Summary
Detail | |||
---|---|---|---|
Vendor | Gentoo | First view | 2004-04-15 |
Product | Linux | Last view | 2006-03-24 |
Version | 1.4 | Type | Os |
Update | * | ||
Edition | * | ||
Language | * | ||
Sofware Edition | * | ||
Target Software | * | ||
Target Hardware | * | ||
Other | * | ||
CPE Product | cpe:2.3:o:gentoo:linux |
Activity : Overall
Related : CVE
Date | Alert | Description | |
---|---|---|---|
4.6 | 2006-03-24 | CVE-2006-1390 | The configuration of NetHack 3.4.3-r1 and earlier, Falcon's Eye 1.9.4a and earlier, and Slash'EM 0.0.760 and earlier on Gentoo Linux allows local users in the games group to modify saved games files to execute arbitrary code via buffer overflows and overwrite arbitrary files via symlink attacks. |
7.5 | 2005-05-02 | CVE-2005-0005 | Heap-based buffer overflow in psd.c for ImageMagick 6.1.0, 6.1.7, and possibly earlier versions allows remote attackers to execute arbitrary code via a .PSD image file with a large number of layers. |
6.8 | 2005-03-01 | CVE-2004-1055 | Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 2.6.0-pl2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the PmaAbsoluteUri parameter, (2) the zero_rows parameter in read_dump.php, (3) the confirm form, or (4) an error message generated by the internal phpMyAdmin parser. |
7.5 | 2005-02-09 | CVE-2004-0937 | Sophos Anti-Virus before 3.87.0, and Sophos Anti-Virus for Windows 95, 98, and Me before 3.88.0, allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system. |
7.5 | 2005-01-27 | CVE-2004-0936 | RAV antivirus allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system. |
7.5 | 2005-01-27 | CVE-2004-0935 | Eset Anti-Virus before 1.020 (16th September 2004) allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system. |
7.5 | 2005-01-27 | CVE-2004-0934 | Kaspersky 3.x to 4.x allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system. |
7.5 | 2005-01-27 | CVE-2004-0933 | Computer Associates (CA) InoculateIT 6.0, eTrust Antivirus r6.0 through r7.1, eTrust Antivirus for the Gateway r7.0 and r7.1, eTrust Secure Content Manager, eTrust Intrusion Detection, EZ-Armor 2.0 through 2.4, and EZ-Antivirus 6.1 through 6.3 allow remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system. |
7.5 | 2005-01-27 | CVE-2004-0932 | McAfee Anti-Virus Engine DATS drivers before 4398 released on Oct 13th 2004 and DATS Driver before 4397 October 6th 2004 allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system. |
10 | 2005-01-27 | CVE-2004-0891 | Buffer overflow in the MSN protocol handler for gaim 0.79 to 1.0.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an "unexpected sequence of MSNSLP messages" that results in an unbounded copy operation that writes to the wrong buffer. |
2.1 | 2005-01-27 | CVE-2004-0881 | getmail 4.x before 4.2.0, and other versions before 3.2.5, when run as root, allows local users to write files in arbitrary directories via a symlink attack on subdirectories in the maildir. |
1.2 | 2005-01-27 | CVE-2004-0880 | getmail 4.x before 4.2.0, when run as root, allows local users to overwrite arbitrary files via a symlink attack on an mbox file. |
7.5 | 2005-01-10 | CVE-2004-1096 | Archive::Zip Perl module before 1.14, when used by antivirus programs such as amavisd-new, allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system. |
7.1 | 2004-12-31 | CVE-2004-1471 | Format string vulnerability in wrapper.c in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16 allows remote attackers with CVSROOT commit access to cause a denial of service (application crash) and possibly execute arbitrary code via format string specifiers in a wrapper line. |
7.2 | 2004-12-31 | CVE-2004-1452 | Tomcat before 5.0.27-r3 in Gentoo Linux sets the default permissions on the init scripts as tomcat:tomcat, but executes the scripts with root privileges, which could allow local users in the tomcat group to execute arbitrary commands as root by modifying the scripts. |
7.2 | 2004-12-23 | CVE-2004-0834 | Format string vulnerability in Speedtouch USB driver before 1.3.1 allows local users to execute arbitrary code via (1) modem_run, (2) pppoa2, or (3) pppoa3. |
5 | 2004-12-23 | CVE-2004-0749 | The mod_authz_svn module in Subversion 1.0.7 and earlier does not properly restrict access to all metadata on unreadable paths, which could allow remote attackers to gain sensitive information via (1) svn log -v, (2) svn propget, or (3) svn blame, and other commands that follow renames. |
10 | 2004-12-06 | CVE-2004-0608 | The Unreal Engine, as used in DeusEx 1.112fm and earlier, Devastation 390 and earlier, Mobile Forces 20000 and earlier, Nerf Arena Blast 1.2 and earlier, Postal 2 1337 and earlier, Rune 107 and earlier, Tactical Ops 3.4.0 and earlier, Unreal 1 226f and earlier, Unreal II XMP 7710 and earlier, Unreal Tournament 451b and earlier, Unreal Tournament 2003 2225 and earlier, Unreal Tournament 2004 before 3236, Wheel of Time 333b and earlier, and X-com Enforcer, allows remote attackers to execute arbitrary code via a UDP packet containing a secure query with a long value, which overwrites memory. |
5 | 2004-12-06 | CVE-2004-0604 | The HTTP client and server in giFT-FastTrack 0.8.6 and earlier allows remote attackers to cause a denial of service (crash), possibly via an empty search query, which triggers a NULL dereference. |
7.6 | 2004-12-06 | CVE-2004-0456 | Stack-based buffer overflow in pavuk 0.9pl28, 0.9pl27, and possibly other versions allows remote web sites to execute arbitrary code via a long HTTP Location header. |
10 | 2004-11-23 | CVE-2004-0333 | Buffer overflow in the UUDeview package, as used in WinZip 6.2 through WinZip 8.1 SR-1, and possibly other packages, allows remote attackers to execute arbitrary code via a MIME archive with certain long MIME parameters. |
7.5 | 2004-10-20 | CVE-2004-0746 | Konqueror in KDE 3.2.3 and earlier allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk and .firm.in, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session. |
7.5 | 2004-09-28 | CVE-2004-0500 | Buffer overflow in the MSN protocol plugins (1) object.c and (2) slp.c for Gaim before 0.82 allows remote attackers to cause a denial of service and possibly execute arbitrary code via MSNSLP protocol messages that are not properly handled in a strncpy call. |
5 | 2004-09-16 | CVE-2004-0809 | The mod_dav module in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (child process crash) via a certain sequence of LOCK requests for a location that allows WebDAV authoring access. |
7.5 | 2004-08-18 | CVE-2004-0432 | ProFTPD 1.2.9 treats the Allow and Deny directives for CIDR based ACL entries as if they were AllowAll, which could allow FTP clients to bypass intended access restrictions. |
CWE : Common Weakness Enumeration
% | id | Name |
---|---|---|
100% (1) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
Open Source Vulnerability Database (OSVDB)
id | Description |
---|---|
24105 | Gentoo Linux Multiple nethack Games Saved Game Symlink Arbitrary File Overwrite |
24104 | Gentoo Linux Multiple nethack Games High Score Processing Local Overflow |
15727 | CVS Wrapper Line Format String |
13028 | ImageMagick PSD Image Decoding Module Overflow |
12238 | phpMyAdmin Error Message XSS |
11932 | phpMyAdmin Confirm Page Form Multiple Parameter XSS |
11931 | phpMyAdmin read_dump.php zero_rows Parameter XSS |
11930 | phpMyAdmin config.inc.php PmaAbsoluteUri Parameter XSS |
11537 | Pavuk Multiple Unspecified Overflows |
11004 | Thomson SpeedTouch USB Driver Multiple Function Format String |
10988 | Gaim MSN File Transfer Overflow DoS |
10987 | Gaim Malformed MSN SLP Message DoS |
10986 | Gaim MSN SLP Message Handling Remote Overflow |
10963 | Multiple Anti-Virus Zero Compressed Size Header Detection Bypass |
10217 | Subversion (SVN) mod_authz_svn Unreadable Path Metadata Information Disclosure |
10072 | getmail /tmp Symlink Local Privilege Escalation |
10002 | Multiple Browser Cross-Domain Cookie Injection |
9948 | mod_dav for Apache HTTP Server LOCK Request DoS |
9117 | KDE Cross-Domain Cookie Injection |
8989 | Cacti auth_login.php SQL Injection |
8962 | Gaim msn_import_html() Function Overflow |
8961 | Gaim encode_spaces() Function Overflow |
8851 | Gentoo Tomcat Group Root Privilege Escalation |
8382 | Gaim msn_slp_sip_recv() Function Overflow |
8267 | SoX .WAV File Processing Multiple Field Overflow |
ExploitDB Exploits
id | Description |
---|---|
629 | Multiple AntiVirus (zip file) Detection Bypass Exploit |
374 | SoX Local Buffer Overflow Exploiter (Via Crafted WAV File) |
OpenVAS Exploits
id | Description |
---|---|
2009-10-10 | Name : SLES9: Security update for Apache 2 File : nvt/sles9p5009547.nasl |
2009-10-10 | Name : SLES9: Security update for webdav apache module File : nvt/sles9p5013988.nasl |
2009-05-05 | Name : HP-UX Update for Apache HPSBUX01064 File : nvt/gb_hp_ux_HPSBUX01064.nasl |
2009-05-05 | Name : HP-UX Update for Apache with PHP HPSBUX01090 File : nvt/gb_hp_ux_HPSBUX01090.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200407-03 (Apache) File : nvt/glsa_200407_03.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200411-36 (phpmyadmin) File : nvt/glsa_200411_36.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200603-23 (nethack slashem falconseye) File : nvt/glsa_200603_23.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200501-37 (GraphicsMagick) File : nvt/glsa_200501_37.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200501-26 (imagemagick) File : nvt/glsa_200501_26.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200407-02 (Kernel) File : nvt/glsa_200407_02.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200406-22 (Pavuk) File : nvt/glsa_200406_22.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200406-19 (giFT-FastTrack) File : nvt/glsa_200406_19.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200406-14 (aspell) File : nvt/glsa_200406_14.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200406-06 (CVS) File : nvt/glsa_200406_06.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200406-05 (Apache) File : nvt/glsa_200406_05.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200405-21 (MC) File : nvt/glsa_200405_21.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200405-09 (proftpd) File : nvt/glsa_200405_09.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200403-13 (mplayer) File : nvt/glsa_200403_13.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200403-06 (Courier) File : nvt/glsa_200403_06.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200407-14 (Unreal Tournament) File : nvt/glsa_200407_14.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200411-19 (pavuk) File : nvt/glsa_200411_19.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200411-04 (speedtouch) File : nvt/glsa_200411_04.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200410-31 (Archive::Zip) File : nvt/glsa_200410_31.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200410-23 (gaim) File : nvt/glsa_200410_23.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200409-35 (Subversion) File : nvt/glsa_200409_35.nasl |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | Microsoft Internet Explorer RAV Online Scanner ActiveX object access RuleID : 4188 - Type : BROWSER-PLUGINS - Revision : 12 |
2014-01-10 | Unreal Tournament secure overflow attempt RuleID : 3080-community - Type : SERVER-OTHER - Revision : 9 |
2014-01-10 | Unreal Tournament secure overflow attempt RuleID : 3080 - Type : SERVER-OTHER - Revision : 9 |
2014-01-10 | Multiple products ZIP archive virus detection bypass attempt RuleID : 27048 - Type : FILE-OTHER - Revision : 2 |
2014-01-10 | Multiple products ZIP archive virus detection bypass attempt RuleID : 26989 - Type : FILE-OTHER - Revision : 7 |
2014-01-10 | Multiple products ZIP archive virus detection bypass attempt RuleID : 26926 - Type : FILE-OTHER - Revision : 8 |
2014-01-10 | CVS Max-dotdot integer overflow attempt RuleID : 2583-community - Type : SERVER-OTHER - Revision : 9 |
2014-01-10 | CVS Max-dotdot integer overflow attempt RuleID : 2583 - Type : SERVER-OTHER - Revision : 9 |
2014-01-10 | WinZip MIME content-disposition buffer overflow RuleID : 2488-community - Type : SERVER-MAIL - Revision : 18 |
2014-01-10 | WinZip MIME content-disposition buffer overflow RuleID : 2488 - Type : SERVER-MAIL - Revision : 18 |
2014-01-10 | WinZip MIME content-type buffer overflow RuleID : 2487-community - Type : SERVER-MAIL - Revision : 17 |
2014-01-10 | WinZip MIME content-type buffer overflow RuleID : 2487 - Type : SERVER-MAIL - Revision : 17 |
2014-01-10 | Apache mod_ssl hook functions format string attempt RuleID : 15980 - Type : SERVER-APACHE - Revision : 7 |
2014-01-10 | CVS Argumentx command double free attempt RuleID : 15971 - Type : SERVER-OTHER - Revision : 5 |
Nessus® Vulnerability Scanner
id | Description |
---|---|
2013-01-24 | Name: The remote Red Hat host is missing one or more security updates. File: redhat-RHSA-2008-0523.nasl - Type: ACT_GATHER_INFO |
2009-09-24 | Name: The remote SuSE 9 host is missing a security-related patch. File: suse9_9363.nasl - Type: ACT_GATHER_INFO |
2009-04-23 | Name: The remote FreeBSD host is missing one or more security-related updates. File: freebsd_pkg_013fa252072411d9b45d000c41e2cdad.nasl - Type: ACT_GATHER_INFO |
2009-04-23 | Name: The remote FreeBSD host is missing a security-related update. File: freebsd_pkg_0c6f3fde9c5111d893660020ed76ef5a.nasl - Type: ACT_GATHER_INFO |
2009-04-23 | Name: The remote FreeBSD host is missing one or more security-related updates. File: freebsd_pkg_184f5d0b0fe811d98a8a000c41e2cdad.nasl - Type: ACT_GATHER_INFO |
2009-04-23 | Name: The remote FreeBSD host is missing one or more security-related updates. File: freebsd_pkg_18974c8a1fbd11d9814e0001020eed82.nasl - Type: ACT_GATHER_INFO |
2009-04-23 | Name: The remote FreeBSD host is missing a security-related update. File: freebsd_pkg_1f738bdac6ac11d88898000d6111a684.nasl - Type: ACT_GATHER_INFO |
2009-04-23 | Name: The remote FreeBSD host is missing a security-related update. File: freebsd_pkg_3e4ffe76e0d411d89b0a000347a4fa7d.nasl - Type: ACT_GATHER_INFO |
2009-04-23 | Name: The remote FreeBSD host is missing one or more security-related updates. File: freebsd_pkg_5b8f9a02ec9311d8b913000c41e2cdad.nasl - Type: ACT_GATHER_INFO |
2009-04-23 | Name: The remote FreeBSD host is missing a security-related update. File: freebsd_pkg_76904dceccf311d8babb000854d03344.nasl - Type: ACT_GATHER_INFO |
2009-04-23 | Name: The remote FreeBSD host is missing a security-related update. File: freebsd_pkg_8c33b299163b11d9ac1b000d614f7fad.nasl - Type: ACT_GATHER_INFO |
2009-04-23 | Name: The remote FreeBSD host is missing a security-related update. File: freebsd_pkg_cb6c6c299c4f11d893660020ed76ef5a.nasl - Type: ACT_GATHER_INFO |
2009-04-23 | Name: The remote FreeBSD host is missing a security-related update. File: freebsd_pkg_d2102505f03d11d881b0000347a4fa7d.nasl - Type: ACT_GATHER_INFO |
2009-04-23 | Name: The remote FreeBSD host is missing a security-related update. File: freebsd_pkg_ff00f2cec54c11d8b70800061bc2ad93.nasl - Type: ACT_GATHER_INFO |
2006-10-14 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-1067.nasl - Type: ACT_GATHER_INFO |
2006-10-14 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-1069.nasl - Type: ACT_GATHER_INFO |
2006-10-14 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-1070.nasl - Type: ACT_GATHER_INFO |
2006-10-14 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-1082.nasl - Type: ACT_GATHER_INFO |
2006-03-27 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-200603-23.nasl - Type: ACT_GATHER_INFO |
2006-01-15 | Name: The remote Ubuntu host is missing one or more security-related patches. File: ubuntu_USN-177-1.nasl - Type: ACT_GATHER_INFO |
2006-01-15 | Name: The remote Ubuntu host is missing one or more security-related patches. File: ubuntu_USN-62-1.nasl - Type: ACT_GATHER_INFO |
2006-01-15 | Name: The remote Ubuntu host is missing a security-related patch. File: ubuntu_USN-8-1.nasl - Type: ACT_GATHER_INFO |
2005-09-12 | Name: The remote Fedora Core host is missing a security update. File: fedora_2005-235.nasl - Type: ACT_GATHER_INFO |
2005-07-13 | Name: The remote Slackware host is missing a security update. File: Slackware_SSA_2004-136-01.nasl - Type: ACT_GATHER_INFO |
2005-07-13 | Name: The remote Slackware host is missing a security update. File: Slackware_SSA_2004-154-01.nasl - Type: ACT_GATHER_INFO |