Summary
| Detail | |||
|---|---|---|---|
| Vendor | Gentoo | First view | 2003-03-07 |
| Product | Linux | Last view | 2006-03-24 |
| Version | 1.4 | Type | Os |
| Update | rc1 | ||
| Edition | * | ||
| Language | * | ||
| Sofware Edition | * | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:o:gentoo:linux | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 4.6 | 2006-03-24 | CVE-2006-1390 | The configuration of NetHack 3.4.3-r1 and earlier, Falcon's Eye 1.9.4a and earlier, and Slash'EM 0.0.760 and earlier on Gentoo Linux allows local users in the games group to modify saved games files to execute arbitrary code via buffer overflows and overwrite arbitrary files via symlink attacks. |
| 7.5 | 2005-05-02 | CVE-2005-0005 | Heap-based buffer overflow in psd.c for ImageMagick 6.1.0, 6.1.7, and possibly earlier versions allows remote attackers to execute arbitrary code via a .PSD image file with a large number of layers. |
| 6.8 | 2005-03-01 | CVE-2004-1055 | Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 2.6.0-pl2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the PmaAbsoluteUri parameter, (2) the zero_rows parameter in read_dump.php, (3) the confirm form, or (4) an error message generated by the internal phpMyAdmin parser. |
| 7.2 | 2004-12-31 | CVE-2004-1452 | Tomcat before 5.0.27-r3 in Gentoo Linux sets the default permissions on the init scripts as tomcat:tomcat, but executes the scripts with root privileges, which could allow local users in the tomcat group to execute arbitrary commands as root by modifying the scripts. |
| 5 | 2004-12-23 | CVE-2004-0749 | The mod_authz_svn module in Subversion 1.0.7 and earlier does not properly restrict access to all metadata on unreadable paths, which could allow remote attackers to gain sensitive information via (1) svn log -v, (2) svn propget, or (3) svn blame, and other commands that follow renames. |
| 7.6 | 2004-12-06 | CVE-2004-0456 | Stack-based buffer overflow in pavuk 0.9pl28, 0.9pl27, and possibly other versions allows remote web sites to execute arbitrary code via a long HTTP Location header. |
| 10 | 2004-11-23 | CVE-2004-0333 | Buffer overflow in the UUDeview package, as used in WinZip 6.2 through WinZip 8.1 SR-1, and possibly other packages, allows remote attackers to execute arbitrary code via a MIME archive with certain long MIME parameters. |
| 7.5 | 2004-08-18 | CVE-2004-0432 | ProFTPD 1.2.9 treats the Allow and Deny directives for CIDR based ACL entries as if they were AllowAll, which could allow FTP clients to bypass intended access restrictions. |
| 5 | 2004-08-18 | CVE-2004-0232 | Multiple format string vulnerabilities in Midnight Commander (mc) before 4.6.0 may allow attackers to cause a denial of service or execute arbitrary code. |
| 2.1 | 2004-08-18 | CVE-2004-0231 | Multiple vulnerabilities in Midnight Commander (mc) before 4.6.0, with unknown impact, related to "Insecure temporary file and directory creations." |
| 10 | 2004-08-18 | CVE-2004-0226 | Multiple buffer overflows in Midnight Commander (mc) before 4.6.0 may allow attackers to cause a denial of service or execute arbitrary code. |
| 10 | 2004-05-04 | CVE-2004-0386 | Buffer overflow in the HTTP parser for MPlayer 1.0pre3 and earlier, 0.90, and 0.91 allows remote attackers to execute arbitrary code via a long Location header. |
| 7.5 | 2004-04-15 | CVE-2004-0224 | Multiple buffer overflows in (1) iso2022jp.c or (2) shiftjis.c for Courier-IMAP before 3.0.0, Courier before 0.45, and SqWebMail before 4.0.0 may allow remote attackers to execute arbitrary code "when Unicode character is out of BMP range." |
| 10 | 2003-10-06 | CVE-2003-0694 | The prescan function in Sendmail 8.12.9 allows remote attackers to execute arbitrary code via buffer overflow attacks, as demonstrated using the parseaddr function in parseaddr.c. |
| 7.5 | 2003-10-06 | CVE-2003-0681 | A "potential buffer overflow in ruleset parsing" for Sendmail 8.12.9, when using the nonstandard rulesets (1) recipient (2), final, or (3) mailer-specific envelope recipients, has unknown consequences. |
| 10 | 2003-03-07 | CVE-2002-1337 | Buffer overflow in Sendmail 5.79 to 8.12.7 allows remote attackers to execute arbitrary code via certain formatted address fields, related to sender and recipient header comments as processed by the crackaddr function of headers.c. |
CAPEC : Common Attack Pattern Enumeration & Classification
| id | Name |
|---|---|
| CAPEC-8 | Buffer Overflow in an API Call |
| CAPEC-9 | Buffer Overflow in Local Command-Line Utilities |
| CAPEC-10 | Buffer Overflow via Environment Variables |
| CAPEC-14 | Client-side Injection-induced Buffer Overflow |
| CAPEC-24 | Filter Failure through Buffer Overflow |
| CAPEC-42 | MIME Conversion |
| CAPEC-44 | Overflow Binary Resource File |
| CAPEC-45 | Buffer Overflow via Symbolic Links |
| CAPEC-46 | Overflow Variables and Tags |
| CAPEC-47 | Buffer Overflow via Parameter Expansion |
| CAPEC-67 | String Format Overflow in syslog() |
| CAPEC-92 | Forced Integer Overflow |
| CAPEC-100 | Overflow Buffers |
| CAPEC-123 | Buffer Attacks |
Open Source Vulnerability Database (OSVDB)
| id | Description |
|---|---|
| 24105 | Gentoo Linux Multiple nethack Games Saved Game Symlink Arbitrary File Overwrite |
| 24104 | Gentoo Linux Multiple nethack Games High Score Processing Local Overflow |
| 13028 | ImageMagick PSD Image Decoding Module Overflow |
| 12238 | phpMyAdmin Error Message XSS |
| 11932 | phpMyAdmin Confirm Page Form Multiple Parameter XSS |
| 11931 | phpMyAdmin read_dump.php zero_rows Parameter XSS |
| 11930 | phpMyAdmin config.inc.php PmaAbsoluteUri Parameter XSS |
| 11537 | Pavuk Multiple Unspecified Overflows |
| 10217 | Subversion (SVN) mod_authz_svn Unreadable Path Metadata Information Disclosure |
| 8851 | Gentoo Tomcat Group Root Privilege Escalation |
| 7319 | Pavuk HTTP Location Header Overflow |
| 6927 | Courier Japanese Codeset shiftjis.c Conversion Overflow |
| 5744 | ProFTPD CIDR IP Subnet ACL Bypass |
| 5722 | Midnight Commander Unspecified Buffer Overflows |
| 5721 | Midnight Commander Insecure Temporary File Creation |
| 5720 | Midnight Commander Unspecified Format String |
| 4754 | MPlayer HTTP Location Header Parsing Overflow |
| 4502 | Sendmail headers.c crackaddr Function Address Field Handling Remote Overflow |
| 4194 | Courier Japanese Codeset iso2022jp.c Conversion Overflow |
| 4076 | WinZip MIME Archive Parsing Overflow |
| 2577 | Sendmail prescan() Function Remote Overflow |
OpenVAS Exploits
| id | Description |
|---|---|
| 2009-05-05 | Name : HP-UX Update for sendmail HPSBUX00281 File : nvt/gb_hp_ux_HPSBUX00281.nasl |
| 2009-05-05 | Name : HP-UX Update for sendmail HPSBUX00246 File : nvt/gb_hp_ux_HPSBUX00246.nasl |
| 2008-09-24 | Name : Gentoo Security Advisory GLSA 200603-23 (nethack slashem falconseye) File : nvt/glsa_200603_23.nasl |
| 2008-09-24 | Name : Gentoo Security Advisory GLSA 200408-15 (tomcat) File : nvt/glsa_200408_15.nasl |
| 2008-09-24 | Name : Gentoo Security Advisory GLSA 200406-22 (Pavuk) File : nvt/glsa_200406_22.nasl |
| 2008-09-24 | Name : Gentoo Security Advisory GLSA 200405-21 (MC) File : nvt/glsa_200405_21.nasl |
| 2008-09-24 | Name : Gentoo Security Advisory GLSA 200405-09 (proftpd) File : nvt/glsa_200405_09.nasl |
| 2008-09-24 | Name : Gentoo Security Advisory GLSA 200403-13 (mplayer) File : nvt/glsa_200403_13.nasl |
| 2008-09-24 | Name : Gentoo Security Advisory GLSA 200403-06 (Courier) File : nvt/glsa_200403_06.nasl |
| 2008-09-24 | Name : Gentoo Security Advisory GLSA 200409-35 (Subversion) File : nvt/glsa_200409_35.nasl |
| 2008-09-24 | Name : Gentoo Security Advisory GLSA 200411-19 (pavuk) File : nvt/glsa_200411_19.nasl |
| 2008-09-24 | Name : Gentoo Security Advisory GLSA 200411-36 (phpmyadmin) File : nvt/glsa_200411_36.nasl |
| 2008-09-24 | Name : Gentoo Security Advisory GLSA 200501-26 (imagemagick) File : nvt/glsa_200501_26.nasl |
| 2008-09-24 | Name : Gentoo Security Advisory GLSA 200501-37 (GraphicsMagick) File : nvt/glsa_200501_37.nasl |
| 2008-09-04 | Name : FreeBSD Ports: mc File : nvt/freebsd_mc0.nasl |
| 2008-09-04 | Name : FreeBSD Ports: mplayer, mplayer-gtk, mplayer-esound, mplayer-gtk-esound File : nvt/freebsd_mplayer1.nasl |
| 2008-09-04 | Name : FreeBSD Ports: pavuk File : nvt/freebsd_pavuk.nasl |
| 2008-09-04 | Name : FreeBSD Ports: phpMyAdmin File : nvt/freebsd_phpMyAdmin1.nasl |
| 2008-09-04 | Name : FreeBSD Ports: proftpd File : nvt/freebsd_proftpd.nasl |
| 2008-09-04 | Name : FreeBSD Ports: subversion, subversion-perl, subversion-python File : nvt/freebsd_subversion.nasl |
| 2008-09-04 | Name : FreeBSD Ports: uulib, uudeview, xdeview File : nvt/freebsd_uulib.nasl |
| 2008-09-04 | Name : FreeBSD Ports: courier File : nvt/freebsd_courier.nasl |
| 2008-09-04 | Name : FreeBSD Ports: ImageMagick File : nvt/freebsd_ImageMagick0.nasl |
| 2008-01-17 | Name : Debian Security Advisory DSA 257-1 (sendmail) File : nvt/deb_257_1.nasl |
| 2008-01-17 | Name : Debian Security Advisory DSA 646-1 (imagemagick) File : nvt/deb_646_1.nasl |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2014-01-10 | RCPT TO overflow RuleID : 654-community - Type : SERVER-MAIL - Revision : 28 |
| 2014-01-10 | RCPT TO overflow RuleID : 654 - Type : SERVER-MAIL - Revision : 28 |
| 2014-01-10 | WinZip MIME content-disposition buffer overflow RuleID : 2488-community - Type : SERVER-MAIL - Revision : 18 |
| 2014-01-10 | WinZip MIME content-disposition buffer overflow RuleID : 2488 - Type : SERVER-MAIL - Revision : 18 |
| 2014-01-10 | WinZip MIME content-type buffer overflow RuleID : 2487-community - Type : SERVER-MAIL - Revision : 17 |
| 2014-01-10 | WinZip MIME content-type buffer overflow RuleID : 2487 - Type : SERVER-MAIL - Revision : 17 |
| 2014-01-10 | Sendmail RCPT TO prescan too long addresses overflow RuleID : 2270-community - Type : SERVER-MAIL - Revision : 18 |
| 2014-01-10 | Sendmail RCPT TO prescan too long addresses overflow RuleID : 2270 - Type : SERVER-MAIL - Revision : 18 |
| 2014-01-10 | Sendmail RCPT TO prescan too many addresses overflow RuleID : 2269-community - Type : SERVER-MAIL - Revision : 15 |
| 2014-01-10 | Sendmail RCPT TO prescan too many addresses overflow RuleID : 2269 - Type : SERVER-MAIL - Revision : 15 |
| 2014-01-10 | Sendmail MAIL FROM prescan too many addresses overflow RuleID : 2267-community - Type : SERVER-MAIL - Revision : 15 |
| 2014-01-10 | Sendmail MAIL FROM prescan too many addresses overflow RuleID : 2267 - Type : SERVER-MAIL - Revision : 15 |
| 2014-01-10 | Sendmail SOML FROM prescan too many addresses overflow RuleID : 2265-community - Type : SERVER-MAIL - Revision : 14 |
| 2014-01-10 | Sendmail SOML FROM prescan too many addresses overflow RuleID : 2265 - Type : SERVER-MAIL - Revision : 14 |
| 2014-01-10 | Sendmail SAML FROM prescan too many addresses overflow RuleID : 2263-community - Type : SERVER-MAIL - Revision : 16 |
| 2014-01-10 | Sendmail SAML FROM prescan too many addresses overflow RuleID : 2263 - Type : SERVER-MAIL - Revision : 16 |
| 2014-01-10 | Sendmail SEND FROM prescan too many addresses overflow RuleID : 2261-community - Type : SERVER-MAIL - Revision : 16 |
| 2014-01-10 | Sendmail SEND FROM prescan too many addresses overflow RuleID : 2261 - Type : SERVER-MAIL - Revision : 16 |
| 2014-01-10 | VRFY overflow attempt RuleID : 2260-community - Type : SERVER-MAIL - Revision : 17 |
| 2014-01-10 | VRFY overflow attempt RuleID : 2260 - Type : SERVER-MAIL - Revision : 17 |
| 2014-01-10 | EXPN overflow attempt RuleID : 2259-community - Type : SERVER-MAIL - Revision : 17 |
| 2014-01-10 | EXPN overflow attempt RuleID : 2259 - Type : SERVER-MAIL - Revision : 17 |
| 2014-01-10 | From comment overflow attempt RuleID : 2087-community - Type : SERVER-MAIL - Revision : 14 |
| 2014-01-10 | From comment overflow attempt RuleID : 2087 - Type : SERVER-MAIL - Revision : 14 |
| 2014-01-10 | RCPT TO overflow RuleID : 18574 - Type : SERVER-MAIL - Revision : 6 |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2009-04-23 | Name: The remote FreeBSD host is missing a security-related update. File: freebsd_pkg_cb6c6c299c4f11d893660020ed76ef5a.nasl - Type: ACT_GATHER_INFO |
| 2009-04-23 | Name: The remote FreeBSD host is missing a security-related update. File: freebsd_pkg_76904dceccf311d8babb000854d03344.nasl - Type: ACT_GATHER_INFO |
| 2009-04-23 | Name: The remote FreeBSD host is missing one or more security-related updates. File: freebsd_pkg_184f5d0b0fe811d98a8a000c41e2cdad.nasl - Type: ACT_GATHER_INFO |
| 2009-04-23 | Name: The remote FreeBSD host is missing a security-related update. File: freebsd_pkg_0c6f3fde9c5111d893660020ed76ef5a.nasl - Type: ACT_GATHER_INFO |
| 2007-09-25 | Name: The remote HP-UX host is missing a security-related patch. File: hpux_PHNE_35485.nasl - Type: ACT_GATHER_INFO |
| 2007-09-25 | Name: The remote HP-UX host is missing a security-related patch. File: hpux_PHNE_35484.nasl - Type: ACT_GATHER_INFO |
| 2007-09-25 | Name: The remote HP-UX host is missing a security-related patch. File: hpux_PHNE_35483.nasl - Type: ACT_GATHER_INFO |
| 2006-03-27 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-200603-23.nasl - Type: ACT_GATHER_INFO |
| 2006-01-15 | Name: The remote Ubuntu host is missing one or more security-related patches. File: ubuntu_USN-62-1.nasl - Type: ACT_GATHER_INFO |
| 2005-09-12 | Name: The remote Fedora Core host is missing a security update. File: fedora_2005-235.nasl - Type: ACT_GATHER_INFO |
| 2005-07-13 | Name: The remote Slackware host is missing a security update. File: Slackware_SSA_2004-136-01.nasl - Type: ACT_GATHER_INFO |
| 2005-07-13 | Name: The remote FreeBSD host is missing one or more security-related updates. File: freebsd_pkg_98bd69c3834b11d8a41f0020ed76ef5a.nasl - Type: ACT_GATHER_INFO |
| 2005-07-13 | Name: The remote FreeBSD host is missing one or more security-related updates. File: freebsd_pkg_597e2bee68ea11d9a9e70001020eed82.nasl - Type: ACT_GATHER_INFO |
| 2005-05-19 | Name: The remote Fedora Core host is missing a security update. File: fedora_2005-234.nasl - Type: ACT_GATHER_INFO |
| 2005-04-02 | Name: The remote Mandrake Linux host is missing one or more security updates. File: mandrake_MDKSA-2005-065.nasl - Type: ACT_GATHER_INFO |
| 2005-03-25 | Name: The remote Red Hat host is missing one or more security updates. File: redhat-RHSA-2005-070.nasl - Type: ACT_GATHER_INFO |
| 2005-02-22 | Name: The remote Red Hat host is missing one or more security updates. File: redhat-RHSA-2005-071.nasl - Type: ACT_GATHER_INFO |
| 2005-02-16 | Name: The remote HP-UX host is missing a security-related patch. File: hpux_PHNE_28409.nasl - Type: ACT_GATHER_INFO |
| 2005-02-16 | Name: The remote HP-UX host is missing a security-related patch. File: hpux_PHNE_29526.nasl - Type: ACT_GATHER_INFO |
| 2005-02-16 | Name: The remote HP-UX host is missing a security-related patch. File: hpux_PHNE_29912.nasl - Type: ACT_GATHER_INFO |
| 2005-02-16 | Name: The remote HP-UX host is missing a security-related patch. File: hpux_PHNE_30224.nasl - Type: ACT_GATHER_INFO |
| 2005-02-14 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-200501-37.nasl - Type: ACT_GATHER_INFO |
| 2005-02-14 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-200501-26.nasl - Type: ACT_GATHER_INFO |
| 2005-01-19 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-646.nasl - Type: ACT_GATHER_INFO |
| 2004-11-27 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-200411-36.nasl - Type: ACT_GATHER_INFO |
