Summary
Detail | |||
---|---|---|---|
Vendor | Redhat | First view | 2004-07-27 |
Product | Fedora Core | Last view | 2007-07-27 |
Version | core_2.0 | Type | Os |
Update | * | ||
Edition | * | ||
Language | * | ||
Sofware Edition | * | ||
Target Software | * | ||
Target Hardware | * | ||
Other | * | ||
CPE Product | cpe:2.3:o:redhat:fedora_core |
Activity : Overall
Related : CVE
Date | Alert | Description | |
---|---|---|---|
5.8 | 2007-07-27 | CVE-2007-2874 | Buffer overflow in the wpa_printf function in the debugging code in wpa_supplicant in the Fedora NetworkManager package before 0.6.5-3.fc7 allows user-assisted remote attackers to execute arbitrary code via malformed frames on a WPA2 network. NOTE: some of these details are obtained from third party information. |
7.5 | 2006-10-10 | CVE-2006-5170 | pam_ldap in nss_ldap on Red Hat Enterprise Linux 4, Fedora Core 3 and earlier, and possibly other distributions does not return an error condition when an LDAP directory server responds with a PasswordPolicyResponse control response, which causes the pam_authenticate function to return a success code even if authentication has failed, as originally reported for xscreensaver. |
5 | 2005-12-31 | CVE-2005-3626 | Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (crash) via a crafted FlateDecode stream that triggers a null dereference. |
10 | 2005-12-31 | CVE-2005-3625 | Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (infinite loop) via streams that end prematurely, as demonstrated using the (1) CCITTFaxDecode and (2) DCTDecode streams, aka "Infinite CPU spins." |
5 | 2005-12-31 | CVE-2005-3624 | The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others allows attackers to corrupt the heap via negative or large integers in a CCITTFaxDecode stream, which lead to integer overflows and integer underflows. |
7.5 | 2005-04-27 | CVE-2005-0206 | The patch for integer overflow vulnerabilities in Xpdf 2.0 and 3.0 (CVE-2004-0888) is incomplete for 64-bit architectures on certain Linux distributions such as Red Hat, which could leave Xpdf users exposed to the original vulnerabilities. |
6.2 | 2005-04-14 | CVE-2004-1235 | Race condition in the (1) load_elf_library and (2) binfmt_aout function calls for uselib in Linux kernel 2.4 through 2.429-rc2 and 2.6 through 2.6.10 allows local users to execute arbitrary code by manipulating the VMA descriptor. |
7.2 | 2005-03-27 | CVE-2005-0750 | The bluez_sock_create function in the Bluetooth stack for Linux kernel 2.4.6 through 2.4.30-rc1 and 2.6 through 2.6.11.5 allows local users to gain privileges via (1) socket or (2) socketpair call with a negative protocol value. |
2.1 | 2005-03-09 | CVE-2005-0736 | Integer overflow in sys_epoll_wait in eventpoll.c for Linux kernel 2.6 to 2.6.11 allows local users to overwrite kernel memory via a large number of events. |
7.5 | 2005-03-02 | CVE-2005-0605 | scan.c for LibXPM may allow attackers to execute arbitrary code via a negative bitmap_unit value that leads to a buffer overflow. |
10 | 2005-03-01 | CVE-2004-0989 | Multiple buffer overflows in libXML 2.6.12 and 2.6.13 (libxml2), and possibly other versions, may allow remote attackers to execute arbitrary code via (1) a long FTP URL that is not properly handled by the xmlNanoFTPScanURL function, (2) a long proxy URL containing FTP data that is not properly handled by the xmlNanoFTPScanProxy function, and other overflows related to manipulation of DNS length values, including (3) xmlNanoFTPConnect, (4) xmlNanoHTTPConnectHost, and (5) xmlNanoHTTPConnectHost. |
2.1 | 2005-02-09 | CVE-2004-0974 | The netatalk package in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files. |
5 | 2005-02-09 | CVE-2004-0961 | Memory leak in FreeRADIUS before 1.0.1 allows remote attackers to cause a denial of service (memory exhaustion) via a series of Access-Request packets with (1) Ascend-Send-Secret, (2) Ascend-Recv-Secret, or (3) Tunnel-Password attributes. |
5 | 2005-02-09 | CVE-2004-0960 | FreeRADIUS before 1.0.1 allows remote attackers to cause a denial of service (core dump) via malformed USR vendor-specific attributes (VSA) that cause a memcpy operation with a -1 argument. |
5 | 2005-01-27 | CVE-2004-0930 | The ms_fnmatch function in Samba 3.0.4 and 3.0.7 and possibly other versions allows remote authenticated users to cause a denial of service (CPU consumption) via a SAMBA request that contains multiple * (wildcard) characters. |
5 | 2005-01-27 | CVE-2004-0918 | The asn_parse_header function (asn1.c) in the SNMP module for Squid Web Proxy Cache before 2.4.STABLE7 allows remote attackers to cause a denial of service (server restart) via certain SNMP packets with negative length fields that trigger a memory allocation error. |
10 | 2005-01-27 | CVE-2004-0889 | Multiple integer overflows in xpdf 3.0, and other packages that use xpdf code such as CUPS, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, a different set of vulnerabilities than those identified by CVE-2004-0888. |
10 | 2005-01-27 | CVE-2004-0888 | Multiple integer overflows in xpdf 2.0 and 3.0, and other packages that use xpdf code such as CUPS, gpdf, and kdegraphics, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, a different set of vulnerabilities than those identified by CVE-2004-0889. |
5 | 2005-01-27 | CVE-2004-0886 | Multiple integer overflows in libtiff 3.6.1 and earlier allow remote attackers to cause a denial of service (crash or memory corruption) via TIFF images that lead to incorrect malloc calls. |
10 | 2005-01-27 | CVE-2004-0882 | Buffer overflow in the QFILEPATHINFO request handler in Samba 3.0.x through 3.0.7 may allow remote attackers to execute arbitrary code via a TRANSACT2_QFILEPATHINFO request with a small "maximum data bytes" value. |
4.6 | 2005-01-21 | CVE-2004-1184 | The EPSF pipe support in enscript 1.6.3 allows remote attackers or local users to execute arbitrary commands via shell metacharacters. |
2.1 | 2005-01-10 | CVE-2004-1270 | lppasswd in CUPS 1.1.22, when run in environments that do not ensure that file descriptors 0, 1, and 2 are open when lppasswd is called, does not verify that the passwd.new file is different from STDERR, which allows local users to control output to passwd.new via certain user input that triggers an error message. |
5 | 2005-01-10 | CVE-2004-1269 | lppasswd in CUPS 1.1.22 does not remove the passwd.new file if it encounters a file-size resource limit while writing to passwd.new, which causes subsequent invocations of lppasswd to fail. |
2.1 | 2005-01-10 | CVE-2004-1268 | lppasswd in CUPS 1.1.22 ignores write errors when modifying the CUPS passwd file, which allows local users to corrupt the file by filling the associated file system and triggering the write errors. |
6.5 | 2005-01-10 | CVE-2004-1267 | Buffer overflow in the ParseCommand function in hpgl-input.c in the hpgltops program for CUPS 1.1.22 allows remote attackers to execute arbitrary code via a crafted HPGL file. |
CWE : Common Weakness Enumeration
% | id | Name |
---|---|---|
60% (3) | CWE-399 | Resource Management Errors |
20% (1) | CWE-189 | Numeric Errors |
20% (1) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
CAPEC : Common Attack Pattern Enumeration & Classification
id | Name |
---|---|
CAPEC-3 | Using Leading 'Ghost' Character Sequences to Bypass Input Filters |
CAPEC-6 | Argument Injection |
CAPEC-15 | Command Delimiters |
CAPEC-18 | Embedding Scripts in Nonscript Elements |
CAPEC-27 | Leveraging Race Conditions via Symbolic Links |
CAPEC-29 | Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions |
CAPEC-32 | Embedding Scripts in HTTP Query Strings |
CAPEC-43 | Exploiting Multiple Input Interpretation Layers |
CAPEC-47 | Buffer Overflow via Parameter Expansion |
CAPEC-63 | Simple Script Injection |
CAPEC-71 | Using Unicode Encoding to Bypass Validation Logic |
CAPEC-73 | User-Controlled Filename |
CAPEC-85 | Client Network Footprinting (using AJAX/XSS) |
CAPEC-86 | Embedding Script (XSS ) in HTTP Headers |
CAPEC-163 | Spear Phishing |
CAPEC-247 | Cross-Site Scripting with Masking through Invalid Characters in Identifiers |
Open Source Vulnerability Database (OSVDB)
id | Description |
---|---|
59846 | KDE Konqueror Cross-domain Browser Window Injection Content Spoofing |
46833 | Fedora Linux NetworkManager wpa_supplicant wpa_printf Function WPA2 Network R... |
44330 | CUPS on Red Hat 64-bit pdftops Crafted PDF File Handling Overflow |
30189 | pam_ldap PasswordPolicyResponse Authentication Bypass |
22235 | Multiple Products Xpdf/kpdf Crafted FlateDecode Stream NULL Dereference DoS |
22234 | Multiple Products Xpdf/kpdf Crafted CCITTFaxDecode / DCTDecode Stream DoS |
22233 | Multiple Products Xpdf/kpdf Stream.cc CCITTFaxStream::CCITTFaxStream Function... |
16894 | Xpdf Integer Overflow Patch 64 Bit Architecture Failure |
15382 | Mozilla Multiple Malformed HTML Tag Null Dereference DoS |
15084 | Linux Kernel bluez_sock_create() Local Underflow |
14777 | Linux Kernel sys_epoll_wait() Function Local Overflow |
14373 | libXpm XPM Image GetImagePixels() / PutImagePixels() Overflow |
13535 | Linux Kernel ip_options_get Memory Leak DoS |
13154 | GNU Enscript EPSF Pipe Support Arbitrary Command Execution |
13149 | Xpdf Multiple Unspecified Remote Overflows |
12791 | Linux Kernel sys_uselib Binary Format Loader Local Privilege Escalation |
12479 | Linux Kernel vc_resize() Function Local Overflow |
12454 | CUPS lppasswd passwd.new Arbitrary Append |
12453 | CUPS lppasswd passwd.new File Limit DoS |
12439 | CUPS ParseCommand() Function HPGL File Overflow |
12422 | Samba smbd Security Descriptor Parsing Remote Overflow |
12348 | Cyrus IMAP Server mysasl_canon_user() Function Remote Overflow |
12290 | Cyrus IMAP imapmagicplus proxyd Overflow |
12248 | KDE Konqueror Shortcut SMB Share Password Disclosure |
12098 | Cyrus IMAP Server FETCH Command Partial Argument Remote Overflow |
ExploitDB Exploits
id | Description |
---|---|
374 | SoX Local Buffer Overflow Exploiter (Via Crafted WAV File) |
OpenVAS Exploits
id | Description |
---|---|
2010-05-12 | Name : Mac OS X 10.5.7 Update / Mac OS X Security Update 2009-002 File : nvt/macosx_upd_10_5_7_secupd_2009-002.nasl |
2010-02-03 | Name : Solaris Update for CDE 1.6 119280-22 File : nvt/gb_solaris_119280_22.nasl |
2010-02-03 | Name : Solaris Update for Runtime library for Solaris 10 119281-22 File : nvt/gb_solaris_119281_22.nasl |
2009-11-17 | Name : Mac OS X Version File : nvt/macosx_version.nasl |
2009-10-10 | Name : SLES9: Security update for Linux kernel File : nvt/sles9p5010817.nasl |
2009-10-10 | Name : SLES9: Security update for enscript File : nvt/sles9p5011436.nasl |
2009-10-10 | Name : SLES9: Security update for kdelibs3 File : nvt/sles9p5011912.nasl |
2009-10-10 | Name : SLES9: Security update for imlib File : nvt/sles9p5014360.nasl |
2009-10-10 | Name : SLES9: Security update for Linux kernel core File : nvt/sles9p5014380.nasl |
2009-10-10 | Name : SLES9: Security update for CUPS File : nvt/sles9p5014529.nasl |
2009-10-10 | Name : SLES9: Security update for samba File : nvt/sles9p5015059.nasl |
2009-10-10 | Name : SLES9: Security update for libxml File : nvt/sles9p5016394.nasl |
2009-10-10 | Name : SLES9: Security update for XFree86-libs File : nvt/sles9p5016773.nasl |
2009-10-10 | Name : SLES9: Security update for freeradius File : nvt/sles9p5017148.nasl |
2009-10-10 | Name : SLES9: Security update for pam_ldap File : nvt/sles9p5017445.nasl |
2009-10-10 | Name : SLES9: Security update for libtiff File : nvt/sles9p5017742.nasl |
2009-10-10 | Name : SLES9: Security update for squid File : nvt/sles9p5020697.nasl |
2009-10-10 | Name : SLES9: Security update for Cups File : nvt/sles9p5020714.nasl |
2009-09-02 | Name : Fedora Core 11 FEDORA-2009-8582 (libxml) File : nvt/fcore_2009_8582.nasl |
2009-09-02 | Name : Fedora Core 10 FEDORA-2009-8594 (libxml) File : nvt/fcore_2009_8594.nasl |
2009-06-03 | Name : Solaris Update for CDE 1.4 109931-10 File : nvt/gb_solaris_109931_10.nasl |
2009-06-03 | Name : Solaris Update for sdtimage 109932-10 File : nvt/gb_solaris_109932_10.nasl |
2009-06-03 | Name : Solaris Update for CDE 1.5 114219-11 File : nvt/gb_solaris_114219_11.nasl |
2009-06-03 | Name : Solaris Update for sdtimage 114220-11 File : nvt/gb_solaris_114220_11.nasl |
2009-05-05 | Name : HP-UX Update for Apache HPSBUX01064 File : nvt/gb_hp_ux_HPSBUX01064.nasl |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | SMB NT Trans NT SET SECURITY DESC unicode andx DACL overflow attempt RuleID : 4674 - Type : NETBIOS - Revision : 4 |
2014-01-10 | SMB NT Trans NT SET SECURITY DESC unicode DACL overflow attempt RuleID : 4673 - Type : NETBIOS - Revision : 4 |
2014-01-10 | SMB NT Trans NT SET SECURITY DESC andx DACL overflow attempt RuleID : 4672 - Type : NETBIOS - Revision : 4 |
2014-01-10 | SMB NT Trans NT SET SECURITY DESC DACL overflow attempt RuleID : 4671 - Type : NETBIOS - Revision : 4 |
2014-01-10 | SMB-DS NT Trans NT SET SECURITY DESC unicode andx DACL overflow attempt RuleID : 4670 - Type : NETBIOS - Revision : 3 |
2014-01-10 | SMB-DS NT Trans NT SET SECURITY DESC unicode DACL overflow attempt RuleID : 4669 - Type : NETBIOS - Revision : 3 |
2014-01-10 | SMB-DS NT Trans NT SET SECURITY DESC andx DACL overflow attempt RuleID : 4668 - Type : NETBIOS - Revision : 3 |
2014-01-10 | SMB-DS NT Trans NT SET SECURITY DESC DACL overflow attempt RuleID : 4667 - Type : NETBIOS - Revision : 3 |
2014-01-10 | SMB NT Trans NT SET SECURITY DESC unicode andx DACL overflow attempt RuleID : 4666 - Type : NETBIOS - Revision : 2 |
2014-01-10 | SMB NT Trans NT SET SECURITY DESC unicode DACL overflow attempt RuleID : 4665 - Type : NETBIOS - Revision : 2 |
2014-01-10 | SMB NT Trans NT SET SECURITY DESC andx DACL overflow attempt RuleID : 4664 - Type : NETBIOS - Revision : 2 |
2014-01-10 | SMB NT Trans NT SET SECURITY DESC DACL overflow attempt RuleID : 4663 - Type : NETBIOS - Revision : 2 |
2014-01-10 | SMB NT Trans NT SET SECURITY DESC unicode andx SACL overflow attempt RuleID : 4662 - Type : NETBIOS - Revision : 4 |
2014-01-10 | SMB NT Trans NT SET SECURITY DESC unicode SACL overflow attempt RuleID : 4661 - Type : NETBIOS - Revision : 4 |
2014-01-10 | SMB NT Trans NT SET SECURITY DESC andx SACL overflow attempt RuleID : 4660 - Type : NETBIOS - Revision : 4 |
2014-01-10 | SMB NT Trans NT SET SECURITY DESC SACL overflow attempt RuleID : 4659 - Type : NETBIOS - Revision : 4 |
2014-01-10 | SMB-DS NT Trans NT SET SECURITY DESC unicode andx SACL overflow attempt RuleID : 4658 - Type : NETBIOS - Revision : 3 |
2014-01-10 | SMB-DS NT Trans NT SET SECURITY DESC unicode SACL overflow attempt RuleID : 4657 - Type : NETBIOS - Revision : 3 |
2014-01-10 | SMB-DS NT Trans NT SET SECURITY DESC andx SACL overflow attempt RuleID : 4656 - Type : NETBIOS - Revision : 3 |
2014-01-10 | SMB-DS NT Trans NT SET SECURITY DESC SACL overflow attempt RuleID : 4655 - Type : NETBIOS - Revision : 3 |
2014-01-10 | SMB NT Trans NT SET SECURITY DESC unicode andx SACL overflow attempt RuleID : 4654 - Type : NETBIOS - Revision : 2 |
2014-01-10 | SMB NT Trans NT SET SECURITY DESC unicode SACL overflow attempt RuleID : 4653 - Type : NETBIOS - Revision : 2 |
2014-01-10 | SMB NT Trans NT SET SECURITY DESC andx SACL overflow attempt RuleID : 4652 - Type : NETBIOS - Revision : 2 |
2014-01-10 | SMB NT Trans NT SET SECURITY DESC SACL overflow attempt RuleID : 4651 - Type : NETBIOS - Revision : 2 |
2014-01-10 | SMB-DS NT Trans NT CREATE unicode andx DACL overflow attempt RuleID : 3041-community - Type : NETBIOS - Revision : 5 |
Nessus® Vulnerability Scanner
id | Description |
---|---|
2013-07-12 | Name: The remote Oracle Linux host is missing a security update. File: oraclelinux_ELSA-2006-0719.nasl - Type: ACT_GATHER_INFO |
2013-07-12 | Name: The remote Oracle Linux host is missing one or more security updates. File: oraclelinux_ELSA-2008-0206.nasl - Type: ACT_GATHER_INFO |
2012-09-24 | Name: The remote Fedora Core host is missing a security update. File: fedora_2006-010.nasl - Type: ACT_GATHER_INFO |
2012-09-24 | Name: The remote Fedora Core host is missing a security update. File: fedora_2006-011.nasl - Type: ACT_GATHER_INFO |
2012-09-06 | Name: The remote Mandrake Linux host is missing one or more security updates. File: mandrake_MDKSA-2005-041.nasl - Type: ACT_GATHER_INFO |
2012-09-06 | Name: The remote Mandrake Linux host is missing a security update. File: mandrake_MDKSA-2005-042.nasl - Type: ACT_GATHER_INFO |
2012-09-06 | Name: The remote Mandrake Linux host is missing a security update. File: mandrake_MDKSA-2005-043.nasl - Type: ACT_GATHER_INFO |
2012-09-06 | Name: The remote Mandrake Linux host is missing one or more security updates. File: mandrake_MDKSA-2005-044.nasl - Type: ACT_GATHER_INFO |
2012-09-06 | Name: The remote Mandrake Linux host is missing one or more security updates. File: mandrake_MDKSA-2005-056.nasl - Type: ACT_GATHER_INFO |
2012-08-01 | Name: The remote Scientific Linux host is missing one or more security updates. File: sl_20080401_cups_on_SL3_x.nasl - Type: ACT_GATHER_INFO |
2010-01-10 | Name: The remote Red Hat host is missing one or more security updates. File: redhat-RHSA-2008-0261.nasl - Type: ACT_GATHER_INFO |
2010-01-10 | Name: The remote Red Hat host is missing one or more security updates. File: redhat-RHSA-2008-0524.nasl - Type: ACT_GATHER_INFO |
2009-09-24 | Name: The remote SuSE 9 host is missing a security-related patch. File: suse9_11259.nasl - Type: ACT_GATHER_INFO |
2009-09-24 | Name: The remote SuSE 9 host is missing a security-related patch. File: suse9_9579.nasl - Type: ACT_GATHER_INFO |
2009-09-24 | Name: The remote SuSE 9 host is missing a security-related patch. File: suse9_9867.nasl - Type: ACT_GATHER_INFO |
2009-08-18 | Name: The remote Fedora host is missing a security update. File: fedora_2009-8582.nasl - Type: ACT_GATHER_INFO |
2009-08-18 | Name: The remote Fedora host is missing a security update. File: fedora_2009-8594.nasl - Type: ACT_GATHER_INFO |
2009-05-13 | Name: The remote host is missing a Mac OS X update that fixes various security issues. File: macosx_10_5_7.nasl - Type: ACT_GATHER_INFO |
2009-05-13 | Name: The remote host is missing a Mac OS X update that fixes various security issues. File: macosx_SecUpd2009-002.nasl - Type: ACT_GATHER_INFO |
2009-04-23 | Name: The remote CentOS host is missing a security update. File: centos_RHSA-2006-0719.nasl - Type: ACT_GATHER_INFO |
2009-04-23 | Name: The remote FreeBSD host is missing a security-related update. File: freebsd_pkg_00644f03fb5811d89837000c41e2cdad.nasl - Type: ACT_GATHER_INFO |
2009-04-23 | Name: The remote FreeBSD host is missing one or more security-related updates. File: freebsd_pkg_3897a2f81d5711d9bc4a000c41e2cdad.nasl - Type: ACT_GATHER_INFO |
2009-04-23 | Name: The remote FreeBSD host is missing a security-related update. File: freebsd_pkg_3e4ffe76e0d411d89b0a000347a4fa7d.nasl - Type: ACT_GATHER_INFO |
2009-04-23 | Name: The remote FreeBSD host is missing one or more security-related updates. File: freebsd_pkg_65e99f521c5f11d9bc4a000c41e2cdad.nasl - Type: ACT_GATHER_INFO |
2009-04-23 | Name: The remote FreeBSD host is missing one or more security-related updates. File: freebsd_pkg_9ff4c91e328c11d9a9e70001020eed82.nasl - Type: ACT_GATHER_INFO |