Summary
| Detail | |||
|---|---|---|---|
| Vendor | Redhat | First view | 2003-04-11 |
| Product | Linux | Last view | 2005-12-31 |
| Version | 9.0 | Type | Os |
| Update | * | ||
| Edition | i386 | ||
| Language | * | ||
| Sofware Edition | * | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:o:redhat:linux | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 5 | 2005-12-31 | CVE-2005-3626 | Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (crash) via a crafted FlateDecode stream that triggers a null dereference. |
| 10 | 2005-12-31 | CVE-2005-3625 | Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (infinite loop) via streams that end prematurely, as demonstrated using the (1) CCITTFaxDecode and (2) DCTDecode streams, aka "Infinite CPU spins." |
| 5 | 2005-12-31 | CVE-2005-3624 | The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others allows attackers to corrupt the heap via negative or large integers in a CCITTFaxDecode stream, which lead to integer overflows and integer underflows. |
| 7.5 | 2005-04-27 | CVE-2005-0206 | The patch for integer overflow vulnerabilities in Xpdf 2.0 and 3.0 (CVE-2004-0888) is incomplete for 64-bit architectures on certain Linux distributions such as Red Hat, which could leave Xpdf users exposed to the original vulnerabilities. |
| 4.6 | 2005-04-14 | CVE-2005-0004 | The mysqlaccess script in MySQL 4.0.23 and earlier, 4.1.x before 4.1.10, 5.0.x before 5.0.3, and other versions including 3.x, allows local users to overwrite arbitrary files or read temporary files via a symlink attack on temporary files. |
| 6.2 | 2005-04-14 | CVE-2004-1235 | Race condition in the (1) load_elf_library and (2) binfmt_aout function calls for uselib in Linux kernel 2.4 through 2.429-rc2 and 2.6 through 2.6.10 allows local users to execute arbitrary code by manipulating the VMA descriptor. |
| 7.2 | 2005-03-27 | CVE-2005-0750 | The bluez_sock_create function in the Bluetooth stack for Linux kernel 2.4.6 through 2.4.30-rc1 and 2.6 through 2.6.11.5 allows local users to gain privileges via (1) socket or (2) socketpair call with a negative protocol value. |
| 10 | 2005-01-27 | CVE-2004-0903 | Stack-based buffer overflow in the writeGroup function in nsVCardObj.cpp for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows remote attackers to execute arbitrary code via malformed VCard attachments that are not properly handled when previewing a message. |
| 10 | 2005-01-27 | CVE-2004-0902 | Multiple heap-based buffer overflows in Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allow remote attackers to cause a denial of service (application crash) or execute arbitrary code via (1) the "Send page" functionality, (2) certain responses from a malicious POP3 server, or (3) a link containing a non-ASCII hostname. |
| 10 | 2005-01-10 | CVE-2004-1026 | Multiple integer overflows in the image handler for imlib 1.9.14 and earlier, which is used by gkrellm and several window managers, allow remote attackers to cause a denial of service (application crash) and execute arbitrary code via certain image files. |
| 10 | 2005-01-10 | CVE-2004-1025 | Multiple heap-based buffer overflows in imlib 1.9.14 and earlier, which is used by gkrellm and several window managers, allow remote attackers to cause a denial of service (application crash) and execute arbitrary code via certain image files. |
| 10 | 2004-12-31 | CVE-2004-0904 | Integer overflow in the bitmap (BMP) decoder for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allow remote attackers to execute arbitrary code via wide bitmap files that trigger heap-based buffer overflows. |
| 2.1 | 2004-12-15 | CVE-2004-1335 | Memory leak in the ip_options_get function in the Linux kernel before 2.6.10 allows local users to cause a denial of service (memory consumption) by repeatedly calling the ip_cmsg_send function. |
| 2.1 | 2004-12-15 | CVE-2004-1333 | Integer overflow in the vc_resize function in the Linux kernel 2.4 and 2.6 before 2.6.10 allows local users to cause a denial of service (kernel crash) via a short new screen value, which leads to a buffer overflow. |
| 5 | 2004-10-18 | CVE-2004-1613 | Mozilla allows remote attackers to cause a denial of service (application crash from null dereference or infinite loop) via a web page that contains a (1) TEXTAREA, (2) INPUT, (3) FRAMESET or (4) IMG tag followed by a null character and some trailing characters, as demonstrated by mangleme. |
| 4.6 | 2004-09-14 | CVE-2004-0905 | Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows remote attackers to perform cross-domain scripting and possibly execute arbitrary code by convincing a user to drag and drop javascript: links to a frame or page in another domain. |
| 7.5 | 2004-02-17 | CVE-2003-0989 | tcpdump before 3.8.1 allows remote attackers to cause a denial of service (infinite loop) via certain ISAKMP packets, a different vulnerability than CVE-2004-0057. |
| 7.5 | 2003-06-16 | CVE-2003-0354 | Unknown vulnerability in GNU Ghostscript before 7.07 allows attackers to execute arbitrary commands, even when -dSAFER is enabled, via a PostScript file that causes the commands to be executed from a malicious print job. |
| 10 | 2003-06-16 | CVE-2003-0248 | The mxcsr code in Linux kernel 2.4 allows attackers to modify CPU state registers via a malformed address. |
| 5 | 2003-06-16 | CVE-2003-0247 | Unknown vulnerability in the TTY layer of the Linux kernel 2.4 allows attackers to cause a denial of service ("kernel oops"). |
| 4.6 | 2003-06-09 | CVE-2003-0194 | tcpdump does not properly drop privileges to the pcap user when starting up. |
| 7.2 | 2003-06-09 | CVE-2003-0188 | lv reads a .lv file from the current working directory, which allows local users to execute arbitrary commands as other lv users by placing malicious .lv files into other directories. |
| 7.5 | 2003-04-11 | CVE-2003-0135 | vsftpd FTP daemon in Red Hat Linux 9 is not compiled against TCP wrappers (tcp_wrappers) but is installed as a standalone service, which inadvertently prevents vsftpd from restricting access as intended. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 66% (2) | CWE-399 | Resource Management Errors |
| 33% (1) | CWE-189 | Numeric Errors |
Open Source Vulnerability Database (OSVDB)
| id | Description |
|---|---|
| 22235 | Multiple Products Xpdf/kpdf Crafted FlateDecode Stream NULL Dereference DoS |
| 22234 | Multiple Products Xpdf/kpdf Crafted CCITTFaxDecode / DCTDecode Stream DoS |
| 22233 | Multiple Products Xpdf/kpdf Stream.cc CCITTFaxStream::CCITTFaxStream Function... |
| 16894 | Xpdf Integer Overflow Patch 64 Bit Architecture Failure |
| 15382 | Mozilla Multiple Malformed HTML Tag Null Dereference DoS |
| 15084 | Linux Kernel bluez_sock_create() Local Underflow |
| 13535 | Linux Kernel ip_options_get Memory Leak DoS |
| 13400 | lv Working Directory .lv File Execution |
| 13013 | MySQL mysqlaccess.sh Symlink Arbitrary File Manipulation |
| 12843 | Imlib Image Decoding Multiple Unspecified Overflows |
| 12791 | Linux Kernel sys_uselib Binary Format Loader Local Privilege Escalation |
| 12479 | Linux Kernel vc_resize() Function Local Overflow |
| 10528 | Mozilla Multiple Products Link non-ASCII Hostname Overflow |
| 10527 | Mozilla Multiple Products POP3 Response Overflow |
| 10526 | Mozilla Multiple Products Send Page Overflow |
| 10525 | Mozilla Multiple Products BMP Image Overflow |
| 10524 | Mozilla Multiple Products Javascript Drag and Drop XSS |
| 9968 | Mozilla Multiple Products nsMsgCompUtils.cpp Multiple Overflows |
| 9966 | Mozilla Multiple Products nsVCardObj.cpp writeGroup() Function Overflow |
| 9855 | tcpdump on RedHat Linux pcap User Privilege Escalation |
| 4676 | GNU Ghostscript -dSAFER %pipe% Flaw Arbitrary Command Execution |
| 4564 | vsftpd on Red Hat Linux Restricted Access Failure |
| 4456 | Linux Kernel mxcsr CPU State Register Modification |
| 4455 | Linux Kernel TTY Layer Unspecified DoS |
| 3555 | tcpdump ISAKMP DoS |
OpenVAS Exploits
| id | Description |
|---|---|
| 2009-10-10 | Name : SLES9: Security update for Linux kernel core File : nvt/sles9p5014380.nasl |
| 2009-10-10 | Name : SLES9: Security update for Mozilla File : nvt/sles9p5012017.nasl |
| 2009-03-06 | Name : RedHat Update for cups RHSA-2008:0206-01 File : nvt/gb_RHSA-2008_0206-01_cups.nasl |
| 2009-02-27 | Name : CentOS Update for cups CESA-2008:0206 centos4 x86_64 File : nvt/gb_CESA-2008_0206_cups_centos4_x86_64.nasl |
| 2009-02-27 | Name : CentOS Update for cups CESA-2008:0206 centos3 i386 File : nvt/gb_CESA-2008_0206_cups_centos3_i386.nasl |
| 2009-02-27 | Name : CentOS Update for cups CESA-2008:0206 centos3 x86_64 File : nvt/gb_CESA-2008_0206_cups_centos3_x86_64.nasl |
| 2009-02-27 | Name : CentOS Update for cups CESA-2008:0206 centos4 i386 File : nvt/gb_CESA-2008_0206_cups_centos4_i386.nasl |
| 2008-09-24 | Name : Gentoo Security Advisory GLSA 200412-03 (imlib) File : nvt/glsa_200412_03.nasl |
| 2008-09-24 | Name : Gentoo Security Advisory GLSA 200409-26 (Mozilla) File : nvt/glsa_200409_26.nasl |
| 2008-09-24 | Name : Gentoo Security Advisory GLSA 200404-03 (tcpdump) File : nvt/glsa_200404_03.nasl |
| 2008-09-24 | Name : Gentoo Security Advisory GLSA 200501-19 (imlib2) File : nvt/glsa_200501_19.nasl |
| 2008-09-24 | Name : Gentoo Security Advisory GLSA 200501-33 (mysql) File : nvt/glsa_200501_33.nasl |
| 2008-09-24 | Name : Gentoo Security Advisory GLSA 200601-02 (kdegraphics, kpdf, koffice, kword) File : nvt/glsa_200601_02.nasl |
| 2008-09-24 | Name : Gentoo Security Advisory GLSA 200601-17 (xpdf poppler gpdf libextractor pdfto... File : nvt/glsa_200601_17.nasl |
| 2008-09-04 | Name : FreeBSD Ports: thunderbird File : nvt/freebsd_thunderbird5.nasl |
| 2008-09-04 | Name : FreeBSD Ports: thunderbird File : nvt/freebsd_thunderbird4.nasl |
| 2008-09-04 | Name : FreeBSD Ports: thunderbird File : nvt/freebsd_thunderbird3.nasl |
| 2008-09-04 | Name : FreeBSD Ports: thunderbird File : nvt/freebsd_thunderbird0.nasl |
| 2008-09-04 | Name : FreeBSD Ports: tcpdump File : nvt/freebsd_tcpdump0.nasl |
| 2008-09-04 | Name : FreeBSD Ports: mysql-scripts File : nvt/freebsd_mysql-scripts.nasl |
| 2008-09-04 | Name : FreeBSD Ports: imlib File : nvt/freebsd_imlib.nasl |
| 2008-01-17 | Name : Debian Security Advisory DSA 1070-1 (kernel-source-2.4.19,kernel-image-sparc-... File : nvt/deb_1070_1.nasl |
| 2008-01-17 | Name : Debian Security Advisory DSA 647-1 (mysql) File : nvt/deb_647_1.nasl |
| 2008-01-17 | Name : Debian Security Advisory DSA 1067-1 (kernel 2.4.16) File : nvt/deb_1067_1.nasl |
| 2008-01-17 | Name : Debian Security Advisory DSA 1082-1 (kernel-2.4.17) File : nvt/deb_1082_1.nasl |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2018-01-17 | Mozilla Firefox buffer overflow attempt RuleID : 45172 - Type : BROWSER-FIREFOX - Revision : 1 |
| 2018-01-17 | Mozilla Firefox buffer overflow attempt RuleID : 45171 - Type : BROWSER-FIREFOX - Revision : 1 |
| 2014-01-10 | Microsoft Windows Bitmap width integer overflow multipacket attempt RuleID : 3634 - Type : WEB-CLIENT - Revision : 9 |
| 2014-01-10 | Microsoft Windows Bitmap width integer overflow attempt RuleID : 3632 - Type : FILE-IMAGE - Revision : 25 |
| 2015-10-01 | Microsoft Windows Bitmap width integer overflow attempt RuleID : 35848 - Type : FILE-IMAGE - Revision : 3 |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2013-07-12 | Name: The remote Oracle Linux host is missing one or more security updates. File: oraclelinux_ELSA-2008-0206.nasl - Type: ACT_GATHER_INFO |
| 2012-09-24 | Name: The remote Fedora Core host is missing a security update. File: fedora_2006-010.nasl - Type: ACT_GATHER_INFO |
| 2012-09-24 | Name: The remote Fedora Core host is missing a security update. File: fedora_2006-011.nasl - Type: ACT_GATHER_INFO |
| 2012-09-06 | Name: The remote Mandrake Linux host is missing one or more security updates. File: mandrake_MDKSA-2005-041.nasl - Type: ACT_GATHER_INFO |
| 2012-09-06 | Name: The remote Mandrake Linux host is missing a security update. File: mandrake_MDKSA-2005-042.nasl - Type: ACT_GATHER_INFO |
| 2012-09-06 | Name: The remote Mandrake Linux host is missing a security update. File: mandrake_MDKSA-2005-043.nasl - Type: ACT_GATHER_INFO |
| 2012-09-06 | Name: The remote Mandrake Linux host is missing one or more security updates. File: mandrake_MDKSA-2005-044.nasl - Type: ACT_GATHER_INFO |
| 2012-09-06 | Name: The remote Mandrake Linux host is missing one or more security updates. File: mandrake_MDKSA-2005-056.nasl - Type: ACT_GATHER_INFO |
| 2012-01-18 | Name: Arbitrary files could be read or overwritten via the remote database server. File: mysql_client_symlink_attack.nasl - Type: ACT_GATHER_INFO |
| 2009-04-23 | Name: The remote FreeBSD host is missing a security-related update. File: freebsd_pkg_96ba2dae4ab011d896f20020ed76ef5a.nasl - Type: ACT_GATHER_INFO |
| 2008-04-04 | Name: The remote CentOS host is missing one or more security updates. File: centos_RHSA-2008-0206.nasl - Type: ACT_GATHER_INFO |
| 2008-04-04 | Name: The remote Red Hat host is missing one or more security updates. File: redhat-RHSA-2008-0206.nasl - Type: ACT_GATHER_INFO |
| 2006-10-14 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-1067.nasl - Type: ACT_GATHER_INFO |
| 2006-10-14 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-1069.nasl - Type: ACT_GATHER_INFO |
| 2006-10-14 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-1070.nasl - Type: ACT_GATHER_INFO |
| 2006-10-14 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-1082.nasl - Type: ACT_GATHER_INFO |
| 2006-10-14 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-931.nasl - Type: ACT_GATHER_INFO |
| 2006-10-14 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-932.nasl - Type: ACT_GATHER_INFO |
| 2006-10-14 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-936.nasl - Type: ACT_GATHER_INFO |
| 2006-10-14 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-937.nasl - Type: ACT_GATHER_INFO |
| 2006-10-14 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-938.nasl - Type: ACT_GATHER_INFO |
| 2006-10-14 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-940.nasl - Type: ACT_GATHER_INFO |
| 2006-10-14 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-950.nasl - Type: ACT_GATHER_INFO |
| 2006-10-14 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-961.nasl - Type: ACT_GATHER_INFO |
| 2006-10-14 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-962.nasl - Type: ACT_GATHER_INFO |
