This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Mandrakesoft First view 2001-03-12
Product Mandrake Linux Corporate Server Last view 2008-01-11
Version Type Os
Update  
Edition  
Language  
Sofware Edition  
Target Software  
Target Hardware  
Other  

Activity : Overall

COMMON PLATFORM ENUMERATION: Repartition per Version

CPE Name Affected CVE
cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:2.1:*:*:*:*:*:*:* 33
cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:2.1:*:x86_64:*:*:*:*:* 28
cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:* 14
cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:1.0.1:*:*:*:*:*:*:* 14
cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:x86_64:*:*:*:*:* 11
cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:*:*:*:*:*:* 2
cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:x86_64:*:*:*:*:* 2
cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:*:*:*:*:*:*:*:* 1

Related : CVE

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
5 2008-01-11 CVE-2007-6284

The xmlCurrentChar function in libxml2 before 2.6.31 allows context-dependent attackers to cause a denial of service (infinite loop) via XML containing invalid UTF-8 sequences.

7.5 2007-02-05 CVE-2007-0454

Format string vulnerability in the afsacl.so VFS module in Samba 3.0.6 through 3.0.23d allows context-dependent attackers to execute arbitrary code via format string specifiers in a filename on an AFS file system, which is not properly handled during Windows ACL mapping.

5 2005-12-31 CVE-2005-3626

Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (crash) via a crafted FlateDecode stream that triggers a null dereference.

10 2005-12-31 CVE-2005-3625

Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (infinite loop) via streams that end prematurely, as demonstrated using the (1) CCITTFaxDecode and (2) DCTDecode streams, aka "Infinite CPU spins."

5 2005-12-31 CVE-2005-3624

The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others allows attackers to corrupt the heap via negative or large integers in a CCITTFaxDecode stream, which lead to integer overflows and integer underflows.

5 2005-07-26 CVE-2005-2377

nss_ldap 181 to versions before 213, as used in Mandrake Corporate Server and Mandrake 10.0, and other operating systems, does not properly handle a SIGPIPE signal when sending a search request to an LDAP directory server, which might allow remote attackers to cause a denial of service (crond and other application crash) if they can cause an LDAP server to become unavailable. NOTE: it is not clear whether this attack scenario is sufficient to include this item in CVE.

7.5 2005-04-27 CVE-2005-0206

The patch for integer overflow vulnerabilities in Xpdf 2.0 and 3.0 (CVE-2004-0888) is incomplete for 64-bit architectures on certain Linux distributions such as Red Hat, which could leave Xpdf users exposed to the original vulnerabilities.

6.8 2005-04-27 CVE-2005-0085

Cross-site scripting (XSS) vulnerability in ht://dig (htdig) before 3.1.6-r7 allows remote attackers to execute arbitrary web script or HTML via the config parameter, which is not properly sanitized before it is displayed in an error message.

7.2 2005-04-14 CVE-2005-0020

Buffer overflow in playmidi before 2.4 allows local users to execute arbitrary code.

2.1 2005-04-14 CVE-2005-0003

The 64 bit ELF support in Linux kernel 2.6 before 2.6.10, on 64-bit architectures, does not properly check for overlapping VMA (virtual memory address) allocations, which allows local users to cause a denial of service (system crash) or execute arbitrary code via a crafted ELF or a.out file.

6.2 2005-04-14 CVE-2004-1235

Race condition in the (1) load_elf_library and (2) binfmt_aout function calls for uselib in Linux kernel 2.4 through 2.429-rc2 and 2.6 through 2.6.10 allows local users to execute arbitrary code by manipulating the VMA descriptor.

5 2005-03-14 CVE-2005-0473

The HTML parsing functions in Gaim before 1.1.3 allow remote attackers to cause a denial of service (application crash) via malformed HTML that causes "an invalid memory access," a different vulnerability than CVE-2005-0208.

5 2005-03-14 CVE-2005-0472

Gaim before 1.1.3 allows remote attackers to cause a denial of service (infinite loop) via malformed SNAC packets from (1) AIM or (2) ICQ.

7.5 2005-03-02 CVE-2005-0605

scan.c for LibXPM may allow attackers to execute arbitrary code via a negative bitmap_unit value that leads to a buffer overflow.

7.2 2005-03-01 CVE-2004-1051

sudo before 1.6.8p2 allows local users to execute arbitrary commands by using "()" style environment variables to create functions that have the same name as any program within the bash script that is called without using the program's full pathname.

5 2005-03-01 CVE-2004-0983

The CGI module in Ruby 1.6 before 1.6.8, and 1.8 before 1.8.2, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a certain HTTP request.

2.1 2005-02-09 CVE-2004-0977

The make_oidjoins_check script in PostgreSQL 7.4.5 and earlier allows local users to overwrite files via a symlink attack on temporary files.

2.1 2005-02-09 CVE-2004-0975

The der_chop script in the openssl package in Trustix Secure Linux 1.5 through 2.1 and other operating systems allows local users to overwrite files via a symlink attack on temporary files.

2.1 2005-02-09 CVE-2004-0974

The netatalk package in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files.

7.5 2005-01-10 CVE-2004-1098

MIMEDefang in MIME-tools 5.414 allows remote attackers to bypass virus scanning capabilities via an e-mail attachment with a virus that contains an empty boundary string in the Content-Type header.

5 2005-01-10 CVE-2004-1014

statd in nfs-utils 1.257 and earlier does not ignore the SIGPIPE signal, which allows remote attackers to cause a denial of service (server process crash) via a TCP connection that is prematurely terminated.

2.1 2004-12-31 CVE-2004-2395

Memory leak in passwd 0.68 allows local users to cause a denial of service (memory consumption) via a large number of failed read attempts from the password buffer.

2.1 2004-12-31 CVE-2004-2394

Off-by-one error in passwd 0.68 and earlier, when using the --stdin option, causes passwd to use the first 78 characters of a password instead of the first 79, which results in a small reduction of the search space required for brute force attacks.

5 2004-12-31 CVE-2004-2392

libuser 0.51.7 allows attackers to cause a denial of service (crash or disk consumption) via unknown attack vectors, related to read failures and other bugs.

7.5 2004-12-31 CVE-2004-0817

Multiple heap-based buffer overflows in the imlib BMP image handler allow remote attackers to execute arbitrary code via a crafted BMP file.

CWE : Common Weakness Enumeration

%idName
50% (3) CWE-399 Resource Management Errors
33% (2) CWE-189 Numeric Errors
16% (1) CWE-134 Uncontrolled Format String

Oval Markup Language : Definitions

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
OvalID Name
oval:org.mitre.oval:def:664 Code Execution Vulnerability in XPDF PDF Viewer
oval:org.mitre.oval:def:309 Linux Kernel execve Race Condition Vulnerability
oval:org.mitre.oval:def:11458 Stack-based buffer overflow in the ssl_util_uuencode_binary function in ssl_u...
oval:org.mitre.oval:def:9867 Unknown vulnerability in Linux kernel 2.x may allow local users to modify the...
oval:org.mitre.oval:def:11136 The e1000 driver for Linux kernel 2.4.26 and earlier does not properly initia...
oval:org.mitre.oval:def:10714 Floating point information leak in the context switch code for Linux 2.4.x on...
oval:org.mitre.oval:def:9398 Insecure permissions for the /proc/scsi/qla2300/HbaApiNode file in Linux allo...
oval:org.mitre.oval:def:8843 Multiple heap-based buffer overflows in the imlib BMP image handler allow rem...
oval:org.mitre.oval:def:11123 Multiple buffer overflows in the ImageMagick graphics library 5.x before 5.4....
oval:org.mitre.oval:def:164 Trustix Secure Linux der_chop Script Symlink Attack Vulnerability
oval:org.mitre.oval:def:10621 The der_chop script in the openssl package in Trustix Secure Linux 1.5 throug...
oval:org.mitre.oval:def:11360 The make_oidjoins_check script in PostgreSQL 7.4.5 and earlier allows local u...
oval:org.mitre.oval:def:10268 The CGI module in Ruby 1.6 before 1.6.8, and 1.8 before 1.8.2, allows remote ...
oval:org.mitre.oval:def:10899 statd in nfs-utils 1.257 and earlier does not ignore the SIGPIPE signal, whic...
oval:org.mitre.oval:def:9567 Race condition in the (1) load_elf_library and (2) binfmt_aout function calls...
oval:org.mitre.oval:def:11175 Integer overflow in the TIFFFetchStripThing function in tif_dirread.c for lib...
oval:org.mitre.oval:def:9512 The 64 bit ELF support in Linux kernel 2.6 before 2.6.10, on 64-bit architect...
oval:org.mitre.oval:def:10878 Cross-site scripting (XSS) vulnerability in ht://dig (htdig) before 3.1.6-r7 ...
oval:org.mitre.oval:def:11107 The patch for integer overflow vulnerabilities in Xpdf 2.0 and 3.0 (CVE-2004-...
oval:org.mitre.oval:def:10433 Gaim before 1.1.3 allows remote attackers to cause a denial of service (infin...
oval:org.mitre.oval:def:10212 The HTML parsing functions in Gaim before 1.1.3 allow remote attackers to cau...
oval:org.mitre.oval:def:10411 scan.c for LibXPM may allow attackers to execute arbitrary code via a negativ...
oval:org.mitre.oval:def:9437 The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf...
oval:org.mitre.oval:def:9575 Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS...
oval:org.mitre.oval:def:9992 Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS...

Open Source Vulnerability Database (OSVDB)

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
60296 nss_ldap Search Request SIGPIPE Handling Remote DoS
40194 libxml2 xmlCurrentChar Function UTF-8 Parsing DoS
33101 Samba VFS Plugin afsacl.so Format String
22235 Multiple Products Xpdf/kpdf Crafted FlateDecode Stream NULL Dereference DoS
22234 Multiple Products Xpdf/kpdf Crafted CCITTFaxDecode / DCTDecode Stream DoS
22233 Multiple Products Xpdf/kpdf Stream.cc CCITTFaxStream::CCITTFaxStream Function...
19790 Linux passwd Failed Read Attempt Local DoS
19789 Linux passwd --stdin Off-by-one Password Generation Weakness
19136 Apache on Mandrake Linux Arbitrary Directory Forced Listing
19100 Mandrake ibuser Unspecified Read Failure Related DoS
16894 Xpdf Integer Overflow Patch 64 Bit Architecture Failure
14373 libXpm XPM Image GetImagePixels() / PutImagePixels() Overflow
13924 Gaim Malformed HTML Parsing DoS
13923 Gaim Malformed SNAC Packet Parsing DoS
13877 slrn News Reader Long Message Header Multiple Function Overflow
13778 netkit-rwho rwhod Packet Validation Remote DoS
13735 MIME-tools MIMEDefang Empty Boundary Content-Type Virus Scan Bypass
13520 ht://Dig (htdig) config Parameter XSS
13049 Playmidi playmidi.c File Name Overflow
12917 Linux Kernel Elf Binary Overlapping VMA Local Privilege Escalation
12791 Linux Kernel sys_uselib Binary Format Loader Local Privilege Escalation
12556 LibTIFF STRIPOFFSETS Flag TIFFFetchStripThing() Function Overflow
12240 nfs-utils rpc.statd SIGPIPE TCP Connection DoS
11765 pico Symlink Arbitrary File Overwrite
11716 sudo Bash Script Subversion Arbitrary Command Execution

ExploitDB Exploits

id Description
718 Linux Kernel 2.6.x chown() Group Ownership Alteration Exploit

OpenVAS Exploits

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2010-02-03 Name : Solaris Update for CDE 1.6 119280-22
File : nvt/gb_solaris_119280_22.nasl
2010-02-03 Name : Solaris Update for Runtime library for Solaris 10 119281-22
File : nvt/gb_solaris_119281_22.nasl
2009-11-17 Name : Mac OS X Version
File : nvt/macosx_version.nasl
2009-10-10 Name : SLES9: Security update for ruby
File : nvt/sles9p5013198.nasl
2009-10-10 Name : SLES9: Security update for imlib
File : nvt/sles9p5014360.nasl
2009-10-10 Name : SLES9: Security update for Linux kernel core
File : nvt/sles9p5014380.nasl
2009-10-10 Name : SLES9: Security update for XFree86-libs
File : nvt/sles9p5016773.nasl
2009-10-10 Name : SLES9: Security update for htdig
File : nvt/sles9p5018082.nasl
2009-10-10 Name : SLES9: Security update for libxml2
File : nvt/sles9p5020669.nasl
2009-06-03 Name : Solaris Update for CDE 1.4 109931-10
File : nvt/gb_solaris_109931_10.nasl
2009-06-03 Name : Solaris Update for sdtimage 109932-10
File : nvt/gb_solaris_109932_10.nasl
2009-06-03 Name : Solaris Update for CDE 1.5 114219-11
File : nvt/gb_solaris_114219_11.nasl
2009-06-03 Name : Solaris Update for sdtimage 114220-11
File : nvt/gb_solaris_114220_11.nasl
2009-05-05 Name : HP-UX Update for Apache HPSBUX01064
File : nvt/gb_hp_ux_HPSBUX01064.nasl
2009-04-09 Name : Mandriva Update for samba MDKSA-2007:034 (samba)
File : nvt/gb_mandriva_MDKSA_2007_034.nasl
2009-04-09 Name : Mandriva Update for libxml2 MDVSA-2008:010 (libxml2)
File : nvt/gb_mandriva_MDVSA_2008_010.nasl
2009-03-23 Name : Ubuntu Update for samba vulnerabilities USN-419-1
File : nvt/gb_ubuntu_USN_419_1.nasl
2009-03-23 Name : Ubuntu Update for libxml2 vulnerability USN-569-1
File : nvt/gb_ubuntu_USN_569_1.nasl
2009-03-06 Name : RedHat Update for libxml2 RHSA-2008:0032-01
File : nvt/gb_RHSA-2008_0032-01_libxml2.nasl
2009-03-06 Name : RedHat Update for cups RHSA-2008:0206-01
File : nvt/gb_RHSA-2008_0206-01_cups.nasl
2009-02-27 Name : CentOS Update for libxml2 CESA-2008:0032-03 centos2 i386
File : nvt/gb_CESA-2008_0032-03_libxml2_centos2_i386.nasl
2009-02-27 Name : CentOS Update for libxml2 CESA-2008:0032 centos3 i386
File : nvt/gb_CESA-2008_0032_libxml2_centos3_i386.nasl
2009-02-27 Name : CentOS Update for libxml2 CESA-2008:0032 centos3 x86_64
File : nvt/gb_CESA-2008_0032_libxml2_centos3_x86_64.nasl
2009-02-27 Name : CentOS Update for libxml2 CESA-2008:0032 centos4 i386
File : nvt/gb_CESA-2008_0032_libxml2_centos4_i386.nasl
2009-02-27 Name : CentOS Update for libxml2 CESA-2008:0032 centos4 x86_64
File : nvt/gb_CESA-2008_0032_libxml2_centos4_x86_64.nasl

Snort® IPS/IDS

Date Description
2019-09-10 nfs-utils TCP connection termination denial-of-service attempt
RuleID : 50913 - Type : SERVER-OTHER - Revision : 1
2014-01-10 Infinity CGI exploit scanner nph-exploitscanget.cgi access
RuleID : 2222-community - Type : SERVER-WEBAPP - Revision : 20
2014-01-10 Infinity CGI exploit scanner nph-exploitscanget.cgi access
RuleID : 2222 - Type : SERVER-WEBAPP - Revision : 20

Nessus® Vulnerability Scanner

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2014-11-26 Name: The remote OracleVM host is missing one or more security updates.
File: oraclevm_OVMSA-2009-0018.nasl - Type: ACT_GATHER_INFO
2013-07-12 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2008-0032.nasl - Type: ACT_GATHER_INFO
2013-07-12 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2008-0206.nasl - Type: ACT_GATHER_INFO
2013-01-24 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2008-0523.nasl - Type: ACT_GATHER_INFO
2012-09-24 Name: The remote Fedora Core host is missing a security update.
File: fedora_2006-010.nasl - Type: ACT_GATHER_INFO
2012-09-24 Name: The remote Fedora Core host is missing a security update.
File: fedora_2006-011.nasl - Type: ACT_GATHER_INFO
2012-09-06 Name: The remote Mandrake Linux host is missing a security update.
File: mandrake_MDKSA-2001-001.nasl - Type: ACT_GATHER_INFO
2012-09-06 Name: The remote Mandrake Linux host is missing one or more security updates.
File: mandrake_MDKSA-2001-012.nasl - Type: ACT_GATHER_INFO
2012-09-06 Name: The remote Mandrake Linux host is missing a security update.
File: mandrake_MDKSA-2001-015.nasl - Type: ACT_GATHER_INFO
2012-09-06 Name: The remote Mandrake Linux host is missing one or more security updates.
File: mandrake_MDKSA-2001-018.nasl - Type: ACT_GATHER_INFO
2012-09-06 Name: The remote Mandrake Linux host is missing a security update.
File: mandrake_MDKSA-2001-024.nasl - Type: ACT_GATHER_INFO
2012-09-06 Name: The remote Mandrake Linux host is missing one or more security updates.
File: mandrake_MDKSA-2001-028.nasl - Type: ACT_GATHER_INFO
2012-09-06 Name: The remote Mandrake Linux host is missing one or more security updates.
File: mandrake_MDKSA-2001-032.nasl - Type: ACT_GATHER_INFO
2012-09-06 Name: The remote Mandrake Linux host is missing one or more security updates.
File: mandrake_MDKSA-2005-041.nasl - Type: ACT_GATHER_INFO
2012-09-06 Name: The remote Mandrake Linux host is missing a security update.
File: mandrake_MDKSA-2005-042.nasl - Type: ACT_GATHER_INFO
2012-09-06 Name: The remote Mandrake Linux host is missing a security update.
File: mandrake_MDKSA-2005-043.nasl - Type: ACT_GATHER_INFO
2012-09-06 Name: The remote Mandrake Linux host is missing one or more security updates.
File: mandrake_MDKSA-2005-044.nasl - Type: ACT_GATHER_INFO
2012-09-06 Name: The remote Mandrake Linux host is missing one or more security updates.
File: mandrake_MDKSA-2005-056.nasl - Type: ACT_GATHER_INFO
2012-08-01 Name: The remote Scientific Linux host is missing one or more security updates.
File: sl_20080111_libxml2_on_SL3_x.nasl - Type: ACT_GATHER_INFO
2012-01-04 Name: Arbitrary files could be overwritten on the remote server.
File: openssl_0_9_7f.nasl - Type: ACT_GATHER_INFO
2011-08-29 Name: The SSH service running on the remote host has an information disclosure vuln...
File: sunssh_plaintext_recovery.nasl - Type: ACT_GATHER_INFO
2010-01-10 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2008-0261.nasl - Type: ACT_GATHER_INFO
2010-01-10 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2008-0524.nasl - Type: ACT_GATHER_INFO
2009-09-24 Name: The remote SuSE 9 host is missing a security-related patch.
File: suse9_12032.nasl - Type: ACT_GATHER_INFO
2009-09-24 Name: The remote SuSE 9 host is missing a security-related patch.
File: suse9_9833.nasl - Type: ACT_GATHER_INFO