http://www.vupen.com/english/advisories/2006/4329 http://www.vupen.com/english/advisories/2006/4366 http://www.vupen.com/english/advisories/2006/4417 http://www.vupen.com/english/advisories/2006/4586 http://www.vupen.com/english/advisories/2006/4744 http://www.vupen.com/english/advisories/2006/4750 http://www.vupen.com/english/advisories/2006/5146 http://www.vupen.com/english/advisories/2007/0254 http://www.vupen.com/english/advisories/2007/0343 http://www.vupen.com/english/advisories/2007/1401 http://www.vupen.com/english/advisories/2007/1815 http://www.vupen.com/english/advisories/2007/1945 http://www.vupen.com/english/advisories/2007/2163 http://www.vupen.com/english/advisories/2007/2315 http://www.vupen.com/english/advisories/2007/2783 http://www.vupen.com/english/advisories/2007/4224 http://www.vupen.com/english/advisories/2008/0905/references http://www.vupen.com/english/advisories/2010/0366 http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742 http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=3117 https://exchange.xforce.ibmcloud.com/vulnerabilities/28755 https://issues.rpath.com/browse/RPL-1633 https://issues.rpath.com/browse/RPL-616 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11656 https://secure-support.novell.com/KanisaPlatform/Publishing/41/3143224_f.SAL_Public.html https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144 Important 2006-09-15T00:01:00 security flaw

Mozilla Network Security Service (NSS) library before 3.11.3, as used in Mozilla Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5, when using an RSA key with exponent 3, does not properly handle extra data in a signature, which allows remote attackers to forge signatures for SSL/TLS and email certificates, a similar vulnerability to CVE-2006-4339. NOTE: on 20061107, Mozilla released an advisory stating that these versions were not completely patched by MFSA2006-60. The newer fixes for 1.5.0.7 are covered by CVE-2006-5462.

Red Hat Enterprise Linux 3 2006-09-15T00:00:00 RHSA-2006:0676 seamonkey-0:1.0.5-0.1.el3 Red Hat Enterprise Linux 4 2006-09-15T00:00:00 RHSA-2006:0675 firefox-0:1.5.0.7-0.1.el4 Red Hat Enterprise Linux 4 2006-09-15T00:00:00 RHSA-2006:0676 devhelp-0:0.10-0.4.el4 Red Hat Enterprise Linux 4 2006-09-15T00:00:00 RHSA-2006:0676 seamonkey-0:1.0.5-0.1.el4 Red Hat Enterprise Linux 4 2006-09-15T00:00:00 RHSA-2006:0677 thunderbird-0:1.5.0.7-0.1.el4 https://www.cve.org/CVERecord?id=CVE-2006-4340 https://nvd.nist.gov/vuln/detail/CVE-2006-4340 Important 2006-10-13T00:00:00 security flaw

The kernel in Red Hat Enterprise Linux 3, when running on SMP systems, allows local users to cause a denial of service (deadlock) by running the shmat function on an shm at the same time that shmctl is removing that shm (IPC_RMID), which prevents a spinlock from being unlocked.

Red Hat Enterprise Linux 3 2006-10-20T00:00:00 RHSA-2006:0710 kernel-0:2.4.21-47.0.1.EL https://www.cve.org/CVERecord?id=CVE-2006-4342 https://nvd.nist.gov/vuln/detail/CVE-2006-4342 Low 2006-09-28T00:00:00 openssl sslv2 client code

The get_server_hello function in the SSLv2 client code in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows remote servers to cause a denial of service (client crash) via unknown vectors that trigger a null pointer dereference.

Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Red Hat Enterprise Linux 2.1 2006-09-28T00:00:00 RHSA-2006:0695 openssl-0:0.9.6b-46 Red Hat Enterprise Linux 2.1 2006-09-28T00:00:00 RHSA-2006:0695 openssl095a-0:0.9.5a-32 Red Hat Enterprise Linux 2.1 2006-09-28T00:00:00 RHSA-2006:0695 openssl096-0:0.9.6-32 Red Hat Enterprise Linux 3 2006-09-28T00:00:00 RHSA-2006:0695 openssl-0:0.9.7a-33.21 Red Hat Enterprise Linux 3 2006-09-28T00:00:00 RHSA-2006:0695 openssl096b-0:0.9.6b-16.46 Red Hat Enterprise Linux 4 2006-09-28T00:00:00 RHSA-2006:0695 openssl-0:0.9.7a-43.14 Red Hat Enterprise Linux 4 2006-09-28T00:00:00 RHSA-2006:0695 openssl096b-0:0.9.6b-22.46 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0525 rhn-solaris-bootstrap-0:5.0.2-3 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0525 rhn_solaris_bootstrap_5_0_2_3-0:1-0 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0525 rhn-solaris-bootstrap-0:5.0.2-3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0525 rhn_solaris_bootstrap_5_0_2_3-0:1-0 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0264 rhn-solaris-bootstrap-0:5.0.2-3 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0264 rhn_solaris_bootstrap_5_0_2_3-0:1-0 Red Hat Network Satellite Server v 5.1 2008-08-13T00:00:00 RHSA-2008:0629 rhn-solaris-bootstrap-0:5.1.1-3 Red Hat Network Satellite Server v 5.1 2008-08-13T00:00:00 RHSA-2008:0629 rhn_solaris_bootstrap_5_1_1_3-0:1-0 https://www.cve.org/CVERecord?id=CVE-2006-4343 https://nvd.nist.gov/vuln/detail/CVE-2006-4343 Moderate 2005-05-28T00:00:00 security flaw

MySQL before 4.1.13 allows local users to cause a denial of service (persistent replication slave crash) via a query with multiupdate and subselects.

Red Hat Enterprise Linux 4 2006-06-09T00:00:00 RHSA-2006:0544 mysql-0:4.1.20-1.RHEL4.1 https://www.cve.org/CVERecord?id=CVE-2006-4380 https://nvd.nist.gov/vuln/detail/CVE-2006-4380

PHP before 4.4.3 and 5.x before 5.1.4 does not limit the character set of the session identifier (PHPSESSID) for third party session handlers, which might make it easier for remote attackers to exploit other vulnerabilities by inserting PHP code into the PHPSESSID, which is stored in the session file. NOTE: it could be argued that this not a vulnerability in PHP itself, rather a design limitation that enables certain attacks against session handlers that do not account for this limitation.

We do not consider this to be a PHP flaw. The problem is caused by the insufficient input validation performed by Zend platform. https://www.cve.org/CVERecord?id=CVE-2006-4433 https://nvd.nist.gov/vuln/detail/CVE-2006-4433

Use-after-free vulnerability in Sendmail before 8.13.8 allows remote attackers to cause a denial of service (crash) via a long "header line", which causes a previously freed variable to be referenced. NOTE: the original developer has disputed the severity of this issue, saying "The only denial of service that is possible here is to fill up the disk with core dumps if the OS actually generates different core dumps (which is unlikely)... the bug is in the shutdown code (finis()) which leads directly to exit(3), i.e., the process would terminate anyway, no mail delivery or receiption is affected."

This flaw causes a crash but does not result in a denial of service against Sendmail and is therefore not a security issue. https://www.cve.org/CVERecord?id=CVE-2006-4434 https://nvd.nist.gov/vuln/detail/CVE-2006-4434

X.Org and XFree86, including libX11, xdm, xf86dga, xinit, xload, xtrans, and xterm, does not check the return values for setuid and seteuid calls when attempting to drop privileges, which might allow local users to gain privileges by causing those calls to fail, such as by exceeding a ulimit.

Not Vulnerable. This issue does not exist in Red Hat Enterprise Linux 2.1 or 3. This issue not exploitable in Red Hat Enterprise Linux 4. A detailed analysis of this issue can be found in the Red Hat Bug Tracking System: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=195555 https://www.cve.org/CVERecord?id=CVE-2006-4447 https://nvd.nist.gov/vuln/detail/CVE-2006-4447

The (1) file_exists and (2) imap_reopen functions in PHP before 5.1.5 do not check for the safe_mode and open_basedir settings, which allows local users to bypass the settings. NOTE: the error_log function is covered by CVE-2006-3011, and the imap_open function is covered by CVE-2006-1017.

We do not consider these to be security issues. For more details see http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1 and http://www.php.net/security-note.php https://www.cve.org/CVERecord?id=CVE-2006-4481 https://nvd.nist.gov/vuln/detail/CVE-2006-4481 Moderate 2006-08-17T00:00:00 security flaw

Multiple heap-based buffer overflows in the (1) str_repeat and (2) wordwrap functions in ext/standard/string.c in PHP before 5.1.5, when used on a 64-bit system, have unspecified impact and attack vectors, a different vulnerability than CVE-2006-1990.

Red Hat Enterprise Linux 3 2006-09-21T00:00:00 RHSA-2006:0669 php-0:4.3.2-36.ent Red Hat Enterprise Linux 4 2006-09-21T00:00:00 RHSA-2006:0669 php-0:4.3.9-3.18 Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2006-09-21T00:00:00 RHSA-2006:0682 Red Hat Enterprise Linux ES version 2.1 2006-09-21T00:00:00 RHSA-2006:0682 Red Hat Enterprise Linux WS version 2.1 2006-09-21T00:00:00 RHSA-2006:0682 Red Hat Linux Advanced Workstation 2.1 2006-09-21T00:00:00 RHSA-2006:0682 Red Hat Web Application Stack for RHEL 4 2006-10-05T00:00:00 RHSA-2006:0688 php-0:5.1.4-1.el4s1.4 https://www.cve.org/CVERecord?id=CVE-2006-4482 https://nvd.nist.gov/vuln/detail/CVE-2006-4482 Moderate 2006-07-16T00:00:00 gd: GIF handling buffer overflow

Buffer overflow in the LWZReadByte_ function in ext/gd/libgd/gd_gif_in.c in the GD extension in PHP before 5.1.5 allows remote attackers to have an unknown impact via a GIF file with input_code_size greater than MAX_LWZ_BITS, which triggers an overflow when initializing the table array.

Red Hat Enterprise Linux 3 2006-09-21T00:00:00 RHSA-2006:0669 php-0:4.3.2-36.ent Red Hat Enterprise Linux 4 2006-09-21T00:00:00 RHSA-2006:0669 php-0:4.3.9-3.18 Red Hat Enterprise Linux 4 2008-02-28T00:00:00 RHSA-2008:0146 gd-0:2.0.28-5.4E.el4_6.1 Red Hat Enterprise Linux 5 2008-02-28T00:00:00 RHSA-2008:0146 gd-0:2.0.33-9.4.el5_1.1 Red Hat Web Application Stack for RHEL 4 2006-10-05T00:00:00 RHSA-2006:0688 php-0:5.1.4-1.el4s1.4 https://www.cve.org/CVERecord?id=CVE-2006-4484 https://nvd.nist.gov/vuln/detail/CVE-2006-4484 Low 2006-08-17T00:00:00 security flaw

The stripos function in PHP before 5.1.5 has unknown impact and attack vectors related to an out-of-bounds read.

Red Hat Web Application Stack for RHEL 4 2006-10-05T00:00:00 RHSA-2006:0688 php-0:5.1.4-1.el4s1.4 https://www.cve.org/CVERecord?id=CVE-2006-4485 https://nvd.nist.gov/vuln/detail/CVE-2006-4485 Moderate 2006-08-18T00:00:00 security flaw

Integer overflow in memory allocation routines in PHP before 5.1.6, when running on a 64-bit system, allows context-dependent attackers to bypass the memory_limit restriction.

Red Hat Enterprise Linux 3 2006-09-21T00:00:00 RHSA-2006:0669 php-0:4.3.2-36.ent Red Hat Enterprise Linux 4 2006-09-21T00:00:00 RHSA-2006:0669 php-0:4.3.9-3.18 Red Hat Enterprise Linux AS (Advanced Server) version 2.1 2006-09-21T00:00:00 RHSA-2006:0682 Red Hat Enterprise Linux ES version 2.1 2006-09-21T00:00:00 RHSA-2006:0682 Red Hat Enterprise Linux WS version 2.1 2006-09-21T00:00:00 RHSA-2006:0682 Red Hat Linux Advanced Workstation 2.1 2006-09-21T00:00:00 RHSA-2006:0682 Red Hat Web Application Stack for RHEL 4 2006-10-05T00:00:00 RHSA-2006:0688 php-0:5.1.4-1.el4s1.4 https://www.cve.org/CVERecord?id=CVE-2006-4486 https://nvd.nist.gov/vuln/detail/CVE-2006-4486 CVE-2006-4513: multiple integer overflows in wv < 1.2.3

Multiple integer overflows in the WV library in wvWare (formerly mswordview) before 1.2.3, as used by AbiWord, KWord, and possibly other products, allow user-assisted remote attackers to execute arbitrary code via a crafted Microsoft Word (DOC) file that produces (1) large LFO clfolvl values in the wvGetLFO_records function or (2) a large LFO nolfo value in the wvGetFLO_PLF function.

Not vulnerable. This issue did not affect versions of wvWare library included in koffice packages as shipped with Red Hat Enterprise Linux 2.1 https://www.cve.org/CVERecord?id=CVE-2006-4513 https://nvd.nist.gov/vuln/detail/CVE-2006-4513 Moderate 2006-11-30T00:00:00 security flaw

Heap-based buffer overflow in the ole_info_read_metabat function in Gnome Structured File library (libgsf) 1.14.0, and other versions before 1.14.2, allows context-dependent attackers to execute arbitrary code via a large num_metabat value in an OLE document, which causes the ole_init_info function to allocate insufficient memory.

Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Red Hat Enterprise Linux 3 2007-01-11T00:00:00 RHSA-2007:0011 libgsf-0:1.6.0-7 Red Hat Enterprise Linux 4 2007-01-11T00:00:00 RHSA-2007:0011 libgsf-0:1.10.1-2 https://www.cve.org/CVERecord?id=CVE-2006-4514 https://nvd.nist.gov/vuln/detail/CVE-2006-4514 Moderate 2007-07-09T00:00:00 GIMP multiple image loader integer overflows CWE-190

Multiple integer overflows in the image loader plug-ins in GIMP before 2.2.16 allow user-assisted remote attackers to execute arbitrary code via crafted length values in (1) DICOM, (2) PNM, (3) PSD, (4) PSP, (5) Sun RAS, (6) XBM, and (7) XWD files.

Red Hat Enterprise Linux 2.1 2007-09-26T00:00:00 RHSA-2007:0513 gimp-1:1.2.1-7.8.el2_1 Red Hat Enterprise Linux 3 2007-09-26T00:00:00 RHSA-2007:0513 gimp-1:1.2.3-20.9.el3 Red Hat Enterprise Linux 4 2007-09-26T00:00:00 RHSA-2007:0513 gimp-1:2.0.5-7.0.7.el4 Red Hat Enterprise Linux 5 2007-09-26T00:00:00 RHSA-2007:0513 gimp-2:2.2.13-2.0.7.el5 https://www.cve.org/CVERecord?id=CVE-2006-4519 https://nvd.nist.gov/vuln/detail/CVE-2006-4519 Important 2006-08-28T00:00:00 security flaw

The Linux kernel 2.6.17.10 and 2.6.17.11 and 2.6.18-rc5 allows local users to cause a denial of service (crash) via an SCTP socket with a certain SO_LINGER value, possibly related to the patch for CVE-2006-3745. NOTE: older kernel versions for specific Linux distributions are also affected, due to backporting of the CVE-2006-3745 patch.

Red Hat Enterprise Linux 4 2006-10-05T00:00:00 RHSA-2006:0689 kernel-0:2.6.9-42.0.3.EL https://www.cve.org/CVERecord?id=CVE-2006-4535 https://nvd.nist.gov/vuln/detail/CVE-2006-4535 Moderate 2006-08-23T00:00:00 kernel: Local DoS with corrupted ELF

Linux kernel 2.6.17 and earlier, when running on IA64 or SPARC platforms, allows local users to cause a denial of service (crash) via a malformed ELF file that triggers memory maps that cross region boundaries.

Red Hat Enterprise Linux 2.1 2009-01-05T00:00:00 RHSA-2008:0787 kernel-0:2.4.18-e.67 Red Hat Enterprise Linux 3 2007-12-03T00:00:00 RHSA-2007:1049 kernel-0:2.4.21-53.EL Red Hat Enterprise Linux 4 2007-01-30T00:00:00 RHSA-2007:0014 kernel-0:2.6.9-42.0.8.EL https://www.cve.org/CVERecord?id=CVE-2006-4538 https://nvd.nist.gov/vuln/detail/CVE-2006-4538 Critical 2006-09-15T00:01:00 security flaw

Heap-based buffer overflow in Mozilla Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a JavaScript regular expression with a "minimal quantifier."

Red Hat Enterprise Linux 3 2006-09-15T00:00:00 RHSA-2006:0676 seamonkey-0:1.0.5-0.1.el3 Red Hat Enterprise Linux 4 2006-09-15T00:00:00 RHSA-2006:0675 firefox-0:1.5.0.7-0.1.el4 Red Hat Enterprise Linux 4 2006-09-15T00:00:00 RHSA-2006:0676 devhelp-0:0.10-0.4.el4 Red Hat Enterprise Linux 4 2006-09-15T00:00:00 RHSA-2006:0676 seamonkey-0:1.0.5-0.1.el4 Red Hat Enterprise Linux 4 2006-09-15T00:00:00 RHSA-2006:0677 thunderbird-0:1.5.0.7-0.1.el4 https://www.cve.org/CVERecord?id=CVE-2006-4565 https://nvd.nist.gov/vuln/detail/CVE-2006-4565 Critical 2006-09-15T00:01:00 security flaw

Mozilla Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5 allows remote attackers to cause a denial of service (crash) via a malformed JavaScript regular expression that ends with a backslash in an unterminated character set ("[\\"), which leads to a buffer over-read.

Red Hat Enterprise Linux 3 2006-09-15T00:00:00 RHSA-2006:0676 seamonkey-0:1.0.5-0.1.el3 Red Hat Enterprise Linux 4 2006-09-15T00:00:00 RHSA-2006:0675 firefox-0:1.5.0.7-0.1.el4 Red Hat Enterprise Linux 4 2006-09-15T00:00:00 RHSA-2006:0676 devhelp-0:0.10-0.4.el4 Red Hat Enterprise Linux 4 2006-09-15T00:00:00 RHSA-2006:0676 seamonkey-0:1.0.5-0.1.el4 Red Hat Enterprise Linux 4 2006-09-15T00:00:00 RHSA-2006:0677 thunderbird-0:1.5.0.7-0.1.el4 https://www.cve.org/CVERecord?id=CVE-2006-4566 https://nvd.nist.gov/vuln/detail/CVE-2006-4566 Moderate 2006-09-15T00:01:00 security flaw

Mozilla Firefox before 1.5.0.7 and Thunderbird before 1.5.0.7 makes it easy for users to accept self-signed certificates for the auto-update mechanism, which might allow remote user-assisted attackers to use DNS spoofing to trick users into visiting a malicious site and accepting a malicious certificate for the Mozilla update site, which can then be used to install arbitrary code on the next update.

Red Hat Enterprise Linux 4 2006-09-15T00:00:00 RHSA-2006:0675 firefox-0:1.5.0.7-0.1.el4 Red Hat Enterprise Linux 4 2006-09-15T00:00:00 RHSA-2006:0677 thunderbird-0:1.5.0.7-0.1.el4 https://www.cve.org/CVERecord?id=CVE-2006-4567 https://nvd.nist.gov/vuln/detail/CVE-2006-4567 Moderate 2006-09-15T00:01:00 security flaw

Mozilla Firefox before 1.5.0.7 and SeaMonkey before 1.0.5 allows remote attackers to bypass the security model and inject content into the sub-frame of another site via targetWindow.frames[n].document.open(), which facilitates spoofing and other attacks.

Red Hat Enterprise Linux 3 2006-09-15T00:00:00 RHSA-2006:0676 seamonkey-0:1.0.5-0.1.el3 Red Hat Enterprise Linux 4 2006-09-15T00:00:00 RHSA-2006:0675 firefox-0:1.5.0.7-0.1.el4 Red Hat Enterprise Linux 4 2006-09-15T00:00:00 RHSA-2006:0676 devhelp-0:0.10-0.4.el4 Red Hat Enterprise Linux 4 2006-09-15T00:00:00 RHSA-2006:0676 seamonkey-0:1.0.5-0.1.el4 https://www.cve.org/CVERecord?id=CVE-2006-4568 https://nvd.nist.gov/vuln/detail/CVE-2006-4568 Low 2006-09-15T00:00:00 security flaw

The popup blocker in Mozilla Firefox before 1.5.0.7 opens the "blocked popups" display in the context of the Location bar instead of the subframe from which the popup originated, which might make it easier for remote user-assisted attackers to conduct cross-site scripting (XSS) attacks.

Red Hat Enterprise Linux 4 2006-09-15T00:00:00 RHSA-2006:0675 firefox-0:1.5.0.7-0.1.el4 https://www.cve.org/CVERecord?id=CVE-2006-4569 https://nvd.nist.gov/vuln/detail/CVE-2006-4569 Important 2006-09-15T00:01:00 security flaw

Mozilla Thunderbird before 1.5.0.7 and SeaMonkey before 1.0.5, with "Load Images" enabled, allows remote user-assisted attackers to bypass settings that disable JavaScript via a remote XBL file in a message that is loaded when the user views, forwards, or replies to the original message.

Red Hat Enterprise Linux 3 2006-09-15T00:00:00 RHSA-2006:0676 seamonkey-0:1.0.5-0.1.el3 Red Hat Enterprise Linux 4 2006-09-15T00:00:00 RHSA-2006:0676 devhelp-0:0.10-0.4.el4 Red Hat Enterprise Linux 4 2006-09-15T00:00:00 RHSA-2006:0676 seamonkey-0:1.0.5-0.1.el4 Red Hat Enterprise Linux 4 2006-09-15T00:00:00 RHSA-2006:0677 thunderbird-0:1.5.0.7-0.1.el4 https://www.cve.org/CVERecord?id=CVE-2006-4570 https://nvd.nist.gov/vuln/detail/CVE-2006-4570 Critical 2006-09-15T00:01:00 seamonkey < 1.0.5 multiple vulnerabilities; to replace Mozilla

Multiple unspecified vulnerabilities in Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5 allow remote attackers to cause a denial of service (crash), corrupt memory, and possibly execute arbitrary code via unspecified vectors, some of which involve JavaScript, and possibly large images or plugin data.

Red Hat Enterprise Linux 3 2006-09-15T00:00:00 RHSA-2006:0676 seamonkey-0:1.0.5-0.1.el3 Red Hat Enterprise Linux 4 2006-09-15T00:00:00 RHSA-2006:0675 firefox-0:1.5.0.7-0.1.el4 Red Hat Enterprise Linux 4 2006-09-15T00:00:00 RHSA-2006:0676 devhelp-0:0.10-0.4.el4 Red Hat Enterprise Linux 4 2006-09-15T00:00:00 RHSA-2006:0676 seamonkey-0:1.0.5-0.1.el4 Red Hat Enterprise Linux 4 2006-09-15T00:00:00 RHSA-2006:0677 thunderbird-0:1.5.0.7-0.1.el4 https://www.cve.org/CVERecord?id=CVE-2006-4571 https://nvd.nist.gov/vuln/detail/CVE-2006-4571

ip6_tables in netfilter in the Linux kernel before 2.6.16.31 allows remote attackers to (1) bypass a rule that disallows a protocol, via a packet with the protocol header not located immediately after the fragment header, aka "ip6_tables protocol bypass bug;" and (2) bypass a rule that looks for a certain extension header, via a packet with an extension header outside the first fragment, aka "ip6_tables extension header bypass bug."

Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. https://www.cve.org/CVERecord?id=CVE-2006-4572 https://nvd.nist.gov/vuln/detail/CVE-2006-4572 Low 2006-10-23T00:00:00 screen buffer overflow

Multiple unspecified vulnerabilities in the "utf8 combining characters handling" (utf8_handle_comb function in encoding.c) in screen before 4.0.3 allows user-assisted attackers to cause a denial of service (crash or hang) via certain UTF8 sequences.

Red Hat no longer plans to fix this issue in Red Hat Enterprise Linux 4. Red Hat Enterprise Linux 4 Will not fix screen Red Hat Enterprise Linux 5 Not affected screen Red Hat Enterprise Linux 6 Not affected screen https://www.cve.org/CVERecord?id=CVE-2006-4573 https://nvd.nist.gov/vuln/detail/CVE-2006-4573 Moderate 2006-10-30T00:00:00 security flaw

Off-by-one error in the MIME Multipart dissector in Wireshark (formerly Ethereal) 0.10.1 through 0.99.3 allows remote attackers to cause a denial of service (crash) via certain vectors that trigger an assertion error related to unexpected length values.

Red Hat Enterprise Linux 2.1 2006-11-09T00:00:00 RHSA-2006:0726 wireshark-0:0.99.4-AS21.1 Red Hat Enterprise Linux 3 2006-11-09T00:00:00 RHSA-2006:0726 wireshark-0:0.99.4-EL3.1 Red Hat Enterprise Linux 4 2006-11-09T00:00:00 RHSA-2006:0726 wireshark-0:0.99.4-EL4.1 https://www.cve.org/CVERecord?id=CVE-2006-4574 https://nvd.nist.gov/vuln/detail/CVE-2006-4574 Low 2006-09-04T00:00:00 security flaw

slapd in OpenLDAP before 2.3.25 allows remote authenticated users with selfwrite Access Control List (ACL) privileges to modify arbitrary Distinguished Names (DN).

Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=205826 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/ The risks associated with fixing this bug are greater than the low severity security risk. We therefore currently have no plans to fix this flaw in Red Hat Enterprise Linux 2.1 which is in maintenance mode. Red Hat Enterprise Linux 3 2007-06-07T00:00:00 RHSA-2007:0430 openldap-0:2.0.27-23 Red Hat Enterprise Linux 4 2007-05-01T00:00:00 RHSA-2007:0310 openldap-0:2.2.13-7.4E https://www.cve.org/CVERecord?id=CVE-2006-4600 https://nvd.nist.gov/vuln/detail/CVE-2006-4600 Low 2006-08-21T00:00:00 security flaw

The Unidirectional Lightweight Encapsulation (ULE) decapsulation component in dvb-core/dvb_net.c in the dvb driver in the Linux kernel 2.6.17.8 allows remote attackers to cause a denial of service (crash) via an SNDU length of 0 in a ULE packet.

Red Hat is aware of this issue and is tracking it via the following bug for Red Hat Enterprise Linux 4: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=204912 This issue does not affect Red Hat Enterprise Linux 2.1 or 3. Red Hat Enterprise Linux 4 2006-10-05T00:00:00 RHSA-2006:0689 kernel-0:2.6.9-42.0.3.EL https://www.cve.org/CVERecord?id=CVE-2006-4623 https://nvd.nist.gov/vuln/detail/CVE-2006-4623 Low 2006-06-23T00:00:00 mailman logfile CRLF injection

CRLF injection vulnerability in Utils.py in Mailman before 2.1.9rc1 allows remote attackers to spoof messages in the error log and possibly trick the administrator into visiting malicious URLs via CRLF sequences in the URI.

The Red Hat Product Security has rated this issue as having low security impact and expects to release a future update to address this flaw. More information regarding issue severity can be found here: https://access.redhat.com/security/updates/classification/ The risks associated with fixing this bug are greater than the low severity security risk. We therefore currently have no plans to fix this flaw in Red Hat Enterprise Linux 2.1 and 3 which are in maintenance mode. This bug will be addressed in a future update of Red Hat Enterprise Linux 4. Red Hat Enterprise Linux 4 2007-11-15T00:00:00 RHSA-2007:0779 mailman-3:2.1.5.1-34.rhel4.6 https://www.cve.org/CVERecord?id=CVE-2006-4624 https://nvd.nist.gov/vuln/detail/CVE-2006-4624 Low 2006-09-09T00:00:00 CVE-2006-4625 PHP safe mode bypass

PHP 4.x up to 4.4.4 and PHP 5 up to 5.1.6 allows local users to bypass certain Apache HTTP Server httpd.conf options, such as safe_mode and open_basedir, via the ini_restore function, which resets the values to their php.ini (Master Value) defaults.

We do not consider these to be security issues. For more details see http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1 and http://www.php.net/security-note.php https://www.cve.org/CVERecord?id=CVE-2006-4625 https://nvd.nist.gov/vuln/detail/CVE-2006-4625 Critical 2006-09-12T18:00:00 security flaw

Unspecified vulnerability in Adobe Flash Player before 9.0.16.0 allows user-assisted remote attackers to bypass the allowScriptAccess protection via unspecified vectors.

Red Hat Desktop version 3 Extras 2006-09-12T00:00:00 RHSA-2006:0674 Red Hat Desktop version 4 Extras 2006-09-12T00:00:00 RHSA-2006:0674 https://www.cve.org/CVERecord?id=CVE-2006-4640 https://nvd.nist.gov/vuln/detail/CVE-2006-4640 Important 2006-09-08T00:00:00 security flaw

verify.c in GnuTLS before 1.4.4, when using an RSA key with exponent 3, does not properly handle excess data in the digestAlgorithm.parameters field when generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents GnuTLS from correctly verifying X.509 and other certificates that use PKCS, a variant of CVE-2006-4339.

Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Red Hat Enterprise Linux 4 2006-09-14T00:00:00 RHSA-2006:0680 gnutls-0:1.0.20-3.2.3 https://www.cve.org/CVERecord?id=CVE-2006-4790 https://nvd.nist.gov/vuln/detail/CVE-2006-4790 Moderate 2006-10-30T00:00:00 security flaw

epan/dissectors/packet-xot.c in the XOT dissector (dissect_xot_pdu) in Wireshark (formerly Ethereal) 0.9.8 through 0.99.3 allows remote attackers to cause a denial of service (memory consumption and crash) via an encoded XOT packet that produces a zero length value when it is decoded.

Red Hat Enterprise Linux 2.1 2006-11-09T00:00:00 RHSA-2006:0726 wireshark-0:0.99.4-AS21.1 Red Hat Enterprise Linux 3 2006-11-09T00:00:00 RHSA-2006:0726 wireshark-0:0.99.4-EL3.1 Red Hat Enterprise Linux 4 2006-11-09T00:00:00 RHSA-2006:0726 wireshark-0:0.99.4-EL4.1 https://www.cve.org/CVERecord?id=CVE-2006-4805 https://nvd.nist.gov/vuln/detail/CVE-2006-4805

Multiple integer overflows in imlib2 allow user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted (1) ARGB (loader_argb.c), (2) PNG (loader_png.c), (3) LBM (loader_lbm.c), (4) JPEG (loader_jpeg.c), or (5) TIFF (loader_tiff.c) images.

Not vulnerable. Red Hat Enterprise Linux 2.1, 3, and 4 do not include imlib2. https://www.cve.org/CVERecord?id=CVE-2006-4806 https://nvd.nist.gov/vuln/detail/CVE-2006-4806

loader_tga.c in imlib2 before 1.2.1, and possibly other versions, allows user-assisted remote attackers to cause a denial of service (crash) via a crafted TGA image that triggers an out-of-bounds memory read, a different issue than CVE-2006-4808.

Not vulnerable. Red Hat Enterprise Linux 2.1, 3, and 4 do not include imlib2. https://www.cve.org/CVERecord?id=CVE-2006-4807 https://nvd.nist.gov/vuln/detail/CVE-2006-4807

Heap-based buffer overflow in loader_tga.c in imlib2 before 1.2.1, and possibly other versions, allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TGA image.

Not vulnerable. Red Hat Enterprise Linux 2.1, 3, and 4 do not include imlib2. https://www.cve.org/CVERecord?id=CVE-2006-4808 https://nvd.nist.gov/vuln/detail/CVE-2006-4808

Stack-based buffer overflow in loader_pnm.c in imlib2 before 1.2.1, and possibly other versions, allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PNM image.

Not vulnerable. Red Hat Enterprise Linux 2.1, 3, and 4 do not include imlib2. https://www.cve.org/CVERecord?id=CVE-2006-4809 https://nvd.nist.gov/vuln/detail/CVE-2006-4809 Moderate 2006-11-08T00:00:00 security flaw

Buffer overflow in the readline function in util/texindex.c, as used by the (1) texi2dvi and (2) texindex commands, in texinfo 4.8 and earlier allows local users to execute arbitrary code via a crafted Texinfo file.

Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Red Hat Enterprise Linux 2.1 2006-11-08T00:00:00 RHSA-2006:0727 texinfo-0:4.0b-3.el2.1 Red Hat Enterprise Linux 3 2006-11-08T00:00:00 RHSA-2006:0727 texinfo-0:4.5-3.el3.1 Red Hat Enterprise Linux 4 2006-11-08T00:00:00 RHSA-2006:0727 texinfo-0:4.7-5.el4.2 https://www.cve.org/CVERecord?id=CVE-2006-4810 https://nvd.nist.gov/vuln/detail/CVE-2006-4810 Critical 2006-10-13T23:06:00 security flaw

Integer overflow in Qt 3.3 before 3.3.7, 4.1 before 4.1.5, and 4.2 before 4.2.1, as used in the KDE khtml library, kdelibs 3.1.3, and possibly other packages, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted pixmap image.

Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Red Hat Enterprise Linux 2.1 2006-10-18T00:00:00 RHSA-2006:0720 kdelibs-6:2.2.2-21.EL2 Red Hat Enterprise Linux 2.1 2006-11-01T00:00:00 RHSA-2006:0725 qt-1:2.3.1-12.EL2 Red Hat Enterprise Linux 3 2006-10-18T00:00:00 RHSA-2006:0720 kdelibs-6:3.1.3-6.12 Red Hat Enterprise Linux 3 2006-11-01T00:00:00 RHSA-2006:0725 qt-1:3.1.2-14.RHEL3 Red Hat Enterprise Linux 4 2006-10-18T00:00:00 RHSA-2006:0720 kdelibs-6:3.3.1-6.RHEL4 Red Hat Enterprise Linux 4 2006-11-01T00:00:00 RHSA-2006:0725 qt-1:3.3.3-10.RHEL4 https://www.cve.org/CVERecord?id=CVE-2006-4811 https://nvd.nist.gov/vuln/detail/CVE-2006-4811 Important 2006-09-30T00:00:00 security flaw

Integer overflow in PHP 5 up to 5.1.6 and 4 before 4.3.0 allows remote attackers to execute arbitrary code via an argument to the unserialize PHP function with a large value for the number of array elements, which triggers the overflow in the Zend Engine ecalloc function (Zend/zend_alloc.c).

Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. This issue did not affect the versions of php as shipped with Red Hat Enterprise Linux 3, and 4. Red Hat Enterprise Linux 2.1 2006-10-05T00:00:00 RHSA-2006:0708 php-0:4.1.2-2.12 Red Hat Web Application Stack for RHEL 4 2006-10-05T00:00:00 RHSA-2006:0688 php-0:5.1.4-1.el4s1.4 https://www.cve.org/CVERecord?id=CVE-2006-4812 https://nvd.nist.gov/vuln/detail/CVE-2006-4812 Important 2006-10-11T00:00:00 security flaw

The __block_prepare_write function in fs/buffer.c for Linux kernel 2.6.x before 2.6.13 does not properly clear buffers during certain error conditions, which allows local users to read portions of files that have been unlinked.

Red Hat would like to thank Dmitriy Monakhov for reporting this issue. Red Hat Enterprise Linux 4 2007-01-30T00:00:00 RHSA-2007:0014 kernel-0:2.6.9-42.0.8.EL https://www.cve.org/CVERecord?id=CVE-2006-4813 https://nvd.nist.gov/vuln/detail/CVE-2006-4813 Moderate 2006-12-14T00:00:00 kernel Race condition in mincore can cause "ps -ef" to hang

The mincore function in the Linux kernel before 2.4.33.6 does not properly lock access to user space, which has unspecified impact and attack vectors, possibly related to a deadlock.

Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Red Hat Enterprise Linux 2.1 2009-01-05T00:00:00 RHSA-2008:0787 kernel-0:2.4.18-e.67 Red Hat Enterprise Linux 2.1 2009-01-08T00:00:00 RHSA-2009:0001 kernel-0:2.4.9-e.74 Red Hat Enterprise Linux 3 2008-05-07T00:00:00 RHSA-2008:0211 kernel-0:2.4.21-57.EL Red Hat Enterprise Linux 4 2007-01-30T00:00:00 RHSA-2007:0014 kernel-0:2.6.9-42.0.8.EL https://www.cve.org/CVERecord?id=CVE-2006-4814 https://nvd.nist.gov/vuln/detail/CVE-2006-4814 Important 2006-09-05T00:00:00 nspr: setuid root programs linked with NSPR allow elevation of privilege CWE-270

The Netscape Portable Runtime (NSPR) API 4.6.1 and 4.6.2, as used in Sun Solaris 10, trusts user-specified environment variables for specifying log files even when running from setuid programs, which allows local users to create or overwrite arbitrary files.

This issue also affects other OS that use NSPR. However, Red Hat does not ship any application linked setuid or setgid against NSPR and therefore is not vulnerable to this issue. Red Hat Enterprise Linux 4 Not affected nspr Red Hat Enterprise Linux 5 Not affected nspr Red Hat Enterprise Linux 6 Not affected nspr Red Hat Enterprise Linux 7 Not affected nspr https://www.cve.org/CVERecord?id=CVE-2006-4842 https://nvd.nist.gov/vuln/detail/CVE-2006-4842 Moderate 2006-09-19T00:00:00 openssh DoS

sshd in OpenSSH before 4.4, when using the version 1 SSH protocol, allows remote attackers to cause a denial of service (CPU consumption) via an SSH packet that contains duplicate blocks, which is not properly handled by the CRC compensation attack detector.

Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Red Hat Enterprise Linux 2.1 2006-09-29T00:00:00 RHSA-2006:0698 openssh-0:3.1p1-21 Red Hat Enterprise Linux 3 2006-09-29T00:00:00 RHSA-2006:0697 openssh-0:3.6.1p2-33.30.12 Red Hat Enterprise Linux 4 2006-09-29T00:00:00 RHSA-2006:0697 openssh-0:3.9p1-8.RHEL4.17 https://www.cve.org/CVERecord?id=CVE-2006-4924 https://nvd.nist.gov/vuln/detail/CVE-2006-4924

packet.c in ssh in OpenSSH allows remote attackers to cause a denial of service (crash) by sending an invalid protocol sequence with USERAUTH_SUCCESS before NEWKEYS, which causes newkeys[mode] to be NULL.

Red Hat does not consider this flaw a security issue. This flaw can cause an OpenSSH client to crash when connecting to a malicious server, which does not result in a denial of service condition. https://www.cve.org/CVERecord?id=CVE-2006-4925 https://nvd.nist.gov/vuln/detail/CVE-2006-4925 Important 2006-08-16T00:00:00 python repr unicode buffer overflow

Buffer overflow in the repr function in Python 2.3 through 2.6 before 20060822 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via crafted wide character UTF-32/UCS-4 strings to certain scripts.

Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Red Hat Enterprise Linux 3 2006-10-09T00:00:00 RHSA-2006:0713 python-0:2.2.3-6.5 Red Hat Enterprise Linux 4 2006-10-09T00:00:00 RHSA-2006:0713 python-0:2.3.4-14.3 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0525 rhn-solaris-bootstrap-0:5.0.2-3 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0525 rhn_solaris_bootstrap_5_0_2_3-0:1-0 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0525 rhn-solaris-bootstrap-0:5.0.2-3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0525 rhn_solaris_bootstrap_5_0_2_3-0:1-0 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0264 rhn-solaris-bootstrap-0:5.0.2-3 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0264 rhn_solaris_bootstrap_5_0_2_3-0:1-0 Red Hat Network Satellite Server v 5.1 2008-08-13T00:00:00 RHSA-2008:0629 rhn-solaris-bootstrap-0:5.1.1-3 Red Hat Network Satellite Server v 5.1 2008-08-13T00:00:00 RHSA-2008:0629 rhn_solaris_bootstrap_5_1_1_3-0:1-0 https://www.cve.org/CVERecord?id=CVE-2006-4980 https://nvd.nist.gov/vuln/detail/CVE-2006-4980 Moderate 2006-09-12T00:00:00 security flaw

The clip_mkip function in net/atm/clip.c of the ATM subsystem in Linux kernel allows remote attackers to cause a denial of service (panic) via unknown vectors that cause the ATM subsystem to access the memory of socket buffers after they are freed (freed pointer dereference).

Red Hat Enterprise Linux 2.1 2007-01-17T00:00:00 RHSA-2007:0012 kernel-0:2.4.18-e.64 Red Hat Enterprise Linux 2.1 2007-01-17T00:00:00 RHSA-2007:0013 kernel-0:2.4.9-e.71 Red Hat Enterprise Linux 3 2006-10-20T00:00:00 RHSA-2006:0710 kernel-0:2.4.21-47.0.1.EL Red Hat Enterprise Linux 4 2006-10-05T00:00:00 RHSA-2006:0689 kernel-0:2.6.9-42.0.3.EL https://www.cve.org/CVERecord?id=CVE-2006-4997 https://nvd.nist.gov/vuln/detail/CVE-2006-4997 Important 2006-09-28T00:00:00 unsafe GSSAPI signal handler

Signal handler race condition in OpenSSH before 4.4 allows remote attackers to cause a denial of service (crash), and possibly execute arbitrary code if GSSAPI authentication is enabled, via unspecified vectors that lead to a double-free.

Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Red Hat Enterprise Linux 2.1 2006-09-29T00:00:00 RHSA-2006:0698 openssh-0:3.1p1-21 Red Hat Enterprise Linux 3 2006-09-29T00:00:00 RHSA-2006:0697 openssh-0:3.6.1p2-33.30.12 Red Hat Enterprise Linux 4 2006-09-29T00:00:00 RHSA-2006:0697 openssh-0:3.9p1-8.RHEL4.17 https://www.cve.org/CVERecord?id=CVE-2006-5051 https://nvd.nist.gov/vuln/detail/CVE-2006-5051 Low 2006-09-28T00:00:00 Kerberos information leak

Unspecified vulnerability in portable OpenSSH before 4.4, when running on some platforms, allows remote attackers to determine the validity of usernames via unknown vectors involving a GSSAPI "authentication abort."

This issue did not affect Red Hat Enterprise Linux 2.1 and 3. Red Hat Enterprise Linux 4 2007-11-15T00:00:00 RHSA-2007:0703 openssh-0:3.9p1-8.RHEL4.24 Red Hat Enterprise Linux 5 2007-11-07T00:00:00 RHSA-2007:0540 openssh-0:4.3p2-24.el5 https://www.cve.org/CVERecord?id=CVE-2006-5052 https://nvd.nist.gov/vuln/detail/CVE-2006-5052 Moderate 2006-09-28T00:00:00 NFS lockd deadlock

The nlmclnt_mark_reclaim in clntlock.c in NFS lockd in Linux kernel before 2.6.16 allows remote attackers to cause a denial of service (process crash) and deny access to NFS exports via unspecified vectors that trigger a kernel oops (null dereference) and a deadlock.

This issue does not affect Red Hat Enterprise Linux 2.1 or 3. Red Hat Enterprise Linux 4 2007-06-25T00:00:00 RHSA-2007:0488 kernel-0:2.6.9-55.0.2.EL https://www.cve.org/CVERecord?id=CVE-2006-5158 https://nvd.nist.gov/vuln/detail/CVE-2006-5158

Stack-based buffer overflow in Mozilla Firefox allows remote attackers to execute arbitrary code via unspecified vectors involving JavaScript. NOTE: the vendor and original researchers have released a follow-up comment disputing the severity of this issue, in which the researcher states that "we mentioned that there was a previously known Firefox vulnerability that could result in a stack overflow ending up in remote code execution. However, the code we presented did not in fact do this... I have not succeeded in making this code do anything more than cause a crash and eat up system resources"

Red Hat does not consider this issue to be a security vulnerability. We have been in contact with the upstream project regarding this problem and agree that this issue currently poses no security threat. In the event more information becomes available, we will revisit this issue in the future. https://www.cve.org/CVERecord?id=CVE-2006-5159 https://nvd.nist.gov/vuln/detail/CVE-2006-5159

Multiple unspecified vulnerabilities in Mozilla Firefox have unspecified vectors and impact, as claimed during ToorCon 2006. NOTE: the vendor and original researchers have released a follow-up comment disputing this issue, in which one researcher states that "I have no undisclosed Firefox vulnerabilities. The person who was speaking with me made this claim, and I honestly have no idea if he has them or not.

Red Hat does not consider this issue to be a security vulnerability. We have been in contact with the upstream project regarding this problem and agree that this issue currently poses no security threat. In the event more information becomes available, we will revisit this issue in the future. https://www.cve.org/CVERecord?id=CVE-2006-5160 https://nvd.nist.gov/vuln/detail/CVE-2006-5160 Moderate 2006-09-20T00:00:00 security flaw

pam_ldap in nss_ldap on Red Hat Enterprise Linux 4, Fedora Core 3 and earlier, and possibly other distributions does not return an error condition when an LDAP directory server responds with a PasswordPolicyResponse control response, which causes the pam_authenticate function to return a success code even if authentication has failed, as originally reported for xscreensaver.

Red Hat Enterprise Linux 4 2006-11-15T00:00:00 RHSA-2006:0719 nss_ldap-0:226-17 https://www.cve.org/CVERecord?id=CVE-2006-5170 https://nvd.nist.gov/vuln/detail/CVE-2006-5170

Linux kernel does not properly save or restore EFLAGS during a context switch, or reset the flags when creating new threads, which allows local users to cause a denial of service (process crash), as demonstrated using a process that sets the Alignment Check flag (EFLAGS 0x40000), which triggers a SIGBUS in other processes that have an unaligned access.

Not Vulnerable. This flaw only affects kernel versions 2.6.14 to 2.6.18. Red Hat Enterprise Linux 2.1, 3, and 4 does not ship with a vulnerable kernel version. https://www.cve.org/CVERecord?id=CVE-2006-5173 https://nvd.nist.gov/vuln/detail/CVE-2006-5173 Important 2006-09-28T00:00:00 security flaw

The copy_from_user function in the uaccess code in Linux kernel 2.6 before 2.6.19-rc1, when running on s390, does not properly clear a kernel buffer, which allows local user space programs to read portions of kernel memory by "appending to a file from a bad address," which triggers a fault that prevents the unused memory from being cleared in the kernel buffer.

Red Hat Enterprise Linux 3 2006-10-20T00:00:00 RHSA-2006:0710 kernel-0:2.4.21-47.0.1.EL Red Hat Enterprise Linux 4 2007-01-30T00:00:00 RHSA-2007:0014 kernel-0:2.6.9-42.0.8.EL https://www.cve.org/CVERecord?id=CVE-2006-5174 https://nvd.nist.gov/vuln/detail/CVE-2006-5174

Race condition in the symlink function in PHP 5.1.6 and earlier allows local users to bypass the open_basedir restriction by using a combination of symlink, mkdir, and unlink functions to change the file path after the open_basedir check and before the file is opened by the underlying system, as demonstrated by symlinking a symlink into a subdirectory, to point to a parent directory via .. (dot dot) sequences, and then unlinking the resulting symlink.

We do not consider these to be security issues. For more details see http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1 and http://www.php.net/security-note.php https://www.cve.org/CVERecord?id=CVE-2006-5178 https://nvd.nist.gov/vuln/detail/CVE-2006-5178 Low 2006-02-16T00:00:00 xdm race

Race condition in the Xsession script, as used by X Display Manager (xdm) in NetBSD before 20060212, X.Org before 20060225, and Solaris 8 through 10 before 20061006, causes a user's Xsession errors file to have weak permissions before a chmod is performed, which allows local users to read Xsession errors files of other users.

Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. https://www.cve.org/CVERecord?id=CVE-2006-5214 https://nvd.nist.gov/vuln/detail/CVE-2006-5214 Low 2006-02-16T00:00:00 xdm symlink attack

The Xsession script, as used by X Display Manager (xdm) in NetBSD before 20060212, X.Org before 20060317, and Solaris 8 through 10 before 20061006, allows local users to overwrite arbitrary files, or read another user's Xsession errors file, via a symlink attack on a /tmp/xses-$USER file.

Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. https://www.cve.org/CVERecord?id=CVE-2006-5215 https://nvd.nist.gov/vuln/detail/CVE-2006-5215

OpenSSH portable 4.1 on SUSE Linux, and possibly other platforms and versions, and possibly under limited configurations, allows remote attackers to determine valid usernames via timing discrepancies in which responses take longer for valid usernames than invalid ones, as demonstrated by sshtime. NOTE: as of 20061014, it appears that this issue is dependent on the use of manually-set passwords that causes delays when processing /etc/shadow due to an increased number of rounds.

Red Hat has been unable to reproduce this flaw and believes that the reporter was experiencing behavior specific to his environment. We will not be releasing update to address this issue. https://www.cve.org/CVERecord?id=CVE-2006-5229 https://nvd.nist.gov/vuln/detail/CVE-2006-5229 Low 2006-10-04T00:00:00 Multiple mutt tempfile race conditions

Race condition in the safe_open function in the Mutt mail client 1.5.12 and earlier, when creating temporary files in an NFS filesystem, allows local users to overwrite arbitrary files due to limitations of the use of the O_EXCL flag on NFS filesystems.

Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. The risks associated with fixing this bug are greater than the low severity security risk. We therefore currently have no plans to fix this flaw in Red Hat Enterprise Linux 2.1 which is in maintenance mode. Red Hat Enterprise Linux 3 2007-06-04T00:00:00 RHSA-2007:0386 mutt-5:1.4.1-5.el3 Red Hat Enterprise Linux 4 2007-06-04T00:00:00 RHSA-2007:0386 mutt-5:1.4.1-12.0.3.el4 Red Hat Enterprise Linux 5 2007-06-04T00:00:00 RHSA-2007:0386 mutt-5:1.4.2.2-3.0.2.el5 https://www.cve.org/CVERecord?id=CVE-2006-5297 https://nvd.nist.gov/vuln/detail/CVE-2006-5297

The mutt_adv_mktemp function in the Mutt mail client 1.5.12 and earlier does not properly verify that temporary files have been created with restricted permissions, which might allow local users to create files with weak permissions via a race condition between the mktemp and safe_fopen function calls.

Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=211085 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/ Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. The risks associated with fixing this bug are greater than the low severity security risk. We therefore currently have no plans to fix this flaw in Red Hat Enterprise Linux 2.1 which is in maintenance mode. https://www.cve.org/CVERecord?id=CVE-2006-5298 https://nvd.nist.gov/vuln/detail/CVE-2006-5298 Moderate 2006-10-17T00:00:00 security flaw

CRLF injection vulnerability in Adobe Flash Player plugin 9.0.16 and earlier for Windows, 7.0.63 and earlier for Linux, 7.x before 7.0 r67 for Solaris, and before 9.0.28.0 for Mac OS X, allows remote attackers to modify HTTP headers of client requests and conduct HTTP Request Splitting attacks via CRLF sequences in arguments to the ActionScript functions (1) XML.addRequestHeader and (2) XML.contentType. NOTE: the flexibility of the attack varies depending on the type of web browser being used.

Extras for RHEL 3 2007-01-09T00:00:00 RHSA-2007:0009 flash-plugin-0:7.0.69-1.el3 Extras for RHEL 4 2007-01-09T00:00:00 RHSA-2007:0009 flash-plugin-0:7.0.69-1.el4 https://www.cve.org/CVERecord?id=CVE-2006-5330 https://nvd.nist.gov/vuln/detail/CVE-2006-5330 Low 2006-10-18T00:00:00 CVE-2006-5397 libX11 file descriptor leak

The Xinput module (modules/im/ximcp/imLcIm.c) in X.Org libX11 1.0.2 and 1.0.3 opens a file for reading twice using the same file descriptor, which causes a file descriptor leak that allows local users to read files specified by the XCOMPOSEFILE environment variable via the duplicate file descriptor.

Not vulnerable. These issues did not affect the versions of libX11 as shipped with Red Hat Enterprise Linux 2.1, 3, or 4. Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. https://www.cve.org/CVERecord?id=CVE-2006-5397 https://nvd.nist.gov/vuln/detail/CVE-2006-5397 Moderate 2006-09-29T00:00:00 Overflows in GraphicsMagick and ImageMagick's DCM and PALM handling routines

Multiple buffer overflows in GraphicsMagick before 1.1.7 and ImageMagick 6.0.7 allow user-assisted attackers to cause a denial of service and possibly execute arbitrary code via (1) a DCM image that is not properly handled by the ReadDCMImage function in coders/dcm.c, or (2) a PALM image that is not properly handled by the ReadPALMImage function in coders/palm.c.

Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Red Hat Enterprise Linux 2.1 2007-02-15T00:00:00 RHSA-2007:0015 ImageMagick-0:5.3.8-18 Red Hat Enterprise Linux 3 2007-02-15T00:00:00 RHSA-2007:0015 ImageMagick-0:5.5.6-24 Red Hat Enterprise Linux 4 2007-02-15T00:00:00 RHSA-2007:0015 ImageMagick-0:6.0.7.1-16.0.3 https://www.cve.org/CVERecord?id=CVE-2006-5456 https://nvd.nist.gov/vuln/detail/CVE-2006-5456 Important 2006-11-08T01:03:00 security flaw

Mozilla Network Security Service (NSS) library before 3.11.3, as used in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6, when using an RSA key with exponent 3, does not properly handle extra data in a signature, which allows remote attackers to forge signatures for SSL/TLS and email certificates. NOTE: this identifier is for unpatched product versions that were originally intended to be addressed by CVE-2006-4340.

Red Hat Enterprise Linux 2.1 2006-11-08T00:00:00 RHSA-2006:0734 seamonkey-0:1.0.6-0.1.el2 Red Hat Enterprise Linux 3 2006-11-08T00:00:00 RHSA-2006:0734 seamonkey-0:1.0.6-0.1.el3 Red Hat Enterprise Linux 4 2006-11-08T00:00:00 RHSA-2006:0733 firefox-0:1.5.0.8-0.1.el4 Red Hat Enterprise Linux 4 2006-11-08T00:00:00 RHSA-2006:0734 devhelp-0:0.10-0.5.el4 Red Hat Enterprise Linux 4 2006-11-08T00:00:00 RHSA-2006:0734 seamonkey-0:1.0.6-0.1.el4 Red Hat Enterprise Linux 4 2006-11-08T00:00:00 RHSA-2006:0735 thunderbird-0:1.5.0.8-0.1.el4 https://www.cve.org/CVERecord?id=CVE-2006-5462 https://nvd.nist.gov/vuln/detail/CVE-2006-5462 Critical 2006-11-08T01:03:00 security flaw

Unspecified vulnerability in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6 allows remote attackers to execute arbitrary JavaScript bytecode via unspecified vectors involving modification of a Script object while it is executing.

Red Hat Enterprise Linux 2.1 2006-11-08T00:00:00 RHSA-2006:0734 seamonkey-0:1.0.6-0.1.el2 Red Hat Enterprise Linux 3 2006-11-08T00:00:00 RHSA-2006:0734 seamonkey-0:1.0.6-0.1.el3 Red Hat Enterprise Linux 4 2006-11-08T00:00:00 RHSA-2006:0733 firefox-0:1.5.0.8-0.1.el4 Red Hat Enterprise Linux 4 2006-11-08T00:00:00 RHSA-2006:0734 devhelp-0:0.10-0.5.el4 Red Hat Enterprise Linux 4 2006-11-08T00:00:00 RHSA-2006:0734 seamonkey-0:1.0.6-0.1.el4 Red Hat Enterprise Linux 4 2006-11-08T00:00:00 RHSA-2006:0735 thunderbird-0:1.5.0.8-0.1.el4 https://www.cve.org/CVERecord?id=CVE-2006-5463 https://nvd.nist.gov/vuln/detail/CVE-2006-5463 Critical 2006-11-08T01:03:00 security flaw

Multiple unspecified vulnerabilities in the layout engine in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6 allow remote attackers to cause a denial of service (crash) via unspecified vectors.

Red Hat Enterprise Linux 2.1 2006-11-08T00:00:00 RHSA-2006:0734 seamonkey-0:1.0.6-0.1.el2 Red Hat Enterprise Linux 3 2006-11-08T00:00:00 RHSA-2006:0734 seamonkey-0:1.0.6-0.1.el3 Red Hat Enterprise Linux 4 2006-11-08T00:00:00 RHSA-2006:0733 firefox-0:1.5.0.8-0.1.el4 Red Hat Enterprise Linux 4 2006-11-08T00:00:00 RHSA-2006:0734 devhelp-0:0.10-0.5.el4 Red Hat Enterprise Linux 4 2006-11-08T00:00:00 RHSA-2006:0734 seamonkey-0:1.0.6-0.1.el4 Red Hat Enterprise Linux 4 2006-11-08T00:00:00 RHSA-2006:0735 thunderbird-0:1.5.0.8-0.1.el4 https://www.cve.org/CVERecord?id=CVE-2006-5464 https://nvd.nist.gov/vuln/detail/CVE-2006-5464 Important 2006-11-02T00:00:00 PHP buffer overflow

Buffer overflow in PHP before 5.2.0 allows remote attackers to execute arbitrary code via crafted UTF-8 inputs to the (1) htmlentities or (2) htmlspecialchars functions.

Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Red Hat Enterprise Linux 2.1 2006-11-06T00:00:00 RHSA-2006:0730 php-0:4.1.2-2.13 Red Hat Enterprise Linux 3 2006-11-06T00:00:00 RHSA-2006:0730 php-0:4.3.2-37.ent Red Hat Enterprise Linux 4 2006-11-06T00:00:00 RHSA-2006:0730 php-0:4.3.9-3.22 Red Hat Web Application Stack for RHEL 4 2006-11-10T00:00:00 RHSA-2006:0731 php-0:5.1.4-1.el4s1.5 Stronghold 4.0 for Red Hat Enterprise Linux AS (version 2.1) 2006-12-11T00:00:00 RHSA-2006:0736 https://www.cve.org/CVERecord?id=CVE-2006-5465 https://nvd.nist.gov/vuln/detail/CVE-2006-5465 Low 2006-10-29T00:00:00 RPM Crash after listing contents of non-installed package

Heap-based buffer overflow in the showQueryPackage function in librpm in RPM Package Manager 4.4.8, when the LANG environment variable is set to ru_RU.UTF-8, might allow user-assisted attackers to execute arbitrary code via crafted RPM packages.

Red Hat non longer plans to fix this flaw in Red Hat Enterprise Linux 4. https://www.cve.org/CVERecord?id=CVE-2006-5466 https://nvd.nist.gov/vuln/detail/CVE-2006-5466 Moderate 2006-10-25T00:00:00 Ruby CGI multipart parsing DoS

The cgi.rb CGI library for Ruby 1.8 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an HTTP request with a multipart MIME body that contains an invalid boundary specifier, as demonstrated using a specifier that begins with a "-" instead of "--" and contains an inconsistent ID.

Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Red Hat Enterprise Linux 2.1 2006-11-08T00:00:00 RHSA-2006:0729 ruby-0:1.6.4-2.AS21.4 Red Hat Enterprise Linux 3 2006-11-08T00:00:00 RHSA-2006:0729 ruby-0:1.6.8-9.EL3.8 Red Hat Enterprise Linux 4 2006-11-08T00:00:00 RHSA-2006:0729 ruby-0:1.8.1-7.EL4.8 https://www.cve.org/CVERecord?id=CVE-2006-5467 https://nvd.nist.gov/vuln/detail/CVE-2006-5467 Moderate 2006-10-30T00:00:00 security flaw

Unspecified vulnerability in the HTTP dissector in Wireshark (formerly Ethereal) 0.99.3 allows remote attackers to cause a denial of service (crash) via unspecified vectors.

Red Hat Enterprise Linux 2.1 2006-11-09T00:00:00 RHSA-2006:0726 wireshark-0:0.99.4-AS21.1 Red Hat Enterprise Linux 3 2006-11-09T00:00:00 RHSA-2006:0726 wireshark-0:0.99.4-EL3.1 Red Hat Enterprise Linux 4 2006-11-09T00:00:00 RHSA-2006:0726 wireshark-0:0.99.4-EL4.1 https://www.cve.org/CVERecord?id=CVE-2006-5468 https://nvd.nist.gov/vuln/detail/CVE-2006-5468 Moderate 2006-10-30T00:00:00 security flaw

Unspecified vulnerability in the WBXML dissector in Wireshark (formerly Ethereal) 0.10.11 through 0.99.3 allows remote attackers to cause a denial of service (crash) via certain vectors that trigger a null dereference.

Red Hat Enterprise Linux 2.1 2006-11-09T00:00:00 RHSA-2006:0726 wireshark-0:0.99.4-AS21.1 Red Hat Enterprise Linux 3 2006-11-09T00:00:00 RHSA-2006:0726 wireshark-0:0.99.4-EL3.1 Red Hat Enterprise Linux 4 2006-11-09T00:00:00 RHSA-2006:0726 wireshark-0:0.99.4-EL4.1 https://www.cve.org/CVERecord?id=CVE-2006-5469 https://nvd.nist.gov/vuln/detail/CVE-2006-5469 Low 2006-10-16T00:00:00 security flaw

backend/parser/analyze.c in PostgreSQL 8.1.x before 8.1.5 allows remote authenticated users to cause a denial of service (daemon crash) via certain aggregate functions in an UPDATE statement, which are not properly handled during a "MIN/MAX index optimization."

Red Hat Enterprise Linux 3 2007-02-07T00:00:00 RHSA-2007:0064 rh-postgresql-0:7.3.18-1 Red Hat Enterprise Linux 4 2007-02-07T00:00:00 RHSA-2007:0064 postgresql-0:7.4.16-1.RHEL4.1 Red Hat Enterprise Linux 5 2007-03-14T00:00:00 RHSA-2007:0068 postgresql-0:8.1.8-1.el5 Red Hat Web Application Stack for RHEL 4 2007-02-07T00:00:00 RHSA-2007:0067 postgresql-0:8.1.7-3.el4s1.1 https://www.cve.org/CVERecord?id=CVE-2006-5540 https://nvd.nist.gov/vuln/detail/CVE-2006-5540 Low 2006-10-16T00:00:00 security flaw

backend/parser/parse_coerce.c in PostgreSQL 7.4.1 through 7.4.14, 8.0.x before 8.0.9, and 8.1.x before 8.1.5 allows remote authenticated users to cause a denial of service (daemon crash) via a coercion of an unknown element to ANYARRAY.

Red Hat Enterprise Linux 5 2007-03-14T00:00:00 RHSA-2007:0068 postgresql-0:8.1.8-1.el5 Red Hat Web Application Stack for RHEL 4 2007-02-07T00:00:00 RHSA-2007:0067 postgresql-0:8.1.7-3.el4s1.1 https://www.cve.org/CVERecord?id=CVE-2006-5541 https://nvd.nist.gov/vuln/detail/CVE-2006-5541 Low 2006-10-16T00:00:00 New version fixes three different crash vulnerabilities

backend/tcop/postgres.c in PostgreSQL 8.1.x before 8.1.5 allows remote authenticated users to cause a denial of service (daemon crash) related to duration logging of V3-protocol Execute messages for (1) COMMIT and (2) ROLLBACK SQL statements.

Red Hat Enterprise Linux 5 2007-03-14T00:00:00 RHSA-2007:0068 postgresql-0:8.1.8-1.el5 Red Hat Web Application Stack for RHEL 4 2007-02-07T00:00:00 RHSA-2007:0067 postgresql-0:8.1.7-3.el4s1.1 https://www.cve.org/CVERecord?id=CVE-2006-5542 https://nvd.nist.gov/vuln/detail/CVE-2006-5542 Important 2006-10-31T00:00:00 security flaw

The seqfile handling (ip6fl_get_n function in ip6_flowlabel.c) in Linux kernel 2.6 up to 2.6.18-stable allows local users to cause a denial of service (hang or oops) via unspecified manipulations that trigger an infinite loop while searching for flowlabels.

Red Hat is aware of this issue and are tracking it via bug 213214 for Red Hat Enterprise Linux 4: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=213214 This issue does not affect Red Hat Enterprise Linux 2.1 or 3 Red Hat Enterprise Linux 4 2007-01-30T00:00:00 RHSA-2007:0014 kernel-0:2.6.9-42.0.8.EL https://www.cve.org/CVERecord?id=CVE-2006-5619 https://nvd.nist.gov/vuln/detail/CVE-2006-5619

Firefox 1.5.0.7 and 2.0, and Seamonkey 1.1b, allows remote attackers to cause a denial of service (crash) by creating a range object using createRange, calling selectNode on a DocType node (DOCUMENT_TYPE_NODE), then calling createContextualFragment on the range, which triggers a null dereference. NOTE: the original Bugtraq post mentioned that code execution was possible, but followup analysis has shown that it is only a null dereference.

Red Hat does not consider a user-assisted crash of a client application such as Firefox to be a security issue. https://www.cve.org/CVERecord?id=CVE-2006-5633 https://nvd.nist.gov/vuln/detail/CVE-2006-5633

Unspecified vulnerability in the "alignment check exception handling" in Ubuntu 5.10, 6.06 LTS, and 6.10 for the PowerPC (PPC) allows local users to cause a denial of service (kernel panic) via unspecified vectors.

Not vulnerable. This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 3, 4, or 5. Red Hat Enterprise Linux 2.1 did not ship for PowerPC architecture. https://www.cve.org/CVERecord?id=CVE-2006-5649 https://nvd.nist.gov/vuln/detail/CVE-2006-5649

Double free vulnerability in squashfs module in the Linux kernel 2.6.x, as used in Fedora Core 5 and possibly other distributions, allows local users to cause a denial of service by mounting a crafted squashfs filesystem.

Not Vulnerable. The squashfs module is not distributed as part of Red Hat Enterprise Linux 2.1, 3, or 4. Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. https://www.cve.org/CVERecord?id=CVE-2006-5701 https://nvd.nist.gov/vuln/detail/CVE-2006-5701

Unspecified vulnerabilities in PHP, probably before 5.2.0, allow local users to bypass open_basedir restrictions and perform unspecified actions via unspecified vectors involving the (1) chdir and (2) tempnam functions. NOTE: the tempnam vector might overlap CVE-2006-1494.

We do not consider these to be security issues. For more details see http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1 and http://www.php.net/security-note.php https://www.cve.org/CVERecord?id=CVE-2006-5706 https://nvd.nist.gov/vuln/detail/CVE-2006-5706 Moderate 2006-10-30T00:00:00 security flaw

Unspecified vulnerability in the LDAP dissector in Wireshark (formerly Ethereal) 0.99.3 allows remote attackers to cause a denial of service (crash) via a crafted LDAP packet.

Red Hat Enterprise Linux 2.1 2006-11-09T00:00:00 RHSA-2006:0726 wireshark-0:0.99.4-AS21.1 Red Hat Enterprise Linux 3 2006-11-09T00:00:00 RHSA-2006:0726 wireshark-0:0.99.4-EL3.1 Red Hat Enterprise Linux 4 2006-11-09T00:00:00 RHSA-2006:0726 wireshark-0:0.99.4-EL4.1 https://www.cve.org/CVERecord?id=CVE-2006-5740 https://nvd.nist.gov/vuln/detail/CVE-2006-5740 Critical 2006-11-08T01:03:00 security flaw

Unspecified vulnerability in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6 allows remote attackers to execute arbitrary code via the XML.prototype.hasOwnProperty JavaScript function.

Red Hat Enterprise Linux 2.1 2006-11-08T00:00:00 RHSA-2006:0734 seamonkey-0:1.0.6-0.1.el2 Red Hat Enterprise Linux 3 2006-11-08T00:00:00 RHSA-2006:0734 seamonkey-0:1.0.6-0.1.el3 Red Hat Enterprise Linux 4 2006-11-08T00:00:00 RHSA-2006:0733 firefox-0:1.5.0.8-0.1.el4 Red Hat Enterprise Linux 4 2006-11-08T00:00:00 RHSA-2006:0734 devhelp-0:0.10-0.5.el4 Red Hat Enterprise Linux 4 2006-11-08T00:00:00 RHSA-2006:0734 seamonkey-0:1.0.6-0.1.el4 Red Hat Enterprise Linux 4 2006-11-08T00:00:00 RHSA-2006:0735 thunderbird-0:1.5.0.8-0.1.el4 https://www.cve.org/CVERecord?id=CVE-2006-5747 https://nvd.nist.gov/vuln/detail/CVE-2006-5747 Critical 2006-11-08T01:03:00 seamonkey < 1.0.6 multiple vulnerabilities

Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors that trigger memory corruption.

Red Hat Enterprise Linux 2.1 2006-11-08T00:00:00 RHSA-2006:0734 seamonkey-0:1.0.6-0.1.el2 Red Hat Enterprise Linux 3 2006-11-08T00:00:00 RHSA-2006:0734 seamonkey-0:1.0.6-0.1.el3 Red Hat Enterprise Linux 4 2006-11-08T00:00:00 RHSA-2006:0733 firefox-0:1.5.0.8-0.1.el4 Red Hat Enterprise Linux 4 2006-11-08T00:00:00 RHSA-2006:0734 devhelp-0:0.10-0.5.el4 Red Hat Enterprise Linux 4 2006-11-08T00:00:00 RHSA-2006:0734 seamonkey-0:1.0.6-0.1.el4 Red Hat Enterprise Linux 4 2006-11-08T00:00:00 RHSA-2006:0735 thunderbird-0:1.5.0.8-0.1.el4 https://www.cve.org/CVERecord?id=CVE-2006-5748 https://nvd.nist.gov/vuln/detail/CVE-2006-5748

The isdn_ppp_ccp_reset_alloc_state function in drivers/isdn/isdn_ppp.c in the Linux 2.4 kernel before 2.4.34-rc4 does not call the init_timer function for the ISDN PPP CCP reset state timer, which has unknown attack vectors and results in a system crash.

Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. https://www.cve.org/CVERecord?id=CVE-2006-5749 https://nvd.nist.gov/vuln/detail/CVE-2006-5749 Critical 2006-11-27T14:00:00 security flaw

Directory traversal vulnerability in the DeploymentFileRepository class in JBoss Application Server (jbossas) 3.2.4 through 4.0.5 allows remote authenticated users to read or modify arbitrary files, and possibly execute arbitrary code, via unspecified vectors related to the console manager.

Red Hat Web Application Stack for RHEL 4 2006-11-27T00:00:00 RHSA-2006:0743 jbossas-0:4.0.4-1.el4s1.25 https://www.cve.org/CVERecord?id=CVE-2006-5750 https://nvd.nist.gov/vuln/detail/CVE-2006-5750 Important 2006-11-29T00:00:00 Linux kernel get_fdb_entries() integer overflow

Integer overflow in the get_fdb_entries function in net/bridge/br_ioctl.c in the Linux kernel before 2.6.18.4 allows local users to execute arbitrary code via a large maxnum value in an ioctl request.

This flaw does not affect the Linux kernel shipped with Red Hat Enterprise Linux 2.1 or 3. Red Hat Enterprise Linux 4 2007-01-30T00:00:00 RHSA-2007:0014 kernel-0:2.6.9-42.0.8.EL https://www.cve.org/CVERecord?id=CVE-2006-5751 https://nvd.nist.gov/vuln/detail/CVE-2006-5751 Moderate 2007-06-20T00:00:00 httpd mod_status XSS CWE-79

Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browsers that perform "charset detection" when the content-type is not specified.

Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 ant-0:1.6.5-1jpp_1rh Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 avalon-logkit-0:1.2-2jpp_4rh Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 axis-0:1.2.1-1jpp_3rh Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 classpathx-jaf-0:1.0-2jpp_6rh Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 classpathx-mail-0:1.1.1-2jpp_8rh Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 geronimo-specs-0:1.0-0.M4.1jpp_10rh Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 jakarta-commons-modeler-0:2.0-3jpp_2rh Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 log4j-0:1.2.12-1jpp_1rh Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 mx4j-1:3.0.1-1jpp_4rh Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 pcsc-lite-0:1.3.3-3.el4 Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 rhpki-ca-0:7.3.0-20.el4 Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 rhpki-java-tools-0:7.3.0-10.el4 Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 rhpki-kra-0:7.3.0-14.el4 Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 rhpki-manage-0:7.3.0-19.el4 Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 rhpki-native-tools-0:7.3.0-6.el4 Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 rhpki-ocsp-0:7.3.0-13.el4 Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 rhpki-tks-0:7.3.0-13.el4 Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 tomcat5-0:5.5.23-0jpp_4rh.16 Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 xerces-j2-0:2.7.1-1jpp_1rh Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 xml-commons-0:1.3.02-2jpp_1rh Red Hat Enterprise Linux 2.1 2007-06-26T00:00:00 RHSA-2007:0532 apache-0:1.3.27-12.ent Red Hat Enterprise Linux 3 2007-06-27T00:00:00 RHSA-2007:0533 httpd-0:2.0.46-67.ent Red Hat Enterprise Linux 4 2007-06-26T00:00:00 RHSA-2007:0534 httpd-0:2.0.52-32.2.ent Red Hat Enterprise Linux 5 2007-06-26T00:00:00 RHSA-2007:0556 httpd-0:2.2.3-7.el5 Red Hat Network Proxy v 4.2 (RHEL 3) 2008-06-30T00:00:00 RHSA-2008:0523 jabberd-0:2.0s10-3.37.rhn Red Hat Network Proxy v 4.2 (RHEL 3) 2008-06-30T00:00:00 RHSA-2008:0523 rhn-apache-0:1.3.27-36.rhn.rhel3 Red Hat Network Proxy v 4.2 (RHEL 3) 2008-06-30T00:00:00 RHSA-2008:0523 rhn-modperl-0:1.29-16.rhel3 Red Hat Network Proxy v 4.2 (RHEL 4) 2008-06-30T00:00:00 RHSA-2008:0523 jabberd-0:2.0s10-3.38.rhn Red Hat Network Proxy v 4.2 (RHEL 4) 2008-06-30T00:00:00 RHSA-2008:0523 rhn-apache-0:1.3.27-36.rhn.rhel4 Red Hat Network Proxy v 4.2 (RHEL 4) 2008-06-30T00:00:00 RHSA-2008:0523 rhn-modperl-0:1.29-16.rhel4 Red Hat Network Proxy v 5.0 2008-05-20T00:00:00 RHSA-2008:0263 jabberd-0:2.0s10-3.38.rhn Red Hat Network Proxy v 5.0 2008-05-20T00:00:00 RHSA-2008:0263 rhn-apache-0:1.3.27-36.rhn.rhel4 Red Hat Network Proxy v 5.0 2008-05-20T00:00:00 RHSA-2008:0263 rhn-modperl-0:1.29-16.rhel4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 jabberd-0:2.0s10-3.38.rhn Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 jfreechart-0:0.9.20-3.rhn Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 openmotif21-0:2.1.30-11.RHEL4.6 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 perl-Crypt-CBC-0:2.24-1.el4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 rhn-apache-0:1.3.27-36.rhn.rhel4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 rhn-modjk-0:1.2.23-2rhn.rhel4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 rhn-modperl-0:1.29-16.rhel4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 rhn-modssl-0:2.8.12-8.rhn.10.rhel4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 tomcat5-0:5.0.30-0jpp_10rh Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 jabberd-0:2.0s10-3.37.rhn Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 jfreechart-0:0.9.20-3.rhn Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 openmotif21-0:2.1.30-9.RHEL3.8 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 perl-Crypt-CBC-0:2.24-1.el3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 rhn-apache-0:1.3.27-36.rhn.rhel3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 rhn-modjk-0:1.2.23-2rhn.rhel3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 rhn-modperl-0:1.29-16.rhel3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 rhn-modssl-0:2.8.12-8.rhn.10.rhel3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 tomcat5-0:5.0.30-0jpp_10rh Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 jabberd-0:2.0s10-3.38.rhn Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 jfreechart-0:0.9.20-3.rhn Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 openmotif21-0:2.1.30-11.RHEL4.6 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 perl-Crypt-CBC-0:2.24-1.el4 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 rhn-apache-0:1.3.27-36.rhn.rhel4 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 rhn-modjk-0:1.2.23-2rhn.rhel4 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 rhn-modperl-0:1.29-16.rhel4 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 rhn-modssl-0:2.8.12-8.rhn.10.rhel4 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 tomcat5-0:5.0.30-0jpp_10rh Red Hat Web Application Stack for RHEL 4 2007-07-13T00:00:00 RHSA-2007:0557 httpd-0:2.0.59-1.el4s1.7 https://www.cve.org/CVERecord?id=CVE-2006-5752 https://nvd.nist.gov/vuln/detail/CVE-2006-5752 Moderate 2007-01-03T00:00:00 kernel listxattr syscall can corrupt user space programs 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C CWE-681->CWE-119

Unspecified vulnerability in the listxattr system call in Linux kernel, when a "bad inode" is present, allows local users to cause a denial of service (data corruption) and possibly gain privileges via unknown vectors.

Red Hat Enterprise Linux 2.1 is not vulnerable to this issue as it only affects x86_64 architectures. Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch at release. Red Hat Enterprise Linux 4 2007-01-30T00:00:00 RHSA-2007:0014 kernel-0:2.6.9-42.0.8.EL https://www.cve.org/CVERecord?id=CVE-2006-5753 https://nvd.nist.gov/vuln/detail/CVE-2006-5753 Important 2007-01-23T00:00:00 security flaw

The aio_setup_ring function in Linux kernel does not properly initialize a variable, which allows local users to cause a denial of service (crash) via an unspecified error path that causes an incorrect free operation.

Red Hat would like to thank Kostantin Khorenko for reporting this issue. Red Hat Enterprise Linux 4 2007-01-30T00:00:00 RHSA-2007:0014 kernel-0:2.6.9-42.0.8.EL https://www.cve.org/CVERecord?id=CVE-2006-5754 https://nvd.nist.gov/vuln/detail/CVE-2006-5754 Low 2006-09-26T00:00:00 kernel: local denial of service due to NT bit leakage

Linux kernel before 2.6.18, when running on x86_64 systems, does not properly save or restore EFLAGS during a context switch, which allows local users to cause a denial of service (crash) by causing SYSENTER to set an NT flag, which can trigger a crash on the IRET of the next task.

Red Hat Enterprise Linux 5 2008-11-04T00:00:00 RHSA-2008:0957 kernel-0:2.6.18-92.1.18.el5 https://www.cve.org/CVERecord?id=CVE-2006-5755 https://nvd.nist.gov/vuln/detail/CVE-2006-5755 Low 2006-11-05T00:00:00 security flaw

Race condition in the __find_get_block_slow function in the ISO9660 filesystem in Linux 2.6.18 and possibly other versions allows local users to cause a denial of service (infinite loop) by mounting a crafted ISO9660 filesystem containing malformed data structures.

Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Red Hat Enterprise Linux 4 2007-01-30T00:00:00 RHSA-2007:0014 kernel-0:2.6.9-42.0.8.EL https://www.cve.org/CVERecord?id=CVE-2006-5757 https://nvd.nist.gov/vuln/detail/CVE-2006-5757

OpenLDAP before 2.3.29 allows remote attackers to cause a denial of service (daemon crash) via LDAP BIND requests with long authcid names, which triggers an assertion failure.

Not Vulnerable. The OpenLDAP versions shipped with Red Hat Enterprise Linux 4 and earlier do not contain the vulnerable code in question. Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. https://www.cve.org/CVERecord?id=CVE-2006-5779 https://nvd.nist.gov/vuln/detail/CVE-2006-5779 Low 2006-11-14T00:00:00 libpng DoS

The sPLT chunk handling code (png_set_sPLT function in pngset.c) in libpng 1.0.6 through 1.2.12 uses a sizeof operator on the wrong data type, which allows context-dependent attackers to cause a denial of service (crash) via malformed sPLT chunks that trigger an out-of-bounds read.

Red Hat would like to thank Glenn Randers-Pehrson, Mats Palmgren, and Tavis Ormandy for reporting this issue. Red Hat Enterprise Linux 2.1 2007-05-17T00:00:00 RHSA-2007:0356 libpng-2:1.0.14-10 Red Hat Enterprise Linux 3 2007-05-17T00:00:00 RHSA-2007:0356 libpng-2:1.2.2-27 Red Hat Enterprise Linux 3 2007-05-17T00:00:00 RHSA-2007:0356 libpng10-0:1.0.13-17 Red Hat Enterprise Linux 4 2007-05-17T00:00:00 RHSA-2007:0356 libpng-2:1.2.7-3.el4 Red Hat Enterprise Linux 4 2007-05-17T00:00:00 RHSA-2007:0356 libpng10-0:1.0.16-3 Red Hat Enterprise Linux 5 2007-05-17T00:00:00 RHSA-2007:0356 libpng-2:1.2.10-7.0.2 https://www.cve.org/CVERecord?id=CVE-2006-5793 https://nvd.nist.gov/vuln/detail/CVE-2006-5793 Low 2006-11-07T00:00:00 OpenSSH privilege separation flaw

Unspecified vulnerability in the sshd Privilege Separation Monitor in OpenSSH before 4.5 causes weaker verification that authentication has been successful, which might allow attackers to bypass authentication. NOTE: as of 20061108, it is believed that this issue is only exploitable by leveraging vulnerabilities in the unprivileged process, which are not known to exist.

This issue did not affect Red Hat Enterprise Linux 2.1. Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Red Hat Enterprise Linux 3 2006-11-15T00:00:00 RHSA-2006:0738 openssh-0:3.6.1p2-33.30.13 Red Hat Enterprise Linux 4 2006-11-15T00:00:00 RHSA-2006:0738 openssh-0:3.9p1-8.RHEL4.17.1 https://www.cve.org/CVERecord?id=CVE-2006-5794 https://nvd.nist.gov/vuln/detail/CVE-2006-5794 Low 2006-11-07T00:00:00 security flaw

The zlib_inflate function in Linux kernel 2.6.x allows local users to cause a denial of service (crash) via a malformed filesystem that uses zlib compression that triggers memory corruption, as demonstrated using cramfs.

The CVE-2006-5823 is about a corrupted cramfs (MOKB-07-11-2006) that can cause a memory corruption and so crash the machine. For Red Hat Enterpise Linux 3 this issue is tracked via Bugzilla #216960 and for Red Hat Enterprise Linux 4 it is tracked via Bugzilla #216958. Red Hat Enterprise Linux 2.1 is not vulnerable to this issue. This issue has been rated as having low impact, because root privileges or physical access to the machine are needed to mount a corrupted filesystem and crash the machine. Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Red Hat Enterprise Linux 3 2007-06-08T00:00:00 RHSA-2007:0436 kernel-0:2.4.21-50.EL Red Hat Enterprise Linux 4 2007-01-30T00:00:00 RHSA-2007:0014 kernel-0:2.6.9-42.0.8.EL https://www.cve.org/CVERecord?id=CVE-2006-5823 https://nvd.nist.gov/vuln/detail/CVE-2006-5823 Critical 2007-01-10T00:00:00 security flaw

Adobe Reader and Acrobat 7.0.8 and earlier allows user-assisted remote attackers to execute code via a crafted PDF file that triggers memory corruption and overwrites a subroutine pointer during rendering.

Extras for RHEL 3 2007-01-22T00:00:00 RHSA-2007:0021 acroread-0:7.0.9-1.1.1.EL3 Extras for RHEL 3 2007-01-22T00:00:00 RHSA-2007:0021 acroread-libs-atk-0:1.8.0-1.el3 Extras for RHEL 3 2007-01-22T00:00:00 RHSA-2007:0021 acroread-libs-glib2-0:2.4.7-1 Extras for RHEL 3 2007-01-22T00:00:00 RHSA-2007:0021 acroread-libs-gtk2-0:2.4.13-1.el3 Extras for RHEL 3 2007-01-22T00:00:00 RHSA-2007:0021 acroread-libs-gtk2-engines-0:2.2.0-1.el3 Extras for RHEL 3 2007-01-22T00:00:00 RHSA-2007:0021 acroread-libs-pango-0:1.6.0-1.el3 Extras for RHEL 4 2007-01-11T00:00:00 RHSA-2007:0017 acroread-0:7.0.9-1.2.0.EL4 https://www.cve.org/CVERecord?id=CVE-2006-5857 https://nvd.nist.gov/vuln/detail/CVE-2006-5857 Low 2006-11-29T00:00:00 CVE-2006-5864 evince contains a buffer overflow in get_next_text()

Stack-based buffer overflow in the ps_gettext function in ps.c for GNU gv 3.6.2, and possibly earlier versions, allows user-assisted attackers to execute arbitrary code via a PostScript (PS) file with certain headers that contain long comments, as demonstrated using the (1) DocumentMedia, (2) DocumentPaperSizes, and possibly (3) PageMedia and (4) PaperSize headers. NOTE: this issue can be exploited through other products that use gv such as evince.

Red Hat is aware of this issue and is tracking it via the following bug for Red Hat Enterprise Linux 2.1. This issue did not affect Red Hat Enterprise Linux 3 or 4. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=215593 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/ Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. The risks associated with fixing this bug are greater than the low severity security risk. We therefore currently have no plans to fix this flaw in Red Hat Enterprise Linux 2.1 which is in maintenance mode. https://www.cve.org/CVERecord?id=CVE-2006-5864 https://nvd.nist.gov/vuln/detail/CVE-2006-5864 Moderate 2007-01-04T00:00:00 fetchmail not enforcing TLS for POP3 properly

fetchmail before 6.3.6-rc4 does not properly enforce TLS and may transmit cleartext passwords over unsecured links if certain circumstances occur, which allows remote attackers to obtain sensitive information via man-in-the-middle (MITM) attacks.

Red Hat Enterprise Linux 2.1 2007-01-31T00:00:00 RHSA-2007:0018 fetchmail-0:5.9.0-21.7.3.el2.1.4 Red Hat Enterprise Linux 3 2007-01-31T00:00:00 RHSA-2007:0018 fetchmail-0:6.2.0-3.el3.3 Red Hat Enterprise Linux 4 2007-01-31T00:00:00 RHSA-2007:0018 fetchmail-0:6.2.5-6.el4.5 https://www.cve.org/CVERecord?id=CVE-2006-5867 https://nvd.nist.gov/vuln/detail/CVE-2006-5867 Moderate 2006-09-29T00:00:00 Insufficient boundary check in ImageMagick's SGIDecode()

Multiple buffer overflows in Imagemagick 6.0 before 6.0.6.2, and 6.2 before 6.2.4.5, has unknown impact and user-assisted attack vectors via a crafted SGI image.

Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Red Hat Enterprise Linux 2.1 2007-02-15T00:00:00 RHSA-2007:0015 ImageMagick-0:5.3.8-18 Red Hat Enterprise Linux 3 2007-02-15T00:00:00 RHSA-2007:0015 ImageMagick-0:5.5.6-24 Red Hat Enterprise Linux 4 2007-02-15T00:00:00 RHSA-2007:0015 ImageMagick-0:6.0.7.1-16.0.3 https://www.cve.org/CVERecord?id=CVE-2006-5868 https://nvd.nist.gov/vuln/detail/CVE-2006-5868 Important 2007-01-03T00:00:00 security flaw

Multiple integer overflows in OpenOffice.org (OOo) 2.0.4 and earlier, and possibly other versions before 2.1.0; and StarOffice 6 through 8; allow user-assisted remote attackers to execute arbitrary code via a crafted (a) WMF or (b) EMF file that triggers heap-based buffer overflows in (1) wmf/winwmf.cxx, during processing of META_ESCAPE records; and wmf/enhwmf.cxx, during processing of (2) EMR_POLYPOLYGON and (3) EMR_POLYPOLYGON16 records.

Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Red Hat Enterprise Linux 3 2007-01-03T00:00:00 RHSA-2007:0001 openoffice.org-0:1.1.2-35.2.0.EL3 Red Hat Enterprise Linux 4 2007-01-03T00:00:00 RHSA-2007:0001 openoffice.org-0:1.1.5-6.6.0.EL4 https://www.cve.org/CVERecord?id=CVE-2006-5870 https://nvd.nist.gov/vuln/detail/CVE-2006-5870 Low 2004-10-19T00:00:00 security flaw

smbfs in Linux kernel 2.6.8 and other versions, and 2.4.x before 2.4.34, when UNIX extensions are enabled, ignores certain mount options, which could cause clients to use server-specified uid, gid and mode settings.

Red Hat Enterprise Linux 4 2005-10-05T00:00:00 RHSA-2005:514 kernel-0:2.6.9-22.EL https://www.cve.org/CVERecord?id=CVE-2006-5871 https://nvd.nist.gov/vuln/detail/CVE-2006-5871 Moderate 2007-11-11T00:00:00 CVE-2006-5876 libsoup Server code crashes upon receiving malformed GET HTTP header

The soup_headers_parse function in soup-headers.c for libsoup HTTP library before 2.2.99 allows remote attackers to cause a denial of service (crash) via malformed HTTP headers, probably involving missing fields or values.

Not vulnerable. The vulnerable code is not used by any application likned with libsoup shipped with Red Hat Enterprise Linux 2.1, 3, and 4. Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. https://www.cve.org/CVERecord?id=CVE-2006-5876 https://nvd.nist.gov/vuln/detail/CVE-2006-5876 Critical 2006-11-15T01:51:00 security flaw

Links web browser 1.00pre12 and Elinks 0.9.2 with smbclient installed allows remote attackers to execute arbitrary code via shell metacharacters in an smb:// URI, as demonstrated by using PUT and GET statements.

Red Hat Enterprise Linux 4 2006-11-15T00:00:00 RHSA-2006:0742 elinks-0:0.9.2-3.3 https://www.cve.org/CVERecord?id=CVE-2006-5925 https://nvd.nist.gov/vuln/detail/CVE-2006-5925

CRLF injection vulnerability in the evalFolderLine function in fvwm 2.5.18 and earlier allows local users to execute arbitrary commands via carriage returns in a directory name, which is not properly handled by fvwm-menu-directory, a variant of CVE-2003-1308.

Not vulnerable. Red Hat Enterprise Linux 2.1 shipped with fvwm, however this issue does not affect the included version of fvwm. https://www.cve.org/CVERecord?id=CVE-2006-5969 https://nvd.nist.gov/vuln/detail/CVE-2006-5969

fetchmail 6.3.5 and 6.3.6 before 6.3.6-rc4, when refusing a message delivered via the mda option, allows remote attackers to cause a denial of service (crash) via unknown vectors that trigger a NULL pointer dereference when calling the (1) ferror or (2) fflush functions.

Not vulnerable. This issue does not affect the versions of fetchmail distributed with Red Hat Enterprise Linux 2.1, 3, or 4. https://www.cve.org/CVERecord?id=CVE-2006-5974 https://nvd.nist.gov/vuln/detail/CVE-2006-5974 Low 2006-11-13T00:00:00 security flaw

Off-by-one error in the der_get_oid function in mod_auth_kerb 5.0 allows remote attackers to cause a denial of service (crash) via a crafted Kerberos message that triggers a heap-based buffer overflow in the component array.

Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Red Hat Enterprise Linux 4 2006-12-06T00:00:00 RHSA-2006:0746 mod_auth_kerb-0:5.0-1.3 https://www.cve.org/CVERecord?id=CVE-2006-5989 https://nvd.nist.gov/vuln/detail/CVE-2006-5989

Buffer overflow in the JavaScript implementation in Safari on Apple Mac OS X 10.4 allows remote attackers to cause a denial of service (application crash) via a long argument to the exec method of a regular expression.

Red Hat does not consider unexploitable client application crashes to be security flaws. This bug causes a stack recursion crash which is not exploitable. https://www.cve.org/CVERecord?id=CVE-2006-6015 https://nvd.nist.gov/vuln/detail/CVE-2006-6015

Adobe Reader (Adobe Acrobat Reader) 7.0 through 7.0.8 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long argument string to the LoadFile method in an AcroPDF ActiveX control.

Not vulnerable. This issue did not affect Linux versions of Adobe Reader. https://www.cve.org/CVERecord?id=CVE-2006-6027 https://nvd.nist.gov/vuln/detail/CVE-2006-6027 Low 2006-11-10T00:00:00 security flaw

The ext3fs_dirhash function in Linux kernel 2.6.x allows local users to cause a denial of service (crash) via an ext3 stream with malformed data structures.

Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Red Hat Enterprise Linux 4 2007-01-30T00:00:00 RHSA-2007:0014 kernel-0:2.6.9-42.0.8.EL https://www.cve.org/CVERecord?id=CVE-2006-6053 https://nvd.nist.gov/vuln/detail/CVE-2006-6053 Low 2006-11-12T00:00:00 security flaw

The ext2 file system code in Linux kernel 2.6.x allows local users to cause a denial of service (crash) via an ext2 stream with malformed data structures that triggers an error in the ext2_check_page due to a length that is smaller than the minimum.

Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Red Hat Enterprise Linux 2.1 2007-08-08T00:00:00 RHSA-2007:0672 kernel-0:2.4.9-e.72 Red Hat Enterprise Linux 2.1 2007-08-08T00:00:00 RHSA-2007:0673 kernel-0:2.4.18-e.65 Red Hat Enterprise Linux 3 2007-06-08T00:00:00 RHSA-2007:0436 kernel-0:2.4.21-50.EL Red Hat Enterprise Linux 4 2007-01-30T00:00:00 RHSA-2007:0014 kernel-0:2.6.9-42.0.8.EL https://www.cve.org/CVERecord?id=CVE-2006-6054 https://nvd.nist.gov/vuln/detail/CVE-2006-6054 Low 2006-11-14T00:00:00 security flaw

Linux kernel 2.6.x up to 2.6.18 and possibly other versions, when SELinux hooks are enabled, allows local users to cause a denial of service (crash) via a malformed file stream that triggers a NULL pointer dereference in the superblock_doinit function, as demonstrated using an HFS filesystem image.

Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Red Hat Enterprise Linux 4 2007-01-30T00:00:00 RHSA-2007:0014 kernel-0:2.6.9-42.0.8.EL https://www.cve.org/CVERecord?id=CVE-2006-6056 https://nvd.nist.gov/vuln/detail/CVE-2006-6056

The Linux kernel 2.6.x up to 2.6.18, and possibly other versions, on Fedora Core 6 and possibly other operating systems, allows local users to cause a denial of service (crash) via a malformed gfs2 file stream that triggers a NULL pointer dereference in the init_journal function.

Not Vulnerable. The kernel as shipped with Red Hat Enterprise Linux 2.1, 3, and 4 do not contain gfs2 filesystem support. Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. https://www.cve.org/CVERecord?id=CVE-2006-6057 https://nvd.nist.gov/vuln/detail/CVE-2006-6057 Low 2006-11-17T00:00:00 minix_bmap denial of service

The minix filesystem code in Linux kernel 2.6.x before 2.6.24, including 2.6.18, allows local users to cause a denial of service (hang) via a malformed minix file stream that triggers an infinite loop in the minix_bmap function. NOTE: this issue might be due to an integer overflow or signedness error.

Red Hat Enterprise Linux 2.1 2007-08-08T00:00:00 RHSA-2007:0672 kernel-0:2.4.9-e.72 https://www.cve.org/CVERecord?id=CVE-2006-6058 https://nvd.nist.gov/vuln/detail/CVE-2006-6058 Moderate 2007-02-23T00:00:00 security flaw

The (1) Password Manager in Mozilla Firefox 2.0, and 1.5.0.8 and earlier; and the (2) Passcard Manager in Netscape 8.1.2 and possibly other versions, do not properly verify that an ACTION URL in a FORM element containing a password INPUT element matches the web site for which the user stored a password, which allows remote attackers to obtain passwords via a password INPUT element on a different web page located on the web site intended for this password.

Red Hat Enterprise Linux 2.1 2007-02-24T00:00:00 RHSA-2007:0077 seamonkey-0:1.0.8-0.2.el2 Red Hat Enterprise Linux 3 2007-02-24T00:00:00 RHSA-2007:0077 seamonkey-0:1.0.8-0.2.el3 Red Hat Enterprise Linux 4 2007-02-24T00:00:00 RHSA-2007:0077 devhelp-0:0.10-0.7.el4 Red Hat Enterprise Linux 4 2007-02-24T00:00:00 RHSA-2007:0077 seamonkey-0:1.0.8-0.2.el4 Red Hat Enterprise Linux 4 2007-03-02T00:00:00 RHSA-2007:0078 thunderbird-0:1.5.0.10-0.1.el4 Red Hat Enterprise Linux 4 2007-02-23T00:00:00 RHSA-2007:0079 firefox-0:1.5.0.10-0.1.el4 Red Hat Enterprise Linux 5 2007-03-14T00:00:00 RHSA-2007:0097 devhelp-0:0.12-10.0.1.el5 Red Hat Enterprise Linux 5 2007-03-14T00:00:00 RHSA-2007:0097 firefox-0:1.5.0.10-2.el5 Red Hat Enterprise Linux 5 2007-03-14T00:00:00 RHSA-2007:0097 yelp-0:2.16.0-14.0.1.el5 Red Hat Enterprise Linux 5 2007-03-14T00:00:00 RHSA-2007:0108 thunderbird-0:1.5.0.10-1.el5 https://www.cve.org/CVERecord?id=CVE-2006-6077 https://nvd.nist.gov/vuln/detail/CVE-2006-6077 Moderate 2006-11-21T00:00:00 security flaw

GNU tar 1.16 and 1.15.1, and possibly other versions, allows user-assisted attackers to overwrite arbitrary files via a tar file that contains a GNUTYPE_NAMES record with a symbolic link, which is not properly handled by the extract_archive function in extract.c and extract_mangle function in mangle.c, a variant of CVE-2002-1216.

Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Red Hat Enterprise Linux 2.1 2006-12-19T00:00:00 RHSA-2006:0749 tar-0:1.13.25-6.AS21.1 Red Hat Enterprise Linux 3 2006-12-19T00:00:00 RHSA-2006:0749 tar-0:1.13.25-15.RHEL3 Red Hat Enterprise Linux 4 2006-12-19T00:00:00 RHSA-2006:0749 tar-0:1.14-12.RHEL4 https://www.cve.org/CVERecord?id=CVE-2006-6097 https://nvd.nist.gov/vuln/detail/CVE-2006-6097 Important 2006-01-09T00:00:00 security flaw

Integer overflow in the ProcRenderAddGlyphs function in the Render extension for X.Org 6.8.2, 6.9.0, 7.0, and 7.1, and XFree86 X server, allows local users to execute arbitrary code via a crafted X protocol request that triggers memory corruption during processing of glyph management data structures.

Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Red Hat Enterprise Linux 2.1 2007-01-10T00:00:00 RHSA-2007:0002 XFree86-0:4.1.0-78.EL Red Hat Enterprise Linux 3 2007-01-10T00:00:00 RHSA-2007:0002 XFree86-0:4.3.0-115.EL Red Hat Enterprise Linux 4 2007-01-10T00:00:00 RHSA-2007:0003 xorg-x11-0:6.8.2-1.EL.13.37.5 https://www.cve.org/CVERecord?id=CVE-2006-6101 https://nvd.nist.gov/vuln/detail/CVE-2006-6101 Important 2006-01-09T00:00:00 security flaw

Integer overflow in the ProcDbeGetVisualInfo function in the DBE extension for X.Org 6.8.2, 6.9.0, 7.0, and 7.1, and XFree86 X server, allows local users to execute arbitrary code via a crafted X protocol request that triggers memory corruption during processing of unspecified data structures.

Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Red Hat Enterprise Linux 2.1 2007-01-10T00:00:00 RHSA-2007:0002 XFree86-0:4.1.0-78.EL Red Hat Enterprise Linux 3 2007-01-10T00:00:00 RHSA-2007:0002 XFree86-0:4.3.0-115.EL Red Hat Enterprise Linux 4 2007-01-10T00:00:00 RHSA-2007:0003 xorg-x11-0:6.8.2-1.EL.13.37.5 https://www.cve.org/CVERecord?id=CVE-2006-6102 https://nvd.nist.gov/vuln/detail/CVE-2006-6102 Important 2006-01-09T00:00:00 security flaw

Integer overflow in the ProcDbeSwapBuffers function in the DBE extension for X.Org 6.8.2, 6.9.0, 7.0, and 7.1, and XFree86 X server, allows local users to execute arbitrary code via a crafted X protocol request that triggers memory corruption during processing of unspecified data structures.

Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Red Hat Enterprise Linux 2.1 2007-01-10T00:00:00 RHSA-2007:0002 XFree86-0:4.1.0-78.EL Red Hat Enterprise Linux 3 2007-01-10T00:00:00 RHSA-2007:0002 XFree86-0:4.3.0-115.EL Red Hat Enterprise Linux 4 2007-01-10T00:00:00 RHSA-2007:0003 xorg-x11-0:6.8.2-1.EL.13.37.5 https://www.cve.org/CVERecord?id=CVE-2006-6103 https://nvd.nist.gov/vuln/detail/CVE-2006-6103

Format string vulnerability in the host chooser window (gdmchooser) in GNOME Foundation Display Manager (gdm) allows local users to execute arbitrary code via format string specifiers in a hostname, which are used in an error dialog.

Not vulnerable. This flaw was first introduced in gdm version 2.14. Therefore these issues did not affect the earlier versions of gdm as shipped with Red Hat Enterprise Linux 2.1, 3, or 4. Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. https://www.cve.org/CVERecord?id=CVE-2006-6105 https://nvd.nist.gov/vuln/detail/CVE-2006-6105 Moderate 2006-12-14T00:00:00 security flaw

Multiple buffer overflows in the cmtp_recv_interopmsg function in the Bluetooth driver (net/bluetooth/cmtp/capi.c) in the Linux kernel 2.4.22 up to 2.4.33.4 and 2.6.2 before 2.6.18.6, and 2.6.19.x, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via CAPI messages with a large value for the length of the (1) manu (manufacturer) or (2) serial (serial number) field.

Red Hat is aware of this issue and is tracking it for Red Hat Enterprise Linux 4 via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=218602 This issue does not affect the version of the Linux kernel shipped with Red Hat Enterprise Linux 2.1 or 3. Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Red Hat Enterprise Linux 4 2007-01-30T00:00:00 RHSA-2007:0014 kernel-0:2.6.9-42.0.8.EL https://www.cve.org/CVERecord?id=CVE-2006-6106 https://nvd.nist.gov/vuln/detail/CVE-2006-6106 Moderate 2006-12-12T00:00:00 D-Bus denial of service

Unspecified vulnerability in the match_rule_equal function in bus/signals.c in D-Bus before 1.0.2 allows local applications to remove match rules for other applications and cause a denial of service (lost process messages).

Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Red Hat Enterprise Linux 4 2007-02-08T00:00:00 RHSA-2007:0008 dbus-0:0.22-12.EL.8 https://www.cve.org/CVERecord?id=CVE-2006-6107 https://nvd.nist.gov/vuln/detail/CVE-2006-6107 Moderate 2006-11-29T00:00:00 koffice: update to 1.6.1

Integer overflow in the KPresenter import filter for Microsoft PowerPoint files (filters/olefilters/lib/klaola.cc) in KOffice before 1.6.1 allows user-assisted remote attackers to execute arbitrary code via a crafted PPT file, which results in a heap-based buffer overflow.

Red Hat Enterprise Linux 2.1 2007-02-20T00:00:00 RHSA-2007:0010 koffice-3:1.1.1-2.3 https://www.cve.org/CVERecord?id=CVE-2006-6120 https://nvd.nist.gov/vuln/detail/CVE-2006-6120 Moderate 2006-12-02T00:00:00 Three XSS issues in SquirrelMail

Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.0 through 1.4.9 allow remote attackers to inject arbitrary web script or HTML via the (1) mailto parameter in (a) webmail.php, the (2) session and (3) delete_draft parameters in (b) compose.php, and (4) unspecified vectors involving "a shortcoming in the magicHTML filter."

Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Red Hat Enterprise Linux 3 2007-01-31T00:00:00 RHSA-2007:0022 squirrelmail-0:1.4.8-4.el3 Red Hat Enterprise Linux 4 2007-01-31T00:00:00 RHSA-2007:0022 squirrelmail-0:1.4.8-4.el4 https://www.cve.org/CVERecord?id=CVE-2006-6142 https://nvd.nist.gov/vuln/detail/CVE-2006-6142

The RPC library in Kerberos 5 1.4 through 1.4.4, and 1.5 through 1.5.1, as used in Kerberos administration daemon (kadmind) and other products that use this library, calls an uninitialized function pointer in freed memory, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors.

Not vulnerable. Red Hat Enterprise Linux 2.1, 3, and 4 ship with versions of Kerberos 5 prior to version 1.4 and are therefore not affected by these vulnerabilities. Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. https://www.cve.org/CVERecord?id=CVE-2006-6143 https://nvd.nist.gov/vuln/detail/CVE-2006-6143

The "mechglue" abstraction interface of the GSS-API library for Kerberos 5 1.5 through 1.5.1, as used in Kerberos administration daemon (kadmind) and other products that use this library, allows remote attackers to cause a denial of service (crash) via unspecified vectors that cause mechglue to free uninitialized pointers.

Not vulnerable. Red Hat Enterprise Linux 2.1, 3, and 4 ship with versions of Kerberos 5 prior to version 1.4 and are therefore not affected by these vulnerabilities. Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. https://www.cve.org/CVERecord?id=CVE-2006-6144 https://nvd.nist.gov/vuln/detail/CVE-2006-6144 Low 2006-11-24T00:00:00 : gnupg2 < 2.0.1 buffer overflow

Heap-based buffer overflow in the ask_outfile_name function in openfile.c for GnuPG (gpg) 1.4 and 2.0, when running interactively, might allow attackers to execute arbitrary code via messages with "C-escape" expansions, which cause the make_printable_string function to return a longer string than expected while constructing a prompt.

Red Hat does not consider this bug to be a security flaw. In order for this flaw to be exploited, a user would be required to enter shellcode into an interactive GnuPG session. Red Hat considers this to be an unlikely scenario. Red Hat Enterprise Linux 5 contains a backported patch to address this issue. Red Hat Enterprise Linux 2.1 2006-12-06T00:00:00 RHSA-2006:0754 gnupg-0:1.0.7-20 Red Hat Enterprise Linux 3 2006-12-06T00:00:00 RHSA-2006:0754 gnupg-0:1.2.1-19 Red Hat Enterprise Linux 4 2006-12-06T00:00:00 RHSA-2006:0754 gnupg-0:1.2.6-8 https://www.cve.org/CVERecord?id=CVE-2006-6169 https://nvd.nist.gov/vuln/detail/CVE-2006-6169 Important 2006-12-06T00:00:00 security flaw

A "stack overwrite" vulnerability in GnuPG (gpg) 1.x before 1.4.6, 2.x before 2.0.2, and 1.9.0 through 1.9.95 allows attackers to execute arbitrary code via crafted OpenPGP packets that cause GnuPG to dereference a function pointer from deallocated stack memory.

Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Red Hat Enterprise Linux 2.1 2006-12-06T00:00:00 RHSA-2006:0754 gnupg-0:1.0.7-20 Red Hat Enterprise Linux 3 2006-12-06T00:00:00 RHSA-2006:0754 gnupg-0:1.2.1-19 Red Hat Enterprise Linux 4 2006-12-06T00:00:00 RHSA-2006:0754 gnupg-0:1.2.6-8 https://www.cve.org/CVERecord?id=CVE-2006-6235 https://nvd.nist.gov/vuln/detail/CVE-2006-6235

Adobe Reader (Adobe Acrobat Reader) 7.0 through 7.0.8 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long argument string to the (1) src, (2) setPageMode, (3) setLayoutMode, and (4) setNamedDest methods in an AcroPDF ActiveX control, a different set of vectors than CVE-2006-6027.

Not vulnerable. This issue does not affect the Linux version of Adobe Reader. https://www.cve.org/CVERecord?id=CVE-2006-6236 https://nvd.nist.gov/vuln/detail/CVE-2006-6236

Stack consumption vulnerability in the KFILE JPEG (kfile_jpeg) plugin in kdegraphics 3, as used by konqueror, digikam, and other KDE image browsers, allows remote attackers to cause a denial of service (stack consumption) via a crafted EXIF section in a JPEG file, which results in an infinite recursion.

We do not consider a crash of a client application such as Konqueror or other KFile users to be a security issue. https://www.cve.org/CVERecord?id=CVE-2006-6297 https://nvd.nist.gov/vuln/detail/CVE-2006-6297 Low 2006-12-04T00:00:00 ruby's cgi.rb vulnerable infinite loop DoS CWE-835

The read_multipart function in cgi.rb in Ruby before 1.8.5-p2 does not properly detect boundaries in MIME multipart content, which allows remote attackers to cause a denial of service (infinite loop) via crafted HTTP requests, a different issue than CVE-2006-5467.

Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Red Hat Enterprise Linux 2.1 2008-07-14T00:00:00 RHSA-2008:0562 ruby-0:1.6.4-6.el2 Red Hat Enterprise Linux 3 2008-07-14T00:00:00 RHSA-2008:0562 ruby-0:1.6.8-12.el3 Red Hat Enterprise Linux 4 2007-11-13T00:00:00 RHSA-2007:0961 ruby-0:1.8.1-7.EL4.8.1 https://www.cve.org/CVERecord?id=CVE-2006-6303 https://nvd.nist.gov/vuln/detail/CVE-2006-6303 Moderate 2009-11-12T00:00:00 kernel: use flag in do_coredump() 1.9 AV:L/AC:M/Au:N/C:N/I:P/A:N

The do_coredump function in fs/exec.c in the Linux kernel 2.6.19 sets the flag variable to O_EXCL but does not use it, which allows context-dependent attackers to modify arbitrary files via a rewrite attack during a core dump.

This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 3, 4 and Red Hat Enterprise MRG. Shipped kernels do not include upstream commit d025c9db that introduced the problem. This upstream commit was backported in Red Hat Enterprise Linux 5 via RHSA-2009:0225. It was later reported and addressed in Red Hat Enterprise Linux 5 via RHSA-2010:0046. Red Hat Enterprise Linux 5 2010-01-19T00:00:00 RHSA-2010:0046 kernel-0:2.6.18-164.11.1.el5 https://www.cve.org/CVERecord?id=CVE-2006-6304 https://nvd.nist.gov/vuln/detail/CVE-2006-6304

Unspecified vulnerability in Net-SNMP 5.3 before 5.3.0.1, when configured using the rocommunity or rouser snmpd.conf tokens, causes Net-SNMP to grant write access to users or communities that only have read-only access.

Not vulnerable. This issue does not affect the versions of net-smtp as shipped with Red Hat Enterprise Linux 2.1, 3, or 4. Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. https://www.cve.org/CVERecord?id=CVE-2006-6305 https://nvd.nist.gov/vuln/detail/CVE-2006-6305

Stack-based buffer overflow in net80211/ieee80211_wireless.c in MadWifi before 0.9.2.1 allows remote attackers to execute arbitrary code via unspecified vectors, related to the encode_ie and giwscan_cb functions.

Not vulnerable. The MadWiFi wireless driver is not shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5. https://www.cve.org/CVERecord?id=CVE-2006-6332 https://nvd.nist.gov/vuln/detail/CVE-2006-6332

PHP 5.2.0 and 4.4 allows local users to bypass safe_mode and open_basedir restrictions via a malicious path and a null byte before a ";" in a session_save_path argument, followed by an allowed path, which causes a parsing inconsistency in which PHP validates the allowed path but sets session.save_path to the malicious path.

We do not consider these to be security issues. For more details see http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1 and http://www.php.net/security-note.php https://www.cve.org/CVERecord?id=CVE-2006-6383 https://nvd.nist.gov/vuln/detail/CVE-2006-6383

Stack-based buffer overflow in Intel PRO 10/100, PRO/1000, and PRO/10GbE PCI, PCI-X, and PCIe network adapter drivers (aka NDIS miniport drivers) before 20061205 allows local users to execute arbitrary code with "kernel-level" privileges via an incorrect function call in certain OID handlers.

Not Vulnerable. eEye Research advisory AD20061207 (Intel Network Adapter Driver Local Privilege Escalation) describes a flaw in the Linux Kernel drivers for the e100, e1000, and ixgb Intel network cards. The flaw affects the NDIS miniport drivers and its OID support. The Linux Kernel drivers do not support the NDIS API and the OID concept from Microsoft Windows. https://www.cve.org/CVERecord?id=CVE-2006-6385 https://nvd.nist.gov/vuln/detail/CVE-2006-6385

Buffer overflow in the krbv4_ldap_auth function in servers/slapd/kerberos.c in OpenLDAP 2.4.3 and earlier, when OpenLDAP is compiled with the --enable-kbind (Kerberos KBIND) option, allows remote attackers to execute arbitrary code via an LDAP bind request using the LDAP_AUTH_KRBV41 authentication method and long credential data.

Not vulnerable. OpenLDAP as shipped with Red Hat Enterprise Linux 2.1, 3, and 4 does not support the LDAP_AUTH_KRBV41 authentication method. https://www.cve.org/CVERecord?id=CVE-2006-6493 https://nvd.nist.gov/vuln/detail/CVE-2006-6493 Critical 2006-12-19T19:00:00 security flaw

Multiple unspecified vulnerabilities in the layout engine for Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 allow remote attackers to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code via unknown attack vectors.

Red Hat Enterprise Linux 2.1 2006-12-19T00:00:00 RHSA-2006:0759 seamonkey-0:1.0.7-0.1.el2 Red Hat Enterprise Linux 3 2006-12-19T00:00:00 RHSA-2006:0759 seamonkey-0:1.0.7-0.1.el3 Red Hat Enterprise Linux 4 2006-12-19T00:00:00 RHSA-2006:0758 firefox-0:1.5.0.9-0.1.el4 Red Hat Enterprise Linux 4 2006-12-19T00:00:00 RHSA-2006:0759 devhelp-0:0.10-0.6.el4 Red Hat Enterprise Linux 4 2006-12-19T00:00:00 RHSA-2006:0759 seamonkey-0:1.0.7-0.1.el4 Red Hat Enterprise Linux 4 2006-12-19T00:00:00 RHSA-2006:0760 thunderbird-0:1.5.0.9-0.1.el4 https://www.cve.org/CVERecord?id=CVE-2006-6497 https://nvd.nist.gov/vuln/detail/CVE-2006-6497 Critical 2006-12-19T19:00:00 security flaw

Multiple unspecified vulnerabilities in the JavaScript engine for Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, SeaMonkey before 1.0.7, and Mozilla 1.7 and probably earlier on Solaris, allow remote attackers to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code via unknown impact and attack vectors.

Red Hat Enterprise Linux 2.1 2006-12-19T00:00:00 RHSA-2006:0759 seamonkey-0:1.0.7-0.1.el2 Red Hat Enterprise Linux 3 2006-12-19T00:00:00 RHSA-2006:0759 seamonkey-0:1.0.7-0.1.el3 Red Hat Enterprise Linux 4 2006-12-19T00:00:00 RHSA-2006:0758 firefox-0:1.5.0.9-0.1.el4 Red Hat Enterprise Linux 4 2006-12-19T00:00:00 RHSA-2006:0759 devhelp-0:0.10-0.6.el4 Red Hat Enterprise Linux 4 2006-12-19T00:00:00 RHSA-2006:0759 seamonkey-0:1.0.7-0.1.el4 Red Hat Enterprise Linux 4 2006-12-19T00:00:00 RHSA-2006:0760 thunderbird-0:1.5.0.9-0.1.el4 https://www.cve.org/CVERecord?id=CVE-2006-6498 https://nvd.nist.gov/vuln/detail/CVE-2006-6498 Critical 2006-12-19T19:00:00 security flaw

Unspecified vulnerability in Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to gain privileges and install malicious code via the watch Javascript function.

Red Hat Enterprise Linux 2.1 2006-12-19T00:00:00 RHSA-2006:0759 seamonkey-0:1.0.7-0.1.el2 Red Hat Enterprise Linux 3 2006-12-19T00:00:00 RHSA-2006:0759 seamonkey-0:1.0.7-0.1.el3 Red Hat Enterprise Linux 4 2006-12-19T00:00:00 RHSA-2006:0758 firefox-0:1.5.0.9-0.1.el4 Red Hat Enterprise Linux 4 2006-12-19T00:00:00 RHSA-2006:0759 devhelp-0:0.10-0.6.el4 Red Hat Enterprise Linux 4 2006-12-19T00:00:00 RHSA-2006:0759 seamonkey-0:1.0.7-0.1.el4 Red Hat Enterprise Linux 4 2006-12-19T00:00:00 RHSA-2006:0760 thunderbird-0:1.5.0.9-0.1.el4 https://www.cve.org/CVERecord?id=CVE-2006-6501 https://nvd.nist.gov/vuln/detail/CVE-2006-6501 Critical 2006-12-19T19:00:00 security flaw

Use-after-free vulnerability in the LiveConnect bridge code for Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to cause a denial of service (crash) via unknown vectors.

Red Hat Enterprise Linux 2.1 2006-12-19T00:00:00 RHSA-2006:0759 seamonkey-0:1.0.7-0.1.el2 Red Hat Enterprise Linux 3 2006-12-19T00:00:00 RHSA-2006:0759 seamonkey-0:1.0.7-0.1.el3 Red Hat Enterprise Linux 4 2006-12-19T00:00:00 RHSA-2006:0758 firefox-0:1.5.0.9-0.1.el4 Red Hat Enterprise Linux 4 2006-12-19T00:00:00 RHSA-2006:0759 devhelp-0:0.10-0.6.el4 Red Hat Enterprise Linux 4 2006-12-19T00:00:00 RHSA-2006:0759 seamonkey-0:1.0.7-0.1.el4 Red Hat Enterprise Linux 4 2006-12-19T00:00:00 RHSA-2006:0760 thunderbird-0:1.5.0.9-0.1.el4 https://www.cve.org/CVERecord?id=CVE-2006-6502 https://nvd.nist.gov/vuln/detail/CVE-2006-6502 Moderate 2006-12-19T19:00:00 security flaw

Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to bypass cross-site scripting (XSS) protection by changing the src attribute of an IMG element to a javascript: URI.

Red Hat Enterprise Linux 2.1 2006-12-19T00:00:00 RHSA-2006:0759 seamonkey-0:1.0.7-0.1.el2 Red Hat Enterprise Linux 3 2006-12-19T00:00:00 RHSA-2006:0759 seamonkey-0:1.0.7-0.1.el3 Red Hat Enterprise Linux 4 2006-12-19T00:00:00 RHSA-2006:0758 firefox-0:1.5.0.9-0.1.el4 Red Hat Enterprise Linux 4 2006-12-19T00:00:00 RHSA-2006:0759 devhelp-0:0.10-0.6.el4 Red Hat Enterprise Linux 4 2006-12-19T00:00:00 RHSA-2006:0759 seamonkey-0:1.0.7-0.1.el4 Red Hat Enterprise Linux 4 2006-12-19T00:00:00 RHSA-2006:0760 thunderbird-0:1.5.0.9-0.1.el4 https://www.cve.org/CVERecord?id=CVE-2006-6503 https://nvd.nist.gov/vuln/detail/CVE-2006-6503 Critical 2006-12-19T19:00:00 security flaw

Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to execute arbitrary code by appending an SVG comment DOM node to another type of document, which triggers memory corruption.

Red Hat Enterprise Linux 2.1 2006-12-19T00:00:00 RHSA-2006:0759 seamonkey-0:1.0.7-0.1.el2 Red Hat Enterprise Linux 3 2006-12-19T00:00:00 RHSA-2006:0759 seamonkey-0:1.0.7-0.1.el3 Red Hat Enterprise Linux 4 2006-12-19T00:00:00 RHSA-2006:0758 firefox-0:1.5.0.9-0.1.el4 Red Hat Enterprise Linux 4 2006-12-19T00:00:00 RHSA-2006:0759 devhelp-0:0.10-0.6.el4 Red Hat Enterprise Linux 4 2006-12-19T00:00:00 RHSA-2006:0759 seamonkey-0:1.0.7-0.1.el4 Red Hat Enterprise Linux 4 2006-12-19T00:00:00 RHSA-2006:0760 thunderbird-0:1.5.0.9-0.1.el4 https://www.cve.org/CVERecord?id=CVE-2006-6504 https://nvd.nist.gov/vuln/detail/CVE-2006-6504 Critical 2006-12-19T19:00:00 seamonkey < 1.0.7 multiple vulnerabilities

Multiple heap-based buffer overflows in Mozilla Thunderbird before 1.5.0.9 and SeaMonkey before 1.0.7 allow remote attackers to execute arbitrary code via (1) external message modies with long Content-Type headers or (2) long RFC2047-encoded (MIME non-ASCII) headers.

Red Hat Enterprise Linux 2.1 2006-12-19T00:00:00 RHSA-2006:0759 seamonkey-0:1.0.7-0.1.el2 Red Hat Enterprise Linux 3 2006-12-19T00:00:00 RHSA-2006:0759 seamonkey-0:1.0.7-0.1.el3 Red Hat Enterprise Linux 4 2006-12-19T00:00:00 RHSA-2006:0759 devhelp-0:0.10-0.6.el4 Red Hat Enterprise Linux 4 2006-12-19T00:00:00 RHSA-2006:0759 seamonkey-0:1.0.7-0.1.el4 Red Hat Enterprise Linux 4 2006-12-19T00:00:00 RHSA-2006:0760 thunderbird-0:1.5.0.9-0.1.el4 https://www.cve.org/CVERecord?id=CVE-2006-6505 https://nvd.nist.gov/vuln/detail/CVE-2006-6505 Moderate 2006-12-14T00:00:00 security flaw

The dev_queue_xmit function in Linux kernel 2.6 can fail before calling the local_bh_disable function, which could lead to data corruption and "node lockups." NOTE: it is not clear whether this issue is exploitable.

Red Hat would like to thank Kostantin Khorenko for reporting this issue. Red Hat Enterprise Linux 4 2007-01-30T00:00:00 RHSA-2007:0014 kernel-0:2.6.9-42.0.8.EL https://www.cve.org/CVERecord?id=CVE-2006-6535 https://nvd.nist.gov/vuln/detail/CVE-2006-6535

Integer overflow in OpenOffice.org (OOo) 2.1 allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted DOC file, as demonstrated by the 12122006-djtest.doc file, a variant of CVE-2006-6561 in a separate codebase.

Red Hat does not consider this flaw a security issue. This flaw will only crash OpenOffice.org and presents no possibility for arbitrary code execution. https://www.cve.org/CVERecord?id=CVE-2006-6628 https://nvd.nist.gov/vuln/detail/CVE-2006-6628

The nodeType function in KDE libkhtml 4.2.0 and earlier, as used by Konquerer, KMail, and other programs, allows remote attackers to cause a denial of service (crash) via malformed HTML tags, possibly involving a COL SPAN tag embedded in a RANGE tag.

Not vulnerable. This issue did not affect the versions of KDE as shipped with Red Hat Enterprise Linux 2.1, 3, or 4. https://www.cve.org/CVERecord?id=CVE-2006-6660 https://nvd.nist.gov/vuln/detail/CVE-2006-6660 Low GConfd uses non-unique directory name in /tmp leading to local DoS

The GConf daemon (gconfd) in GConf 2.14.0 creates temporary files under directories with names based on the username, even when GCONF_GLOBAL_LOCKS is not set, which allows local users to cause a denial of service by creating the directories ahead of time, which prevents other users from using Gnome.

The Red Hat Product Security has rated this issue as having low security impact. The risks associated with fixing this bug are greater than the low severity security risk. We therefore currently have no plans to fix this flaw in Red Hat Enterprise Linux 3, 4, or 5. https://www.cve.org/CVERecord?id=CVE-2006-6698 https://nvd.nist.gov/vuln/detail/CVE-2006-6698 Low 2006-12-18T00:00:00 Wget attempts to dereference NULL pointer upon response from malicious FTP server

The ftp_syst function in ftp-basic.c in Free Software Foundation (FSF) GNU wget 1.10.2 allows remote attackers to cause a denial of service (application crash) via a malicious FTP server with a large number of blank 220 responses to the SYST command.

We do not consider a crash of a client application such as wget to be a security issue. This flaw was fixed in wget shipped in Red Hat Enterprise Linux 5 before the initial release of the product. Version of wget shipped in Red Hat Enterprise Linux 3 and 4 are affected by this bug. https://www.cve.org/CVERecord?id=CVE-2006-6719 https://nvd.nist.gov/vuln/detail/CVE-2006-6719 Critical 2007-01-04T00:00:00 security flaw

Multiple buffer overflows in Sun Java Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 7 and earlier, Java System Development Kit (SDK) and JRE 1.4.2_12 and earlier 1.4.x versions, and SDK and JRE 1.3.1_18 and earlier allow attackers to develop Java applets that read, write, or execute local files, possibly related to (1) integer overflows in the Java_sun_awt_image_ImagingLib_convolveBI, awt_parseRaster, and awt_parseColorModel functions; (2) a stack overflow in the Java_sun_awt_image_ImagingLib_lookupByteRaster function; and (3) improper handling of certain negative values in the Java_sun_font_SunLayoutEngine_nativeLayout function. NOTE: some of these details are obtained from third party information.

Extras for RHEL 3 2007-02-07T00:00:00 RHSA-2007:0062 java-1.4.2-ibm-0:1.4.2.7-1jpp.4.el3 Extras for RHEL 4 2007-02-07T00:00:00 RHSA-2007:0062 java-1.4.2-ibm-0:1.4.2.7-1jpp.4.el4 Extras for RHEL 4 2007-02-09T00:00:00 RHSA-2007:0073 java-1.5.0-ibm-1:1.5.0.3-1jpp.3.el4 Red Hat Enterprise Linux 2.1 2007-01-24T00:00:00 RHSA-2007:0072 IBMJava2-JRE-1:1.3.1-12 Red Hat Enterprise Linux 2.1 2007-01-24T00:00:00 RHSA-2007:0072 IBMJava2-SDK-1:1.3.1-11 https://www.cve.org/CVERecord?id=CVE-2006-6731 https://nvd.nist.gov/vuln/detail/CVE-2006-6731 Important 2007-01-04T00:00:00 security flaw

Unspecified vulnerability in Sun Java Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 6 and earlier, Java System Development Kit (SDK) and JRE 1.4.2_12 and earlier 1.4.x versions, and SDK and JRE 1.3.1_18 and earlier allows attackers to use untrusted applets to "access data in other applets," aka "The second issue."

Extras for RHEL 3 2007-02-07T00:00:00 RHSA-2007:0062 java-1.4.2-ibm-0:1.4.2.7-1jpp.4.el3 Extras for RHEL 4 2007-02-07T00:00:00 RHSA-2007:0062 java-1.4.2-ibm-0:1.4.2.7-1jpp.4.el4 Extras for RHEL 4 2007-02-09T00:00:00 RHSA-2007:0073 java-1.5.0-ibm-1:1.5.0.3-1jpp.3.el4 Red Hat Enterprise Linux 2.1 2007-01-24T00:00:00 RHSA-2007:0072 IBMJava2-JRE-1:1.3.1-12 Red Hat Enterprise Linux 2.1 2007-01-24T00:00:00 RHSA-2007:0072 IBMJava2-SDK-1:1.3.1-11 https://www.cve.org/CVERecord?id=CVE-2006-6736 https://nvd.nist.gov/vuln/detail/CVE-2006-6736 Important 2007-01-04T00:00:00 security flaw

Unspecified vulnerability in Sun Java Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 5 and earlier, Java System Development Kit (SDK) and JRE 1.4.2_10 and earlier 1.4.x versions, and SDK and JRE 1.3.1_18 and earlier allows attackers to use untrusted applets to "access data in other applets," aka "The first issue."

Extras for RHEL 3 2007-02-07T00:00:00 RHSA-2007:0062 java-1.4.2-ibm-0:1.4.2.7-1jpp.4.el3 Extras for RHEL 4 2007-02-07T00:00:00 RHSA-2007:0062 java-1.4.2-ibm-0:1.4.2.7-1jpp.4.el4 Extras for RHEL 4 2007-02-09T00:00:00 RHSA-2007:0073 java-1.5.0-ibm-1:1.5.0.3-1jpp.3.el4 Red Hat Enterprise Linux 2.1 2007-01-24T00:00:00 RHSA-2007:0072 IBMJava2-JRE-1:1.3.1-12 Red Hat Enterprise Linux 2.1 2007-01-24T00:00:00 RHSA-2007:0072 IBMJava2-SDK-1:1.3.1-11 https://www.cve.org/CVERecord?id=CVE-2006-6737 https://nvd.nist.gov/vuln/detail/CVE-2006-6737 Critical 2007-01-04T00:00:00 security flaw

Multiple unspecified vulnerabilities in Sun Java Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 7 and earlier, and Java System Development Kit (SDK) and JRE 1.4.2_12 and earlier 1.4.x versions, allow attackers to develop Java applets or applications that are able to gain privileges, related to serialization in JRE.

Extras for RHEL 3 2007-02-07T00:00:00 RHSA-2007:0062 java-1.4.2-ibm-0:1.4.2.7-1jpp.4.el3 Extras for RHEL 4 2007-02-07T00:00:00 RHSA-2007:0062 java-1.4.2-ibm-0:1.4.2.7-1jpp.4.el4 Extras for RHEL 4 2007-02-09T00:00:00 RHSA-2007:0073 java-1.5.0-ibm-1:1.5.0.3-1jpp.3.el4 https://www.cve.org/CVERecord?id=CVE-2006-6745 https://nvd.nist.gov/vuln/detail/CVE-2006-6745 2006-12-25T00:00:00 CVE-2006-6772 w3m is vulnerable to format string attack via CN field of SSL/TLS certificate when infoked with -dump/-backend

Format string vulnerability in the inputAnswer function in file.c in w3m before 0.5.2, when run with the dump or backend option, allows remote attackers to execute arbitrary code via format string specifiers in the Common Name (CN) field of an SSL certificate associated with an https URL.

Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. https://www.cve.org/CVERecord?id=CVE-2006-6772 https://nvd.nist.gov/vuln/detail/CVE-2006-6772

KsIRC 1.3.12 allows remote attackers to cause a denial of service (crash) via a long PRIVMSG string when connecting to an Internet Relay Chat (IRC) server, which causes an assertion failure and results in a NULL pointer dereference. NOTE: this issue was originally reported as a buffer overflow.

We do not consider a crash of a client application such as KsIRC to be a security issue. https://www.cve.org/CVERecord?id=CVE-2006-6811 https://nvd.nist.gov/vuln/detail/CVE-2006-6811 Moderate 2006-12-28T00:00:00 security flaw

hidd in BlueZ (bluez-utils) before 2.25 allows remote attackers to obtain control of the (1) Mouse and (2) Keyboard Human Interface Device (HID) via a certain configuration of two HID (PSM) endpoints, operating as a server, aka HidAttack.

Red Hat Enterprise Linux 4 2007-05-14T00:00:00 RHSA-2007:0065 bluez-utils-0:2.10-2.2 https://www.cve.org/CVERecord?id=CVE-2006-6899 https://nvd.nist.gov/vuln/detail/CVE-2006-6899 Moderate 2006-12-19T00:00:00 kernel: denial of service with wedged processes

Unspecified versions of the Linux kernel allow local users to cause a denial of service (unrecoverable zombie process) via a program with certain instructions that prevent init from properly reaping a child whose parent has died.

This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 2.1 or 3. Red Hat Enterprise Linux 4 2007-11-01T00:00:00 RHSA-2007:0939 kernel-0:2.6.9-55.0.12.EL Red Hat Enterprise Linux 5 2008-03-05T00:00:00 RHSA-2008:0154 kernel-0:2.6.18-53.1.14.el5 https://www.cve.org/CVERecord?id=CVE-2006-6921 https://nvd.nist.gov/vuln/detail/CVE-2006-6921 Low 2007-11-11T00:00:00 CVE-2006-6939 Insecure use of temporary file in ed

GNU ed before 0.3 allows local users to overwrite arbitrary files via a symlink attack on temporary files, possibly in the open_sbuf function.

Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=223072 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. https://www.cve.org/CVERecord?id=CVE-2006-6939 https://nvd.nist.gov/vuln/detail/CVE-2006-6939 Low 2006-11-22T00:00:00 jetty: session identifiers session hijacking 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N CWE-340

Jetty before 4.2.27, 5.1 before 5.1.12, 6.0 before 6.0.2, and 6.1 before 6.1.0pre3 generates predictable session identifiers using java.util.random, which makes it easier for remote attackers to guess a session identifier through brute force attacks, bypass authentication requirements, and possibly conduct cross-site request forgery attacks.

A flaw was found in Jetty that could allow a remote attacker to hijack a valid user's session due to a vulnerability in the "java.util.Random" class. When predictable naming patterns are used for session identifiers in Jetty, a remote attacker could hijack a victim's session and gain unauthorized access to the application.

Red Hat Enterprise Linux 7 Not affected jetty https://www.cve.org/CVERecord?id=CVE-2006-6969 https://nvd.nist.gov/vuln/detail/CVE-2006-6969 https://www.eclipse.org/jetty/security_reports.php

The sys_timer_create function in posix-timers.c for Linux kernel 2.6.x allows local users to cause a denial of service (memory consumption) and possibly bypass memory limits or cause other processes to be killed by creating a large number of posix timers, which are allocated in kernel memory but are not treated as part of the process' memory.

This issue can only be exploited if pending signals (ulimit -i) is set to "unlimited". In case of Red Hat Enterprise Linux version 2.1, 3 and 4 this is not the case and therefore they are not vulnerable to this issue. https://www.cve.org/CVERecord?id=CVE-2006-7051 https://nvd.nist.gov/vuln/detail/CVE-2006-7051

The Debian GNU/Linux 033_-F_NO_SETSID patch for the Apache HTTP Server 1.3.34-4 does not properly disassociate httpd from a controlling tty when httpd is started interactively, which allows local users to gain privileges to that tty via a CGI program that calls the TIOCSTI ioctl.

Not vulnerable. This issue was specific to a Debian patch to Apache HTTP Server. https://www.cve.org/CVERecord?id=CVE-2006-7098 https://nvd.nist.gov/vuln/detail/CVE-2006-7098 Low 2006-01-09T00:00:00 security flaw

login in util-linux-2.12a skips pam_acct_mgmt and chauth_tok when authentication is skipped, such as when a Kerberos krlogin session has been established, which might allow users to bypass intended access policies that would be enforced by pam_acct_mgmt and chauth_tok.

Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. This flaw has been rated as having a low severity by the Red Hat Security Response Team. More information about this rating can be found here: http://www.redhat.com/security/updates/classification/ This flaw is currently being tracked via the following bugs: https://bugzilla.redhat.com/show_bug.cgi?id=231449 https://bugzilla.redhat.com/show_bug.cgi?id=231448 The risks associated with fixing this bug are greater than the low severity security risk. We therefore currently have no plans to fix this flaw in Red Hat Enterprise Linux 2.1 and 3 which are in maintenance mode. Red Hat Enterprise Linux 4 2007-05-01T00:00:00 RHSA-2007:0235 util-linux-0:2.12a-16.EL4.25 https://www.cve.org/CVERecord?id=CVE-2006-7108 https://nvd.nist.gov/vuln/detail/CVE-2006-7108

Kmail 1.9.1 on KDE 3.5.2, with "Prefer HTML to Plain Text" enabled, allows remote attackers to cause a denial of service (crash) via an HTML e-mail with certain table and frameset tags that trigger a segmentation fault, possibly involving invalid free or delete operations.

Not vulnerable. Our testing found that this issue did not affect the versions of Kmail as shipped with Red Hat Enterprise Linux 2.1, 3, or 4. https://www.cve.org/CVERecord?id=CVE-2006-7139 https://nvd.nist.gov/vuln/detail/CVE-2006-7139 Sendmail allows SSLv2 during STARTTLS, and the CipherList config option isn't supported so you can't turn it off

The version of Sendmail 8.13.1-2 on Red Hat Enterprise Linux 4 Update 4 and earlier does not allow the administrator to disable SSLv2 encryption, which could cause less secure channels to be used than desired.

** DISPUTED ** Sendmail classes the CipherList directive as "for future release"; currently unsupported and undocumented. Therefore the lack of support for the CipherList directive in various Red Hat products is not a vulnerability. https://www.cve.org/CVERecord?id=CVE-2006-7175 https://nvd.nist.gov/vuln/detail/CVE-2006-7175 Low 2005-10-26T00:00:00 sendmail allows external mail with from address xxx@localhost.localdomain

The version of Sendmail 8.13.1-2 on Red Hat Enterprise Linux 4 Update 4 and earlier does not reject the "localhost.localdomain" domain name for e-mail messages that come from external hosts, which might allow remote attackers to spoof messages.

Red Hat Enterprise Linux 4 2007-05-01T00:00:00 RHSA-2007:0252 sendmail-0:8.13.1-3.2.el4 Red Hat Enterprise Linux 5 2010-03-29T00:00:00 RHSA-2010:0237 sendmail-0:8.13.8-8.el5 https://www.cve.org/CVERecord?id=CVE-2006-7176 https://nvd.nist.gov/vuln/detail/CVE-2006-7176

MadWifi, when Ad-Hoc mode is used, allows remote attackers to cause a denial of service (system crash) via unspecified vectors that lead to a kernel panic in the ieee80211_input function, related to "packets coming from a 'malicious' WinXP system."

Not vulnerable. The MadWiFi wireless driver is not shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5. https://www.cve.org/CVERecord?id=CVE-2006-7177 https://nvd.nist.gov/vuln/detail/CVE-2006-7177

MadWifi before 0.9.3 does not properly handle reception of an AUTH frame by an IBSS node, which allows remote attackers to cause a denial of service (system crash) via a certain AUTH frame.

Not vulnerable. The MadWiFi wireless driver is not shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5. https://www.cve.org/CVERecord?id=CVE-2006-7178 https://nvd.nist.gov/vuln/detail/CVE-2006-7178

ieee80211_input.c in MadWifi before 0.9.3 does not properly process Channel Switch Announcement Information Elements (CSA IEs), which allows remote attackers to cause a denial of service (loss of communication) via a Channel Switch Count less than or equal to one, triggering a channel change.

Not vulnerable. The MadWiFi wireless driver is not shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5. https://www.cve.org/CVERecord?id=CVE-2006-7179 https://nvd.nist.gov/vuln/detail/CVE-2006-7179

ieee80211_output.c in MadWifi before 0.9.3 sends unencrypted packets before WPA authentication succeeds, which allows remote attackers to obtain sensitive information (related to network structure), and possibly cause a denial of service (disrupted authentication) and conduct spoofing attacks.

Not vulnerable. The MadWiFi wireless driver is not shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5. https://www.cve.org/CVERecord?id=CVE-2006-7180 https://nvd.nist.gov/vuln/detail/CVE-2006-7180 Moderate 2007-04-19T00:00:00 tomcat XSS in example webapps CWE-79

Cross-site scripting (XSS) vulnerability in implicit-objects.jsp in Apache Tomcat 5.0.0 through 5.0.30 and 5.5.0 through 5.5.17 allows remote attackers to inject arbitrary web script or HTML via certain header values.

Red Hat Developer Suite V.3 2007-05-24T00:00:00 RHSA-2007:0328 jakarta-commons-modeler-0:2.0-3jpp_3rh Red Hat Developer Suite V.3 2007-05-24T00:00:00 RHSA-2007:0328 tomcat5-0:5.5.23-0jpp_6rh Red Hat Enterprise Linux 5 2007-05-14T00:00:00 RHSA-2007:0327 jakarta-commons-modeler-0:1.1-8jpp.1.0.2.el5 Red Hat Enterprise Linux 5 2007-05-14T00:00:00 RHSA-2007:0327 tomcat5-0:5.5.23-0jpp.1.0.3.el5 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 jabberd-0:2.0s10-3.38.rhn Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 jfreechart-0:0.9.20-3.rhn Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 openmotif21-0:2.1.30-11.RHEL4.6 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 perl-Crypt-CBC-0:2.24-1.el4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 rhn-apache-0:1.3.27-36.rhn.rhel4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 rhn-modjk-0:1.2.23-2rhn.rhel4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 rhn-modperl-0:1.29-16.rhel4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 rhn-modssl-0:2.8.12-8.rhn.10.rhel4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 tomcat5-0:5.0.30-0jpp_10rh Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 jabberd-0:2.0s10-3.37.rhn Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 jfreechart-0:0.9.20-3.rhn Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 openmotif21-0:2.1.30-9.RHEL3.8 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 perl-Crypt-CBC-0:2.24-1.el3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 rhn-apache-0:1.3.27-36.rhn.rhel3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 rhn-modjk-0:1.2.23-2rhn.rhel3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 rhn-modperl-0:1.29-16.rhel3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 rhn-modssl-0:2.8.12-8.rhn.10.rhel3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 tomcat5-0:5.0.30-0jpp_10rh Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 jabberd-0:2.0s10-3.38.rhn Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 jfreechart-0:0.9.20-3.rhn Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 openmotif21-0:2.1.30-11.RHEL4.6 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 perl-Crypt-CBC-0:2.24-1.el4 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 rhn-apache-0:1.3.27-36.rhn.rhel4 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 rhn-modjk-0:1.2.23-2rhn.rhel4 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 rhn-modperl-0:1.29-16.rhel4 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 rhn-modssl-0:2.8.12-8.rhn.10.rhel4 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 tomcat5-0:5.0.30-0jpp_10rh RHAPS Version 1 for RHEL 3 2007-05-08T00:00:00 RHSA-2007:0340 tomcat5-0:5.0.30-0jpp_5rh RHAPS Version 2 for RHEL 4 2007-05-21T00:00:00 RHSA-2007:0326 jakarta-commons-modeler-0:2.0-3jpp_2rh RHAPS Version 2 for RHEL 4 2007-05-21T00:00:00 RHSA-2007:0326 tomcat5-0:5.5.23-0jpp_4rh.3 https://www.cve.org/CVERecord?id=CVE-2006-7195 https://nvd.nist.gov/vuln/detail/CVE-2006-7195 Moderate 2007-04-26T00:00:00 tomcat XSS in example webapps CWE-79

Cross-site scripting (XSS) vulnerability in the calendar application example in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.15 allows remote attackers to inject arbitrary web script or HTML via the time parameter to cal2.jsp and possibly unspecified other vectors. NOTE: this may be related to CVE-2006-0254.1.

Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 jabberd-0:2.0s10-3.38.rhn Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 jfreechart-0:0.9.20-3.rhn Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 openmotif21-0:2.1.30-11.RHEL4.6 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 perl-Crypt-CBC-0:2.24-1.el4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 rhn-apache-0:1.3.27-36.rhn.rhel4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 rhn-modjk-0:1.2.23-2rhn.rhel4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 rhn-modperl-0:1.29-16.rhel4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 rhn-modssl-0:2.8.12-8.rhn.10.rhel4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 tomcat5-0:5.0.30-0jpp_10rh Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 jabberd-0:2.0s10-3.37.rhn Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 jfreechart-0:0.9.20-3.rhn Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 openmotif21-0:2.1.30-9.RHEL3.8 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 perl-Crypt-CBC-0:2.24-1.el3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 rhn-apache-0:1.3.27-36.rhn.rhel3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 rhn-modjk-0:1.2.23-2rhn.rhel3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 rhn-modperl-0:1.29-16.rhel3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 rhn-modssl-0:2.8.12-8.rhn.10.rhel3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 tomcat5-0:5.0.30-0jpp_10rh Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 jabberd-0:2.0s10-3.38.rhn Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 jfreechart-0:0.9.20-3.rhn Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 openmotif21-0:2.1.30-11.RHEL4.6 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 perl-Crypt-CBC-0:2.24-1.el4 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 rhn-apache-0:1.3.27-36.rhn.rhel4 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 rhn-modjk-0:1.2.23-2rhn.rhel4 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 rhn-modperl-0:1.29-16.rhel4 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 rhn-modssl-0:2.8.12-8.rhn.10.rhel4 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 tomcat5-0:5.0.30-0jpp_10rh RHAPS Version 1 for RHEL 3 2007-05-08T00:00:00 RHSA-2007:0340 tomcat5-0:5.0.30-0jpp_5rh RHAPS Version 2 for RHEL 4 2007-05-21T00:00:00 RHSA-2007:0326 jakarta-commons-modeler-0:2.0-3jpp_2rh RHAPS Version 2 for RHEL 4 2007-05-21T00:00:00 RHSA-2007:0326 tomcat5-0:5.5.23-0jpp_4rh.3 https://www.cve.org/CVERecord?id=CVE-2006-7196 https://nvd.nist.gov/vuln/detail/CVE-2006-7196 Important 2006-03-05T00:00:00 mod_jk chunk too long

The AJP connector in Apache Tomcat 5.5.15 uses an incorrect length for chunks, which can cause a buffer over-read in the ajp_process_callback in mod_jk, which allows remote attackers to read portions of sensitive memory.

Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 jabberd-0:2.0s10-3.38.rhn Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 jfreechart-0:0.9.20-3.rhn Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 openmotif21-0:2.1.30-11.RHEL4.6 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 perl-Crypt-CBC-0:2.24-1.el4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 rhn-apache-0:1.3.27-36.rhn.rhel4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 rhn-modjk-0:1.2.23-2rhn.rhel4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 rhn-modperl-0:1.29-16.rhel4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 rhn-modssl-0:2.8.12-8.rhn.10.rhel4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 tomcat5-0:5.0.30-0jpp_10rh Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 jabberd-0:2.0s10-3.37.rhn Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 jfreechart-0:0.9.20-3.rhn Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 openmotif21-0:2.1.30-9.RHEL3.8 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 perl-Crypt-CBC-0:2.24-1.el3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 rhn-apache-0:1.3.27-36.rhn.rhel3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 rhn-modjk-0:1.2.23-2rhn.rhel3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 rhn-modperl-0:1.29-16.rhel3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 rhn-modssl-0:2.8.12-8.rhn.10.rhel3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 tomcat5-0:5.0.30-0jpp_10rh Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 jabberd-0:2.0s10-3.38.rhn Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 jfreechart-0:0.9.20-3.rhn Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 openmotif21-0:2.1.30-11.RHEL4.6 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 perl-Crypt-CBC-0:2.24-1.el4 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 rhn-apache-0:1.3.27-36.rhn.rhel4 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 rhn-modjk-0:1.2.23-2rhn.rhel4 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 rhn-modperl-0:1.29-16.rhel4 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 rhn-modssl-0:2.8.12-8.rhn.10.rhel4 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 tomcat5-0:5.0.30-0jpp_10rh https://www.cve.org/CVERecord?id=CVE-2006-7197 https://nvd.nist.gov/vuln/detail/CVE-2006-7197 Important 2007-05-15T00:00:00 oops in compat_sys_mount() when data pointer is NULL

The compat_sys_mount function in fs/compat.c in Linux kernel 2.6.20 and earlier allows local users to cause a denial of service (NULL pointer dereference and oops) by mounting a smbfs file system in compatibility mode ("mount -t smbfs").

Red Hat would like to thank SWsoft Virtuozzo/OpenVZ Linux kernel team for reporting this issue. Red Hat Enterprise Linux 4 2007-06-25T00:00:00 RHSA-2007:0488 kernel-0:2.6.9-55.0.2.EL Red Hat Enterprise Linux 5 2007-06-14T00:00:00 RHSA-2007:0376 kernel-0:2.6.18-8.1.6.el5 https://www.cve.org/CVERecord?id=CVE-2006-7203 https://nvd.nist.gov/vuln/detail/CVE-2006-7203

The imap_body function in PHP before 4.4.4 does not implement safemode or open_basedir checks, which allows local users to read arbitrary files or list arbitrary directory contents.

We do not consider these to be security issues. For more details see http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1 and http://www.php.net/security-note.php https://www.cve.org/CVERecord?id=CVE-2006-7204 https://nvd.nist.gov/vuln/detail/CVE-2006-7204 php array_fill memory consumption

The array_fill function in ext/standard/array.c in PHP 4.4.2 and 5.1.2 allows context-dependent attackers to cause a denial of service (memory consumption) via a large num value.

The memory_limit configuration option is used to constrain the amount of memory which a script can consume during execution. If this setting is disabled (or set unreasonably high), it is expected behaviour that scripts will be able to consume large amounts of memory during script execution. The memory_limit setting is enabled by default in all versions of PHP distributed in Red Hat Enterprise Linux and Application Stack. https://www.cve.org/CVERecord?id=CVE-2006-7205 https://nvd.nist.gov/vuln/detail/CVE-2006-7205 2006-02-13T00:00:00 fsplib single zero byte overflow

Multiple off-by-one errors in fsplib.c in fsplib before 0.8 allow attackers to cause a denial of service via unspecified vectors involving the (1) name and (2) d_name entry attributes.

Red Hat does not consider a user assisted client crash such as this to be a security flaw. https://www.cve.org/CVERecord?id=CVE-2006-7221 https://nvd.nist.gov/vuln/detail/CVE-2006-7221 Important 2007-11-07T00:00:00 pcre multiple integer overflows CWE-190

No description is available for this CVE.

https://www.cve.org/CVERecord?id=CVE-2006-7224 https://nvd.nist.gov/vuln/detail/CVE-2006-7224 Important 2007-11-13T00:00:00 pcre miscalculation of memory requirements for malformed Posix character class

Perl-Compatible Regular Expression (PCRE) library before 6.7 allows context-dependent attackers to cause a denial of service (error or crash) via a regular expression that involves a "malformed POSIX character class", as demonstrated via an invalid character after a [[ sequence.

Red Hat would like to thank Ludwig Nussel for reporting this issue. Red Hat Enterprise Linux 4 2007-11-29T00:00:00 RHSA-2007:1068 pcre-0:4.5-4.el4_6.6 Red Hat Enterprise Linux 5 2007-11-29T00:00:00 RHSA-2007:1059 pcre-0:6.6-2.el5_1.7 https://www.cve.org/CVERecord?id=CVE-2006-7225 https://nvd.nist.gov/vuln/detail/CVE-2006-7225 Important 2007-11-13T00:00:00 pcre miscalculation of memory requirements for repeated subpattern containing a named recursion or subroutine reference

Perl-Compatible Regular Expression (PCRE) library before 6.7 does not properly calculate the compiled memory allocation for regular expressions that involve a quantified "subpattern containing a named recursion or subroutine reference," which allows context-dependent attackers to cause a denial of service (error or crash).

Red Hat would like to thank Ludwig Nussel for reporting this issue. Red Hat Enterprise Linux 4 2007-11-29T00:00:00 RHSA-2007:1068 pcre-0:4.5-4.el4_6.6 Red Hat Enterprise Linux 5 2007-11-29T00:00:00 RHSA-2007:1059 pcre-0:6.6-2.el5_1.7 https://www.cve.org/CVERecord?id=CVE-2006-7226 https://nvd.nist.gov/vuln/detail/CVE-2006-7226 Important 2007-11-07T00:00:00 pcre integer overflow CWE-190

Integer overflow in Perl-Compatible Regular Expression (PCRE) library before 6.7 allows context-dependent attackers to execute arbitrary code via a regular expression containing a large number of named subpatterns (name_count) or long subpattern names (max_name_size), which triggers a buffer overflow. NOTE: this issue was originally subsumed by CVE-2006-7224, but that CVE has been REJECTED and split.

Red Hat Enterprise Linux 4 2007-11-10T00:00:00 RHSA-2007:1052 pcre-0:4.5-4.el4_5.4 Red Hat Enterprise Linux 5 2007-11-10T00:00:00 RHSA-2007:1052 pcre-0:6.6-2.el5_1.1 https://www.cve.org/CVERecord?id=CVE-2006-7227 https://nvd.nist.gov/vuln/detail/CVE-2006-7227 Important 2007-11-07T00:00:00 pcre integer overflow CWE-190

Integer overflow in Perl-Compatible Regular Expression (PCRE) library before 6.7 might allow context-dependent attackers to execute arbitrary code via a regular expression that involves large (1) min, (2) max, or (3) duplength values that cause an incorrect length calculation and trigger a buffer overflow, a different vulnerability than CVE-2006-7227. NOTE: this issue was originally subsumed by CVE-2006-7224, but that CVE has been REJECTED and split.

Red Hat Enterprise Linux 2.1 2007-11-29T00:00:00 RHSA-2007:1065 pcre-0:3.4-2.4 Red Hat Enterprise Linux 2.1 2007-12-10T00:00:00 RHSA-2007:1077 python-0:1.5.2-43.72.2 Red Hat Enterprise Linux 2.1 2008-07-16T00:00:00 RHSA-2008:0546 php-0:4.1.2-2.20 Red Hat Enterprise Linux 3 2007-11-29T00:00:00 RHSA-2007:1063 pcre-0:3.9-10.4 Red Hat Enterprise Linux 3 2007-12-10T00:00:00 RHSA-2007:1076 python-0:2.2.3-6.8 Red Hat Enterprise Linux 4 2007-11-29T00:00:00 RHSA-2007:1068 pcre-0:4.5-4.el4_6.6 Red Hat Enterprise Linux 4 2007-12-10T00:00:00 RHSA-2007:1076 python-0:2.3.4-14.4.el4_6.1 Red Hat Enterprise Linux 5 2007-11-29T00:00:00 RHSA-2007:1059 pcre-0:6.6-2.el5_1.7 https://www.cve.org/CVERecord?id=CVE-2006-7228 https://nvd.nist.gov/vuln/detail/CVE-2006-7228 Important 2007-11-20T00:00:00 pcre miscalculation of memory requirements if options are changed during pattern compilation

Perl-Compatible Regular Expression (PCRE) library before 7.0 does not properly calculate the amount of memory needed for a compiled regular expression pattern when the (1) -x or (2) -i UTF-8 options change within the pattern, which allows context-dependent attackers to cause a denial of service (PCRE or glibc crash) via crafted regular expressions.

Red Hat would like to thank Ludwig Nussel for reporting this issue. Red Hat Enterprise Linux 4 2007-11-29T00:00:00 RHSA-2007:1068 pcre-0:4.5-4.el4_6.6 Red Hat Enterprise Linux 5 2007-11-29T00:00:00 RHSA-2007:1059 pcre-0:6.6-2.el5_1.7 https://www.cve.org/CVERecord?id=CVE-2006-7230 https://nvd.nist.gov/vuln/detail/CVE-2006-7230 Low 2006-09-16T00:00:00 mysql: daemon crash via EXPLAIN on queries on information schema

sql_select.cc in MySQL 5.0.x before 5.0.32 and 5.1.x before 5.1.14 allows remote authenticated users to cause a denial of service (crash) via an EXPLAIN SELECT FROM on the INFORMATION_SCHEMA table, as originally demonstrated using ORDER BY.

This issue did not affect the MySQL packages as shipped in Red Hat Enterprise Linux 2.1, 3, and 4 as they did not support INFORMATION_SCHEMA, introduced in MySQL version 5. The MySQL packages as shipped in Red Hat Application Stack v1 and v2 are based on upstream version which has the fix included. Red Hat Enterprise Linux 5 2008-05-20T00:00:00 RHSA-2008:0364 mysql-0:5.0.45-7.el5 https://www.cve.org/CVERecord?id=CVE-2006-7232 https://nvd.nist.gov/vuln/detail/CVE-2006-7232 Low 2006-10-03T00:00:00 lynx: .mailcap and .mime.types files read from CWD 4.4 AV:L/AC:M/Au:N/C:P/I:P/A:P

Untrusted search path vulnerability in Lynx before 2.8.6rel.4 allows local users to execute arbitrary code via malicious (1) .mailcap and (2) mime.types files in the current working directory.

Red Hat Enterprise Linux 2.1 2008-10-27T00:00:00 RHSA-2008:0965 lynx-0:2.8.4-18.1.3 Red Hat Enterprise Linux 3 2008-10-27T00:00:00 RHSA-2008:0965 lynx-0:2.8.5-11.3 Red Hat Enterprise Linux 4 2008-10-27T00:00:00 RHSA-2008:0965 lynx-0:2.8.5-18.2.el4_7.1 Red Hat Enterprise Linux 5 2008-10-27T00:00:00 RHSA-2008:0965 lynx-0:2.8.5-28.1.el5_2.1 https://www.cve.org/CVERecord?id=CVE-2006-7234 https://nvd.nist.gov/vuln/detail/CVE-2006-7234

The default configuration of xterm on Debian GNU/Linux sid and possibly Ubuntu enables the allowWindowOps resource, which allows user-assisted attackers to execute arbitrary code or have unspecified other impact via escape sequences.

Not vulnerable. This issue did not affect the versions of the xterm package, as shipped with Red Hat Enterprise Linux 3, 4, and 5, and the version of the XFree86 (providing xterm) and hanterm-xf packages, as shipped with Red Hat Enterprise Linux 2.1. https://www.cve.org/CVERecord?id=CVE-2006-7236 https://nvd.nist.gov/vuln/detail/CVE-2006-7236 Low 2006-08-12T00:00:00 gnutls: unknown hash algorithm NULL pointer derefence [GNUTLS-SA-2006-2] 3.5 AV:N/AC:M/Au:S/C:N/I:N/A:P CWE-476

The _gnutls_x509_oid2mac_algorithm function in lib/gnutls_algorithms.c in GnuTLS before 1.4.2 allows remote attackers to cause a denial of service (crash) via a crafted X.509 certificate that uses a hash algorithm that is not supported by GnuTLS, which triggers a NULL pointer dereference.

This issue was addressed in Red Hat Enterprise Linux 5 via RHBA-2012:0319: https://rhn.redhat.com/errata/RHBA-2012-0319.html It did not affect versions of gnutls as shipped with Red Hat Enterprise Linux 4 and 6. Red Hat Enterprise Linux 5 2012-02-21T00:00:00 RHBA-2012:0319 gnutls-0:1.4.1-7.el5_8.1 Red Hat Enterprise Linux 4 Not affected gnutls Red Hat Enterprise Linux 6 Not affected gnutls https://www.cve.org/CVERecord?id=CVE-2006-7239 https://nvd.nist.gov/vuln/detail/CVE-2006-7239 Low 2006-04-29T00:00:00 gnome-power-manager: Screen not locked on resume from hibernate / suspend 4.6 AV:L/AC:L/Au:N/C:P/I:P/A:P

gnome-power-manager 2.14.0 does not properly implement the lock_on_suspend and lock_on_hibernate settings for locking the screen when the suspend or hibernate button is pressed, which might make it easier for physically proximate attackers to access an unattended laptop via a resume action, a related issue to CVE-2010-2532.

Red Hat Enterprise Linux 5 Affected gnome-power-manager https://www.cve.org/CVERecord?id=CVE-2006-7240 https://nvd.nist.gov/vuln/detail/CVE-2006-7240 Moderate 2006-12-18T00:00:00 php: paths with NULL character were considered valid 4.0 AV:N/AC:H/Au:N/C:P/I:P/A:N CWE-626

PHP before 5.3.4 accepts the \0 character in a pathname, which might allow context-dependent attackers to bypass intended access restrictions by placing a safe file extension after this character, as demonstrated by .php\0.jpg at the end of the argument to the file_exists function.

Red Hat Enterprise Linux 5 2013-09-30T00:00:00 RHSA-2013:1307 php53-0:5.3.3-21.el5 Red Hat Enterprise Linux 5 2014-03-18T00:00:00 RHSA-2014:0311 php-0:5.1.6-44.el5_10 Red Hat Enterprise Linux 6 2013-11-20T00:00:00 RHSA-2013:1615 php-0:5.3.3-26.el6 Red Hat Enterprise Linux 4 Will not fix php https://www.cve.org/CVERecord?id=CVE-2006-7243 https://nvd.nist.gov/vuln/detail/CVE-2006-7243 Low 2009-08-01T00:00:00 libpng: Memory leak by write of iCCP chunk with negative embedded profile length (CVE-2006-7244, CVE-2009-5063) 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P CWE-401

Memory leak in pngwutil.c in libpng 1.2.13beta1, and other versions before 1.2.15beta3, allows context-dependent attackers to cause a denial of service (memory leak or segmentation fault) via a JPEG image containing an iCCP chunk with a negative embedded profile length.

These flaws do not affect any version of libpng shipped with Red Hat Enterprise Linux. Red Hat Enterprise Linux 4 Not affected libpng10 Red Hat Enterprise Linux 5 Not affected libpng Red Hat Enterprise Linux 6 Not affected libpng https://www.cve.org/CVERecord?id=CVE-2006-7244 https://nvd.nist.gov/vuln/detail/CVE-2006-7244 Moderate 2006-05-10T00:00:00 (WPA-Enterprise): Verify that the certificate is from trusted CA and matches the specified subject 4.0 AV:N/AC:H/Au:N/C:P/I:P/A:N

NetworkManager 0.9.x does not pin a certificate's subject to an ESSID when 802.11X authentication is used.

Red Hat Enterprise Linux 4 Not affected NetworkManager Red Hat Enterprise Linux 4 Under investigation wpa_supplicant Red Hat Enterprise Linux 5 Affected NetworkManager Red Hat Enterprise Linux 5 Affected wpa_supplicant Red Hat Enterprise Linux 6 Affected NetworkManager Red Hat Enterprise Linux 6 Affected wpa_supplicant https://www.cve.org/CVERecord?id=CVE-2006-7246 https://nvd.nist.gov/vuln/detail/CVE-2006-7246 Moderate 2006-08-29T00:00:00 openssl: mime_hdr_cmp NULL dereference crash 5.0 AV:N/AC:L/Au:N/C:N/I:N/A:P CWE-476

No description is available for this CVE.

This issue was corrected in Red Hat Enterprise Linux 5 via RHSA-2009:1335. It did not affect openssl packages shipped with Red Hat Enterprise Linux 6. Red Hat Enterprise Linux 4 Will not fix openssl Red Hat Enterprise Linux 4 Will not fix openssl096b Red Hat Enterprise Linux 5 Affected openssl Red Hat Enterprise Linux 5 Will not fix openssl097a Red Hat Enterprise Linux 6 Not affected openssl Red Hat Enterprise Linux 6 Not affected openssl098e Red Hat JBoss Enterprise Web Server 1 Not affected openssl https://www.cve.org/CVERecord?id=CVE-2006-7248 https://nvd.nist.gov/vuln/detail/CVE-2006-7248 Moderate 2006-08-29T00:00:00 openssl: mime_hdr_cmp NULL dereference crash 5.0 AV:N/AC:L/Au:N/C:N/I:N/A:P CWE-476

The mime_hdr_cmp function in crypto/asn1/asn_mime.c in OpenSSL 0.9.8t and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted S/MIME message.

This issue was corrected in Red Hat Enterprise Linux 5 via RHSA-2009:1335. It did not affect openssl packages shipped with Red Hat Enterprise Linux 6. Red Hat Enterprise Linux 5 2009-09-02T00:00:00 RHSA-2009:1335 openssl-0:0.9.8e-12.el5 Red Hat Enterprise Linux 4 Will not fix openssl Red Hat Enterprise Linux 4 Will not fix openssl096b Red Hat Enterprise Linux 5 Will not fix openssl097a Red Hat Enterprise Linux 6 Not affected openssl Red Hat Enterprise Linux 6 Not affected openssl098e Red Hat JBoss Enterprise Web Server 1 Not affected openssl https://www.cve.org/CVERecord?id=CVE-2006-7250 https://nvd.nist.gov/vuln/detail/CVE-2006-7250 Moderate 2006-03-31T00:00:00 glibc: Not closing unhadleable client sockets due to nscd daemon leads to DoS. 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CWE-400

The nscd daemon in the GNU C Library (glibc) before version 2.5 does not close incoming client sockets if they cannot be handled by the daemon, allowing local users to carry out a denial of service attack on the daemon.

Red Hat Enterprise Linux 5 Not affected glibc Red Hat Enterprise Linux 6 Not affected glibc Red Hat Enterprise Linux 7 Not affected glibc Red Hat Enterprise Linux 8 Not affected glibc https://www.cve.org/CVERecord?id=CVE-2006-7254 https://nvd.nist.gov/vuln/detail/CVE-2006-7254 https://sourceware.org/bugzilla/show_bug.cgi?id=2498 Moderate 2026-03-19T11:03:46 perl-xml-parser: XML::Parser for Perl: Heap corruption and denial of service from crafted XML input 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CWE-131

XML::Parser versions through 2.45 for Perl could overflow the pre-allocated buffer size cause a heap corruption (double free or corruption) and crashes. A :utf8 PerlIO layer, parse_stream() in Expat.xs could overflow the XML input buffer because Perl's read() returns decoded characters while SvPV() gives back multi-byte UTF-8 bytes that can exceed the pre-allocated buffer size. This can cause heap corruption (double free or corruption) and crashes.

A flaw was found in XML::Parser for Perl. This vulnerability allows an attacker to cause a heap corruption, which can lead to a denial of service (DoS) by crashing the application. The issue occurs when the software processes specially crafted XML input, causing an internal buffer to overflow. This overflow can corrupt memory, leading to instability and application termination.

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability. Red Hat Enterprise Linux 10 2026-04-13T00:00:00 RHSA-2026:7680 perl-XML-Parser-0:2.47-6.1.el10_1 Red Hat Enterprise Linux 8 2026-04-13T00:00:00 RHSA-2026:7681 perl-XML-Parser-0:2.44-12.el8_10 Red Hat Enterprise Linux 9 2026-04-13T00:00:00 RHSA-2026:7679 perl-XML-Parser-0:2.46-9.1.el9_7 Red Hat Enterprise Linux 6 Affected perl-XML-Parser Red Hat Enterprise Linux 7 Affected perl-XML-Parser https://www.cve.org/CVERecord?id=CVE-2006-10002 https://nvd.nist.gov/vuln/detail/CVE-2006-10002 https://github.com/cpan-authors/XML-Parser/commit/6b291f4d260fc124a6ec80382b87a918f372bc6b.patch https://github.com/cpan-authors/XML-Parser/issues/64 https://rt.cpan.org/Ticket/Display.html?id=19859 Important 2026-03-19T11:08:04 perl-xml-parser: XML::Parser: Memory corruption via deeply nested XML files 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CWE-193

XML::Parser versions through 2.47 for Perl has an off-by-one heap buffer overflow in st_serial_stack. In the case (stackptr == stacksize - 1), the stack will NOT be expanded. Then the new value will be written at location (++stackptr), which equals stacksize and therefore falls just outside the allocated buffer. The bug can be observed when parsing an XML file with very deep element nesting

A flaw was found in XML::Parser, a Perl module for parsing XML. This vulnerability, an off-by-one heap buffer overflow, occurs when processing an XML file with very deep element nesting. A remote attacker could exploit this by providing a specially crafted XML file, potentially leading to memory corruption.

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability. Red Hat Enterprise Linux 10 2026-04-13T00:00:00 RHSA-2026:7680 perl-XML-Parser-0:2.47-6.1.el10_1 Red Hat Enterprise Linux 8 2026-04-13T00:00:00 RHSA-2026:7681 perl-XML-Parser-0:2.44-12.el8_10 Red Hat Enterprise Linux 9 2026-04-13T00:00:00 RHSA-2026:7679 perl-XML-Parser-0:2.46-9.1.el9_7 Red Hat Enterprise Linux 6 Will not fix perl-XML-Parser Red Hat Enterprise Linux 7 Affected perl-XML-Parser https://www.cve.org/CVERecord?id=CVE-2006-10003 https://nvd.nist.gov/vuln/detail/CVE-2006-10003 https://github.com/cpan-authors/XML-Parser/commit/3eb9cc95420fa0c3f76947c4708962546bf27cfd.patch https://github.com/cpan-authors/XML-Parser/issues/39 https://rt.cpan.org/Ticket/Display.html?id=19860 Moderate 2023-01-17T00:00:00 httpd: mod_dav: out-of-bounds read/write of zero byte 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CWE-787

A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool (heap) memory location beyond the header value sent. This could cause the process to crash. This issue affects Apache HTTP Server 2.4.54 and earlier.

A flaw was found in the mod_dav module of httpd. A specially crafted "If:" request header can cause a memory read or write of a single zero byte due to a missing error check, resulting in a Denial of Service.

This flaw only affects configurations with mod_dav loaded and configured. Also, if there is no WebDAV repository configured, the server is not affected and no further mitigation is needed. For more information about the mitigation, check the mitigation section below. The httpd mod_dav module is enabled by default on Red Hat Enterprise Linux 6, 7, 8, 9, and in RHSCL. However, there is no WebDAV repository configured by default. This flaw has been rated as having a security impact of moderate, and is not currently planned to be addressed in future updates of Red Hat Enterprise Linux 7. Red Hat Enterprise Linux 7 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata. Disabling mod_dav and restarting httpd will mitigate this flaw. JBCS httpd 2.4.51.sp2 2023-06-05T00:00:00 RHSA-2023:3355 httpd JBoss Core Services for RHEL 8 2023-06-05T00:00:00 RHSA-2023:3354 jbcs-httpd24-httpd-0:2.4.51-39.el8jbcs JBoss Core Services on RHEL 7 2023-06-05T00:00:00 RHSA-2023:3354 jbcs-httpd24-httpd-0:2.4.51-39.el7jbcs Red Hat Enterprise Linux 8 2023-02-21T00:00:00 RHSA-2023:0852 httpd:2.4-8070020230131172653.bd1311ed Red Hat Enterprise Linux 9 2023-02-28T00:00:00 RHSA-2023:0970 httpd-0:2.4.53-7.el9_1.1 Red Hat Enterprise Linux 6 Out of support scope httpd Red Hat Enterprise Linux 7 Out of support scope httpd Red Hat JBoss Enterprise Application Platform 6 Out of support scope httpd22 Red Hat Software Collections Will not fix httpd24-httpd https://www.cve.org/CVERecord?id=CVE-2006-20001 https://nvd.nist.gov/vuln/detail/CVE-2006-20001 https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2006-20001 Moderate 2007-02-20T00:00:00 security flaw

The file watch implementation in the audit subsystem (auditctl -w) in the Red Hat Enterprise Linux (RHEL) 4 kernel 2.6.9 allows local users to cause a denial of service (kernel panic) by replacing a watched file, which does not cause the watch on the old inode to be dropped.

Red Hat Enterprise Linux 4 2007-02-27T00:00:00 RHSA-2007:0085 kernel-0:2.6.9-42.0.10.EL https://www.cve.org/CVERecord?id=CVE-2007-0001 https://nvd.nist.gov/vuln/detail/CVE-2007-0001 Important 2007-03-16T00:00:00 buffer overflows

Multiple heap-based buffer overflows in WordPerfect Document importer/exporter (libwpd) before 0.8.9 allow user-assisted remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted WordPerfect file in which values to loop counters are not properly handled in the (1) WP3TablesGroup::_readContents and (2) WP5DefinitionGroup_DefineTablesSubGroup::WP5DefinitionGroup_DefineTablesSubGroup functions. NOTE: the integer overflow has been split into CVE-2007-1466.

Red Hat would like to thank Fridrich Štrba and iDefense for reporting this issue. Red Hat Enterprise Linux 5 2007-03-16T00:00:00 RHSA-2007:0055 libwpd-0:0.8.7-3.el5 https://www.cve.org/CVERecord?id=CVE-2007-0002 https://nvd.nist.gov/vuln/detail/CVE-2007-0002

pam_unix.so in Linux-PAM 0.99.7.0 allows context-dependent attackers to log into accounts whose password hash, as stored in /etc/passwd or /etc/shadow, has only two characters.

Not vulnerable. These issues did not affect the versions of pam as shipped with Red Hat Enterprise Linux 2.1, 3, or 4. https://www.cve.org/CVERecord?id=CVE-2007-0003 https://nvd.nist.gov/vuln/detail/CVE-2007-0003 Moderate 2007-03-06T00:00:00 security flaw

Multiple buffer overflows in the (1) read and (2) write handlers in the Omnikey CardMan 4040 driver in the Linux kernel before 2.6.21-rc3 allow local users to gain privileges.

Red Hat would like to thank Daniel Roethlisberger for reporting this issue. Red Hat Enterprise Linux 5 2007-03-14T00:00:00 RHSA-2007:0099 kernel-0:2.6.18-8.1.1.el5 https://www.cve.org/CVERecord?id=CVE-2007-0005 https://nvd.nist.gov/vuln/detail/CVE-2007-0005 Important 2006-12-21T00:00:00 security flaw

The key serial number collision avoidance code in the key_alloc_serial function in Linux kernel 2.6.9 up to 2.6.20 allows local users to cause a denial of service (crash) via vectors that trigger a null dereference, as originally reported as "spinlock CPU recursion."

Red Hat Enterprise Linux 4 2007-02-27T00:00:00 RHSA-2007:0085 kernel-0:2.6.9-42.0.10.EL Red Hat Enterprise Linux 5 2007-03-14T00:00:00 RHSA-2007:0099 kernel-0:2.6.18-8.1.1.el5 https://www.cve.org/CVERecord?id=CVE-2007-0006 https://nvd.nist.gov/vuln/detail/CVE-2007-0006 Moderate 2007-02-01T00:00:00 NSS: SSLv2 protocol buffer overflows

Integer underflow in the SSLv2 support in Mozilla Network Security Services (NSS) before 3.11.5, as used by Firefox before 1.5.0.10 and 2.x before 2.0.0.2, SeaMonkey before 1.0.8, Thunderbird before 1.5.0.10, and certain Sun Java System server products before 20070611, allows remote attackers to execute arbitrary code via a crafted SSLv2 server message containing a public key that is too short to encrypt the "Master Secret", which results in a heap-based overflow.

Red Hat Enterprise Linux 2.1 2007-02-24T00:00:00 RHSA-2007:0077 seamonkey-0:1.0.8-0.2.el2 Red Hat Enterprise Linux 3 2007-02-24T00:00:00 RHSA-2007:0077 seamonkey-0:1.0.8-0.2.el3 Red Hat Enterprise Linux 4 2007-02-24T00:00:00 RHSA-2007:0077 devhelp-0:0.10-0.7.el4 Red Hat Enterprise Linux 4 2007-02-24T00:00:00 RHSA-2007:0077 seamonkey-0:1.0.8-0.2.el4 Red Hat Enterprise Linux 4 2007-03-02T00:00:00 RHSA-2007:0078 thunderbird-0:1.5.0.10-0.1.el4 Red Hat Enterprise Linux 4 2007-02-23T00:00:00 RHSA-2007:0079 firefox-0:1.5.0.10-0.1.el4 Red Hat Enterprise Linux 5 2007-03-14T00:00:00 RHSA-2007:0097 devhelp-0:0.12-10.0.1.el5 Red Hat Enterprise Linux 5 2007-03-14T00:00:00 RHSA-2007:0097 firefox-0:1.5.0.10-2.el5 Red Hat Enterprise Linux 5 2007-03-14T00:00:00 RHSA-2007:0097 yelp-0:2.16.0-14.0.1.el5 Red Hat Enterprise Linux 5 2007-03-14T00:00:00 RHSA-2007:0108 thunderbird-0:1.5.0.10-1.el5 https://www.cve.org/CVERecord?id=CVE-2007-0008 https://nvd.nist.gov/vuln/detail/CVE-2007-0008 Moderate 2007-02-01T00:00:00 NSS: SSLv2 protocol buffer overflows

Stack-based buffer overflow in the SSLv2 support in Mozilla Network Security Services (NSS) before 3.11.5, as used by Firefox before 1.5.0.10 and 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, SeaMonkey before 1.0.8, and certain Sun Java System server products before 20070611, allows remote attackers to execute arbitrary code via invalid "Client Master Key" length values.

Red Hat Enterprise Linux 2.1 2007-02-24T00:00:00 RHSA-2007:0077 seamonkey-0:1.0.8-0.2.el2 Red Hat Enterprise Linux 3 2007-02-24T00:00:00 RHSA-2007:0077 seamonkey-0:1.0.8-0.2.el3 Red Hat Enterprise Linux 4 2007-02-24T00:00:00 RHSA-2007:0077 devhelp-0:0.10-0.7.el4 Red Hat Enterprise Linux 4 2007-02-24T00:00:00 RHSA-2007:0077 seamonkey-0:1.0.8-0.2.el4 Red Hat Enterprise Linux 4 2007-03-02T00:00:00 RHSA-2007:0078 thunderbird-0:1.5.0.10-0.1.el4 Red Hat Enterprise Linux 4 2007-02-23T00:00:00 RHSA-2007:0079 firefox-0:1.5.0.10-0.1.el4 Red Hat Enterprise Linux 5 2007-03-14T00:00:00 RHSA-2007:0097 devhelp-0:0.12-10.0.1.el5 Red Hat Enterprise Linux 5 2007-03-14T00:00:00 RHSA-2007:0097 firefox-0:1.5.0.10-2.el5 Red Hat Enterprise Linux 5 2007-03-14T00:00:00 RHSA-2007:0097 yelp-0:2.16.0-14.0.1.el5 Red Hat Enterprise Linux 5 2007-03-14T00:00:00 RHSA-2007:0108 thunderbird-0:1.5.0.10-1.el5 https://www.cve.org/CVERecord?id=CVE-2007-0009 https://nvd.nist.gov/vuln/detail/CVE-2007-0009 Moderate 2007-01-10T00:00:00 security flaw

The GdkPixbufLoader function in GIMP ToolKit (GTK+) in GTK 2 (gtk2) before 2.4.13 allows context-dependent attackers to cause a denial of service (crash) via a malformed image file.

Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Red Hat Enterprise Linux 4 2007-01-24T00:00:00 RHSA-2007:0019 gtk2-0:2.4.13-22 https://www.cve.org/CVERecord?id=CVE-2007-0010 https://nvd.nist.gov/vuln/detail/CVE-2007-0010 Low 2008-01-08T00:00:00 J2RE DoS with undefined name attribute

Sun JRE 5.0 before update 14 allows remote attackers to cause a denial of service (Internet Explorer crash) via an object tag with an encoded applet and an undefined name attribute, which triggers a NULL pointer dereference in jpiexp32.dll when the applet is decoded and passed to the JVM.

https://www.cve.org/CVERecord?id=CVE-2007-0012 https://nvd.nist.gov/vuln/detail/CVE-2007-0012 Moderate 2007-01-03T00:00:00 Acrobat Reader Universal CSRF and session riding CWE-352

Adobe Acrobat Reader Plugin before 8.0.0 for the Firefox, Internet Explorer, and Opera web browsers allows remote attackers to force the browser to make unauthorized requests to other web sites via a URL in the (1) FDF, (2) xml, and (3) xfdf AJAX request parameters, following the # (hash) character, aka "Universal CSRF and session riding."

Extras for RHEL 3 2008-02-22T00:00:00 RHSA-2008:0144 acroread-0:8.1.2-1.el3.6 Extras for RHEL 4 2008-02-22T00:00:00 RHSA-2008:0144 acroread-0:8.1.2-1.el4.2 Supplementary for Red Hat Enterprise Linux 5 2008-02-22T00:00:00 RHSA-2008:0144 acroread-0:8.1.2-1.el5.3 https://www.cve.org/CVERecord?id=CVE-2007-0044 https://nvd.nist.gov/vuln/detail/CVE-2007-0044 Important 2007-01-03T00:00:00 security flaw

Multiple cross-site scripting (XSS) vulnerabilities in Adobe Acrobat Reader Plugin before 8.0.0, and possibly the plugin distributed with Adobe Reader 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2, for Mozilla Firefox, Microsoft Internet Explorer 6 SP1, Google Chrome, Opera 8.5.4 build 770, and Opera 9.10.8679 on Windows allow remote attackers to inject arbitrary JavaScript and conduct other attacks via a .pdf URL with a javascript: or res: URI with (1) FDF, (2) XML, and (3) XFDF AJAX parameters, or (4) an arbitrarily named name=URI anchor identifier, aka "Universal XSS (UXSS)."

Extras for RHEL 3 2007-01-22T00:00:00 RHSA-2007:0021 acroread-0:7.0.9-1.1.1.EL3 Extras for RHEL 3 2007-01-22T00:00:00 RHSA-2007:0021 acroread-libs-atk-0:1.8.0-1.el3 Extras for RHEL 3 2007-01-22T00:00:00 RHSA-2007:0021 acroread-libs-glib2-0:2.4.7-1 Extras for RHEL 3 2007-01-22T00:00:00 RHSA-2007:0021 acroread-libs-gtk2-0:2.4.13-1.el3 Extras for RHEL 3 2007-01-22T00:00:00 RHSA-2007:0021 acroread-libs-gtk2-engines-0:2.2.0-1.el3 Extras for RHEL 3 2007-01-22T00:00:00 RHSA-2007:0021 acroread-libs-pango-0:1.6.0-1.el3 Extras for RHEL 4 2007-01-11T00:00:00 RHSA-2007:0017 acroread-0:7.0.9-1.2.0.EL4 https://www.cve.org/CVERecord?id=CVE-2007-0045 https://nvd.nist.gov/vuln/detail/CVE-2007-0045 Critical 2007-01-03T00:00:00 security flaw

Double free vulnerability in the Adobe Acrobat Reader Plugin before 8.0.0, as used in Mozilla Firefox 1.5.0.7, allows remote attackers to execute arbitrary code by causing an error via a javascript: URI call to document.write in the (1) FDF, (2) XML, or (3) XFDF AJAX request parameters.

Extras for RHEL 3 2007-01-22T00:00:00 RHSA-2007:0021 acroread-0:7.0.9-1.1.1.EL3 Extras for RHEL 3 2007-01-22T00:00:00 RHSA-2007:0021 acroread-libs-atk-0:1.8.0-1.el3 Extras for RHEL 3 2007-01-22T00:00:00 RHSA-2007:0021 acroread-libs-glib2-0:2.4.7-1 Extras for RHEL 3 2007-01-22T00:00:00 RHSA-2007:0021 acroread-libs-gtk2-0:2.4.13-1.el3 Extras for RHEL 3 2007-01-22T00:00:00 RHSA-2007:0021 acroread-libs-gtk2-engines-0:2.2.0-1.el3 Extras for RHEL 3 2007-01-22T00:00:00 RHSA-2007:0021 acroread-libs-pango-0:1.6.0-1.el3 Extras for RHEL 4 2007-01-11T00:00:00 RHSA-2007:0017 acroread-0:7.0.9-1.2.0.EL4 https://www.cve.org/CVERecord?id=CVE-2007-0046 https://nvd.nist.gov/vuln/detail/CVE-2007-0046

The DHCP server in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075 and ACE 2 before 2.0.1 Build 55017, and Server before 1.0.4 Build 56528 allows remote attackers to execute arbitrary code via a malformed packet that triggers "corrupt stack memory."

Not vulnerable. This issue did not affect the versions of dhcp as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5. https://www.cve.org/CVERecord?id=CVE-2007-0061 https://nvd.nist.gov/vuln/detail/CVE-2007-0061 Low 2007-09-19T00:00:00 dhcpd possible DoS via large max-message-size option

Integer overflow in the ISC dhcpd 3.0.x before 3.0.7 and 3.1.x before 3.1.1; and the DHCP server in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075 and ACE 2 before 2.0.1 Build 55017, and Server before 1.0.4 Build 56528; allows remote attackers to cause a denial of service (daemon crash) or execute arbitrary code via a malformed DHCP packet with a large dhcp-max-message-size that triggers a stack-based buffer overflow, related to servers configured to send many DHCP options to clients.

The Red Hat Product Security has rated this issue as having low security impact. The risks associated with fixing this bug are greater than the low severity security risk. We therefore currently have no plans to fix this flaw in Red Hat Enterprise Linux 2.1, 3, 4, or 5: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2007-0062 https://www.cve.org/CVERecord?id=CVE-2007-0062 https://nvd.nist.gov/vuln/detail/CVE-2007-0062 Important 2007-10-08T00:00:00 security flaw

Integer underflow in the DHCP server in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075 and ACE 2 before 2.0.1 Build 55017, and Server before 1.0.4 Build 56528 allows remote attackers to execute arbitrary code via a malformed DHCP packet that triggers a stack-based buffer overflow.

This issue is the same as CVE-2007-5365. The affected dhcp versions were fixed via: https://rhn.redhat.com/errata/RHSA-2007-0970.html Red Hat Enterprise Linux 2.1 2007-10-23T00:00:00 RHSA-2007:0970 dhcp-1:2.0pl5-11 https://www.cve.org/CVERecord?id=CVE-2007-0063 https://nvd.nist.gov/vuln/detail/CVE-2007-0063 Critical 2008-04-08T00:00:00 Flash Player input validation error CWE-20

Integer overflow in Adobe Flash Player 9.0.115.0 and earlier, and 8.0.39.0 and earlier, allows remote attackers to execute arbitrary code via a crafted SWF file with a negative Scene Count value, which passes a signed comparison, is used as an offset of a NULL pointer, and triggers a buffer overflow.

Extras for RHEL 3 2008-04-08T00:00:00 RHSA-2008:0221 flash-plugin-0:9.0.124.0-1.el3.with.oss Extras for RHEL 4 2008-04-08T00:00:00 RHSA-2008:0221 flash-plugin-0:9.0.124.0-1.el4 Supplementary for Red Hat Enterprise Linux 5 2008-04-08T00:00:00 RHSA-2008:0221 flash-plugin-0:9.0.124.0-1.el5 https://www.cve.org/CVERecord?id=CVE-2007-0071 https://nvd.nist.gov/vuln/detail/CVE-2007-0071

Buffer overflow in the SMB_Connect_Server function in FreeRadius 1.1.3 and earlier allows attackers to execute arbitrary code related to the server desthost field of an SMB_Handle_Type instance. NOTE: the impact of this issue has been disputed by a reliable third party and the vendor, who states that exploitation is limited "only to local administrators who have write access to the server configuration files." CVE concurs with the dispute

Not vulnerable. The affected code is in an optional module that is not shipped in Red Hat Enterprise Linux 2.1, 3, or 4. https://www.cve.org/CVERecord?id=CVE-2007-0080 https://nvd.nist.gov/vuln/detail/CVE-2007-0080

The Apache HTTP Server, when accessed through a TCP connection with a large window size, allows remote attackers to cause a denial of service (network bandwidth consumption) via a Range header that specifies multiple copies of the same fragment. NOTE: the severity of this issue has been disputed by third parties, who state that the large window size required by the attack is not normally supported or configured by the server, or that a DDoS-style attack would accomplish the same goal

Red Hat does not consider this issue to be a security vulnerability. The pottential attacker has to send acknowledgement packets periodically to make server generate traffic. Exactly the same effect could be achieved by simply downloading the file. The statement that setting the TCP window size to arbitrarily high value would permit the attacker to disconnect and stop sending ACKs is false, because Red Hat Enterprise Linux limits the size of the TCP send buffer to 4MB by default. https://www.cve.org/CVERecord?id=CVE-2007-0086 https://nvd.nist.gov/vuln/detail/CVE-2007-0086 acroread infinite loop DoS

The Adobe PDF specification 1.3, as implemented by Adobe Acrobat before 8.0.0, allows remote attackers to have an unknown impact, possibly including denial of service (infinite loop), arbitrary code execution, or memory corruption, via a PDF file with a (1) crafted catalog dictionary or (2) a crafted Pages attribute that references an invalid page tree node.

Some implementations of the PDF specification erroneously allow page tree objects that refer back to themselves. As a result, an infinite loop could be created. We believe this could only result in a denial of service against the application. We do not consider a user-assisted DoS of a client application to be a security issue. https://www.cve.org/CVERecord?id=CVE-2007-0103 https://nvd.nist.gov/vuln/detail/CVE-2007-0103 xpdf infinite loop DoS

The Adobe PDF specification 1.3, as implemented by (a) xpdf 3.0.1 patch 2, (b) kpdf in KDE before 3.5.5, (c) poppler before 0.5.4, and other products, allows remote attackers to have an unknown impact, possibly including denial of service (infinite loop), arbitrary code execution, or memory corruption, via a PDF file with a (1) crafted catalog dictionary or (2) a crafted Pages attribute that references an invalid page tree node.

Not Vulnerable. This flaw is the result of an infinite recursion flaw in xpdf, which cannot result in arbitrary code execution. https://www.cve.org/CVERecord?id=CVE-2007-0104 https://nvd.nist.gov/vuln/detail/CVE-2007-0104

Array index error in the uri_lookup function in the URI parser for neon 0.26.0 to 0.26.2, possibly only on 64-bit platforms, allows remote malicious servers to cause a denial of service (crash) via a URI with non-ASCII characters, which triggers a buffer under-read due to a type conversion error that generates a negative index.

Not vulnerable. This issue does not affect the older versions of neon as shipped with Red Hat Enterprise Linux 2.1, 3, and 4. This issue also does not affect the older versions of neon included in the cadaver package. https://www.cve.org/CVERecord?id=CVE-2007-0157 https://nvd.nist.gov/vuln/detail/CVE-2007-0157

slocate 3.1 does not properly manage database entries that specify names of files in protected directories, which allows local users to obtain the names of private files. NOTE: another researcher reports that the issue is not present in slocate 2.7.

Not vulnerable. This issue did not affect the versions of slocate as shipped with Red Hat Enterprise Linux 2.1, 3, or 4. https://www.cve.org/CVERecord?id=CVE-2007-0227 https://nvd.nist.gov/vuln/detail/CVE-2007-0227 Moderate 2007-01-14T00:00:00 Stack overflow libgtop when pathname of mmap()-ed file is too long

Stack-based buffer overflow in the glibtop_get_proc_map_s function in libgtop before 2.14.6 (libgtop2) allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a process with a long filename that is mapped in its address space, which triggers the overflow in gnome-system-monitor.

Not vulnerable. This issue did not affect the versions of libgtop as shipped with Red Hat Enterprise Linux 2.1 or 3. Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. This flaw affects Red Hat Enterprise Linux 4 and is being tracked via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=249884 Red Hat Enterprise Linux 4 2007-08-07T00:00:00 RHSA-2007:0765 libgtop2-0:2.8.0-1.0.2 https://www.cve.org/CVERecord?id=CVE-2007-0235 https://nvd.nist.gov/vuln/detail/CVE-2007-0235 Important 2007-03-20T00:00:00 security flaw

Stack-based buffer overflow in filter\starcalc\scflt.cxx in the StarCalc parser in OpenOffice.org (OOo) Office Suite before 2.2, and 1.x before 1.1.5 Patch, allows user-assisted remote attackers to execute arbitrary code via a document with a long Note.

Red Hat would like to thank John Heasman for reporting this issue. Red Hat Enterprise Linux 3 2007-03-22T00:00:00 RHSA-2007:0033 openoffice.org-0:1.1.2-38.2.0.EL3 Red Hat Enterprise Linux 4 2007-03-22T00:00:00 RHSA-2007:0033 openoffice.org-0:1.1.5-10.6.0.EL4 Red Hat Enterprise Linux 5 2007-03-22T00:00:00 RHSA-2007:0069 openoffice.org-1:2.0.4-5.4.17.1 https://www.cve.org/CVERecord?id=CVE-2007-0238 https://nvd.nist.gov/vuln/detail/CVE-2007-0238 Moderate 2007-03-20T00:00:00 security flaw

OpenOffice.org (OOo) Office Suite allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in a prepared link in a crafted document.

Red Hat Enterprise Linux 3 2007-03-22T00:00:00 RHSA-2007:0033 openoffice.org-0:1.1.2-38.2.0.EL3 Red Hat Enterprise Linux 4 2007-03-22T00:00:00 RHSA-2007:0033 openoffice.org-0:1.1.5-10.6.0.EL4 Red Hat Enterprise Linux 5 2007-03-22T00:00:00 RHSA-2007:0069 openoffice.org-1:2.0.4-5.4.17.1 https://www.cve.org/CVERecord?id=CVE-2007-0239 https://nvd.nist.gov/vuln/detail/CVE-2007-0239 Low 2007-03-20T00:00:00 security flaw

Cross-site scripting (XSS) vulnerability in Zope 2.10.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in a HTTP GET request.

Not vulnerable. This issue did not affect Zope included within the conga package shipped with Red Hat Enterprise Linux 5. Red Hat Enterprise Linux 5 2006-07-20T00:00:00 RHBA-2007:0331 conga-0:0.9.2-6.el5 https://www.cve.org/CVERecord?id=CVE-2007-0240 https://nvd.nist.gov/vuln/detail/CVE-2007-0240 Moderate 2007-03-29T00:00:00 QT UTF8 improper character expansion 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

The UTF-8 decoder in codecs/qutfcodec.cpp in Qt 3.3.8 and 4.2.3 does not reject long UTF-8 sequences as required by the standard, which allows remote attackers to conduct cross-site scripting (XSS) and directory traversal attacks via long sequences that decode to dangerous metacharacters.

Red Hat Enterprise Linux 2.1 2007-09-13T00:00:00 RHSA-2007:0883 qt-1:2.3.1-14.EL2 Red Hat Enterprise Linux 3 2007-09-13T00:00:00 RHSA-2007:0883 qt-1:3.1.2-17.RHEL3 Red Hat Enterprise Linux 4 2007-09-13T00:00:00 RHSA-2007:0883 qt-1:3.3.3-13.RHEL4 Red Hat Enterprise Linux 4 2007-10-08T00:00:00 RHSA-2007:0909 kdelibs-6:3.3.1-9.el4 Red Hat Enterprise Linux 5 2007-09-13T00:00:00 RHSA-2007:0883 qt-1:3.3.6-23.el5 Red Hat Enterprise Linux 5 2007-10-08T00:00:00 RHSA-2007:0909 kdelibs-6:3.5.4-13.el5 Red Hat Enterprise Linux 5 2011-09-21T00:00:00 RHSA-2011:1324 qt4-0:4.2.1-1.el5_7.1 https://www.cve.org/CVERecord?id=CVE-2007-0242 https://nvd.nist.gov/vuln/detail/CVE-2007-0242 Important 2007-01-17T00:00:00 java-jre: GIF buffer overflow

Buffer overflow in Sun JDK and Java Runtime Environment (JRE) 5.0 Update 9 and earlier, SDK and JRE 1.4.2_12 and earlier, and SDK and JRE 1.3.1_18 and earlier allows applets to gain privileges via a GIF image with a block with a 0 width field, which triggers memory corruption.

Extras for RHEL 3 2007-04-25T00:00:00 RHSA-2007:0166 java-1.4.2-ibm-0:1.4.2.8-1jpp.1.el3 Extras for RHEL 4 2007-04-25T00:00:00 RHSA-2007:0166 java-1.4.2-ibm-0:1.4.2.8-1jpp.1.el4 Extras for RHEL 4 2007-04-25T00:00:00 RHSA-2007:0167 java-1.5.0-ibm-1:1.5.0.4-1jpp.3.el4 Red Hat Enterprise Linux 2.1 2007-01-24T00:00:00 RHSA-2007:0072 IBMJava2-JRE-1:1.3.1-12 Red Hat Enterprise Linux 2.1 2007-01-24T00:00:00 RHSA-2007:0072 IBMJava2-SDK-1:1.3.1-11 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 jabberd-0:2.0s10-3.38.rhn Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 jfreechart-0:0.9.20-3.rhn Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 openmotif21-0:2.1.30-11.RHEL4.6 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 perl-Crypt-CBC-0:2.24-1.el4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 rhn-apache-0:1.3.27-36.rhn.rhel4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 rhn-modjk-0:1.2.23-2rhn.rhel4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 rhn-modperl-0:1.29-16.rhel4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 rhn-modssl-0:2.8.12-8.rhn.10.rhel4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 tomcat5-0:5.0.30-0jpp_10rh Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 jabberd-0:2.0s10-3.37.rhn Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 jfreechart-0:0.9.20-3.rhn Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 openmotif21-0:2.1.30-9.RHEL3.8 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 perl-Crypt-CBC-0:2.24-1.el3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 rhn-apache-0:1.3.27-36.rhn.rhel3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 rhn-modjk-0:1.2.23-2rhn.rhel3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 rhn-modperl-0:1.29-16.rhel3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 rhn-modssl-0:2.8.12-8.rhn.10.rhel3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 tomcat5-0:5.0.30-0jpp_10rh Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 jabberd-0:2.0s10-3.38.rhn Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 jfreechart-0:0.9.20-3.rhn Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 openmotif21-0:2.1.30-11.RHEL4.6 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 perl-Crypt-CBC-0:2.24-1.el4 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 rhn-apache-0:1.3.27-36.rhn.rhel4 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 rhn-modjk-0:1.2.23-2rhn.rhel4 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 rhn-modperl-0:1.29-16.rhel4 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 rhn-modssl-0:2.8.12-8.rhn.10.rhel4 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 tomcat5-0:5.0.30-0jpp_10rh Supplementary for Red Hat Enterprise Linux 5 2007-04-25T00:00:00 RHSA-2007:0166 java-1.4.2-ibm-0:1.4.2.8-1jpp.1.el5 Supplementary for Red Hat Enterprise Linux 5 2007-04-25T00:00:00 RHSA-2007:0167 java-1.5.0-ibm-1:1.5.0.4-1jpp.3.el5 Supplementary for Red Hat Enterprise Linux 5 2007-10-16T00:00:00 RHSA-2007:0956 java-1.5.0-bea-0:1.5.0.11-1jpp.1.el5 https://www.cve.org/CVERecord?id=CVE-2007-0243 https://nvd.nist.gov/vuln/detail/CVE-2007-0243 Important 2007-06-12T00:00:00 openoffice.org rtf filter buffer overflow

Heap-based buffer overflow in OpenOffice.org (OOo) 2.2.1 and earlier allows remote attackers to execute arbitrary code via a RTF file with a crafted prtdata tag with a length parameter inconsistency, which causes vtable entries to be overwritten.

Red Hat Enterprise Linux 3 2007-06-13T00:00:00 RHSA-2007:0406 openoffice.org-0:1.1.2-39.2.0.EL3 Red Hat Enterprise Linux 4 2007-06-13T00:00:00 RHSA-2007:0406 openoffice.org-0:1.1.5-10.6.0.1.EL4 Red Hat Enterprise Linux 4 2007-06-13T00:00:00 RHSA-2007:0406 openoffice.org2-1:2.0.4-5.7.0.1.0 Red Hat Enterprise Linux 5 2007-06-13T00:00:00 RHSA-2007:0406 openoffice.org-1:2.0.4-5.4.17.2 https://www.cve.org/CVERecord?id=CVE-2007-0245 https://nvd.nist.gov/vuln/detail/CVE-2007-0245 Important 2007-01-13T00:00:00 CVE-2007-0247 Squid crashes when receiving certain FTP listings

squid/src/ftp.c in Squid before 2.6.STABLE7 allows remote FTP servers to cause a denial of service (core dump) via crafted FTP directory listing responses, possibly related to the (1) ftpListingFinish and (2) ftpHtmlifyListEntry functions.

Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. This issue did not affect the versions of squid as shipped with Red Hat Enterprise Linux 2.1, 3, or 4. https://www.cve.org/CVERecord?id=CVE-2007-0247 https://nvd.nist.gov/vuln/detail/CVE-2007-0247

The aclMatchExternal function in Squid before 2.6.STABLE7 allows remote attackers to cause a denial of service (crash) by causing an external_acl queue overload, which triggers an infinite loop.

Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. This issue did not affect the versions of Squid as shipped with Red Hat Enterprise Linux 2.1, 3, or 4. https://www.cve.org/CVERecord?id=CVE-2007-0248 https://nvd.nist.gov/vuln/detail/CVE-2007-0248

The fopen function in PHP 5.2.0 does not properly handle invalid URI handlers, which allows context-dependent attackers to bypass safe_mode restrictions and read arbitrary files via a file path specified with an invalid URI, as demonstrated via the srpath URI.

We do not consider these to be security issues. For more details see http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1 and http://www.php.net/security-note.php https://www.cve.org/CVERecord?id=CVE-2007-0448 https://nvd.nist.gov/vuln/detail/CVE-2007-0448 Important 2007-03-14T00:00:00 tomcat directory traversal

Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) "/" (slash), (2) "\" (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache.

Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 ant-0:1.6.5-1jpp_1rh Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 avalon-logkit-0:1.2-2jpp_4rh Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 axis-0:1.2.1-1jpp_3rh Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 classpathx-jaf-0:1.0-2jpp_6rh Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 classpathx-mail-0:1.1.1-2jpp_8rh Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 geronimo-specs-0:1.0-0.M4.1jpp_10rh Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 jakarta-commons-modeler-0:2.0-3jpp_2rh Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 log4j-0:1.2.12-1jpp_1rh Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 mx4j-1:3.0.1-1jpp_4rh Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 pcsc-lite-0:1.3.3-3.el4 Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 rhpki-ca-0:7.3.0-20.el4 Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 rhpki-java-tools-0:7.3.0-10.el4 Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 rhpki-kra-0:7.3.0-14.el4 Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 rhpki-manage-0:7.3.0-19.el4 Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 rhpki-native-tools-0:7.3.0-6.el4 Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 rhpki-ocsp-0:7.3.0-13.el4 Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 rhpki-tks-0:7.3.0-13.el4 Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 tomcat5-0:5.5.23-0jpp_4rh.16 Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 xerces-j2-0:2.7.1-1jpp_1rh Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 xml-commons-0:1.3.02-2jpp_1rh Red Hat Developer Suite V.3 2007-05-24T00:00:00 RHSA-2007:0328 jakarta-commons-modeler-0:2.0-3jpp_3rh Red Hat Developer Suite V.3 2007-05-24T00:00:00 RHSA-2007:0328 tomcat5-0:5.5.23-0jpp_6rh Red Hat Enterprise Linux 5 2007-05-14T00:00:00 RHSA-2007:0327 jakarta-commons-modeler-0:1.1-8jpp.1.0.2.el5 Red Hat Enterprise Linux 5 2007-05-14T00:00:00 RHSA-2007:0327 tomcat5-0:5.5.23-0jpp.1.0.3.el5 Red Hat Network Satellite Server v 4.0 2007-11-26T00:00:00 RHSA-2007:1069 jakarta-commons-pool-0:1.2-2jpp_2rh Red Hat Network Satellite Server v 4.0 2007-11-26T00:00:00 RHSA-2007:1069 tomcat5-0:5.0.30-0jpp_6rh Red Hat Network Satellite Server v 4.0 2007-11-26T00:00:00 RHSA-2007:1069 tyrex-0:1.0.1-2jpp_2rh Red Hat Network Satellite Server v 4.0 (RHEL3) 2007-11-26T00:00:00 RHSA-2007:1069 jakarta-commons-pool-0:1.2-2jpp_2rh Red Hat Network Satellite Server v 4.0 (RHEL3) 2007-11-26T00:00:00 RHSA-2007:1069 tomcat5-0:5.0.30-0jpp_6rh Red Hat Network Satellite Server v 4.0 (RHEL3) 2007-11-26T00:00:00 RHSA-2007:1069 tyrex-0:1.0.1-2jpp_2rh Red Hat Network Satellite Server v 4.1 2007-11-26T00:00:00 RHSA-2007:1069 jakarta-commons-pool-0:1.2-2jpp_2rh Red Hat Network Satellite Server v 4.1 2007-11-26T00:00:00 RHSA-2007:1069 tomcat5-0:5.0.30-0jpp_6rh Red Hat Network Satellite Server v 4.1 2007-11-26T00:00:00 RHSA-2007:1069 tyrex-0:1.0.1-2jpp_2rh Red Hat Network Satellite Server v 4.1 (RHEL3) 2007-11-26T00:00:00 RHSA-2007:1069 jakarta-commons-pool-0:1.2-2jpp_2rh Red Hat Network Satellite Server v 4.1 (RHEL3) 2007-11-26T00:00:00 RHSA-2007:1069 tomcat5-0:5.0.30-0jpp_6rh Red Hat Network Satellite Server v 4.1 (RHEL3) 2007-11-26T00:00:00 RHSA-2007:1069 tyrex-0:1.0.1-2jpp_2rh Red Hat Network Satellite Server v 4.2 2007-11-26T00:00:00 RHSA-2007:1069 jakarta-commons-pool-0:1.2-2jpp_2rh Red Hat Network Satellite Server v 4.2 2007-11-26T00:00:00 RHSA-2007:1069 tomcat5-0:5.0.30-0jpp_6rh Red Hat Network Satellite Server v 4.2 2007-11-26T00:00:00 RHSA-2007:1069 tyrex-0:1.0.1-2jpp_2rh Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 jabberd-0:2.0s10-3.38.rhn Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 jfreechart-0:0.9.20-3.rhn Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 openmotif21-0:2.1.30-11.RHEL4.6 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 perl-Crypt-CBC-0:2.24-1.el4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 rhn-apache-0:1.3.27-36.rhn.rhel4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 rhn-modjk-0:1.2.23-2rhn.rhel4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 rhn-modperl-0:1.29-16.rhel4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 rhn-modssl-0:2.8.12-8.rhn.10.rhel4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 tomcat5-0:5.0.30-0jpp_10rh Red Hat Network Satellite Server v 4.2 (RHEL3) 2007-11-26T00:00:00 RHSA-2007:1069 jakarta-commons-pool-0:1.2-2jpp_2rh Red Hat Network Satellite Server v 4.2 (RHEL3) 2007-11-26T00:00:00 RHSA-2007:1069 tomcat5-0:5.0.30-0jpp_6rh Red Hat Network Satellite Server v 4.2 (RHEL3) 2007-11-26T00:00:00 RHSA-2007:1069 tyrex-0:1.0.1-2jpp_2rh Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 jabberd-0:2.0s10-3.37.rhn Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 jfreechart-0:0.9.20-3.rhn Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 openmotif21-0:2.1.30-9.RHEL3.8 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 perl-Crypt-CBC-0:2.24-1.el3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 rhn-apache-0:1.3.27-36.rhn.rhel3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 rhn-modjk-0:1.2.23-2rhn.rhel3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 rhn-modperl-0:1.29-16.rhel3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 rhn-modssl-0:2.8.12-8.rhn.10.rhel3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 tomcat5-0:5.0.30-0jpp_10rh Red Hat Network Satellite Server v 5.0 2007-11-26T00:00:00 RHSA-2007:1069 jakarta-commons-pool-0:1.2-2jpp_2rh Red Hat Network Satellite Server v 5.0 2007-11-26T00:00:00 RHSA-2007:1069 tomcat5-0:5.0.30-0jpp_6rh Red Hat Network Satellite Server v 5.0 2007-11-26T00:00:00 RHSA-2007:1069 tyrex-0:1.0.1-2jpp_2rh Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 jabberd-0:2.0s10-3.38.rhn Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 jfreechart-0:0.9.20-3.rhn Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 openmotif21-0:2.1.30-11.RHEL4.6 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 perl-Crypt-CBC-0:2.24-1.el4 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 rhn-apache-0:1.3.27-36.rhn.rhel4 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 rhn-modjk-0:1.2.23-2rhn.rhel4 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 rhn-modperl-0:1.29-16.rhel4 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 rhn-modssl-0:2.8.12-8.rhn.10.rhel4 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 tomcat5-0:5.0.30-0jpp_10rh Red Hat Web Application Stack for RHEL 4 2007-05-24T00:00:00 RHSA-2007:0360 jbossas-0:4.0.5-2.CP04.el4s1.2 RHAPS Version 1 for RHEL 3 2007-05-08T00:00:00 RHSA-2007:0340 tomcat5-0:5.0.30-0jpp_5rh RHAPS Version 2 for RHEL 4 2007-05-21T00:00:00 RHSA-2007:0326 jakarta-commons-modeler-0:2.0-3jpp_2rh RHAPS Version 2 for RHEL 4 2007-05-21T00:00:00 RHSA-2007:0326 tomcat5-0:5.5.23-0jpp_4rh.3 https://www.cve.org/CVERecord?id=CVE-2007-0450 https://nvd.nist.gov/vuln/detail/CVE-2007-0450 Important 2007-02-13T00:00:00 security flaw

Apache SpamAssassin before 3.1.8 allows remote attackers to cause a denial of service via long URLs in malformed HTML, which triggers "massive memory usage."

Red Hat Enterprise Linux 4 2007-02-21T00:00:00 RHSA-2007:0074 spamassassin-0:3.1.8-2.el4 Red Hat Enterprise Linux 5 2007-03-13T00:00:00 RHSA-2007:0075 spamassassin-0:3.1.8-2.el5 https://www.cve.org/CVERecord?id=CVE-2007-0451 https://nvd.nist.gov/vuln/detail/CVE-2007-0451 Moderate 2007-02-05T00:00:00 security flaw

smbd in Samba 3.0.6 through 3.0.23d allows remote authenticated users to cause a denial of service (memory and CPU exhaustion) by renaming a file in a way that prevents a request from being removed from the deferred open queue, which triggers an infinite loop.

Red Hat Enterprise Linux 3 2007-02-15T00:00:00 RHSA-2007:0060 samba-0:3.0.9-1.3E.12 Red Hat Enterprise Linux 4 2007-02-15T00:00:00 RHSA-2007:0060 samba-0:3.0.10-1.4E.11 Red Hat Enterprise Linux 5 2007-03-14T00:00:00 RHSA-2007:0061 samba-0:3.0.23c-2.el5.2 https://www.cve.org/CVERecord?id=CVE-2007-0452 https://nvd.nist.gov/vuln/detail/CVE-2007-0452

Buffer overflow in the nss_winbind.so.1 library in Samba 3.0.21 through 3.0.23d, as used in the winbindd daemon on Solaris, allows attackers to execute arbitrary code via the (1) gethostbyname and (2) getipnodebyname functions.

Not vulnerable. These issues did not affect Linux versions of Samba. https://www.cve.org/CVERecord?id=CVE-2007-0453 https://nvd.nist.gov/vuln/detail/CVE-2007-0453

Format string vulnerability in the afsacl.so VFS module in Samba 3.0.6 through 3.0.23d allows context-dependent attackers to execute arbitrary code via format string specifiers in a filename on an AFS file system, which is not properly handled during Windows ACL mapping.

Not vulnerable. These issues affect the AFS ACL module which is not distributed with Samba in Red Hat Enterprise Linux 2.1, 3, 4, or 5. https://www.cve.org/CVERecord?id=CVE-2007-0454 https://nvd.nist.gov/vuln/detail/CVE-2007-0454 Low 2007-01-26T00:00:00 gd: buffer overrun

Buffer overflow in the gdImageStringFTEx function in gdft.c in GD Graphics Library 2.0.33 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted string with a JIS encoded font.

Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=234312 The Red Hat Product Security has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: https://access.redhat.com/security/updates/classification/ Red Hat Enterprise Linux 3 2007-04-16T00:00:00 RHSA-2007:0155 php-0:4.3.2-40.ent Red Hat Enterprise Linux 4 2007-04-16T00:00:00 RHSA-2007:0155 php-0:4.3.9-3.22.4 Red Hat Enterprise Linux 4 2008-02-28T00:00:00 RHSA-2008:0146 gd-0:2.0.28-5.4E.el4_6.1 Red Hat Enterprise Linux 5 2007-04-20T00:00:00 RHSA-2007:0153 php-0:5.1.6-11.el5 Red Hat Enterprise Linux 5 2008-02-28T00:00:00 RHSA-2008:0146 gd-0:2.0.33-9.4.el5_1.1 Red Hat Web Application Stack for RHEL 4 2007-04-16T00:00:00 RHSA-2007:0162 php-0:5.1.6-3.el4s1.6 Red Hat Enterprise Linux 4 Will not fix libwmf Red Hat Enterprise Linux 5 Will not fix libwmf Red Hat Enterprise Linux 6 Will not fix libwmf https://www.cve.org/CVERecord?id=CVE-2007-0455 https://nvd.nist.gov/vuln/detail/CVE-2007-0455 Low 2007-02-01T00:00:00 Multiple Wireshark issues (CVE-2007-0457, CVE-2007-0458, CVE-2007-0459)

Unspecified vulnerability in the LLT dissector in Wireshark (formerly Ethereal) 0.99.3 and 0.99.4 allows remote attackers to cause a denial of service (application crash) via unspecified vectors.

Red Hat Enterprise Linux 2.1 2007-03-14T00:00:00 RHSA-2007:0066 wireshark-0:0.99.5-AS21.3 Red Hat Enterprise Linux 3 2007-03-14T00:00:00 RHSA-2007:0066 wireshark-0:0.99.5-EL3.1 Red Hat Enterprise Linux 4 2007-03-14T00:00:00 RHSA-2007:0066 wireshark-0:0.99.5-EL4.1 Red Hat Enterprise Linux 5 2007-03-14T00:00:00 RHSA-2007:0066 wireshark-0:0.99.5-1.el5 https://www.cve.org/CVERecord?id=CVE-2007-0456 https://nvd.nist.gov/vuln/detail/CVE-2007-0456 Low 2007-02-01T00:00:00 Multiple Wireshark issues (CVE-2007-0457, CVE-2007-0458, CVE-2007-0459)

Unspecified vulnerability in the IEEE 802.11 dissector in Wireshark (formerly Ethereal) 0.10.14 through 0.99.4 allows remote attackers to cause a denial of service (application crash) via unspecified vectors.

Red Hat Enterprise Linux 2.1 2007-03-14T00:00:00 RHSA-2007:0066 wireshark-0:0.99.5-AS21.3 Red Hat Enterprise Linux 3 2007-03-14T00:00:00 RHSA-2007:0066 wireshark-0:0.99.5-EL3.1 Red Hat Enterprise Linux 4 2007-03-14T00:00:00 RHSA-2007:0066 wireshark-0:0.99.5-EL4.1 Red Hat Enterprise Linux 5 2007-03-14T00:00:00 RHSA-2007:0066 wireshark-0:0.99.5-1.el5 https://www.cve.org/CVERecord?id=CVE-2007-0457 https://nvd.nist.gov/vuln/detail/CVE-2007-0457 Low 2007-02-01T00:00:00 Multiple Wireshark issues (CVE-2007-0457, CVE-2007-0458, CVE-2007-0459)

Unspecified vulnerability in the HTTP dissector in Wireshark (formerly Ethereal) 0.99.3 and 0.99.4 allows remote attackers to cause a denial of service (application crash) via unspecified vectors, a different issue than CVE-2006-5468.

Red Hat Enterprise Linux 2.1 2007-03-14T00:00:00 RHSA-2007:0066 wireshark-0:0.99.5-AS21.3 Red Hat Enterprise Linux 3 2007-03-14T00:00:00 RHSA-2007:0066 wireshark-0:0.99.5-EL3.1 Red Hat Enterprise Linux 4 2007-03-14T00:00:00 RHSA-2007:0066 wireshark-0:0.99.5-EL4.1 Red Hat Enterprise Linux 5 2007-03-14T00:00:00 RHSA-2007:0066 wireshark-0:0.99.5-1.el5 https://www.cve.org/CVERecord?id=CVE-2007-0458 https://nvd.nist.gov/vuln/detail/CVE-2007-0458 Low 2007-02-01T00:00:00 Multiple Wireshark issues (CVE-2007-0457, CVE-2007-0458, CVE-2007-0459)

packet-tcp.c in the TCP dissector in Wireshark (formerly Ethereal) 0.99.2 through 0.99.4 allows remote attackers to cause a denial of service (application crash or hang) via fragmented HTTP packets.

Red Hat Enterprise Linux 2.1 2007-03-14T00:00:00 RHSA-2007:0066 wireshark-0:0.99.5-AS21.3 Red Hat Enterprise Linux 3 2007-03-14T00:00:00 RHSA-2007:0066 wireshark-0:0.99.5-EL3.1 Red Hat Enterprise Linux 4 2007-03-14T00:00:00 RHSA-2007:0066 wireshark-0:0.99.5-EL4.1 Red Hat Enterprise Linux 5 2007-03-14T00:00:00 RHSA-2007:0066 wireshark-0:0.99.5-1.el5 https://www.cve.org/CVERecord?id=CVE-2007-0459 https://nvd.nist.gov/vuln/detail/CVE-2007-0459 Low 2009-07-21T00:00:00 RubyGems: Specially-crafted Gem archive can overwrite system files 5.6 AV:N/AC:H/Au:S/C:N/I:P/A:C

The extract_files function in installer.rb in RubyGems before 0.9.1 does not check whether files exist before overwriting them, which allows user-assisted remote attackers to overwrite arbitrary files, cause a denial of service, or execute arbitrary code via crafted GEM packages.

Red Hat Product Security has rated this issue as having Low security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/. Red Hat Enterprise Linux 6 Will not fix rubygems https://www.cve.org/CVERecord?id=CVE-2007-0469 https://nvd.nist.gov/vuln/detail/CVE-2007-0469 Important 2007-01-25T00:00:00 bind use-after-free CWE-416

Use-after-free vulnerability in ISC BIND 9.3.0 up to 9.3.3, 9.4.0a1 up to 9.4.0a6, 9.4.0b1 up to 9.4.0b4, 9.4.0rc1, and 9.5.0a1 (Bind Forum only) allows remote attackers to cause a denial of service (named daemon crash) via unspecified vectors that cause named to "dereference a freed fetch context."

Not vulnerable. This issue did not affect the versions of ISC BIND as shipped with Red Hat Enterprise Linux 2.1, 3, or 4. Red Hat Enterprise Linux 5 2007-03-14T00:00:00 RHSA-2007:0057 bind-30:9.3.3-8.el5 https://www.cve.org/CVERecord?id=CVE-2007-0493 https://nvd.nist.gov/vuln/detail/CVE-2007-0493 Moderate 2007-01-25T00:00:00 BIND dnssec denial of service

ISC BIND 9.0.x, 9.1.x, 9.2.0 up to 9.2.7, 9.3.0 up to 9.3.3, 9.4.0a1 up to 9.4.0a6, 9.4.0b1 up to 9.4.0b4, 9.4.0rc1, and 9.5.0a1 (Bind Forum only) allows remote attackers to cause a denial of service (exit) via a type * (ANY) DNS query response that contains multiple RRsets, which triggers an assertion error, aka the "DNSSEC Validation" vulnerability.

Red Hat Enterprise Linux 2.1 2007-02-06T00:00:00 RHSA-2007:0044 bind-0:9.2.1-8.EL2 Red Hat Enterprise Linux 3 2007-02-06T00:00:00 RHSA-2007:0044 bind-20:9.2.4-20.EL3 Red Hat Enterprise Linux 4 2007-02-06T00:00:00 RHSA-2007:0044 bind-20:9.2.4-24.EL4 Red Hat Enterprise Linux 5 2007-03-14T00:00:00 RHSA-2007:0057 bind-30:9.3.3-8.el5 https://www.cve.org/CVERecord?id=CVE-2007-0494 https://nvd.nist.gov/vuln/detail/CVE-2007-0494 Low 2007-01-24T00:00:00 konqueror XSS CWE-79

The KDE HTML library (kdelibs), as used by Konqueror 3.5.5, does not properly parse HTML comments, which allows remote attackers to conduct cross-site scripting (XSS) attacks and bypass some XSS protection schemes by embedding certain HTML tags within a comment in a title tag, a related issue to CVE-2007-0478.

The Red Hat Product Security has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: https://access.redhat.com/security/updates/classification/ Red Hat Enterprise Linux 4 2007-10-08T00:00:00 RHSA-2007:0909 kdelibs-6:3.3.1-9.el4 Red Hat Enterprise Linux 5 2007-10-08T00:00:00 RHSA-2007:0909 kdelibs-6:3.5.4-13.el5 https://www.cve.org/CVERecord?id=CVE-2007-0537 https://nvd.nist.gov/vuln/detail/CVE-2007-0537 Moderate 2007-02-05T00:00:00 security flaw

PostgreSQL 7.3 before 7.3.13, 7.4 before 7.4.16, 8.0 before 8.0.11, 8.1 before 8.1.7, and 8.2 before 8.2.2 allows attackers to disable certain checks for the data types of SQL function arguments, which allows remote authenticated users to cause a denial of service (server crash) and possibly access database content.

Red Hat Enterprise Linux 3 2007-02-07T00:00:00 RHSA-2007:0064 rh-postgresql-0:7.3.18-1 Red Hat Enterprise Linux 4 2007-02-07T00:00:00 RHSA-2007:0064 postgresql-0:7.4.16-1.RHEL4.1 Red Hat Enterprise Linux 5 2007-03-14T00:00:00 RHSA-2007:0068 postgresql-0:8.1.8-1.el5 Red Hat Web Application Stack for RHEL 4 2007-02-07T00:00:00 RHSA-2007:0067 postgresql-0:8.1.7-3.el4s1.1 https://www.cve.org/CVERecord?id=CVE-2007-0555 https://nvd.nist.gov/vuln/detail/CVE-2007-0555 Moderate 2007-02-05T00:00:00 security flaw

The query planner in PostgreSQL before 8.0.11, 8.1 before 8.1.7, and 8.2 before 8.2.2 does not verify that a table is compatible with a "previously made query plan," which allows remote authenticated users to cause a denial of service (server crash) and possibly access database content via an "ALTER COLUMN TYPE" SQL statement, which can be leveraged to read arbitrary memory from the server.

Red Hat Enterprise Linux 5 2007-03-14T00:00:00 RHSA-2007:0068 postgresql-0:8.1.8-1.el5 Red Hat Web Application Stack for RHEL 4 2007-02-07T00:00:00 RHSA-2007:0067 postgresql-0:8.1.7-3.el4s1.1 https://www.cve.org/CVERecord?id=CVE-2007-0556 https://nvd.nist.gov/vuln/detail/CVE-2007-0556

Buffer overflow in the open_sty function in mkind.c for makeindex 2.14 in teTeX might allow user-assisted remote attackers to overwrite files and possibly execute arbitrary code via a long filename. NOTE: other overflows exist but might not be exploitable, such as a heap-based overflow in the check_idx function.

Red Hat does not consider this issue to be a security vulnerability. The user would have to voluntarily interact with the attack mechanism to exploit the flaw, and the result would be the ability to run code as themselves. https://www.cve.org/CVERecord?id=CVE-2007-0650 https://nvd.nist.gov/vuln/detail/CVE-2007-0650 Low 2007-03-21T00:00:00 XMMS multiple issues (CVE-2007-0654)

Integer overflow in X MultiMedia System (xmms) 1.2.10, and possibly other versions, allows user-assisted remote attackers to execute arbitrary code via crafted header information in a skin bitmap image, which triggers memory corruption.

The Red Hat Security Response Team has rated this issue as having low security impact. There are no longer plans to fix this flaw in Red Hat Enterprise Linux 4. Red Hat Enterprise Linux 4 Will not fix xmms https://www.cve.org/CVERecord?id=CVE-2007-0653 https://nvd.nist.gov/vuln/detail/CVE-2007-0653 Low 2007-03-21T00:00:00 XMMS multiple issues (CVE-2007-0654)

Integer underflow in X MultiMedia System (xmms) 1.2.10 allows user-assisted remote attackers to execute arbitrary code via crafted header information in a skin bitmap image, which results in a stack-based buffer overflow.

The Red Hat Security Response Team has rated this issue as having low security impact. There are no longer plans to fix this flaw in Red Hat Enterprise Linux 4. Red Hat Enterprise Linux 4 Will not fix xmms https://www.cve.org/CVERecord?id=CVE-2007-0654 https://nvd.nist.gov/vuln/detail/CVE-2007-0654 Moderate 2006-11-13T00:00:00 security flaw

The CUPS service on multiple platforms allows remote attackers to cause a denial of service (service hang) via a "partially-negotiated" SSL connection, which prevents other requests from being accepted.

Red Hat Enterprise Linux 3 2007-04-16T00:00:00 RHSA-2007:0123 cups-1:1.1.17-13.3.42 Red Hat Enterprise Linux 4 2007-04-16T00:00:00 RHSA-2007:0123 cups-1:1.1.22-0.rc1.9.18 Red Hat Enterprise Linux 5 2007-04-16T00:00:00 RHSA-2007:0123 cups-1:1.2.4-11.5.1.el5 https://www.cve.org/CVERecord?id=CVE-2007-0720 https://nvd.nist.gov/vuln/detail/CVE-2007-0720 CVE-2007-0770: GraphicsMagick buffer overflow

Buffer overflow in GraphicsMagick and ImageMagick allows user-assisted remote attackers to cause a denial of service and possibly execute arbitrary code via a PALM image that is not properly handled by the ReadPALMImage function in coders/palm.c. NOTE: this issue is due to an incomplete patch for CVE-2006-5456.

Not vulnerable. Red Hat did not ship the incomplete patch for CVE-2006-5456 and is therefore not affected by this issue. https://www.cve.org/CVERecord?id=CVE-2007-0770 https://nvd.nist.gov/vuln/detail/CVE-2007-0770 Important 2007-02-12T00:00:00 Tracing execution of a threaded executable causes kernel BUG report

The utrace support in Linux kernel 2.6.18, and other versions, allows local users to cause a denial of service (system hang) related to "MT exec + utrace_attach spin failure mode," as demonstrated by ptrace-thrash.c.

Red Hat Enterprise Linux 5 2007-04-30T00:00:00 RHSA-2007:0169 kernel-0:2.6.18-8.1.3.el5 https://www.cve.org/CVERecord?id=CVE-2007-0771 https://nvd.nist.gov/vuln/detail/CVE-2007-0771 Important 2007-06-22T00:00:00 lost fput in a 32-bit ioctl on 64-bit x86 systems

The Linux kernel before 2.6.9-42.0.8 in Red Hat 4.4 allows local users to cause a denial of service (kernel OOPS from null dereference) via fput in a 32-bit ioctl on 64-bit x86 systems, an incomplete fix of CVE-2005-3044.1.

Red Hat would like to thank the SWsoft Virtuozzo/OpenVZ Linux kernel team for reporting this issue. Red Hat Enterprise Linux 4 2007-06-25T00:00:00 RHSA-2007:0488 kernel-0:2.6.9-55.0.2.EL https://www.cve.org/CVERecord?id=CVE-2007-0773 https://nvd.nist.gov/vuln/detail/CVE-2007-0773 Critical 2007-02-27T00:00:00 security flaw

Stack-based buffer overflow in the map_uri_to_worker function (native/common/jk_uri_worker_map.c) in mod_jk.so for Apache Tomcat JK Web Server Connector 1.2.19 and 1.2.20, as used in Tomcat 4.1.34 and 5.5.20, allows remote attackers to execute arbitrary code via a long URL that triggers the overflow in a URI worker map routine.

Red Hat Web Application Stack for RHEL 4 2007-03-02T00:00:00 RHSA-2007:0096 mod_jk-0:1.2.20-1.el4s1.2 RHAPS Version 2 for RHEL 4 2007-04-12T00:00:00 RHSA-2007:0164 mod_jk-0:1.2.20-1jpp_1rh https://www.cve.org/CVERecord?id=CVE-2007-0774 https://nvd.nist.gov/vuln/detail/CVE-2007-0774 Critical 2007-02-23T00:00:00 security flaw

Multiple unspecified vulnerabilities in the layout engine in Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, and SeaMonkey before 1.0.8 allow remote attackers to cause a denial of service (crash) and potentially execute arbitrary code via certain vectors.

Red Hat Enterprise Linux 2.1 2007-02-24T00:00:00 RHSA-2007:0077 seamonkey-0:1.0.8-0.2.el2 Red Hat Enterprise Linux 3 2007-02-24T00:00:00 RHSA-2007:0077 seamonkey-0:1.0.8-0.2.el3 Red Hat Enterprise Linux 4 2007-02-24T00:00:00 RHSA-2007:0077 devhelp-0:0.10-0.7.el4 Red Hat Enterprise Linux 4 2007-02-24T00:00:00 RHSA-2007:0077 seamonkey-0:1.0.8-0.2.el4 Red Hat Enterprise Linux 4 2007-03-02T00:00:00 RHSA-2007:0078 thunderbird-0:1.5.0.10-0.1.el4 Red Hat Enterprise Linux 4 2007-02-23T00:00:00 RHSA-2007:0079 firefox-0:1.5.0.10-0.1.el4 Red Hat Enterprise Linux 5 2007-03-14T00:00:00 RHSA-2007:0097 devhelp-0:0.12-10.0.1.el5 Red Hat Enterprise Linux 5 2007-03-14T00:00:00 RHSA-2007:0097 firefox-0:1.5.0.10-2.el5 Red Hat Enterprise Linux 5 2007-03-14T00:00:00 RHSA-2007:0097 yelp-0:2.16.0-14.0.1.el5 Red Hat Enterprise Linux 5 2007-03-14T00:00:00 RHSA-2007:0108 thunderbird-0:1.5.0.10-1.el5 https://www.cve.org/CVERecord?id=CVE-2007-0775 https://nvd.nist.gov/vuln/detail/CVE-2007-0775 Critical 2007-02-23T00:00:00 security flaw

The JavaScript engine in Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, and SeaMonkey before 1.0.8 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain vectors that trigger memory corruption.

Red Hat Enterprise Linux 2.1 2007-02-24T00:00:00 RHSA-2007:0077 seamonkey-0:1.0.8-0.2.el2 Red Hat Enterprise Linux 3 2007-02-24T00:00:00 RHSA-2007:0077 seamonkey-0:1.0.8-0.2.el3 Red Hat Enterprise Linux 4 2007-02-24T00:00:00 RHSA-2007:0077 devhelp-0:0.10-0.7.el4 Red Hat Enterprise Linux 4 2007-02-24T00:00:00 RHSA-2007:0077 seamonkey-0:1.0.8-0.2.el4 Red Hat Enterprise Linux 4 2007-03-02T00:00:00 RHSA-2007:0078 thunderbird-0:1.5.0.10-0.1.el4 Red Hat Enterprise Linux 4 2007-02-23T00:00:00 RHSA-2007:0079 firefox-0:1.5.0.10-0.1.el4 Red Hat Enterprise Linux 5 2007-03-14T00:00:00 RHSA-2007:0097 devhelp-0:0.12-10.0.1.el5 Red Hat Enterprise Linux 5 2007-03-14T00:00:00 RHSA-2007:0097 firefox-0:1.5.0.10-2.el5 Red Hat Enterprise Linux 5 2007-03-14T00:00:00 RHSA-2007:0097 yelp-0:2.16.0-14.0.1.el5 Red Hat Enterprise Linux 5 2007-03-14T00:00:00 RHSA-2007:0108 thunderbird-0:1.5.0.10-1.el5 https://www.cve.org/CVERecord?id=CVE-2007-0777 https://nvd.nist.gov/vuln/detail/CVE-2007-0777 Moderate 2007-02-23T00:00:00 security flaw

The page cache feature in Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 can generate hash collisions that cause page data to be appended to the wrong page cache, which allows remote attackers to obtain sensitive information or enable further attack vectors when the target page is reloaded from the cache.

Red Hat Enterprise Linux 2.1 2007-02-24T00:00:00 RHSA-2007:0077 seamonkey-0:1.0.8-0.2.el2 Red Hat Enterprise Linux 3 2007-02-24T00:00:00 RHSA-2007:0077 seamonkey-0:1.0.8-0.2.el3 Red Hat Enterprise Linux 4 2007-02-24T00:00:00 RHSA-2007:0077 devhelp-0:0.10-0.7.el4 Red Hat Enterprise Linux 4 2007-02-24T00:00:00 RHSA-2007:0077 seamonkey-0:1.0.8-0.2.el4 Red Hat Enterprise Linux 4 2007-03-02T00:00:00 RHSA-2007:0078 thunderbird-0:1.5.0.10-0.1.el4 Red Hat Enterprise Linux 4 2007-02-23T00:00:00 RHSA-2007:0079 firefox-0:1.5.0.10-0.1.el4 Red Hat Enterprise Linux 5 2007-03-14T00:00:00 RHSA-2007:0097 devhelp-0:0.12-10.0.1.el5 Red Hat Enterprise Linux 5 2007-03-14T00:00:00 RHSA-2007:0097 firefox-0:1.5.0.10-2.el5 Red Hat Enterprise Linux 5 2007-03-14T00:00:00 RHSA-2007:0097 yelp-0:2.16.0-14.0.1.el5 Red Hat Enterprise Linux 5 2007-03-14T00:00:00 RHSA-2007:0108 thunderbird-0:1.5.0.10-1.el5 https://www.cve.org/CVERecord?id=CVE-2007-0778 https://nvd.nist.gov/vuln/detail/CVE-2007-0778 Moderate 2007-02-23T00:00:00 security flaw

GUI overlay vulnerability in Mozilla Firefox 1.5.x before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 allows remote attackers to spoof certain user interface elements, such as the host name or security indicators, via the CSS3 hotspot property with a large, transparent, custom cursor.

Red Hat Enterprise Linux 2.1 2007-02-24T00:00:00 RHSA-2007:0077 seamonkey-0:1.0.8-0.2.el2 Red Hat Enterprise Linux 3 2007-02-24T00:00:00 RHSA-2007:0077 seamonkey-0:1.0.8-0.2.el3 Red Hat Enterprise Linux 4 2007-02-24T00:00:00 RHSA-2007:0077 devhelp-0:0.10-0.7.el4 Red Hat Enterprise Linux 4 2007-02-24T00:00:00 RHSA-2007:0077 seamonkey-0:1.0.8-0.2.el4 Red Hat Enterprise Linux 4 2007-03-02T00:00:00 RHSA-2007:0078 thunderbird-0:1.5.0.10-0.1.el4 Red Hat Enterprise Linux 4 2007-02-23T00:00:00 RHSA-2007:0079 firefox-0:1.5.0.10-0.1.el4 Red Hat Enterprise Linux 5 2007-03-14T00:00:00 RHSA-2007:0097 devhelp-0:0.12-10.0.1.el5 Red Hat Enterprise Linux 5 2007-03-14T00:00:00 RHSA-2007:0097 firefox-0:1.5.0.10-2.el5 Red Hat Enterprise Linux 5 2007-03-14T00:00:00 RHSA-2007:0097 yelp-0:2.16.0-14.0.1.el5 Red Hat Enterprise Linux 5 2007-03-14T00:00:00 RHSA-2007:0108 thunderbird-0:1.5.0.10-1.el5 https://www.cve.org/CVERecord?id=CVE-2007-0779 https://nvd.nist.gov/vuln/detail/CVE-2007-0779 Moderate 2007-02-23T00:00:00 security flaw

browser.js in Mozilla Firefox 1.5.x before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 uses the requesting URI to identify child windows, which allows remote attackers to conduct cross-site scripting (XSS) attacks by opening a blocked popup originating from a javascript: URI in combination with multiple frames having the same data: URI.

Red Hat Enterprise Linux 2.1 2007-02-24T00:00:00 RHSA-2007:0077 seamonkey-0:1.0.8-0.2.el2 Red Hat Enterprise Linux 3 2007-02-24T00:00:00 RHSA-2007:0077 seamonkey-0:1.0.8-0.2.el3 Red Hat Enterprise Linux 4 2007-02-24T00:00:00 RHSA-2007:0077 devhelp-0:0.10-0.7.el4 Red Hat Enterprise Linux 4 2007-02-24T00:00:00 RHSA-2007:0077 seamonkey-0:1.0.8-0.2.el4 Red Hat Enterprise Linux 4 2007-03-02T00:00:00 RHSA-2007:0078 thunderbird-0:1.5.0.10-0.1.el4 Red Hat Enterprise Linux 4 2007-02-23T00:00:00 RHSA-2007:0079 firefox-0:1.5.0.10-0.1.el4 Red Hat Enterprise Linux 5 2007-03-14T00:00:00 RHSA-2007:0097 devhelp-0:0.12-10.0.1.el5 Red Hat Enterprise Linux 5 2007-03-14T00:00:00 RHSA-2007:0097 firefox-0:1.5.0.10-2.el5 Red Hat Enterprise Linux 5 2007-03-14T00:00:00 RHSA-2007:0097 yelp-0:2.16.0-14.0.1.el5 Red Hat Enterprise Linux 5 2007-03-14T00:00:00 RHSA-2007:0108 thunderbird-0:1.5.0.10-1.el5 https://www.cve.org/CVERecord?id=CVE-2007-0780 https://nvd.nist.gov/vuln/detail/CVE-2007-0780 Moderate 2007-02-23T00:00:00 security flaw

Cross-zone vulnerability in Mozilla Firefox 1.5.0.9 considers blocked popups to have an internal zone origin, which allows user-assisted remote attackers to cross zone restrictions and read arbitrary file:// URIs by convincing a user to show a blocked popup.

Red Hat Enterprise Linux 2.1 2007-02-24T00:00:00 RHSA-2007:0077 seamonkey-0:1.0.8-0.2.el2 Red Hat Enterprise Linux 3 2007-02-24T00:00:00 RHSA-2007:0077 seamonkey-0:1.0.8-0.2.el3 Red Hat Enterprise Linux 4 2007-02-24T00:00:00 RHSA-2007:0077 devhelp-0:0.10-0.7.el4 Red Hat Enterprise Linux 4 2007-02-24T00:00:00 RHSA-2007:0077 seamonkey-0:1.0.8-0.2.el4 Red Hat Enterprise Linux 4 2007-03-02T00:00:00 RHSA-2007:0078 thunderbird-0:1.5.0.10-0.1.el4 Red Hat Enterprise Linux 4 2007-02-23T00:00:00 RHSA-2007:0079 firefox-0:1.5.0.10-0.1.el4 Red Hat Enterprise Linux 5 2007-03-14T00:00:00 RHSA-2007:0097 devhelp-0:0.12-10.0.1.el5 Red Hat Enterprise Linux 5 2007-03-14T00:00:00 RHSA-2007:0097 firefox-0:1.5.0.10-2.el5 Red Hat Enterprise Linux 5 2007-03-14T00:00:00 RHSA-2007:0097 yelp-0:2.16.0-14.0.1.el5 Red Hat Enterprise Linux 5 2007-03-14T00:00:00 RHSA-2007:0108 thunderbird-0:1.5.0.10-1.el5 https://www.cve.org/CVERecord?id=CVE-2007-0800 https://nvd.nist.gov/vuln/detail/CVE-2007-0800

umount, when running with the Linux 2.6.15 kernel on Slackware Linux 10.2, allows local users to trigger a NULL dereference and application crash by invoking the program with a pathname for a USB pen drive that was mounted and then physically removed, which might allow the users to obtain sensitive information, including core file contents.

Red Hat does not consider this issue to be a security vulnerability. On Red Hat Enterprise Linux processes that change their effective UID do not dump core by default when they receive a fatal signal. Therefore the NULL pointer dereference does not lead to an information leak. https://www.cve.org/CVERecord?id=CVE-2007-0822 https://nvd.nist.gov/vuln/detail/CVE-2007-0822

xterm on Slackware Linux 10.2 stores information that had been displayed for a different user account using the same xterm process, which might allow local users to bypass file permissions and read other users' files, or obtain other sensitive information, by reading the xterm process memory. NOTE: it could be argued that this is an expected consequence of multiple users sharing the same interactive process, in which case this is not a vulnerability.

Red Hat does not consider this issue to be a security vulnerability. It is correct and expected behavior for xterm not to zero-fill its scrollback buffer upon reception of terminal clear excape sequence. https://www.cve.org/CVERecord?id=CVE-2007-0823 https://nvd.nist.gov/vuln/detail/CVE-2007-0823 Moderate 2006-11-07T00:00:00 pam_ssh permits authentication with arbitrary string if a passphrase-less key exists

The auth_via_key function in pam_ssh.c in pam_ssh before 1.92, when the allow_blank_passphrase option is disabled, allows remote attackers to bypass authentication restrictions and use private encryption keys requiring a blank passphrase by entering a non-blank passphrase.

https://www.cve.org/CVERecord?id=CVE-2007-0844 https://nvd.nist.gov/vuln/detail/CVE-2007-0844 php session extension safe_mode/open_basedir bypass

PHP before 5.2.1 allows attackers to bypass safe_mode and open_basedir restrictions via unspecified vectors in the session extension. NOTE: it is possible that this issue is a duplicate of CVE-2006-6383.

We do not consider these to be security issues. For more details see https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1 and https://www.php.net/security-note.php https://www.cve.org/CVERecord?id=CVE-2007-0905 https://nvd.nist.gov/vuln/detail/CVE-2007-0905 Important 2007-02-14T00:00:00 security flaw

Multiple buffer overflows in PHP before 5.2.1 allow attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors in the (1) session, (2) zip, (3) imap, and (4) sqlite extensions; (5) stream filters; and the (6) str_replace, (7) mail, (8) ibase_delete_user, (9) ibase_add_user, and (10) ibase_modify_user functions. NOTE: vector 6 might actually be an integer overflow (CVE-2007-1885). NOTE: as of 20070411, vector (3) might involve the imap_mail_compose function (CVE-2007-1825).

Red Hat Enterprise Linux 2.1 2007-02-21T00:00:00 RHSA-2007:0081 php-0:4.1.2-2.14 Red Hat Enterprise Linux 3 2007-02-19T00:00:00 RHSA-2007:0076 php-0:4.3.2-39.ent Red Hat Enterprise Linux 4 2007-02-19T00:00:00 RHSA-2007:0076 php-0:4.3.9-3.22.3 Red Hat Enterprise Linux 5 2007-03-14T00:00:00 RHSA-2007:0082 php-0:5.1.6-7.el5 Red Hat Web Application Stack for RHEL 4 2007-02-22T00:00:00 RHSA-2007:0088 php-0:5.1.6-3.el4s1.5 Stronghold 4.0 for RHEL 2.1AS 2007-02-26T00:00:00 RHSA-2007:0089 stronghold-php-0:4.1.2-12 https://www.cve.org/CVERecord?id=CVE-2007-0906 https://nvd.nist.gov/vuln/detail/CVE-2007-0906 Low 2007-02-14T00:00:00 security flaw

Buffer underflow in PHP before 5.2.1 allows attackers to cause a denial of service via unspecified vectors involving the sapi_header_op function.

Red Hat Enterprise Linux 2.1 2007-02-21T00:00:00 RHSA-2007:0081 php-0:4.1.2-2.14 Red Hat Enterprise Linux 3 2007-02-19T00:00:00 RHSA-2007:0076 php-0:4.3.2-39.ent Red Hat Enterprise Linux 4 2007-02-19T00:00:00 RHSA-2007:0076 php-0:4.3.9-3.22.3 Red Hat Enterprise Linux 5 2007-03-14T00:00:00 RHSA-2007:0082 php-0:5.1.6-7.el5 Red Hat Web Application Stack for RHEL 4 2007-02-22T00:00:00 RHSA-2007:0088 php-0:5.1.6-3.el4s1.5 Stronghold 4.0 for RHEL 2.1AS 2007-02-26T00:00:00 RHSA-2007:0089 stronghold-php-0:4.1.2-12 https://www.cve.org/CVERecord?id=CVE-2007-0907 https://nvd.nist.gov/vuln/detail/CVE-2007-0907 Moderate 2007-02-14T00:00:00 security flaw

The WDDX deserializer in the wddx extension in PHP 5 before 5.2.1 and PHP 4 before 4.4.5 does not properly initialize the key_length variable for a numerical key, which allows context-dependent attackers to read stack memory via a wddxPacket element that contains a variable with a string name before a numerical variable.

Red Hat Enterprise Linux 2.1 2007-02-21T00:00:00 RHSA-2007:0081 php-0:4.1.2-2.14 Red Hat Enterprise Linux 3 2007-02-19T00:00:00 RHSA-2007:0076 php-0:4.3.2-39.ent Red Hat Enterprise Linux 4 2007-02-19T00:00:00 RHSA-2007:0076 php-0:4.3.9-3.22.3 Red Hat Enterprise Linux 5 2007-03-14T00:00:00 RHSA-2007:0082 php-0:5.1.6-7.el5 Red Hat Web Application Stack for RHEL 4 2007-02-22T00:00:00 RHSA-2007:0088 php-0:5.1.6-3.el4s1.5 Stronghold 4.0 for RHEL 2.1AS 2007-02-26T00:00:00 RHSA-2007:0089 stronghold-php-0:4.1.2-12 https://www.cve.org/CVERecord?id=CVE-2007-0908 https://nvd.nist.gov/vuln/detail/CVE-2007-0908 Low 2007-02-14T00:00:00 security flaw

Multiple format string vulnerabilities in PHP before 5.2.1 might allow attackers to execute arbitrary code via format string specifiers to (1) all of the *print functions on 64-bit systems, and (2) the odbc_result_all function.

Red Hat Enterprise Linux 2.1 2007-02-21T00:00:00 RHSA-2007:0081 php-0:4.1.2-2.14 Red Hat Enterprise Linux 3 2007-02-19T00:00:00 RHSA-2007:0076 php-0:4.3.2-39.ent Red Hat Enterprise Linux 4 2007-02-19T00:00:00 RHSA-2007:0076 php-0:4.3.9-3.22.3 Red Hat Enterprise Linux 5 2007-03-14T00:00:00 RHSA-2007:0082 php-0:5.1.6-7.el5 Red Hat Web Application Stack for RHEL 4 2007-02-22T00:00:00 RHSA-2007:0088 php-0:5.1.6-3.el4s1.5 Stronghold 4.0 for RHEL 2.1AS 2007-02-26T00:00:00 RHSA-2007:0089 stronghold-php-0:4.1.2-12 https://www.cve.org/CVERecord?id=CVE-2007-0909 https://nvd.nist.gov/vuln/detail/CVE-2007-0909 Important 2007-02-14T00:00:00 security flaw

Unspecified vulnerability in PHP before 5.2.1 allows attackers to "clobber" certain super-global variables via unspecified vectors.

Red Hat Enterprise Linux 2.1 2007-02-21T00:00:00 RHSA-2007:0081 php-0:4.1.2-2.14 Red Hat Enterprise Linux 3 2007-02-19T00:00:00 RHSA-2007:0076 php-0:4.3.2-39.ent Red Hat Enterprise Linux 4 2007-02-19T00:00:00 RHSA-2007:0076 php-0:4.3.9-3.22.3 Red Hat Enterprise Linux 5 2007-03-14T00:00:00 RHSA-2007:0082 php-0:5.1.6-7.el5 Red Hat Web Application Stack for RHEL 4 2007-02-22T00:00:00 RHSA-2007:0088 php-0:5.1.6-3.el4s1.5 Stronghold 4.0 for RHEL 2.1AS 2007-02-26T00:00:00 RHSA-2007:0089 stronghold-php-0:4.1.2-12 https://www.cve.org/CVERecord?id=CVE-2007-0910 https://nvd.nist.gov/vuln/detail/CVE-2007-0910

Off-by-one error in the str_ireplace function in PHP 5.2.1 might allow context-dependent attackers to cause a denial of service (crash).

Not vulnerable. This flaw is a regression of the fix for CVE-2007-0906 affecting PHP version 5.2.1 only which results in any use of str_replace() causing a crash regardless of user input. These issues did not affect the versions of PHP as shipped with Red Hat Enterprise Linux 2.1, 3, or 4. https://www.cve.org/CVERecord?id=CVE-2007-0911 https://nvd.nist.gov/vuln/detail/CVE-2007-0911 Critical 2007-04-03T00:00:00 Unauthorized access via krb5-telnet daemon

The telnet daemon (telnetd) in MIT krb5 before 1.6.1 allows remote attackers to bypass authentication and gain system access via a username beginning with a '-' character, a similar issue to CVE-2007-0882.

Red Hat would like to thank the MIT Kerberos project for reporting this issue. Red Hat Enterprise Linux 2.1 2007-04-03T00:00:00 RHSA-2007:0095 krb5-0:1.2.2-44 Red Hat Enterprise Linux 3 2007-04-03T00:00:00 RHSA-2007:0095 krb5-0:1.2.7-61 Red Hat Enterprise Linux 4 2007-04-03T00:00:00 RHSA-2007:0095 krb5-0:1.3.4-46 Red Hat Enterprise Linux 5 2007-04-03T00:00:00 RHSA-2007:0095 krb5-0:1.5-23 https://www.cve.org/CVERecord?id=CVE-2007-0956 https://nvd.nist.gov/vuln/detail/CVE-2007-0956 Important 2007-04-03T00:00:00 krb5_klog_syslog() stack buffer overflow

Stack-based buffer overflow in the krb5_klog_syslog function in the kadm5 library, as used by the Kerberos administration daemon (kadmind) and Key Distribution Center (KDC), in MIT krb5 before 1.6.1 allows remote authenticated users to execute arbitrary code and modify the Kerberos key database via crafted arguments, possibly involving certain format string specifiers.

Red Hat would like to thank iDefense and the MIT Kerberos project for reporting this issue. Red Hat Enterprise Linux 2.1 2007-04-03T00:00:00 RHSA-2007:0095 krb5-0:1.2.2-44 Red Hat Enterprise Linux 3 2007-04-03T00:00:00 RHSA-2007:0095 krb5-0:1.2.7-61 Red Hat Enterprise Linux 4 2007-04-03T00:00:00 RHSA-2007:0095 krb5-0:1.3.4-46 Red Hat Enterprise Linux 5 2007-04-03T00:00:00 RHSA-2007:0095 krb5-0:1.5-23 https://www.cve.org/CVERecord?id=CVE-2007-0957 https://nvd.nist.gov/vuln/detail/CVE-2007-0957 Low 2007-01-26T00:00:00 core-dumping unreadable binaries via PT_INTERP

Linux kernel 2.6.x before 2.6.20 allows local users to read unreadable binaries by using the interpreter (PT_INTERP) functionality and triggering a core dump, a variant of CVE-2004-1073.

Red Hat Enterprise Linux 4 2007-06-25T00:00:00 RHSA-2007:0488 kernel-0:2.6.9-55.0.2.EL Red Hat Enterprise Linux 5 2007-03-14T00:00:00 RHSA-2007:0099 kernel-0:2.6.18-8.1.1.el5 https://www.cve.org/CVERecord?id=CVE-2007-0958 https://nvd.nist.gov/vuln/detail/CVE-2007-0958 Moderate 2007-02-23T00:00:00 : seamonkey cookie setting / same-domain bypass vulnerability

Mozilla based browsers, including Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8, allow remote attackers to bypass the same origin policy, steal cookies, and conduct other attacks by writing a URI with a null byte to the hostname (location.hostname) DOM property, due to interactions with DNS resolver code.

Red Hat Enterprise Linux 2.1 2007-02-24T00:00:00 RHSA-2007:0077 seamonkey-0:1.0.8-0.2.el2 Red Hat Enterprise Linux 3 2007-02-24T00:00:00 RHSA-2007:0077 seamonkey-0:1.0.8-0.2.el3 Red Hat Enterprise Linux 4 2007-02-24T00:00:00 RHSA-2007:0077 devhelp-0:0.10-0.7.el4 Red Hat Enterprise Linux 4 2007-02-24T00:00:00 RHSA-2007:0077 seamonkey-0:1.0.8-0.2.el4 Red Hat Enterprise Linux 4 2007-03-02T00:00:00 RHSA-2007:0078 thunderbird-0:1.5.0.10-0.1.el4 Red Hat Enterprise Linux 4 2007-02-23T00:00:00 RHSA-2007:0079 firefox-0:1.5.0.10-0.1.el4 Red Hat Enterprise Linux 5 2007-03-14T00:00:00 RHSA-2007:0097 devhelp-0:0.12-10.0.1.el5 Red Hat Enterprise Linux 5 2007-03-14T00:00:00 RHSA-2007:0097 firefox-0:1.5.0.10-2.el5 Red Hat Enterprise Linux 5 2007-03-14T00:00:00 RHSA-2007:0097 yelp-0:2.16.0-14.0.1.el5 Red Hat Enterprise Linux 5 2007-03-14T00:00:00 RHSA-2007:0108 thunderbird-0:1.5.0.10-1.el5 https://www.cve.org/CVERecord?id=CVE-2007-0981 https://nvd.nist.gov/vuln/detail/CVE-2007-0981 Moderate 2007-02-14T00:00:00 security flaw

The zend_hash_init function in PHP 5 before 5.2.1 and PHP 4 before 4.4.5, when running on a 64-bit platform, allows context-dependent attackers to cause a denial of service (infinite loop) by unserializing certain integer expressions, which only cause 32-bit arguments to be used after the check for a negative value, as demonstrated by an "a:2147483649:{" argument.

Red Hat Enterprise Linux 2.1 2007-02-21T00:00:00 RHSA-2007:0081 php-0:4.1.2-2.14 Red Hat Enterprise Linux 3 2007-02-19T00:00:00 RHSA-2007:0076 php-0:4.3.2-39.ent Red Hat Enterprise Linux 4 2007-02-19T00:00:00 RHSA-2007:0076 php-0:4.3.9-3.22.3 Red Hat Enterprise Linux 5 2007-03-14T00:00:00 RHSA-2007:0082 php-0:5.1.6-7.el5 Red Hat Web Application Stack for RHEL 4 2007-02-22T00:00:00 RHSA-2007:0088 php-0:5.1.6-3.el4s1.5 Stronghold 4.0 for RHEL 2.1AS 2007-02-26T00:00:00 RHSA-2007:0089 stronghold-php-0:4.1.2-12 https://www.cve.org/CVERecord?id=CVE-2007-0988 https://nvd.nist.gov/vuln/detail/CVE-2007-0988 Critical 2007-03-05T00:00:00 security flaw

A regression error in Mozilla Firefox 2.x before 2.0.0.2 and 1.x before 1.5.0.10, and SeaMonkey 1.1 before 1.1.1 and 1.0 before 1.0.8, allows remote attackers to execute arbitrary JavaScript as the user via an HTML mail message with a javascript: URI in an (1) img, (2) link, or (3) style tag, which bypasses the access checks and executes code with chrome privileges.

Red Hat Enterprise Linux 2.1 2007-02-24T00:00:00 RHSA-2007:0077 seamonkey-0:1.0.8-0.2.el2 Red Hat Enterprise Linux 3 2007-02-24T00:00:00 RHSA-2007:0077 seamonkey-0:1.0.8-0.2.el3 Red Hat Enterprise Linux 4 2007-02-24T00:00:00 RHSA-2007:0077 devhelp-0:0.10-0.7.el4 Red Hat Enterprise Linux 4 2007-02-24T00:00:00 RHSA-2007:0077 seamonkey-0:1.0.8-0.2.el4 Red Hat Enterprise Linux 4 2007-02-23T00:00:00 RHSA-2007:0079 firefox-0:1.5.0.10-0.1.el4 Red Hat Enterprise Linux 5 2007-03-14T00:00:00 RHSA-2007:0097 devhelp-0:0.12-10.0.1.el5 Red Hat Enterprise Linux 5 2007-03-14T00:00:00 RHSA-2007:0097 firefox-0:1.5.0.10-2.el5 Red Hat Enterprise Linux 5 2007-03-14T00:00:00 RHSA-2007:0097 yelp-0:2.16.0-14.0.1.el5 https://www.cve.org/CVERecord?id=CVE-2007-0994 https://nvd.nist.gov/vuln/detail/CVE-2007-0994 Moderate 2007-02-23T00:00:00 security flaw

Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 ignores trailing invalid HTML characters in attribute names, which allows remote attackers to bypass content filters that use regular expressions.

Red Hat Enterprise Linux 2.1 2007-02-24T00:00:00 RHSA-2007:0077 seamonkey-0:1.0.8-0.2.el2 Red Hat Enterprise Linux 3 2007-02-24T00:00:00 RHSA-2007:0077 seamonkey-0:1.0.8-0.2.el3 Red Hat Enterprise Linux 4 2007-02-24T00:00:00 RHSA-2007:0077 devhelp-0:0.10-0.7.el4 Red Hat Enterprise Linux 4 2007-02-24T00:00:00 RHSA-2007:0077 seamonkey-0:1.0.8-0.2.el4 Red Hat Enterprise Linux 4 2007-03-02T00:00:00 RHSA-2007:0078 thunderbird-0:1.5.0.10-0.1.el4 Red Hat Enterprise Linux 4 2007-02-23T00:00:00 RHSA-2007:0079 firefox-0:1.5.0.10-0.1.el4 Red Hat Enterprise Linux 5 2007-03-14T00:00:00 RHSA-2007:0097 devhelp-0:0.12-10.0.1.el5 Red Hat Enterprise Linux 5 2007-03-14T00:00:00 RHSA-2007:0097 firefox-0:1.5.0.10-2.el5 Red Hat Enterprise Linux 5 2007-03-14T00:00:00 RHSA-2007:0097 yelp-0:2.16.0-14.0.1.el5 Red Hat Enterprise Linux 5 2007-03-14T00:00:00 RHSA-2007:0108 thunderbird-0:1.5.0.10-1.el5 https://www.cve.org/CVERecord?id=CVE-2007-0995 https://nvd.nist.gov/vuln/detail/CVE-2007-0995 Moderate 2007-02-23T00:00:00 security flaw

The child frames in Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 inherit the default charset from the parent window, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated using the UTF-7 character set.

Red Hat Enterprise Linux 2.1 2007-02-24T00:00:00 RHSA-2007:0077 seamonkey-0:1.0.8-0.2.el2 Red Hat Enterprise Linux 3 2007-02-24T00:00:00 RHSA-2007:0077 seamonkey-0:1.0.8-0.2.el3 Red Hat Enterprise Linux 4 2007-02-24T00:00:00 RHSA-2007:0077 devhelp-0:0.10-0.7.el4 Red Hat Enterprise Linux 4 2007-02-24T00:00:00 RHSA-2007:0077 seamonkey-0:1.0.8-0.2.el4 Red Hat Enterprise Linux 4 2007-03-02T00:00:00 RHSA-2007:0078 thunderbird-0:1.5.0.10-0.1.el4 Red Hat Enterprise Linux 4 2007-02-23T00:00:00 RHSA-2007:0079 firefox-0:1.5.0.10-0.1.el4 Red Hat Enterprise Linux 5 2007-03-14T00:00:00 RHSA-2007:0097 devhelp-0:0.12-10.0.1.el5 Red Hat Enterprise Linux 5 2007-03-14T00:00:00 RHSA-2007:0097 firefox-0:1.5.0.10-2.el5 Red Hat Enterprise Linux 5 2007-03-14T00:00:00 RHSA-2007:0097 yelp-0:2.16.0-14.0.1.el5 Red Hat Enterprise Linux 5 2007-03-14T00:00:00 RHSA-2007:0108 thunderbird-0:1.5.0.10-1.el5 https://www.cve.org/CVERecord?id=CVE-2007-0996 https://nvd.nist.gov/vuln/detail/CVE-2007-0996 Important 2007-03-14T00:00:00 HVM guest VNC server allows compromise of entire host OS by any VNC console user

The VNC server implementation in QEMU, as used by Xen and possibly other environments, allows local users of a guest operating system to read arbitrary files on the host operating system via unspecified vectors related to QEMU monitor mode, as demonstrated by mapping files to a CDROM device. NOTE: some of these details are obtained from third party information.

Red Hat Enterprise Linux 5 2007-03-14T00:00:00 RHSA-2007:0114 xen-0:3.0.3-25.0.3.el5 https://www.cve.org/CVERecord?id=CVE-2007-0998 https://nvd.nist.gov/vuln/detail/CVE-2007-0998 Critical 2007-03-14T00:00:00 security flaw

Format string vulnerability in Ekiga 2.0.3, and probably other versions, allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2007-1006.

Red Hat Enterprise Linux 5 2007-03-14T00:00:00 RHSA-2007:0087 ekiga-0:2.0.2-7.0.2 https://www.cve.org/CVERecord?id=CVE-2007-0999 https://nvd.nist.gov/vuln/detail/CVE-2007-0999 Important 2007-03-06T00:00:00 security flaw

The ipv6_getsockopt_sticky function in net/ipv6/ipv6_sockglue.c in the Linux kernel before 2.6.20.2 allows local users to read arbitrary kernel memory via certain getsockopt calls that trigger a NULL dereference.

Red Hat Enterprise Linux 5 2007-04-30T00:00:00 RHSA-2007:0169 kernel-0:2.6.18-8.1.3.el5 https://www.cve.org/CVERecord?id=CVE-2007-1000 https://nvd.nist.gov/vuln/detail/CVE-2007-1000 Moderate 2007-03-10T00:00:00 security flaw

Multiple integer overflows in the (1) createwbmp and (2) readwbmp functions in wbmp.c in the GD library (libgd) in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allow context-dependent attackers to execute arbitrary code via Wireless Bitmap (WBMP) images with large width or height values.

This issue was fixed in php package updates for Red Hat Enterprise Linux and Red Hat Application Stack: http://rhn.redhat.com/cve/CVE-2007-1001.html This issue did not affect the versions of gd as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5. Red Hat Enterprise Linux 3 2007-04-16T00:00:00 RHSA-2007:0155 php-0:4.3.2-40.ent Red Hat Enterprise Linux 4 2007-04-16T00:00:00 RHSA-2007:0155 php-0:4.3.9-3.22.4 Red Hat Enterprise Linux 5 2007-04-20T00:00:00 RHSA-2007:0153 php-0:5.1.6-11.el5 Red Hat Web Application Stack for RHEL 4 2007-04-16T00:00:00 RHSA-2007:0162 php-0:5.1.6-3.el4s1.6 https://www.cve.org/CVERecord?id=CVE-2007-1001 https://nvd.nist.gov/vuln/detail/CVE-2007-1001 Moderate 2007-03-28T00:00:00 evolution format string flaw

Format string vulnerability in the write_html function in calendar/gui/e-cal-component-memo-preview.c in Evolution Shared Memo 2.8.2.1, and possibly earlier versions, allows user-assisted remote attackers to execute arbitrary code via format specifiers in the categories of a crafted shared memo.

Red Hat would like to thank Ulf Härnhammar (Secunia Research) for reporting this issue. Red Hat Enterprise Linux 5 2007-05-03T00:00:00 RHSA-2007:0158 evolution-0:2.8.0-33.0.1.el5 https://www.cve.org/CVERecord?id=CVE-2007-1002 https://nvd.nist.gov/vuln/detail/CVE-2007-1002 Important 2007-04-03T00:00:00 xserver XC-MISC integer overflow

Integer overflow in ALLOCATE_LOCAL in the ProcXCMiscGetXIDList function in the XC-MISC extension in the X.Org X11 server (xserver) 7.1-1.1.0, and other versions before 20070403, allows remote authenticated users to execute arbitrary code via a large expression, which results in memory corruption.

Red Hat Enterprise Linux 2.1 2007-04-03T00:00:00 RHSA-2007:0125 XFree86-0:4.1.0-82.EL Red Hat Enterprise Linux 3 2007-04-03T00:00:00 RHSA-2007:0125 XFree86-0:4.3.0-120.EL Red Hat Enterprise Linux 4 2007-04-03T00:00:00 RHSA-2007:0126 xorg-x11-0:6.8.2-1.EL.13.37.7 Red Hat Enterprise Linux 5 2007-04-03T00:00:00 RHSA-2007:0127 xorg-x11-server-0:1.1.1-48.13.0.1.el5 https://www.cve.org/CVERecord?id=CVE-2007-1003 https://nvd.nist.gov/vuln/detail/CVE-2007-1003 Critical 2007-02-13T00:00:00 Ekiga format string flaw

Multiple format string vulnerabilities in the gm_main_window_flash_message function in Ekiga before 2.0.5 allow attackers to cause a denial of service and possibly execute arbitrary code via a crafted Q.931 SETUP packet.

Red Hat Enterprise Linux 5 2007-03-14T00:00:00 RHSA-2007:0087 ekiga-0:2.0.2-7.0.2 https://www.cve.org/CVERecord?id=CVE-2007-1006 https://nvd.nist.gov/vuln/detail/CVE-2007-1006 Critical 2007-02-13T00:00:00 security flaw

Format string vulnerability in GnomeMeeting 1.0.2 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format strings in the name, which is not properly handled in a call to the gnomemeeting_log_insert function.

Red Hat Enterprise Linux 3 2007-02-20T00:00:00 RHSA-2007:0086 gnomemeeting-0:0.96.0-5 Red Hat Enterprise Linux 4 2007-02-20T00:00:00 RHSA-2007:0086 gnomemeeting-0:1.0.2-9 https://www.cve.org/CVERecord?id=CVE-2007-1007 https://nvd.nist.gov/vuln/detail/CVE-2007-1007 CVE-2007-1030: libevent < 1.3 DoS

Niels Provos libevent 1.2 and 1.2a allows remote attackers to cause a denial of service (infinite loop) via a DNS response containing a label pointer that references its own offset.

Not vulnerable. This issue did not affect versions of libevent as shipped with Red Hat Enterprise Linux 5. https://www.cve.org/CVERecord?id=CVE-2007-1030 https://nvd.nist.gov/vuln/detail/CVE-2007-1030

The default configuration of JBoss does not restrict access to the (1) console and (2) web management interfaces, which allows remote attackers to bypass authentication and gain administrative access via direct requests.

The JBoss AS console manager should always be secured prior to deployment, as directed in the JBoss Application Server Guide and release notes. By default, the JBoss AS installer gives users the ability to password protect the console manager. If the user did not use the installer, the raw JBoss services will be in a completely unconfigured state and these steps should be performed manually: http://wiki.jboss.org/wiki/Wiki.jsp?page=SecureJBoss https://www.cve.org/CVERecord?id=CVE-2007-1036 https://nvd.nist.gov/vuln/detail/CVE-2007-1036 Critical 2007-02-23T00:00:00 security flaw

Mozilla Firefox 1.5.0.9 and 2.0.0.1, and SeaMonkey before 1.0.8 allow remote attackers to execute arbitrary code via JavaScript onUnload handlers that modify the structure of a document, wich triggers memory corruption due to the lack of a finalize hook on DOM window objects.

Red Hat Enterprise Linux 2.1 2007-02-24T00:00:00 RHSA-2007:0077 seamonkey-0:1.0.8-0.2.el2 Red Hat Enterprise Linux 3 2007-02-24T00:00:00 RHSA-2007:0077 seamonkey-0:1.0.8-0.2.el3 Red Hat Enterprise Linux 4 2007-02-24T00:00:00 RHSA-2007:0077 devhelp-0:0.10-0.7.el4 Red Hat Enterprise Linux 4 2007-02-24T00:00:00 RHSA-2007:0077 seamonkey-0:1.0.8-0.2.el4 Red Hat Enterprise Linux 4 2007-03-02T00:00:00 RHSA-2007:0078 thunderbird-0:1.5.0.10-0.1.el4 Red Hat Enterprise Linux 4 2007-02-23T00:00:00 RHSA-2007:0079 firefox-0:1.5.0.10-0.1.el4 https://www.cve.org/CVERecord?id=CVE-2007-1092 https://nvd.nist.gov/vuln/detail/CVE-2007-1092 Moderate 2007-02-23T00:00:00 security flaw

Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 do not properly implement JavaScript onUnload handlers, which allows remote attackers to run certain JavaScript code and access the location DOM hierarchy in the context of the next web site that is visited by a client.

Red Hat Enterprise Linux 2.1 2007-10-19T00:00:00 RHSA-2007:0980 seamonkey-0:1.0.9-0.6.el2 Red Hat Enterprise Linux 3 2007-10-19T00:00:00 RHSA-2007:0980 seamonkey-0:1.0.9-0.5.el3 Red Hat Enterprise Linux 4 2007-10-19T00:00:00 RHSA-2007:0979 firefox-0:1.5.0.12-0.7.el4 Red Hat Enterprise Linux 4 2007-10-19T00:00:00 RHSA-2007:0980 seamonkey-0:1.0.9-6.el4 Red Hat Enterprise Linux 4 2007-10-19T00:00:00 RHSA-2007:0981 thunderbird-0:1.5.0.12-0.5.el4 Red Hat Enterprise Linux 5 2007-10-19T00:00:00 RHSA-2007:0979 firefox-0:1.5.0.12-6.el5 Red Hat Enterprise Linux 5 2007-10-19T00:00:00 RHSA-2007:0981 thunderbird-0:1.5.0.12-5.el5 https://www.cve.org/CVERecord?id=CVE-2007-1095 https://nvd.nist.gov/vuln/detail/CVE-2007-1095 Low 2007-02-28T00:00:00 file: // URL execution

Adobe Reader and Acrobat Trial allow remote attackers to read arbitrary files via a file:// URI in a PDF document, as demonstrated with <</URI(file:///C:/)/S/URI>>, a different issue than CVE-2007-0045.

The Red Hat Product Security has rated this issue as having low security impact, a future update may address this flaw. https://www.cve.org/CVERecord?id=CVE-2007-1199 https://nvd.nist.gov/vuln/detail/CVE-2007-1199 Important 2007-04-03T00:00:00 krb5 double free flaw

Double free vulnerability in the GSS-API library (lib/gssapi/krb5/k5unseal.c), as used by the Kerberos administration daemon (kadmind) in MIT krb5 before 1.6.1, when used with the authentication method provided by the RPCSEC_GSS RPC library, allows remote authenticated users to execute arbitrary code and modify the Kerberos key database via a message with an "an invalid direction encoding".

Red Hat would like to thank the MIT Kerberos project for reporting this issue. Red Hat Enterprise Linux 2.1 2007-04-03T00:00:00 RHSA-2007:0095 krb5-0:1.2.2-44 Red Hat Enterprise Linux 3 2007-04-03T00:00:00 RHSA-2007:0095 krb5-0:1.2.7-61 Red Hat Enterprise Linux 4 2007-04-03T00:00:00 RHSA-2007:0095 krb5-0:1.3.4-46 Red Hat Enterprise Linux 5 2007-04-03T00:00:00 RHSA-2007:0095 krb5-0:1.5-23 https://www.cve.org/CVERecord?id=CVE-2007-1216 https://nvd.nist.gov/vuln/detail/CVE-2007-1216 Moderate 2007-03-14T00:00:00 Kernel: CAPI overflow

Buffer overflow in the bufprint function in capiutil.c in libcapi, as used in Linux kernel 2.6.9 to 2.6.20 and isdn4k-utils, allows local users to cause a denial of service (crash) and possibly gain privileges via a crafted CAPI packet.

Red Hat Enterprise Linux 2.1 2007-08-08T00:00:00 RHSA-2007:0672 kernel-0:2.4.9-e.72 Red Hat Enterprise Linux 2.1 2007-08-08T00:00:00 RHSA-2007:0673 kernel-0:2.4.18-e.65 Red Hat Enterprise Linux 3 2007-08-16T00:00:00 RHSA-2007:0671 kernel-0:2.4.21-51.EL Red Hat Enterprise Linux 4 2007-09-04T00:00:00 RHSA-2007:0774 kernel-0:2.6.9-55.0.6.EL Red Hat Enterprise Linux 5 2007-09-13T00:00:00 RHSA-2007:0705 kernel-0:2.6.18-8.1.10.el5 https://www.cve.org/CVERecord?id=CVE-2007-1217 https://nvd.nist.gov/vuln/detail/CVE-2007-1217 Low 2007-03-01T00:00:00 tcpdump denial of service

Off-by-one buffer overflow in the parse_elements function in the 802.11 printer code (print-802_11.c) for tcpdump 3.9.5 and earlier allows remote attackers to cause a denial of service (crash) via a crafted 802.11 frame. NOTE: this was originally referred to as heap-based, but it might be stack-based.

Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=232347 The Red Hat Product Security has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: https://access.redhat.com/security/updates/classification/ Red Hat Enterprise Linux 4 2007-11-15T00:00:00 RHSA-2007:0387 tcpdump-14:3.8.2-12.el4 Red Hat Enterprise Linux 5 2007-11-07T00:00:00 RHSA-2007:0368 tcpdump-14:3.9.4-11.el5 https://www.cve.org/CVERecord?id=CVE-2007-1218 https://nvd.nist.gov/vuln/detail/CVE-2007-1218 Moderate 2007-05-09T00:00:00 XSS through HTML message in squirrelmail CWE-79

Multiple cross-site scripting (XSS) vulnerabilities in the HTML filter in SquirrelMail 1.4.0 through 1.4.9a allow remote attackers to inject arbitrary web script or HTML via the (1) data: URI in an HTML e-mail attachment or (2) various non-ASCII character sets that are not properly filtered when viewed with Microsoft Internet Explorer.

Red Hat Enterprise Linux 3 2007-05-17T00:00:00 RHSA-2007:0358 squirrelmail-0:1.4.8-6.el3 Red Hat Enterprise Linux 4 2007-05-17T00:00:00 RHSA-2007:0358 squirrelmail-0:1.4.8-4.0.1.el4 Red Hat Enterprise Linux 5 2007-05-17T00:00:00 RHSA-2007:0358 squirrelmail-0:1.4.8-4.0.1.el5 https://www.cve.org/CVERecord?id=CVE-2007-1262 https://nvd.nist.gov/vuln/detail/CVE-2007-1262 Important 2007-03-05T00:00:00 gnupg/gpgme signed message spoofing

GnuPG 1.4.6 and earlier and GPGME before 1.1.4, when run from the command line, does not visually distinguish signed and unsigned portions of OpenPGP messages with multiple components, which might allow remote attackers to forge the contents of a message without detection.

Red Hat would like to thank Core Security Technologies for reporting this issue. Red Hat Enterprise Linux 2.1 2007-03-06T00:00:00 RHSA-2007:0106 gnupg-0:1.0.7-21 Red Hat Enterprise Linux 3 2007-03-06T00:00:00 RHSA-2007:0106 gnupg-0:1.2.1-20 Red Hat Enterprise Linux 4 2007-03-06T00:00:00 RHSA-2007:0106 gnupg-0:1.2.6-9 Red Hat Enterprise Linux 5 2007-03-14T00:00:00 RHSA-2007:0107 gnupg-0:1.4.5-13 https://www.cve.org/CVERecord?id=CVE-2007-1263 https://nvd.nist.gov/vuln/detail/CVE-2007-1263 Critical 2007-03-05T00:00:00 security flaw

Integer overflow in Mozilla Thunderbird before 1.5.0.10 and SeaMonkey before 1.0.8 allows remote attackers to trigger a buffer overflow and possibly execute arbitrary code via a text/enhanced or text/richtext e-mail message with an extremely long line.

Red Hat Enterprise Linux 2.1 2007-02-24T00:00:00 RHSA-2007:0077 seamonkey-0:1.0.8-0.2.el2 Red Hat Enterprise Linux 3 2007-02-24T00:00:00 RHSA-2007:0077 seamonkey-0:1.0.8-0.2.el3 Red Hat Enterprise Linux 4 2007-02-24T00:00:00 RHSA-2007:0077 devhelp-0:0.10-0.7.el4 Red Hat Enterprise Linux 4 2007-02-24T00:00:00 RHSA-2007:0077 seamonkey-0:1.0.8-0.2.el4 Red Hat Enterprise Linux 4 2007-03-02T00:00:00 RHSA-2007:0078 thunderbird-0:1.5.0.10-0.1.el4 Red Hat Enterprise Linux 5 2007-03-14T00:00:00 RHSA-2007:0108 thunderbird-0:1.5.0.10-1.el5 https://www.cve.org/CVERecord?id=CVE-2007-1282 https://nvd.nist.gov/vuln/detail/CVE-2007-1282 Moderate 2007-03-01T00:00:00 security flaw

The Zend Engine in PHP 4.x before 4.4.7, and 5.x before 5.2.2, allows remote attackers to cause a denial of service (stack exhaustion and PHP crash) via deeply nested arrays, which trigger deep recursion in the variable destruction routines.

Red Hat Enterprise Linux 2.1 2007-04-16T00:00:00 RHSA-2007:0154 php-0:4.1.2-2.17 Red Hat Enterprise Linux 3 2007-04-16T00:00:00 RHSA-2007:0155 php-0:4.3.2-40.ent Red Hat Enterprise Linux 4 2007-04-16T00:00:00 RHSA-2007:0155 php-0:4.3.9-3.22.4 Red Hat Enterprise Linux 5 2007-03-14T00:00:00 RHSA-2007:0082 php-0:5.1.6-7.el5 Red Hat Web Application Stack for RHEL 4 2007-04-16T00:00:00 RHSA-2007:0162 php-0:5.1.6-3.el4s1.6 Stronghold 4.0 for RHEL 2.1AS 2007-04-20T00:00:00 RHSA-2007:0163 stronghold-php-0:4.1.2-15 https://www.cve.org/CVERecord?id=CVE-2007-1285 https://nvd.nist.gov/vuln/detail/CVE-2007-1285 Important 2007-03-02T00:00:00 security flaw

Integer overflow in PHP 4.4.4 and earlier allows remote context-dependent attackers to execute arbitrary code via a long string to the unserialize function, which triggers the overflow in the ZVAL reference counter.

Red Hat Enterprise Linux 2.1 2007-04-16T00:00:00 RHSA-2007:0154 php-0:4.1.2-2.17 Red Hat Enterprise Linux 3 2007-04-16T00:00:00 RHSA-2007:0155 php-0:4.3.2-40.ent Red Hat Enterprise Linux 4 2007-04-16T00:00:00 RHSA-2007:0155 php-0:4.3.9-3.22.4 Stronghold 4.0 for RHEL 2.1AS 2007-04-20T00:00:00 RHSA-2007:0163 stronghold-php-0:4.1.2-15 https://www.cve.org/CVERecord?id=CVE-2007-1286 https://nvd.nist.gov/vuln/detail/CVE-2007-1286

A regression error in the phpinfo function in PHP 4.4.3 to 4.4.6, and PHP 6.0 in CVS, allows remote attackers to conduct cross-site scripting (XSS) attacks via GET, POST, or COOKIE array values, which are not escaped in the phpinfo output, as originally fixed for CVE-2005-3388.

The phpinfo function should not be used in publically-accessible PHP scripts. https://www.cve.org/CVERecord?id=CVE-2007-1287 https://nvd.nist.gov/vuln/detail/CVE-2007-1287 Low 2007-03-04T00:00:00 kdelibs KDE JavaScript denial of service (crash)

ecma/kjs_html.cpp in KDE JavaScript (KJS), as used in Konqueror in KDE 3.5.5, allows remote attackers to cause a denial of service (crash) by accessing the content of an iframe with an ftp:// URI in the src attribute, probably due to a NULL pointer dereference.

Red Hat Enterprise Linux 4 2007-10-08T00:00:00 RHSA-2007:0909 kdelibs-6:3.3.1-9.el4 Red Hat Enterprise Linux 5 2007-10-08T00:00:00 RHSA-2007:0909 kdelibs-6:3.5.4-13.el5 https://www.cve.org/CVERecord?id=CVE-2007-1308 https://nvd.nist.gov/vuln/detail/CVE-2007-1308 Important 2007-04-20T00:00:00 xen/qemu Cirrus LGD-54XX "bitblt" Heap Overflow

Multiple heap-based buffer overflows in the cirrus_invalidate_region function in the Cirrus VGA extension in QEMU 0.8.2, as used in Xen and possibly other products, might allow local users to execute arbitrary code via unspecified vectors related to "attempting to mark non-existent regions as dirty," aka the "bitblt" heap overflow.

Red Hat Enterprise Linux 5 2007-10-02T00:00:00 RHSA-2007:0323 xen-0:3.0.3-25.0.4.el5 https://www.cve.org/CVERecord?id=CVE-2007-1320 https://nvd.nist.gov/vuln/detail/CVE-2007-1320 Low 2007-04-20T00:00:00 xen QEMU NE2000 emulation issues

Integer signedness error in the NE2000 emulator in QEMU 0.8.2, as used in Xen and possibly other products, allows local users to trigger a heap-based buffer overflow via certain register values that bypass sanity checks, aka QEMU NE2000 "receive" integer signedness error. NOTE: this identifier was inadvertently used by some sources to cover multiple issues that were labeled "NE2000 network driver and the socket code," but separate identifiers have been created for the individual vulnerabilities since there are sometimes different fixes; see CVE-2007-5729 and CVE-2007-5730.

Red Hat Enterprise Linux 5 2007-10-02T00:00:00 RHSA-2007:0323 xen-0:3.0.3-25.0.4.el5 https://www.cve.org/CVERecord?id=CVE-2007-1321 https://nvd.nist.gov/vuln/detail/CVE-2007-1321 Moderate 2007-04-20T00:00:00 xen icebp instruction issue

QEMU 0.8.2 allows local users to halt a virtual machine by executing the icebp instruction.

Not vulnerable. This issue did not affect Xen as shipped with Red Hat Enterprise Linux 5. https://www.cve.org/CVERecord?id=CVE-2007-1322 https://nvd.nist.gov/vuln/detail/CVE-2007-1322 Moderate 2007-03-22T00:00:00 mod_perl PerlRun denial of service

PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI.

Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 ant-0:1.6.5-1jpp_1rh Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 avalon-logkit-0:1.2-2jpp_4rh Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 axis-0:1.2.1-1jpp_3rh Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 classpathx-jaf-0:1.0-2jpp_6rh Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 classpathx-mail-0:1.1.1-2jpp_8rh Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 geronimo-specs-0:1.0-0.M4.1jpp_10rh Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 jakarta-commons-modeler-0:2.0-3jpp_2rh Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 log4j-0:1.2.12-1jpp_1rh Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 mx4j-1:3.0.1-1jpp_4rh Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 pcsc-lite-0:1.3.3-3.el4 Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 rhpki-ca-0:7.3.0-20.el4 Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 rhpki-java-tools-0:7.3.0-10.el4 Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 rhpki-kra-0:7.3.0-14.el4 Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 rhpki-manage-0:7.3.0-19.el4 Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 rhpki-native-tools-0:7.3.0-6.el4 Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 rhpki-ocsp-0:7.3.0-13.el4 Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 rhpki-tks-0:7.3.0-13.el4 Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 tomcat5-0:5.5.23-0jpp_4rh.16 Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 xerces-j2-0:2.7.1-1jpp_1rh Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 xml-commons-0:1.3.02-2jpp_1rh Red Hat Enterprise Linux 2.1 2007-06-18T00:00:00 RHSA-2007:0486 mod_perl-0:1.26-8.el2 Red Hat Enterprise Linux 3 2007-06-14T00:00:00 RHSA-2007:0395 mod_perl-0:1.99_09-12.ent Red Hat Enterprise Linux 4 2007-06-14T00:00:00 RHSA-2007:0395 mod_perl-0:1.99_16-4.5 Red Hat Enterprise Linux 5 2007-06-14T00:00:00 RHSA-2007:0395 mod_perl-0:2.0.2-6.3.el5 Red Hat Network Proxy v 4.2 (RHEL 3) 2008-06-30T00:00:00 RHSA-2008:0523 jabberd-0:2.0s10-3.37.rhn Red Hat Network Proxy v 4.2 (RHEL 3) 2008-06-30T00:00:00 RHSA-2008:0523 rhn-apache-0:1.3.27-36.rhn.rhel3 Red Hat Network Proxy v 4.2 (RHEL 3) 2008-06-30T00:00:00 RHSA-2008:0523 rhn-modperl-0:1.29-16.rhel3 Red Hat Network Proxy v 4.2 (RHEL 4) 2008-06-30T00:00:00 RHSA-2008:0523 jabberd-0:2.0s10-3.38.rhn Red Hat Network Proxy v 4.2 (RHEL 4) 2008-06-30T00:00:00 RHSA-2008:0523 rhn-apache-0:1.3.27-36.rhn.rhel4 Red Hat Network Proxy v 4.2 (RHEL 4) 2008-06-30T00:00:00 RHSA-2008:0523 rhn-modperl-0:1.29-16.rhel4 Red Hat Network Proxy v 5.0 2008-05-20T00:00:00 RHSA-2008:0263 jabberd-0:2.0s10-3.38.rhn Red Hat Network Proxy v 5.0 2008-05-20T00:00:00 RHSA-2008:0263 rhn-apache-0:1.3.27-36.rhn.rhel4 Red Hat Network Proxy v 5.0 2008-05-20T00:00:00 RHSA-2008:0263 rhn-modperl-0:1.29-16.rhel4 Red Hat Network Proxy v 5.1 2008-08-13T00:00:00 RHSA-2008:0627 mod_perl-0:2.0.2-12.el4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 jabberd-0:2.0s10-3.38.rhn Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 jfreechart-0:0.9.20-3.rhn Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 openmotif21-0:2.1.30-11.RHEL4.6 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 perl-Crypt-CBC-0:2.24-1.el4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 rhn-apache-0:1.3.27-36.rhn.rhel4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 rhn-modjk-0:1.2.23-2rhn.rhel4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 rhn-modperl-0:1.29-16.rhel4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 rhn-modssl-0:2.8.12-8.rhn.10.rhel4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 tomcat5-0:5.0.30-0jpp_10rh Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 jabberd-0:2.0s10-3.37.rhn Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 jfreechart-0:0.9.20-3.rhn Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 openmotif21-0:2.1.30-9.RHEL3.8 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 perl-Crypt-CBC-0:2.24-1.el3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 rhn-apache-0:1.3.27-36.rhn.rhel3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 rhn-modjk-0:1.2.23-2rhn.rhel3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 rhn-modperl-0:1.29-16.rhel3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 rhn-modssl-0:2.8.12-8.rhn.10.rhel3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 tomcat5-0:5.0.30-0jpp_10rh Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 jabberd-0:2.0s10-3.38.rhn Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 jfreechart-0:0.9.20-3.rhn Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 openmotif21-0:2.1.30-11.RHEL4.6 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 perl-Crypt-CBC-0:2.24-1.el4 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 rhn-apache-0:1.3.27-36.rhn.rhel4 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 rhn-modjk-0:1.2.23-2rhn.rhel4 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 rhn-modperl-0:1.29-16.rhel4 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 rhn-modssl-0:2.8.12-8.rhn.10.rhel4 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 tomcat5-0:5.0.30-0jpp_10rh Red Hat Network Satellite Server v 5.1 2008-08-13T00:00:00 RHSA-2008:0630 jfreechart-0:0.9.20-3.rhn Red Hat Network Satellite Server v 5.1 2008-08-13T00:00:00 RHSA-2008:0630 mod_perl-0:2.0.2-12.el4 Red Hat Network Satellite Server v 5.1 2008-08-13T00:00:00 RHSA-2008:0630 perl-Crypt-CBC-0:2.24-1.el4 Red Hat Network Satellite Server v 5.1 2008-08-13T00:00:00 RHSA-2008:0630 rhn-web-0:5.1.1-7 Red Hat Network Satellite Server v 5.1 2008-08-13T00:00:00 RHSA-2008:0630 tomcat5-0:5.0.30-0jpp_10rh Red Hat Web Application Stack for RHEL 4 2007-06-20T00:00:00 RHSA-2007:0396 mod_perl-0:2.0.3-1.el4s1.3 https://www.cve.org/CVERecord?id=CVE-2007-1349 https://nvd.nist.gov/vuln/detail/CVE-2007-1349 Important 2007-04-03T00:00:00 Multiple font integer overflows (CVE-2007-1352)

Integer overflow in the bdfReadCharacters function in bdfread.c in (1) X.Org libXfont before 20070403 and (2) freetype 2.3.2 and earlier allows remote authenticated users to execute arbitrary code via crafted BDF fonts, which result in a heap overflow.

Red Hat would like to thank iDefense for reporting this issue. Red Hat Enterprise Linux 2.1 2007-04-03T00:00:00 RHSA-2007:0125 XFree86-0:4.1.0-82.EL Red Hat Enterprise Linux 3 2007-04-03T00:00:00 RHSA-2007:0125 XFree86-0:4.3.0-120.EL Red Hat Enterprise Linux 3 2007-04-16T00:00:00 RHSA-2007:0150 freetype-0:2.1.4-6.el3 Red Hat Enterprise Linux 4 2007-04-03T00:00:00 RHSA-2007:0126 xorg-x11-0:6.8.2-1.EL.13.37.7 Red Hat Enterprise Linux 4 2007-04-16T00:00:00 RHSA-2007:0150 freetype-0:2.1.9-5.el4 Red Hat Enterprise Linux 5 2007-04-03T00:00:00 RHSA-2007:0132 libXfont-0:1.2.2-1.0.2.el5 Red Hat Enterprise Linux 5 2007-04-16T00:00:00 RHSA-2007:0150 freetype-0:2.2.1-17.el5 https://www.cve.org/CVERecord?id=CVE-2007-1351 https://nvd.nist.gov/vuln/detail/CVE-2007-1351 Important 2007-04-03T00:00:00 Multiple font integer overflows (CVE-2007-1352)

Integer overflow in the FontFileInitTable function in X.Org libXfont before 20070403 allows remote authenticated users to execute arbitrary code via a long first line in the fonts.dir file, which results in a heap overflow.

Red Hat would like to thank iDefense for reporting this issue. Red Hat Enterprise Linux 2.1 2007-04-03T00:00:00 RHSA-2007:0125 XFree86-0:4.1.0-82.EL Red Hat Enterprise Linux 3 2007-04-03T00:00:00 RHSA-2007:0125 XFree86-0:4.3.0-120.EL Red Hat Enterprise Linux 4 2007-04-03T00:00:00 RHSA-2007:0126 xorg-x11-0:6.8.2-1.EL.13.37.7 Red Hat Enterprise Linux 5 2007-04-03T00:00:00 RHSA-2007:0132 libXfont-0:1.2.2-1.0.2.el5 https://www.cve.org/CVERecord?id=CVE-2007-1352 https://nvd.nist.gov/vuln/detail/CVE-2007-1352 Low 2007-04-18T00:00:00 Bluetooth setsockopt() information leaks

The setsockopt function in the L2CAP and HCI Bluetooth support in the Linux kernel before 2.4.34.3 allows context-dependent attackers to read kernel memory and obtain sensitive information via unspecified vectors involving the copy_from_user function accessing an uninitialized stack buffer.

Red Hat would like to thank Ilja van Sprundel for reporting this issue. Red Hat Enterprise Linux 2.1 2007-08-08T00:00:00 RHSA-2007:0672 kernel-0:2.4.9-e.72 Red Hat Enterprise Linux 2.1 2007-08-08T00:00:00 RHSA-2007:0673 kernel-0:2.4.18-e.65 Red Hat Enterprise Linux 3 2007-08-16T00:00:00 RHSA-2007:0671 kernel-0:2.4.21-51.EL Red Hat Enterprise Linux 4 2007-06-25T00:00:00 RHSA-2007:0488 kernel-0:2.6.9-55.0.2.EL Red Hat Enterprise Linux 5 2007-06-14T00:00:00 RHSA-2007:0376 kernel-0:2.6.18-8.1.6.el5 https://www.cve.org/CVERecord?id=CVE-2007-1353 https://nvd.nist.gov/vuln/detail/CVE-2007-1353 Low 2007-04-15T00:00:00 security flaw

The Access Control functionality (JMXOpsAccessControlFilter) in JMX Console in JBoss Application Server 4.0.2 and 4.0.5 before 20070416 uses a member variable to store the roles of the current user, which allows remote authenticated administrators to trigger a race condition and gain privileges by logging in during a session by a more privileged administrator, as demonstrated by privilege escalation from Read Mode to Write Mode.

JBoss Application Server 4 2007-04-16T00:00:00 RHSA-2007:0151 https://www.cve.org/CVERecord?id=CVE-2007-1354 https://nvd.nist.gov/vuln/detail/CVE-2007-1354 Low 2007-05-19T00:00:00 tomcat XSS in samples CWE-79

Multiple cross-site scripting (XSS) vulnerabilities in the appdev/sample/web/hello.jsp example application in Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.23, and 6.0.0 through 6.0.10 allow remote attackers to inject arbitrary web script or HTML via the test parameter and unspecified vectors.

Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 jabberd-0:2.0s10-3.38.rhn Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 jfreechart-0:0.9.20-3.rhn Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 openmotif21-0:2.1.30-11.RHEL4.6 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 perl-Crypt-CBC-0:2.24-1.el4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 rhn-apache-0:1.3.27-36.rhn.rhel4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 rhn-modjk-0:1.2.23-2rhn.rhel4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 rhn-modperl-0:1.29-16.rhel4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 rhn-modssl-0:2.8.12-8.rhn.10.rhel4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 tomcat5-0:5.0.30-0jpp_10rh Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 jabberd-0:2.0s10-3.37.rhn Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 jfreechart-0:0.9.20-3.rhn Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 openmotif21-0:2.1.30-9.RHEL3.8 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 perl-Crypt-CBC-0:2.24-1.el3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 rhn-apache-0:1.3.27-36.rhn.rhel3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 rhn-modjk-0:1.2.23-2rhn.rhel3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 rhn-modperl-0:1.29-16.rhel3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 rhn-modssl-0:2.8.12-8.rhn.10.rhel3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 tomcat5-0:5.0.30-0jpp_10rh Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 jabberd-0:2.0s10-3.38.rhn Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 jfreechart-0:0.9.20-3.rhn Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 openmotif21-0:2.1.30-11.RHEL4.6 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 perl-Crypt-CBC-0:2.24-1.el4 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 rhn-apache-0:1.3.27-36.rhn.rhel4 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 rhn-modjk-0:1.2.23-2rhn.rhel4 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 rhn-modperl-0:1.29-16.rhel4 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 rhn-modssl-0:2.8.12-8.rhn.10.rhel4 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 tomcat5-0:5.0.30-0jpp_10rh Red Hat Network Satellite Server v 5.1 2008-08-13T00:00:00 RHSA-2008:0630 jfreechart-0:0.9.20-3.rhn Red Hat Network Satellite Server v 5.1 2008-08-13T00:00:00 RHSA-2008:0630 mod_perl-0:2.0.2-12.el4 Red Hat Network Satellite Server v 5.1 2008-08-13T00:00:00 RHSA-2008:0630 perl-Crypt-CBC-0:2.24-1.el4 Red Hat Network Satellite Server v 5.1 2008-08-13T00:00:00 RHSA-2008:0630 rhn-web-0:5.1.1-7 Red Hat Network Satellite Server v 5.1 2008-08-13T00:00:00 RHSA-2008:0630 tomcat5-0:5.0.30-0jpp_10rh https://www.cve.org/CVERecord?id=CVE-2007-1355 https://nvd.nist.gov/vuln/detail/CVE-2007-1355 Low 2007-06-06T00:00:00 tomcat accept-language xss flaw CWE-79

Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted "Accept-Language headers that do not conform to RFC 2616".

Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 ant-0:1.6.5-1jpp_1rh Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 avalon-logkit-0:1.2-2jpp_4rh Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 axis-0:1.2.1-1jpp_3rh Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 classpathx-jaf-0:1.0-2jpp_6rh Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 classpathx-mail-0:1.1.1-2jpp_8rh Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 geronimo-specs-0:1.0-0.M4.1jpp_10rh Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 jakarta-commons-modeler-0:2.0-3jpp_2rh Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 log4j-0:1.2.12-1jpp_1rh Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 mx4j-1:3.0.1-1jpp_4rh Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 pcsc-lite-0:1.3.3-3.el4 Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 rhpki-ca-0:7.3.0-20.el4 Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 rhpki-java-tools-0:7.3.0-10.el4 Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 rhpki-kra-0:7.3.0-14.el4 Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 rhpki-manage-0:7.3.0-19.el4 Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 rhpki-native-tools-0:7.3.0-6.el4 Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 rhpki-ocsp-0:7.3.0-13.el4 Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 rhpki-tks-0:7.3.0-13.el4 Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 tomcat5-0:5.5.23-0jpp_4rh.16 Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 xerces-j2-0:2.7.1-1jpp_1rh Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 xml-commons-0:1.3.02-2jpp_1rh Red Hat Developer Suite V.3 2007-05-24T00:00:00 RHSA-2007:0328 jakarta-commons-modeler-0:2.0-3jpp_3rh Red Hat Developer Suite V.3 2007-05-24T00:00:00 RHSA-2007:0328 tomcat5-0:5.5.23-0jpp_6rh Red Hat Enterprise Linux 5 2007-05-14T00:00:00 RHSA-2007:0327 jakarta-commons-modeler-0:1.1-8jpp.1.0.2.el5 Red Hat Enterprise Linux 5 2007-05-14T00:00:00 RHSA-2007:0327 tomcat5-0:5.5.23-0jpp.1.0.3.el5 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 jabberd-0:2.0s10-3.38.rhn Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 jfreechart-0:0.9.20-3.rhn Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 openmotif21-0:2.1.30-11.RHEL4.6 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 perl-Crypt-CBC-0:2.24-1.el4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 rhn-apache-0:1.3.27-36.rhn.rhel4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 rhn-modjk-0:1.2.23-2rhn.rhel4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 rhn-modperl-0:1.29-16.rhel4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 rhn-modssl-0:2.8.12-8.rhn.10.rhel4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 tomcat5-0:5.0.30-0jpp_10rh Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 jabberd-0:2.0s10-3.37.rhn Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 jfreechart-0:0.9.20-3.rhn Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 openmotif21-0:2.1.30-9.RHEL3.8 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 perl-Crypt-CBC-0:2.24-1.el3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 rhn-apache-0:1.3.27-36.rhn.rhel3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 rhn-modjk-0:1.2.23-2rhn.rhel3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 rhn-modperl-0:1.29-16.rhel3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 rhn-modssl-0:2.8.12-8.rhn.10.rhel3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 tomcat5-0:5.0.30-0jpp_10rh Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 jabberd-0:2.0s10-3.38.rhn Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 jfreechart-0:0.9.20-3.rhn Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 openmotif21-0:2.1.30-11.RHEL4.6 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 perl-Crypt-CBC-0:2.24-1.el4 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 rhn-apache-0:1.3.27-36.rhn.rhel4 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 rhn-modjk-0:1.2.23-2rhn.rhel4 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 rhn-modperl-0:1.29-16.rhel4 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 rhn-modssl-0:2.8.12-8.rhn.10.rhel4 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 tomcat5-0:5.0.30-0jpp_10rh Red Hat Network Satellite Server v 5.1 2008-08-13T00:00:00 RHSA-2008:0630 jfreechart-0:0.9.20-3.rhn Red Hat Network Satellite Server v 5.1 2008-08-13T00:00:00 RHSA-2008:0630 mod_perl-0:2.0.2-12.el4 Red Hat Network Satellite Server v 5.1 2008-08-13T00:00:00 RHSA-2008:0630 perl-Crypt-CBC-0:2.24-1.el4 Red Hat Network Satellite Server v 5.1 2008-08-13T00:00:00 RHSA-2008:0630 rhn-web-0:5.1.1-7 Red Hat Network Satellite Server v 5.1 2008-08-13T00:00:00 RHSA-2008:0630 tomcat5-0:5.0.30-0jpp_10rh Red Hat Web Application Stack for RHEL 4 2007-05-24T00:00:00 RHSA-2007:0360 jbossas-0:4.0.5-2.CP04.el4s1.2 RHAPS Version 2 for RHEL 4 2007-05-21T00:00:00 RHSA-2007:0326 jakarta-commons-modeler-0:2.0-3jpp_2rh RHAPS Version 2 for RHEL 4 2007-05-21T00:00:00 RHSA-2007:0326 tomcat5-0:5.5.23-0jpp_4rh.3 RHAPS Version 2 for RHEL 4 2007-10-11T00:00:00 RHSA-2007:0876 tomcat5-0:5.5.23-0jpp_4rh.4 https://www.cve.org/CVERecord?id=CVE-2007-1358 https://nvd.nist.gov/vuln/detail/CVE-2007-1358 Low 2007-05-31T00:00:00 Multiple Firefox flaws (CVE-2007-1562, CVE-2007-2867, CVE-2007-2868, CVE-2007-2869, CVE-2007-2870, CVE-2007-2871)

Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2, allows remote attackers to cause a denial of service via (1) a large cookie path parameter, which triggers memory consumption, or (2) an internal delimiter within cookie path or name values, which could trigger a misinterpretation of cookie data, aka "Path Abuse in Cookies."

Red Hat Enterprise Linux 2.1 2007-05-31T00:00:00 RHSA-2007:0402 seamonkey-0:1.0.9-0.1.el2 Red Hat Enterprise Linux 3 2007-05-31T00:00:00 RHSA-2007:0402 seamonkey-0:1.0.9-0.1.el3 Red Hat Enterprise Linux 4 2007-05-31T00:00:00 RHSA-2007:0400 firefox-0:1.5.0.12-0.1.el4 Red Hat Enterprise Linux 4 2007-05-31T00:00:00 RHSA-2007:0401 thunderbird-0:1.5.0.12-0.1.el4 Red Hat Enterprise Linux 4 2007-05-31T00:00:00 RHSA-2007:0402 devhelp-0:0.10-0.8.el4 Red Hat Enterprise Linux 4 2007-05-31T00:00:00 RHSA-2007:0402 seamonkey-0:1.0.9-2.el4 Red Hat Enterprise Linux 5 2007-05-31T00:00:00 RHSA-2007:0400 devhelp-0:0.12-11.el5 Red Hat Enterprise Linux 5 2007-05-31T00:00:00 RHSA-2007:0400 firefox-0:1.5.0.12-1.el5 Red Hat Enterprise Linux 5 2007-05-31T00:00:00 RHSA-2007:0400 yelp-0:2.16.0-15.el5 Red Hat Enterprise Linux 5 2007-05-31T00:00:00 RHSA-2007:0401 thunderbird-0:1.5.0.12-1.el5 https://www.cve.org/CVERecord?id=CVE-2007-1362 https://nvd.nist.gov/vuln/detail/CVE-2007-1362 Moderate 2007-04-20T00:00:00 xen aam instruction crash

QEMU 0.8.2 allows local users to crash a virtual machine via the divisor operand to the aam instruction, as demonstrated by "aam 0x0," which triggers a divide-by-zero error.

Not vulnerable. This issue did not affect Xen as shipped with Red Hat Enterprise Linux 5. https://www.cve.org/CVERecord?id=CVE-2007-1366 https://nvd.nist.gov/vuln/detail/CVE-2007-1366

Integer overflow in the substr_compare function in PHP 5.2.1 and earlier allows context-dependent attackers to read sensitive memory via a large value in the length argument, a different vulnerability than CVE-2006-1991.

We do not consider this flaw to be a security issue as it is only exploitable by the script author. No trust boundary is crossed. This flaw exists in versions of PHP as shipped in Red Hat Enterprise Linux 5 and Red Hat Application Stack 1. These issue did not affect the versions of PHP as shipped with Red Hat Enterprise Linux 2.1, 3, 4, Stronghold 4.0, or Red Hat Application Stack 2. https://www.cve.org/CVERecord?id=CVE-2007-1375 https://nvd.nist.gov/vuln/detail/CVE-2007-1375 php shmop argument validation

The shmop functions in PHP before 4.4.5, and before 5.2.1 in the 5.x series, do not verify that their arguments correspond to a shmop resource, which allows context-dependent attackers to read and write arbitrary memory locations via arguments associated with an inappropriate resource, as demonstrated by a GD Image resource.

The PHP interpreter does not offer a reliable "sandboxed" security layer (as found in, say, a JVM) in which untrusted scripts can be run; any script run by the PHP interpreter must be trusted with the privileges of the interpreter itself. We therefore do not classify this issue as security-sensitive since no trust boundary is crossed. https://www.cve.org/CVERecord?id=CVE-2007-1376 https://nvd.nist.gov/vuln/detail/CVE-2007-1376

The ovrimos_longreadlen function in the Ovrimos extension for PHP before 4.4.5 allows context-dependent attackers to write to arbitrary memory locations via the result_id and length arguments.

Not vulnerable. These issues did not affect the versions of PHP as shipped with Red Hat Enterprise Linux 2.1, 3, 4, 5, Stronghold 4.0, or Red Hat Application Stack 1. https://www.cve.org/CVERecord?id=CVE-2007-1378 https://nvd.nist.gov/vuln/detail/CVE-2007-1378

The ovrimos_close function in the Ovrimos extension for PHP before 4.4.5 can trigger efree of an arbitrary address, which might allow context-dependent attackers to execute arbitrary code.

Not vulnerable. These issues did not affect the versions of PHP as shipped with Red Hat Enterprise Linux 2.1, 3, 4, 5, Stronghold 4.0, or Red Hat Application Stack 1. https://www.cve.org/CVERecord?id=CVE-2007-1379 https://nvd.nist.gov/vuln/detail/CVE-2007-1379 Important 2007-02-14T00:00:00 php session extension information leak

The php_binary serialization handler in the session extension in PHP before 4.4.5, and 5.x before 5.2.1, allows context-dependent attackers to obtain sensitive information (memory contents) via a serialized variable entry with a large length value, which triggers a buffer over-read.

Our previous fixes for CVE-2007-0906 included a patch that also addressed the issue now given CVE name CVE-2007-1380. Red Hat Enterprise Linux 2.1 2007-02-21T00:00:00 RHSA-2007:0081 php-0:4.1.2-2.14 Red Hat Enterprise Linux 3 2007-02-19T00:00:00 RHSA-2007:0076 php-0:4.3.2-39.ent Red Hat Enterprise Linux 4 2007-02-19T00:00:00 RHSA-2007:0076 php-0:4.3.9-3.22.3 Red Hat Enterprise Linux 5 2007-03-14T00:00:00 RHSA-2007:0082 php-0:5.1.6-7.el5 Red Hat Web Application Stack for RHEL 4 2007-02-22T00:00:00 RHSA-2007:0088 php-0:5.1.6-3.el4s1.5 Stronghold 4.0 for RHEL 2.1AS 2007-02-26T00:00:00 RHSA-2007:0089 stronghold-php-0:4.1.2-12 https://www.cve.org/CVERecord?id=CVE-2007-1380 https://nvd.nist.gov/vuln/detail/CVE-2007-1380

The wddx_deserialize function in wddx.c 1.119.2.10.2.12 and 1.119.2.10.2.13 in PHP 5, as modified in CVS on 20070224 and fixed on 20070304, calls strlcpy where strlcat was intended and uses improper arguments, which allows context-dependent attackers to execute arbitrary code via a WDDX packet with a malformed overlap of a STRING element, which triggers a buffer overflow.

Not vulnerable. These issues did not affect the versions of PHP as shipped with Red Hat Enterprise Linux 2.1, 3, 4, 5, Stronghold 4.0, or Red Hat Application Stack 1. https://www.cve.org/CVERecord?id=CVE-2007-1381 https://nvd.nist.gov/vuln/detail/CVE-2007-1381 php variable counter integer overflow

Integer overflow in the 16 bit variable reference counter in PHP 4 allows context-dependent attackers to execute arbitrary code by overflowing this counter, which causes the same variable to be destroyed twice, a related issue to CVE-2007-1286.

The PHP interpreter does not offer a reliable "sandboxed" security layer (as found in, say, a JVM) in which untrusted scripts can be run; any script run by the PHP interpreter must be trusted with the privileges of the interpreter itself. We therefore do not classify this issue as security-sensitive since no trust boundary is crossed. https://www.cve.org/CVERecord?id=CVE-2007-1383 https://nvd.nist.gov/vuln/detail/CVE-2007-1383 Important 2007-03-08T00:00:00 security flaw

The do_ipv6_setsockopt function in net/ipv6/ipv6_sockglue.c in Linux kernel before 2.6.20, and possibly other versions, allows local users to cause a denial of service (oops) by calling setsockopt with the IPV6_RTHDR option name and possibly a zero option length or invalid option value, which triggers a NULL pointer dereference.

Red Hat Enterprise Linux 5 2007-04-30T00:00:00 RHSA-2007:0169 kernel-0:2.6.18-8.1.3.el5 https://www.cve.org/CVERecord?id=CVE-2007-1388 https://nvd.nist.gov/vuln/detail/CVE-2007-1388

The import_request_variables function in PHP 4.0.7 through 4.4.6, and 5.x before 5.2.2, when called without a prefix, does not prevent the (1) GET, (2) POST, (3) COOKIE, (4) FILES, (5) SERVER, (6) SESSION, and other superglobals from being overwritten, which allows remote attackers to spoof source IP address and Referer data, and have other unspecified impact. NOTE: it could be argued that this is a design limitation of PHP and that only the misuse of this feature, i.e. implementation bugs in applications, should be included in CVE. However, it has been fixed by the vendor.

Red Hat does not consider this to be a security vulnerability. Using import_request_variables() is generally a discouraged practice and it is improper use that can lead to security problems, not flaw of PHP itself. https://www.cve.org/CVERecord?id=CVE-2007-1396 https://nvd.nist.gov/vuln/detail/CVE-2007-1396

Stack-based buffer overflow in the zip:// URL wrapper in PECL ZIP 1.8.3 and earlier, as bundled with PHP 5.2.0 and 5.2.1, allows remote attackers to execute arbitrary code via a long zip:// URL, as demonstrated by actively triggering URL access from a remote PHP interpreter via avatar upload or blog pingback.

Not vulnerable. The zip extension was not shipped in versions of PHP provided for Red Hat Enterprise Linux 2.1, 3, 4, 5, Stronghold 4.0, or Red Hat Application Stack 1. https://www.cve.org/CVERecord?id=CVE-2007-1399 https://nvd.nist.gov/vuln/detail/CVE-2007-1399

Buffer overflow in the crack extension (CrackLib), as bundled with PHP 4.4.6 and other versions before 5.0.0, might allow local users to gain privileges via a long argument to the crack_opendict function.

Not vulnerable. PHP as shipped with Red Hat Enterprise Linux 2.1, 3, 4, and 5 does not include Cracklib support. https://www.cve.org/CVERecord?id=CVE-2007-1401 https://nvd.nist.gov/vuln/detail/CVE-2007-1401

Buffer overflow in PHP 4.4.6 and earlier, and unspecified PHP 5 versions, allows local and possibly remote attackers to execute arbitrary code via long server name arguments to the (1) mssql_connect and (2) mssql_pconnect functions.

Not vulnerable. PHP as shipped with Red Hat Enterprise Linux 2.1, 3, 4, and 5 does not include mssql support. https://www.cve.org/CVERecord?id=CVE-2007-1411 https://nvd.nist.gov/vuln/detail/CVE-2007-1411

The cpdf_open function in the ClibPDF (cpdf) extension in PHP 4.4.6 allows context-dependent attackers to obtain sensitive information (script source code) via a long string in the second argument.

Not vulnerable. PHP as shipped with Red Hat Enterprise Linux 2.1, 3, 4, and 5 does not include ClibPDF support. https://www.cve.org/CVERecord?id=CVE-2007-1412 https://nvd.nist.gov/vuln/detail/CVE-2007-1412

Buffer overflow in the snmpget function in the snmp extension in PHP 5.2.3 and earlier, including PHP 4.4.6 and probably other PHP 4 versions, allows context-dependent attackers to execute arbitrary code via a long value in the third argument (object id).

Not vulnerable. The php-snmp package as shipped with Red Hat Enterprise Linux 4 and 5 use net-snmp which is not vulnerable to this issue. https://www.cve.org/CVERecord?id=CVE-2007-1413 https://nvd.nist.gov/vuln/detail/CVE-2007-1413 Low 2007-03-09T00:00:00 Single MySQL worker can be crashed (NULL deref) with certain SELECT statements CWE-476

MySQL 5.x before 5.0.36 allows local users to cause a denial of service (database crash) by performing information_schema table subselects and using ORDER BY to sort a single-row result, which prevents certain structure elements from being initialized and triggers a NULL dereference in the filesort function.

This issue did not affect mysql packages as shipped in Red Hat Enterprise Linux 2.1, 3, and 4. Red Hat Enterprise Linux 5 2008-05-20T00:00:00 RHSA-2008:0364 mysql-0:5.0.45-7.el5 https://www.cve.org/CVERecord?id=CVE-2007-1420 https://nvd.nist.gov/vuln/detail/CVE-2007-1420 fdf extension input filtering

The FDF support (ext/fdf) in PHP 5.2.0 and earlier does not implement the input filtering hooks for ext/filter, which allows remote attackers to bypass web site filters via an application/vnd.fdf formatted POST.

Not vulnerable. The filter extension was not shipped in versions of PHP provided for Red Hat Enterprise Linux 2.1, 3, 4, 5, Stronghold 4.0, or Red Hat Application Stack 1. https://www.cve.org/CVERecord?id=CVE-2007-1452 https://nvd.nist.gov/vuln/detail/CVE-2007-1452 filter extension buffer underflow

Buffer underflow in the PHP_FILTER_TRIM_DEFAULT macro in the filtering extension (ext/filter) in PHP 5.2.0 allows context-dependent attackers to execute arbitrary code by calling filter_var with certain modes such as FILTER_VALIDATE_INT, which causes filter to write a null byte in whitespace that precedes the buffer.

Not vulnerable. The filter extension was not shipped in versions of PHP provided for Red Hat Enterprise Linux 2.1, 3, 4, 5, Stronghold 4.0, or Red Hat Application Stack 1. https://www.cve.org/CVERecord?id=CVE-2007-1453 https://nvd.nist.gov/vuln/detail/CVE-2007-1453 php filter extension FILTER_SANITIZE_STRING bypass

ext/filter in PHP 5.2.0, when FILTER_SANITIZE_STRING is used with the FILTER_FLAG_STRIP_LOW flag, does not properly strip HTML tags, which allows remote attackers to conduct cross-site scripting (XSS) attacks via HTML with a '<' character followed by certain whitespace characters, which passes one filter but is collapsed into a valid tag, as demonstrated using %0b.

Not vulnerable. The filter extension was not shipped in versions of PHP provided for Red Hat Enterprise Linux 2.1, 3, 4, 5, Stronghold 4.0, or Red Hat Application Stack 1. https://www.cve.org/CVERecord?id=CVE-2007-1454 https://nvd.nist.gov/vuln/detail/CVE-2007-1454

The zip:// URL wrapper provided by the PECL zip extension in PHP before 4.4.7, and 5.2.0 and 5.2.1, does not implement safemode or open_basedir checks, which allows remote attackers to read ZIP archives located outside of the intended directories.

Not vulnerable. The zip extension was not shipped in versions of PHP provided for Red Hat Enterprise Linux 2.1, 3, 4, 5, Stronghold 4.0, or Red Hat Application Stack 1. https://www.cve.org/CVERecord?id=CVE-2007-1460 https://nvd.nist.gov/vuln/detail/CVE-2007-1460

The compress.bzip2:// URL wrapper provided by the bz2 extension in PHP before 4.4.7, and 5.x before 5.2.2, does not implement safemode or open_basedir checks, which allows remote attackers to read bzip2 archives located outside of the intended directories.

The PHP interpreter does not offer a reliable "sandboxed" security layer (as found in, say, a JVM) in which untrusted scripts can be run; any script run by the PHP interpreter must be trusted with the privileges of the interpreter itself. We therefore do not classify this issue as security-sensitive since no trust boundary is crossed. https://www.cve.org/CVERecord?id=CVE-2007-1461 https://nvd.nist.gov/vuln/detail/CVE-2007-1461 Low 2007-02-13T00:00:00 security flaw

The luci server component in conga preserves the password between page loads for the Add System/Cluster task flow by storing the password in the Value attribute of a password entry field, which allows attackers to steal the password by performing a "view source" or other operation to obtain the web page. NOTE: there are limited circumstances under which such an attack is feasible.

Red Hat Enterprise Linux 5 2006-07-20T00:00:00 RHBA-2007:0331 conga-0:0.9.2-6.el5 https://www.cve.org/CVERecord?id=CVE-2007-1462 https://nvd.nist.gov/vuln/detail/CVE-2007-1462 Important 2007-03-16T00:00:00 security flaw

Integer overflow in the WP6GeneralTextPacket::_readContents function in WordPerfect Document importer/exporter (libwpd) before 0.8.9 allows user-assisted remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted WordPerfect file, a different vulnerability than CVE-2007-0002.

Red Hat would like to thank Fridrich Štrba and iDefense for reporting this issue. Red Hat Enterprise Linux 3 2007-03-22T00:00:00 RHSA-2007:0033 openoffice.org-0:1.1.2-38.2.0.EL3 Red Hat Enterprise Linux 4 2007-03-22T00:00:00 RHSA-2007:0033 openoffice.org-0:1.1.5-10.6.0.EL4 Red Hat Enterprise Linux 5 2007-03-16T00:00:00 RHSA-2007:0055 libwpd-0:0.8.7-3.el5 https://www.cve.org/CVERecord?id=CVE-2007-1466 https://nvd.nist.gov/vuln/detail/CVE-2007-1466

Multiple buffer overflows in the (1) ibase_connect and (2) ibase_pconnect functions in the interbase extension in PHP 4.4.6 and earlier allow context-dependent attackers to execute arbitrary code via a long argument.

Not vulnerable. PHP as shipped with Red Hat Enterprise Linux 2.1, 3, 4, and 5 does not include ibase support. https://www.cve.org/CVERecord?id=CVE-2007-1475 https://nvd.nist.gov/vuln/detail/CVE-2007-1475

The array_user_key_compare function in PHP 4.4.6 and earlier, and 5.x up to 5.2.1, makes erroneous calls to zval_dtor, which triggers memory corruption and allows local users to bypass safe_mode and execute arbitrary code via a certain unset operation after array_user_key_compare has been called.

The PHP interpreter does not offer a reliable "sandboxed" security layer (as found in, say, a JVM) in which untrusted scripts can be run; any script run by the PHP interpreter must be trusted with the privileges of the interpreter itself. We therefore do not classify this issue as security-sensitive since no trust boundary is crossed. https://www.cve.org/CVERecord?id=CVE-2007-1484 https://nvd.nist.gov/vuln/detail/CVE-2007-1484 Important 2007-03-07T00:00:00 Various NULL pointer dereferences in netfilter code

nfnetlink_log in netfilter in the Linux kernel before 2.6.20.3 allows attackers to cause a denial of service (crash) via unspecified vectors involving the (1) nfulnl_recv_config function, (2) using "multiple packets per netlink message", and (3) bridged packets, which trigger a NULL pointer dereference.

Red Hat Enterprise Linux 5 2007-05-16T00:00:00 RHSA-2007:0347 kernel-0:2.6.18-8.1.4.el5 https://www.cve.org/CVERecord?id=CVE-2007-1496 https://nvd.nist.gov/vuln/detail/CVE-2007-1496 Moderate 2007-03-07T00:00:00 IPv6 fragments bypass in nf_conntrack netfilter code

nf_conntrack in netfilter in the Linux kernel before 2.6.20.3 does not set nfctinfo during reassembly of fragmented packets, which leaves the default value as IP_CT_ESTABLISHED and might allow remote attackers to bypass certain rulesets using IPv6 fragments.

Red Hat Enterprise Linux 5 2007-05-16T00:00:00 RHSA-2007:0347 kernel-0:2.6.18-8.1.4.el5 https://www.cve.org/CVERecord?id=CVE-2007-1497 https://nvd.nist.gov/vuln/detail/CVE-2007-1497

Double free vulnerability in PHP before 4.4.7, and 5.x before 5.2.2, allows context-dependent attackers to execute arbitrary code by interrupting the session_regenerate_id function, as demonstrated by calling a userspace error handler or triggering a memory limit violation.

The PHP interpreter does not offer a reliable "sandboxed" security layer (as found in, say, a JVM) in which untrusted scripts can be run; any script run by the PHP interpreter must be trusted with the privileges of the interpreter itself. We therefore do not classify this issue as security-sensitive since no trust boundary is crossed. https://www.cve.org/CVERecord?id=CVE-2007-1521 https://nvd.nist.gov/vuln/detail/CVE-2007-1521

Double free vulnerability in the session extension in PHP 5.2.0 and 5.2.1 allows context-dependent attackers to execute arbitrary code via illegal characters in a session identifier, which is rejected by an internal session storage module, which calls the session identifier generator with an improper environment, leading to code execution when the generator is interrupted, as demonstrated by triggering a memory limit violation or certain PHP errors.

The PHP interpreter does not offer a reliable "sandboxed" security layer (as found in, say, a JVM) in which untrusted scripts can be run; any script run by the PHP interpreter must be trusted with the privileges of the interpreter itself. We therefore do not classify this issue as security-sensitive since no trust boundary is crossed. https://www.cve.org/CVERecord?id=CVE-2007-1522 https://nvd.nist.gov/vuln/detail/CVE-2007-1522 Important 2007-02-08T00:00:00 file 4.20 fixes a heap overflow in that can result in arbitrary code execution

Integer underflow in the file_printf function in the "file" program before 4.20 allows user-assisted attackers to execute arbitrary code via a file that triggers a heap-based buffer overflow.

Red Hat Enterprise Linux 4 2007-03-23T00:00:00 RHSA-2007:0124 file-0:4.10-3.EL4.5 Red Hat Enterprise Linux 5 2007-03-23T00:00:00 RHSA-2007:0124 file-0:4.17-9.el5 https://www.cve.org/CVERecord?id=CVE-2007-1536 https://nvd.nist.gov/vuln/detail/CVE-2007-1536 Moderate 2007-04-02T00:00:00 fetchmail/mutt/evolution/...: APOP password disclosure vulnerability 2.6 AV:N/AC:H/Au:N/C:P/I:N/A:N

The APOP protocol allows remote attackers to guess the first 3 characters of a password via man-in-the-middle (MITM) attacks that use crafted message IDs and MD5 collisions. NOTE: this design-level issue potentially affects all products that use APOP, including (1) Thunderbird 1.x before 1.5.0.12 and 2.x before 2.0.0.4, (2) Evolution, (3) mutt, (4) fetchmail before 6.3.8, (5) SeaMonkey 1.0.x before 1.0.9 and 1.1.x before 1.1.2, (6) Balsa 2.3.16 and earlier, (7) Mailfilter before 0.8.2, and possibly other products.

Red Hat Enterprise Linux 2.1 2007-06-07T00:00:00 RHSA-2007:0385 fetchmail-0:5.9.0-21.7.3.el2.1.6 Red Hat Enterprise Linux 2.1 2007-05-31T00:00:00 RHSA-2007:0402 seamonkey-0:1.0.9-0.1.el2 Red Hat Enterprise Linux 3 2007-05-17T00:00:00 RHSA-2007:0353 evolution-0:1.4.5-20.el3 Red Hat Enterprise Linux 3 2007-06-07T00:00:00 RHSA-2007:0385 fetchmail-0:6.2.0-3.el3.4 Red Hat Enterprise Linux 3 2007-06-04T00:00:00 RHSA-2007:0386 mutt-5:1.4.1-5.el3 Red Hat Enterprise Linux 3 2007-05-31T00:00:00 RHSA-2007:0402 seamonkey-0:1.0.9-0.1.el3 Red Hat Enterprise Linux 4 2007-05-17T00:00:00 RHSA-2007:0353 evolution-0:2.0.2-35.0.2.el4 Red Hat Enterprise Linux 4 2007-06-07T00:00:00 RHSA-2007:0385 fetchmail-0:6.2.5-6.0.1.el4 Red Hat Enterprise Linux 4 2007-06-04T00:00:00 RHSA-2007:0386 mutt-5:1.4.1-12.0.3.el4 Red Hat Enterprise Linux 4 2007-05-31T00:00:00 RHSA-2007:0401 thunderbird-0:1.5.0.12-0.1.el4 Red Hat Enterprise Linux 4 2007-05-31T00:00:00 RHSA-2007:0402 devhelp-0:0.10-0.8.el4 Red Hat Enterprise Linux 4 2007-05-31T00:00:00 RHSA-2007:0402 seamonkey-0:1.0.9-2.el4 Red Hat Enterprise Linux 4 2009-07-02T00:00:00 RHSA-2009:1140 ruby-0:1.8.1-7.el4_8.3 Red Hat Enterprise Linux 5 2007-05-30T00:00:00 RHSA-2007:0344 evolution-data-server-0:1.8.0-15.0.3.el5 Red Hat Enterprise Linux 5 2007-06-07T00:00:00 RHSA-2007:0385 fetchmail-0:6.3.6-1.0.1.el5 Red Hat Enterprise Linux 5 2007-06-04T00:00:00 RHSA-2007:0386 mutt-5:1.4.2.2-3.0.2.el5 Red Hat Enterprise Linux 5 2007-05-31T00:00:00 RHSA-2007:0401 thunderbird-0:1.5.0.12-1.el5 Red Hat Enterprise Linux 5 2009-07-02T00:00:00 RHSA-2009:1140 ruby-0:1.8.5-5.el5_3.7 https://www.cve.org/CVERecord?id=CVE-2007-1558 https://nvd.nist.gov/vuln/detail/CVE-2007-1558 Moderate 2007-03-20T00:00:00 security flaw

The clientProcessRequest() function in src/client_side.c in Squid 2.6 before 2.6.STABLE12 allows remote attackers to cause a denial of service (daemon crash) via crafted TRACE requests that trigger an assertion error.

Red Hat Enterprise Linux 5 2007-04-03T00:00:00 RHSA-2007:0131 squid-7:2.6.STABLE6-4.el5 https://www.cve.org/CVERecord?id=CVE-2007-1560 https://nvd.nist.gov/vuln/detail/CVE-2007-1560 Low 2007-03-22T00:00:00 security flaw

The FTP protocol implementation in Mozilla Firefox before 1.5.0.11 and 2.x before 2.0.0.3 allows remote attackers to force the client to connect to other servers, perform a proxied port scan, or obtain sensitive information by specifying an alternate server address in an FTP PASV response.

Red Hat Enterprise Linux 2.1 2007-05-31T00:00:00 RHSA-2007:0402 seamonkey-0:1.0.9-0.1.el2 Red Hat Enterprise Linux 3 2007-05-31T00:00:00 RHSA-2007:0402 seamonkey-0:1.0.9-0.1.el3 Red Hat Enterprise Linux 4 2007-05-31T00:00:00 RHSA-2007:0400 firefox-0:1.5.0.12-0.1.el4 Red Hat Enterprise Linux 4 2007-05-31T00:00:00 RHSA-2007:0402 devhelp-0:0.10-0.8.el4 Red Hat Enterprise Linux 4 2007-05-31T00:00:00 RHSA-2007:0402 seamonkey-0:1.0.9-2.el4 Red Hat Enterprise Linux 5 2007-05-31T00:00:00 RHSA-2007:0400 devhelp-0:0.12-11.el5 Red Hat Enterprise Linux 5 2007-05-31T00:00:00 RHSA-2007:0400 firefox-0:1.5.0.12-1.el5 Red Hat Enterprise Linux 5 2007-05-31T00:00:00 RHSA-2007:0400 yelp-0:2.16.0-15.el5 https://www.cve.org/CVERecord?id=CVE-2007-1562 https://nvd.nist.gov/vuln/detail/CVE-2007-1562 Low 2007-03-22T00:00:00 FTP protocol PASV design flaw affects konqueror

The FTP protocol implementation in Konqueror 3.5.5 allows remote servers to force the client to connect to other servers, perform a proxied port scan, or obtain sensitive information by specifying an alternate server address in an FTP PASV response.

The Red Hat Product Security has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: https://access.redhat.com/security/updates/classification/ Red Hat Enterprise Linux 4 2007-10-08T00:00:00 RHSA-2007:0909 kdelibs-6:3.3.1-9.el4 Red Hat Enterprise Linux 5 2007-10-08T00:00:00 RHSA-2007:0909 kdelibs-6:3.5.4-13.el5 https://www.cve.org/CVERecord?id=CVE-2007-1564 https://nvd.nist.gov/vuln/detail/CVE-2007-1564

Konqueror 3.5.5 allows remote attackers to cause a denial of service (crash) by using JavaScript to read a child iframe having an ftp:// URI.

We do not consider a crash of a client application such as Konqueror to be a security issue. https://www.cve.org/CVERecord?id=CVE-2007-1565 https://nvd.nist.gov/vuln/detail/CVE-2007-1565

The resource system in PHP 5.0.0 through 5.2.1 allows context-dependent attackers to execute arbitrary code by interrupting the hash_update_file function via a userspace (1) error or (2) stream handler, which can then be used to destroy and modify internal resources. NOTE: it was later reported that PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 are also affected.

The PHP interpreter does not offer a reliable "sandboxed" security layer (as found in, say, a JVM) in which untrusted scripts can be run; any script run by the PHP interpreter must be trusted with the privileges of the interpreter itself. We therefore do not classify this issue as security-sensitive since no trust boundary is crossed. https://www.cve.org/CVERecord?id=CVE-2007-1581 https://nvd.nist.gov/vuln/detail/CVE-2007-1581

The resource system in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allows context-dependent attackers to execute arbitrary code by interrupting certain functions in the GD (ext/gd) extension and unspecified other extensions via a userspace error handler, which can be used to destroy and modify internal resources.

The PHP interpreter does not offer a reliable "sandboxed" security layer (as found in, say, a JVM) in which untrusted scripts can be run; any script run by the PHP interpreter must be trusted with the privileges of the interpreter itself. We therefore do not classify this issue as security-sensitive since no trust boundary is crossed. https://www.cve.org/CVERecord?id=CVE-2007-1582 https://nvd.nist.gov/vuln/detail/CVE-2007-1582 Low 2007-03-20T00:00:00 security flaw

The mb_parse_str function in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 sets the internal register_globals flag and does not disable it in certain cases when a script terminates, which allows remote attackers to invoke available PHP scripts with register_globals functionality that is not detectable by these scripts, as demonstrated by forcing a memory_limit violation.

Red Hat Enterprise Linux 3 2007-04-16T00:00:00 RHSA-2007:0155 php-0:4.3.2-40.ent Red Hat Enterprise Linux 4 2007-04-16T00:00:00 RHSA-2007:0155 php-0:4.3.9-3.22.4 Red Hat Enterprise Linux 5 2007-04-20T00:00:00 RHSA-2007:0153 php-0:5.1.6-11.el5 Red Hat Web Application Stack for RHEL 4 2007-04-16T00:00:00 RHSA-2007:0162 php-0:5.1.6-3.el4s1.6 https://www.cve.org/CVERecord?id=CVE-2007-1583 https://nvd.nist.gov/vuln/detail/CVE-2007-1583

Buffer underflow in the header function in PHP 5.2.0 allows context-dependent attackers to execute arbitrary code by passing an all-whitespace string to this function, which causes it to write '\0' characters in whitespace that precedes the string.

This CVE name is a duplicate as the vulnerability is addressed by CVE-2007-0907. https://www.cve.org/CVERecord?id=CVE-2007-1584 https://nvd.nist.gov/vuln/detail/CVE-2007-1584 Important 2007-03-16T00:00:00 IPv6 oops triggerable by any user

net/ipv6/tcp_ipv6.c in Linux kernel 2.6.x up to 2.6.21-rc3 inadvertently copies the ipv6_fl_socklist from a listening TCP socket to child sockets, which allows local users to cause a denial of service (OOPS) or double free by opening a listening IPv6 socket, attaching a flow label, and connecting to that socket.

Red Hat Enterprise Linux 2.1 2007-08-08T00:00:00 RHSA-2007:0672 kernel-0:2.4.9-e.72 Red Hat Enterprise Linux 2.1 2007-08-08T00:00:00 RHSA-2007:0673 kernel-0:2.4.18-e.65 Red Hat Enterprise Linux 3 2007-06-08T00:00:00 RHSA-2007:0436 kernel-0:2.4.21-50.EL Red Hat Enterprise Linux 4 2007-04-28T00:00:00 RHBA-2007:0304 kernel-0:2.6.9-55.EL Red Hat Enterprise Linux 5 2007-05-16T00:00:00 RHSA-2007:0347 kernel-0:2.6.18-8.1.4.el5 https://www.cve.org/CVERecord?id=CVE-2007-1592 https://nvd.nist.gov/vuln/detail/CVE-2007-1592

PHP 5.2.1 allows context-dependent attackers to read portions of heap memory by executing certain scripts with a serialized data input string beginning with S:, which does not properly track the number of input bytes being processed.

Not vulnerable. These issues did not affect the versions of PHP as shipped with Red Hat Enterprise Linux 2.1, 3, 4, 5, Stronghold 4.0, or Red Hat Application Stack 1. https://www.cve.org/CVERecord?id=CVE-2007-1649 https://nvd.nist.gov/vuln/detail/CVE-2007-1649 Critical 2007-11-05T00:00:00 pcre regular expression flaws

Perl-Compatible Regular Expression (PCRE) library before 7.3 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via regex patterns containing unmatched "\Q\E" sequences with orphan "\E" codes.

Red Hat would like to thank Tavis Ormandy and Will Drewry for reporting this issue. Red Hat Enterprise Linux 4 2007-11-29T00:00:00 RHSA-2007:1068 pcre-0:4.5-4.el4_6.6 Red Hat Enterprise Linux 5 2007-11-05T00:00:00 RHSA-2007:0967 pcre-0:6.6-2.el5_0.1 https://www.cve.org/CVERecord?id=CVE-2007-1659 https://nvd.nist.gov/vuln/detail/CVE-2007-1659 Important 2007-11-05T00:00:00 pcre regular expression flaws

Perl-Compatible Regular Expression (PCRE) library before 7.0 does not properly calculate sizes for unspecified "multiple forms of character class", which triggers a buffer overflow that allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code.

Red Hat would like to thank Tavis Ormandy and Will Drewry for reporting this issue. Red Hat Enterprise Linux 2.1 2007-11-29T00:00:00 RHSA-2007:1065 pcre-0:3.4-2.4 Red Hat Enterprise Linux 2.1 2008-07-16T00:00:00 RHSA-2008:0546 php-0:4.1.2-2.20 Red Hat Enterprise Linux 3 2007-11-29T00:00:00 RHSA-2007:1063 pcre-0:3.9-10.4 Red Hat Enterprise Linux 4 2007-11-05T00:00:00 RHSA-2007:0968 pcre-0:4.5-4.el4_5.1 Red Hat Enterprise Linux 5 2007-11-05T00:00:00 RHSA-2007:0967 pcre-0:6.6-2.el5_0.1 https://www.cve.org/CVERecord?id=CVE-2007-1660 https://nvd.nist.gov/vuln/detail/CVE-2007-1660 Important 2007-11-05T00:00:00 : pcre < 7.3 non-UTF-8 over-backtracking issue

Perl-Compatible Regular Expression (PCRE) library before 7.3 backtracks too far when matching certain input bytes against some regex patterns in non-UTF-8 mode, which allows context-dependent attackers to obtain sensitive information or cause a denial of service (crash), as demonstrated by the "\X?\d" and "\P{L}?\d" patterns.

https://www.cve.org/CVERecord?id=CVE-2007-1661 https://nvd.nist.gov/vuln/detail/CVE-2007-1661 Important 2007-11-05T00:00:00 : pcre < 7.3 unmatched bracket/paren past EoS read issue

Perl-Compatible Regular Expression (PCRE) library before 7.3 reads past the end of the string when searching for unmatched brackets and parentheses, which allows context-dependent attackers to cause a denial of service (crash), possibly involving forward references.

https://www.cve.org/CVERecord?id=CVE-2007-1662 https://nvd.nist.gov/vuln/detail/CVE-2007-1662 Moderate 2007-03-09T00:00:00 XGetPixel() integer overflow

Multiple integer overflows in (1) the XGetPixel function in ImUtil.c in X.Org libx11 before 1.0.3, and (2) XInitImage function in xwd.c for ImageMagick, allow user-assisted remote attackers to cause a denial of service (crash) or obtain sensitive information via crafted images with large or negative values that trigger a buffer overflow.

Red Hat Enterprise Linux 2.1 2007-04-03T00:00:00 RHSA-2007:0125 XFree86-0:4.1.0-82.EL Red Hat Enterprise Linux 3 2007-04-03T00:00:00 RHSA-2007:0125 XFree86-0:4.3.0-120.EL Red Hat Enterprise Linux 4 2007-04-03T00:00:00 RHSA-2007:0126 xorg-x11-0:6.8.2-1.EL.13.37.7 Red Hat Enterprise Linux 5 2007-04-16T00:00:00 RHSA-2007:0157 libX11-0:1.0.3-8.0.1.el5 Red Hat Enterprise Linux 5 2007-04-16T00:00:00 RHSA-2007:0157 xorg-x11-apps-0:7.1-4.0.1.el5 https://www.cve.org/CVERecord?id=CVE-2007-1667 https://nvd.nist.gov/vuln/detail/CVE-2007-1667 php session extension refcount handling issue

The session extension in PHP 4 before 4.4.5, and PHP 5 before 5.2.1, calculates the reference count for the session variables without considering the internal pointer from the session globals, which allows context-dependent attackers to execute arbitrary code via a crafted string in the session_register after unsetting HTTP_SESSION_VARS and _SESSION, which destroys the session data Hashtable.

The PHP interpreter does not offer a reliable "sandboxed" security layer (as found in, say, a JVM) in which untrusted scripts can be run; any script run by the PHP interpreter must be trusted with the privileges of the interpreter itself. We therefore do not classify this issue as security-sensitive since no trust boundary is crossed. This CVE name is a duplicate as the vulnerability is addressed by CVE-2007-0910. https://www.cve.org/CVERecord?id=CVE-2007-1700 https://nvd.nist.gov/vuln/detail/CVE-2007-1700 Important 2007-02-14T00:00:00 php session extension global variable clobber

PHP 4 before 4.4.5, and PHP 5 before 5.2.1, when register_globals is enabled, allows context-dependent attackers to execute arbitrary code via deserialization of session data, which overwrites arbitrary global variables, as demonstrated by calling session_decode on a string beginning with "_SESSION|s:39:".

This CVE name is a duplicate as the vulnerability is addressed by CVE-2007-0910. Red Hat Enterprise Linux 2.1 2007-02-21T00:00:00 RHSA-2007:0081 php-0:4.1.2-2.14 Red Hat Enterprise Linux 3 2007-02-19T00:00:00 RHSA-2007:0076 php-0:4.3.2-39.ent Red Hat Enterprise Linux 4 2007-02-19T00:00:00 RHSA-2007:0076 php-0:4.3.9-3.22.3 Red Hat Enterprise Linux 5 2007-03-14T00:00:00 RHSA-2007:0082 php-0:5.1.6-7.el5 Red Hat Web Application Stack for RHEL 4 2007-02-22T00:00:00 RHSA-2007:0088 php-0:5.1.6-3.el4s1.5 Stronghold 4.0 for RHEL 2.1AS 2007-02-26T00:00:00 RHSA-2007:0089 stronghold-php-0:4.1.2-12 https://www.cve.org/CVERecord?id=CVE-2007-1701 https://nvd.nist.gov/vuln/detail/CVE-2007-1701

Buffer overflow in the confirm_phpdoc_compiled function in the phpDOC extension (PECL phpDOC) in PHP 5.2.1 allows context-dependent attackers to execute arbitrary code via a long argument string.

Not vulnerable. PHP as shipped with Red Hat Enterprise Linux 2.1, 3, 4, 5, Red Hat Application Stack, and Stronghold 4.0 do not include PHPDoc support. https://www.cve.org/CVERecord?id=CVE-2007-1709 https://nvd.nist.gov/vuln/detail/CVE-2007-1709

The readfile function in PHP 4.4.4, 5.1.6, and 5.2.1 allows context-dependent attackers to bypass safe_mode restrictions and read arbitrary files by referring to local files with a certain URL syntax instead of a pathname syntax, as demonstrated by a filename preceded a "php://../../" sequence.

We do not consider these to be security issues. For more details see http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1 and http://www.php.net/security-note.php https://www.cve.org/CVERecord?id=CVE-2007-1710 https://nvd.nist.gov/vuln/detail/CVE-2007-1710 Important 2007-03-25T00:00:00 security flaw

Double free vulnerability in the unserializer in PHP 4.4.5 and 4.4.6 allows context-dependent attackers to execute arbitrary code by overwriting variables pointing to (1) the GLOBALS array or (2) the session data in _SESSION. NOTE: this issue was introduced when attempting to patch CVE-2007-1701 (MOPB-31-2007).

Red Hat Enterprise Linux 2.1 2007-04-16T00:00:00 RHSA-2007:0154 php-0:4.1.2-2.17 Red Hat Enterprise Linux 3 2007-04-16T00:00:00 RHSA-2007:0155 php-0:4.3.2-40.ent Red Hat Enterprise Linux 4 2007-04-16T00:00:00 RHSA-2007:0155 php-0:4.3.9-3.22.4 Stronghold 4.0 for RHEL 2.1AS 2007-04-20T00:00:00 RHSA-2007:0163 stronghold-php-0:4.1.2-15 https://www.cve.org/CVERecord?id=CVE-2007-1711 https://nvd.nist.gov/vuln/detail/CVE-2007-1711 Low 2007-03-03T00:00:00 security flaw

pam_console does not properly restore ownership for certain console devices when there are multiple users logged into the console and one user logs out, which might allow local users to gain privileges.

Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=233581 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/ Red Hat Enterprise Linux 3 2007-06-07T00:00:00 RHSA-2007:0465 cdrtools-8:2.01.0.a32-0.EL3.6 Red Hat Enterprise Linux 3 2007-06-07T00:00:00 RHSA-2007:0465 pam-0:0.75-72 Red Hat Enterprise Linux 4 2007-11-15T00:00:00 RHSA-2007:0737 pam-0:0.77-66.23 Red Hat Enterprise Linux 5 2007-11-07T00:00:00 RHSA-2007:0555 pam-0:0.99.6.2-3.26.el5 https://www.cve.org/CVERecord?id=CVE-2007-1716 https://nvd.nist.gov/vuln/detail/CVE-2007-1716

The mail function in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 truncates e-mail messages at the first ASCIIZ ('\0') byte, which might allow context-dependent attackers to prevent intended information from being delivered in e-mail messages. NOTE: this issue might be security-relevant in cases when the trailing contents of e-mail messages are important, such as logging information or if the message is expected to be well-formed.

This issue has no security impact. https://www.cve.org/CVERecord?id=CVE-2007-1717 https://nvd.nist.gov/vuln/detail/CVE-2007-1717 Low 2007-03-26T00:00:00 security flaw

CRLF injection vulnerability in the mail function in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allows remote attackers to inject arbitrary e-mail headers and possibly conduct spam attacks via a control character immediately following folding of the (1) Subject or (2) To parameter, as demonstrated by a parameter containing a "\r\n\t\n" sequence, related to an increment bug in the SKIP_LONG_HEADER_SEP macro.

Red Hat Enterprise Linux 3 2007-04-16T00:00:00 RHSA-2007:0155 php-0:4.3.2-40.ent Red Hat Enterprise Linux 4 2007-04-16T00:00:00 RHSA-2007:0155 php-0:4.3.9-3.22.4 Red Hat Enterprise Linux 5 2007-04-20T00:00:00 RHSA-2007:0153 php-0:5.1.6-11.el5 Red Hat Web Application Stack for RHEL 4 2007-04-16T00:00:00 RHSA-2007:0162 php-0:5.1.6-3.el4s1.6 https://www.cve.org/CVERecord?id=CVE-2007-1718 https://nvd.nist.gov/vuln/detail/CVE-2007-1718 kernel dccp memory disclosure

Integer signedness error in the DCCP support in the do_dccp_getsockopt function in net/dccp/proto.c in Linux kernel 2.6.20 and later allows local users to read kernel memory or cause a denial of service (oops) via a negative optlen value.

Not vulnerable. This issue did not affect the version of the Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5. https://www.cve.org/CVERecord?id=CVE-2007-1730 https://nvd.nist.gov/vuln/detail/CVE-2007-1730

The DCCP support in the do_dccp_getsockopt function in net/dccp/proto.c in Linux kernel 2.6.20 and later does not verify the upper bounds of the optlen value, which allows local users running on certain architectures to read kernel memory or cause a denial of service (oops), a related issue to CVE-2007-1730.

Not vulnerable. This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5. https://www.cve.org/CVERecord?id=CVE-2007-1734 https://nvd.nist.gov/vuln/detail/CVE-2007-1734

Multiple race conditions in suexec in Apache HTTP Server (httpd) 2.2.3 between directory and file validation, and their usage, allow local users to gain privileges and execute arbitrary code by renaming directories or performing symlink attacks. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."

These attacks are reliant on an insecure configuration of the server - that the user the server runs as has write access to the document root. The suexec security model is not intented to protect against privilege escalation in such a configuration https://www.cve.org/CVERecord?id=CVE-2007-1741 https://nvd.nist.gov/vuln/detail/CVE-2007-1741

suexec in Apache HTTP Server (httpd) 2.2.3 uses a partial comparison for verifying whether the current directory is within the document root, which might allow local users to perform unauthorized operations on incorrect directories, as demonstrated using "html_backup" and "htmleditor" under an "html" directory. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."

These attacks are reliant on an insecure configuration of the server - that the user the server runs as has write access to the document root. The suexec security model is not intented to protect against privilege escalation in such a configuration https://www.cve.org/CVERecord?id=CVE-2007-1742 https://nvd.nist.gov/vuln/detail/CVE-2007-1742

suexec in Apache HTTP Server (httpd) 2.2.3 does not verify combinations of user and group IDs on the command line, which might allow local users to leverage other vulnerabilities to create arbitrary UID/GID owned files if /proc is mounted. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root." In addition, because this is dependent on other vulnerabilities, perhaps this is resultant and should not be included in CVE.

These attacks are reliant on an insecure configuration of the server - that the user the server runs as has write access to the document root. The suexec security model is not intented to protect against privilege escalation in such a configuration https://www.cve.org/CVERecord?id=CVE-2007-1743 https://nvd.nist.gov/vuln/detail/CVE-2007-1743

Integer overflow in the zip_read_entry function in PHP 4 before 4.4.5 allows remote attackers to execute arbitrary code via a ZIP archive that contains an entry with a length value of 0xffffffff, which is incremented before use in an emalloc call, triggering a heap overflow.

Not vulnerable. The zip extension was not distributed with PHP as shipped with Red Hat Enterprise Linux 2.1, 3, 4, 5, Stronghold 4.0, or Red Hat Application Stack 1. https://www.cve.org/CVERecord?id=CVE-2007-1777 https://nvd.nist.gov/vuln/detail/CVE-2007-1777 Moderate 2007-03-31T00:00:00 Heap overflow in ImageMagick's DCM and XWD coders

Multiple integer overflows in ImageMagick before 6.3.3-5 allow remote attackers to execute arbitrary code via (1) a crafted DCM image, which results in a heap-based overflow in the ReadDCMImage function, or (2) the (a) colors or (b) comments field in a crafted XWD image, which results in a heap-based overflow in the ReadXWDImage function, different issues than CVE-2007-1667.

Red Hat Enterprise Linux 2.1 2008-04-17T00:00:00 RHSA-2008:0165 ImageMagick-0:5.3.8-21 Red Hat Enterprise Linux 3 2008-04-17T00:00:00 RHSA-2008:0145 ImageMagick-0:5.5.6-28 Red Hat Enterprise Linux 4 2008-04-17T00:00:00 RHSA-2008:0145 ImageMagick-0:6.0.7.1-17.el4_6.1 Red Hat Enterprise Linux 5 2008-04-17T00:00:00 RHSA-2008:0145 ImageMagick-0:6.2.8.0-4.el5_1.1 https://www.cve.org/CVERecord?id=CVE-2007-1797 https://nvd.nist.gov/vuln/detail/CVE-2007-1797 php php_stream_filter_create overflow

Buffer overflow in the php_stream_filter_create function in PHP 5 before 5.2.1 allows remote attackers to cause a denial of service (application crash) via a php://filter/ URL that has a name ending in the '.' character.

The PHP interpreter does not offer a reliable "sandboxed" security layer (as found in, say, a JVM) in which untrusted scripts can be run; any script run by the PHP interpreter must be trusted with the privileges of the interpreter itself. We therefore do not classify this issue as security-sensitive since no trust boundary is crossed. This CVE name is a duplicate as the vulnerability is addressed by CVE-2007-0906. https://www.cve.org/CVERecord?id=CVE-2007-1824 https://nvd.nist.gov/vuln/detail/CVE-2007-1824 Important 2007-02-14T00:00:00 php imap_mail_compose() buffer overflow via type.parameters

Buffer overflow in the imap_mail_compose function in PHP 5 before 5.2.1, and PHP 4 before 4.4.5, allows remote attackers to execute arbitrary code via a long boundary string in a type.parameters field. NOTE: as of 20070411, it appears that this issue might be subsumed by CVE-2007-0906.3.

This CVE name is a duplicate as the vulnerability is addressed by CVE-2007-0906. Red Hat Enterprise Linux 2.1 2007-02-21T00:00:00 RHSA-2007:0081 php-0:4.1.2-2.14 Red Hat Enterprise Linux 3 2007-02-19T00:00:00 RHSA-2007:0076 php-0:4.3.2-39.ent Red Hat Enterprise Linux 4 2007-02-19T00:00:00 RHSA-2007:0076 php-0:4.3.9-3.22.3 Red Hat Enterprise Linux 5 2007-03-14T00:00:00 RHSA-2007:0082 php-0:5.1.6-7.el5 Red Hat Web Application Stack for RHEL 4 2007-02-22T00:00:00 RHSA-2007:0088 php-0:5.1.6-3.el4s1.5 Stronghold 4.0 for RHEL 2.1AS 2007-02-26T00:00:00 RHSA-2007:0089 stronghold-php-0:4.1.2-12 https://www.cve.org/CVERecord?id=CVE-2007-1825 https://nvd.nist.gov/vuln/detail/CVE-2007-1825

PHP 4 before 4.4.5 and PHP 5 before 5.2.1, when using an empty session save path (session.save_path), uses the TMPDIR default after checking the restrictions, which allows local users to bypass open_basedir restrictions.

The PHP interpreter does not offer a reliable "sandboxed" security layer (as found in, say, a JVM) in which untrusted scripts can be run; any script run by the PHP interpreter must be trusted with the privileges of the interpreter itself. We therefore do not classify this issue as security-sensitive since no trust boundary is crossed. https://www.cve.org/CVERecord?id=CVE-2007-1835 https://nvd.nist.gov/vuln/detail/CVE-2007-1835 Moderate 2007-04-06T00:00:00 ipsec-tools racoon DoS

The isakmp_info_recv function in src/racoon/isakmp_inf.c in racoon in Ipsec-tools before 0.6.7 allows remote attackers to cause a denial of service (tunnel crash) via crafted (1) DELETE (ISAKMP_NPTYPE_D) and (2) NOTIFY (ISAKMP_NPTYPE_N) messages.

Red Hat Enterprise Linux 5 2007-05-17T00:00:00 RHSA-2007:0342 ipsec-tools-0:0.6.5-8.el5 https://www.cve.org/CVERecord?id=CVE-2007-1841 https://nvd.nist.gov/vuln/detail/CVE-2007-1841 Moderate 2007-04-10T00:00:00 crontab denial of service

Vixie Cron before 4.1-r10 on Gentoo Linux is installed with insecure permissions, which allows local users to cause a denial of service (cron failure) by creating hard links, which results in a failed st_nlink check in database.c.

Red Hat Enterprise Linux 3 2007-05-17T00:00:00 RHSA-2007:0345 vixie-cron-0:4.1-19.EL3 Red Hat Enterprise Linux 4 2007-05-17T00:00:00 RHSA-2007:0345 vixie-cron-4:4.1-47.EL4 Red Hat Enterprise Linux 5 2007-05-17T00:00:00 RHSA-2007:0345 vixie-cron-4:4.1-70.el5 https://www.cve.org/CVERecord?id=CVE-2007-1856 https://nvd.nist.gov/vuln/detail/CVE-2007-1856 Moderate 2007-04-19T00:00:00 tomcat anonymous cipher issue

The default SSL cipher configuration in Apache Tomcat 4.1.28 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.17 uses certain insecure ciphers, including the anonymous cipher, which allows remote attackers to obtain sensitive information or have other, unspecified impacts.

Red Hat Network Satellite Server v 4.0 2007-11-26T00:00:00 RHSA-2007:1069 jakarta-commons-pool-0:1.2-2jpp_2rh Red Hat Network Satellite Server v 4.0 2007-11-26T00:00:00 RHSA-2007:1069 tomcat5-0:5.0.30-0jpp_6rh Red Hat Network Satellite Server v 4.0 2007-11-26T00:00:00 RHSA-2007:1069 tyrex-0:1.0.1-2jpp_2rh Red Hat Network Satellite Server v 4.0 (RHEL3) 2007-11-26T00:00:00 RHSA-2007:1069 jakarta-commons-pool-0:1.2-2jpp_2rh Red Hat Network Satellite Server v 4.0 (RHEL3) 2007-11-26T00:00:00 RHSA-2007:1069 tomcat5-0:5.0.30-0jpp_6rh Red Hat Network Satellite Server v 4.0 (RHEL3) 2007-11-26T00:00:00 RHSA-2007:1069 tyrex-0:1.0.1-2jpp_2rh Red Hat Network Satellite Server v 4.1 2007-11-26T00:00:00 RHSA-2007:1069 jakarta-commons-pool-0:1.2-2jpp_2rh Red Hat Network Satellite Server v 4.1 2007-11-26T00:00:00 RHSA-2007:1069 tomcat5-0:5.0.30-0jpp_6rh Red Hat Network Satellite Server v 4.1 2007-11-26T00:00:00 RHSA-2007:1069 tyrex-0:1.0.1-2jpp_2rh Red Hat Network Satellite Server v 4.1 (RHEL3) 2007-11-26T00:00:00 RHSA-2007:1069 jakarta-commons-pool-0:1.2-2jpp_2rh Red Hat Network Satellite Server v 4.1 (RHEL3) 2007-11-26T00:00:00 RHSA-2007:1069 tomcat5-0:5.0.30-0jpp_6rh Red Hat Network Satellite Server v 4.1 (RHEL3) 2007-11-26T00:00:00 RHSA-2007:1069 tyrex-0:1.0.1-2jpp_2rh Red Hat Network Satellite Server v 4.2 2007-11-26T00:00:00 RHSA-2007:1069 jakarta-commons-pool-0:1.2-2jpp_2rh Red Hat Network Satellite Server v 4.2 2007-11-26T00:00:00 RHSA-2007:1069 tomcat5-0:5.0.30-0jpp_6rh Red Hat Network Satellite Server v 4.2 2007-11-26T00:00:00 RHSA-2007:1069 tyrex-0:1.0.1-2jpp_2rh Red Hat Network Satellite Server v 4.2 (RHEL3) 2007-11-26T00:00:00 RHSA-2007:1069 jakarta-commons-pool-0:1.2-2jpp_2rh Red Hat Network Satellite Server v 4.2 (RHEL3) 2007-11-26T00:00:00 RHSA-2007:1069 tomcat5-0:5.0.30-0jpp_6rh Red Hat Network Satellite Server v 4.2 (RHEL3) 2007-11-26T00:00:00 RHSA-2007:1069 tyrex-0:1.0.1-2jpp_2rh Red Hat Network Satellite Server v 5.0 2007-11-26T00:00:00 RHSA-2007:1069 jakarta-commons-pool-0:1.2-2jpp_2rh Red Hat Network Satellite Server v 5.0 2007-11-26T00:00:00 RHSA-2007:1069 tomcat5-0:5.0.30-0jpp_6rh Red Hat Network Satellite Server v 5.0 2007-11-26T00:00:00 RHSA-2007:1069 tyrex-0:1.0.1-2jpp_2rh RHAPS Version 1 for RHEL 3 2007-05-08T00:00:00 RHSA-2007:0340 tomcat5-0:5.0.30-0jpp_5rh RHAPS Version 2 for RHEL 4 2007-05-21T00:00:00 RHSA-2007:0326 jakarta-commons-modeler-0:2.0-3jpp_2rh RHAPS Version 2 for RHEL 4 2007-05-21T00:00:00 RHSA-2007:0326 tomcat5-0:5.5.23-0jpp_4rh.3 https://www.cve.org/CVERecord?id=CVE-2007-1858 https://nvd.nist.gov/vuln/detail/CVE-2007-1858 Important 2007-05-03T00:00:00 xscreensaver authentication bypass

XScreenSaver 4.10, when using a remote directory service for credentials, does not properly handle the results from the getpwuid function in drivers/lock.c when there is no network connectivity, which causes XScreenSaver to crash and unlock the screen and allows local users to bypass authentication.

Red Hat Enterprise Linux 2.1 2007-05-02T00:00:00 RHSA-2007:0322 xscreensaver-1:3.33-4.rhel21.5 Red Hat Enterprise Linux 3 2007-05-02T00:00:00 RHSA-2007:0322 xscreensaver-1:4.10-21.el3 Red Hat Enterprise Linux 4 2007-05-02T00:00:00 RHSA-2007:0322 xscreensaver-1:4.18-5.rhel4.14 https://www.cve.org/CVERecord?id=CVE-2007-1859 https://nvd.nist.gov/vuln/detail/CVE-2007-1859 Important 2007-05-21T00:00:00 mod_jk sends decoded URL to tomcat

mod_jk in Apache Tomcat JK Web Server Connector 1.2.x before 1.2.23 decodes request URLs within the Apache HTTP Server before passing the URL to Tomcat, which allows remote attackers to access protected pages via a crafted prefix JkMount, possibly involving double-encoded .. (dot dot) sequences and directory traversal, a related issue to CVE-2007-0450.

Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 jabberd-0:2.0s10-3.38.rhn Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 jfreechart-0:0.9.20-3.rhn Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 openmotif21-0:2.1.30-11.RHEL4.6 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 perl-Crypt-CBC-0:2.24-1.el4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 rhn-apache-0:1.3.27-36.rhn.rhel4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 rhn-modjk-0:1.2.23-2rhn.rhel4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 rhn-modperl-0:1.29-16.rhel4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 rhn-modssl-0:2.8.12-8.rhn.10.rhel4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 tomcat5-0:5.0.30-0jpp_10rh Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 jabberd-0:2.0s10-3.37.rhn Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 jfreechart-0:0.9.20-3.rhn Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 openmotif21-0:2.1.30-9.RHEL3.8 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 perl-Crypt-CBC-0:2.24-1.el3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 rhn-apache-0:1.3.27-36.rhn.rhel3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 rhn-modjk-0:1.2.23-2rhn.rhel3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 rhn-modperl-0:1.29-16.rhel3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 rhn-modssl-0:2.8.12-8.rhn.10.rhel3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 tomcat5-0:5.0.30-0jpp_10rh Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 jabberd-0:2.0s10-3.38.rhn Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 jfreechart-0:0.9.20-3.rhn Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 openmotif21-0:2.1.30-11.RHEL4.6 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 perl-Crypt-CBC-0:2.24-1.el4 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 rhn-apache-0:1.3.27-36.rhn.rhel4 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 rhn-modjk-0:1.2.23-2rhn.rhel4 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 rhn-modperl-0:1.29-16.rhel4 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 rhn-modssl-0:2.8.12-8.rhn.10.rhel4 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 tomcat5-0:5.0.30-0jpp_10rh Red Hat Web Application Stack for RHEL 4 2007-05-30T00:00:00 RHSA-2007:0379 mod_jk-0:1.2.20-1.el4s1.5 RHAPS Version 2 for RHEL 4 2007-05-30T00:00:00 RHSA-2007:0380 mod_jk-0:1.2.20-1jpp_2rh https://www.cve.org/CVERecord?id=CVE-2007-1860 https://nvd.nist.gov/vuln/detail/CVE-2007-1860 Important 2007-04-25T00:00:00 infinite recursion in netlink

The nl_fib_lookup function in net/ipv4/fib_frontend.c in Linux Kernel before 2.6.20.8 allows attackers to cause a denial of service (kernel panic) via NETLINK_FIB_LOOKUP replies, which trigger infinite recursion and a stack overflow.

Red Hat Enterprise Linux 5 2007-05-16T00:00:00 RHSA-2007:0347 kernel-0:2.6.18-8.1.4.el5 https://www.cve.org/CVERecord?id=CVE-2007-1861 https://nvd.nist.gov/vuln/detail/CVE-2007-1861 httpd's mod_mem_cache sensitive information disclosure

The recall_headers function in mod_mem_cache in Apache 2.2.4 does not properly copy all levels of header data, which can cause Apache to return HTTP headers containing previously used data, which could be used by remote attackers to obtain potentially sensitive information.

Not vulnerable. This issue was specific to httpd version 2.2.4 and did not affect the versions of httpd as shipped with Red Hat Enterprise Linux 2.1, 3, 4 or 5. https://www.cve.org/CVERecord?id=CVE-2007-1862 https://nvd.nist.gov/vuln/detail/CVE-2007-1862 Moderate 2007-05-02T00:00:00 httpd mod_cache segfault

cache_util.c in the mod_cache module in Apache HTTP Server (httpd), when caching is enabled and a threaded Multi-Processing Module (MPM) is used, allows remote attackers to cause a denial of service (child processing handler crash) via a request with the (1) s-maxage, (2) max-age, (3) min-fresh, or (4) max-stale Cache-Control headers without a value.

Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 ant-0:1.6.5-1jpp_1rh Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 avalon-logkit-0:1.2-2jpp_4rh Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 axis-0:1.2.1-1jpp_3rh Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 classpathx-jaf-0:1.0-2jpp_6rh Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 classpathx-mail-0:1.1.1-2jpp_8rh Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 geronimo-specs-0:1.0-0.M4.1jpp_10rh Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 jakarta-commons-modeler-0:2.0-3jpp_2rh Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 log4j-0:1.2.12-1jpp_1rh Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 mx4j-1:3.0.1-1jpp_4rh Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 pcsc-lite-0:1.3.3-3.el4 Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 rhpki-ca-0:7.3.0-20.el4 Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 rhpki-java-tools-0:7.3.0-10.el4 Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 rhpki-kra-0:7.3.0-14.el4 Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 rhpki-manage-0:7.3.0-19.el4 Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 rhpki-native-tools-0:7.3.0-6.el4 Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 rhpki-ocsp-0:7.3.0-13.el4 Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 rhpki-tks-0:7.3.0-13.el4 Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 tomcat5-0:5.5.23-0jpp_4rh.16 Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 xerces-j2-0:2.7.1-1jpp_1rh Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 xml-commons-0:1.3.02-2jpp_1rh Red Hat Enterprise Linux 3 2007-06-27T00:00:00 RHSA-2007:0533 httpd-0:2.0.46-67.ent Red Hat Enterprise Linux 4 2007-06-26T00:00:00 RHSA-2007:0534 httpd-0:2.0.52-32.2.ent Red Hat Enterprise Linux 5 2007-06-26T00:00:00 RHSA-2007:0556 httpd-0:2.2.3-7.el5 Red Hat Web Application Stack for RHEL 4 2007-07-13T00:00:00 RHSA-2007:0557 httpd-0:2.0.59-1.el4s1.7 https://www.cve.org/CVERecord?id=CVE-2007-1863 https://nvd.nist.gov/vuln/detail/CVE-2007-1863 Important 2007-05-03T00:00:00 php libxmlrpc library overflow

Buffer overflow in the bundled libxmlrpc library in PHP before 4.4.7, and 5.x before 5.2.2, has unknown impact and remote attack vectors.

Red Hat Enterprise Linux 4 2007-05-09T00:00:00 RHSA-2007:0349 php-0:4.3.9-3.22.5 Red Hat Enterprise Linux 5 2007-05-08T00:00:00 RHSA-2007:0348 php-0:5.1.6-12.el5 Red Hat Web Application Stack for RHEL 4 2007-05-10T00:00:00 RHSA-2007:0355 php-0:5.1.6-3.el4s1.7 https://www.cve.org/CVERecord?id=CVE-2007-1864 https://nvd.nist.gov/vuln/detail/CVE-2007-1864

PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allows context-dependent attackers to read arbitrary memory locations via an interruption that triggers a user space error handler that changes a parameter to an arbitrary pointer, as demonstrated via the iptcembed function, which calls certain convert_to_* functions with its input parameters.

The PHP interpreter does not offer a reliable "sandboxed" security layer (as found in, say, a JVM) in which untrusted scripts can be run; any script run by the PHP interpreter must be trusted with the privileges of the interpreter itself. We therefore do not classify this issue as security-sensitive since no trust boundary is crossed. https://www.cve.org/CVERecord?id=CVE-2007-1883 https://nvd.nist.gov/vuln/detail/CVE-2007-1883

Multiple integer signedness errors in the printf function family in PHP 4 before 4.4.5 and PHP 5 before 5.2.1 on 64 bit machines allow context-dependent attackers to execute arbitrary code via (1) certain negative argument numbers that arise in the php_formatted_print function because of 64 to 32 bit truncation, and bypass a check for the maximum allowable value; and (2) a width and precision of -1, which make it possible for the php_sprintf_appendstring function to place an internal buffer at an arbitrary memory location.

The PHP interpreter does not offer a reliable "sandboxed" security layer (as found in, say, a JVM) in which untrusted scripts can be run; any script run by the PHP interpreter must be trusted with the privileges of the interpreter itself. We therefore do not classify this issue as security-sensitive since no trust boundary is crossed. https://www.cve.org/CVERecord?id=CVE-2007-1884 https://nvd.nist.gov/vuln/detail/CVE-2007-1884

Integer overflow in the str_replace function in PHP 4 before 4.4.5 and PHP 5 before 5.2.1 allows context-dependent attackers to execute arbitrary code via a single character search string in conjunction with a long replacement string, which overflows a 32 bit length counter. NOTE: this is probably the same issue as CVE-2007-0906.6.

This CVE name is a duplicate as the vulnerability is addressed by CVE-2007-0906. https://www.cve.org/CVERecord?id=CVE-2007-1885 https://nvd.nist.gov/vuln/detail/CVE-2007-1885

Integer overflow in the str_replace function in PHP 4.4.5 and PHP 5.2.1 allows context-dependent attackers to have an unknown impact via a single character search string in conjunction with a single character replacement string, which causes an "off by one overflow."

We do not consider this flaw to be a security issue as it is only exploitable by the script author. No trust boundary is crossed. For more information please see: https://bugzilla.redhat.com/show_bug.cgi?id=mopb#c37 https://www.cve.org/CVERecord?id=CVE-2007-1886 https://nvd.nist.gov/vuln/detail/CVE-2007-1886

Buffer overflow in the sqlite_decode_binary function in the bundled sqlite library in PHP 4 before 4.4.5 and PHP 5 before 5.2.1 allows context-dependent attackers to execute arbitrary code via an empty value of the in parameter, as demonstrated by calling the sqlite_udf_decode_binary function with a 0x01 character.

Not vulnerable. These issues did not affect the versions of PHP as shipped with Red Hat Enterprise Linux 2.1, 3, 4, 5, Stronghold 4.0, or Red Hat Application Stack 1. https://www.cve.org/CVERecord?id=CVE-2007-1887 https://nvd.nist.gov/vuln/detail/CVE-2007-1887

Buffer overflow in the sqlite_decode_binary function in src/encode.c in SQLite 2, as used by PHP 4.x through 5.x and other applications, allows context-dependent attackers to execute arbitrary code via an empty value of the in parameter. NOTE: some PHP installations use a bundled version of sqlite without this vulnerability. The SQLite developer has argued that this issue could be due to a misuse of the sqlite_decode_binary() API.

Not vulnerable. These issues did not affect the versions of PHP as shipped with Red Hat Enterprise Linux 2.1, 3, 4, 5, Stronghold 4.0, or Red Hat Application Stack 1. https://www.cve.org/CVERecord?id=CVE-2007-1888 https://nvd.nist.gov/vuln/detail/CVE-2007-1888

Integer signedness error in the _zend_mm_alloc_int function in the Zend Memory Manager in PHP 5.2.0 allows remote attackers to execute arbitrary code via a large emalloc request, related to an incorrect signed long cast, as demonstrated via the HTTP SOAP client in PHP, and via a call to msg_receive with the largest positive integer value of maxsize.

Not vulnerable. These issues did not affect the versions of PHP as shipped with Red Hat Enterprise Linux 2.1, 3, 4, 5, Stronghold 4.0, or Red Hat Application Stack 1. https://www.cve.org/CVERecord?id=CVE-2007-1889 https://nvd.nist.gov/vuln/detail/CVE-2007-1889

Integer overflow in the msg_receive function in PHP 4 before 4.4.5 and PHP 5 before 5.2.1, on FreeBSD and possibly other platforms, allows context-dependent attackers to execute arbitrary code via certain maxsize values, as demonstrated by 0xffffffff.

The PHP interpreter does not offer a reliable "sandboxed" security layer (as found in, say, a JVM) in which untrusted scripts can be run; any script run by the PHP interpreter must be trusted with the privileges of the interpreter itself. We therefore do not classify this issue as security-sensitive since no trust boundary is crossed. https://www.cve.org/CVERecord?id=CVE-2007-1890 https://nvd.nist.gov/vuln/detail/CVE-2007-1890 php ext/filter email validation issue

CRLF injection vulnerability in the FILTER_VALIDATE_EMAIL filter in ext/filter in PHP 5.2.0 and 5.2.1 allows context-dependent attackers to inject arbitrary e-mail headers via an e-mail address with a '\n' character, which causes a regular expression to ignore the subsequent part of the address string.

Not vulnerable. The filter extension was not shipped in the versions of PHP supplied for Red Hat Enterprise Linux 2.1, 3, 4, 5, Stronghold 4.0, or Red Hat Application Stack 1. https://www.cve.org/CVERecord?id=CVE-2007-1900 https://nvd.nist.gov/vuln/detail/CVE-2007-1900 Moderate 2007-04-08T00:00:00 Quagga bgpd DoS

bgpd/bgp_attr.c in Quagga 0.98.6 and earlier, and 0.99.6 and earlier 0.99 versions, does not validate length values in the MP_REACH_NLRI and MP_UNREACH_NLRI attributes, which allows remote attackers to cause a denial of service (daemon crash or exit) via crafted UPDATE messages that trigger an assertion error or out of bounds read.

Red Hat Enterprise Linux 3 2007-05-30T00:00:00 RHSA-2007:0389 quagga-0:0.96.2-12.3E Red Hat Enterprise Linux 4 2007-05-30T00:00:00 RHSA-2007:0389 quagga-0:0.98.3-2.4.0.1.el4 Red Hat Enterprise Linux 5 2007-05-30T00:00:00 RHSA-2007:0389 quagga-0:0.98.6-2.1.0.1.el5 https://www.cve.org/CVERecord?id=CVE-2007-1995 https://nvd.nist.gov/vuln/detail/CVE-2007-1995 Important 2007-05-25T00:00:00 kdebase3 flash-player interaction problem

Adobe Macromedia Flash Player 7 and 9, when used with Opera before 9.20 or Konqueror before 20070613, allows remote attackers to obtain sensitive information (browser keystrokes), which are leaked to the Flash Player applet.

Red Hat Enterprise Linux 3 2007-06-13T00:00:00 RHSA-2007:0494 kdebase-6:3.1.3-5.16 Red Hat Enterprise Linux 4 2007-06-13T00:00:00 RHSA-2007:0494 kdebase-6:3.3.1-5.19.rhel4 Red Hat Enterprise Linux 5 2007-06-13T00:00:00 RHSA-2007:0494 kdebase-6:3.5.4-13.6.el5 https://www.cve.org/CVERecord?id=CVE-2007-2022 https://nvd.nist.gov/vuln/detail/CVE-2007-2022

The gnu regular expression code in file 4.20 allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted document with a large number of line feed characters, which is not well handled by OS/2 REXX regular expressions that use wildcards, as originally reported for AMaViS.

Not vulnerable. These issues did not affect the versions of file as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5. https://www.cve.org/CVERecord?id=CVE-2007-2026 https://nvd.nist.gov/vuln/detail/CVE-2007-2026 Low 2007-04-04T00:00:00 elinks tries to load .po files from a non-absolute path 4.4 AV:L/AC:M/Au:N/C:P/I:P/A:P

Untrusted search path vulnerability in the add_filename_to_string function in intl/gettext/loadmsgcat.c for Elinks 0.11.1 allows local users to cause Elinks to use an untrusted gettext message catalog (.po file) in a "../po" directory, which can be leveraged to conduct format string attacks.

Red Hat Enterprise Linux 4 2009-10-01T00:00:00 RHSA-2009:1471 elinks-0:0.9.2-4.el4_8.1 Red Hat Enterprise Linux 5 2009-10-01T00:00:00 RHSA-2009:1471 elinks-0:0.11.1-6.el5_4.1 https://www.cve.org/CVERecord?id=CVE-2007-2027 https://nvd.nist.gov/vuln/detail/CVE-2007-2027 Moderate 2007-04-12T00:00:00 security flaw

Memory leak in freeRADIUS 1.1.5 and earlier allows remote attackers to cause a denial of service (memory consumption) via a large number of EAP-TTLS tunnel connections using malformed Diameter format attributes, which causes the authentication request to be rejected but does not reclaim VALUE_PAIR data structures.

Red Hat Enterprise Linux 3 2007-05-10T00:00:00 RHSA-2007:0338 freeradius-0:1.0.1-2.RHEL3.4 Red Hat Enterprise Linux 4 2007-05-10T00:00:00 RHSA-2007:0338 freeradius-0:1.0.1-3.RHEL4.5 Red Hat Enterprise Linux 5 2007-05-10T00:00:00 RHSA-2007:0338 freeradius-0:1.1.3-1.2.el5 https://www.cve.org/CVERecord?id=CVE-2007-2028 https://nvd.nist.gov/vuln/detail/CVE-2007-2028 Low 2006-01-13T00:00:00 /tmp race in lha

lharc.c in lha does not securely create temporary files, which might allow local users to read or write files by creating a file before LHA is invoked.

Red Hat no longer plans to fix this issue in Red Hat Enterprise Linux 4. Red Hat Enterprise Linux 4 Will not fix lha https://www.cve.org/CVERecord?id=CVE-2007-2030 https://nvd.nist.gov/vuln/detail/CVE-2007-2030 Low 2007-04-02T00:00:00 python off-by-one locale.strxfrm() (possible memory disclosure) CWE-193

Off-by-one error in the PyLocale_strxfrm function in Modules/_localemodule.c for Python 2.4 and 2.5 causes an incorrect buffer size to be used for the strxfrm function, which allows context-dependent attackers to read portions of memory via unknown manipulations that trigger a buffer over-read due to missing null termination.

The Red Hat Product Security has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: https://access.redhat.com/security/updates/classification/ Red Hat Enterprise Linux 2.1 2007-12-10T00:00:00 RHSA-2007:1077 python-0:1.5.2-43.72.2 Red Hat Enterprise Linux 3 2007-12-10T00:00:00 RHSA-2007:1076 python-0:2.2.3-6.8 Red Hat Enterprise Linux 4 2007-12-10T00:00:00 RHSA-2007:1076 python-0:2.3.4-14.4.el4_6.1 Red Hat Enterprise Linux 5 2009-07-27T00:00:00 RHSA-2009:1176 python-0:2.4.3-24.el5_3.6 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0525 rhn-solaris-bootstrap-0:5.0.2-3 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0525 rhn_solaris_bootstrap_5_0_2_3-0:1-0 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0525 rhn-solaris-bootstrap-0:5.0.2-3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0525 rhn_solaris_bootstrap_5_0_2_3-0:1-0 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0264 rhn-solaris-bootstrap-0:5.0.2-3 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0264 rhn_solaris_bootstrap_5_0_2_3-0:1-0 Red Hat Network Satellite Server v 5.1 2008-08-13T00:00:00 RHSA-2008:0629 rhn-solaris-bootstrap-0:5.1.1-3 Red Hat Network Satellite Server v 5.1 2008-08-13T00:00:00 RHSA-2008:0629 rhn_solaris_bootstrap_5_1_1_3-0:1-0 https://www.cve.org/CVERecord?id=CVE-2007-2052 https://nvd.nist.gov/vuln/detail/CVE-2007-2052 Moderate 2007-04-23T00:00:00 PostgreSQL security-definer function privilege escalation

Untrusted search path vulnerability in PostgreSQL before 7.3.19, 7.4.x before 7.4.17, 8.0.x before 8.0.13, 8.1.x before 8.1.9, and 8.2.x before 8.2.4 allows remote authenticated users, when permitted to call a SECURITY DEFINER function, to gain the privileges of the function owner, related to "search_path settings."

Red Hat Enterprise Linux 3 2007-05-08T00:00:00 RHSA-2007:0336 rh-postgresql-0:7.3.19-1 Red Hat Enterprise Linux 4 2007-05-08T00:00:00 RHSA-2007:0336 postgresql-0:7.4.17-1.RHEL4.1 Red Hat Enterprise Linux 5 2007-05-08T00:00:00 RHSA-2007:0336 postgresql-0:8.1.9-1.el5 Red Hat Web Application Stack for RHEL 4 2007-05-03T00:00:00 RHSA-2007:0337 postgresql-0:8.1.9-1.el4s1.1 https://www.cve.org/CVERecord?id=CVE-2007-2138 https://nvd.nist.gov/vuln/detail/CVE-2007-2138 Important 2007-03-26T00:00:00 fib_semantics.c out of bounds access vulnerability

A typo in Linux kernel 2.6 before 2.6.21-rc6 and 2.4 before 2.4.35 causes RTA_MAX to be used as an array size instead of RTN_MAX, which leads to an "out of bound access" by the (1) dn_fib_props (dn_fib.c, DECNet) and (2) fib_props (fib_semantics.c, IPv4) functions.

Red Hat Enterprise Linux 2.1 2009-01-05T00:00:00 RHSA-2008:0787 kernel-0:2.4.18-e.67 Red Hat Enterprise Linux 2.1 2009-01-08T00:00:00 RHSA-2009:0001 kernel-0:2.4.9-e.74 Red Hat Enterprise Linux 3 2007-12-03T00:00:00 RHSA-2007:1049 kernel-0:2.4.21-53.EL Red Hat Enterprise Linux 4 2007-06-25T00:00:00 RHSA-2007:0488 kernel-0:2.6.9-55.0.2.EL Red Hat Enterprise Linux 5 2007-05-16T00:00:00 RHSA-2007:0347 kernel-0:2.6.18-8.1.4.el5 https://www.cve.org/CVERecord?id=CVE-2007-2172 https://nvd.nist.gov/vuln/detail/CVE-2007-2172

Unspecified vulnerability in Mozilla Firefox allows remote attackers to execute arbitrary code via unspecified vectors involving Javascript errors. NOTE: this might be the same issue as CVE-2007-2175.

Not vulnerable. This issue is a flaw in the way Java and Quicktime interact. https://www.cve.org/CVERecord?id=CVE-2007-2176 https://nvd.nist.gov/vuln/detail/CVE-2007-2176 Low 2007-03-28T00:00:00 Directory traversal in dovecot with zlib plugin

Directory traversal vulnerability in index/mbox/mbox-storage.c in Dovecot before 1.0.rc29, when using the zlib plugin, allows remote attackers to read arbitrary gzipped (.gz) mailboxes (mbox files) via a .. (dot dot) sequence in the mailbox name.

This issue did not affect Red Hat Enterprise Linux prior to version 5. Red Hat Enterprise Linux 5 2008-05-20T00:00:00 RHSA-2008:0297 dovecot-0:1.0.7-2.el5 https://www.cve.org/CVERecord?id=CVE-2007-2231 https://nvd.nist.gov/vuln/detail/CVE-2007-2231 Important 2007-04-30T00:00:00 bind remote DoS

Unspecified vulnerability in query.c in ISC BIND 9.4.0, and 9.5.0a1 through 9.5.0a3, when recursion is enabled, allows remote attackers to cause a denial of service (daemon exit) via a sequence of queries processed by the query_addsoa function.

Not vulnerable. These issues did not affect the versions of BIND as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5. https://www.cve.org/CVERecord?id=CVE-2007-2241 https://nvd.nist.gov/vuln/detail/CVE-2007-2241 Important 2007-04-17T00:00:00 IPv6 routing headers issue

The IPv6 protocol allows remote attackers to cause a denial of service via crafted IPv6 type 0 route headers (IPV6_RTHDR_TYPE_0) that create network amplification between two routers.

Red Hat Enterprise Linux 5 2007-05-16T00:00:00 RHSA-2007:0347 kernel-0:2.6.18-8.1.4.el5 https://www.cve.org/CVERecord?id=CVE-2007-2242 https://nvd.nist.gov/vuln/detail/CVE-2007-2242

OpenSSH 4.6 and earlier, when ChallengeResponseAuthentication is enabled, allows remote attackers to determine the existence of user accounts by attempting to authenticate via S/KEY, which displays a different response if the user account exists, a similar issue to CVE-2001-1483.

Not vulnerable. The OpenSSH packages as shipped with Red Hat Enterprise Linux do not contain S/KEY support. https://www.cve.org/CVERecord?id=CVE-2007-2243 https://nvd.nist.gov/vuln/detail/CVE-2007-2243 Critical 2007-10-25T00:00:00 realplayer swf file (flash media) heap overflow

Heap-based buffer overflow in RealNetworks RealPlayer 10.0, 10.1, and possibly 10.5, RealOne Player, and RealPlayer Enterprise allows remote attackers to execute arbitrary code via an SWF (Flash) file with malformed record headers.

Extras for RHEL 3 2007-08-17T00:00:00 RHSA-2007:0841 realplayer-0:10.0.9-0.rhel3.4 Supplementary for Red Hat Enterprise Linux 5 2007-08-17T00:00:00 RHSA-2007:0841 RealPlayer-0:10.0.9-3.el5 https://www.cve.org/CVERecord?id=CVE-2007-2263 https://nvd.nist.gov/vuln/detail/CVE-2007-2263 Critical 2007-10-25T00:00:00 realplayer ram file heap overflow

Heap-based buffer overflow in RealNetworks RealPlayer 8, 10, 10.1, and possibly 10.5; RealOne Player 1 and 2; and RealPlayer Enterprise allows remote attackers to execute arbitrary code via a RAM (.ra or .ram) file with a large size value in the RA header.

Extras for RHEL 3 2007-08-17T00:00:00 RHSA-2007:0841 realplayer-0:10.0.9-0.rhel3.4 Supplementary for Red Hat Enterprise Linux 5 2007-08-17T00:00:00 RHSA-2007:0841 RealPlayer-0:10.0.9-3.el5 https://www.cve.org/CVERecord?id=CVE-2007-2264 https://nvd.nist.gov/vuln/detail/CVE-2007-2264 Moderate 2007-04-25T00:00:00 security flaw

CRLF injection vulnerability in the Digest Authentication support for Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 allows remote attackers to conduct HTTP request splitting attacks via LF (%0a) bytes in the username attribute.

Red Hat Enterprise Linux 2.1 2007-10-19T00:00:00 RHSA-2007:0980 seamonkey-0:1.0.9-0.6.el2 Red Hat Enterprise Linux 3 2007-10-19T00:00:00 RHSA-2007:0980 seamonkey-0:1.0.9-0.5.el3 Red Hat Enterprise Linux 4 2007-10-19T00:00:00 RHSA-2007:0979 firefox-0:1.5.0.12-0.7.el4 Red Hat Enterprise Linux 4 2007-10-19T00:00:00 RHSA-2007:0980 seamonkey-0:1.0.9-6.el4 Red Hat Enterprise Linux 4 2007-10-19T00:00:00 RHSA-2007:0981 thunderbird-0:1.5.0.12-0.5.el4 Red Hat Enterprise Linux 5 2007-10-19T00:00:00 RHSA-2007:0979 firefox-0:1.5.0.12-6.el5 Red Hat Enterprise Linux 5 2007-10-19T00:00:00 RHSA-2007:0981 thunderbird-0:1.5.0.12-5.el5 https://www.cve.org/CVERecord?id=CVE-2007-2292 https://nvd.nist.gov/vuln/detail/CVE-2007-2292 Low 2007-01-09T00:00:00 lftp mirror --script does not escape names and targets of symbolic links 5.1 AV:N/AC:H/Au:N/C:P/I:P/A:P

mirror --script in lftp before 3.5.9 does not properly quote shell metacharacters, which might allow remote user-assisted attackers to execute shell commands via a malicious script. NOTE: it is not clear whether this issue crosses security boundaries, since the script already supports commands such as "get" which could overwrite executable files.

This issue does not affect lftp as supplied with Red Hat Enterprise Linux 3. This issue was addressed for Red Hat Enterprise Linux 5 by https://rhn.redhat.com/errata/RHSA-2009-1278.html The Red Hat Security Response Team has rated this issue as having low security impact, this issue will not fixed in Red Hat Enterprise Linux 4. Red Hat Enterprise Linux 5 2009-09-02T00:00:00 RHSA-2009:1278 lftp-0:3.7.11-4.el5 Red Hat Enterprise Linux 4 Will not fix lftp https://www.cve.org/CVERecord?id=CVE-2007-2348 https://nvd.nist.gov/vuln/detail/CVE-2007-2348

Apache Axis 1.0 allows remote attackers to obtain sensitive information by requesting a non-existent WSDL file, which reveals the installation path in the resulting exception message.

Red Hat ship Axis in a number of products; however the installation path of Axis is fixed and deterministic, so this flaw does not disclose otherwise unknown information. We do not plan on issuing updates to fix this issue. https://www.cve.org/CVERecord?id=CVE-2007-2353 https://nvd.nist.gov/vuln/detail/CVE-2007-2353 Moderate 2007-04-27T00:00:00 Stack overflow in gimp's sunras plugin

Stack-based buffer overflow in the set_color_table function in sunras.c in the SUNRAS plugin in Gimp 2.2.14 allows user-assisted remote attackers to execute arbitrary code via a crafted RAS file.

Red Hat Enterprise Linux 2.1 2007-05-21T00:00:00 RHSA-2007:0343 gimp-1:1.2.1-7.1.el2_1 Red Hat Enterprise Linux 3 2007-05-21T00:00:00 RHSA-2007:0343 gimp-1:1.2.3-20.3.el3 Red Hat Enterprise Linux 4 2007-05-21T00:00:00 RHSA-2007:0343 gimp-1:2.0.5-6.2.el4 Red Hat Enterprise Linux 5 2007-05-21T00:00:00 RHSA-2007:0343 gimp-2:2.2.13-2.el5 https://www.cve.org/CVERecord?id=CVE-2007-2356 https://nvd.nist.gov/vuln/detail/CVE-2007-2356 embedded prototype.js JavaScript hijacking

The Prototype (prototypejs) framework before 1.5.1 RC3 exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka "JavaScript Hijacking."

https://www.cve.org/CVERecord?id=CVE-2007-2383 https://nvd.nist.gov/vuln/detail/CVE-2007-2383

The Samba server on Apple Mac OS X 10.3.9 and 10.4.10, when Windows file sharing is enabled, does not enforce disk quotas after dropping privileges, which allows remote authenticated users to use disk space in excess of quota.

Not vulnerable. This flaw is specific to Mac OS X and does not affect any version of Red Hat Enterprise Linux. https://www.cve.org/CVERecord?id=CVE-2007-2407 https://nvd.nist.gov/vuln/detail/CVE-2007-2407 Critical 2007-04-30T00:00:00 javaws vulnerabilities

Sun Java Web Start in JDK and JRE 5.0 Update 10 and earlier, and Java Web Start in SDK and JRE 1.4.2_13 and earlier, allows remote attackers to perform unauthorized actions via an application that grants privileges to itself, related to "Incorrect Use of System Classes" and probably related to support for JNLP files.

Extras for RHEL 3 2007-08-06T00:00:00 RHSA-2007:0817 java-1.4.2-ibm-0:1.4.2.9-1jpp.1.el3 Extras for RHEL 4 2007-08-06T00:00:00 RHSA-2007:0817 java-1.4.2-ibm-0:1.4.2.9-1jpp.1.el4 Extras for RHEL 4 2007-08-07T00:00:00 RHSA-2007:0829 java-1.5.0-ibm-1:1.5.0.5-1jpp.2.el4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 jabberd-0:2.0s10-3.38.rhn Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 jfreechart-0:0.9.20-3.rhn Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 openmotif21-0:2.1.30-11.RHEL4.6 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 perl-Crypt-CBC-0:2.24-1.el4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 rhn-apache-0:1.3.27-36.rhn.rhel4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 rhn-modjk-0:1.2.23-2rhn.rhel4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 rhn-modperl-0:1.29-16.rhel4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 rhn-modssl-0:2.8.12-8.rhn.10.rhel4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 tomcat5-0:5.0.30-0jpp_10rh Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 jabberd-0:2.0s10-3.37.rhn Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 jfreechart-0:0.9.20-3.rhn Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 openmotif21-0:2.1.30-9.RHEL3.8 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 perl-Crypt-CBC-0:2.24-1.el3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 rhn-apache-0:1.3.27-36.rhn.rhel3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 rhn-modjk-0:1.2.23-2rhn.rhel3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 rhn-modperl-0:1.29-16.rhel3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 rhn-modssl-0:2.8.12-8.rhn.10.rhel3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 tomcat5-0:5.0.30-0jpp_10rh Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 jabberd-0:2.0s10-3.38.rhn Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 jfreechart-0:0.9.20-3.rhn Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 openmotif21-0:2.1.30-11.RHEL4.6 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 perl-Crypt-CBC-0:2.24-1.el4 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 rhn-apache-0:1.3.27-36.rhn.rhel4 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 rhn-modjk-0:1.2.23-2rhn.rhel4 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 rhn-modperl-0:1.29-16.rhel4 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 rhn-modssl-0:2.8.12-8.rhn.10.rhel4 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 tomcat5-0:5.0.30-0jpp_10rh Supplementary for Red Hat Enterprise Linux 5 2007-08-06T00:00:00 RHSA-2007:0817 java-1.4.2-ibm-0:1.4.2.9-1jpp.1.el5 Supplementary for Red Hat Enterprise Linux 5 2007-08-07T00:00:00 RHSA-2007:0829 java-1.5.0-ibm-1:1.5.0.5-1jpp.0.1.el5 https://www.cve.org/CVERecord?id=CVE-2007-2435 https://nvd.nist.gov/vuln/detail/CVE-2007-2435

The X render (Xrender) extension in X.org X Window System 7.0, 7.1, and 7.2, with Xserver 1.3.0 and earlier, allows remote authenticated users to cause a denial of service (daemon crash) via crafted values to the (1) XRenderCompositeTrapezoids and (2) XRenderAddTraps functions, which trigger a divide-by-zero error.

Red Hat does not consider a user assisted client crash such as this to be a security flaw. https://www.cve.org/CVERecord?id=CVE-2007-2437 https://nvd.nist.gov/vuln/detail/CVE-2007-2437 Moderate 2007-04-26T00:00:00 vim-7 modeline security issue

The sandbox for vim allows dangerous functions such as (1) writefile, (2) feedkeys, and (3) system, which might allow user-assisted attackers to execute shell commands and write files via modelines.

Red Hat Enterprise Linux 5 2007-05-09T00:00:00 RHSA-2007:0346 vim-2:7.0.109-3.el5.3 https://www.cve.org/CVERecord?id=CVE-2007-2438 https://nvd.nist.gov/vuln/detail/CVE-2007-2438 Important 2007-06-26T00:00:00 krb5 RPC library unitialized pointer free

The gssrpc__svcauth_gssapi function in the RPC library in MIT Kerberos 5 (krb5) 1.6.1 and earlier might allow remote attackers to execute arbitrary code via a zero-length RPC credential, which causes kadmind to free an uninitialized pointer during cleanup.

Red Hat Enterprise Linux 2.1 2007-06-26T00:00:00 RHSA-2007:0384 krb5-0:1.2.2-47 Red Hat Enterprise Linux 3 2007-06-26T00:00:00 RHSA-2007:0384 krb5-0:1.2.7-66 Red Hat Enterprise Linux 4 2007-06-26T00:00:00 RHSA-2007:0562 krb5-0:1.3.4-49 Red Hat Enterprise Linux 5 2007-06-26T00:00:00 RHSA-2007:0562 krb5-0:1.5-26 https://www.cve.org/CVERecord?id=CVE-2007-2442 https://nvd.nist.gov/vuln/detail/CVE-2007-2442 Important 2007-06-26T00:00:00 krb5 RPC library stack overflow

Integer signedness error in the gssrpc__svcauth_unix function in svc_auth_unix.c in the RPC library in MIT Kerberos 5 (krb5) 1.6.1 and earlier might allow remote attackers to execute arbitrary code via a negative length value.

Red Hat Enterprise Linux 2.1 2007-06-26T00:00:00 RHSA-2007:0384 krb5-0:1.2.2-47 Red Hat Enterprise Linux 3 2007-06-26T00:00:00 RHSA-2007:0384 krb5-0:1.2.7-66 Red Hat Enterprise Linux 4 2007-06-26T00:00:00 RHSA-2007:0562 krb5-0:1.3.4-49 Red Hat Enterprise Linux 5 2007-06-26T00:00:00 RHSA-2007:0562 krb5-0:1.5-26 https://www.cve.org/CVERecord?id=CVE-2007-2443 https://nvd.nist.gov/vuln/detail/CVE-2007-2443

Logic error in the SID/Name translation functionality in smbd in Samba 3.0.23d through 3.0.25pre2 allows local users to gain temporary privileges and execute SMB/CIFS protocol operations via unspecified vectors that cause the daemon to transition to the root user.

Not vulnerable. These issues did not affect the versions of Samba as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5. https://www.cve.org/CVERecord?id=CVE-2007-2444 https://nvd.nist.gov/vuln/detail/CVE-2007-2444 Moderate 2007-05-15T00:00:00 libpng png_handle_tRNS flaw

The png_handle_tRNS function in pngrutil.c in libpng before 1.0.25 and 1.2.x before 1.2.17 allows remote attackers to cause a denial of service (application crash) via a grayscale PNG image with a bad tRNS chunk CRC value.

Red Hat would like to thank Glenn Randers-Pehrson, Mats Palmgren, and Tavis Ormandy for reporting this issue. Red Hat Enterprise Linux 2.1 2007-05-17T00:00:00 RHSA-2007:0356 libpng-2:1.0.14-10 Red Hat Enterprise Linux 3 2007-05-17T00:00:00 RHSA-2007:0356 libpng-2:1.2.2-27 Red Hat Enterprise Linux 3 2007-05-17T00:00:00 RHSA-2007:0356 libpng10-0:1.0.13-17 Red Hat Enterprise Linux 4 2007-05-17T00:00:00 RHSA-2007:0356 libpng-2:1.2.7-3.el4 Red Hat Enterprise Linux 4 2007-05-17T00:00:00 RHSA-2007:0356 libpng10-0:1.0.16-3 Red Hat Enterprise Linux 5 2007-05-17T00:00:00 RHSA-2007:0356 libpng-2:1.2.10-7.0.2 https://www.cve.org/CVERecord?id=CVE-2007-2445 https://nvd.nist.gov/vuln/detail/CVE-2007-2445 Critical 2007-05-14T00:00:00 samba heap overflows

Multiple heap-based buffer overflows in the NDR parsing in smbd in Samba 3.0.0 through 3.0.25rc3 allow remote attackers to execute arbitrary code via crafted MS-RPC requests involving (1) DFSEnum (netdfs_io_dfs_EnumInfo_d), (2) RFNPCNEX (smb_io_notify_option_type_data), (3) LsarAddPrivilegesToAccount (lsa_io_privilege_set), (4) NetSetFileSecurity (sec_io_acl), or (5) LsarLookupSids/LsarLookupSids2 (lsa_io_trans_names).

Red Hat would like to thank Samba, TippingPoint, and iDefense for reporting this issue. Red Hat Enterprise Linux 2.1 2007-05-14T00:00:00 RHSA-2007:0354 samba-0:2.2.12-1.21as.6 Red Hat Enterprise Linux 3 2007-05-14T00:00:00 RHSA-2007:0354 samba-0:3.0.9-1.3E.13.2 Red Hat Enterprise Linux 4 2007-05-14T00:00:00 RHSA-2007:0354 samba-0:3.0.10-1.4E.12.2 Red Hat Enterprise Linux 5 2007-05-14T00:00:00 RHSA-2007:0354 samba-0:3.0.23c-2.el5.2.0.2 https://www.cve.org/CVERecord?id=CVE-2007-2446 https://nvd.nist.gov/vuln/detail/CVE-2007-2446 Important 2007-05-14T00:00:00 samba code injection

The MS-RPC functionality in smbd in Samba 3.0.0 through 3.0.25rc3 allows remote attackers to execute arbitrary commands via shell metacharacters involving the (1) SamrChangePassword function, when the "username map script" smb.conf option is enabled, and allows remote authenticated users to execute commands via shell metacharacters involving other MS-RPC functions in the (2) remote printer and (3) file share management.

Red Hat would like to thank Samba, TippingPoint, and iDefense for reporting this issue. Red Hat Enterprise Linux 2.1 2007-05-14T00:00:00 RHSA-2007:0354 samba-0:2.2.12-1.21as.6 Red Hat Enterprise Linux 3 2007-05-14T00:00:00 RHSA-2007:0354 samba-0:3.0.9-1.3E.13.2 Red Hat Enterprise Linux 4 2007-05-14T00:00:00 RHSA-2007:0354 samba-0:3.0.10-1.4E.12.2 Red Hat Enterprise Linux 5 2007-05-14T00:00:00 RHSA-2007:0354 samba-0:3.0.23c-2.el5.2.0.2 https://www.cve.org/CVERecord?id=CVE-2007-2447 https://nvd.nist.gov/vuln/detail/CVE-2007-2447 Low 2007-11-06T00:00:00 subversion: revision properties disclosure to user with partial access 1.5 AV:L/AC:M/Au:S/C:P/I:N/A:N

Subversion 1.4.3 and earlier does not properly implement the "partial access" privilege for users who have access to changed paths but not copied paths, which allows remote authenticated users to obtain sensitive information (revision properties) via svn (1) propget, (2) proplist, or (3) propedit.

The Red Hat Product Security has rated this issue as having low security impact, a future update may address this flaw. Red Hat Enterprise Linux 5 2011-01-13T00:00:00 RHEA-2011:0039 subversion-0:1.6.11-7.el5 Red Hat Enterprise Linux 4 Will not fix subversion https://www.cve.org/CVERecord?id=CVE-2007-2448 https://nvd.nist.gov/vuln/detail/CVE-2007-2448 Moderate 2007-06-13T00:00:00 tomcat examples jsp XSS CWE-79

Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via the portion of the URI after the ';' character, as demonstrated by a URI containing a "snp/snoop.jsp;" sequence.

Red Hat Enterprise Linux 5 2007-07-17T00:00:00 RHSA-2007:0569 tomcat5-0:5.5.23-0jpp.1.0.4.el5 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 jabberd-0:2.0s10-3.38.rhn Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 jfreechart-0:0.9.20-3.rhn Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 openmotif21-0:2.1.30-11.RHEL4.6 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 perl-Crypt-CBC-0:2.24-1.el4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 rhn-apache-0:1.3.27-36.rhn.rhel4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 rhn-modjk-0:1.2.23-2rhn.rhel4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 rhn-modperl-0:1.29-16.rhel4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 rhn-modssl-0:2.8.12-8.rhn.10.rhel4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 tomcat5-0:5.0.30-0jpp_10rh Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 jabberd-0:2.0s10-3.37.rhn Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 jfreechart-0:0.9.20-3.rhn Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 openmotif21-0:2.1.30-9.RHEL3.8 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 perl-Crypt-CBC-0:2.24-1.el3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 rhn-apache-0:1.3.27-36.rhn.rhel3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 rhn-modjk-0:1.2.23-2rhn.rhel3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 rhn-modperl-0:1.29-16.rhel3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 rhn-modssl-0:2.8.12-8.rhn.10.rhel3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 tomcat5-0:5.0.30-0jpp_10rh Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 jabberd-0:2.0s10-3.38.rhn Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 jfreechart-0:0.9.20-3.rhn Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 openmotif21-0:2.1.30-11.RHEL4.6 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 perl-Crypt-CBC-0:2.24-1.el4 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 rhn-apache-0:1.3.27-36.rhn.rhel4 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 rhn-modjk-0:1.2.23-2rhn.rhel4 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 rhn-modperl-0:1.29-16.rhel4 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 rhn-modssl-0:2.8.12-8.rhn.10.rhel4 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 tomcat5-0:5.0.30-0jpp_10rh Red Hat Network Satellite Server v 5.1 2008-08-13T00:00:00 RHSA-2008:0630 jfreechart-0:0.9.20-3.rhn Red Hat Network Satellite Server v 5.1 2008-08-13T00:00:00 RHSA-2008:0630 mod_perl-0:2.0.2-12.el4 Red Hat Network Satellite Server v 5.1 2008-08-13T00:00:00 RHSA-2008:0630 perl-Crypt-CBC-0:2.24-1.el4 Red Hat Network Satellite Server v 5.1 2008-08-13T00:00:00 RHSA-2008:0630 rhn-web-0:5.1.1-7 Red Hat Network Satellite Server v 5.1 2008-08-13T00:00:00 RHSA-2008:0630 tomcat5-0:5.0.30-0jpp_10rh RHAPS Version 2 for RHEL 4 2007-10-11T00:00:00 RHSA-2007:0876 tomcat5-0:5.5.23-0jpp_4rh.4 https://www.cve.org/CVERecord?id=CVE-2007-2449 https://nvd.nist.gov/vuln/detail/CVE-2007-2449 Low 2007-06-13T00:00:00 tomcat host manager XSS CWE-79

Multiple cross-site scripting (XSS) vulnerabilities in the (1) Manager and (2) Host Manager web applications in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote authenticated users to inject arbitrary web script or HTML via a parameter name to manager/html/upload, and other unspecified vectors.

Red Hat Enterprise Linux 5 2007-07-17T00:00:00 RHSA-2007:0569 tomcat5-0:5.5.23-0jpp.1.0.4.el5 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 jabberd-0:2.0s10-3.38.rhn Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 jfreechart-0:0.9.20-3.rhn Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 openmotif21-0:2.1.30-11.RHEL4.6 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 perl-Crypt-CBC-0:2.24-1.el4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 rhn-apache-0:1.3.27-36.rhn.rhel4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 rhn-modjk-0:1.2.23-2rhn.rhel4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 rhn-modperl-0:1.29-16.rhel4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 rhn-modssl-0:2.8.12-8.rhn.10.rhel4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 tomcat5-0:5.0.30-0jpp_10rh Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 jabberd-0:2.0s10-3.37.rhn Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 jfreechart-0:0.9.20-3.rhn Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 openmotif21-0:2.1.30-9.RHEL3.8 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 perl-Crypt-CBC-0:2.24-1.el3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 rhn-apache-0:1.3.27-36.rhn.rhel3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 rhn-modjk-0:1.2.23-2rhn.rhel3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 rhn-modperl-0:1.29-16.rhel3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 rhn-modssl-0:2.8.12-8.rhn.10.rhel3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 tomcat5-0:5.0.30-0jpp_10rh Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 jabberd-0:2.0s10-3.38.rhn Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 jfreechart-0:0.9.20-3.rhn Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 openmotif21-0:2.1.30-11.RHEL4.6 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 perl-Crypt-CBC-0:2.24-1.el4 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 rhn-apache-0:1.3.27-36.rhn.rhel4 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 rhn-modjk-0:1.2.23-2rhn.rhel4 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 rhn-modperl-0:1.29-16.rhel4 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 rhn-modssl-0:2.8.12-8.rhn.10.rhel4 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 tomcat5-0:5.0.30-0jpp_10rh RHAPS Version 2 for RHEL 4 2007-10-11T00:00:00 RHSA-2007:0876 tomcat5-0:5.5.23-0jpp_4rh.4 https://www.cve.org/CVERecord?id=CVE-2007-2450 https://nvd.nist.gov/vuln/detail/CVE-2007-2450

Heap-based buffer overflow in the visit_old_format function in locate/locate.c in locate in GNU findutils before 4.2.31 might allow context-dependent attackers to execute arbitrary code via a long pathname in a locate database that has the old format, a different vulnerability than CVE-2001-1036.

Not vulnerable. Red Hat did not ship GNU locate in Red Hat Enterprise Linux 2.1, 3, 4, or 5. This issue does not affect the mlocate or slocate packages that are supplied with Red Hat Enterprise Linux. https://www.cve.org/CVERecord?id=CVE-2007-2452 https://nvd.nist.gov/vuln/detail/CVE-2007-2452 Important 2007-05-30T00:00:00 /dev/random broken

The random number feature in Linux kernel 2.6 before 2.6.20.13, and 2.6.21.x before 2.6.21.4, (1) does not properly seed pools when there is no entropy, or (2) uses an incorrect cast when extracting entropy, which might cause the random number generator to provide the same values after reboots on systems without an entropy source.

This issue did not affect the versions of the the Linux kernel supplied with Red Hat Enterprise Linux 2.1, 3, or 4. For systems based on Red Hat Enterprise Linux 5, this is only an issue for systems without a real time clock, harddrive activity, or user input during boot time. Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=241718 The Red Hat Product Security has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: https://access.redhat.com/security/updates/classification/ Red Hat Enterprise Linux 5 2007-06-14T00:00:00 RHSA-2007:0376 kernel-0:2.6.18-8.1.6.el5 https://www.cve.org/CVERecord?id=CVE-2007-2453 https://nvd.nist.gov/vuln/detail/CVE-2007-2453 Low 2007-05-03T00:00:00 php CRLF injection

CRLF injection vulnerability in the ftp_putcmd function in PHP before 4.4.7, and 5.x before 5.2.2 allows remote attackers to inject arbitrary FTP commands via CRLF sequences in the parameters to earlier FTP commands.

Red Hat Enterprise Linux 2.1 2007-10-23T00:00:00 RHSA-2007:0888 php-0:4.1.2-2.19 Red Hat Enterprise Linux 3 2007-09-26T00:00:00 RHSA-2007:0889 php-0:4.3.2-43.ent Red Hat Enterprise Linux 4 2007-05-09T00:00:00 RHSA-2007:0349 php-0:4.3.9-3.22.5 Red Hat Enterprise Linux 5 2007-05-08T00:00:00 RHSA-2007:0348 php-0:5.1.6-12.el5 Red Hat Web Application Stack for RHEL 4 2007-05-10T00:00:00 RHSA-2007:0355 php-0:5.1.6-3.el4s1.7 https://www.cve.org/CVERecord?id=CVE-2007-2509 https://nvd.nist.gov/vuln/detail/CVE-2007-2509 Moderate 2007-05-03T00:00:00 php make_http_soap_request flaw

Buffer overflow in the make_http_soap_request function in PHP before 5.2.2 has unknown impact and remote attack vectors, possibly related to "/" (slash) characters.

This issue did not affect the versions of PHP as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or Red Hat Application Stack v2. Red Hat Enterprise Linux 5 2007-05-08T00:00:00 RHSA-2007:0348 php-0:5.1.6-12.el5 Red Hat Web Application Stack for RHEL 4 2007-05-10T00:00:00 RHSA-2007:0355 php-0:5.1.6-3.el4s1.7 https://www.cve.org/CVERecord?id=CVE-2007-2510 https://nvd.nist.gov/vuln/detail/CVE-2007-2510 2007-05-03T00:00:00 php user_filter_factory_create overflow

Buffer overflow in the user_filter_factory_create function in PHP before 5.2.2 has unknown impact and local attack vectors.

The PHP interpreter does not offer a reliable "sandboxed" security layer (as found in, say, a JVM) in which untrusted scripts can be run any script run by the PHP interpreter must be trusted with the privileges of the interpreter itself. This bug described in CVE-2007-2511 can only be triggered by a script author since no trust boundary is crossed, this issue is not treated as security-sensitive. https://www.cve.org/CVERecord?id=CVE-2007-2511 https://nvd.nist.gov/vuln/detail/CVE-2007-2511 php-pear install root constraint bypass

Directory traversal vulnerability in the installer in PEAR 1.0 through 1.5.3 allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in the (1) install-as attribute in the file element in package.xml 1.0 or the (2) as attribute in the install element in package.xml 2.0. NOTE: it could be argued that this does not cross privilege boundaries in typical installations, since the code being installed could perform the same actions.

Installation of a PEAR package from an untrusted source could allow malicious code to be installed and potentially executed by the root user. This is true regardless of the existence of this particular bug in the PEAR installer, so the bug would not be treated as security-sensitive. As when handling system RPM packages, the root user must always ensure that any packages installed are from a trusted source and have been packaged correctly. https://www.cve.org/CVERecord?id=CVE-2007-2519 https://nvd.nist.gov/vuln/detail/CVE-2007-2519 Important 2007-05-08T00:00:00 PPPoE socket PPPIOCGCHAN denial of service

Memory leak in the PPP over Ethernet (PPPoE) socket implementation in the Linux kernel before 2.6.21-git8 allows local users to cause a denial of service (memory consumption) by creating a socket using connect, and releasing it before the PPPIOCGCHAN ioctl is initialized.

Red Hat Enterprise Linux 4 2007-06-25T00:00:00 RHSA-2007:0488 kernel-0:2.6.9-55.0.2.EL Red Hat Enterprise Linux 5 2007-06-14T00:00:00 RHSA-2007:0376 kernel-0:2.6.18-8.1.6.el5 https://www.cve.org/CVERecord?id=CVE-2007-2525 https://nvd.nist.gov/vuln/detail/CVE-2007-2525 Low 2007-03-29T00:00:00 mysql: DoS via statement with crafted IF clause

The in_decimal::set function in item_cmpfunc.cc in MySQL before 5.0.40, and 5.1 before 5.1.18-beta, allows context-dependent attackers to cause a denial of service (crash) via a crafted IF clause that results in a divide-by-zero error and a NULL pointer dereference.

This issue did not affect mysql packages as shipped in Red Hat Enterprise Linux 2.1, 3, and 4. Red Hat Enterprise Linux 5 2008-05-20T00:00:00 RHSA-2008:0364 mysql-0:5.0.45-7.el5 https://www.cve.org/CVERecord?id=CVE-2007-2583 https://nvd.nist.gov/vuln/detail/CVE-2007-2583 Moderate 2007-05-09T00:00:00 CSRF through HTML message in squirrelmail CWE-352

Cross-site request forgery (CSRF) vulnerability in compose.php in SquirrelMail 1.4.0 through 1.4.9a allows remote attackers to send e-mails from arbitrary users via certain data in the SRC attribute of an IMG element.

Red Hat Enterprise Linux 3 2007-05-17T00:00:00 RHSA-2007:0358 squirrelmail-0:1.4.8-6.el3 Red Hat Enterprise Linux 4 2007-05-17T00:00:00 RHSA-2007:0358 squirrelmail-0:1.4.8-4.0.1.el4 Red Hat Enterprise Linux 5 2007-05-17T00:00:00 RHSA-2007:0358 squirrelmail-0:1.4.8-4.0.1.el5 https://www.cve.org/CVERecord?id=CVE-2007-2589 https://nvd.nist.gov/vuln/detail/CVE-2007-2589 2007-05-14T00:00:00 Interger overflow in libexif

Integer overflow in the exif_data_load_data_entry function in exif-data.c in libexif before 0.6.14 allows user-assisted remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted EXIF data, involving the (1) doff or (2) s variable.

Red Hat does not consider this flaw to have security consequences. For more details please see the following: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=240055 https://www.cve.org/CVERecord?id=CVE-2007-2645 https://nvd.nist.gov/vuln/detail/CVE-2007-2645 Low 2007-05-11T00:00:00 Buffer overflow in mutt's gecos structure handling

Buffer overflow in Mutt 1.4.2 might allow local users to execute arbitrary code via "&" characters in the GECOS field, which triggers the overflow during alias expansion.

Red Hat Enterprise Linux 3 2007-06-04T00:00:00 RHSA-2007:0386 mutt-5:1.4.1-5.el3 Red Hat Enterprise Linux 4 2007-06-04T00:00:00 RHSA-2007:0386 mutt-5:1.4.1-12.0.3.el4 Red Hat Enterprise Linux 5 2007-06-04T00:00:00 RHSA-2007:0386 mutt-5:1.4.2.2-3.0.2.el5 https://www.cve.org/CVERecord?id=CVE-2007-2683 https://nvd.nist.gov/vuln/detail/CVE-2007-2683 Low 2007-05-17T00:00:00 mysql DROP privilege not enforced when renaming tables

MySQL before 4.1.23, 5.0.x before 5.0.42, and 5.1.x before 5.1.18 does not require the DROP privilege for RENAME TABLE statements, which allows remote authenticated users to rename arbitrary tables.

Red Hat Enterprise Linux 4 2008-07-24T00:00:00 RHSA-2008:0768 mysql-0:4.1.22-2.el4 Red Hat Enterprise Linux 5 2008-05-20T00:00:00 RHSA-2008:0364 mysql-0:5.0.45-7.el5 Red Hat Web Application Stack for RHEL 4 2007-09-10T00:00:00 RHSA-2007:0894 mysql-0:5.0.44-1.el4s1.1 https://www.cve.org/CVERecord?id=CVE-2007-2691 https://nvd.nist.gov/vuln/detail/CVE-2007-2691 Low 2007-05-17T00:00:00 mysql SECURITY INVOKER functions do not drop privileges

The mysql_change_db function in MySQL 5.0.x before 5.0.40 and 5.1.x before 5.1.18 does not restore THD::db_access privileges when returning from SQL SECURITY INVOKER stored routines, which allows remote authenticated users to gain privileges.

This issue did not affect mysql packages as shipped in Red Hat Enterprise Linux 2.1, 3 and 4. Red Hat Enterprise Linux 5 2008-05-20T00:00:00 RHSA-2008:0364 mysql-0:5.0.45-7.el5 Red Hat Web Application Stack for RHEL 4 2007-09-10T00:00:00 RHSA-2007:0894 mysql-0:5.0.44-1.el4s1.1 https://www.cve.org/CVERecord?id=CVE-2007-2692 https://nvd.nist.gov/vuln/detail/CVE-2007-2692 Low 2007-05-17T00:00:00 An error message discloses sensitive information to user without SELECT privilege

MySQL before 5.1.18 allows remote authenticated users without SELECT privileges to obtain sensitive information from partitioned tables via an ALTER TABLE statement.

Not vulnerable. These issues did not affect the versions of mysql as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5. https://www.cve.org/CVERecord?id=CVE-2007-2693 https://nvd.nist.gov/vuln/detail/CVE-2007-2693 Moderate 2007-03-01T00:00:00 jasper: crash in jpc_qcx_getcompparms

The jpc_qcx_getcompparms function in jpc/jpc_cs.c for the JasPer JPEG-2000 library (libjasper) before 1.900 allows remote user-assisted attackers to cause a denial of service (crash) and possibly corrupt the heap via malformed image files, as originally demonstrated using imagemagick convert.

Not vulnerable. This issue did not affect versions of ghostscript as shipped with Red Hat Enterprise Linux 2.1, 3, 4 or 5 as they do not include a bundled JasPer library. Red Hat Enterprise Linux 4 2009-02-11T00:00:00 RHSA-2009:0012 netpbm-0:10.25-2.1.el4_7.4 Red Hat Enterprise Linux 5 2009-02-11T00:00:00 RHSA-2009:0012 netpbm-0:10.35-6.1.el5_3.1 https://www.cve.org/CVERecord?id=CVE-2007-2721 https://nvd.nist.gov/vuln/detail/CVE-2007-2721

The mcrypt_create_iv function in ext/mcrypt/mcrypt.c in PHP before 4.4.7, 5.2.1, and possibly 5.0.x and other PHP 5 versions, calls php_rand_r with an uninitialized seed variable and therefore always generates the same initialization vector (IV), which might allow context-dependent attackers to decrypt certain data more easily because of the guessable encryption keys.

Not vulnerable. This issue did not affect the versions of php as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5, or Red Hat Application Stack 1, or 2, as the packages shipped are not compiled with the mcrypt extension affected by this issue. https://www.cve.org/CVERecord?id=CVE-2007-2727 https://nvd.nist.gov/vuln/detail/CVE-2007-2727

Stack-based buffer overflow in Little CMS (lcms) before 1.15 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted ICC profile in a JPG file.

Not vulnerable. This issue did not affect the versions of lcms as shipped with Red Hat Enterprise Linux 5. https://www.cve.org/CVERecord?id=CVE-2007-2741 https://nvd.nist.gov/vuln/detail/CVE-2007-2741

The substr_count function in PHP 5.2.1 and earlier allows context-dependent attackers to obtain sensitive information via unspecified vectors, a different affected function than CVE-2007-1375.

We do not consider this flaw to be a security issue as it is only exploitable by the script author. No trust boundary is crossed. This flaw exists in versions of PHP as shipped in Red Hat Enterprise Linux 5 and Red Hat Application Stack 1. These issue did not affect the versions of PHP as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or Red Hat Application Stack 2. https://www.cve.org/CVERecord?id=CVE-2007-2748 https://nvd.nist.gov/vuln/detail/CVE-2007-2748 Moderate 2007-04-27T00:00:00 freetype integer overflow CWE-190

Integer signedness error in truetype/ttgload.c in Freetype 2.3.4 and earlier might allow remote attackers to execute arbitrary code via a crafted TTF image with a negative n_points value, which leads to an integer overflow and heap-based buffer overflow.

Red Hat Enterprise Linux 2.1 2007-06-11T00:00:00 RHSA-2007:0403 freetype-0:2.0.3-10.el21 Red Hat Enterprise Linux 2.1 2009-05-22T00:00:00 RHSA-2009:1062 freetype-0:2.0.3-17.el21 Red Hat Enterprise Linux 3 2007-06-11T00:00:00 RHSA-2007:0403 freetype-0:2.1.4-7.el3 Red Hat Enterprise Linux 3 2009-05-22T00:00:00 RHSA-2009:0329 freetype-0:2.1.4-12.el3 Red Hat Enterprise Linux 4 2007-06-11T00:00:00 RHSA-2007:0403 freetype-0:2.1.9-6.el4 Red Hat Enterprise Linux 4 2009-05-22T00:00:00 RHSA-2009:0329 freetype-0:2.1.9-10.el4.7 Red Hat Enterprise Linux 5 2007-06-11T00:00:00 RHSA-2007:0403 freetype-0:2.2.1-19.el5 https://www.cve.org/CVERecord?id=CVE-2007-2754 https://nvd.nist.gov/vuln/detail/CVE-2007-2754 Low 2007-05-16T00:00:00 gd / php-gd ImageCreateFromPng infinite loop caused by truncated PNG CWE-835

The gdPngReadData function in libgd 2.0.34 allows user-assisted attackers to cause a denial of service (CPU consumption) via a crafted PNG image with truncated data, which causes an infinite loop in the png_read_info function in libpng.

Red Hat Product Security has rated this issue as having Low security impact. This issue is not currently planned to be addressed in future updates for libwmf in Red Hat Enterprise Linux 5 and 6. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/. Red Hat Enterprise Linux 3 2007-09-26T00:00:00 RHSA-2007:0889 php-0:4.3.2-43.ent Red Hat Enterprise Linux 4 2007-09-20T00:00:00 RHSA-2007:0890 php-0:4.3.9-3.22.9 Red Hat Enterprise Linux 4 2008-02-28T00:00:00 RHSA-2008:0146 gd-0:2.0.28-5.4E.el4_6.1 Red Hat Enterprise Linux 5 2007-09-20T00:00:00 RHSA-2007:0890 php-0:5.1.6-15.el5 Red Hat Enterprise Linux 5 2008-02-28T00:00:00 RHSA-2008:0146 gd-0:2.0.33-9.4.el5_1.1 Red Hat Web Application Stack for RHEL 4 2007-10-25T00:00:00 RHSA-2007:0891 php-0:5.1.6-3.el4s1.8 Red Hat Enterprise Linux 4 Will not fix libwmf Red Hat Enterprise Linux 5 Will not fix libwmf Red Hat Enterprise Linux 6 Will not fix libwmf https://www.cve.org/CVERecord?id=CVE-2007-2756 https://nvd.nist.gov/vuln/detail/CVE-2007-2756 Moderate 2019-08-14T00:00:00 kernel: denial of service via unspecified vectors 5.1 CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CWE-400

The embedded Linux kernel in certain Sun-Brocade SilkWorm switches before 20070516 does not properly handle a situation in which a non-root user creates a kernel process, which allows attackers to cause a denial of service (oops and device reboot) via unspecified vectors.

Red Hat Enterprise Linux 5 Out of support scope kernel Red Hat Enterprise Linux 6 Out of support scope kernel Red Hat Enterprise Linux 7 Not affected kernel Red Hat Enterprise Linux 7 Not affected kernel-alt Red Hat Enterprise Linux 7 Not affected kernel-rt Red Hat Enterprise Linux 8 Not affected kernel Red Hat Enterprise Linux 8 Not affected kernel-rt Red Hat Enterprise MRG 2 Not affected kernel-rt https://www.cve.org/CVERecord?id=CVE-2007-2764 https://nvd.nist.gov/vuln/detail/CVE-2007-2764

OpenSSH, when using OPIE (One-Time Passwords in Everything) for PAM, allows remote attackers to determine the existence of certain user accounts, which displays a different response if the user account exists and is configured to use one-time passwords (OTP), a similar issue to CVE-2007-2243.

Not vulnerable. OPIE for PAM is not shipped with Red Hat Enterprise Linux 2.1, 3, 4, 5, 6, or 7. https://www.cve.org/CVERecord?id=CVE-2007-2768 https://nvd.nist.gov/vuln/detail/CVE-2007-2768 Critical 2007-05-21T00:00:00 Integer overflow in the embedded ICC profile image parser in Sun Java Development Kit CWE-190

Integer overflow in the embedded ICC profile image parser in Sun Java Development Kit (JDK) before 1.5.0_11-b03 and 1.6.x before 1.6.0_01-b06, and Sun Java Runtime Environment in JDK and JRE 6, JDK and JRE 5.0 Update 10 and earlier, SDK and JRE 1.4.2_14 and earlier, and SDK and JRE 1.3.1_20 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service (JVM crash) via a crafted JPEG or BMP file that triggers a buffer overflow.

Extras for RHEL 3 2007-08-06T00:00:00 RHSA-2007:0817 java-1.4.2-ibm-0:1.4.2.9-1jpp.1.el3 Extras for RHEL 3 2008-03-11T00:00:00 RHSA-2008:0100 java-1.4.2-bea-0:1.4.2.16-1jpp.1.el3 Extras for RHEL 4 2007-08-06T00:00:00 RHSA-2007:0817 java-1.4.2-ibm-0:1.4.2.9-1jpp.1.el4 Extras for RHEL 4 2007-08-07T00:00:00 RHSA-2007:0829 java-1.5.0-ibm-1:1.5.0.5-1jpp.2.el4 Extras for RHEL 4 2007-12-12T00:00:00 RHSA-2007:1086 java-1.4.2-bea-0:1.4.2.15-1jpp.2.el4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 jabberd-0:2.0s10-3.38.rhn Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 jfreechart-0:0.9.20-3.rhn Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 openmotif21-0:2.1.30-11.RHEL4.6 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 perl-Crypt-CBC-0:2.24-1.el4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 rhn-apache-0:1.3.27-36.rhn.rhel4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 rhn-modjk-0:1.2.23-2rhn.rhel4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 rhn-modperl-0:1.29-16.rhel4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 rhn-modssl-0:2.8.12-8.rhn.10.rhel4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 tomcat5-0:5.0.30-0jpp_10rh Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 jabberd-0:2.0s10-3.37.rhn Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 jfreechart-0:0.9.20-3.rhn Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 openmotif21-0:2.1.30-9.RHEL3.8 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 perl-Crypt-CBC-0:2.24-1.el3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 rhn-apache-0:1.3.27-36.rhn.rhel3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 rhn-modjk-0:1.2.23-2rhn.rhel3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 rhn-modperl-0:1.29-16.rhel3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 rhn-modssl-0:2.8.12-8.rhn.10.rhel3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 tomcat5-0:5.0.30-0jpp_10rh Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 jabberd-0:2.0s10-3.38.rhn Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 jfreechart-0:0.9.20-3.rhn Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 openmotif21-0:2.1.30-11.RHEL4.6 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 perl-Crypt-CBC-0:2.24-1.el4 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 rhn-apache-0:1.3.27-36.rhn.rhel4 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 rhn-modjk-0:1.2.23-2rhn.rhel4 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 rhn-modperl-0:1.29-16.rhel4 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 rhn-modssl-0:2.8.12-8.rhn.10.rhel4 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 tomcat5-0:5.0.30-0jpp_10rh Supplementary for Red Hat Enterprise Linux 5 2007-08-06T00:00:00 RHSA-2007:0817 java-1.4.2-ibm-0:1.4.2.9-1jpp.1.el5 Supplementary for Red Hat Enterprise Linux 5 2007-08-07T00:00:00 RHSA-2007:0829 java-1.5.0-ibm-1:1.5.0.5-1jpp.0.1.el5 Supplementary for Red Hat Enterprise Linux 5 2007-10-16T00:00:00 RHSA-2007:0956 java-1.5.0-bea-0:1.5.0.11-1jpp.1.el5 Supplementary for Red Hat Enterprise Linux 5 2008-03-11T00:00:00 RHSA-2008:0100 java-1.4.2-bea-0:1.4.2.16-1jpp.1.el5 https://www.cve.org/CVERecord?id=CVE-2007-2788 https://nvd.nist.gov/vuln/detail/CVE-2007-2788 Critical 2007-05-21T00:00:00 BMP image parser vulnerability

The BMP image parser in Sun Java Development Kit (JDK) before 1.5.0_11-b03 and 1.6.x before 1.6.0_01-b06, and Sun Java Runtime Environment in JDK and JRE 6, JDK and JRE 5.0 Update 10 and earlier, SDK and JRE 1.4.2_14 and earlier, and SDK and JRE 1.3.1_19 and earlier, when running on Unix/Linux systems, allows remote attackers to cause a denial of service (JVM hang) via untrusted applets or applications that open arbitrary local files via a crafted BMP file, such as /dev/tty.

Extras for RHEL 3 2007-08-06T00:00:00 RHSA-2007:0817 java-1.4.2-ibm-0:1.4.2.9-1jpp.1.el3 Extras for RHEL 3 2008-03-11T00:00:00 RHSA-2008:0100 java-1.4.2-bea-0:1.4.2.16-1jpp.1.el3 Extras for RHEL 4 2007-08-06T00:00:00 RHSA-2007:0817 java-1.4.2-ibm-0:1.4.2.9-1jpp.1.el4 Extras for RHEL 4 2007-08-07T00:00:00 RHSA-2007:0829 java-1.5.0-ibm-1:1.5.0.5-1jpp.2.el4 Extras for RHEL 4 2007-12-12T00:00:00 RHSA-2007:1086 java-1.4.2-bea-0:1.4.2.15-1jpp.2.el4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 jabberd-0:2.0s10-3.38.rhn Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 jfreechart-0:0.9.20-3.rhn Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 openmotif21-0:2.1.30-11.RHEL4.6 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 perl-Crypt-CBC-0:2.24-1.el4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 rhn-apache-0:1.3.27-36.rhn.rhel4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 rhn-modjk-0:1.2.23-2rhn.rhel4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 rhn-modperl-0:1.29-16.rhel4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 rhn-modssl-0:2.8.12-8.rhn.10.rhel4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 tomcat5-0:5.0.30-0jpp_10rh Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 jabberd-0:2.0s10-3.37.rhn Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 jfreechart-0:0.9.20-3.rhn Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 openmotif21-0:2.1.30-9.RHEL3.8 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 perl-Crypt-CBC-0:2.24-1.el3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 rhn-apache-0:1.3.27-36.rhn.rhel3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 rhn-modjk-0:1.2.23-2rhn.rhel3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 rhn-modperl-0:1.29-16.rhel3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 rhn-modssl-0:2.8.12-8.rhn.10.rhel3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 tomcat5-0:5.0.30-0jpp_10rh Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 jabberd-0:2.0s10-3.38.rhn Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 jfreechart-0:0.9.20-3.rhn Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 openmotif21-0:2.1.30-11.RHEL4.6 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 perl-Crypt-CBC-0:2.24-1.el4 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 rhn-apache-0:1.3.27-36.rhn.rhel4 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 rhn-modjk-0:1.2.23-2rhn.rhel4 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 rhn-modperl-0:1.29-16.rhel4 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 rhn-modssl-0:2.8.12-8.rhn.10.rhel4 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 tomcat5-0:5.0.30-0jpp_10rh Supplementary for Red Hat Enterprise Linux 5 2007-08-06T00:00:00 RHSA-2007:0817 java-1.4.2-ibm-0:1.4.2.9-1jpp.1.el5 Supplementary for Red Hat Enterprise Linux 5 2007-08-07T00:00:00 RHSA-2007:0829 java-1.5.0-ibm-1:1.5.0.5-1jpp.0.1.el5 Supplementary for Red Hat Enterprise Linux 5 2007-10-16T00:00:00 RHSA-2007:0956 java-1.5.0-bea-0:1.5.0.11-1jpp.1.el5 Supplementary for Red Hat Enterprise Linux 5 2008-03-11T00:00:00 RHSA-2008:0100 java-1.4.2-bea-0:1.4.2.16-1jpp.1.el5 https://www.cve.org/CVERecord?id=CVE-2007-2789 https://nvd.nist.gov/vuln/detail/CVE-2007-2789 Low 2006-12-19T00:00:00 (mesg: error: tty device is not owned by group `tty')

xterm, including 192-7.el4 in Red Hat Enterprise Linux and 208-3.1 in Debian GNU/Linux, sets the wrong group ownership of tty devices, which allows local users to write data to other users' terminals.

Red Hat Enterprise Linux 4 2007-11-15T00:00:00 RHSA-2007:0701 xterm-0:192-8.el4 https://www.cve.org/CVERecord?id=CVE-2007-2797 https://nvd.nist.gov/vuln/detail/CVE-2007-2797 Important 2007-06-26T00:00:00 krb5 kadmind buffer overflow

Stack-based buffer overflow in the rename_principal_2_svc function in kadmind for MIT Kerberos 1.5.3, 1.6.1, and other versions allows remote authenticated users to execute arbitrary code via a crafted request to rename a principal.

Red Hat Enterprise Linux 2.1 2007-06-26T00:00:00 RHSA-2007:0384 krb5-0:1.2.2-47 Red Hat Enterprise Linux 3 2007-06-26T00:00:00 RHSA-2007:0384 krb5-0:1.2.7-66 Red Hat Enterprise Linux 4 2007-06-26T00:00:00 RHSA-2007:0562 krb5-0:1.3.4-49 Red Hat Enterprise Linux 5 2007-06-26T00:00:00 RHSA-2007:0562 krb5-0:1.5-26 https://www.cve.org/CVERecord?id=CVE-2007-2798 https://nvd.nist.gov/vuln/detail/CVE-2007-2798 Moderate 2007-05-23T00:00:00 file integer overflow CWE-190

Integer overflow in the "file" program 4.20, when running on 32-bit systems, as used in products including The Sleuth Kit, might allow user-assisted attackers to execute arbitrary code via a large file that triggers an overflow that bypasses an assert() statement. NOTE: this issue is due to an incorrect patch for CVE-2007-1536.

Red Hat Enterprise Linux 4 2007-05-30T00:00:00 RHSA-2007:0391 file-0:4.10-3.0.2.el4 Red Hat Enterprise Linux 5 2007-05-30T00:00:00 RHSA-2007:0391 file-0:4.17-9.0.1.el5 https://www.cve.org/CVERecord?id=CVE-2007-2799 https://nvd.nist.gov/vuln/detail/CVE-2007-2799

Emacs 21 allows user-assisted attackers to cause a denial of service (crash) via certain crafted images, as demonstrated via a GIF image in vm mode, related to image size calculation.

Red Hat does not consider a user-assisted crash of a user application such as Emacs to be a security issue. https://www.cve.org/CVERecord?id=CVE-2007-2833 https://nvd.nist.gov/vuln/detail/CVE-2007-2833 Important 2007-09-17T00:00:00 openoffice.org TIFF parsing heap overflow

Integer overflow in the TIFF parser in OpenOffice.org (OOo) before 2.3; and Sun StarOffice 6, 7, and 8 Office Suite (StarSuite); allows remote attackers to execute arbitrary code via a TIFF file with crafted values of unspecified length fields, which triggers allocation of an incorrect amount of memory, resulting in a heap-based buffer overflow.

Red Hat Enterprise Linux 3 2007-09-18T00:00:00 RHSA-2007:0848 openoffice.org-0:1.1.2-40.2.0.EL3 Red Hat Enterprise Linux 4 2007-09-18T00:00:00 RHSA-2007:0848 openoffice.org-0:1.1.5-10.6.0.2.EL4 Red Hat Enterprise Linux 4 2007-09-18T00:00:00 RHSA-2007:0848 openoffice.org2-1:2.0.4-5.7.0.2.0 Red Hat Enterprise Linux 5 2007-09-18T00:00:00 RHSA-2007:0848 openoffice.org-1:2.0.4-5.4.17.3 https://www.cve.org/CVERecord?id=CVE-2007-2834 https://nvd.nist.gov/vuln/detail/CVE-2007-2834 php crypt function not re-entrant

PHP 4.x and 5.x before 5.2.1, when running on multi-threaded systems, does not ensure thread safety for libc crypt function calls using protection schemes such as a mutex, which creates race conditions that allow remote attackers to overwrite internal program memory and gain system access.

Not vulnerable. PHP is not built or supported in a multi-threaded environment in the packages distributed in Red Hat Enterprise Linux or Application Stack. https://www.cve.org/CVERecord?id=CVE-2007-2844 https://nvd.nist.gov/vuln/detail/CVE-2007-2844 Low 2007-05-31T00:00:00 Multiple Firefox flaws (CVE-2007-1562, CVE-2007-2867, CVE-2007-2868, CVE-2007-2869, CVE-2007-2870, CVE-2007-2871)

Multiple vulnerabilities in the layout engine for Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, Thunderbird 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2 allow remote attackers to cause a denial of service (crash) via vectors related to dangling pointers, heap corruption, signed/unsigned, and other issues.

Red Hat Enterprise Linux 2.1 2007-05-31T00:00:00 RHSA-2007:0402 seamonkey-0:1.0.9-0.1.el2 Red Hat Enterprise Linux 3 2007-05-31T00:00:00 RHSA-2007:0402 seamonkey-0:1.0.9-0.1.el3 Red Hat Enterprise Linux 4 2007-05-31T00:00:00 RHSA-2007:0400 firefox-0:1.5.0.12-0.1.el4 Red Hat Enterprise Linux 4 2007-05-31T00:00:00 RHSA-2007:0401 thunderbird-0:1.5.0.12-0.1.el4 Red Hat Enterprise Linux 4 2007-05-31T00:00:00 RHSA-2007:0402 devhelp-0:0.10-0.8.el4 Red Hat Enterprise Linux 4 2007-05-31T00:00:00 RHSA-2007:0402 seamonkey-0:1.0.9-2.el4 Red Hat Enterprise Linux 5 2007-05-31T00:00:00 RHSA-2007:0400 devhelp-0:0.12-11.el5 Red Hat Enterprise Linux 5 2007-05-31T00:00:00 RHSA-2007:0400 firefox-0:1.5.0.12-1.el5 Red Hat Enterprise Linux 5 2007-05-31T00:00:00 RHSA-2007:0400 yelp-0:2.16.0-15.el5 Red Hat Enterprise Linux 5 2007-05-31T00:00:00 RHSA-2007:0401 thunderbird-0:1.5.0.12-1.el5 https://www.cve.org/CVERecord?id=CVE-2007-2867 https://nvd.nist.gov/vuln/detail/CVE-2007-2867 Critical 2007-05-31T00:10:00 security flaw

Multiple vulnerabilities in the JavaScript engine for Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, Thunderbird 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors that trigger memory corruption.

Red Hat Enterprise Linux 2.1 2007-05-31T00:00:00 RHSA-2007:0402 seamonkey-0:1.0.9-0.1.el2 Red Hat Enterprise Linux 3 2007-05-31T00:00:00 RHSA-2007:0402 seamonkey-0:1.0.9-0.1.el3 Red Hat Enterprise Linux 4 2007-05-31T00:00:00 RHSA-2007:0400 firefox-0:1.5.0.12-0.1.el4 Red Hat Enterprise Linux 4 2007-05-31T00:00:00 RHSA-2007:0401 thunderbird-0:1.5.0.12-0.1.el4 Red Hat Enterprise Linux 4 2007-05-31T00:00:00 RHSA-2007:0402 devhelp-0:0.10-0.8.el4 Red Hat Enterprise Linux 4 2007-05-31T00:00:00 RHSA-2007:0402 seamonkey-0:1.0.9-2.el4 Red Hat Enterprise Linux 5 2007-05-31T00:00:00 RHSA-2007:0400 devhelp-0:0.12-11.el5 Red Hat Enterprise Linux 5 2007-05-31T00:00:00 RHSA-2007:0400 firefox-0:1.5.0.12-1.el5 Red Hat Enterprise Linux 5 2007-05-31T00:00:00 RHSA-2007:0400 yelp-0:2.16.0-15.el5 Red Hat Enterprise Linux 5 2007-05-31T00:00:00 RHSA-2007:0401 thunderbird-0:1.5.0.12-1.el5 https://www.cve.org/CVERecord?id=CVE-2007-2868 https://nvd.nist.gov/vuln/detail/CVE-2007-2868 Low 2007-05-31T00:00:00 Multiple Firefox flaws (CVE-2007-1562, CVE-2007-2867, CVE-2007-2868, CVE-2007-2869, CVE-2007-2870, CVE-2007-2871)

The form autocomplete feature in Mozilla Firefox 1.5.x before 1.5.0.12, 2.x before 2.0.0.4, and possibly earlier versions, allows remote attackers to cause a denial of service (persistent temporary CPU consumption) via a large number of characters in a submitted form.

Red Hat Enterprise Linux 2.1 2007-05-31T00:00:00 RHSA-2007:0402 seamonkey-0:1.0.9-0.1.el2 Red Hat Enterprise Linux 3 2007-05-31T00:00:00 RHSA-2007:0402 seamonkey-0:1.0.9-0.1.el3 Red Hat Enterprise Linux 4 2007-05-31T00:00:00 RHSA-2007:0400 firefox-0:1.5.0.12-0.1.el4 Red Hat Enterprise Linux 4 2007-05-31T00:00:00 RHSA-2007:0401 thunderbird-0:1.5.0.12-0.1.el4 Red Hat Enterprise Linux 4 2007-05-31T00:00:00 RHSA-2007:0402 devhelp-0:0.10-0.8.el4 Red Hat Enterprise Linux 4 2007-05-31T00:00:00 RHSA-2007:0402 seamonkey-0:1.0.9-2.el4 Red Hat Enterprise Linux 5 2007-05-31T00:00:00 RHSA-2007:0400 devhelp-0:0.12-11.el5 Red Hat Enterprise Linux 5 2007-05-31T00:00:00 RHSA-2007:0400 firefox-0:1.5.0.12-1.el5 Red Hat Enterprise Linux 5 2007-05-31T00:00:00 RHSA-2007:0400 yelp-0:2.16.0-15.el5 Red Hat Enterprise Linux 5 2007-05-31T00:00:00 RHSA-2007:0401 thunderbird-0:1.5.0.12-1.el5 https://www.cve.org/CVERecord?id=CVE-2007-2869 https://nvd.nist.gov/vuln/detail/CVE-2007-2869 Important 2007-05-31T00:00:00 security flaw

Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2, allows remote attackers to bypass the same-origin policy and conduct cross-site scripting (XSS) and other attacks by using the addEventListener method to add an event listener for a site, which is executed in the context of that site.

Red Hat Enterprise Linux 2.1 2007-05-31T00:00:00 RHSA-2007:0402 seamonkey-0:1.0.9-0.1.el2 Red Hat Enterprise Linux 3 2007-05-31T00:00:00 RHSA-2007:0402 seamonkey-0:1.0.9-0.1.el3 Red Hat Enterprise Linux 4 2007-05-31T00:00:00 RHSA-2007:0400 firefox-0:1.5.0.12-0.1.el4 Red Hat Enterprise Linux 4 2007-05-31T00:00:00 RHSA-2007:0402 devhelp-0:0.10-0.8.el4 Red Hat Enterprise Linux 4 2007-05-31T00:00:00 RHSA-2007:0402 seamonkey-0:1.0.9-2.el4 Red Hat Enterprise Linux 5 2007-05-31T00:00:00 RHSA-2007:0400 devhelp-0:0.12-11.el5 Red Hat Enterprise Linux 5 2007-05-31T00:00:00 RHSA-2007:0400 firefox-0:1.5.0.12-1.el5 Red Hat Enterprise Linux 5 2007-05-31T00:00:00 RHSA-2007:0400 yelp-0:2.16.0-15.el5 https://www.cve.org/CVERecord?id=CVE-2007-2870 https://nvd.nist.gov/vuln/detail/CVE-2007-2870 Low 2007-05-31T00:00:00 Multiple Firefox flaws (CVE-2007-1562, CVE-2007-2867, CVE-2007-2868, CVE-2007-2869, CVE-2007-2870, CVE-2007-2871)

Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2, allows remote attackers to spoof or hide the browser chrome, such as the location bar, by placing XUL popups outside of the browser's content pane. NOTE: this issue can be leveraged for phishing and other attacks.

Red Hat Enterprise Linux 2.1 2007-05-31T00:00:00 RHSA-2007:0402 seamonkey-0:1.0.9-0.1.el2 Red Hat Enterprise Linux 3 2007-05-31T00:00:00 RHSA-2007:0402 seamonkey-0:1.0.9-0.1.el3 Red Hat Enterprise Linux 4 2007-05-31T00:00:00 RHSA-2007:0400 firefox-0:1.5.0.12-0.1.el4 Red Hat Enterprise Linux 4 2007-05-31T00:00:00 RHSA-2007:0401 thunderbird-0:1.5.0.12-0.1.el4 Red Hat Enterprise Linux 4 2007-05-31T00:00:00 RHSA-2007:0402 devhelp-0:0.10-0.8.el4 Red Hat Enterprise Linux 4 2007-05-31T00:00:00 RHSA-2007:0402 seamonkey-0:1.0.9-2.el4 Red Hat Enterprise Linux 5 2007-05-31T00:00:00 RHSA-2007:0400 devhelp-0:0.12-11.el5 Red Hat Enterprise Linux 5 2007-05-31T00:00:00 RHSA-2007:0400 firefox-0:1.5.0.12-1.el5 Red Hat Enterprise Linux 5 2007-05-31T00:00:00 RHSA-2007:0400 yelp-0:2.16.0-15.el5 Red Hat Enterprise Linux 5 2007-05-31T00:00:00 RHSA-2007:0401 thunderbird-0:1.5.0.12-1.el5 https://www.cve.org/CVERecord?id=CVE-2007-2871 https://nvd.nist.gov/vuln/detail/CVE-2007-2871 Moderate 2007-06-01T00:00:00 php chunk_split integer overflow CWE-190

Multiple integer overflows in the chunk_split function in PHP 5 before 5.2.3 and PHP 4 before 4.4.8 allow remote attackers to cause a denial of service (crash) or execute arbitrary code via the (1) chunks, (2) srclen, and (3) chunklen arguments.

The Red Hat Product Security has rated this issue as having moderate security impact, a future update may address this flaw. Red Hat Enterprise Linux 2.1 2007-10-23T00:00:00 RHSA-2007:0888 php-0:4.1.2-2.19 Red Hat Enterprise Linux 3 2007-09-26T00:00:00 RHSA-2007:0889 php-0:4.3.2-43.ent Red Hat Enterprise Linux 4 2007-09-20T00:00:00 RHSA-2007:0890 php-0:4.3.9-3.22.9 Red Hat Enterprise Linux 5 2007-09-20T00:00:00 RHSA-2007:0890 php-0:5.1.6-15.el5 Red Hat Web Application Stack for RHEL 4 2007-10-25T00:00:00 RHSA-2007:0891 php-0:5.1.6-3.el4s1.8 https://www.cve.org/CVERecord?id=CVE-2007-2872 https://nvd.nist.gov/vuln/detail/CVE-2007-2872 Low 2007-06-11T00:00:00 spamassassin symlink attack

SpamAssassin 3.1.x, 3.2.0, and 3.2.1 before 20070611, when running as root in unusual configurations using vpopmail or virtual users, allows local users to cause a denial of service (corrupt arbitrary files) via a symlink attack on a file that is used by spamd.

Red Hat Enterprise Linux 4 2007-06-13T00:00:00 RHSA-2007:0492 spamassassin-0:3.1.9-1.el4 Red Hat Enterprise Linux 5 2007-06-13T00:00:00 RHSA-2007:0492 spamassassin-0:3.1.9-1.el5 https://www.cve.org/CVERecord?id=CVE-2007-2873 https://nvd.nist.gov/vuln/detail/CVE-2007-2873 Moderate 2007-06-07T00:00:00 cpuset information leak

Integer underflow in the cpuset_tasks_read function in the Linux kernel before 2.6.20.13, and 2.6.21.x before 2.6.21.4, when the cpuset filesystem is mounted, allows local users to obtain kernel memory contents by using a large offset when reading the /dev/cpuset/tasks file.

Red Hat Enterprise Linux 5 2007-09-13T00:00:00 RHSA-2007:0705 kernel-0:2.6.18-8.1.10.el5 https://www.cve.org/CVERecord?id=CVE-2007-2875 https://nvd.nist.gov/vuln/detail/CVE-2007-2875 Important 2007-06-07T00:00:00 nf}_conntrack_sctp: remotely triggerable NULL ptr dereference

The sctp_new function in (1) ip_conntrack_proto_sctp.c and (2) nf_conntrack_proto_sctp.c in Netfilter in Linux kernel 2.6 before 2.6.20.13, and 2.6.21.x before 2.6.21.4, allows remote attackers to cause a denial of service by causing certain invalid states that trigger a NULL pointer dereference.

Red Hat Enterprise Linux 4 2007-06-25T00:00:00 RHSA-2007:0488 kernel-0:2.6.9-55.0.2.EL Red Hat Enterprise Linux 5 2007-09-13T00:00:00 RHSA-2007:0705 kernel-0:2.6.18-8.1.10.el5 https://www.cve.org/CVERecord?id=CVE-2007-2876 https://nvd.nist.gov/vuln/detail/CVE-2007-2876 Important 2007-05-08T00:00:00 VFAT compat ioctls DoS on 64-bit

The VFAT compat ioctls in the Linux kernel before 2.6.21.2, when run on a 64-bit system, allow local users to corrupt a kernel_dirent struct and cause a denial of service (system crash) via unknown vectors.

This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 2.1 or 3. Red Hat Enterprise Linux 4 2007-11-01T00:00:00 RHSA-2007:0939 kernel-0:2.6.9-55.0.12.EL Red Hat Enterprise Linux 5 2007-09-13T00:00:00 RHSA-2007:0705 kernel-0:2.6.18-8.1.10.el5 https://www.cve.org/CVERecord?id=CVE-2007-2878 https://nvd.nist.gov/vuln/detail/CVE-2007-2878 Moderate 2007-04-20T00:00:00 xen NE2000 RX Frame Heap Overflow

Heap-based buffer overflow in the bx_ne2k_c::rx_frame function in iodev/ne2k.cc in the emulated NE2000 device in Bochs 2.3 allows local users of the guest operating system to write to arbitrary memory locations and gain privileges on the host operating system via vectors that cause TXCNT register values to exceed the device memory size, aka "RX Frame heap overflow."

Not vulnerable. This issue did not affect Xen as shipped with Red Hat Enterprise Linux 5. https://www.cve.org/CVERecord?id=CVE-2007-2893 https://nvd.nist.gov/vuln/detail/CVE-2007-2893 Moderate 2007-07-23T00:00:00 bind allow-query-cache/allow-recursion default ACL issue

The default access control lists (ACL) in ISC BIND 9.4.0, 9.4.1, and 9.5.0a1 through 9.5.0a5 do not set the allow-recursion and allow-query-cache ACLs, which allows remote attackers to make recursive queries and query the cache.

Not vulnerable. This issu did not affect the versions of bind as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5. https://www.cve.org/CVERecord?id=CVE-2007-2925 https://nvd.nist.gov/vuln/detail/CVE-2007-2925 Moderate 2007-07-23T00:00:00 bind cryptographically weak query ids

ISC BIND 9 through 9.5.0a5 uses a weak random number generator during generation of DNS query ids when answering resolver questions or sending NOTIFY messages to slave name servers, which makes it easier for remote attackers to guess the next query id and perform DNS cache poisoning.

Red Hat would like to thank Amit Klein (Trusteer (www.trusteer.com)) for reporting this issue. Red Hat Enterprise Linux 2.1 2007-07-24T00:00:00 RHSA-2007:0740 bind-0:9.2.1-9.el2 Red Hat Enterprise Linux 3 2007-07-24T00:00:00 RHSA-2007:0740 bind-20:9.2.4-21.el3 Red Hat Enterprise Linux 4 2007-07-24T00:00:00 RHSA-2007:0740 bind-20:9.2.4-27.0.1.el4 Red Hat Enterprise Linux 5 2007-07-24T00:00:00 RHSA-2007:0740 bind-30:9.3.3-9.0.1.el5 https://www.cve.org/CVERecord?id=CVE-2007-2926 https://nvd.nist.gov/vuln/detail/CVE-2007-2926

The (1) NSID_SHUFFLE_ONLY and (2) NSID_USE_POOL PRNG algorithms in ISC BIND 8 before 8.4.7-P1 generate predictable DNS query identifiers when sending outgoing queries such as NOTIFY messages when answering questions as a resolver, which allows remote attackers to poison DNS caches via unknown vectors. NOTE: this issue is different from CVE-2007-2926.

Not vulnerable. This issue did not affect the versions of bind as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5. https://www.cve.org/CVERecord?id=CVE-2007-2930 https://nvd.nist.gov/vuln/detail/CVE-2007-2930 Moderate 2007-06-27T00:00:00 Gimp PSD integer overflow CWE-190

Integer overflow in the seek_to_and_unpack_pixeldata function in the psd.c plugin in Gimp 2.2.15 allows remote attackers to execute arbitrary code via a crafted PSD file that contains a large (1) width or (2) height value.

Red Hat Enterprise Linux 2.1 2007-09-26T00:00:00 RHSA-2007:0513 gimp-1:1.2.1-7.8.el2_1 Red Hat Enterprise Linux 3 2007-09-26T00:00:00 RHSA-2007:0513 gimp-1:1.2.3-20.9.el3 Red Hat Enterprise Linux 4 2007-09-26T00:00:00 RHSA-2007:0513 gimp-1:2.0.5-7.0.7.el4 Red Hat Enterprise Linux 5 2007-09-26T00:00:00 RHSA-2007:0513 gimp-2:2.2.13-2.0.7.el5 https://www.cve.org/CVERecord?id=CVE-2007-2949 https://nvd.nist.gov/vuln/detail/CVE-2007-2949 Low 2007-07-25T00:00:00 vim format string flaw

Format string vulnerability in the helptags_one function in src/ex_cmds.c in Vim 6.4 and earlier, and 7.x up to 7.1, allows user-assisted remote attackers to execute arbitrary code via format string specifiers in a help-tags tag in a help file, related to the helptags command.

Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=248542 The Red Hat Product Security has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: https://access.redhat.com/security/updates/classification/ Red Hat Enterprise Linux 3 2008-11-25T00:00:00 RHSA-2008:0617 vim-1:6.3.046-0.30E.11 Red Hat Enterprise Linux 4 2008-11-25T00:00:00 RHSA-2008:0617 vim-1:6.3.046-1.el4_7.5z Red Hat Enterprise Linux 5 2008-11-25T00:00:00 RHSA-2008:0580 vim-2:7.0.109-4.el5_2.4z https://www.cve.org/CVERecord?id=CVE-2007-2953 https://nvd.nist.gov/vuln/detail/CVE-2007-2953 Important 2007-08-23T00:00:00 CVE-2007-2958 claws-mail format string vulnerability

Format string vulnerability in the inc_put_error function in src/inc.c in Sylpheed 2.4.4, and Sylpheed-Claws (Claws Mail) 1.9.100 and 2.10.0, allows remote POP3 servers to execute arbitrary code via format string specifiers in crafted replies.

Not vulnerable. This issue did not affect version of Sylpheed as shipped with Red Hat Enterprise Linux 2.1. Sylpheed and claws-mail are not shipped with Red Hat Enterprise Linux 3, 4, or 5. https://www.cve.org/CVERecord?id=CVE-2007-2958 https://nvd.nist.gov/vuln/detail/CVE-2007-2958 Critical 2007-04-15T00:00:00 IBM JDK: Integer overflow in IBM JDK's ICC profile parser CWE-190

[REJECTED CVE] This CVE has been rejected. This candidate is a duplicate of CVE-2007-2788. Note: All CVE users should reference CVE-2007-2788 instead of this candidate.

Red Hat Enterprise Linux 2.1 2008-06-24T00:00:00 RHSA-2008:0133 IBMJava2-JRE-1:1.3.1-17 Red Hat Enterprise Linux 2.1 2008-06-24T00:00:00 RHSA-2008:0133 IBMJava2-SDK-1:1.3.1-17 https://www.cve.org/CVERecord?id=CVE-2007-3004 https://nvd.nist.gov/vuln/detail/CVE-2007-3004 Critical 2007-04-15T00:00:00 SUN JRE: Unspecified vulnerability in Sun JRE

[REJECTED CVE] This CVE has been rejected. This candidate is a duplicate of CVE-2007-2789. Note: All CVE users should reference CVE-2007-2789 instead of this candidate.

Red Hat Enterprise Linux 2.1 2008-06-24T00:00:00 RHSA-2008:0133 IBMJava2-JRE-1:1.3.1-17 Red Hat Enterprise Linux 2.1 2008-06-24T00:00:00 RHSA-2008:0133 IBMJava2-SDK-1:1.3.1-17 https://www.cve.org/CVERecord?id=CVE-2007-3005 https://nvd.nist.gov/vuln/detail/CVE-2007-3005

PHP 5 before 5.2.3 does not enforce the open_basedir or safe_mode restriction in certain cases, which allows context-dependent attackers to determine the existence of arbitrary files by checking if the readfile function returns a string. NOTE: this issue might also involve the realpath function.

We do not consider these to be security issues. For more details see http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1 and http://www.php.net/security-note.php https://www.cve.org/CVERecord?id=CVE-2007-3007 https://nvd.nist.gov/vuln/detail/CVE-2007-3007

Mbedthis AppWeb before 2.2.2 enables the HTTP TRACE method, which has unspecified impact probably related to remote information leaks and cross-site tracing (XST) attacks, a related issue to CVE-2004-2320 and CVE-2005-3398.

The Apache Software Foundation do not treat this as a security issue. A configuration change can be made to disable the ability to respond to HTTP TRACE requests if required. For more information please see: http://www.apacheweek.com/issues/03-01-24#news https://www.cve.org/CVERecord?id=CVE-2007-3008 https://nvd.nist.gov/vuln/detail/CVE-2007-3008 Moderate 2007-06-04T00:00:00 security flaw

Mozilla Firefox before 2.0.0.5 does not prevent use of document.write to replace an IFRAME (1) during the load stage or (2) in the case of an about:blank frame, which allows remote attackers to display arbitrary HTML or execute certain JavaScript code, as demonstrated by code that intercepts keystroke values from window.event, aka the "promiscuous IFRAME access bug," a related issue to CVE-2006-4568.

Red Hat Enterprise Linux 2.1 2007-07-19T00:00:00 RHSA-2007:0722 seamonkey-0:1.0.9-0.4.el2 Red Hat Enterprise Linux 3 2007-07-19T00:00:00 RHSA-2007:0722 seamonkey-0:1.0.9-0.3.el3 Red Hat Enterprise Linux 4 2007-07-19T00:00:00 RHSA-2007:0722 seamonkey-0:1.0.9-4.el4 Red Hat Enterprise Linux 4 2007-07-19T00:00:00 RHSA-2007:0723 thunderbird-0:1.5.0.12-0.3.el4 Red Hat Enterprise Linux 4 2007-07-19T00:00:00 RHSA-2007:0724 firefox-0:1.5.0.12-0.3.el4 Red Hat Enterprise Linux 5 2007-07-19T00:00:00 RHSA-2007:0723 thunderbird-0:1.5.0.12-3.el5 Red Hat Enterprise Linux 5 2007-07-19T00:00:00 RHSA-2007:0724 firefox-0:1.5.0.12-3.el5 https://www.cve.org/CVERecord?id=CVE-2007-3089 https://nvd.nist.gov/vuln/detail/CVE-2007-3089 Moderate 2007-06-11T00:00:00 dos flaws in open-iscsi (CVE-2007-3100)

usr/mgmt_ipc.c in iscsid in open-iscsi (iscsi-initiator-utils) before 2.0-865 checks the client's UID on the listening AF_LOCAL socket instead of the new connection, which allows remote attackers to access the management interface and cause a denial of service (iscsid exit or iSCSI connection loss).

Red Hat Enterprise Linux 5 2007-06-14T00:00:00 RHSA-2007:0497 iscsi-initiator-utils-0:6.2.0.742-0.6.el5 https://www.cve.org/CVERecord?id=CVE-2007-3099 https://nvd.nist.gov/vuln/detail/CVE-2007-3099 Moderate 2007-06-11T00:00:00 dos flaws in open-iscsi (CVE-2007-3100)

usr/log.c in iscsid in open-iscsi (iscsi-initiator-utils) before 2.0-865 uses a semaphore with insecure permissions (world-writable/world-readable) for managing log messages using shared memory, which allows local users to cause a denial of service (hang) by grabbing the semaphore.

Red Hat Enterprise Linux 5 2007-06-14T00:00:00 RHSA-2007:0497 iscsi-initiator-utils-0:6.2.0.742-0.6.el5 https://www.cve.org/CVERecord?id=CVE-2007-3100 https://nvd.nist.gov/vuln/detail/CVE-2007-3100 Moderate 2007-11-07T00:00:00 audit logging of failed logins

Unspecified vulnerability in the linux_audit_record_event function in OpenSSH 4.3p2, as used on Fedora Core 6 and possibly other systems, allows remote attackers to write arbitrary characters to an audit log via a crafted username. NOTE: some of these details are obtained from third party information.

Red Hat Enterprise Linux 4 2007-11-15T00:00:00 RHSA-2007:0703 openssh-0:3.9p1-8.RHEL4.24 Red Hat Enterprise Linux 4 2007-11-15T00:00:00 RHSA-2007:0737 pam-0:0.77-66.23 Red Hat Enterprise Linux 5 2007-11-07T00:00:00 RHSA-2007:0540 openssh-0:4.3p2-24.el5 Red Hat Enterprise Linux 5 2007-11-07T00:00:00 RHSA-2007:0555 pam-0:0.99.6.2-3.26.el5 https://www.cve.org/CVERecord?id=CVE-2007-3102 https://nvd.nist.gov/vuln/detail/CVE-2007-3102 Moderate 2007-07-11T00:00:00 security flaw

The init.d script for the X.Org X11 xfs font server on various Linux distributions might allow local users to change the permissions of arbitrary files via a symlink attack on the /tmp/.font-unix temporary file.

Red Hat Enterprise Linux 4 2007-07-12T00:00:00 RHSA-2007:0519 xorg-x11-0:6.8.2-1.EL.19 Red Hat Enterprise Linux 5 2007-07-12T00:00:00 RHSA-2007:0520 xorg-x11-xfs-1:1.0.2-4 https://www.cve.org/CVERecord?id=CVE-2007-3103 https://nvd.nist.gov/vuln/detail/CVE-2007-3103 Moderate 2007-06-22T00:00:00 Null pointer to an inode in a dentry can cause an oops in sysfs_readdir

The sysfs_readdir function in the Linux kernel 2.6, as used in Red Hat Enterprise Linux (RHEL) 4.5 and other distributions, allows users to cause a denial of service (kernel OOPS) by dereferencing a null pointer to an inode in a dentry.

This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 2.1 or 3. Red Hat Enterprise Linux 4 2007-06-25T00:00:00 RHSA-2007:0488 kernel-0:2.6.9-55.0.2.EL Red Hat Enterprise Linux 5 2008-01-23T00:00:00 RHSA-2008:0089 kernel-0:2.6.18-53.1.6.el5 https://www.cve.org/CVERecord?id=CVE-2007-3104 https://nvd.nist.gov/vuln/detail/CVE-2007-3104 Low 2007-06-21T00:00:00 Bound check ordering issue in random driver

Stack-based buffer overflow in the random number generator (RNG) implementation in the Linux kernel before 2.6.22 might allow local root users to cause a denial of service or gain privileges by setting the default wakeup threshold to a value greater than the output pool size, which triggers writing random numbers to the stack by the pool transfer function involving "bound check ordering". NOTE: this issue might only cross privilege boundaries in environments that have granular assignment of privileges for root.

This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 2.1 or 3. Red Hat Enterprise Linux 4 2007-11-01T00:00:00 RHSA-2007:0939 kernel-0:2.6.9-55.0.12.EL Red Hat Enterprise Linux 5 2007-10-22T00:00:00 RHSA-2007:0940 kernel-0:2.6.18-8.1.15.el5 https://www.cve.org/CVERecord?id=CVE-2007-3105 https://nvd.nist.gov/vuln/detail/CVE-2007-3105 Important 2007-07-26T00:00:00 libvorbis array boundary condition

lib/info.c in libvorbis 1.1.2, and possibly other versions before 1.2.0, allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via invalid (1) blocksize_0 and (2) blocksize_1 values, which trigger a "heap overwrite" in the _01inverse function in res0.c. NOTE: this issue has been RECAST so that CVE-2007-4029 handles additional vectors.

Red Hat Enterprise Linux 2.1 2007-10-11T00:00:00 RHSA-2007:0912 libvorbis-0:1.0rc2-7.el2 Red Hat Enterprise Linux 3 2007-09-19T00:00:00 RHSA-2007:0845 libvorbis-1:1.0-8.el3 Red Hat Enterprise Linux 4 2007-09-19T00:00:00 RHSA-2007:0845 libvorbis-1:1.1.0-2.el4.5 Red Hat Enterprise Linux 5 2007-09-19T00:00:00 RHSA-2007:0845 libvorbis-1:1.1.2-3.el5.0 https://www.cve.org/CVERecord?id=CVE-2007-3106 https://nvd.nist.gov/vuln/detail/CVE-2007-3106 Moderate 2007-07-03T00:00:00 security flaw

The signal handling in the Linux kernel before 2.6.22, including 2.6.2, when running on PowerPC systems using HTX, allows local users to cause a denial of service via unspecified vectors involving floating point corruption and concurrency, related to clearing of MSR bits.

Red Hat Enterprise Linux 5 2007-07-10T00:00:00 RHSA-2007:0595 kernel-0:2.6.18-8.1.8.el5 https://www.cve.org/CVERecord?id=CVE-2007-3107 https://nvd.nist.gov/vuln/detail/CVE-2007-3107 Moderate 2007-08-01T00:00:00 openssl: RSA side-channel attack

The BN_from_montgomery function in crypto/bn/bn_mont.c in OpenSSL 0.9.8e and earlier does not properly perform Montgomery multiplication, which might allow local users to conduct a side-channel attack and retrieve RSA private keys.

Red Hat Enterprise Linux 2.1 2007-10-22T00:00:00 RHSA-2007:0813 openssl-0:0.9.6b-48 Red Hat Enterprise Linux 3 2007-10-22T00:00:00 RHSA-2007:0813 openssl-0:0.9.7a-33.24 Red Hat Enterprise Linux 4 2007-11-15T00:00:00 RHSA-2007:1003 openssl-0:0.9.7a-43.17.el4_6.1 Red Hat Enterprise Linux 5 2007-10-12T00:00:00 RHSA-2007:0964 openssl-0:0.9.8b-8.3.el5_0.2 https://www.cve.org/CVERecord?id=CVE-2007-3108 https://nvd.nist.gov/vuln/detail/CVE-2007-3108 Moderate 2022-02-07T00:00:00 Gimp: context-dependent attackers to cause a denial of service 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CWE-400

Gimp before 2.8.22 allows context-dependent attackers to cause a denial of service (crash) via an ICO file with an InfoHeader containing a Height of zero, a similar issue to CVE-2007-2237.

Red Hat does not consider a user-assisted crash of a user application such as GIMP to be a security issue. Red Hat Enterprise Linux 6 Out of support scope gimp Red Hat Enterprise Linux 7 Not affected gimp Red Hat Enterprise Linux 8 Not affected gimp:2.8/gimp Red Hat Enterprise Linux 8 Not affected gimp:flatpak/gimp https://www.cve.org/CVERecord?id=CVE-2007-3126 https://nvd.nist.gov/vuln/detail/CVE-2007-3126 Low 2007-06-06T00:00:00 konqueror visual hostname truncation in HTTP authentication dialog 2.6 AV:N/AC:H/Au:N/C:N/I:P/A:N CWE-222

Visual truncation vulnerability in Konqueror 3.5.5 allows remote attackers to spoof the address bar and possibly conduct phishing attacks via a long hostname, which is truncated after a certain number of characters, as demonstrated by a phishing attack using HTTP Basic Authentication.

Red Hat Product Security has rated this issue as having Low security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/. Red Hat Enterprise Linux 4 Will not fix kdebase Red Hat Enterprise Linux 5 Will not fix kdebase Red Hat Enterprise Linux 6 Will not fix kdebase https://www.cve.org/CVERecord?id=CVE-2007-3143 https://nvd.nist.gov/vuln/detail/CVE-2007-3143

Visual truncation vulnerability in Mozilla 1.7.12 allows remote attackers to spoof the address bar and possibly conduct phishing attacks via a long hostname, which is truncated after a certain number of characters, as demonstrated by a phishing attack using HTTP Basic Authentication.

Not vulnerable. Mozilla is no longer shipped as part of any version of Red Hat Enterprise Linux. Mozilla was replaced by SeaMonkey in Red Hat Enterprise Linux by SeaMonkey which is not affected by this issue. https://www.cve.org/CVERecord?id=CVE-2007-3144 https://nvd.nist.gov/vuln/detail/CVE-2007-3144 Important 2007-06-06T00:00:00 Local authentication bypass in sudo

sudo, when linked with MIT Kerberos 5 (krb5), does not properly check whether a user can currently authenticate to Kerberos, which allows local users to gain privileges, in a manner unintended by the sudo security model, via certain KRB5_ environment variable settings. NOTE: another researcher disputes this vulnerability, stating that the attacker must be "a user, who can already log into your system, and can already use sudo."

Not vulnerable. Versions of sudo package shipped with Red Hat Enterprise Linux versions 2.1, 3, 4 and 5 are linked with PAM support and never use libkrb5 authentication. https://www.cve.org/CVERecord?id=CVE-2007-3149 https://nvd.nist.gov/vuln/detail/CVE-2007-3149

The parse_str function in (1) PHP, (2) Hardened-PHP, and (3) Suhosin, when called without a second parameter, might allow remote attackers to overwrite arbitrary variables by specifying variable names and values in the string to be parsed. NOTE: it is not clear whether this is a design limitation of the function or a bug in PHP, although it is likely to be regarded as a bug in Hardened-PHP and Suhosin.

This is not a security vulnerability: it is the expected behaviour of parse_str when used without a second parameter. https://www.cve.org/CVERecord?id=CVE-2007-3205 https://nvd.nist.gov/vuln/detail/CVE-2007-3205 Important 2007-06-14T00:00:00 evolution malicious server arbitrary code execution

Camel (camel-imap-folder.c) in the mailer component for Evolution Data Server 1.11 allows remote IMAP servers to execute arbitrary code via a negative SEQUENCE value in GData, which is used as an array index.

Red Hat Enterprise Linux 3 2007-06-25T00:00:00 RHSA-2007:0509 evolution-0:1.4.5-21.el3 Red Hat Enterprise Linux 4 2007-06-25T00:00:00 RHSA-2007:0509 evolution-0:2.0.2-35.0.4.el4 Red Hat Enterprise Linux 5 2007-06-25T00:00:00 RHSA-2007:0510 evolution-data-server-0:1.8.0-15.0.4.el5 https://www.cve.org/CVERecord?id=CVE-2007-3257 https://nvd.nist.gov/vuln/detail/CVE-2007-3257 2007-06-16T00:00:00 dblink allows proxying of database connections via 127.0.0.1

PostgreSQL 8.1 and probably later versions, when local trust authentication is enabled and the Database Link library (dblink) is installed, allows remote attackers to access arbitrary accounts and execute arbitrary SQL queries via a dblink host parameter that proxies the connection from 127.0.0.1.

Red Hat does not consider this do be a security issue. dblink is disabled in default configuration of PostgreSQL packages as shipped with Red Hat Enterprise Linux versions 2.1, 3, 4 and 5, and it is a configuration decision whether to grant local users arbitrary access. Red Hat Enterprise Linux 3 2008-01-11T00:00:00 RHSA-2008:0039 rh-postgresql-0:7.3.21-1 Red Hat Enterprise Linux 4 2008-01-11T00:00:00 RHSA-2008:0038 postgresql-0:7.4.19-1.el4_6.1 Red Hat Enterprise Linux 5 2008-01-11T00:00:00 RHSA-2008:0038 postgresql-0:8.1.11-1.el5_1.1 Red Hat Web Application Stack for RHEL 4 2008-02-01T00:00:00 RHSA-2008:0040 postgresql-0:8.1.11-1.el4s1.1 https://www.cve.org/CVERecord?id=CVE-2007-3278 https://nvd.nist.gov/vuln/detail/CVE-2007-3278 Functions in PL/pgSQL language can be used to brute force passwords

PostgreSQL 8.1 and probably later versions, when the PL/pgSQL (plpgsql) language has been created, grants certain plpgsql privileges to the PUBLIC domain, which allows remote attackers to create and execute functions, as demonstrated by functions that perform local brute-force password guessing attacks, which may evade intrusion detection.

Red Hat does not consider this do be a security issue. Creating functions is intended feature of the PL/pgSQL language and is definitely not a security problem. Weak passwords are generally more likely to be guessed with brute force attacks and choosing a strong password according to good practices is considered to be a sufficent protection against this kind of attack. https://www.cve.org/CVERecord?id=CVE-2007-3279 https://nvd.nist.gov/vuln/detail/CVE-2007-3279 Database superuser can execute code on behalf of postgresql server

The Database Link library (dblink) in PostgreSQL 8.1 implements functions via CREATE statements that map to arbitrary libraries based on the C programming language, which allows remote authenticated superusers to map and execute a function from any library, as demonstrated by using the system function in libc.so.6 to gain shell access.

Red Hat does not consider this do be a security issue. The ability of the superuser to execute code on behalf of the database server is an intended feature and imposes no security threat as the superuser account is restricted to the database administrator. https://www.cve.org/CVERecord?id=CVE-2007-3280 https://nvd.nist.gov/vuln/detail/CVE-2007-3280 2007-06-19T00:00:00 php tidy extension buffer overflow

Multiple buffer overflows in libtidy, as used in the Tidy extension for PHP 5.2.3 and possibly other products, allow context-dependent attackers to execute arbitrary code via (1) a long second argument to the tidy_parse_string function or (2) an unspecified vector to the tidy_repair_string function. NOTE: this might only be an issue in environments where vsnprintf is implemented as a wrapper for vsprintf.

Not vulnerable. PHP is not complied with the tidy library as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5, or Red Hat Application Stack v1 or v2. https://www.cve.org/CVERecord?id=CVE-2007-3294 https://nvd.nist.gov/vuln/detail/CVE-2007-3294

Apache httpd 2.0.59 and 2.2.4, with the Prefork MPM module, allows local users to cause a denial of service via certain code sequences executed in a worker process that (1) stop request processing by killing all worker processes and preventing creation of replacements or (2) hang the system by forcing the master process to fork an arbitrarily large number of worker processes. NOTE: This might be an inherent design limitation of Apache with respect to worker processes in hosted environments.

Not a vulnerability. In the security model used by Apache httpd, the less-privileged child processes (running as the "apache" user) completely handle the servicing of new connections. Any local user who is able to run arbitrary code in those children is therefore able to prevent new requests from being serviced, by design. Such users will also be able to "simulate" server load and force the parent to create children up to the configured limits, by design. https://www.cve.org/CVERecord?id=CVE-2007-3303 https://nvd.nist.gov/vuln/detail/CVE-2007-3303 Moderate 2007-06-19T00:00:00 httpd scoreboard lack of PID protection

Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the worker_score and process_score arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the master process, aka "SIGUSR1 killer."

Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 ant-0:1.6.5-1jpp_1rh Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 avalon-logkit-0:1.2-2jpp_4rh Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 axis-0:1.2.1-1jpp_3rh Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 classpathx-jaf-0:1.0-2jpp_6rh Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 classpathx-mail-0:1.1.1-2jpp_8rh Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 geronimo-specs-0:1.0-0.M4.1jpp_10rh Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 jakarta-commons-modeler-0:2.0-3jpp_2rh Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 log4j-0:1.2.12-1jpp_1rh Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 mx4j-1:3.0.1-1jpp_4rh Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 pcsc-lite-0:1.3.3-3.el4 Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 rhpki-ca-0:7.3.0-20.el4 Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 rhpki-java-tools-0:7.3.0-10.el4 Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 rhpki-kra-0:7.3.0-14.el4 Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 rhpki-manage-0:7.3.0-19.el4 Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 rhpki-native-tools-0:7.3.0-6.el4 Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 rhpki-ocsp-0:7.3.0-13.el4 Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 rhpki-tks-0:7.3.0-13.el4 Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 tomcat5-0:5.5.23-0jpp_4rh.16 Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 xerces-j2-0:2.7.1-1jpp_1rh Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 xml-commons-0:1.3.02-2jpp_1rh Red Hat Enterprise Linux 2.1 2007-06-26T00:00:00 RHSA-2007:0532 apache-0:1.3.27-12.ent Red Hat Enterprise Linux 3 2007-07-13T00:00:00 RHSA-2007:0662 httpd-0:2.0.46-68.ent Red Hat Enterprise Linux 4 2007-07-13T00:00:00 RHSA-2007:0662 httpd-0:2.0.52-32.3.ent Red Hat Enterprise Linux 5 2007-06-26T00:00:00 RHSA-2007:0556 httpd-0:2.2.3-7.el5 Red Hat Network Proxy v 4.2 (RHEL 3) 2008-06-30T00:00:00 RHSA-2008:0523 jabberd-0:2.0s10-3.37.rhn Red Hat Network Proxy v 4.2 (RHEL 3) 2008-06-30T00:00:00 RHSA-2008:0523 rhn-apache-0:1.3.27-36.rhn.rhel3 Red Hat Network Proxy v 4.2 (RHEL 3) 2008-06-30T00:00:00 RHSA-2008:0523 rhn-modperl-0:1.29-16.rhel3 Red Hat Network Proxy v 4.2 (RHEL 4) 2008-06-30T00:00:00 RHSA-2008:0523 jabberd-0:2.0s10-3.38.rhn Red Hat Network Proxy v 4.2 (RHEL 4) 2008-06-30T00:00:00 RHSA-2008:0523 rhn-apache-0:1.3.27-36.rhn.rhel4 Red Hat Network Proxy v 4.2 (RHEL 4) 2008-06-30T00:00:00 RHSA-2008:0523 rhn-modperl-0:1.29-16.rhel4 Red Hat Network Proxy v 5.0 2008-05-20T00:00:00 RHSA-2008:0263 jabberd-0:2.0s10-3.38.rhn Red Hat Network Proxy v 5.0 2008-05-20T00:00:00 RHSA-2008:0263 rhn-apache-0:1.3.27-36.rhn.rhel4 Red Hat Network Proxy v 5.0 2008-05-20T00:00:00 RHSA-2008:0263 rhn-modperl-0:1.29-16.rhel4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 jabberd-0:2.0s10-3.38.rhn Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 jfreechart-0:0.9.20-3.rhn Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 openmotif21-0:2.1.30-11.RHEL4.6 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 perl-Crypt-CBC-0:2.24-1.el4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 rhn-apache-0:1.3.27-36.rhn.rhel4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 rhn-modjk-0:1.2.23-2rhn.rhel4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 rhn-modperl-0:1.29-16.rhel4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 rhn-modssl-0:2.8.12-8.rhn.10.rhel4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 tomcat5-0:5.0.30-0jpp_10rh Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 jabberd-0:2.0s10-3.37.rhn Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 jfreechart-0:0.9.20-3.rhn Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 openmotif21-0:2.1.30-9.RHEL3.8 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 perl-Crypt-CBC-0:2.24-1.el3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 rhn-apache-0:1.3.27-36.rhn.rhel3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 rhn-modjk-0:1.2.23-2rhn.rhel3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 rhn-modperl-0:1.29-16.rhel3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 rhn-modssl-0:2.8.12-8.rhn.10.rhel3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 tomcat5-0:5.0.30-0jpp_10rh Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 jabberd-0:2.0s10-3.38.rhn Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 jfreechart-0:0.9.20-3.rhn Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 openmotif21-0:2.1.30-11.RHEL4.6 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 perl-Crypt-CBC-0:2.24-1.el4 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 rhn-apache-0:1.3.27-36.rhn.rhel4 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 rhn-modjk-0:1.2.23-2rhn.rhel4 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 rhn-modperl-0:1.29-16.rhel4 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 rhn-modssl-0:2.8.12-8.rhn.10.rhel4 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 tomcat5-0:5.0.30-0jpp_10rh Red Hat Web Application Stack for RHEL 4 2007-07-13T00:00:00 RHSA-2007:0557 httpd-0:2.0.59-1.el4s1.7 https://www.cve.org/CVERecord?id=CVE-2007-3304 https://nvd.nist.gov/vuln/detail/CVE-2007-3304 Low 2007-06-22T00:00:00 avahi: assert fail local DoS via D-Bus 2.1 AV:L/AC:L/Au:N/C:N/I:N/A:P

The Avahi daemon in Avahi before 0.6.20 allows attackers to cause a denial of service (exit) via empty TXT data over D-Bus, which triggers an assert error.

Not vulnerable. This issue did not affect the versions of avahi as shipped with Red Hat Enterprise Linux 5. https://www.cve.org/CVERecord?id=CVE-2007-3372 https://nvd.nist.gov/vuln/detail/CVE-2007-3372 Important 2007-06-19T00:00:00 possible buffer overflow could cause local DoS by crashing cman

Buffer overflow in cluster/cman/daemon/daemon.c in cman (redhat-cluster-suite) before 20070622 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via long client messages.

Red Hat Enterprise Linux 5 2007-06-28T00:00:00 RHSA-2007:0559 cman-0:2.0.64-1.0.1.el5 https://www.cve.org/CVERecord?id=CVE-2007-3374 https://nvd.nist.gov/vuln/detail/CVE-2007-3374 Important 2007-07-01T00:00:00 lhaca issue might affect lha packages

Stack-based buffer overflow in Lhaca File Archiver before 1.21 allows user-assisted remote attackers to execute arbitrary code via a crafted LZH archive, as exploited by malware such as Trojan.Lhdropper.

Not vulnerable, Red Hat do not ship the Lhaca file archiver. Note that an identical flaw was found affecting the lha file archiver in 2004, CVE-2004-0234. This issue was corrected by security update RHSA-2004:178 for Red Hat Enterprise Linux 2.1 and 3. Red Hat Enterprise Linux 4 was not vulnerable as it contained a backported patch to correct this issue from release. https://www.cve.org/CVERecord?id=CVE-2007-3375 https://nvd.nist.gov/vuln/detail/CVE-2007-3375 Moderate 2006-12-22T00:00:00 perl-Net-DNS security issue

Header.pm in Net::DNS before 0.60, a Perl module, (1) generates predictable sequence IDs with a fixed increment and (2) can use the same starting ID for all child processes of a forking server, which allows remote attackers to spoof DNS responses, as originally reported for qpsmtp and spamassassin.

Red Hat Enterprise Linux 3 2007-07-12T00:00:00 RHSA-2007:0674 perl-Net-DNS-0:0.31-4.el3 Red Hat Enterprise Linux 4 2007-07-12T00:00:00 RHSA-2007:0675 perl-Net-DNS-0:0.48-2.el4 Red Hat Enterprise Linux 5 2007-07-12T00:00:00 RHSA-2007:0674 perl-Net-DNS-0:0.59-3.el5 https://www.cve.org/CVERecord?id=CVE-2007-3377 https://nvd.nist.gov/vuln/detail/CVE-2007-3377 php session.save_path/error_log safe mode bypass

The (1) session_save_path, (2) ini_set, and (3) error_log functions in PHP 4.4.7 and earlier, and PHP 5 5.2.3 and earlier, when invoked from a .htaccess file, allow remote attackers to bypass safe_mode and open_basedir restrictions and possibly execute arbitrary commands, as demonstrated using (a) php_value, (b) php_flag, and (c) directives in .htaccess.

We do not consider this to be security issues. For more details see: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1 and https://www.php.net/security-note.php https://www.cve.org/CVERecord?id=CVE-2007-3378 https://nvd.nist.gov/vuln/detail/CVE-2007-3378 Important 2007-05-01T00:00:00 security flaw

Unspecified vulnerability in the kernel in Red Hat Enterprise Linux (RHEL) 4 on the x86_64 platform allows local users to cause a denial of service (OOPS) via unspecified vectors related to the get_gate_vma function and the fuser command.

Red Hat Enterprise Linux 4 2007-04-28T00:00:00 RHBA-2007:0304 kernel-0:2.6.9-55.EL https://www.cve.org/CVERecord?id=CVE-2007-3379 https://nvd.nist.gov/vuln/detail/CVE-2007-3379 Important 2007-06-26T00:00:00 security flaw

The Distributed Lock Manager (DLM) in the cluster manager for Linux kernel 2.6.15 allows remote attackers to cause a denial of service (loss of lock services) by connecting to the DLM port, which probably prevents other processes from accessing the service.

This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 2.1 or 3. CLuster Suite for RHEL 4 2007-09-05T00:00:00 RHBA-2007:0861 dlm-kernel-0:2.6.9-46.16.0.8 Red Hat Enterprise Linux 5 2007-10-22T00:00:00 RHSA-2007:0940 kernel-0:2.6.18-8.1.15.el5 https://www.cve.org/CVERecord?id=CVE-2007-3380 https://nvd.nist.gov/vuln/detail/CVE-2007-3380 Moderate 2007-07-30T00:00:00 Gdm denial of service

The GDM daemon in GNOME Display Manager (GDM) before 2.14.13, 2.16.x before 2.16.7, 2.18.x before 2.18.4, and 2.19.x before 2.19.5 does not properly handle NULL return values from the g_strsplit function, which allows local users to cause a denial of service (persistent daemon crash) via a crafted command to the daemon's socket, related to (1) gdm.c and (2) gdmconfig.c in daemon/, and (3) gdmconfig.c and (4) gdmflexiserver.c in gui/.

Red Hat would like to thank JLANTHEA for reporting this issue. Red Hat Enterprise Linux 5 2007-08-07T00:00:00 RHSA-2007:0777 gdm-1:2.16.0-31.0.1.el5 https://www.cve.org/CVERecord?id=CVE-2007-3381 https://nvd.nist.gov/vuln/detail/CVE-2007-3381 Low 2007-08-14T00:00:00 tomcat handling of cookies

Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 treats single quotes ("'") as delimiters in cookies, which might cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks.

Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 ant-0:1.6.5-1jpp_1rh Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 avalon-logkit-0:1.2-2jpp_4rh Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 axis-0:1.2.1-1jpp_3rh Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 classpathx-jaf-0:1.0-2jpp_6rh Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 classpathx-mail-0:1.1.1-2jpp_8rh Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 geronimo-specs-0:1.0-0.M4.1jpp_10rh Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 jakarta-commons-modeler-0:2.0-3jpp_2rh Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 log4j-0:1.2.12-1jpp_1rh Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 mx4j-1:3.0.1-1jpp_4rh Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 pcsc-lite-0:1.3.3-3.el4 Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 rhpki-ca-0:7.3.0-20.el4 Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 rhpki-java-tools-0:7.3.0-10.el4 Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 rhpki-kra-0:7.3.0-14.el4 Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 rhpki-manage-0:7.3.0-19.el4 Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 rhpki-native-tools-0:7.3.0-6.el4 Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 rhpki-ocsp-0:7.3.0-13.el4 Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 rhpki-tks-0:7.3.0-13.el4 Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 tomcat5-0:5.5.23-0jpp_4rh.16 Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 xerces-j2-0:2.7.1-1jpp_1rh Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 xml-commons-0:1.3.02-2jpp_1rh Red Hat Developer Suite V.3 2008-04-28T00:00:00 RHSA-2008:0195 tomcat5-0:5.5.23-0jpp_11rh Red Hat Enterprise Linux 5 2007-09-26T00:00:00 RHSA-2007:0871 tomcat5-0:5.5.23-0jpp.3.0.2.el5 Red Hat Network Satellite Server v 4.0 2007-11-26T00:00:00 RHSA-2007:1069 jakarta-commons-pool-0:1.2-2jpp_2rh Red Hat Network Satellite Server v 4.0 2007-11-26T00:00:00 RHSA-2007:1069 tomcat5-0:5.0.30-0jpp_6rh Red Hat Network Satellite Server v 4.0 2007-11-26T00:00:00 RHSA-2007:1069 tyrex-0:1.0.1-2jpp_2rh Red Hat Network Satellite Server v 4.0 (RHEL3) 2007-11-26T00:00:00 RHSA-2007:1069 jakarta-commons-pool-0:1.2-2jpp_2rh Red Hat Network Satellite Server v 4.0 (RHEL3) 2007-11-26T00:00:00 RHSA-2007:1069 tomcat5-0:5.0.30-0jpp_6rh Red Hat Network Satellite Server v 4.0 (RHEL3) 2007-11-26T00:00:00 RHSA-2007:1069 tyrex-0:1.0.1-2jpp_2rh Red Hat Network Satellite Server v 4.1 2007-11-26T00:00:00 RHSA-2007:1069 jakarta-commons-pool-0:1.2-2jpp_2rh Red Hat Network Satellite Server v 4.1 2007-11-26T00:00:00 RHSA-2007:1069 tomcat5-0:5.0.30-0jpp_6rh Red Hat Network Satellite Server v 4.1 2007-11-26T00:00:00 RHSA-2007:1069 tyrex-0:1.0.1-2jpp_2rh Red Hat Network Satellite Server v 4.1 (RHEL3) 2007-11-26T00:00:00 RHSA-2007:1069 jakarta-commons-pool-0:1.2-2jpp_2rh Red Hat Network Satellite Server v 4.1 (RHEL3) 2007-11-26T00:00:00 RHSA-2007:1069 tomcat5-0:5.0.30-0jpp_6rh Red Hat Network Satellite Server v 4.1 (RHEL3) 2007-11-26T00:00:00 RHSA-2007:1069 tyrex-0:1.0.1-2jpp_2rh Red Hat Network Satellite Server v 4.2 2007-11-26T00:00:00 RHSA-2007:1069 jakarta-commons-pool-0:1.2-2jpp_2rh Red Hat Network Satellite Server v 4.2 2007-11-26T00:00:00 RHSA-2007:1069 tomcat5-0:5.0.30-0jpp_6rh Red Hat Network Satellite Server v 4.2 2007-11-26T00:00:00 RHSA-2007:1069 tyrex-0:1.0.1-2jpp_2rh Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 jabberd-0:2.0s10-3.38.rhn Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 jfreechart-0:0.9.20-3.rhn Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 openmotif21-0:2.1.30-11.RHEL4.6 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 perl-Crypt-CBC-0:2.24-1.el4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 rhn-apache-0:1.3.27-36.rhn.rhel4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 rhn-modjk-0:1.2.23-2rhn.rhel4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 rhn-modperl-0:1.29-16.rhel4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 rhn-modssl-0:2.8.12-8.rhn.10.rhel4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 tomcat5-0:5.0.30-0jpp_10rh Red Hat Network Satellite Server v 4.2 (RHEL3) 2007-11-26T00:00:00 RHSA-2007:1069 jakarta-commons-pool-0:1.2-2jpp_2rh Red Hat Network Satellite Server v 4.2 (RHEL3) 2007-11-26T00:00:00 RHSA-2007:1069 tomcat5-0:5.0.30-0jpp_6rh Red Hat Network Satellite Server v 4.2 (RHEL3) 2007-11-26T00:00:00 RHSA-2007:1069 tyrex-0:1.0.1-2jpp_2rh Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 jabberd-0:2.0s10-3.37.rhn Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 jfreechart-0:0.9.20-3.rhn Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 openmotif21-0:2.1.30-9.RHEL3.8 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 perl-Crypt-CBC-0:2.24-1.el3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 rhn-apache-0:1.3.27-36.rhn.rhel3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 rhn-modjk-0:1.2.23-2rhn.rhel3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 rhn-modperl-0:1.29-16.rhel3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 rhn-modssl-0:2.8.12-8.rhn.10.rhel3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 tomcat5-0:5.0.30-0jpp_10rh Red Hat Network Satellite Server v 5.0 2007-11-26T00:00:00 RHSA-2007:1069 jakarta-commons-pool-0:1.2-2jpp_2rh Red Hat Network Satellite Server v 5.0 2007-11-26T00:00:00 RHSA-2007:1069 tomcat5-0:5.0.30-0jpp_6rh Red Hat Network Satellite Server v 5.0 2007-11-26T00:00:00 RHSA-2007:1069 tyrex-0:1.0.1-2jpp_2rh Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 jabberd-0:2.0s10-3.38.rhn Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 jfreechart-0:0.9.20-3.rhn Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 openmotif21-0:2.1.30-11.RHEL4.6 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 perl-Crypt-CBC-0:2.24-1.el4 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 rhn-apache-0:1.3.27-36.rhn.rhel4 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 rhn-modjk-0:1.2.23-2rhn.rhel4 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 rhn-modperl-0:1.29-16.rhel4 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 rhn-modssl-0:2.8.12-8.rhn.10.rhel4 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 tomcat5-0:5.0.30-0jpp_10rh Red Hat Web Application Stack for RHEL 4 2007-11-05T00:00:00 RHSA-2007:0950 berkeleydb-0:2.0.90-1jpp.ep1.1 Red Hat Web Application Stack for RHEL 4 2007-11-05T00:00:00 RHSA-2007:0950 hibernate3-annotations-0:3.2.1-1.patch01.1jpp.ep1.2 Red Hat Web Application Stack for RHEL 4 2007-11-05T00:00:00 RHSA-2007:0950 hibernate3-ejb-persistence-3.0-api-0:3.2.1-1jpp.ep1.1 Red Hat Web Application Stack for RHEL 4 2007-11-05T00:00:00 RHSA-2007:0950 hibernate3-entitymanager-0:3.2.1-1jpp.ep1.5 Red Hat Web Application Stack for RHEL 4 2007-11-05T00:00:00 RHSA-2007:0950 jacorb-0:2.3.0-1jpp.ep1.1 Red Hat Web Application Stack for RHEL 4 2007-11-05T00:00:00 RHSA-2007:0950 jboss-aop-0:1.5.5-0jpp.ep1.2.1 Red Hat Web Application Stack for RHEL 4 2007-11-05T00:00:00 RHSA-2007:0950 jbossas-0:4.2.0-2.CP01.ep1.4 Red Hat Web Application Stack for RHEL 4 2007-11-05T00:00:00 RHSA-2007:0950 jboss-cache-0:1.4.1-1.SP3.1jpp.ep1.1 Red Hat Web Application Stack for RHEL 4 2007-11-05T00:00:00 RHSA-2007:0950 jboss-remoting-0:2.2.2-1jpp.ep1.4 Red Hat Web Application Stack for RHEL 4 2007-11-05T00:00:00 RHSA-2007:0950 jboss-seam-0:1.2.1-1.ep1.2 Red Hat Web Application Stack for RHEL 4 2007-11-05T00:00:00 RHSA-2007:0950 jboss-serialization-0:1.0.3-1jpp.ep1.3 Red Hat Web Application Stack for RHEL 4 2007-11-05T00:00:00 RHSA-2007:0950 jbossweb-0:2.0.0-2.CP01.0jpp.ep1.4 Red Hat Web Application Stack for RHEL 4 2007-11-05T00:00:00 RHSA-2007:0950 jbossxb-0:1.0.0-1.CP01.0jpp.ep1.1 Red Hat Web Application Stack for RHEL 4 2007-11-05T00:00:00 RHSA-2007:0950 jcommon-0:0.9.7-1jpp.el4ep1.1 Red Hat Web Application Stack for RHEL 4 2007-11-05T00:00:00 RHSA-2007:0950 jfreechart-0:0.9.21-2jpp.el4ep1.1 Red Hat Web Application Stack for RHEL 4 2007-11-05T00:00:00 RHSA-2007:0950 rh-eap-docs-0:4.2.0-2.CP01.ep1.2 RHAPS Version 2 for RHEL 4 2007-10-11T00:00:00 RHSA-2007:0876 tomcat5-0:5.5.23-0jpp_4rh.4 https://www.cve.org/CVERecord?id=CVE-2007-3382 https://nvd.nist.gov/vuln/detail/CVE-2007-3382 Low 2007-08-14T00:00:00 tomcat handling of cookie values

Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the \" character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks.

Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 ant-0:1.6.5-1jpp_1rh Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 avalon-logkit-0:1.2-2jpp_4rh Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 axis-0:1.2.1-1jpp_3rh Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 classpathx-jaf-0:1.0-2jpp_6rh Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 classpathx-mail-0:1.1.1-2jpp_8rh Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 geronimo-specs-0:1.0-0.M4.1jpp_10rh Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 jakarta-commons-modeler-0:2.0-3jpp_2rh Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 log4j-0:1.2.12-1jpp_1rh Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 mx4j-1:3.0.1-1jpp_4rh Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 pcsc-lite-0:1.3.3-3.el4 Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 rhpki-ca-0:7.3.0-20.el4 Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 rhpki-java-tools-0:7.3.0-10.el4 Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 rhpki-kra-0:7.3.0-14.el4 Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 rhpki-manage-0:7.3.0-19.el4 Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 rhpki-native-tools-0:7.3.0-6.el4 Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 rhpki-ocsp-0:7.3.0-13.el4 Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 rhpki-tks-0:7.3.0-13.el4 Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 tomcat5-0:5.5.23-0jpp_4rh.16 Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 xerces-j2-0:2.7.1-1jpp_1rh Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 xml-commons-0:1.3.02-2jpp_1rh Red Hat Developer Suite V.3 2008-04-28T00:00:00 RHSA-2008:0195 tomcat5-0:5.5.23-0jpp_11rh Red Hat Enterprise Linux 5 2007-09-26T00:00:00 RHSA-2007:0871 tomcat5-0:5.5.23-0jpp.3.0.2.el5 Red Hat Network Satellite Server v 4.0 2007-11-26T00:00:00 RHSA-2007:1069 jakarta-commons-pool-0:1.2-2jpp_2rh Red Hat Network Satellite Server v 4.0 2007-11-26T00:00:00 RHSA-2007:1069 tomcat5-0:5.0.30-0jpp_6rh Red Hat Network Satellite Server v 4.0 2007-11-26T00:00:00 RHSA-2007:1069 tyrex-0:1.0.1-2jpp_2rh Red Hat Network Satellite Server v 4.0 (RHEL3) 2007-11-26T00:00:00 RHSA-2007:1069 jakarta-commons-pool-0:1.2-2jpp_2rh Red Hat Network Satellite Server v 4.0 (RHEL3) 2007-11-26T00:00:00 RHSA-2007:1069 tomcat5-0:5.0.30-0jpp_6rh Red Hat Network Satellite Server v 4.0 (RHEL3) 2007-11-26T00:00:00 RHSA-2007:1069 tyrex-0:1.0.1-2jpp_2rh Red Hat Network Satellite Server v 4.1 2007-11-26T00:00:00 RHSA-2007:1069 jakarta-commons-pool-0:1.2-2jpp_2rh Red Hat Network Satellite Server v 4.1 2007-11-26T00:00:00 RHSA-2007:1069 tomcat5-0:5.0.30-0jpp_6rh Red Hat Network Satellite Server v 4.1 2007-11-26T00:00:00 RHSA-2007:1069 tyrex-0:1.0.1-2jpp_2rh Red Hat Network Satellite Server v 4.1 (RHEL3) 2007-11-26T00:00:00 RHSA-2007:1069 jakarta-commons-pool-0:1.2-2jpp_2rh Red Hat Network Satellite Server v 4.1 (RHEL3) 2007-11-26T00:00:00 RHSA-2007:1069 tomcat5-0:5.0.30-0jpp_6rh Red Hat Network Satellite Server v 4.1 (RHEL3) 2007-11-26T00:00:00 RHSA-2007:1069 tyrex-0:1.0.1-2jpp_2rh Red Hat Network Satellite Server v 4.2 2007-11-26T00:00:00 RHSA-2007:1069 jakarta-commons-pool-0:1.2-2jpp_2rh Red Hat Network Satellite Server v 4.2 2007-11-26T00:00:00 RHSA-2007:1069 tomcat5-0:5.0.30-0jpp_6rh Red Hat Network Satellite Server v 4.2 2007-11-26T00:00:00 RHSA-2007:1069 tyrex-0:1.0.1-2jpp_2rh Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 jabberd-0:2.0s10-3.38.rhn Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 jfreechart-0:0.9.20-3.rhn Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 openmotif21-0:2.1.30-11.RHEL4.6 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 perl-Crypt-CBC-0:2.24-1.el4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 rhn-apache-0:1.3.27-36.rhn.rhel4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 rhn-modjk-0:1.2.23-2rhn.rhel4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 rhn-modperl-0:1.29-16.rhel4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 rhn-modssl-0:2.8.12-8.rhn.10.rhel4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 tomcat5-0:5.0.30-0jpp_10rh Red Hat Network Satellite Server v 4.2 (RHEL3) 2007-11-26T00:00:00 RHSA-2007:1069 jakarta-commons-pool-0:1.2-2jpp_2rh Red Hat Network Satellite Server v 4.2 (RHEL3) 2007-11-26T00:00:00 RHSA-2007:1069 tomcat5-0:5.0.30-0jpp_6rh Red Hat Network Satellite Server v 4.2 (RHEL3) 2007-11-26T00:00:00 RHSA-2007:1069 tyrex-0:1.0.1-2jpp_2rh Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 jabberd-0:2.0s10-3.37.rhn Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 jfreechart-0:0.9.20-3.rhn Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 openmotif21-0:2.1.30-9.RHEL3.8 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 perl-Crypt-CBC-0:2.24-1.el3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 rhn-apache-0:1.3.27-36.rhn.rhel3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 rhn-modjk-0:1.2.23-2rhn.rhel3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 rhn-modperl-0:1.29-16.rhel3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 rhn-modssl-0:2.8.12-8.rhn.10.rhel3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 tomcat5-0:5.0.30-0jpp_10rh Red Hat Network Satellite Server v 5.0 2007-11-26T00:00:00 RHSA-2007:1069 jakarta-commons-pool-0:1.2-2jpp_2rh Red Hat Network Satellite Server v 5.0 2007-11-26T00:00:00 RHSA-2007:1069 tomcat5-0:5.0.30-0jpp_6rh Red Hat Network Satellite Server v 5.0 2007-11-26T00:00:00 RHSA-2007:1069 tyrex-0:1.0.1-2jpp_2rh Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 jabberd-0:2.0s10-3.38.rhn Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 jfreechart-0:0.9.20-3.rhn Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 openmotif21-0:2.1.30-11.RHEL4.6 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 perl-Crypt-CBC-0:2.24-1.el4 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 rhn-apache-0:1.3.27-36.rhn.rhel4 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 rhn-modjk-0:1.2.23-2rhn.rhel4 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 rhn-modperl-0:1.29-16.rhel4 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 rhn-modssl-0:2.8.12-8.rhn.10.rhel4 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 tomcat5-0:5.0.30-0jpp_10rh Red Hat Web Application Stack for RHEL 4 2007-11-05T00:00:00 RHSA-2007:0950 berkeleydb-0:2.0.90-1jpp.ep1.1 Red Hat Web Application Stack for RHEL 4 2007-11-05T00:00:00 RHSA-2007:0950 hibernate3-annotations-0:3.2.1-1.patch01.1jpp.ep1.2 Red Hat Web Application Stack for RHEL 4 2007-11-05T00:00:00 RHSA-2007:0950 hibernate3-ejb-persistence-3.0-api-0:3.2.1-1jpp.ep1.1 Red Hat Web Application Stack for RHEL 4 2007-11-05T00:00:00 RHSA-2007:0950 hibernate3-entitymanager-0:3.2.1-1jpp.ep1.5 Red Hat Web Application Stack for RHEL 4 2007-11-05T00:00:00 RHSA-2007:0950 jacorb-0:2.3.0-1jpp.ep1.1 Red Hat Web Application Stack for RHEL 4 2007-11-05T00:00:00 RHSA-2007:0950 jboss-aop-0:1.5.5-0jpp.ep1.2.1 Red Hat Web Application Stack for RHEL 4 2007-11-05T00:00:00 RHSA-2007:0950 jbossas-0:4.2.0-2.CP01.ep1.4 Red Hat Web Application Stack for RHEL 4 2007-11-05T00:00:00 RHSA-2007:0950 jboss-cache-0:1.4.1-1.SP3.1jpp.ep1.1 Red Hat Web Application Stack for RHEL 4 2007-11-05T00:00:00 RHSA-2007:0950 jboss-remoting-0:2.2.2-1jpp.ep1.4 Red Hat Web Application Stack for RHEL 4 2007-11-05T00:00:00 RHSA-2007:0950 jboss-seam-0:1.2.1-1.ep1.2 Red Hat Web Application Stack for RHEL 4 2007-11-05T00:00:00 RHSA-2007:0950 jboss-serialization-0:1.0.3-1jpp.ep1.3 Red Hat Web Application Stack for RHEL 4 2007-11-05T00:00:00 RHSA-2007:0950 jbossweb-0:2.0.0-2.CP01.0jpp.ep1.4 Red Hat Web Application Stack for RHEL 4 2007-11-05T00:00:00 RHSA-2007:0950 jbossxb-0:1.0.0-1.CP01.0jpp.ep1.1 Red Hat Web Application Stack for RHEL 4 2007-11-05T00:00:00 RHSA-2007:0950 jcommon-0:0.9.7-1jpp.el4ep1.1 Red Hat Web Application Stack for RHEL 4 2007-11-05T00:00:00 RHSA-2007:0950 jfreechart-0:0.9.21-2jpp.el4ep1.1 Red Hat Web Application Stack for RHEL 4 2007-11-05T00:00:00 RHSA-2007:0950 rh-eap-docs-0:4.2.0-2.CP01.ep1.2 RHAPS Version 2 for RHEL 4 2007-10-11T00:00:00 RHSA-2007:0876 tomcat5-0:5.5.23-0jpp_4rh.4 https://www.cve.org/CVERecord?id=CVE-2007-3385 https://nvd.nist.gov/vuln/detail/CVE-2007-3385 Low 2007-08-14T00:00:00 tomcat host manager xss CWE-79

Cross-site scripting (XSS) vulnerability in the Host Manager Servlet for Apache Tomcat 6.0.0 to 6.0.13 and 5.5.0 to 5.5.24 allows remote attackers to inject arbitrary HTML and web script via crafted requests, as demonstrated using the aliases parameter to an html/add action.

Red Hat Enterprise Linux 5 2007-09-26T00:00:00 RHSA-2007:0871 tomcat5-0:5.5.23-0jpp.3.0.2.el5 RHAPS Version 2 for RHEL 4 2007-10-11T00:00:00 RHSA-2007:0876 tomcat5-0:5.5.23-0jpp_4rh.4 https://www.cve.org/CVERecord?id=CVE-2007-3386 https://nvd.nist.gov/vuln/detail/CVE-2007-3386 Important 2007-07-28T00:00:00 xpdf integer overflow CWE-190

Integer overflow in the StreamPredictor::StreamPredictor function in xpdf 3.02, as used in (1) poppler before 0.5.91, (2) gpdf before 2.8.2, (3) kpdf, (4) kdegraphics, (5) CUPS, (6) PDFedit, and other products, might allow remote attackers to execute arbitrary code via a crafted PDF file that triggers a stack-based buffer overflow in the StreamPredictor::getNextLine function.

Red Hat Enterprise Linux 2.1 2007-08-01T00:00:00 RHSA-2007:0731 tetex-0:1.0.7-38.5E.11 Red Hat Enterprise Linux 2.1 2007-07-30T00:00:00 RHSA-2007:0735 xpdf-1:0.92-18.RHEL2 Red Hat Enterprise Linux 3 2007-07-30T00:00:00 RHSA-2007:0720 cups-1:1.1.17-13.3.45 Red Hat Enterprise Linux 3 2007-08-01T00:00:00 RHSA-2007:0731 tetex-0:1.0.7-67.10 Red Hat Enterprise Linux 3 2007-07-30T00:00:00 RHSA-2007:0735 xpdf-1:2.02-10.RHEL3 Red Hat Enterprise Linux 4 2007-07-30T00:00:00 RHSA-2007:0720 cups-1:1.1.22-0.rc1.9.20.2 Red Hat Enterprise Linux 4 2007-07-30T00:00:00 RHSA-2007:0729 kdegraphics-7:3.3.1-4.RHEL4 Red Hat Enterprise Linux 4 2007-07-30T00:00:00 RHSA-2007:0730 gpdf-0:2.8.2-7.7 Red Hat Enterprise Linux 4 2007-08-01T00:00:00 RHSA-2007:0731 tetex-0:2.0.2-22.0.1.EL4.8 Red Hat Enterprise Linux 4 2007-07-30T00:00:00 RHSA-2007:0735 xpdf-1:3.00-12.RHEL4 Red Hat Enterprise Linux 5 2007-07-30T00:00:00 RHSA-2007:0720 cups-1:1.2.4-11.5.3.el5 Red Hat Enterprise Linux 5 2007-07-30T00:00:00 RHSA-2007:0729 kdegraphics-7:3.5.4-2.el5 Red Hat Enterprise Linux 5 2007-08-01T00:00:00 RHSA-2007:0731 tetex-0:3.0-33.1.el5 Red Hat Enterprise Linux 5 2007-07-30T00:00:00 RHSA-2007:0732 poppler-0:0.5.4-4.1.el5 https://www.cve.org/CVERecord?id=CVE-2007-3387 https://nvd.nist.gov/vuln/detail/CVE-2007-3387 Important 2007-07-27T00:00:00 qt3 format string flaw

Multiple format string vulnerabilities in (1) qtextedit.cpp, (2) qdatatable.cpp, (3) qsqldatabase.cpp, (4) qsqlindex.cpp, (5) qsqlrecord.cpp, (6) qglobal.cpp, and (7) qsvgdevice.cpp in QTextEdit in Trolltech Qt 3 before 3.3.8 20070727 allow remote attackers to execute arbitrary code via format string specifiers in text used to compose an error message.

Red Hat would like to thank Dirk Mueller and Tim Brown (Portcullis Computer Security) for reporting this issue. Red Hat Enterprise Linux 3 2007-07-31T00:00:00 RHSA-2007:0721 qt-1:3.1.2-16.RHEL3 Red Hat Enterprise Linux 4 2007-07-31T00:00:00 RHSA-2007:0721 qt-1:3.3.3-11.RHEL4 Red Hat Enterprise Linux 5 2007-07-31T00:00:00 RHSA-2007:0721 qt-1:3.3.6-21.el5 https://www.cve.org/CVERecord?id=CVE-2007-3388 https://nvd.nist.gov/vuln/detail/CVE-2007-3388 Low 2007-02-22T00:00:00 Wireshark crashes when inspecting HTTP traffic

Wireshark before 0.99.6 allows remote attackers to cause a denial of service (crash) via a crafted chunked encoding in an HTTP response, possibly related to a zero-length payload.

Red Hat Enterprise Linux 3 2008-01-21T00:00:00 RHSA-2008:0059 libsmi-0:0.4.5-3.el3 Red Hat Enterprise Linux 3 2008-01-21T00:00:00 RHSA-2008:0059 wireshark-0:0.99.7-EL3.1 Red Hat Enterprise Linux 4 2007-11-15T00:00:00 RHSA-2007:0709 wireshark-0:0.99.6-EL4.1 Red Hat Enterprise Linux 5 2007-11-07T00:00:00 RHSA-2007:0710 wireshark-0:0.99.6-1.el5 https://www.cve.org/CVERecord?id=CVE-2007-3389 https://nvd.nist.gov/vuln/detail/CVE-2007-3389 Low 2007-03-05T00:00:00 Wireshark crashes when inspecting iSeries traffic

Wireshark 0.99.5 and 0.10.x up to 0.10.14, when running on certain systems, allows remote attackers to cause a denial of service (crash) via crafted iSeries capture files that trigger a SIGTRAP.

Red Hat Enterprise Linux 3 2008-01-21T00:00:00 RHSA-2008:0059 libsmi-0:0.4.5-3.el3 Red Hat Enterprise Linux 3 2008-01-21T00:00:00 RHSA-2008:0059 wireshark-0:0.99.7-EL3.1 Red Hat Enterprise Linux 4 2007-11-15T00:00:00 RHSA-2007:0709 wireshark-0:0.99.6-EL4.1 Red Hat Enterprise Linux 5 2007-11-07T00:00:00 RHSA-2007:0710 wireshark-0:0.99.6-1.el5 https://www.cve.org/CVERecord?id=CVE-2007-3390 https://nvd.nist.gov/vuln/detail/CVE-2007-3390 Low 2007-03-10T00:00:00 Wireshark loops infinitely when inspecting DCP ETSI traffic

Wireshark 0.99.5 allows remote attackers to cause a denial of service (memory consumption) via a malformed DCP ETSI packet that triggers an infinite loop.

Red Hat Enterprise Linux 3 2008-01-21T00:00:00 RHSA-2008:0059 libsmi-0:0.4.5-3.el3 Red Hat Enterprise Linux 3 2008-01-21T00:00:00 RHSA-2008:0059 wireshark-0:0.99.7-EL3.1 Red Hat Enterprise Linux 4 2007-11-15T00:00:00 RHSA-2007:0709 wireshark-0:0.99.6-EL4.1 Red Hat Enterprise Linux 5 2007-11-07T00:00:00 RHSA-2007:0710 wireshark-0:0.99.6-1.el5 https://www.cve.org/CVERecord?id=CVE-2007-3391 https://nvd.nist.gov/vuln/detail/CVE-2007-3391 Low 2007-02-17T00:00:00 Wireshark crashes when inspecting MMS traffic

Wireshark before 0.99.6 allows remote attackers to cause a denial of service via malformed (1) SSL or (2) MMS packets that trigger an infinite loop.

Red Hat Enterprise Linux 3 2008-01-21T00:00:00 RHSA-2008:0059 libsmi-0:0.4.5-3.el3 Red Hat Enterprise Linux 3 2008-01-21T00:00:00 RHSA-2008:0059 wireshark-0:0.99.7-EL3.1 Red Hat Enterprise Linux 4 2007-11-15T00:00:00 RHSA-2007:0709 wireshark-0:0.99.6-EL4.1 Red Hat Enterprise Linux 5 2007-11-07T00:00:00 RHSA-2007:0710 wireshark-0:0.99.6-1.el5 https://www.cve.org/CVERecord?id=CVE-2007-3392 https://nvd.nist.gov/vuln/detail/CVE-2007-3392 Low 2007-05-26T00:00:00 Wireshark corrupts the stack when inspecting BOOTP traffic

Off-by-one error in the DHCP/BOOTP dissector in Wireshark before 0.99.6 allows remote attackers to cause a denial of service (crash) via crafted DHCP-over-DOCSIS packets.

Red Hat Enterprise Linux 3 2008-01-21T00:00:00 RHSA-2008:0059 libsmi-0:0.4.5-3.el3 Red Hat Enterprise Linux 3 2008-01-21T00:00:00 RHSA-2008:0059 wireshark-0:0.99.7-EL3.1 Red Hat Enterprise Linux 4 2007-11-15T00:00:00 RHSA-2007:0709 wireshark-0:0.99.6-EL4.1 Red Hat Enterprise Linux 5 2007-11-07T00:00:00 RHSA-2007:0710 wireshark-0:0.99.6-1.el5 https://www.cve.org/CVERecord?id=CVE-2007-3393 https://nvd.nist.gov/vuln/detail/CVE-2007-3393 Moderate 2006-12-22T00:00:00 Net:: DNS denial of service

Net::DNS before 0.60, a Perl module, allows remote attackers to cause a denial of service (stack consumption) via a malformed compressed DNS packet with self-referencing pointers, which triggers an infinite loop.

Red Hat Enterprise Linux 3 2007-07-12T00:00:00 RHSA-2007:0674 perl-Net-DNS-0:0.31-4.el3 Red Hat Enterprise Linux 5 2007-07-12T00:00:00 RHSA-2007:0674 perl-Net-DNS-0:0.59-3.el5 https://www.cve.org/CVERecord?id=CVE-2007-3409 https://nvd.nist.gov/vuln/detail/CVE-2007-3409 Critical 2007-06-26T00:00:00 RealPlayer/HelixPlayer buffer overflow

Stack-based buffer overflow in the SmilTimeValue::parseWallClockValue function in smlprstime.cpp in RealNetworks RealPlayer 10, 10.1, and possibly 10.5, RealOne Player, RealPlayer Enterprise, and Helix Player 10.5-GOLD and 10.0.5 through 10.0.8, allows remote attackers to execute arbitrary code via an SMIL (SMIL2) file with a long wallclock value.

Extras for RHEL 3 2007-08-17T00:00:00 RHSA-2007:0841 realplayer-0:10.0.9-0.rhel3.4 Red Hat Enterprise Linux 4 2007-06-27T00:00:00 RHSA-2007:0605 HelixPlayer-1:1.0.6-0.EL4.2 Supplementary for Red Hat Enterprise Linux 5 2007-08-17T00:00:00 RHSA-2007:0841 RealPlayer-0:10.0.9-3.el5 https://www.cve.org/CVERecord?id=CVE-2007-3410 https://nvd.nist.gov/vuln/detail/CVE-2007-3410 Critical 2007-07-10T00:00:00 flash-plugin input validation flaw CWE-20

Integer overflow in Adobe Flash Player 9.0.45.0 and earlier might allow remote attackers to execute arbitrary code via a large length value for a (1) Long string or (2) XML variable type in a crafted (a) FLV or (b) SWF file, related to an "input validation error," including a signed comparison of values that are assumed to be non-negative.

Extras for RHEL 3 2007-07-12T00:00:00 RHSA-2007:0696 flash-plugin-0:9.0.48.0-1.el3.with.oss Extras for RHEL 4 2007-07-12T00:00:00 RHSA-2007:0696 flash-plugin-0:9.0.48.0-1.el4 Supplementary for Red Hat Enterprise Linux 5 2007-07-12T00:00:00 RHSA-2007:0696 flash-plugin-0:9.0.48.0-1.el5 https://www.cve.org/CVERecord?id=CVE-2007-3456 https://nvd.nist.gov/vuln/detail/CVE-2007-3456 Low 2007-06-21T00:00:00 libgd Integer overflow in TrueColor code CWE-190

Integer overflow in gdImageCreateTrueColor function in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to have unspecified attack vectors and impact.

Red Hat Product Security has rated this issue as having Low security impact. This issue is not currently planned to be addressed in future updates to libwmf on Red Hat Enterprise Linux 5 and 6. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/. Red Hat Enterprise Linux 4 2008-02-28T00:00:00 RHSA-2008:0146 gd-0:2.0.28-5.4E.el4_6.1 Red Hat Enterprise Linux 5 2008-02-28T00:00:00 RHSA-2008:0146 gd-0:2.0.33-9.4.el5_1.1 Red Hat Enterprise Linux 4 Will not fix libwmf Red Hat Enterprise Linux 5 Will not fix libwmf Red Hat Enterprise Linux 6 Will not fix libwmf https://www.cve.org/CVERecord?id=CVE-2007-3472 https://nvd.nist.gov/vuln/detail/CVE-2007-3472 Low 2007-06-21T00:00:00 libgd NULL pointer dereference when reading a corrupt X bitmap CWE-476

The gdImageCreateXbm function in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via unspecified vectors involving a gdImageCreate failure.

Red Hat Product Security has rated this issue as having Low security impact. This issue is not currently planned to be addressed in future updates to libwmf on Red Hat Enterprise Linux 5 and 6. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/. Red Hat Enterprise Linux 4 2008-02-28T00:00:00 RHSA-2008:0146 gd-0:2.0.28-5.4E.el4_6.1 Red Hat Enterprise Linux 5 2008-02-28T00:00:00 RHSA-2008:0146 gd-0:2.0.33-9.4.el5_1.1 Red Hat Enterprise Linux 4 Will not fix libwmf Red Hat Enterprise Linux 5 Will not fix libwmf Red Hat Enterprise Linux 6 Will not fix libwmf https://www.cve.org/CVERecord?id=CVE-2007-3473 https://nvd.nist.gov/vuln/detail/CVE-2007-3473 Low 2007-06-21T00:00:00 libgd Denial of service and reentrancy fixes in GIF code

Multiple unspecified vulnerabilities in the GIF reader in the GD Graphics Library (libgd) before 2.0.35 have unspecified impact and user-assisted remote attack vectors.

This issue did not affect the versions of gd as shipped with Red Hat Enterprise Linux 2.1 or 3 as they did not offer GIF image support. We do not plan to backport a fix for this issue to the gd packages as shipped in Red Hat Enterprise Linux 4 and 5 due to the low likelihood of an application affected by this problem being exposed in a way that would allow a trust boundary to be crossed. https://www.cve.org/CVERecord?id=CVE-2007-3474 https://nvd.nist.gov/vuln/detail/CVE-2007-3474 Low 2007-06-21T00:00:00 libgd Denial of service by GIF images without a global color map

The GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via a GIF image that has no global color map.

Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2007-3475 The Red Hat Product Security has rated this issue as having low security impact, a future update may address this flaw. Red Hat Enterprise Linux 4 2008-02-28T00:00:00 RHSA-2008:0146 gd-0:2.0.28-5.4E.el4_6.1 Red Hat Enterprise Linux 5 2008-02-28T00:00:00 RHSA-2008:0146 gd-0:2.0.33-9.4.el5_1.1 https://www.cve.org/CVERecord?id=CVE-2007-3475 https://nvd.nist.gov/vuln/detail/CVE-2007-3475 Moderate 2007-06-21T00:00:00 libgd Denial of service by corrupted GIF images

Array index error in gd_gif_in.c in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash and heap corruption) via large color index values in crafted image data, which results in a segmentation fault.

Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2007-3476 The Red Hat Product Security has rated this issue as having low security impact, a future update may address this flaw. Red Hat Enterprise Linux 4 2008-02-28T00:00:00 RHSA-2008:0146 gd-0:2.0.28-5.4E.el4_6.1 Red Hat Enterprise Linux 5 2008-02-28T00:00:00 RHSA-2008:0146 gd-0:2.0.33-9.4.el5_1.1 https://www.cve.org/CVERecord?id=CVE-2007-3476 https://nvd.nist.gov/vuln/detail/CVE-2007-3476 Low 2007-06-21T00:00:00 gd: arc drawing functions can consume large amount of CPU time

The (a) imagearc and (b) imagefilledarc functions in GD Graphics Library (libgd) before 2.0.35 allow attackers to cause a denial of service (CPU consumption) via a large (1) start or (2) end angle degree value.

Due to the minimal impact of this flaw (temporary DoS by high CPU usage) and low likelihood of this problem being exposed in a way that would allow trust boundary crossing, we currently do not plan to backport a fix for this issue to the versions of gd as shipped in Red Hat Enterprise Linux 2.1, 3, 4 or 5. Red Hat Enterprise Linux 4 Will not fix libwmf Red Hat Enterprise Linux 5 Will not fix libwmf Red Hat Enterprise Linux 6 Will not fix libwmf https://www.cve.org/CVERecord?id=CVE-2007-3477 https://nvd.nist.gov/vuln/detail/CVE-2007-3477 Low 2007-06-21T00:00:00 libgd Certain TTF handling routines are not reentrant

Race condition in gdImageStringFTEx (gdft_draw_bitmap) in gdft.c in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via unspecified vectors, possibly involving truetype font (TTF) support.

We currently do not plan to backport a fix for this issue to gd packages in current versions of Red Hat Enterprise Linux 2.1, 3, 4, and 5 due to the low likelihood of and application affected by this problem being exposed in a way that would allow trust boundary to be crossed. https://www.cve.org/CVERecord?id=CVE-2007-3478 https://nvd.nist.gov/vuln/detail/CVE-2007-3478 Low 2007-06-28T00:00:00 HTML files generated with Javadoc are vulnerable to a XSS CWE-79

The Javadoc tool in Sun JDK 6 and JDK 5.0 Update 11 can generate HTML documentation pages that contain cross-site scripting (XSS) vulnerabilities, which allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Extras for RHEL 4 2007-08-06T00:00:00 RHSA-2007:0818 java-1.5.0-sun-0:1.5.0.12-1jpp.2.el4 Extras for RHEL 4 2007-08-07T00:00:00 RHSA-2007:0829 java-1.5.0-ibm-1:1.5.0.5-1jpp.2.el4 Supplementary for Red Hat Enterprise Linux 5 2007-08-07T00:00:00 RHSA-2007:0829 java-1.5.0-ibm-1:1.5.0.5-1jpp.0.1.el5 Supplementary for Red Hat Enterprise Linux 5 2007-10-16T00:00:00 RHSA-2007:0956 java-1.5.0-bea-0:1.5.0.11-1jpp.1.el5 https://www.cve.org/CVERecord?id=CVE-2007-3503 https://nvd.nist.gov/vuln/detail/CVE-2007-3503 CVE-2007-3506 Emboldden rendering with a sbit font makes glibc detected.

The ft_bitmap_assure_buffer function in src/base/ftbimap.c in FreeType 2.3.3 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors involving bitmap fonts, related to a "memory buffer overwrite bug."

Not vulnerable. These issues did not affect the versions of freetype as shipped with Red Hat Enterprise Linux 2.1, 3, or 4. https://www.cve.org/CVERecord?id=CVE-2007-3506 https://nvd.nist.gov/vuln/detail/CVE-2007-3506 2007-07-03T00:00:00 Glibc integer overflow CWE-190

Integer overflow in the process_envvars function in elf/rtld.c in glibc before 2.5-rc4 might allow local users to execute arbitrary code via a large LD_HWCAP_MASK environment variable value. NOTE: the glibc maintainers state that they do not believe that this issue is exploitable for code execution

After careful analysis by Red Hat and several Glibc developers, it has been determined that this bug is not exploitable. For more information please see Red Hat Bugzilla bug #247208 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=247208 https://www.cve.org/CVERecord?id=CVE-2007-3508 https://nvd.nist.gov/vuln/detail/CVE-2007-3508 Moderate 2007-06-30T00:00:00 security flaw

The focus handling for the onkeydown event in Mozilla Firefox 1.5.0.12, 2.0.0.4 and other versions before 2.0.0.8, and SeaMonkey before 1.1.5 allows remote attackers to change field focus and copy keystrokes via the "for" attribute in a label, which bypasses the focus prevention, as demonstrated by changing focus from a textarea to a file upload field.

Red Hat Enterprise Linux 2.1 2007-10-19T00:00:00 RHSA-2007:0980 seamonkey-0:1.0.9-0.6.el2 Red Hat Enterprise Linux 3 2007-10-19T00:00:00 RHSA-2007:0980 seamonkey-0:1.0.9-0.5.el3 Red Hat Enterprise Linux 4 2007-10-19T00:00:00 RHSA-2007:0979 firefox-0:1.5.0.12-0.7.el4 Red Hat Enterprise Linux 4 2007-10-19T00:00:00 RHSA-2007:0980 seamonkey-0:1.0.9-6.el4 Red Hat Enterprise Linux 4 2007-10-19T00:00:00 RHSA-2007:0981 thunderbird-0:1.5.0.12-0.5.el4 Red Hat Enterprise Linux 5 2007-10-19T00:00:00 RHSA-2007:0979 firefox-0:1.5.0.12-6.el5 Red Hat Enterprise Linux 5 2007-10-19T00:00:00 RHSA-2007:0981 thunderbird-0:1.5.0.12-5.el5 https://www.cve.org/CVERecord?id=CVE-2007-3511 https://nvd.nist.gov/vuln/detail/CVE-2007-3511 Moderate 2007-06-11T00:00:00 Locally triggerable memory consumption in usblcd

The lcd_write function in drivers/usb/misc/usblcd.c in the Linux kernel before 2.6.22-rc7 does not limit the amount of memory used by a caller, which allows local users to cause a denial of service (memory consumption).

This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, or 4. Red Hat Enterprise Linux 5 2007-10-22T00:00:00 RHSA-2007:0940 kernel-0:2.6.18-8.1.15.el5 https://www.cve.org/CVERecord?id=CVE-2007-3513 https://nvd.nist.gov/vuln/detail/CVE-2007-3513

libcurl 7.14.0 through 7.16.3, when built with GnuTLS support, does not check SSL/TLS certificate expiration or activation dates, which allows remote attackers to bypass certain access restrictions.

Not vulnerable. The curl packages as shipped with Red Hat Enterprise Linux versions 2.1, 3, 4 and 5 are not linked against the gnutls library. https://www.cve.org/CVERecord?id=CVE-2007-3564 https://nvd.nist.gov/vuln/detail/CVE-2007-3564 Low 2007-07-03T00:00:00 imlib: infinite loop DoS using crafted BMP image CWE-835

The _LoadBMP function in imlib 1.9.15 and earlier allows context-dependent attackers to cause a denial of service (infinite loop) via a BMP image with a Bits Per Page (BPP) value of 0.

Red Hat does not consider bugs which result in a user-assisted crash of end user application to be a security issue. https://www.cve.org/CVERecord?id=CVE-2007-3568 https://nvd.nist.gov/vuln/detail/CVE-2007-3568

Unspecified vulnerability in the G/PGP (GPG) Plugin 2.0 for Squirrelmail 1.4.10a allows remote authenticated users to execute arbitrary commands via unspecified vectors, possibly related to the passphrase variable in the gpg_sign_attachment function, aka ZD-00000004. this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release actionable advisories. A CVE has been assigned for tracking purposes, but duplicates with other CVEs are difficult to determine.

Not vulnerable. This plugin is not shipped with Squirrelmail in Red Hat Enterprise Linux. https://www.cve.org/CVERecord?id=CVE-2007-3634 https://nvd.nist.gov/vuln/detail/CVE-2007-3634

Multiple unspecified vulnerabilities in the G/PGP (GPG) Plugin before 2.1 for Squirrelmail might allow "local authenticated users" to inject certain commands via unspecified vectors. NOTE: this might overlap CVE-2005-1924, CVE-2006-4169, or CVE-2007-3634.

Not vulnerable. This plugin is not shipped with Squirrelmail in Red Hat Enterprise Linux. https://www.cve.org/CVERecord?id=CVE-2007-3635 https://nvd.nist.gov/vuln/detail/CVE-2007-3635

Multiple unspecified vulnerabilities in the G/PGP (GPG) Plugin 2.1 for Squirrelmail allow remote attackers to execute arbitrary commands via unspecified vectors. NOTE: this information is based upon a vague pre-advisory from a reliable researcher.

Not vulnerable. This plugin is not shipped with Squirrelmail in Red Hat Enterprise Linux. https://www.cve.org/CVERecord?id=CVE-2007-3636 https://nvd.nist.gov/vuln/detail/CVE-2007-3636

The decode_choice function in net/netfilter/nf_conntrack_h323_asn1.c in the Linux kernel before 2.6.20.15, 2.6.21.x before 2.6.21.6, and before 2.6.22 allows remote attackers to cause a denial of service (crash) via an encoded, out-of-range index value for a choice field, which triggers a NULL pointer dereference.

Not vulnerable. These issues did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5. https://www.cve.org/CVERecord?id=CVE-2007-3642 https://nvd.nist.gov/vuln/detail/CVE-2007-3642 Moderate 2007-07-10T00:00:00 A buffer overflow vulnerability in Java Web Start URL parsing code

Stack-based buffer overflow in javaws.exe in Sun Java Web Start in JRE 5.0 Update 11 and earlier, and 6.0 Update 1 and earlier, allows remote attackers to execute arbitrary code via a long codebase attribute in a JNLP file.

Extras for RHEL 4 2007-08-06T00:00:00 RHSA-2007:0818 java-1.5.0-sun-0:1.5.0.12-1jpp.2.el4 Extras for RHEL 4 2007-08-07T00:00:00 RHSA-2007:0829 java-1.5.0-ibm-1:1.5.0.5-1jpp.2.el4 Supplementary for Red Hat Enterprise Linux 5 2007-08-07T00:00:00 RHSA-2007:0829 java-1.5.0-ibm-1:1.5.0.5-1jpp.0.1.el5 https://www.cve.org/CVERecord?id=CVE-2007-3655 https://nvd.nist.gov/vuln/detail/CVE-2007-3655 Moderate 2007-07-09T00:00:00 security flaw

Mozilla Firefox before 1.8.0.13 and 1.8.1.x before 1.8.1.5 does not perform a security zone check when processing a wyciwyg URI, which allows remote attackers to obtain sensitive information, poison the browser cache, and possibly enable further attack vectors via (1) HTTP 302 redirect controls, (2) XMLHttpRequest, or (3) view-source URIs.

Red Hat Enterprise Linux 2.1 2007-07-19T00:00:00 RHSA-2007:0722 seamonkey-0:1.0.9-0.4.el2 Red Hat Enterprise Linux 3 2007-07-19T00:00:00 RHSA-2007:0722 seamonkey-0:1.0.9-0.3.el3 Red Hat Enterprise Linux 4 2007-07-19T00:00:00 RHSA-2007:0722 seamonkey-0:1.0.9-4.el4 Red Hat Enterprise Linux 4 2007-07-19T00:00:00 RHSA-2007:0724 firefox-0:1.5.0.12-0.3.el4 Red Hat Enterprise Linux 5 2007-07-19T00:00:00 RHSA-2007:0724 firefox-0:1.5.0.12-3.el5 https://www.cve.org/CVERecord?id=CVE-2007-3656 https://nvd.nist.gov/vuln/detail/CVE-2007-3656 Moderate 2007-07-10T00:00:00 Java Secure Socket Extension Does Not Correctly Process SSL/TLS Handshake Requests Resulting in a Denial of Service (DoS) Condition

The Java Secure Socket Extension (JSSE) in Sun JDK and JRE 6 Update 1 and earlier, JDK and JRE 5.0 Updates 7 through 11, and SDK and JRE 1.4.2_11 through 1.4.2_14, when using JSSE for SSL/TLS support, allows remote attackers to cause a denial of service (CPU consumption) via certain SSL/TLS handshake requests.

Extras for RHEL 3 2008-03-11T00:00:00 RHSA-2008:0100 java-1.4.2-bea-0:1.4.2.16-1jpp.1.el3 Extras for RHEL 3 2008-02-14T00:00:00 RHSA-2008:0132 java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3 Extras for RHEL 4 2007-08-06T00:00:00 RHSA-2007:0818 java-1.5.0-sun-0:1.5.0.12-1jpp.2.el4 Extras for RHEL 4 2007-12-12T00:00:00 RHSA-2007:1086 java-1.4.2-bea-0:1.4.2.15-1jpp.2.el4 Extras for RHEL 4 2008-02-14T00:00:00 RHSA-2008:0132 java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4 Supplementary for Red Hat Enterprise Linux 5 2007-10-16T00:00:00 RHSA-2007:0956 java-1.5.0-bea-0:1.5.0.11-1jpp.1.el5 Supplementary for Red Hat Enterprise Linux 5 2008-03-11T00:00:00 RHSA-2008:0100 java-1.4.2-bea-0:1.4.2.16-1jpp.1.el5 Supplementary for Red Hat Enterprise Linux 5 2008-02-14T00:00:00 RHSA-2008:0132 java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el5 https://www.cve.org/CVERecord?id=CVE-2007-3698 https://nvd.nist.gov/vuln/detail/CVE-2007-3698 Moderate 2007-07-13T00:00:00 kernel: secretly Monopolizing the CPU Without Superuser Privileges

The process scheduler in the Linux kernel 2.6.16 gives preference to "interactive" processes that perform voluntary sleeps, which allows local users to cause a denial of service (CPU consumption), as described in "Secretly Monopolizing the CPU Without Superuser Privileges."

The Red Hat Security Response Team has rated this issue as having moderate security impact. The risks associated with fixing this bug are greater than the moderate severity security risk. We therefore currently have no plans to fix this flaw in Red Hat Enterprise Linux 3, 4, 5, and Red Hat Enterprise MRG. https://www.cve.org/CVERecord?id=CVE-2007-3719 https://nvd.nist.gov/vuln/detail/CVE-2007-3719

Buffer overflow in lib/silcclient/client_notify.c of SILC Client and SILC Toolkit before 1.1.2 allows remote attackers to cause a denial of service via "NICK_CHANGE" notifications.

Not vulnerable. libsilc was not shipped with Enterprise Linux 2.1 or 3. This issue did not affect the versions of libsilc as shipped with Red Hat Enterprise Linux 4 or 5. https://www.cve.org/CVERecord?id=CVE-2007-3728 https://nvd.nist.gov/vuln/detail/CVE-2007-3728 Moderate 2007-07-15T00:00:00 NULL pointer dereference triggered by ptrace CWE-476

The Linux kernel 2.6.20 and 2.6.21 does not properly handle an invalid LDT segment selector in %cs (the xcs field) during ptrace single-step operations, which allows local users to cause a denial of service (NULL dereference and OOPS) via certain code that makes ptrace PTRACE_SETREGS and PTRACE_SINGLESTEP requests, related to the TRACE_IRQS_ON function, and possibly related to the arch_ptrace function.

This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, or 4. Red Hat Enterprise Linux 5 2007-10-22T00:00:00 RHSA-2007:0940 kernel-0:2.6.18-8.1.15.el5 https://www.cve.org/CVERecord?id=CVE-2007-3731 https://nvd.nist.gov/vuln/detail/CVE-2007-3731 Important kernel: Reset %fs early in iret_exc

In Linux 2.6 before 2.6.23, the TRACE_IRQS_ON function in iret_exc calls a C function without ensuring that the segments are set properly. The kernel's %fs needs to be restored before the call in TRACE_IRQS_ON and before enabling interrupts, so that "current" references work. Without this, "current" used in the window between iret_exc and the middle of error_code where %fs is reset, would crash.

https://www.cve.org/CVERecord?id=CVE-2007-3732 https://nvd.nist.gov/vuln/detail/CVE-2007-3732 Critical 2007-07-18T09:00:00 security flaw

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 2.0.0.5 and Thunderbird before 2.0.0.5 allow remote attackers to cause a denial of service (crash) via unspecified vectors that trigger memory corruption.

Red Hat Enterprise Linux 2.1 2007-07-19T00:00:00 RHSA-2007:0722 seamonkey-0:1.0.9-0.4.el2 Red Hat Enterprise Linux 3 2007-07-19T00:00:00 RHSA-2007:0722 seamonkey-0:1.0.9-0.3.el3 Red Hat Enterprise Linux 4 2007-07-19T00:00:00 RHSA-2007:0722 seamonkey-0:1.0.9-4.el4 Red Hat Enterprise Linux 4 2007-07-19T00:00:00 RHSA-2007:0723 thunderbird-0:1.5.0.12-0.3.el4 Red Hat Enterprise Linux 4 2007-07-19T00:00:00 RHSA-2007:0724 firefox-0:1.5.0.12-0.3.el4 Red Hat Enterprise Linux 5 2007-07-19T00:00:00 RHSA-2007:0723 thunderbird-0:1.5.0.12-3.el5 Red Hat Enterprise Linux 5 2007-07-19T00:00:00 RHSA-2007:0724 firefox-0:1.5.0.12-3.el5 https://www.cve.org/CVERecord?id=CVE-2007-3734 https://nvd.nist.gov/vuln/detail/CVE-2007-3734 Critical 2007-07-18T09:00:00 security flaw

Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox before 2.0.0.5 and Thunderbird before 2.0.0.5 allow remote attackers to cause a denial of service (crash) via unspecified vectors that trigger memory corruption.

Red Hat Enterprise Linux 2.1 2007-07-19T00:00:00 RHSA-2007:0722 seamonkey-0:1.0.9-0.4.el2 Red Hat Enterprise Linux 3 2007-07-19T00:00:00 RHSA-2007:0722 seamonkey-0:1.0.9-0.3.el3 Red Hat Enterprise Linux 4 2007-07-19T00:00:00 RHSA-2007:0722 seamonkey-0:1.0.9-4.el4 Red Hat Enterprise Linux 4 2007-07-19T00:00:00 RHSA-2007:0723 thunderbird-0:1.5.0.12-0.3.el4 Red Hat Enterprise Linux 4 2007-07-19T00:00:00 RHSA-2007:0724 firefox-0:1.5.0.12-0.3.el4 Red Hat Enterprise Linux 5 2007-07-19T00:00:00 RHSA-2007:0723 thunderbird-0:1.5.0.12-3.el5 Red Hat Enterprise Linux 5 2007-07-19T00:00:00 RHSA-2007:0724 firefox-0:1.5.0.12-3.el5 https://www.cve.org/CVERecord?id=CVE-2007-3735 https://nvd.nist.gov/vuln/detail/CVE-2007-3735 Moderate 2007-07-18T09:00:00 security flaw

Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 2.0.0.5 allows remote attackers to inject arbitrary web script "into another site's context" via a "timing issue" involving the (1) addEventListener or (2) setTimeout function, probably by setting events that activate after the context has changed.

Red Hat Enterprise Linux 2.1 2007-07-19T00:00:00 RHSA-2007:0722 seamonkey-0:1.0.9-0.4.el2 Red Hat Enterprise Linux 3 2007-07-19T00:00:00 RHSA-2007:0722 seamonkey-0:1.0.9-0.3.el3 Red Hat Enterprise Linux 4 2007-07-19T00:00:00 RHSA-2007:0722 seamonkey-0:1.0.9-4.el4 Red Hat Enterprise Linux 4 2007-07-19T00:00:00 RHSA-2007:0723 thunderbird-0:1.5.0.12-0.3.el4 Red Hat Enterprise Linux 4 2007-07-19T00:00:00 RHSA-2007:0724 firefox-0:1.5.0.12-0.3.el4 Red Hat Enterprise Linux 5 2007-07-19T00:00:00 RHSA-2007:0723 thunderbird-0:1.5.0.12-3.el5 Red Hat Enterprise Linux 5 2007-07-19T00:00:00 RHSA-2007:0724 firefox-0:1.5.0.12-3.el5 https://www.cve.org/CVERecord?id=CVE-2007-3736 https://nvd.nist.gov/vuln/detail/CVE-2007-3736 Critical 2007-07-18T09:00:00 security flaw

Mozilla Firefox before 2.0.0.5 allows remote attackers to execute arbitrary code with chrome privileges by calling an event handler from an unspecified "element outside of a document."

Red Hat Enterprise Linux 2.1 2007-07-19T00:00:00 RHSA-2007:0722 seamonkey-0:1.0.9-0.4.el2 Red Hat Enterprise Linux 3 2007-07-19T00:00:00 RHSA-2007:0722 seamonkey-0:1.0.9-0.3.el3 Red Hat Enterprise Linux 4 2007-07-19T00:00:00 RHSA-2007:0722 seamonkey-0:1.0.9-4.el4 Red Hat Enterprise Linux 4 2007-07-19T00:00:00 RHSA-2007:0723 thunderbird-0:1.5.0.12-0.3.el4 Red Hat Enterprise Linux 4 2007-07-19T00:00:00 RHSA-2007:0724 firefox-0:1.5.0.12-0.3.el4 Red Hat Enterprise Linux 5 2007-07-19T00:00:00 RHSA-2007:0723 thunderbird-0:1.5.0.12-3.el5 Red Hat Enterprise Linux 5 2007-07-19T00:00:00 RHSA-2007:0724 firefox-0:1.5.0.12-3.el5 https://www.cve.org/CVERecord?id=CVE-2007-3737 https://nvd.nist.gov/vuln/detail/CVE-2007-3737 Critical 2007-07-18T09:00:00 security flaw

Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.5 allow remote attackers to execute arbitrary code via a crafted XPCNativeWrapper.

Red Hat Enterprise Linux 2.1 2007-07-19T00:00:00 RHSA-2007:0722 seamonkey-0:1.0.9-0.4.el2 Red Hat Enterprise Linux 3 2007-07-19T00:00:00 RHSA-2007:0722 seamonkey-0:1.0.9-0.3.el3 Red Hat Enterprise Linux 4 2007-07-19T00:00:00 RHSA-2007:0722 seamonkey-0:1.0.9-4.el4 Red Hat Enterprise Linux 4 2007-07-19T00:00:00 RHSA-2007:0723 thunderbird-0:1.5.0.12-0.3.el4 Red Hat Enterprise Linux 4 2007-07-19T00:00:00 RHSA-2007:0724 firefox-0:1.5.0.12-0.3.el4 Red Hat Enterprise Linux 5 2007-07-19T00:00:00 RHSA-2007:0723 thunderbird-0:1.5.0.12-3.el5 Red Hat Enterprise Linux 5 2007-07-19T00:00:00 RHSA-2007:0724 firefox-0:1.5.0.12-3.el5 https://www.cve.org/CVERecord?id=CVE-2007-3738 https://nvd.nist.gov/vuln/detail/CVE-2007-3738 Moderate 2007-08-31T00:00:00 LTC36188-Don't allow the stack to grow into hugetlb reserved regions

mm/mmap.c in the hugetlb kernel, when run on PowerPC systems, does not prevent stack expansion from entering into reserved kernel page memory, which allows local users to cause a denial of service (OOPS) via unspecified vectors.

This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 2.1. Red Hat Enterprise Linux 3 2007-12-03T00:00:00 RHSA-2007:1049 kernel-0:2.4.21-53.EL Red Hat Enterprise Linux 4 2007-11-01T00:00:00 RHSA-2007:0939 kernel-0:2.6.9-55.0.12.EL Red Hat Enterprise Linux 5 2007-09-13T00:00:00 RHSA-2007:0705 kernel-0:2.6.18-8.1.10.el5 https://www.cve.org/CVERecord?id=CVE-2007-3739 https://nvd.nist.gov/vuln/detail/CVE-2007-3739 Important 2007-06-08T00:00:00 CIFS should honor umask

The CIFS filesystem in the Linux kernel before 2.6.22, when Unix extension support is enabled, does not honor the umask of a process, which allows local users to gain privileges.

This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 2.1 or 3. Red Hat Enterprise Linux 4 2007-11-01T00:00:00 RHSA-2007:0939 kernel-0:2.6.9-55.0.12.EL Red Hat Enterprise Linux 5 2007-09-13T00:00:00 RHSA-2007:0705 kernel-0:2.6.18-8.1.10.el5 https://www.cve.org/CVERecord?id=CVE-2007-3740 https://nvd.nist.gov/vuln/detail/CVE-2007-3740 Moderate 2007-07-09T00:00:00 Gimp image loader multiple input validation flaws CWE-20

The (1) psp (aka .tub), (2) bmp, (3) pcx, and (4) psd plugins in gimp allow user-assisted remote attackers to cause a denial of service (crash or memory consumption) via crafted image files, as discovered using the fusil fuzzing tool.

Red Hat Enterprise Linux 2.1 2007-09-26T00:00:00 RHSA-2007:0513 gimp-1:1.2.1-7.8.el2_1 Red Hat Enterprise Linux 3 2007-09-26T00:00:00 RHSA-2007:0513 gimp-1:1.2.3-20.9.el3 Red Hat Enterprise Linux 4 2007-09-26T00:00:00 RHSA-2007:0513 gimp-1:2.0.5-7.0.7.el4 Red Hat Enterprise Linux 5 2007-09-26T00:00:00 RHSA-2007:0513 gimp-2:2.2.13-2.0.7.el5 https://www.cve.org/CVERecord?id=CVE-2007-3741 https://nvd.nist.gov/vuln/detail/CVE-2007-3741 Important 2007-07-04T00:00:00 mysql malformed password crasher

MySQL Community Server before 5.0.45 allows remote attackers to cause a denial of service (daemon crash) via a malformed password packet in the connection protocol.

Red Hat Enterprise Linux 4 2007-08-30T00:00:00 RHSA-2007:0875 mysql-0:4.1.20-2.RHEL4.1.0.1 Red Hat Enterprise Linux 5 2007-08-30T00:00:00 RHSA-2007:0875 mysql-0:5.0.22-2.1.0.1 Red Hat Web Application Stack for RHEL 4 2007-09-10T00:00:00 RHSA-2007:0894 mysql-0:5.0.44-1.el4s1.1 https://www.cve.org/CVERecord?id=CVE-2007-3780 https://nvd.nist.gov/vuln/detail/CVE-2007-3780 Low 2007-07-04T00:00:00 New release of MySQL fixes security bugs

MySQL Community Server before 5.0.45 does not require privileges such as SELECT for the source table in a CREATE TABLE LIKE statement, which allows remote authenticated users to obtain sensitive information such as the table structure.

Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=248553 The Red Hat Product Security has rated this issue as having low security impact, a future update may address this flaw. Red Hat Enterprise Linux 5 2008-05-20T00:00:00 RHSA-2008:0364 mysql-0:5.0.45-7.el5 Red Hat Web Application Stack for RHEL 4 2007-09-10T00:00:00 RHSA-2007:0894 mysql-0:5.0.44-1.el4s1.1 https://www.cve.org/CVERecord?id=CVE-2007-3781 https://nvd.nist.gov/vuln/detail/CVE-2007-3781 Low 2007-07-04T00:00:00 New release of MySQL fixes security bugs

MySQL Community Server before 5.0.45 allows remote authenticated users to gain update privileges for a table in another database via a view that refers to this external table.

Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=248553 The Red Hat Product Security has rated this issue as having low security impact, a future update may address this flaw. Red Hat Enterprise Linux 5 2008-05-20T00:00:00 RHSA-2008:0364 mysql-0:5.0.45-7.el5 Red Hat Web Application Stack for RHEL 4 2007-09-10T00:00:00 RHSA-2007:0894 mysql-0:5.0.44-1.el4s1.1 https://www.cve.org/CVERecord?id=CVE-2007-3782 https://nvd.nist.gov/vuln/detail/CVE-2007-3782

The com_print_typeinfo function in the bz2 extension in PHP 5.2.3 allows context-dependent attackers to cause a denial of service via a long argument.

Not vulnerable. This flaw is specific to PHP on Windows. https://www.cve.org/CVERecord?id=CVE-2007-3790 https://nvd.nist.gov/vuln/detail/CVE-2007-3790 Low 2007-07-10T00:00:00 tcpdump BGP integer overflow CWE-190

Integer overflow in print-bgp.c in the BGP dissector in tcpdump 3.9.6 and earlier allows remote attackers to execute arbitrary code via crafted TLVs in a BGP packet, related to an unchecked return value.

This issue does not affect the version of tcpdump shipped in Red Hat Enterprise Linux 2.1 or 3. Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=250275 The Red Hat Product Security has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: https://access.redhat.com/security/updates/classification/ Red Hat Enterprise Linux 4 2007-11-15T00:00:00 RHSA-2007:0387 tcpdump-14:3.8.2-12.el4 Red Hat Enterprise Linux 5 2007-11-07T00:00:00 RHSA-2007:0368 tcpdump-14:3.9.4-11.el5 https://www.cve.org/CVERecord?id=CVE-2007-3798 https://nvd.nist.gov/vuln/detail/CVE-2007-3798 Low 2007-06-01T00:00:00 php cross-site cookie insertion

The session_start function in ext/session in PHP 4.x up to 4.4.7 and 5.x up to 5.2.3 allows remote attackers to insert arbitrary attributes into the session cookie via special characters in a cookie that is obtained from (1) PATH_INFO, (2) the session_id function, and (3) the session_start function, which are not encoded or filtered when the new session cookie is generated, a related issue to CVE-2006-0207.

Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2007-3799 The Red Hat Product Security has rated this issue as having low security impact, a future update may address this flaw. Red Hat Enterprise Linux 2.1 2007-10-23T00:00:00 RHSA-2007:0888 php-0:4.1.2-2.19 Red Hat Enterprise Linux 3 2007-09-26T00:00:00 RHSA-2007:0889 php-0:4.3.2-43.ent Red Hat Enterprise Linux 4 2007-09-20T00:00:00 RHSA-2007:0890 php-0:4.3.9-3.22.9 Red Hat Enterprise Linux 5 2007-09-20T00:00:00 RHSA-2007:0890 php-0:5.1.6-15.el5 Red Hat Web Application Stack for RHEL 4 2007-10-25T00:00:00 RHSA-2007:0891 php-0:5.1.6-3.el4s1.8 https://www.cve.org/CVERecord?id=CVE-2007-3799 https://nvd.nist.gov/vuln/detail/CVE-2007-3799 php invalid read in glob

The glob function in PHP 5.2.3 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via an invalid value of the flags parameter, probably related to memory corruption or an invalid read on win32 platforms, and possibly related to lack of initialization for a glob structure.

Not vulnerable. This issue only affected PHP on Windows platforms. https://www.cve.org/CVERecord?id=CVE-2007-3806 https://nvd.nist.gov/vuln/detail/CVE-2007-3806 Low 2007-07-14T00:00:00 Spoofing of URI possible in Konqueror's address bar

konqueror/konq_combo.cc in Konqueror 3.5.7 allows remote attackers to spoof the data: URI scheme in the address bar via a long URI with trailing whitespace, which prevents the beginning of the URI from being displayed.

This issue did not affect Red Hat Enterprise Linux 2.1 or 3. For Red Hat Enterprise Linux 4 and 5, Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=248537 The Red Hat Product Security has rated this issue as having low security impact, a future update may address this flaw. Red Hat Enterprise Linux 4 2007-10-08T00:00:00 RHSA-2007:0905 kdebase-6:3.3.1-6.el4 Red Hat Enterprise Linux 4 2007-10-08T00:00:00 RHSA-2007:0909 kdelibs-6:3.3.1-9.el4 Red Hat Enterprise Linux 5 2007-10-08T00:00:00 RHSA-2007:0905 kdebase-6:3.5.4-15.el5 Red Hat Enterprise Linux 5 2007-10-08T00:00:00 RHSA-2007:0909 kdelibs-6:3.5.4-13.el5 https://www.cve.org/CVERecord?id=CVE-2007-3820 https://nvd.nist.gov/vuln/detail/CVE-2007-3820 Low 2006-07-21T00:00:00 security flaw

Cross-site scripting (XSS) vulnerability in Ex Libris MetaLib 3.13 and 4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to a resource id that can be discovered through a search.

https://www.cve.org/CVERecord?id=CVE-2007-3835 https://nvd.nist.gov/vuln/detail/CVE-2007-3835 Low 2007-06-08T00:00:00 CIFS signing sec= mount options don't work correctly

The Linux kernel before 2.6.23-rc1 checks the wrong global variable for the CIFS sec mount option, which might allow remote attackers to spoof CIFS network traffic that the client configured for security signatures, as demonstrated by lack of signing despite sec=ntlmv2i in a SetupAndX request.

This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 2.1 or 3. Red Hat Enterprise Linux 4 2007-11-01T00:00:00 RHSA-2007:0939 kernel-0:2.6.9-55.0.12.EL Red Hat Enterprise Linux 5 2007-09-13T00:00:00 RHSA-2007:0705 kernel-0:2.6.18-8.1.10.el5 https://www.cve.org/CVERecord?id=CVE-2007-3843 https://nvd.nist.gov/vuln/detail/CVE-2007-3843 Moderate 2007-07-31T00:00:00 about: blank windows

Mozilla Firefox 2.0.0.5, Thunderbird 2.0.0.5 and before 1.5.0.13, and SeaMonkey 1.1.3 allows remote attackers to conduct cross-site scripting (XSS) attacks with chrome privileges via an addon that inserts a (1) javascript: or (2) data: link into an about:blank document loaded by chrome via (a) the window.open function or (b) a content.location assignment, aka "Cross Context Scripting." NOTE: this issue is caused by a CVE-2007-3089 regression.

Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=250648 The Red Hat Product Security has rated this issue as having moderate security impact, a future update may address this flaw. Red Hat Enterprise Linux 2.1 2007-10-19T00:00:00 RHSA-2007:0980 seamonkey-0:1.0.9-0.6.el2 Red Hat Enterprise Linux 3 2007-10-19T00:00:00 RHSA-2007:0980 seamonkey-0:1.0.9-0.5.el3 Red Hat Enterprise Linux 4 2007-10-19T00:00:00 RHSA-2007:0979 firefox-0:1.5.0.12-0.7.el4 Red Hat Enterprise Linux 4 2007-10-19T00:00:00 RHSA-2007:0980 seamonkey-0:1.0.9-6.el4 Red Hat Enterprise Linux 4 2007-10-19T00:00:00 RHSA-2007:0981 thunderbird-0:1.5.0.12-0.5.el4 Red Hat Enterprise Linux 5 2007-10-19T00:00:00 RHSA-2007:0979 firefox-0:1.5.0.12-6.el5 Red Hat Enterprise Linux 5 2007-10-19T00:00:00 RHSA-2007:0981 thunderbird-0:1.5.0.12-5.el5 https://www.cve.org/CVERecord?id=CVE-2007-3844 https://nvd.nist.gov/vuln/detail/CVE-2007-3844 Critical 2008-07-30T00:00:00 Mozilla: Unescaped URIs passed to external programs 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CWE-150

Mozilla Firefox before 2.0.0.6, Thunderbird before 1.5.0.13 and 2.x before 2.0.0.6, and SeaMonkey before 1.1.4 allow remote attackers to execute arbitrary commands via certain vectors associated with launching "a file handling program based on the file extension at the end of the URI," a variant of CVE-2007-4041. NOTE: the vendor states that "it is still possible to launch a filetype handler based on extension rather than the registered protocol handler."

The Mozilla Foundation Security Advisory describes this flaw as: Jesper Johansson pointed out that Mozilla did not percent-encode spaces and double-quotes in URIs handed off to external programs for handling, which can cause the receiving program to mistakenly interpret a single URI as multiple arguments. The danger depends on the arguments supported by the specific receiving program, though at the very least we know Firefox (and Thunderbird) 2.0.0.4 and older could be used to run arbitrary script (see MFSA 2007-23). The vast majority of programs do not have dangerous arguments, though many could still be made to do something unexpected.

Not vulnerable. This issue does not affect the versions of Firefox or Thunderbird as shipped with Red Hat Enterprise Linux. Red Hat Enterprise Linux 6 Not affected firefox Red Hat Enterprise Linux 6 Not affected thunderbird Red Hat Enterprise Linux 7 Not affected firefox Red Hat Enterprise Linux 7 Not affected thunderbird Red Hat Enterprise Linux 8 Not affected firefox Red Hat Enterprise Linux 8 Not affected thunderbird Red Hat Enterprise Linux 9 Not affected firefox Red Hat Enterprise Linux 9 Not affected thunderbird https://www.cve.org/CVERecord?id=CVE-2007-3845 https://nvd.nist.gov/vuln/detail/CVE-2007-3845 https://www.mozilla.org/en-US/security/advisories/mfsa2007-27/ Moderate 2007-08-01T00:00:00 httpd: out of bounds read CWE-125

The date handling code in modules/proxy/proxy_util.c (mod_proxy) in Apache 2.3.0, when using a threaded MPM, allows remote origin servers to cause a denial of service (caching forward proxy process crash) via crafted date headers that trigger a buffer over-read.

Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 ant-0:1.6.5-1jpp_1rh Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 avalon-logkit-0:1.2-2jpp_4rh Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 axis-0:1.2.1-1jpp_3rh Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 classpathx-jaf-0:1.0-2jpp_6rh Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 classpathx-mail-0:1.1.1-2jpp_8rh Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 geronimo-specs-0:1.0-0.M4.1jpp_10rh Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 jakarta-commons-modeler-0:2.0-3jpp_2rh Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 log4j-0:1.2.12-1jpp_1rh Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 mx4j-1:3.0.1-1jpp_4rh Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 pcsc-lite-0:1.3.3-3.el4 Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 rhpki-ca-0:7.3.0-20.el4 Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 rhpki-java-tools-0:7.3.0-10.el4 Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 rhpki-kra-0:7.3.0-14.el4 Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 rhpki-manage-0:7.3.0-19.el4 Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 rhpki-native-tools-0:7.3.0-6.el4 Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 rhpki-ocsp-0:7.3.0-13.el4 Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 rhpki-tks-0:7.3.0-13.el4 Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 tomcat5-0:5.5.23-0jpp_4rh.16 Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 xerces-j2-0:2.7.1-1jpp_1rh Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 xml-commons-0:1.3.02-2jpp_1rh Red Hat Enterprise Linux 3 2008-01-15T00:00:00 RHSA-2008:0005 httpd-0:2.0.46-70.ent Red Hat Enterprise Linux 4 2007-11-15T00:00:00 RHSA-2007:0747 httpd-0:2.0.52-38.ent Red Hat Enterprise Linux 5 2007-11-07T00:00:00 RHSA-2007:0746 httpd-0:2.2.3-11.el5 Red Hat Web Application Stack for RHEL 4 2007-10-25T00:00:00 RHSA-2007:0911 httpd-0:2.0.59-1.el4s1.8 https://www.cve.org/CVERecord?id=CVE-2007-3847 https://nvd.nist.gov/vuln/detail/CVE-2007-3847 Important 2007-08-14T00:00:00 Privilege escalation via PR_SET_PDEATHSIG

Linux kernel 2.4.35 and other versions allows local users to send arbitrary signals to a child process that is running at higher privileges by causing a setuid-root parent process to die, which delivers an attacker-controlled parent process death signal (PR_SET_PDEATHSIG).

Red Hat Enterprise Linux 2.1 2009-01-05T00:00:00 RHSA-2008:0787 kernel-0:2.4.18-e.67 Red Hat Enterprise Linux 2.1 2009-01-08T00:00:00 RHSA-2009:0001 kernel-0:2.4.9-e.74 Red Hat Enterprise Linux 3 2007-12-03T00:00:00 RHSA-2007:1049 kernel-0:2.4.21-53.EL Red Hat Enterprise Linux 4 2007-11-01T00:00:00 RHSA-2007:0939 kernel-0:2.6.9-55.0.12.EL Red Hat Enterprise Linux 5 2007-10-22T00:00:00 RHSA-2007:0940 kernel-0:2.6.18-8.1.15.el5 https://www.cve.org/CVERecord?id=CVE-2007-3848 https://nvd.nist.gov/vuln/detail/CVE-2007-3848 Moderate 2007-09-04T00:00:00 Rebase aide to 0.13.1

Red Hat Enterprise Linux (RHEL) 5 ships the rpm for the Advanced Intrusion Detection Environment (AIDE) before 0.13.1 with a database that lacks checksum information, which allows context-dependent attackers to bypass file integrity checks and modify certain files.

Red Hat Enterprise Linux 5 2007-09-04T00:00:00 RHSA-2007:0539 aide-0:0.13.1-2.0.4.el5 https://www.cve.org/CVERecord?id=CVE-2007-3849 https://nvd.nist.gov/vuln/detail/CVE-2007-3849 Moderate 2007-04-03T00:00:00 kernel LTC31426-4k page mapping support for userspace in 64k kernels

The eHCA driver in Linux kernel 2.6 before 2.6.22, when running on PowerPC, does not properly map userspace resources, which allows local users to read portions of physical address space.

Red Hat Enterprise Linux 5 2007-10-22T00:00:00 RHSA-2007:0940 kernel-0:2.6.18-8.1.15.el5 https://www.cve.org/CVERecord?id=CVE-2007-3850 https://nvd.nist.gov/vuln/detail/CVE-2007-3850 Important 2007-08-07T00:00:00 i965 DRM allows insecure packets

The drm/i915 component in the Linux kernel before 2.6.22.2, when used with i965G and later chipsets, allows local users with access to an X11 session and Direct Rendering Manager (DRM) to write to arbitrary memory locations and gain privileges via a crafted batchbuffer.

Red Hat Enterprise Linux 5 2007-09-13T00:00:00 RHSA-2007:0705 kernel-0:2.6.18-8.1.10.el5 https://www.cve.org/CVERecord?id=CVE-2007-3851 https://nvd.nist.gov/vuln/detail/CVE-2007-3851 Low 2007-08-10T00:00:00 sysstat insecure temporary file usage 1.9 AV:L/AC:M/Au:N/C:N/I:P/A:N CWE-377

The init script (sysstat.in) in sysstat 5.1.2 up to 7.1.6 creates /tmp/sysstat.run insecurely, which allows local users to execute arbitrary code.

This issue did not affect the versions of sysstat as shipped with Red Hat Enterprise Linux 4. This issue has been addressed in Red Hat Enterprise Linux 5 via RHSA-2011:1005 advisory. Red Hat Enterprise Linux 5 2011-07-21T00:00:00 RHSA-2011:1005 sysstat-0:7.0.2-11.el5 https://www.cve.org/CVERecord?id=CVE-2007-3852 https://nvd.nist.gov/vuln/detail/CVE-2007-3852 Low 2007-10-23T00:00:00 xen xenmon.py / xenbaked insecure temporary file accesss CWE-377

(1) xenbaked and (2) xenmon.py in Xen 3.1 and earlier allow local users to truncate arbitrary files via a symlink attack on /tmp/xenq-shm.

The Red Hat Product Security has rated this issue as having low security impact, a future update may address this flaw. Red Hat Enterprise Linux 5 2008-05-13T00:00:00 RHSA-2008:0194 xen-0:3.0.3-41.el5_1.5 https://www.cve.org/CVERecord?id=CVE-2007-3919 https://nvd.nist.gov/vuln/detail/CVE-2007-3919 Low 2007-10-19T00:00:00 gnome-screensaver loses keyboard grab when running under compiz

GNOME screensaver 2.20 in Ubuntu 7.10, when used with Compiz, does not properly reserve input focus, which allows attackers with physical access to take control of the session after entering an Alt-Tab sequence, a related issue to CVE-2007-3069.

Red Hat Enterprise Linux 5 2008-05-19T00:00:00 RHSA-2008:0485 compiz-0:0.0.13-0.37.20060817git.el5 https://www.cve.org/CVERecord?id=CVE-2007-3920 https://nvd.nist.gov/vuln/detail/CVE-2007-3920 Moderate 2007-07-18T00:00:00 Vulnerability in the Java Runtime Environment May Allow an Untrusted Applet to Circumvent Network Access Restrictions

Unspecified vulnerability in the Java Runtime Environment (JRE) Applet Class Loader in Sun JDK and JRE 5.0 Update 11 and earlier, 6 through 6 Update 1, and SDK and JRE 1.4.2_14 and earlier, allows remote attackers to violate the security model for an applet's outbound connections by connecting to certain localhost services running on the machine that loaded the applet.

Extras for RHEL 4 2007-08-06T00:00:00 RHSA-2007:0818 java-1.5.0-sun-0:1.5.0.12-1jpp.2.el4 Extras for RHEL 4 2007-08-07T00:00:00 RHSA-2007:0829 java-1.5.0-ibm-1:1.5.0.5-1jpp.2.el4 Red Hat Enterprise Linux 2.1 2008-06-24T00:00:00 RHSA-2008:0133 IBMJava2-JRE-1:1.3.1-17 Red Hat Enterprise Linux 2.1 2008-06-24T00:00:00 RHSA-2008:0133 IBMJava2-SDK-1:1.3.1-17 Supplementary for Red Hat Enterprise Linux 5 2007-08-07T00:00:00 RHSA-2007:0829 java-1.5.0-ibm-1:1.5.0.5-1jpp.0.1.el5 https://www.cve.org/CVERecord?id=CVE-2007-3922 https://nvd.nist.gov/vuln/detail/CVE-2007-3922 2007-07-19T00:00:00 fsplib off-by-one error CWE-193

Off-by-one error in the fsp_readdir_r function in fsplib.c in fsplib before 0.9 allows remote attackers to cause a denial of service via a directory entry whose length is exactly MAXNAMELEN, which prevents a terminating null byte from being added.

Red Hat does not consider a user assisted client crash such as this to be a security flaw. https://www.cve.org/CVERecord?id=CVE-2007-3961 https://nvd.nist.gov/vuln/detail/CVE-2007-3961 2007-07-19T00:00:00 fsplib multiple buffer overflows

Multiple stack-based buffer overflows in fsplib.c in fsplib before 0.9 might allow remote attackers to execute arbitrary code via (1) a long filename that is not properly handled by the fsp_readdir_native function when MAXNAMLEN is greater than 255, or (2) a long d_name directory (dirent) field in the fsp_readdir function.

Not vulnerable. fsplib is part of gftp in Red Hat Enterprise Linux 5, but this issue does not affect Linux. https://www.cve.org/CVERecord?id=CVE-2007-3962 https://nvd.nist.gov/vuln/detail/CVE-2007-3962 Moderate 2007-08-30T00:00:00 php multiple integer overflows in gd CWE-190

Multiple integer overflows in libgd in PHP before 5.2.4 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large (1) srcW or (2) srcH value to the (a) gdImageCopyResized function, or a large (3) sy (height) or (4) sx (width) value to the (b) gdImageCreate or the (c) gdImageCreateTrueColor function.

Red Hat Enterprise Linux 2.1 2007-10-23T00:00:00 RHSA-2007:0888 php-0:4.1.2-2.19 Red Hat Enterprise Linux 3 2007-09-26T00:00:00 RHSA-2007:0889 php-0:4.3.2-43.ent Red Hat Enterprise Linux 4 2007-09-20T00:00:00 RHSA-2007:0890 php-0:4.3.9-3.22.9 Red Hat Enterprise Linux 5 2007-09-20T00:00:00 RHSA-2007:0890 php-0:5.1.6-15.el5 Red Hat Web Application Stack for RHEL 4 2007-10-25T00:00:00 RHSA-2007:0891 php-0:5.1.6-3.el4s1.8 https://www.cve.org/CVERecord?id=CVE-2007-3996 https://nvd.nist.gov/vuln/detail/CVE-2007-3996 php safe_mode bypass with MySQL INFILE LOCAL

The (1) MySQL and (2) MySQLi extensions in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, allow remote attackers to bypass safe_mode and open_basedir restrictions via MySQL LOCAL INFILE operations, as demonstrated by a query with LOAD DATA LOCAL INFILE.

We do not consider these to be security issues. For more details see https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1 and https://www.php.net/security-note.php https://www.cve.org/CVERecord?id=CVE-2007-3997 https://nvd.nist.gov/vuln/detail/CVE-2007-3997 Low 2007-08-30T00:00:00 php floating point exception inside wordwrap

The wordwrap function in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, does not properly use the breakcharlen variable, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash, or infinite loop) via certain arguments, as demonstrated by a 'chr(0), 0, ""' argument set.

This issue did not affect the versions of PHP as shipped with Red Hat Enterprise Linux 2.1. Red Hat Enterprise Linux 3 2007-09-26T00:00:00 RHSA-2007:0889 php-0:4.3.2-43.ent Red Hat Enterprise Linux 4 2007-09-20T00:00:00 RHSA-2007:0890 php-0:4.3.9-3.22.9 Red Hat Enterprise Linux 5 2007-09-20T00:00:00 RHSA-2007:0890 php-0:5.1.6-15.el5 Red Hat Web Application Stack for RHEL 4 2007-10-25T00:00:00 RHSA-2007:0891 php-0:5.1.6-3.el4s1.8 https://www.cve.org/CVERecord?id=CVE-2007-3998 https://nvd.nist.gov/vuln/detail/CVE-2007-3998 Important 2007-09-04T19:00:00 krb5 RPC library buffer overflow

Stack-based buffer overflow in the svcauth_gss_validate function in lib/rpc/svc_auth_gss.c in the RPCSEC_GSS RPC library (librpcsecgss) in MIT Kerberos 5 (krb5) 1.4 through 1.6.2, as used by the Kerberos administration daemon (kadmind) and some third-party applications that use krb5, allows remote attackers to cause a denial of service (daemon crash) and probably execute arbitrary code via a long string in an RPC message.

Red Hat Enterprise Linux 4 2007-09-19T00:00:00 RHSA-2007:0913 nfs-utils-lib-0:1.0.6-8.z1 Red Hat Enterprise Linux 5 2007-09-04T00:00:00 RHSA-2007:0858 krb5-0:1.5-29 Red Hat Enterprise Linux 5 2007-10-02T00:00:00 RHSA-2007:0951 nfs-utils-lib-0:1.0.8-7.2.z2 https://www.cve.org/CVERecord?id=CVE-2007-3999 https://nvd.nist.gov/vuln/detail/CVE-2007-3999 Important 2007-09-04T19:00:00 krb5 kadmind uninitialized pointer

The kadm5_modify_policy_internal function in lib/kadm5/srv/svr_policy.c in the Kerberos administration daemon (kadmind) in MIT Kerberos 5 (krb5) 1.5 through 1.6.2 does not properly check return values when the policy does not exist, which might allow remote authenticated users with the "modify policy" privilege to execute arbitrary code via unspecified vectors that trigger a write to an uninitialized pointer.

Red Hat Enterprise Linux 5 2007-09-04T00:00:00 RHSA-2007:0858 krb5-0:1.5-29 https://www.cve.org/CVERecord?id=CVE-2007-4000 https://nvd.nist.gov/vuln/detail/CVE-2007-4000 Important 2007-07-26T00:00:00 Multiple libvorbis flaws (CVE-2007-4066, CVE-2007-4029)

libvorbis 1.1.2, and possibly other versions before 1.2.0, allows context-dependent attackers to cause a denial of service via (1) an invalid mapping type, which triggers an out-of-bounds read in the vorbis_info_clear function in info.c, and (2) invalid blocksize values that trigger a segmentation fault in the read function in block.c.

Red Hat Enterprise Linux 2.1 2007-10-11T00:00:00 RHSA-2007:0912 libvorbis-0:1.0rc2-7.el2 Red Hat Enterprise Linux 3 2007-09-19T00:00:00 RHSA-2007:0845 libvorbis-1:1.0-8.el3 Red Hat Enterprise Linux 4 2007-09-19T00:00:00 RHSA-2007:0845 libvorbis-1:1.1.0-2.el4.5 Red Hat Enterprise Linux 5 2007-09-19T00:00:00 RHSA-2007:0845 libvorbis-1:1.1.2-3.el5.0 https://www.cve.org/CVERecord?id=CVE-2007-4029 https://nvd.nist.gov/vuln/detail/CVE-2007-4029 Moderate 2007-07-26T00:00:00 t1lib font filename string overflow

Buffer overflow in the intT1_EnvGetCompletePath function in lib/t1lib/t1env.c in t1lib 5.1.1 allows context-dependent attackers to execute arbitrary code via a long FileName parameter. NOTE: this issue was originally reported to be in the imagepsloadfont function in php_gd2.dll in the gd (PHP_GD2) extension in PHP 5.2.3.

Not vulnerable. Versions of PHP packages as shipped with current Red Hat products are not linked with t1lib. Red Hat Enterprise Linux 2.1 2007-11-07T00:00:00 RHSA-2007:1031 xpdf-1:0.92-19.el2 Red Hat Enterprise Linux 3 2007-11-07T00:00:00 RHSA-2007:1030 xpdf-1:2.02-11.el3 Red Hat Enterprise Linux 4 2007-11-08T00:00:00 RHSA-2007:1027 tetex-0:2.0.2-22.0.1.EL4.10 Red Hat Enterprise Linux 5 2007-11-08T00:00:00 RHSA-2007:1027 tetex-0:3.0-33.2.el5_1.2 https://www.cve.org/CVERecord?id=CVE-2007-4033 https://nvd.nist.gov/vuln/detail/CVE-2007-4033

Argument injection vulnerability in Mozilla Firefox before 2.0.0.5, when running on systems with Thunderbird 1.5 installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a mailto URI, which are inserted into the command line that is created when invoking Thunderbird.exe, a similar issue to CVE-2007-3670.

Not vulnerable. This issue does not affect the versions of Firefox or Thunderbird as shipped with Red Hat Enterprise Linux. https://www.cve.org/CVERecord?id=CVE-2007-4038 https://nvd.nist.gov/vuln/detail/CVE-2007-4038

Argument injection vulnerability involving Mozilla, when certain URIs are registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in an unspecified URI, which are inserted into the command line when invoking the handling process, a similar issue to CVE-2007-3670.

Not vulnerable. This issue does not affect the versions of Firefox or Thunderbird as shipped with Red Hat Enterprise Linux. https://www.cve.org/CVERecord?id=CVE-2007-4039 https://nvd.nist.gov/vuln/detail/CVE-2007-4039 'c' character missing from shell metacharacter whitelist

No description is available for this CVE.

The CVE description for this bug is incorrect. The backported patch for CVE-2007-2447 missed the character c in the shell escaping whitelist of allowed characters, therefore not allowing commands with a c in them to be executed. This is therefore a regression bug and not a security vulnerability. https://www.cve.org/CVERecord?id=CVE-2007-4044 https://nvd.nist.gov/vuln/detail/CVE-2007-4044 Low 2007-07-20T00:00:00 Incomplete fix for CVE-2007-0720 CUPS denial of service

The CUPS service, as used in SUSE Linux before 20070720 and other Linux distributions, allows remote attackers to cause a denial of service via unspecified vectors related to an incomplete fix for CVE-2007-0720 that introduced a different denial of service problem in SSL negotiation.

Red Hat Enterprise Linux 3 2007-11-07T00:00:00 RHSA-2007:1023 cups-1:1.1.17-13.3.46 Red Hat Enterprise Linux 4 2007-11-07T00:00:00 RHSA-2007:1022 cups-1:1.1.22-0.rc1.9.20.2.el4_5.2 https://www.cve.org/CVERecord?id=CVE-2007-4045 https://nvd.nist.gov/vuln/detail/CVE-2007-4045

No description is available for this CVE.

Not vulnerable. This is a rediscovery and therefore a duplicate of CVE-2000-1205 which was corrected in upstream Apache httpd 1.3.11. https://www.cve.org/CVERecord?id=CVE-2007-4049 https://nvd.nist.gov/vuln/detail/CVE-2007-4049 Important 2007-07-26T00:00:00 Multiple libvorbis flaws (CVE-2007-4066, CVE-2007-4029)

lib/vorbisfile.c in libvorbisfile in Xiph.Org libvorbis before 1.2.0 allows context-dependent attackers to cause a denial of service (infinite loop) via a crafted OGG file, aka trac Changeset 13217.

Red Hat Enterprise Linux 2.1 2007-10-11T00:00:00 RHSA-2007:0912 libvorbis-0:1.0rc2-7.el2 Red Hat Enterprise Linux 3 2007-09-19T00:00:00 RHSA-2007:0845 libvorbis-1:1.0-8.el3 Red Hat Enterprise Linux 4 2007-09-19T00:00:00 RHSA-2007:0845 libvorbis-1:1.1.0-2.el4.5 Red Hat Enterprise Linux 5 2007-09-19T00:00:00 RHSA-2007:0845 libvorbis-1:1.1.2-3.el5.0 https://www.cve.org/CVERecord?id=CVE-2007-4065 https://nvd.nist.gov/vuln/detail/CVE-2007-4065 Important 2007-07-26T00:00:00 Multiple libvorbis flaws (CVE-2007-4066, CVE-2007-4029)

Multiple buffer overflows in Xiph.Org libvorbis before 1.2.0 allow context-dependent attackers to cause a denial of service or have other unspecified impact via a crafted OGG file, aka trac Changesets 13162, 13168, 13169, 13170, 13172, 13211, and 13215, as demonstrated by an overflow in oggenc.exe related to the _psy_noiseguards_8 array.

Red Hat Enterprise Linux 2.1 2007-10-11T00:00:00 RHSA-2007:0912 libvorbis-0:1.0rc2-7.el2 Red Hat Enterprise Linux 3 2007-09-19T00:00:00 RHSA-2007:0845 libvorbis-1:1.0-8.el3 Red Hat Enterprise Linux 4 2007-09-19T00:00:00 RHSA-2007:0845 libvorbis-1:1.1.0-2.el4.5 Red Hat Enterprise Linux 5 2007-09-19T00:00:00 RHSA-2007:0845 libvorbis-1:1.1.2-3.el5.0 https://www.cve.org/CVERecord?id=CVE-2007-4066 https://nvd.nist.gov/vuln/detail/CVE-2007-4066 Moderate 2007-08-15T00:00:00 rsync off by one flaw CWE-193

Multiple off-by-one errors in the sender.c in rsync 2.6.9 might allow remote attackers to execute arbitrary code via directory names that are not properly handled when calling the f_name function.

Not vulnerable. This flaw did not affect Red Hat Enterprise Linux 2.1, 3, or 4 due to the version of rsync. This flaw does exist in Red Hat Enterprise Linux 5, but due to the nature of the flaw it is not exploitable with any security consequence due to stack-protector. https://www.cve.org/CVERecord?id=CVE-2007-4091 https://nvd.nist.gov/vuln/detail/CVE-2007-4091 Low 2007-09-06T00:00:00 coolkey file and directory permission flaw

CoolKey 1.1.0 allows local users to overwrite arbitrary files via a symlink attack on temporary files in the /tmp/.pk11ipc1/ directory.

Red Hat Enterprise Linux 5 2007-11-07T00:00:00 RHSA-2007:0631 coolkey-0:1.1.0-5.el5 https://www.cve.org/CVERecord?id=CVE-2007-4129 https://nvd.nist.gov/vuln/detail/CVE-2007-4129 Important 2006-02-01T00:00:00 panic caused by set_mempolicy with MPOL_BIND

The Linux kernel 2.6.9 before 2.6.9-67 in Red Hat Enterprise Linux (RHEL) 4 on Itanium (ia64) does not properly handle page faults during NUMA memory access, which allows local users to cause a denial of service (panic) via invalid arguments to set_mempolicy in an MPOL_BIND operation.

Red Hat Enterprise Linux 4 2008-01-31T00:00:00 RHSA-2008:0055 kernel-0:2.6.9-67.0.4.EL https://www.cve.org/CVERecord?id=CVE-2007-4130 https://nvd.nist.gov/vuln/detail/CVE-2007-4130 Moderate 2007-08-12T00:00:00 tar directory traversal vulnerability

Directory traversal vulnerability in the contains_dot_dot function in src/names.c in GNU tar allows user-assisted remote attackers to overwrite arbitrary files via certain //.. (slash slash dot dot) sequences in directory symlinks in a TAR archive.

Red Hat would like to thank Dmitry V. Levin for reporting this issue. Red Hat Enterprise Linux 4 2007-08-23T00:00:00 RHSA-2007:0860 tar-0:1.14-12.5.1.RHEL4 Red Hat Enterprise Linux 5 2007-08-23T00:00:00 RHSA-2007:0860 tar-2:1.15.1-23.0.1.el5 https://www.cve.org/CVERecord?id=CVE-2007-4131 https://nvd.nist.gov/vuln/detail/CVE-2007-4131 Moderate 2007-08-29T00:00:00 RHN Satellite xmlrpc flaw

Unspecified vulnerability in Red Hat Network Satellite Server 5.0.0 allows remote authenticated users to execute arbitrary code via unknown vectors in a "back-end XMLRPC handler."

Red Hat Network Satellite Server v 5.0 2007-08-29T00:00:00 RHSA-2007:0868 rhns-0:5.0.1-10 https://www.cve.org/CVERecord?id=CVE-2007-4132 https://nvd.nist.gov/vuln/detail/CVE-2007-4132 Moderate 2006-10-28T00:00:00 prio_tree unit kernel panic

The (1) hugetlb_vmtruncate_list and (2) hugetlb_vmtruncate functions in fs/hugetlbfs/inode.c in the Linux kernel before 2.6.19-rc4 perform certain prio_tree calculations using HPAGE_SIZE instead of PAGE_SIZE units, which allows local users to cause a denial of service (panic) via unspecified vectors.

This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, or 4. Red Hat Enterprise Linux 5 2007-10-22T00:00:00 RHSA-2007:0940 kernel-0:2.6.18-8.1.15.el5 https://www.cve.org/CVERecord?id=CVE-2007-4133 https://nvd.nist.gov/vuln/detail/CVE-2007-4133 Moderate 2007-08-21T00:00:00 star directory traversal vulnerability

Directory traversal vulnerability in extract.c in star before 1.5a84 allows user-assisted remote attackers to overwrite arbitrary files via certain //.. (slash slash dot dot) sequences in directory symlinks in a TAR archive.

Red Hat would like to thank Robert Buchholz for reporting this issue. Red Hat Enterprise Linux 3 2007-09-04T00:00:00 RHSA-2007:0873 star-0:1.5a08-5 Red Hat Enterprise Linux 4 2007-09-04T00:00:00 RHSA-2007:0873 star-0:1.5a25-8 Red Hat Enterprise Linux 5 2007-09-04T00:00:00 RHSA-2007:0873 star-0:1.5a75-2 https://www.cve.org/CVERecord?id=CVE-2007-4134 https://nvd.nist.gov/vuln/detail/CVE-2007-4134 Moderate 2007-08-31T00:00:00 nfs-utils-lib NFSv4 user id mapping flaw

The NFSv4 ID mapper (nfsidmap) before 0.17 does not properly handle return values from the getpwnam_r function when performing a username lookup, which can cause it to report a file as being owned by "root" instead of "nobody" if the file exists on the server but not on the client.

Red Hat Enterprise Linux 5 2007-10-02T00:00:00 RHSA-2007:0951 nfs-utils-lib-0:1.0.8-7.2.z2 https://www.cve.org/CVERecord?id=CVE-2007-4135 https://nvd.nist.gov/vuln/detail/CVE-2007-4135 Moderate 2007-10-31T00:00:00 ricci is vulnerable to a connect DoS attack 3.3 AV:A/AC:L/Au:N/C:P/I:N/A:N

The ricci daemon in Red Hat Conga 0.10.0 allows remote attackers to cause a denial of service (loss of new connections) by repeatedly sending data or attempting connections.

CLuster Suite for RHEL 4 2007-11-21T00:00:00 RHSA-2007:0983 conga-0:0.11.0-3 Red Hat Enterprise Linux 5 2007-11-07T00:00:00 RHSA-2007:0640 conga-0:0.10.0-6.el5 https://www.cve.org/CVERecord?id=CVE-2007-4136 https://nvd.nist.gov/vuln/detail/CVE-2007-4136 Important 2007-09-03T00:00:00 QT off by one buffer overflow CWE-193

Off-by-one error in the QUtf8Decoder::toUnicode function in Trolltech Qt 3 allows context-dependent attackers to cause a denial of service (crash) via a crafted Unicode string that triggers a heap-based buffer overflow. NOTE: Qt 4 has the same error in the QUtf8Codec::convertToUnicode function, but it is not exploitable.

Red Hat Enterprise Linux 2.1 2007-09-13T00:00:00 RHSA-2007:0883 qt-1:2.3.1-14.EL2 Red Hat Enterprise Linux 3 2007-09-13T00:00:00 RHSA-2007:0883 qt-1:3.1.2-17.RHEL3 Red Hat Enterprise Linux 4 2007-09-13T00:00:00 RHSA-2007:0883 qt-1:3.3.3-13.RHEL4 Red Hat Enterprise Linux 5 2007-09-13T00:00:00 RHSA-2007:0883 qt-1:3.3.6-23.el5 https://www.cve.org/CVERecord?id=CVE-2007-4137 https://nvd.nist.gov/vuln/detail/CVE-2007-4137 Moderate 2007-09-11T00:00:00 samba incorrect primary group assignment for domain users using the rfc2307 or sfu winbind nss info plugin

The Winbind nss_info extension (nsswitch/idmap_ad.c) in idmap_ad.so in Samba 3.0.25 through 3.0.25c, when the "winbind nss info" option is set to rfc2307 or sfu, grants all local users the privileges of gid 0 when the (1) RFC2307 or (2) Services for UNIX (SFU) primary group attribute is not defined.

Not vulnerable. These issues did not affect the versions of Samba as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5. Red Hat would like to thank Rick King for reporting this issue. Red Hat Enterprise Linux 4 2007-11-15T00:00:00 RHSA-2007:1016 samba-0:3.0.25b-1.el4_6.2 Red Hat Enterprise Linux 5 2007-11-15T00:00:00 RHSA-2007:1017 samba-0:3.0.25b-1.el5_1.2 https://www.cve.org/CVERecord?id=CVE-2007-4138 https://nvd.nist.gov/vuln/detail/CVE-2007-4138 WordPress 2.2.1 wp-admin/upload.php XSS

Cross-site scripting (XSS) vulnerability in the Temporary Uploads editing functionality (wp-admin/includes/upload.php) in WordPress 2.2.1, allows remote attackers to inject arbitrary web script or HTML via the style parameter to wp-admin/upload.php.

https://www.cve.org/CVERecord?id=CVE-2007-4139 https://nvd.nist.gov/vuln/detail/CVE-2007-4139 Low 2007-08-01T00:00:00 Dovecot possible privilege ascalation in ACL plugin

The ACL plugin in Dovecot before 1.0.3 allows remote authenticated users with the insert right to save certain flags via a (1) COPY or (2) APPEND command.

These issues did not affect the dovecot versions as shipped with Red Hat Enterprise Linux 2.1, 3, or 4. Red Hat Enterprise Linux 5 2008-05-20T00:00:00 RHSA-2008:0297 dovecot-0:1.0.7-2.el5 https://www.cve.org/CVERecord?id=CVE-2007-4211 https://nvd.nist.gov/vuln/detail/CVE-2007-4211 Low 2007-08-07T00:00:00 URL spoof in address bar

KDE Konqueror 3.5.7 allows remote attackers to spoof the URL address bar by calling setInterval with a small interval and changing the window.location property.

Red Hat Enterprise Linux 4 2007-10-08T00:00:00 RHSA-2007:0905 kdebase-6:3.3.1-6.el4 Red Hat Enterprise Linux 4 2007-10-08T00:00:00 RHSA-2007:0909 kdelibs-6:3.3.1-9.el4 Red Hat Enterprise Linux 5 2007-10-08T00:00:00 RHSA-2007:0905 kdebase-6:3.5.4-15.el5 Red Hat Enterprise Linux 5 2007-10-08T00:00:00 RHSA-2007:0909 kdelibs-6:3.5.4-13.el5 https://www.cve.org/CVERecord?id=CVE-2007-4224 https://nvd.nist.gov/vuln/detail/CVE-2007-4224

Visual truncation vulnerability in KDE Konqueror 3.5.7 allows remote attackers to spoof the URL address bar via an http URI with a large amount of whitespace in the user/password portion.

Not vulnerable. Not vulnerable. These issues did not affect the versions of konqueror as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5. https://www.cve.org/CVERecord?id=CVE-2007-4225 https://nvd.nist.gov/vuln/detail/CVE-2007-4225

Unspecified vulnerability in KDE Konqueror 3.5.7 and earlier allows remote attackers to cause a denial of service (failed assertion and application crash) via certain malformed HTML, as demonstrated by a document containing TEXTAREA, BUTTON, BR, BDO, PRE, FRAMESET, and A tags. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Red Hat does not consider a crash of a client application such as Konqueror to be a security flaw. https://www.cve.org/CVERecord?id=CVE-2007-4229 https://nvd.nist.gov/vuln/detail/CVE-2007-4229 OpenOffice crashes upon opening certain files

OpenOffice.org (OOo) 2.2 does not properly handle files with multiple extensions, which allows user-assisted remote attackers to cause a denial of service.

Red Hat does not consider this flaw a security issue. This flaw will only crash OpenOffice.org if a victim opens a malicious document. https://www.cve.org/CVERecord?id=CVE-2007-4251 https://nvd.nist.gov/vuln/detail/CVE-2007-4251

Buffer overflow in the mSQL extension in PHP 5.2.3 allows context-dependent attackers to execute arbitrary code via a long first argument to the msql_connect function.

Not vulnerable. PHP packages as shipped with Red Hat Enterprise Linux versions 2.1, 3, 4, and 5 are not compiled with msql library and are not vulnerable to this issue. https://www.cve.org/CVERecord?id=CVE-2007-4255 https://nvd.nist.gov/vuln/detail/CVE-2007-4255 Moderate 2007-07-23T00:00:00 kernel: Missing ioctl() permission checks in aacraid driver

The (1) aac_cfg_open and (2) aac_compat_ioctl functions in the SCSI layer ioctl path in aacraid in the Linux kernel before 2.6.23-rc2 do not check permissions for ioctls, which might allow local users to cause a denial of service or gain privileges.

Red Hat Enterprise Linux 2.1 2009-01-05T00:00:00 RHSA-2008:0787 kernel-0:2.4.18-e.67 Red Hat Enterprise Linux 2.1 2009-01-08T00:00:00 RHSA-2009:0001 kernel-0:2.4.9-e.74 Red Hat Enterprise Linux 3 2007-12-03T00:00:00 RHSA-2007:1049 kernel-0:2.4.21-53.EL Red Hat Enterprise Linux 4 2007-11-01T00:00:00 RHSA-2007:0939 kernel-0:2.6.9-55.0.12.EL Red Hat Enterprise Linux 5 2007-10-22T00:00:00 RHSA-2007:0940 kernel-0:2.6.18-8.1.15.el5 https://www.cve.org/CVERecord?id=CVE-2007-4308 https://nvd.nist.gov/vuln/detail/CVE-2007-4308 Moderate 2007-08-09T00:00:00 Flash movie can determine whether a TCP port is open

ActionScript 3 (AS3) in Adobe Flash Player 9.0.47.0, and other versions and other 9.0.124.0 and earlier versions, allows remote attackers to bypass the Security Sandbox Model, obtain sensitive information, and port scan arbitrary hosts via a Flash (SWF) movie that specifies a connection to make, then uses timing discrepancies from the SecurityErrorEvent error to determine whether a port is open or not. NOTE: 9.0.115.0 introduces support for a workaround, but does not fix the vulnerability.

Extras for RHEL 3 2007-12-18T00:00:00 RHSA-2007:1126 flash-plugin-0:9.0.115.0-1.el3.with.oss Extras for RHEL 3 2008-11-12T00:00:00 RHSA-2008:0980 flash-plugin-0:9.0.151.0-1.el3.with.oss Extras for RHEL 4 2007-12-18T00:00:00 RHSA-2007:1126 flash-plugin-0:9.0.115.0-1.el4 Extras for RHEL 4 2008-11-12T00:00:00 RHSA-2008:0980 flash-plugin-0:9.0.151.0-1.el4 Supplementary for Red Hat Enterprise Linux 5 2007-12-18T00:00:00 RHSA-2007:1126 flash-plugin-0:9.0.115.0-1.el5 Supplementary for Red Hat Enterprise Linux 5 2008-10-28T00:00:00 RHSA-2008:0945 flash-plugin-0:10.0.12.36-2.el5 https://www.cve.org/CVERecord?id=CVE-2007-4324 https://nvd.nist.gov/vuln/detail/CVE-2007-4324 Important 2007-10-31T00:00:00 cups boundary error

Off-by-one error in the ippReadIO function in cups/ipp.c in CUPS 1.3.3 allows remote attackers to cause a denial of service (crash) via a crafted (1) textWithLanguage or (2) nameWithLanguage Internet Printing Protocol (IPP) tag, leading to a stack-based buffer overflow.

Vulnerable. This issue affected the CUPS packages in Red Hat Enterprise Linux 5. This issue also affected the versions of CUPS packages in Red Hat Enterprise Linux 3 and 4, but exploitation would only lead to a possible denial of service. Red Hat would like to thank Alin Rad Pop for reporting this issue. Red Hat Enterprise Linux 3 2007-11-07T00:00:00 RHSA-2007:1023 cups-1:1.1.17-13.3.46 Red Hat Enterprise Linux 4 2007-11-07T00:00:00 RHSA-2007:1022 cups-1:1.1.22-0.rc1.9.20.2.el4_5.2 Red Hat Enterprise Linux 5 2007-10-31T00:00:00 RHSA-2007:1020 cups-1:1.2.4-11.14.el5_1.1 https://www.cve.org/CVERecord?id=CVE-2007-4351 https://nvd.nist.gov/vuln/detail/CVE-2007-4351 Important 2007-11-07T00:00:00 DCTStream:: readProgressiveDataUnit()

Array index error in the DCTStream::readProgressiveDataUnit method in xpdf/Stream.cc in Xpdf 3.02pl1, as used in poppler, teTeX, KDE, KOffice, CUPS, and other products, allows remote attackers to trigger memory corruption and execute arbitrary code via a crafted PDF file.

Red Hat Enterprise Linux 3 2007-11-07T00:00:00 RHSA-2007:1030 xpdf-1:2.02-11.el3 Red Hat Enterprise Linux 4 2007-11-07T00:00:00 RHSA-2007:1022 cups-1:1.1.22-0.rc1.9.20.2.el4_5.2 Red Hat Enterprise Linux 4 2007-11-12T00:00:00 RHSA-2007:1024 kdegraphics-7:3.3.1-6.el4_5 Red Hat Enterprise Linux 4 2007-11-07T00:00:00 RHSA-2007:1025 gpdf-0:2.8.2-7.7.1 Red Hat Enterprise Linux 4 2007-11-08T00:00:00 RHSA-2007:1027 tetex-0:2.0.2-22.0.1.EL4.10 Red Hat Enterprise Linux 4 2007-11-07T00:00:00 RHSA-2007:1029 xpdf-1:3.00-14.el4 Red Hat Enterprise Linux 5 2007-11-07T00:00:00 RHSA-2007:1021 cups-1:1.2.4-11.14.el5_1.3 Red Hat Enterprise Linux 5 2007-11-07T00:00:00 RHSA-2007:1026 poppler-0:0.5.4-4.3.el5_1 Red Hat Enterprise Linux 5 2007-11-08T00:00:00 RHSA-2007:1027 tetex-0:3.0-33.2.el5_1.2 https://www.cve.org/CVERecord?id=CVE-2007-4352 https://nvd.nist.gov/vuln/detail/CVE-2007-4352 Critical 2007-08-15T00:00:00 java: Vulnerability in the font parsing code

Unspecified vulnerability in the font parsing implementation in Sun JDK and JRE 5.0 Update 9 and earlier, and SDK and JRE 1.4.2_14 and earlier, allows remote attackers to perform unauthorized actions via an applet that grants certain privileges to itself.

Extras for RHEL 3 2008-03-11T00:00:00 RHSA-2008:0100 java-1.4.2-bea-0:1.4.2.16-1jpp.1.el3 Extras for RHEL 3 2008-02-14T00:00:00 RHSA-2008:0132 java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3 Extras for RHEL 4 2007-08-07T00:00:00 RHSA-2007:0829 java-1.5.0-ibm-1:1.5.0.5-1jpp.2.el4 Extras for RHEL 4 2007-12-12T00:00:00 RHSA-2007:1086 java-1.4.2-bea-0:1.4.2.15-1jpp.2.el4 Extras for RHEL 4 2008-02-14T00:00:00 RHSA-2008:0132 java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4 Supplementary for Red Hat Enterprise Linux 5 2007-08-07T00:00:00 RHSA-2007:0829 java-1.5.0-ibm-1:1.5.0.5-1jpp.0.1.el5 Supplementary for Red Hat Enterprise Linux 5 2007-10-16T00:00:00 RHSA-2007:0956 java-1.5.0-bea-0:1.5.0.11-1jpp.1.el5 Supplementary for Red Hat Enterprise Linux 5 2008-03-11T00:00:00 RHSA-2008:0100 java-1.4.2-bea-0:1.4.2.16-1jpp.1.el5 Supplementary for Red Hat Enterprise Linux 5 2008-02-14T00:00:00 RHSA-2008:0132 java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el5 https://www.cve.org/CVERecord?id=CVE-2007-4381 https://nvd.nist.gov/vuln/detail/CVE-2007-4381 Low konversation: Command injection in media script via crafted song tag

CRLF injection vulnerability in the included media script in Konversation allows user-assisted remote attackers to execute arbitrary IRC commands via CRLF sequences in the name of the song in a .mp3 file.

https://www.cve.org/CVERecord?id=CVE-2007-4400 https://nvd.nist.gov/vuln/detail/CVE-2007-4400 Low 2007-09-13T00:00:00 mod_autoindex XSS CWE-79

Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that this issue is due to a design limitation of browsers that attempt to perform automatic content type detection.

This is actually a flaw in browsers that do not derive the response character set as required by RFC 2616. This does not affect the default configuration of Apache httpd in Red Hat products and will only affect customers who have removed the "AddDefaultCharset" directive and are using directory indexes. The Red Hat Product Security has rated this issue as having low security impact, a future update may address this flaw. Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 ant-0:1.6.5-1jpp_1rh Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 avalon-logkit-0:1.2-2jpp_4rh Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 axis-0:1.2.1-1jpp_3rh Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 classpathx-jaf-0:1.0-2jpp_6rh Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 classpathx-mail-0:1.1.1-2jpp_8rh Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 geronimo-specs-0:1.0-0.M4.1jpp_10rh Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 jakarta-commons-modeler-0:2.0-3jpp_2rh Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 log4j-0:1.2.12-1jpp_1rh Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 mx4j-1:3.0.1-1jpp_4rh Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 pcsc-lite-0:1.3.3-3.el4 Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 rhpki-ca-0:7.3.0-20.el4 Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 rhpki-java-tools-0:7.3.0-10.el4 Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 rhpki-kra-0:7.3.0-14.el4 Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 rhpki-manage-0:7.3.0-19.el4 Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 rhpki-native-tools-0:7.3.0-6.el4 Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 rhpki-ocsp-0:7.3.0-13.el4 Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 rhpki-tks-0:7.3.0-13.el4 Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 tomcat5-0:5.5.23-0jpp_4rh.16 Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 xerces-j2-0:2.7.1-1jpp_1rh Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 xml-commons-0:1.3.02-2jpp_1rh Red Hat Enterprise Linux 2.1 2008-01-15T00:00:00 RHSA-2008:0004 apache-0:1.3.27-14.ent Red Hat Enterprise Linux 3 2008-01-15T00:00:00 RHSA-2008:0005 httpd-0:2.0.46-70.ent Red Hat Enterprise Linux 4 2008-01-15T00:00:00 RHSA-2008:0006 httpd-0:2.0.52-38.ent.2 Red Hat Enterprise Linux 5 2008-01-15T00:00:00 RHSA-2008:0008 httpd-0:2.2.3-11.el5_1.3 Red Hat Network Proxy v 4.2 (RHEL 3) 2008-06-30T00:00:00 RHSA-2008:0523 jabberd-0:2.0s10-3.37.rhn Red Hat Network Proxy v 4.2 (RHEL 3) 2008-06-30T00:00:00 RHSA-2008:0523 rhn-apache-0:1.3.27-36.rhn.rhel3 Red Hat Network Proxy v 4.2 (RHEL 3) 2008-06-30T00:00:00 RHSA-2008:0523 rhn-modperl-0:1.29-16.rhel3 Red Hat Network Proxy v 4.2 (RHEL 4) 2008-06-30T00:00:00 RHSA-2008:0523 jabberd-0:2.0s10-3.38.rhn Red Hat Network Proxy v 4.2 (RHEL 4) 2008-06-30T00:00:00 RHSA-2008:0523 rhn-apache-0:1.3.27-36.rhn.rhel4 Red Hat Network Proxy v 4.2 (RHEL 4) 2008-06-30T00:00:00 RHSA-2008:0523 rhn-modperl-0:1.29-16.rhel4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 jabberd-0:2.0s10-3.38.rhn Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 jfreechart-0:0.9.20-3.rhn Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 openmotif21-0:2.1.30-11.RHEL4.6 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 perl-Crypt-CBC-0:2.24-1.el4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 rhn-apache-0:1.3.27-36.rhn.rhel4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 rhn-modjk-0:1.2.23-2rhn.rhel4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 rhn-modperl-0:1.29-16.rhel4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 rhn-modssl-0:2.8.12-8.rhn.10.rhel4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 tomcat5-0:5.0.30-0jpp_10rh Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 jabberd-0:2.0s10-3.37.rhn Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 jfreechart-0:0.9.20-3.rhn Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 openmotif21-0:2.1.30-9.RHEL3.8 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 perl-Crypt-CBC-0:2.24-1.el3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 rhn-apache-0:1.3.27-36.rhn.rhel3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 rhn-modjk-0:1.2.23-2rhn.rhel3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 rhn-modperl-0:1.29-16.rhel3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 rhn-modssl-0:2.8.12-8.rhn.10.rhel3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 tomcat5-0:5.0.30-0jpp_10rh Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 jabberd-0:2.0s10-3.38.rhn Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 jfreechart-0:0.9.20-3.rhn Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 openmotif21-0:2.1.30-11.RHEL4.6 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 perl-Crypt-CBC-0:2.24-1.el4 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 rhn-apache-0:1.3.27-36.rhn.rhel4 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 rhn-modjk-0:1.2.23-2rhn.rhel4 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 rhn-modperl-0:1.29-16.rhel4 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 rhn-modssl-0:2.8.12-8.rhn.10.rhel4 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 tomcat5-0:5.0.30-0jpp_10rh Red Hat Web Application Stack for RHEL 4 2007-10-25T00:00:00 RHSA-2007:0911 httpd-0:2.0.59-1.el4s1.8 https://www.cve.org/CVERecord?id=CVE-2007-4465 https://nvd.nist.gov/vuln/detail/CVE-2007-4465 Low 2007-08-17T00:00:00 tar/cpio stack crashing in safer_name_suffix 2.6 AV:N/AC:H/Au:N/C:N/I:N/A:P

Buffer overflow in the safer_name_suffix function in GNU tar has unspecified attack vectors and impact, resulting in a "crashing stack."

This issue did not affect the version of cpio as shipped with Red Hat Enterprise Linux 3 and 4. Red Hat Enterprise Linux 4 2010-03-15T00:00:00 RHSA-2010:0141 tar-0:1.14-13.el4_8.1 Red Hat Enterprise Linux 5 2010-03-15T00:00:00 RHSA-2010:0141 tar-2:1.15.1-23.0.1.el5_4.2 Red Hat Enterprise Linux 5 2010-03-16T00:00:00 RHSA-2010:0144 cpio-0:2.6-23.el5_4.1 https://www.cve.org/CVERecord?id=CVE-2007-4476 https://nvd.nist.gov/vuln/detail/CVE-2007-4476

Multiple buffer overflows in the php_ntuser component for PHP 5.2.3 allow context-dependent attackers to cause a denial of service or execute arbitrary code via long arguments to the (1) ntuser_getuserlist, (2) ntuser_getuserinfo, (3) ntuser_getusergroups, or (4) ntuser_getdomaincontroller functions.

Not vulnerable. This issue did not affect the versions of php as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5, or Red Hat Application Stack 1. https://www.cve.org/CVERecord?id=CVE-2007-4507 https://nvd.nist.gov/vuln/detail/CVE-2007-4507 Moderate 2007-08-24T00:00:00 python: tarfile module directory traversal 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N CWE-22

Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.

A flaw was found in the Python tarfile module. Extracting a crafted TAR archive with the tarfile.extract or tarfile.extractall functions could lead to a directory traversal vulnerability, resulting in overwrite of arbitrary files.

The Red Hat Product Security has rated this issue as having a Moderate security impact, a future update may address this flaw. More information regarding issue severity can be found here: https://access.redhat.com/security/updates/classification. Versions of `python36:3.6/python36` as shipped with Red Hat Enterprise Linux 8 are marked as 'Not affected' as they just provide "symlinks" to the main `python3` component, which provides the actual interpreter of the Python programming language. Do not extract archives from untrusted sources with the Python tarfile module. Users of the module should add sanity checks when calling the tarfile.extract or tarfile.extractall functions. Red Hat Enterprise Linux 8 2023-11-14T00:00:00 RHSA-2023:6914 python3.11-pip-0:22.3.1-4.el8 Red Hat Enterprise Linux 8 2023-11-14T00:00:00 RHSA-2023:7024 python3.11-0:3.11.5-1.el8_9 Red Hat Enterprise Linux 8 2023-11-14T00:00:00 RHSA-2023:7034 python39:3.9-8090020230922213827.7484f1d1 Red Hat Enterprise Linux 8 2023-11-14T00:00:00 RHSA-2023:7034 python39-devel:3.9-8090020230922213827.7484f1d1 Red Hat Enterprise Linux 8 2023-11-14T00:00:00 RHSA-2023:7050 python38:3.8-8090020230810143931.d9f72c26 Red Hat Enterprise Linux 8 2023-11-14T00:00:00 RHSA-2023:7050 python38-devel:3.8-8090020230810143931.d9f72c26 Red Hat Enterprise Linux 8 2023-11-14T00:00:00 RHSA-2023:7151 python3-0:3.6.8-56.el8_9 Red Hat Enterprise Linux 8 2023-11-14T00:00:00 RHSA-2023:7176 python-pip-0:9.0.3-23.el8 Red Hat Enterprise Linux 8 2023-11-14T00:00:00 RHSA-2023:7151 python3-0:3.6.8-56.el8_9 Red Hat Enterprise Linux 8 2023-11-14T00:00:00 RHSA-2023:7176 python-pip-0:9.0.3-23.el8 Red Hat Enterprise Linux 8.6 Extended Update Support 2024-01-23T00:00:00 RHSA-2024:0374 python-pip-0:9.0.3-22.1.el8_6 Red Hat Enterprise Linux 8.6 Extended Update Support 2024-01-25T00:00:00 RHSA-2024:0430 python3-0:3.6.8-47.el8_6.4 Red Hat Enterprise Linux 8.8 Extended Update Support 2024-01-30T00:00:00 RHSA-2024:0587 python-pip-0:9.0.3-22.1.el8_8 Red Hat Enterprise Linux 9 2023-11-07T00:00:00 RHSA-2023:6324 python3.11-pip-0:22.3.1-4.el9 Red Hat Enterprise Linux 9 2023-11-07T00:00:00 RHSA-2023:6494 python3.11-0:3.11.5-1.el9_3 Red Hat Enterprise Linux 9 2023-11-07T00:00:00 RHSA-2023:6659 python3.9-0:3.9.18-1.el9_3 Red Hat Enterprise Linux 9 2023-11-07T00:00:00 RHSA-2023:6694 python-pip-0:21.2.3-7.el9 Red Hat Enterprise Linux 9 2023-11-07T00:00:00 RHSA-2023:6659 python3.9-0:3.9.18-1.el9_3 Red Hat Enterprise Linux 9 2023-11-07T00:00:00 RHSA-2023:6694 python-pip-0:21.2.3-7.el9 Red Hat Software Collections for Red Hat Enterprise Linux 7 2023-11-08T00:00:00 RHSA-2023:6793 rh-python38-python-0:3.8.18-2.el7 Red Hat Software Collections for Red Hat Enterprise Linux 7 2023-11-08T00:00:00 RHSA-2023:6793 rh-python38-python-pip-0:19.3.1-4.el7 Red Hat Enterprise Linux 6 Out of support scope python Red Hat Enterprise Linux 7 Out of support scope python Red Hat Enterprise Linux 7 Out of support scope python3 Red Hat Enterprise Linux 8 Will not fix python27:2.7/python2 Red Hat Enterprise Linux 8 Not affected python36:3.6/python36 https://www.cve.org/CVERecord?id=CVE-2007-4559 https://nvd.nist.gov/vuln/detail/CVE-2007-4559 Low 2007-08-28T00:00:00 Fetchmail NULL pointer dereference 2.6 AV:N/AC:H/Au:N/C:N/I:N/A:P CWE-476

sink.c in fetchmail before 6.3.9 allows context-dependent attackers to cause a denial of service (NULL dereference and application crash) by refusing certain warning messages that are sent over SMTP.

Red Hat Enterprise Linux 3 2009-09-08T00:00:00 RHSA-2009:1427 fetchmail-0:6.2.0-3.el3.5 Red Hat Enterprise Linux 4 2009-09-08T00:00:00 RHSA-2009:1427 fetchmail-0:6.2.5-6.0.1.el4_8.1 Red Hat Enterprise Linux 5 2009-09-08T00:00:00 RHSA-2009:1427 fetchmail-0:6.3.6-1.1.el5_3.1 https://www.cve.org/CVERecord?id=CVE-2007-4565 https://nvd.nist.gov/vuln/detail/CVE-2007-4565 Important 2007-09-07T00:00:00 kernel: ipv6_hop_jumbo remote system crash 7.8 AV:N/AC:L/Au:N/C:N/I:N/A:C CWE-228->CWE-119

The ipv6_hop_jumbo function in net/ipv6/exthdrs.c in the Linux kernel before 2.6.22 does not properly validate the hop-by-hop IPv6 extended header, which allows remote attackers to cause a denial of service (NULL pointer dereference and kernel panic) via a crafted IPv6 packet.

This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 3, 4 and Red Hat Enterprise MRG. Shipped kernels do not include upstream commit a11d206d that introduced the problem. This upstream commit was backported in Red Hat Enterprise Linux 5 via RHBA-2008:0314. It was reported and addressed in Red Hat Enterprise Linux 5 via RHSA-2010:0019. Red Hat Enterprise Linux 5 2010-01-07T00:00:00 RHSA-2010:0019 kernel-0:2.6.18-164.10.1.el5 Red Hat Enterprise Linux 5.2 Z Stream 2010-02-02T00:00:00 RHSA-2010:0079 kernel-0:2.6.18-92.1.35.el5 Red Hat Enterprise Linux 5.3.Z - Server Only 2010-01-20T00:00:00 RHSA-2010:0053 kernel-0:2.6.18-128.12.1.el5 Red Hat Enterprise Virtualization for RHEL-5 2010-02-09T00:00:00 RHSA-2010:0095 rhev-hypervisor-0:5.4-2.1.8.el5_4rhev2_1 https://www.cve.org/CVERecord?id=CVE-2007-4567 https://nvd.nist.gov/vuln/detail/CVE-2007-4567 Low 2007-10-02T00:00:00 xfs integer overflow in the build_range function CWE-190

Integer overflow in the build_range function in X.Org X Font Server (xfs) before 1.0.5 allows context-dependent attackers to execute arbitrary code via (1) QueryXBitmaps and (2) QueryXExtents protocol requests with crafted size values, which triggers a heap-based buffer overflow.

Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Low security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/. Red Hat Enterprise Linux 2.1 2008-01-18T00:00:00 RHSA-2008:0029 XFree86-0:4.1.0-86.EL Red Hat Enterprise Linux 3 2008-01-18T00:00:00 RHSA-2008:0029 XFree86-0:4.3.0-126.EL Red Hat Enterprise Linux 4 2008-01-17T00:00:00 RHSA-2008:0030 xorg-x11-0:6.8.2-1.EL.33.0.2 Red Hat Enterprise Linux 5 Will not fix xorg-x11-xfs https://www.cve.org/CVERecord?id=CVE-2007-4568 https://nvd.nist.gov/vuln/detail/CVE-2007-4568 Moderate 2007-09-19T00:00:00 kdm password-less login vulnerability

backend/session.c in KDM in KDE 3.3.0 through 3.5.7, when autologin is configured and "shutdown with password" is enabled, allows remote attackers to bypass the password requirement and login to arbitrary accounts via unspecified vectors.

Red Hat Enterprise Linux 4 2007-10-08T00:00:00 RHSA-2007:0905 kdebase-6:3.3.1-6.el4 Red Hat Enterprise Linux 5 2007-10-08T00:00:00 RHSA-2007:0905 kdebase-6:3.5.4-15.el5 https://www.cve.org/CVERecord?id=CVE-2007-4569 https://nvd.nist.gov/vuln/detail/CVE-2007-4569 Low 2007-11-07T00:00:00 mctransd DoS

Algorithmic complexity vulnerability in the MCS translation daemon in mcstrans 0.2.3 allows local users to cause a denial of service (temporary daemon outage) via a large range of compartments in sensitivity labels.

Red Hat Enterprise Linux 5 2007-11-07T00:00:00 RHSA-2007:0542 mcstrans-0:0.2.6-1.el5 https://www.cve.org/CVERecord?id=CVE-2007-4570 https://nvd.nist.gov/vuln/detail/CVE-2007-4570 Moderate 2007-09-25T00:00:00 ALSA memory disclosure flaw

The snd_mem_proc_read function in sound/core/memalloc.c in the Advanced Linux Sound Architecture (ALSA) in the Linux kernel before 2.6.22.8 does not return the correct write size, which allows local users to obtain sensitive information (kernel memory contents) via a small count argument, as demonstrated by multiple reads of /proc/driver/snd-page-alloc.

This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 2.1 or 3. Red Hat would like to thank Neil Kettle and iDefense for reporting this issue. Red Hat Enterprise Linux 4 2007-11-01T00:00:00 RHSA-2007:0939 kernel-0:2.6.9-55.0.12.EL Red Hat Enterprise Linux 5 2007-11-29T00:00:00 RHSA-2007:0993 kernel-0:2.6.18-53.1.4.el5 https://www.cve.org/CVERecord?id=CVE-2007-4571 https://nvd.nist.gov/vuln/detail/CVE-2007-4571 Moderate 2007-11-15T14:00:00 samba buffer overflow

Stack-based buffer overflow in nmbd in Samba 3.0.0 through 3.0.26a, when configured as a Primary or Backup Domain controller, allows remote attackers to have an unknown impact via crafted GETDC mailslot requests, related to handling of GETDC logon server requests.

Red Hat would like to thank Samba developers for reporting this issue. Red Hat Enterprise Linux 2.1 2007-11-15T00:00:00 RHSA-2007:1013 samba-0:2.2.12-1.21as.8.1 Red Hat Enterprise Linux 3 2007-11-15T00:00:00 RHSA-2007:1013 samba-0:3.0.9-1.3E.14.1 Red Hat Enterprise Linux 4 2007-11-15T00:00:00 RHSA-2007:1016 samba-0:3.0.25b-1.el4_6.2 Red Hat Enterprise Linux 5 2007-11-15T00:00:00 RHSA-2007:1017 samba-0:3.0.25b-1.el5_1.2 https://www.cve.org/CVERecord?id=CVE-2007-4572 https://nvd.nist.gov/vuln/detail/CVE-2007-4572 Important 2007-09-21T00:00:00 x86_64 syscall vulnerability

The IA32 system call emulation functionality in Linux kernel 2.4.x and 2.6.x before 2.6.22.7, when running on the x86_64 architecture, does not zero extend the eax register after the 32bit entry path to ptrace is used, which might allow local users to gain privileges by triggering an out-of-bounds access to the system call table using the %RAX register.

This issue affected users who were running 64-bit versions of Red Hat Enterprise Linux 3, 4, or 5 on x86_64 architecture. It did not affect users of Red Hat Enterprise Linux 2.1. Red Hat would like to thank Wojciech Purczynski for reporting this issue. Red Hat Enterprise Linux 3 2007-09-27T00:00:00 RHSA-2007:0938 kernel-0:2.4.21-52.EL Red Hat Enterprise Linux 4 2007-09-27T00:00:00 RHSA-2007:0937 kernel-0:2.6.9-55.0.9.EL Red Hat Enterprise Linux 5 2007-09-27T00:00:00 RHSA-2007:0936 kernel-0:2.6.18-8.1.14.el5 https://www.cve.org/CVERecord?id=CVE-2007-4573 https://nvd.nist.gov/vuln/detail/CVE-2007-4573 Important 2007-10-22T00:00:00 EM64T local DoS

Unspecified vulnerability in the "stack unwinder fixes" in kernel in Red Hat Enterprise Linux 5, when running on AMD64 and Intel 64, allows local users to cause a denial of service via unknown vectors.

Red Hat Enterprise Linux 5 2007-10-22T00:00:00 RHSA-2007:0940 kernel-0:2.6.18-8.1.15.el5 https://www.cve.org/CVERecord?id=CVE-2007-4574 https://nvd.nist.gov/vuln/detail/CVE-2007-4574 Moderate 2007-12-04T00:00:00 OpenOffice.org-base allows Denial-of-Service and command injection

HSQLDB before 1.8.0.9, as used in OpenOffice.org (OOo) 2 before 2.3.1, allows user-assisted remote attackers to execute arbitrary Java code via crafted database documents, related to "exposing static java methods."

JBEAP 4.2.0 for RHEL 4 2008-04-02T00:00:00 RHSA-2008:0151 glassfish-javamail-0:1.4.0-0jpp.ep1.8 JBEAP 4.2.0 for RHEL 4 2008-04-02T00:00:00 RHSA-2008:0151 hibernate3-1:3.2.4-1.SP1_CP02.0jpp.ep1.1.el4 JBEAP 4.2.0 for RHEL 4 2008-04-02T00:00:00 RHSA-2008:0151 hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el4 JBEAP 4.2.0 for RHEL 4 2008-04-02T00:00:00 RHSA-2008:0151 hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el4 JBEAP 4.2.0 for RHEL 4 2008-04-02T00:00:00 RHSA-2008:0151 hsqldb-1:1.8.0.8-2.patch01.1jpp.ep1.1 JBEAP 4.2.0 for RHEL 4 2008-04-02T00:00:00 RHSA-2008:0151 jacorb-0:2.3.0-1jpp.ep1.4 JBEAP 4.2.0 for RHEL 4 2008-04-02T00:00:00 RHSA-2008:0151 jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el4 JBEAP 4.2.0 for RHEL 4 2008-04-02T00:00:00 RHSA-2008:0151 jbossas-0:4.2.0-3.GA_CP02.ep1.3.el4 JBEAP 4.2.0 for RHEL 4 2008-04-02T00:00:00 RHSA-2008:0151 jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el4 JBEAP 4.2.0 for RHEL 4 2008-04-02T00:00:00 RHSA-2008:0151 jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1 JBEAP 4.2.0 for RHEL 4 2008-04-02T00:00:00 RHSA-2008:0151 jboss-seam-0:1.2.1-1.ep1.3.el4 JBEAP 4.2.0 for RHEL 4 2008-04-02T00:00:00 RHSA-2008:0151 jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1 JBEAP 4.2.0 for RHEL 4 2008-04-02T00:00:00 RHSA-2008:0151 jbossws-jboss42-0:1.2.1-0jpp.ep1.2.el4 JBEAP 4.2.0 for RHEL 4 2008-04-02T00:00:00 RHSA-2008:0151 jcommon-0:1.0.12-1jpp.ep1.2.el4 JBEAP 4.2.0 for RHEL 4 2008-04-02T00:00:00 RHSA-2008:0151 jfreechart-0:1.0.9-1jpp.ep1.2.el4 JBEAP 4.2.0 for RHEL 4 2008-04-02T00:00:00 RHSA-2008:0151 jgroups-1:2.4.1-1.SP4.0jpp.ep1.2 JBEAP 4.2.0 for RHEL 4 2008-04-02T00:00:00 RHSA-2008:0151 rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el4 JBEAP 4.2.0 for RHEL 5 2008-04-02T00:00:00 RHSA-2008:0213 hibernate3-0:3.2.4-1.SP1_CP02.0jpp.ep1.1.el5.1 JBEAP 4.2.0 for RHEL 5 2008-04-02T00:00:00 RHSA-2008:0213 hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el5.1 JBEAP 4.2.0 for RHEL 5 2008-04-02T00:00:00 RHSA-2008:0213 jacorb-0:2.3.0-1jpp.ep1.5.el5 JBEAP 4.2.0 for RHEL 5 2008-04-02T00:00:00 RHSA-2008:0213 jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el5 JBEAP 4.2.0 for RHEL 5 2008-04-02T00:00:00 RHSA-2008:0213 jbossas-0:4.2.0-4.GA_CP02.ep1.3.el5.3 JBEAP 4.2.0 for RHEL 5 2008-04-02T00:00:00 RHSA-2008:0213 jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el5 JBEAP 4.2.0 for RHEL 5 2008-04-02T00:00:00 RHSA-2008:0213 jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1.el5 JBEAP 4.2.0 for RHEL 5 2008-04-02T00:00:00 RHSA-2008:0213 jboss-seam-0:1.2.1-1.ep1.3.el5 JBEAP 4.2.0 for RHEL 5 2008-04-02T00:00:00 RHSA-2008:0213 jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1.el5 JBEAP 4.2.0 for RHEL 5 2008-04-02T00:00:00 RHSA-2008:0213 jcommon-0:1.0.12-1jpp.ep1.2.el5 JBEAP 4.2.0 for RHEL 5 2008-04-02T00:00:00 RHSA-2008:0213 jfreechart-0:1.0.9-1jpp.ep1.2.el5.1 JBEAP 4.2.0 for RHEL 5 2008-04-02T00:00:00 RHSA-2008:0213 rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el5.1 Red Hat Enterprise Linux 4 2007-12-05T00:00:00 RHSA-2007:1090 openoffice.org2-1:2.0.4-5.7.0.3.0 Red Hat Enterprise Linux 5 2007-12-05T00:00:00 RHSA-2007:1048 hsqldb-1:1.8.0.4-3jpp.6 Red Hat Enterprise Linux 5 2007-12-05T00:00:00 RHSA-2007:1048 openoffice.org-1:2.0.4-5.4.25 Red Hat Web Application Stack for RHEL 4 2008-03-24T00:00:00 RHSA-2008:0158 concurrent-0:1.3.4-7jpp.ep1.6.el4 Red Hat Web Application Stack for RHEL 4 2008-03-24T00:00:00 RHSA-2008:0158 glassfish-jaf-0:1.1.0-0jpp.ep1.10.el4 Red Hat Web Application Stack for RHEL 4 2008-03-24T00:00:00 RHSA-2008:0158 glassfish-javamail-0:1.4.0-0jpp.ep1.8 Red Hat Web Application Stack for RHEL 4 2008-03-24T00:00:00 RHSA-2008:0158 glassfish-jsf-0:1.2_04-1.p02.0jpp.ep1.18 Red Hat Web Application Stack for RHEL 4 2008-03-24T00:00:00 RHSA-2008:0158 glassfish-jstl-0:1.2.0-0jpp.ep1.2 Red Hat Web Application Stack for RHEL 4 2008-03-24T00:00:00 RHSA-2008:0158 hibernate3-1:3.2.4-1.SP1_CP02.0jpp.ep1.1.el4 Red Hat Web Application Stack for RHEL 4 2008-03-24T00:00:00 RHSA-2008:0158 hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el4 Red Hat Web Application Stack for RHEL 4 2008-03-24T00:00:00 RHSA-2008:0158 hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el4 Red Hat Web Application Stack for RHEL 4 2008-03-24T00:00:00 RHSA-2008:0158 hsqldb-1:1.8.0.8-2.patch01.1jpp.ep1.1 Red Hat Web Application Stack for RHEL 4 2008-03-24T00:00:00 RHSA-2008:0158 jacorb-0:2.3.0-1jpp.ep1.4 Red Hat Web Application Stack for RHEL 4 2008-03-24T00:00:00 RHSA-2008:0158 jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el4 Red Hat Web Application Stack for RHEL 4 2008-03-24T00:00:00 RHSA-2008:0158 jbossas-0:4.2.0-3.GA_CP02.ep1.3.el4 Red Hat Web Application Stack for RHEL 4 2008-03-24T00:00:00 RHSA-2008:0158 jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el4 Red Hat Web Application Stack for RHEL 4 2008-03-24T00:00:00 RHSA-2008:0158 jboss-common-0:1.2.1-0jpp.ep1.2 Red Hat Web Application Stack for RHEL 4 2008-03-24T00:00:00 RHSA-2008:0158 jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1 Red Hat Web Application Stack for RHEL 4 2008-03-24T00:00:00 RHSA-2008:0158 jboss-seam-0:1.2.1-1.ep1.3.el4 Red Hat Web Application Stack for RHEL 4 2008-03-24T00:00:00 RHSA-2008:0158 jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1 Red Hat Web Application Stack for RHEL 4 2008-03-24T00:00:00 RHSA-2008:0158 jbossws-wsconsume-impl-0:2.0.0-0jpp.ep1.3 Red Hat Web Application Stack for RHEL 4 2008-03-24T00:00:00 RHSA-2008:0158 jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el4 Red Hat Web Application Stack for RHEL 4 2008-03-24T00:00:00 RHSA-2008:0158 jcommon-0:1.0.12-1jpp.ep1.2.el4 Red Hat Web Application Stack for RHEL 4 2008-03-24T00:00:00 RHSA-2008:0158 jfreechart-0:1.0.9-1jpp.ep1.2.el4 Red Hat Web Application Stack for RHEL 4 2008-03-24T00:00:00 RHSA-2008:0158 jgroups-1:2.4.1-1.SP4.0jpp.ep1.2 Red Hat Web Application Stack for RHEL 4 2008-03-24T00:00:00 RHSA-2008:0158 rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el4 Red Hat Web Application Stack for RHEL 4 2008-03-24T00:00:00 RHSA-2008:0158 wsdl4j-0:1.6.2-1jpp.ep1.8 https://www.cve.org/CVERecord?id=CVE-2007-4575 https://nvd.nist.gov/vuln/detail/CVE-2007-4575 Buffer overflow in IrcII by long MODE from server

Stack-based buffer overflow in BitchX 1.1 Final allows remote IRC servers to execute arbitrary code via a long string in a MODE command, related to the p_mode variable.

Not vulnerable. This issue did not affect the version of IrcII as shipped with Red Hat Enterprise Linux 2.1. IrcII was not shipped in Enterprise Linux 3, 4, or 5. https://www.cve.org/CVERecord?id=CVE-2007-4584 https://nvd.nist.gov/vuln/detail/CVE-2007-4584

Multiple buffer overflows in php_iisfunc.dll in the iisfunc extension for PHP 5.2.0 and earlier allow context-dependent attackers to execute arbitrary code, probably during Unicode conversion, as demonstrated by a long string in the first argument to the iis_getservicestate function, related to the ServiceId argument to the (1) fnStartService, (2) fnGetServiceState, (3) fnStopService, and possibly other functions.

Not vulnerable. This issue does not affect the versions of PHP shipped with Red Hat Enterprise Linux. It only affects the PHP version for Windows. https://www.cve.org/CVERecord?id=CVE-2007-4586 https://nvd.nist.gov/vuln/detail/CVE-2007-4586

Stack-based buffer overflow in RealNetworks RealPlayer 10 and possibly 10.5, and RealOne Player 1 and 2, for Windows allows remote attackers to execute arbitrary code via a crafted playlist (PLS) file.

Not vulnerable. This issue did not affect the versions of RealPlayer as shipped with Red Hat Enterprise Linux 3 Extras, 4 Extras, or 5 Supplementary. https://www.cve.org/CVERecord?id=CVE-2007-4599 https://nvd.nist.gov/vuln/detail/CVE-2007-4599 Low 2007-02-02T00:00:00 libwrap ignores rules under certain circumstances

A regression error in tcp-wrappers 7.6.dbs-10 and 7.6.dbs-11 might allow remote attackers to bypass intended access restrictions when a service uses libwrap but does not specify server connection information.

Not vulnerable. This issue was specific to a patch from Debian project and did not affect versions of tcp_wrappers packages as shipped with Red Hat Enterprise Linux. https://www.cve.org/CVERecord?id=CVE-2007-4601 https://nvd.nist.gov/vuln/detail/CVE-2007-4601 Important 2007-10-11T00:00:00 FLAC Integer overflows CWE-190

Multiple integer overflows in Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1, as used in Winamp before 5.5 and other products, allow user-assisted remote attackers to execute arbitrary code via a malformed FLAC file that triggers improper memory allocation, resulting in a heap-based buffer overflow.

Red Hat Enterprise Linux 4 2007-10-22T00:00:00 RHSA-2007:0975 flac-0:1.1.0-7.el4_5.2 Red Hat Enterprise Linux 5 2007-10-22T00:00:00 RHSA-2007:0975 flac-0:1.1.2-28.el5_0.1 https://www.cve.org/CVERecord?id=CVE-2007-4619 https://nvd.nist.gov/vuln/detail/CVE-2007-4619 Moderate 2007-08-29T00:00:00 EnterpriseDB security flaw

EnterpriseDB Advanced Server 8.2 does not properly handle certain debugging function calls that occur before a call to pldbg_create_listener, which allows remote authenticated users to cause a denial of service (daemon crash) and possibly execute arbitrary code via a SELECT statement that invokes a pldbg_ function, as demonstrated by (1) pldbg_get_stack and (2) pldbg_abort_target, which triggers use of an uninitialized pointer.

https://www.cve.org/CVERecord?id=CVE-2007-4639 https://nvd.nist.gov/vuln/detail/CVE-2007-4639 php open_basedir bypass in session extension with symlink

The session extension in PHP before 5.2.4 might allow local users to bypass open_basedir restrictions via a session file that is a symlink.

We do not consider these to be security issues. For more details see https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1 and https://www.php.net/security-note.php https://www.cve.org/CVERecord?id=CVE-2007-4652 https://nvd.nist.gov/vuln/detail/CVE-2007-4652 php integer overflow in strspn/strcspn

Multiple integer overflows in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, allow remote attackers to obtain sensitive information (memory contents) or cause a denial of service (thread crash) via a large len value to the (1) strspn or (2) strcspn function, which triggers an out-of-bounds read. NOTE: this affects different product versions than CVE-2007-3996.

The only effect of this bug is to cause the process to read from a random segment of memory, if a large "length" parameter is passed to the strspn/strcspn function, which is under the control of the script author. This bug has no security impact. https://www.cve.org/CVERecord?id=CVE-2007-4657 https://nvd.nist.gov/vuln/detail/CVE-2007-4657 Low 2007-08-30T00:00:00 php money_format format string issue

The money_format function in PHP 5 before 5.2.4, and PHP 4 before 4.4.8, permits multiple (1) %i and (2) %n tokens, which has unknown impact and attack vectors, possibly related to a format string vulnerability.

This issue did not affect the versions of PHP as shipped with Red Hat Enterprise Linux 2.1. Red Hat Enterprise Linux 3 2007-09-26T00:00:00 RHSA-2007:0889 php-0:4.3.2-43.ent Red Hat Enterprise Linux 4 2007-09-20T00:00:00 RHSA-2007:0890 php-0:4.3.9-3.22.9 Red Hat Enterprise Linux 5 2007-09-20T00:00:00 RHSA-2007:0890 php-0:5.1.6-15.el5 Red Hat Web Application Stack for RHEL 4 2007-10-25T00:00:00 RHSA-2007:0891 php-0:5.1.6-3.el4s1.8 https://www.cve.org/CVERecord?id=CVE-2007-4658 https://nvd.nist.gov/vuln/detail/CVE-2007-4658 Low 2007-08-30T00:00:00 php zend_alter_ini_entry() memory_limit interruption

The zend_alter_ini_entry function in PHP before 5.2.4 does not properly handle an interruption to the flow of execution triggered by a memory_limit violation, which has unknown impact and attack vectors.

Not vulnerable. These issues did not affect the versions of PHP as shipped with Red Hat Enterprise Linux 2.1, 3, 4, 5 or Red Hat Application Stack v1. https://www.cve.org/CVERecord?id=CVE-2007-4659 https://nvd.nist.gov/vuln/detail/CVE-2007-4659 Moderate 2007-08-30T00:00:00 php size calculation in chunk_split

Unspecified vulnerability in the chunk_split function in PHP before 5.2.4 has unknown impact and attack vectors, related to an incorrect size calculation.

https://www.cve.org/CVERecord?id=CVE-2007-4660 https://nvd.nist.gov/vuln/detail/CVE-2007-4660 Moderate 2007-08-30T00:00:00 php size calculation in chunk_split

The chunk_split function in string.c in PHP 5.2.3 does not properly calculate the needed buffer size due to precision loss when performing integer arithmetic with floating point numbers, which has unknown attack vectors and impact, possibly resulting in a heap-based buffer overflow. NOTE: this is due to an incomplete fix for CVE-2007-2872.

https://www.cve.org/CVERecord?id=CVE-2007-4661 https://nvd.nist.gov/vuln/detail/CVE-2007-4661 php buffer overflow in php_openssl_make_REQ

Buffer overflow in the php_openssl_make_REQ function in PHP before 5.2.4 has unknown impact and attack vectors.

This bug can only be triggered by supplying a non-default openssl.conf configuration file, which is entirely under the control of the script author or server administrator, and hence is not a security issue. https://www.cve.org/CVERecord?id=CVE-2007-4662 https://nvd.nist.gov/vuln/detail/CVE-2007-4662 php open_basedir bypass inside glob()

Directory traversal vulnerability in PHP before 5.2.4 allows attackers to bypass open_basedir restrictions via unspecified vectors involving the glob function.

We do not consider these to be security issues. For more details see https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1 and https://www.php.net/security-note.php https://www.cve.org/CVERecord?id=CVE-2007-4663 https://nvd.nist.gov/vuln/detail/CVE-2007-4663 Low 2007-08-30T00:00:00 php malformed cookie handling

Unspecified vulnerability in PHP before 5.2.4 has unknown impact and attack vectors, related to an "Improved fix for MOPB-03-2007," probably a variant of CVE-2007-1285.

Red Hat Enterprise Linux 2.1 2007-10-23T00:00:00 RHSA-2007:0888 php-0:4.1.2-2.19 Red Hat Enterprise Linux 3 2007-09-26T00:00:00 RHSA-2007:0889 php-0:4.3.2-43.ent Red Hat Enterprise Linux 4 2007-09-20T00:00:00 RHSA-2007:0890 php-0:4.3.9-3.22.9 Red Hat Enterprise Linux 5 2007-09-20T00:00:00 RHSA-2007:0890 php-0:5.1.6-15.el5 Red Hat Web Application Stack for RHEL 4 2007-10-25T00:00:00 RHSA-2007:0891 php-0:5.1.6-3.el4s1.8 https://www.cve.org/CVERecord?id=CVE-2007-4670 https://nvd.nist.gov/vuln/detail/CVE-2007-4670 Low 2007-09-04T00:00:00 Infinite loop in wireshark's DNP3 dissector CWE-835

No description is available for this CVE.

Duplicate of CVE-2007-6113. https://www.cve.org/CVERecord?id=CVE-2007-4721 https://nvd.nist.gov/vuln/detail/CVE-2007-4721 Moderate 2007-09-09T00:00:00 X.org composite extension buffer overflow

Buffer overflow in the compNewPixmap function in compalloc.c in the Composite extension for the X.org X11 server before 1.4 allows local users to execute arbitrary code by copying data from a large pixel depth pixmap into a smaller pixel depth pixmap.

Red Hat Enterprise Linux 5 is not affected by this flaw. More information can be found here: https://bugzilla.redhat.com/show_bug.cgi?id=285991 Red Hat Enterprise Linux 2.1 and 3 do not support the composite extension and are not vulnerable to this flaw. Red Hat Enterprise Linux 4 2007-09-19T00:00:00 RHSA-2007:0898 xorg-x11-0:6.8.2-1.EL.31 https://www.cve.org/CVERecord?id=CVE-2007-4730 https://nvd.nist.gov/vuln/detail/CVE-2007-4730 Important 2007-09-05T00:00:00 krb5 incomplete fix for CVE-2007-3999

The original patch for CVE-2007-3999 in svc_auth_gss.c in the RPCSEC_GSS RPC library in MIT Kerberos 5 (krb5) 1.4 through 1.6.2, as used by the Kerberos administration daemon (kadmind) and other applications that use krb5, does not correctly check the buffer length in some environments and architectures, which might allow remote attackers to conduct a buffer overflow attack.

Red Hat Enterprise Linux 5 2007-09-07T00:00:00 RHSA-2007:0892 krb5-0:1.5-29 https://www.cve.org/CVERecord?id=CVE-2007-4743 https://nvd.nist.gov/vuln/detail/CVE-2007-4743 Low 2007-09-04T00:00:00 openssh falls back to the trusted x11 cookie if generation of an untrusted cookie fails

ssh in OpenSSH before 4.7 does not properly handle when an untrusted cookie cannot be created and uses a trusted X11 cookie instead, which allows attackers to violate intended policy and gain privileges by causing an X client to be treated as trusted.

This issue did not affect the OpenSSH packages as distributed with Red Hat Enterprise Linux 2.1 or 3, as they do not support Trusted X11 forwarding. Red Hat Enterprise Linux 4 2008-08-22T00:00:00 RHSA-2008:0855 openssh-0:3.9p1-11.el4_7 Red Hat Enterprise Linux 4.5 Z Stream 2008-08-22T00:00:00 RHSA-2008:0855 openssh-0:3.9p1-10.RHEL4.20 Red Hat Enterprise Linux 5 2008-08-22T00:00:00 RHSA-2008:0855 openssh-0:4.3p2-26.el5_2.1 https://www.cve.org/CVERecord?id=CVE-2007-4752 https://nvd.nist.gov/vuln/detail/CVE-2007-4752 Important 2007-11-05T00:00:00 : pcre < 7.3 integer overflows CWE-190

Multiple integer overflows in Perl-Compatible Regular Expression (PCRE) library before 7.3 allow context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via unspecified escape (backslash) sequences.

https://www.cve.org/CVERecord?id=CVE-2007-4766 https://nvd.nist.gov/vuln/detail/CVE-2007-4766 Important 2007-11-05T00:00:00 : pcre < 7.3 \p, \P, \P{x] length calculation issue

Perl-Compatible Regular Expression (PCRE) library before 7.3 does not properly compute the length of (1) a \p sequence, (2) a \P sequence, or (3) a \P{x} sequence, which allows context-dependent attackers to cause a denial of service (infinite loop or crash) or execute arbitrary code.

https://www.cve.org/CVERecord?id=CVE-2007-4767 https://nvd.nist.gov/vuln/detail/CVE-2007-4767 Important 2007-11-05T00:00:00 : pcre before 7.3 incorrect unicode in char class optimization

Heap-based buffer overflow in Perl-Compatible Regular Expression (PCRE) library before 7.3 allows context-dependent attackers to execute arbitrary code via a singleton Unicode sequence in a character class in a regex pattern, which is incorrectly optimized.

Extras for RHEL 3 2007-12-18T00:00:00 RHSA-2007:1126 flash-plugin-0:9.0.115.0-1.el3.with.oss Extras for RHEL 4 2007-12-18T00:00:00 RHSA-2007:1126 flash-plugin-0:9.0.115.0-1.el4 Supplementary for Red Hat Enterprise Linux 5 2007-12-18T00:00:00 RHSA-2007:1126 flash-plugin-0:9.0.115.0-1.el5 https://www.cve.org/CVERecord?id=CVE-2007-4768 https://nvd.nist.gov/vuln/detail/CVE-2007-4768 Moderate 2008-01-07T00:00:00 postgresql integer overflow in regex code CWE-190

The regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows remote authenticated users to cause a denial of service (backend crash) via an out-of-bounds backref number.

Red Hat Enterprise Linux 4 2008-01-11T00:00:00 RHSA-2008:0038 postgresql-0:7.4.19-1.el4_6.1 Red Hat Enterprise Linux 5 2008-01-11T00:00:00 RHSA-2008:0038 postgresql-0:8.1.11-1.el5_1.1 Red Hat Web Application Stack for RHEL 4 2008-02-01T00:00:00 RHSA-2008:0040 postgresql-0:8.1.11-1.el4s1.1 https://www.cve.org/CVERecord?id=CVE-2007-4769 https://nvd.nist.gov/vuln/detail/CVE-2007-4769 Important 2008-01-22T00:00:00 libicu poor back reference validation

libicu in International Components for Unicode (ICU) 3.8.1 and earlier attempts to process backreferences to the nonexistent capture group zero (aka \0), which might allow context-dependent attackers to read from, or write to, out-of-bounds memory locations, related to corruption of REStackFrames.

Red Hat Enterprise Linux 5 2008-01-25T00:00:00 RHSA-2008:0090 icu-0:3.6-5.11.1 https://www.cve.org/CVERecord?id=CVE-2007-4770 https://nvd.nist.gov/vuln/detail/CVE-2007-4770 Important 2008-01-22T00:00:00 libicu incomplete interval handling

Heap-based buffer overflow in the doInterval function in regexcmp.cpp in libicu in International Components for Unicode (ICU) 3.8.1 and earlier allows context-dependent attackers to cause a denial of service (memory consumption) and possibly have unspecified other impact via a regular expression that writes a large amount of data to the backtracking stack. NOTE: some of these details are obtained from third party information.

Red Hat Enterprise Linux 5 2008-01-25T00:00:00 RHSA-2008:0090 icu-0:3.6-5.11.1 https://www.cve.org/CVERecord?id=CVE-2007-4771 https://nvd.nist.gov/vuln/detail/CVE-2007-4771 Moderate 2008-01-07T00:00:00 postgresql DoS via infinite loop in regex NFA optimization code 1.5 AV:L/AC:M/Au:S/C:N/I:N/A:P CWE-835

The regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows context-dependent attackers to cause a denial of service (infinite loop) via a crafted regular expression.

Red Hat Enterprise Linux 2.1 2008-02-21T00:00:00 RHSA-2008:0134 tcltk-0:8.3.3-75 Red Hat Enterprise Linux 3 2008-02-21T00:00:00 RHSA-2008:0134 tcltk-0:8.3.5-92.8 Red Hat Enterprise Linux 4 2008-01-11T00:00:00 RHSA-2008:0038 postgresql-0:7.4.19-1.el4_6.1 Red Hat Enterprise Linux 5 2008-01-11T00:00:00 RHSA-2008:0038 postgresql-0:8.1.11-1.el5_1.1 Red Hat Enterprise Linux 5 2013-01-08T00:00:00 RHSA-2013:0122 tcl-0:8.4.13-6.el5 Red Hat Web Application Stack for RHEL 4 2008-02-01T00:00:00 RHSA-2008:0040 postgresql-0:8.1.11-1.el4s1.1 Red Hat Enterprise Linux 4 Will not fix tcl https://www.cve.org/CVERecord?id=CVE-2007-4772 https://nvd.nist.gov/vuln/detail/CVE-2007-4772 Low 2007-12-17T00:00:00 kernel: race condition can wake up a PTRACED process 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N CWE-362

The Linux kernel before 2.4.36-rc1 has a race condition. It was possible to bypass systrace policies by flooding the ptraced process with SIGCONT signals, which can can wake up a PTRACED process.

Red Hat Enterprise Linux 5 Not affected kernel Red Hat Enterprise Linux 6 Not affected kernel Red Hat Enterprise Linux 7 Not affected kernel Red Hat Enterprise Linux 7 Not affected kernel-alt Red Hat Enterprise Linux 7 Not affected kernel-rt Red Hat Enterprise Linux 8 Not affected kernel Red Hat Enterprise Linux 8 Not affected kernel-rt Red Hat Enterprise MRG 2 Not affected kernel-rt https://www.cve.org/CVERecord?id=CVE-2007-4774 https://nvd.nist.gov/vuln/detail/CVE-2007-4774 Low 2007-09-04T00:00:00 php crash in glob() and fnmatch() functions

PHP before 5.2.3 allows context-dependent attackers to cause a denial of service (application crash) via (1) a long string in the pattern parameter to the glob function; or (2) a long string in the string parameter to the fnmatch function, accompanied by a pattern parameter value with undefined characteristics, as demonstrated by a "*[1]e" value. NOTE: this might not be a vulnerability in most web server environments that support multiple threads, unless these issues can be demonstrated for code execution.

We do not consider this to be a security issue. For more information please see https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1 and https://www.php.net/security-note.php Red Hat Enterprise Linux 3 2008-07-16T00:00:00 RHSA-2008:0544 php-0:4.3.2-48.ent Red Hat Enterprise Linux 4 2008-07-16T00:00:00 RHSA-2008:0545 php-0:4.3.9-3.22.12 Red Hat Enterprise Linux 5 2008-07-16T00:00:00 RHSA-2008:0544 php-0:5.1.6-20.el5_2.1 Red Hat Web Application Stack for RHEL 4 2008-07-22T00:00:00 RHSA-2008:0582 php-0:5.1.6-3.el4s1.10 https://www.cve.org/CVERecord?id=CVE-2007-4782 https://nvd.nist.gov/vuln/detail/CVE-2007-4782 php crash in iconv_substr() function

The iconv_substr function in PHP 5.2.4 and earlier allows context-dependent attackers to cause (1) a denial of service (application crash) via a long string in the charset parameter, probably also requiring a long string in the str parameter; or (2) a denial of service (temporary application hang) via a long string in the str parameter. NOTE: this might not be a vulnerability in most web server environments that support multiple threads, unless these issues can be demonstrated for code execution.

We do not consider this to be a security issue. For more information please see https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1 and https://www.php.net/security-note.php https://www.cve.org/CVERecord?id=CVE-2007-4783 https://nvd.nist.gov/vuln/detail/CVE-2007-4783 2007-09-04T00:00:00 php crash in setlocale() function

The setlocale function in PHP before 5.2.4 allows context-dependent attackers to cause a denial of service (application crash) via a long string in the locale parameter. NOTE: this might not be a vulnerability in most web server environments that support multiple threads, unless this issue can be demonstrated for code execution.

We do not consider this to be a security issue. For more information please see https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1 and https://www.php.net/security-note.php https://www.cve.org/CVERecord?id=CVE-2007-4784 https://nvd.nist.gov/vuln/detail/CVE-2007-4784 php open_basedir restriction bypass and possible crash in dl() function

Directory traversal vulnerability in PHP 5.2.4 and earlier allows attackers to bypass open_basedir restrictions and possibly execute arbitrary code via a .. (dot dot) in the dl function.

We do not consider this to be a security issue. For more information please see https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1 and https://www.php.net/security-note.php https://www.cve.org/CVERecord?id=CVE-2007-4825 https://nvd.nist.gov/vuln/detail/CVE-2007-4825 Low 2007-09-07T00:00:00 quagga bgpd DoS 3.3 AV:A/AC:L/Au:N/C:N/I:N/A:P

bgpd in Quagga before 0.99.9 allows explicitly configured BGP peers to cause a denial of service (crash) via a malformed (1) OPEN message or (2) a COMMUNITY attribute, which triggers a NULL pointer dereference. NOTE: vector 2 only exists when debugging is enabled.

Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=285691 The Red Hat Product Security has rated this issue as having low security impact, a future update may address this flaw. Red Hat Enterprise Linux 4 2010-10-20T00:00:00 RHSA-2010:0785 quagga-0:0.98.3-4.el4_8.1 Red Hat Enterprise Linux 5 2010-10-20T00:00:00 RHSA-2010:0785 quagga-0:0.98.6-5.el5_5.2 https://www.cve.org/CVERecord?id=CVE-2007-4826 https://nvd.nist.gov/vuln/detail/CVE-2007-4826 Moderate 2007-08-24T00:00:00 perl-Archive-Tar directory traversal flaws 5.1 AV:N/AC:H/Au:N/C:P/I:P/A:P

Directory traversal vulnerability in the Archive::Tar Perl module 1.36 and earlier allows user-assisted remote attackers to overwrite arbitrary files via a TAR archive that contains a file whose name is an absolute path or has ".." sequences.

Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2007-4829 The Red Hat Product Security has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: https://access.redhat.com/security/updates/classification/ Red Hat Enterprise Linux 4 2010-07-01T00:00:00 RHSA-2010:0505 perl-Archive-Tar-0:1.39.1-1.el4_8.1 Red Hat Enterprise Linux 5 2010-07-01T00:00:00 RHSA-2010:0505 perl-Archive-Tar-1:1.39.1-1.el5_5.1 https://www.cve.org/CVERecord?id=CVE-2007-4829 https://nvd.nist.gov/vuln/detail/CVE-2007-4829

PHP 5.2.4 and earlier allows context-dependent attackers to cause a denial of service (application crash) via (1) a long string in the out_charset parameter to the iconv function; or a long string in the charset parameter to the (2) iconv_mime_decode_headers, (3) iconv_mime_decode, or (4) iconv_strlen function. NOTE: this might not be a vulnerability in most web server environments that support multiple threads, unless these issues can be demonstrated for code execution.

We do not consider this to be a security issue. For more information please see http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1 and http://www.php.net/security-note.php https://www.cve.org/CVERecord?id=CVE-2007-4840 https://nvd.nist.gov/vuln/detail/CVE-2007-4840

Mozilla Firefox before 2.0.0.8, Thunderbird before 2.0.0.8, and SeaMonkey before 1.1.5 allows remote attackers to execute arbitrary commands via a (1) mailto, (2) nntp, (3) news, or (4) snews URI with invalid "%" encoding, related to improper file type handling on Windows XP with Internet Explorer 7 installed, a variant of CVE-2007-3845.

Not vulnerable. This flaw does not affect the Linux version of Firefox. https://www.cve.org/CVERecord?id=CVE-2007-4841 https://nvd.nist.gov/vuln/detail/CVE-2007-4841 jffs2 doesn't preserve permissions

JFFS2, as used on One Laptop Per Child (OLPC) build 542 and possibly other Linux systems, when POSIX ACL support is enabled, does not properly store permissions during (1) inode creation or (2) ACL setting, which might allow local users to access restricted files or directories after a remount of a filesystem, related to "legacy modes" and an inconsistency between dentry permissions and inode permissions.

Not vulnerable. There is no support for jffs2 in the Linux kernel as distributed with Red Hat Enterprise Linux 2.1 or 3. There is no ACL support for jffs2 in the Linux kernel as distributed with Red Hat Enterprise Linux 4 or 5. https://www.cve.org/CVERecord?id=CVE-2007-4849 https://nvd.nist.gov/vuln/detail/CVE-2007-4849 2008-01-22T00:00:00 php: curl safe mode bypass

curl/interface.c in the cURL library (aka libcurl) in PHP 5.2.4 and 5.2.5 allows context-dependent attackers to bypass safe_mode and open_basedir restrictions and read arbitrary files via a file:// request containing a \x00 sequence, a different vulnerability than CVE-2006-2563.

We do not consider these to be security issues. For more details see https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1 and https://www.php.net/security-note.php https://www.cve.org/CVERecord?id=CVE-2007-4850 https://nvd.nist.gov/vuln/detail/CVE-2007-4850 php dl function flaw

The dl function in PHP 5.2.4 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a long string in the library parameter. NOTE: there are limited usage scenarios under which this would be a vulnerability.

The argument passed to the dl() function must always be under the control of the script author. We therefore do not consider this to be a security issue. https://www.cve.org/CVERecord?id=CVE-2007-4887 https://nvd.nist.gov/vuln/detail/CVE-2007-4887 php mysql extension safemode flaw

The MySQL extension in PHP 5.2.4 and earlier allows remote attackers to bypass safe_mode and open_basedir restrictions via the MySQL (1) LOAD_FILE, (2) INTO DUMPFILE, and (3) INTO OUTFILE functions, a different issue than CVE-2007-3997.

We do not consider these to be security issues. For more details see https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1 and https://www.php.net/security-note.php https://www.cve.org/CVERecord?id=CVE-2007-4889 https://nvd.nist.gov/vuln/detail/CVE-2007-4889 Moderate 2007-09-12T00:00:00 ekiga GetHostAddress remote DoS

pwlib, as used by Ekiga 2.0.5 and possibly other products, allows remote attackers to cause a denial of service (application crash) via a long argument to the PString::vsprintf function, related to a "memory management flaw". NOTE: this issue was originally reported as being in the SIPURL::GetHostAddress function in Ekiga (formerly GnomeMeeting).

Red Hat Enterprise Linux 5 2007-10-08T00:00:00 RHSA-2007:0932 pwlib-0:1.10.1-7.0.1.el5 https://www.cve.org/CVERecord?id=CVE-2007-4897 https://nvd.nist.gov/vuln/detail/CVE-2007-4897

RealNetworks RealPlayer 10.1.0.3114 and earlier, and Helix Player 1.0.6.778 on Fedora Core 6 (FC6) and possibly other platforms, allow user-assisted remote attackers to cause a denial of service (application crash) via a malformed .au file that triggers a divide-by-zero error.

We do not consider a crash of a client application such as RealPlayer or Helix Player to be a security issue. https://www.cve.org/CVERecord?id=CVE-2007-4904 https://nvd.nist.gov/vuln/detail/CVE-2007-4904 Moderate 2007-09-17T00:00:00 ekiga remote crash caused by insufficient input validation CWE-20

The Open Phone Abstraction Library (opal), as used by (1) Ekiga before 2.0.10 and (2) OpenH323 before 2.2.4, allows remote attackers to cause a denial of service (crash) via an invalid Content-Length header field in Session Initiation Protocol (SIP) packets, which causes a \0 byte to be written to an "attacker-controlled address."

Red Hat Enterprise Linux 5 2007-10-08T00:00:00 RHSA-2007:0957 opal-0:2.2.2-1.1.0.1 https://www.cve.org/CVERecord?id=CVE-2007-4924 https://nvd.nist.gov/vuln/detail/CVE-2007-4924 Moderate 2007-09-16T00:00:00 python imageop module heap corruption

Multiple integer overflows in the imageop module in Python 2.5.1 and earlier allow context-dependent attackers to cause a denial of service (application crash) and possibly obtain sensitive information (memory contents) via crafted arguments to (1) the tovideo method, and unspecified other vectors related to (2) imageop.c, (3) rbgimgmodule.c, and other files, which trigger heap-based buffer overflows.

Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=295971 The Red Hat Product Security has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: https://access.redhat.com/security/updates/classification/ Red Hat Enterprise Linux 3 2007-12-10T00:00:00 RHSA-2007:1076 python-0:2.2.3-6.8 Red Hat Enterprise Linux 4 2007-12-10T00:00:00 RHSA-2007:1076 python-0:2.3.4-14.4.el4_6.1 Red Hat Enterprise Linux 5 2009-07-27T00:00:00 RHSA-2009:1176 python-0:2.4.3-24.el5_3.6 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0525 rhn-solaris-bootstrap-0:5.0.2-3 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0525 rhn_solaris_bootstrap_5_0_2_3-0:1-0 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0525 rhn-solaris-bootstrap-0:5.0.2-3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0525 rhn_solaris_bootstrap_5_0_2_3-0:1-0 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0264 rhn-solaris-bootstrap-0:5.0.2-3 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0264 rhn_solaris_bootstrap_5_0_2_3-0:1-0 Red Hat Network Satellite Server v 5.1 2008-08-13T00:00:00 RHSA-2008:0629 rhn-solaris-bootstrap-0:5.1.1-3 Red Hat Network Satellite Server v 5.1 2008-08-13T00:00:00 RHSA-2008:0629 rhn_solaris_bootstrap_5_1_1_3-0:1-0 https://www.cve.org/CVERecord?id=CVE-2007-4965 https://nvd.nist.gov/vuln/detail/CVE-2007-4965 Low 2007-09-16T00:00:00 Heap overflow in libsndfile triggerable by seeks

Heap-based buffer overflow in the flac_buffer_copy function in libsndfile 1.0.17 and earlier might allow remote attackers to execute arbitrary code via a FLAC file with crafted PCM data containing a block with a size that exceeds the previous block size.

https://www.cve.org/CVERecord?id=CVE-2007-4974 https://nvd.nist.gov/vuln/detail/CVE-2007-4974 Low 2007-09-19T00:00:00 Infinite loops in ImageMagick's XCF and DCM coders CWE-835

ImageMagick before 6.3.5-9 allows context-dependent attackers to cause a denial of service via a crafted image file that triggers (1) an infinite loop in the ReadDCMImage function, related to ReadBlobByte function calls; or (2) an infinite loop in the ReadXCFImage function, related to ReadBlobMSBLong function calls.

Red Hat Enterprise Linux 2.1 2008-04-17T00:00:00 RHSA-2008:0165 ImageMagick-0:5.3.8-21 Red Hat Enterprise Linux 3 2008-04-17T00:00:00 RHSA-2008:0145 ImageMagick-0:5.5.6-28 Red Hat Enterprise Linux 4 2008-04-17T00:00:00 RHSA-2008:0145 ImageMagick-0:6.0.7.1-17.el4_6.1 Red Hat Enterprise Linux 5 2008-04-17T00:00:00 RHSA-2008:0145 ImageMagick-0:6.2.8.0-4.el5_1.1 https://www.cve.org/CVERecord?id=CVE-2007-4985 https://nvd.nist.gov/vuln/detail/CVE-2007-4985 Moderate 2007-09-19T00:00:00 Multiple integer overflows in ImageMagick CWE-190

Multiple integer overflows in ImageMagick before 6.3.5-9 allow context-dependent attackers to execute arbitrary code via a crafted (1) .dcm, (2) .dib, (3) .xbm, (4) .xcf, or (5) .xwd image file, which triggers a heap-based buffer overflow.

Red Hat Enterprise Linux 2.1 2008-04-17T00:00:00 RHSA-2008:0165 ImageMagick-0:5.3.8-21 Red Hat Enterprise Linux 3 2008-04-17T00:00:00 RHSA-2008:0145 ImageMagick-0:5.5.6-28 Red Hat Enterprise Linux 4 2008-04-17T00:00:00 RHSA-2008:0145 ImageMagick-0:6.0.7.1-17.el4_6.1 Red Hat Enterprise Linux 5 2008-04-17T00:00:00 RHSA-2008:0145 ImageMagick-0:6.2.8.0-4.el5_1.1 https://www.cve.org/CVERecord?id=CVE-2007-4986 https://nvd.nist.gov/vuln/detail/CVE-2007-4986 Low 2007-09-19T00:00:00 ImageMagick writes terminating NUL one byte beyond char array end

Off-by-one error in the ReadBlobString function in blob.c in ImageMagick before 6.3.5-9 allows context-dependent attackers to execute arbitrary code via a crafted image file, which triggers the writing of a '\0' character to an out-of-bounds address.

Note: As the address of the overwritten byte is not under attackers control, the worst impact his bug could have is an application crash. It can not be exploited to execute arbitrary code. https://www.cve.org/CVERecord?id=CVE-2007-4987 https://nvd.nist.gov/vuln/detail/CVE-2007-4987 Moderate 2007-09-19T00:00:00 Integer overflow in ImageMagick's DIB coder CWE-190

Sign extension error in the ReadDIBImage function in ImageMagick before 6.3.5-9 allows context-dependent attackers to execute arbitrary code via a crafted width value in an image file, which triggers an integer overflow and a heap-based buffer overflow.

Red Hat Enterprise Linux 3 2008-04-17T00:00:00 RHSA-2008:0145 ImageMagick-0:5.5.6-28 Red Hat Enterprise Linux 4 2008-04-17T00:00:00 RHSA-2008:0145 ImageMagick-0:6.0.7.1-17.el4_6.1 Red Hat Enterprise Linux 5 2008-04-17T00:00:00 RHSA-2008:0145 ImageMagick-0:6.2.8.0-4.el5_1.1 https://www.cve.org/CVERecord?id=CVE-2007-4988 https://nvd.nist.gov/vuln/detail/CVE-2007-4988 Low 2007-10-02T00:00:00 xfs heap overflow in the swap_char2b function CWE-122

The swap_char2b function in X.Org X Font Server (xfs) before 1.0.5 allows context-dependent attackers to execute arbitrary code via (1) QueryXBitmaps and (2) QueryXExtents protocol requests with crafted size values that specify an arbitrary number of bytes to be swapped on the heap, which triggers heap corruption.

Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Low security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/. Red Hat Enterprise Linux 2.1 2008-01-18T00:00:00 RHSA-2008:0029 XFree86-0:4.1.0-86.EL Red Hat Enterprise Linux 3 2008-01-18T00:00:00 RHSA-2008:0029 XFree86-0:4.3.0-126.EL Red Hat Enterprise Linux 4 2008-01-17T00:00:00 RHSA-2008:0030 xorg-x11-0:6.8.2-1.EL.33.0.2 Red Hat Enterprise Linux 5 Will not fix xorg-x11-xfs https://www.cve.org/CVERecord?id=CVE-2007-4990 https://nvd.nist.gov/vuln/detail/CVE-2007-4990 Important 2007-09-22T00:00:00 xen guest root can escape to domain 0 through pygrub

pygrub (tools/pygrub/src/GrubConf.py) in Xen 3.0.3, when booting a guest domain, allows local users with elevated privileges in the guest domain to execute arbitrary commands in domain 0 via a crafted grub.conf file whose contents are used in exec statements.

Red Hat Enterprise Linux 5 2007-10-02T00:00:00 RHSA-2007:0323 xen-0:3.0.3-25.0.4.el5 https://www.cve.org/CVERecord?id=CVE-2007-4993 https://nvd.nist.gov/vuln/detail/CVE-2007-4993 Moderate 2007-10-08T00:00:00 rhcs CRL can get corrupted

Certificate Server 7.2 in Red Hat Certificate System (RHCS) does not properly handle new revocations that occur while a Certificate Revocation List (CRL) is being generated, which might prevent certain revoked certificates from appearing on the CRL quickly and allow users with revoked certificates to bypass the intended CRL.

Red Hat Certificate System 7.2 for RHEL 4 2007-10-08T00:00:00 RHSA-2007:0934 rhpki-ca-0:7.2.0-4 Red Hat Certificate System 7.2 for RHEL 4 2007-10-08T00:00:00 RHSA-2007:0934 rhpki-common-0:7.2.0-8 Red Hat Certificate System 7.2 for RHEL 4 2007-10-08T00:00:00 RHSA-2007:0934 rhpki-util-0:7.2.0-4 Red Hat Certificate System 7.3 2008-07-21T00:00:00 RHSA-2008:0566 rhpki-ca-0:7.3.0-11.el4 Red Hat Certificate System 7.3 2008-07-21T00:00:00 RHSA-2008:0566 rhpki-common-0:7.3.0-34.el4 Red Hat Certificate System 7.3 2008-07-21T00:00:00 RHSA-2008:0566 rhpki-util-0:7.3.0-18.el4 https://www.cve.org/CVERecord?id=CVE-2007-4994 https://nvd.nist.gov/vuln/detail/CVE-2007-4994 Important 2007-10-12T00:00:00 openssl dtls out of order vulnerabilitiy

Off-by-one error in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8f allows remote attackers to execute arbitrary code via unspecified vectors.

This issue did not affect the versions of OpenSSL as shipped with Red Hat Enterprise Linux 2.1, 3, or 4. Please note that the CVE description is incorrect, this issue did not affect upstream versions of OpenSSL prior to 0.9.8. Red Hat Enterprise Linux 5 2007-10-12T00:00:00 RHSA-2007:0964 openssl-0:0.9.8b-8.3.el5_0.2 https://www.cve.org/CVERecord?id=CVE-2007-4995 https://nvd.nist.gov/vuln/detail/CVE-2007-4995 Important 2007-09-27T00:00:00 MSN nudges sent from unknown buddies can cause libpurple to crash

libpurple in Pidgin before 2.2.1 does not properly handle MSN nudge messages from users who are not on the receiver's buddy list, which allows remote attackers to cause a denial of service (crash) via a nudge message that triggers an access of "an invalid memory location."

Not vulnerable. These issues did not affect the versions of Pidgin or Gaim as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5. https://www.cve.org/CVERecord?id=CVE-2007-4996 https://nvd.nist.gov/vuln/detail/CVE-2007-4996 Important 2007-10-02T00:00:00 kernel ieee80211 off-by-two integer underflow CWE-190

Integer underflow in the ieee80211_rx function in net/ieee80211/ieee80211_rx.c in the Linux kernel 2.6.x before 2.6.23 allows remote attackers to cause a denial of service (crash) via a crafted SKB length value in a runt IEEE 802.11 frame when the IEEE80211_STYPE_QOS_DATA flag is set, aka an "off-by-two error."

Red Hat would like to thank Chris Evans for reporting this issue. Red Hat Enterprise Linux 4 2007-12-19T00:00:00 RHSA-2007:1104 kernel-0:2.6.9-67.0.1.EL Red Hat Enterprise Linux 5 2007-11-29T00:00:00 RHSA-2007:0993 kernel-0:2.6.18-53.1.4.el5 https://www.cve.org/CVERecord?id=CVE-2007-4997 https://nvd.nist.gov/vuln/detail/CVE-2007-4997 Low 2008-01-22T00:00:00 cp symlink overwrite

cp, when running with an option to preserve symlinks on multiple OSes, allows local, user-assisted attackers to overwrite arbitrary files via a symlink attack using crafted directories containing multiple source files that are copied to the same destination.

This issue affects the busybox package in Red Hat Enterprise Linux 2.1, 3, 4, and 5, This issue affects the fileutils package in Red Hat Enterprise Linux 2.1. This issue affects the coreutils package in Red Hat Enterprise Linux 3. The coreutils package in Red Hat Enterprise Linux 4 and 5 are not vulnerable to this issue. Given this issue has minimal risk we do not intend to issues updates to correct this issue in affected versions of Red Hat Enterprise Linux. For more information please see: https://bugzilla.redhat.com/show_bug.cgi?id=356471 https://www.cve.org/CVERecord?id=CVE-2007-4998 https://nvd.nist.gov/vuln/detail/CVE-2007-4998

libpurple in Pidgin 2.1.0 through 2.2.1, when using HTML logging, allows remote attackers to cause a denial of service (NULL dereference and application crash) via a message that contains invalid HTML data, a different vector than CVE-2007-4996.

Not vulnerable. This issue did not affect the versions of Pidgin or Gaim as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5. https://www.cve.org/CVERecord?id=CVE-2007-4999 https://nvd.nist.gov/vuln/detail/CVE-2007-4999 Low 2007-12-11T00:00:00 httpd: mod_imagemap XSS CWE-79

Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 ant-0:1.6.5-1jpp_1rh Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 avalon-logkit-0:1.2-2jpp_4rh Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 axis-0:1.2.1-1jpp_3rh Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 classpathx-jaf-0:1.0-2jpp_6rh Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 classpathx-mail-0:1.1.1-2jpp_8rh Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 geronimo-specs-0:1.0-0.M4.1jpp_10rh Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 jakarta-commons-modeler-0:2.0-3jpp_2rh Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 log4j-0:1.2.12-1jpp_1rh Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 mx4j-1:3.0.1-1jpp_4rh Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 pcsc-lite-0:1.3.3-3.el4 Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 rhpki-ca-0:7.3.0-20.el4 Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 rhpki-java-tools-0:7.3.0-10.el4 Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 rhpki-kra-0:7.3.0-14.el4 Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 rhpki-manage-0:7.3.0-19.el4 Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 rhpki-native-tools-0:7.3.0-6.el4 Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 rhpki-ocsp-0:7.3.0-13.el4 Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 rhpki-tks-0:7.3.0-13.el4 Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 tomcat5-0:5.5.23-0jpp_4rh.16 Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 xerces-j2-0:2.7.1-1jpp_1rh Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 xml-commons-0:1.3.02-2jpp_1rh Red Hat Enterprise Linux 2.1 2008-01-15T00:00:00 RHSA-2008:0004 apache-0:1.3.27-14.ent Red Hat Enterprise Linux 3 2008-01-15T00:00:00 RHSA-2008:0005 httpd-0:2.0.46-70.ent Red Hat Enterprise Linux 4 2008-01-15T00:00:00 RHSA-2008:0006 httpd-0:2.0.52-38.ent.2 Red Hat Enterprise Linux 5 2008-01-15T00:00:00 RHSA-2008:0008 httpd-0:2.2.3-11.el5_1.3 Red Hat Network Proxy v 4.2 (RHEL 3) 2008-06-30T00:00:00 RHSA-2008:0523 jabberd-0:2.0s10-3.37.rhn Red Hat Network Proxy v 4.2 (RHEL 3) 2008-06-30T00:00:00 RHSA-2008:0523 rhn-apache-0:1.3.27-36.rhn.rhel3 Red Hat Network Proxy v 4.2 (RHEL 3) 2008-06-30T00:00:00 RHSA-2008:0523 rhn-modperl-0:1.29-16.rhel3 Red Hat Network Proxy v 4.2 (RHEL 4) 2008-06-30T00:00:00 RHSA-2008:0523 jabberd-0:2.0s10-3.38.rhn Red Hat Network Proxy v 4.2 (RHEL 4) 2008-06-30T00:00:00 RHSA-2008:0523 rhn-apache-0:1.3.27-36.rhn.rhel4 Red Hat Network Proxy v 4.2 (RHEL 4) 2008-06-30T00:00:00 RHSA-2008:0523 rhn-modperl-0:1.29-16.rhel4 Red Hat Network Proxy v 5.0 2008-05-20T00:00:00 RHSA-2008:0263 jabberd-0:2.0s10-3.38.rhn Red Hat Network Proxy v 5.0 2008-05-20T00:00:00 RHSA-2008:0263 rhn-apache-0:1.3.27-36.rhn.rhel4 Red Hat Network Proxy v 5.0 2008-05-20T00:00:00 RHSA-2008:0263 rhn-modperl-0:1.29-16.rhel4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 jabberd-0:2.0s10-3.38.rhn Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 jfreechart-0:0.9.20-3.rhn Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 openmotif21-0:2.1.30-11.RHEL4.6 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 perl-Crypt-CBC-0:2.24-1.el4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 rhn-apache-0:1.3.27-36.rhn.rhel4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 rhn-modjk-0:1.2.23-2rhn.rhel4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 rhn-modperl-0:1.29-16.rhel4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 rhn-modssl-0:2.8.12-8.rhn.10.rhel4 Red Hat Network Satellite Server v 4.2 2008-06-30T00:00:00 RHSA-2008:0524 tomcat5-0:5.0.30-0jpp_10rh Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 jabberd-0:2.0s10-3.37.rhn Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 jfreechart-0:0.9.20-3.rhn Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 openmotif21-0:2.1.30-9.RHEL3.8 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 perl-Crypt-CBC-0:2.24-1.el3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 rhn-apache-0:1.3.27-36.rhn.rhel3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 rhn-modjk-0:1.2.23-2rhn.rhel3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 rhn-modperl-0:1.29-16.rhel3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 rhn-modssl-0:2.8.12-8.rhn.10.rhel3 Red Hat Network Satellite Server v 4.2 (RHEL3) 2008-06-30T00:00:00 RHSA-2008:0524 tomcat5-0:5.0.30-0jpp_10rh Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 jabberd-0:2.0s10-3.38.rhn Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 jfreechart-0:0.9.20-3.rhn Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 openmotif21-0:2.1.30-11.RHEL4.6 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 perl-Crypt-CBC-0:2.24-1.el4 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 rhn-apache-0:1.3.27-36.rhn.rhel4 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 rhn-modjk-0:1.2.23-2rhn.rhel4 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 rhn-modperl-0:1.29-16.rhel4 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 rhn-modssl-0:2.8.12-8.rhn.10.rhel4 Red Hat Network Satellite Server v 5.0 2008-05-20T00:00:00 RHSA-2008:0261 tomcat5-0:5.0.30-0jpp_10rh Red Hat Web Application Stack for RHEL 4 2008-01-15T00:00:00 RHSA-2008:0007 httpd-0:2.0.59-1.el4s1.10 Red Hat Directory Server 8 Will not fix httpd https://www.cve.org/CVERecord?id=CVE-2007-5000 https://nvd.nist.gov/vuln/detail/CVE-2007-5000 Important 2008-05-07T00:00:00 kernel asynchronous IO on a FIFO kernel panic

Linux kernel before 2.4.21 allows local users to cause a denial of service (kernel panic) via asynchronous input or output on a FIFO special file.

Red Hat Enterprise Linux 3 2008-05-07T00:00:00 RHSA-2008:0211 kernel-0:2.4.21-57.EL https://www.cve.org/CVERecord?id=CVE-2007-5001 https://nvd.nist.gov/vuln/detail/CVE-2007-5001 Moderate 2007-09-06T00:00:00 balsa: IMAP server triggerred stack overflow

Stack-based buffer overflow in the ir_fetch_seq function in balsa before 2.3.20 might allow remote IMAP servers to execute arbitrary code via a long response to a FETCH command.

Not vulnerable. This issue did not affect version of balsa as shipped with Red Hat Enterprise Linux 2.1. https://www.cve.org/CVERecord?id=CVE-2007-5007 https://nvd.nist.gov/vuln/detail/CVE-2007-5007

Unspecified vulnerability in Adobe Acrobat and Reader 8.1 on Windows allows remote attackers to execute arbitrary code via a crafted PDF file, related to the mailto: option and Internet Explorer 7 on Windows XP. NOTE: this information is based upon a vague pre-advisory by a reliable researcher.

According to Abobe this issue affects only the Windows platform and therefore does not affect Adobe Acrobat Reader as distributed with Red Hat Enterprise Linux Extras. http://www.adobe.com/support/security/advisories/apsa07-04.html https://www.cve.org/CVERecord?id=CVE-2007-5020 https://nvd.nist.gov/vuln/detail/CVE-2007-5020 Moderate 2007-02-24T00:00:00 elinks reveals POST data to HTTPS proxy

ELinks before 0.11.3, when sending a POST request for an https URL, appends the body and content headers of the POST request to the CONNECT request in cleartext, which allows remote attackers to sniff sensitive data that would have been protected by TLS. NOTE: this issue only occurs when a proxy is defined for https.

Red Hat Enterprise Linux 4 2007-10-03T00:00:00 RHSA-2007:0933 elinks-0:0.9.2-3.3.5.2 Red Hat Enterprise Linux 5 2007-10-03T00:00:00 RHSA-2007:0933 elinks-0:0.11.1-5.1.0.1.el5 https://www.cve.org/CVERecord?id=CVE-2007-5034 https://nvd.nist.gov/vuln/detail/CVE-2007-5034

Argument injection vulnerability in Apple QuickTime 7.1.5 and earlier, when running on systems with Mozilla Firefox before 2.0.0.7 installed, allows remote attackers to execute arbitrary commands via a QuickTime Media Link (QTL) file with an embed XML element and a qtnext parameter containing the Firefox "-chrome" argument. NOTE: this is a related issue to CVE-2006-4965 and the result of an incomplete fix for CVE-2007-3670.

Not vulnerable. These issues did not affect the versions of Firefox as shipped with Red Hat Enterprise Linux. https://www.cve.org/CVERecord?id=CVE-2007-5045 https://nvd.nist.gov/vuln/detail/CVE-2007-5045 Low 2006-02-13T00:00:00 gdm with xdmcp ignoring tcp_wrappers on x86_64 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

Red Hat Enterprise Linux 4 does not properly compile and link gdm with tcp_wrappers on x86_64 platforms, which might allow remote attackers to bypass intended access restrictions.

Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=181302 The Red Hat Product Security has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: https://access.redhat.com/security/updates/classification/ Red Hat Enterprise Linux 4 2010-08-26T00:00:00 RHSA-2010:0657 gdm-1:2.6.0.5-7.rhel4.19.el4_8.2 https://www.cve.org/CVERecord?id=CVE-2007-5079 https://nvd.nist.gov/vuln/detail/CVE-2007-5079

Integer overflow in RealNetworks RealPlayer 10 and 10.5, RealOne Player 1, and RealPlayer Enterprise for Windows allows remote attackers to execute arbitrary code via a crafted Lyrics3 2.00 tag in an MP3 file, resulting in a heap-based buffer overflow.

Not vulnerable. This issue did not affect the versions of RealPlayer as shipped with Red Hat Enterprise Linux 3 Extras, 4 Extras, or 5 Supplementary. https://www.cve.org/CVERecord?id=CVE-2007-5080 https://nvd.nist.gov/vuln/detail/CVE-2007-5080 Critical 2007-10-25T00:00:00 realplayer rm file heap overflow

Heap-based buffer overflow in RealNetworks RealPlayer 8, 10, 10.1, and possibly 10.5; RealOne Player 1 and 2; and RealPlayer Enterprise allows remote attackers to execute arbitrary code via a crafted RM file.

Extras for RHEL 3 2007-08-17T00:00:00 RHSA-2007:0841 realplayer-0:10.0.9-0.rhel3.4 Supplementary for Red Hat Enterprise Linux 5 2007-08-17T00:00:00 RHSA-2007:0841 RealPlayer-0:10.0.9-3.el5 https://www.cve.org/CVERecord?id=CVE-2007-5081 https://nvd.nist.gov/vuln/detail/CVE-2007-5081 User triggerable kernel panic in ATM

The ATM module in the Linux kernel before 2.4.35.3, when CLIP support is enabled, allows local users to cause a denial of service (kernel panic) by reading /proc/net/atm/arp before the CLIP module has been loaded.

Not vulnerable. These issues did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5. https://www.cve.org/CVERecord?id=CVE-2007-5087 https://nvd.nist.gov/vuln/detail/CVE-2007-5087 Low 2007-08-21T00:00:00 kernel PWC driver DoS

The disconnect method in the Philips USB Webcam (pwc) driver in Linux kernel 2.6.x before 2.6.22.6 "relies on user space to close the device," which allows user-assisted local attackers to cause a denial of service (USB subsystem hang and CPU consumption in khubd) by not closing the device after the disconnect is invoked. NOTE: this rarely crosses privilege boundaries, unless the attacker can convince the victim to unplug the affected device.

Red Hat Enterprise Linux 4 2008-11-19T00:00:00 RHSA-2008:0972 kernel-0:2.6.9-78.0.8.EL Red Hat Enterprise Linux 5 2008-05-20T00:00:00 RHSA-2008:0275 kernel-0:2.6.18-53.1.21.el5 https://www.cve.org/CVERecord?id=CVE-2007-5093 https://nvd.nist.gov/vuln/detail/CVE-2007-5093 Important 2007-11-05T00:00:00 perl regular expression UTF parsing errors

Buffer overflow in the polymorphic opcode support in the Regular Expression Engine (regcomp.c) in Perl 5.8 allows context-dependent attackers to execute arbitrary code by switching from byte to Unicode (UTF) characters in a regular expression.

Red Hat would like to thank Tavis Ormandy and Will Drewry for reporting this issue. Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 ant-0:1.6.5-1jpp_1rh Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 avalon-logkit-0:1.2-2jpp_4rh Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 axis-0:1.2.1-1jpp_3rh Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 classpathx-jaf-0:1.0-2jpp_6rh Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 classpathx-mail-0:1.1.1-2jpp_8rh Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 geronimo-specs-0:1.0-0.M4.1jpp_10rh Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 jakarta-commons-modeler-0:2.0-3jpp_2rh Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 log4j-0:1.2.12-1jpp_1rh Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 mx4j-1:3.0.1-1jpp_4rh Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 pcsc-lite-0:1.3.3-3.el4 Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 rhpki-ca-0:7.3.0-20.el4 Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 rhpki-java-tools-0:7.3.0-10.el4 Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 rhpki-kra-0:7.3.0-14.el4 Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 rhpki-manage-0:7.3.0-19.el4 Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 rhpki-native-tools-0:7.3.0-6.el4 Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 rhpki-ocsp-0:7.3.0-13.el4 Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 rhpki-tks-0:7.3.0-13.el4 Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 tomcat5-0:5.5.23-0jpp_4rh.16 Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 xerces-j2-0:2.7.1-1jpp_1rh Red Hat Certificate System 7.3 2010-08-04T00:00:00 RHSA-2010:0602 xml-commons-0:1.3.02-2jpp_1rh Red Hat Enterprise Linux 3 2007-11-05T00:00:00 RHSA-2007:0966 perl-2:5.8.0-97.EL3 Red Hat Enterprise Linux 4 2007-11-05T00:00:00 RHSA-2007:0966 perl-3:5.8.5-36.el4_5.2 Red Hat Enterprise Linux 5 2007-11-05T00:00:00 RHSA-2007:0966 perl-4:5.8.8-10.el5_0.2 Red Hat Web Application Stack for RHEL 4 2007-11-05T00:00:00 RHSA-2007:1011 perl-4:5.8.8-5.el4s1_2 https://www.cve.org/CVERecord?id=CVE-2007-5116 https://nvd.nist.gov/vuln/detail/CVE-2007-5116 Moderate 2007-09-27T00:00:00 openssl: SSL_get_shared_ciphers() off-by-one CWE-193

Off-by-one error in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 up to 0.9.7l, and 0.9.8 up to 0.9.8f, might allow remote attackers to execute arbitrary code via a crafted packet that triggers a one-byte buffer underflow. NOTE: this issue was introduced as a result of a fix for CVE-2006-3738. As of 20071012, it is unknown whether code execution is possible.

Red Hat Enterprise Linux 2.1 2007-10-22T00:00:00 RHSA-2007:0813 openssl-0:0.9.6b-48 Red Hat Enterprise Linux 3 2007-10-22T00:00:00 RHSA-2007:0813 openssl-0:0.9.7a-33.24 Red Hat Enterprise Linux 4 2007-11-15T00:00:00 RHSA-2007:1003 openssl-0:0.9.7a-43.17.el4_6.1 Red Hat Enterprise Linux 5 2007-10-12T00:00:00 RHSA-2007:0964 openssl-0:0.9.8b-8.3.el5_0.2 https://www.cve.org/CVERecord?id=CVE-2007-5135 https://nvd.nist.gov/vuln/detail/CVE-2007-5135 Low 2007-09-07T00:00:00 Tk GIF processing buffer overflow

Buffer overflow in the ReadImage function in generic/tkImgGIF.c in Tcl (Tcl/Tk) 8.4.13 through 8.4.15 allows remote attackers to execute arbitrary code via multi-frame interlaced GIF files in which later frames are smaller than the first. NOTE: this issue is due to an incorrect patch for CVE-2007-5378.

Red Hat Enterprise Linux 5 2008-02-21T00:00:00 RHSA-2008:0136 tk-0:8.4.13-5.el5_1.1 https://www.cve.org/CVERecord?id=CVE-2007-5137 https://nvd.nist.gov/vuln/detail/CVE-2007-5137 Moderate 2007-09-27T00:00:00 Net: HTTP insufficient verification of SSL certificate

The connect method in lib/net/http.rb in the (1) Net::HTTP and (2) Net::HTTPS libraries in Ruby 1.8.5 and 1.8.6 does not verify that the commonName (CN) field in a server certificate matches the domain name in an HTTPS request, which makes it easier for remote attackers to intercept SSL transmissions via a man-in-the-middle attack or spoofed web site.

Red Hat Enterprise Linux 4 2007-11-13T00:00:00 RHSA-2007:0961 ruby-0:1.8.1-7.EL4.8.1 Red Hat Enterprise Linux 5 2007-11-13T00:00:00 RHSA-2007:0965 ruby-0:1.8.5-5.el5_1.1 https://www.cve.org/CVERecord?id=CVE-2007-5162 https://nvd.nist.gov/vuln/detail/CVE-2007-5162 Moderate 2007-09-20T00:00:00 util-linux (u)mount doesn't drop privileges properly when calling helpers

mount and umount in util-linux and loop-aes-utils call the setuid and setgid functions in the wrong order and do not check the return values, which might allow attackers to gain privileges via helpers such as mount.nfs.

Red Hat Enterprise Linux 3 2007-11-15T00:00:00 RHSA-2007:0969 util-linux-0:2.11y-31.24 Red Hat Enterprise Linux 4 2007-11-15T00:00:00 RHSA-2007:0969 util-linux-0:2.12a-17.el4_6.1 Red Hat Enterprise Linux 5 2007-11-15T00:00:00 RHSA-2007:0969 util-linux-0:2.13-0.45.el5_1.1 https://www.cve.org/CVERecord?id=CVE-2007-5191 https://nvd.nist.gov/vuln/detail/CVE-2007-5191 : mono Math.BigInteger buffer overflow

Buffer overflow in the Mono.Math.BigInteger class in Mono 1.2.5.1 and earlier allows context-dependent attackers to execute arbitrary code via unspecified vectors related to Reduce in Montgomery-based Pow methods.

https://www.cve.org/CVERecord?id=CVE-2007-5197 https://nvd.nist.gov/vuln/detail/CVE-2007-5197 Important 2007-06-17T00:00:00 nagios-plugins check_http buffer overflow

Buffer overflow in the redir function in check_http.c in Nagios Plugins before 1.4.10, when running with the -f (follow) option, allows remote web servers to execute arbitrary code via Location header responses (redirects) with a large number of leading "L" characters.

https://www.cve.org/CVERecord?id=CVE-2007-5198 https://nvd.nist.gov/vuln/detail/CVE-2007-5198 Low 2007-09-28T00:00:00 libxfont: single byte overflow in catalogue.c 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CWE-193

A single byte overflow in catalogue.c in X.Org libXfont 1.3.1 allows remote attackers to have unspecified impact.

Red Hat Enterprise Linux 5 Not affected libXfont Red Hat Enterprise Linux 6 Not affected libXfont Red Hat Enterprise Linux 7 Not affected libXfont https://www.cve.org/CVERecord?id=CVE-2007-5199 https://nvd.nist.gov/vuln/detail/CVE-2007-5199 Moderate 2007-10-14T00:00:00 hugin unsafe temporary file usage

hugin, as used on various operating systems including SUSE openSUSE 10.2 and 10.3, allows local users to overwrite arbitrary files via a symlink attack on the hugin_debug_optim_results.txt temporary file.

https://www.cve.org/CVERecord?id=CVE-2007-5200 https://nvd.nist.gov/vuln/detail/CVE-2007-5200 Duplicity discloses password in FTP backend