Summary
| Detail | |||
|---|---|---|---|
| Vendor | Suse | First view | 2005-12-31 |
| Product | Suse Linux | Last view | 2007-01-23 |
| Version | 10.0 | Type | Os |
| Update | * | ||
| Edition | oss | ||
| Language | * | ||
| Sofware Edition | * | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:o:suse:suse_linux | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 10 | 2007-01-23 | CVE-2007-0460 | Multiple buffer overflows in ulogd for SUSE Linux 9.3 up to 10.1, and possibly other distributions, have unknown impact and attack vectors related to "improper string length calculations." |
| 10 | 2006-10-30 | CVE-2006-5616 | Multiple unspecified vulnerabilities in OpenPBS, as used in SUSE Linux 9.2 through 10.1, allow attackers to execute arbitrary code via unspecified vectors. |
| 5 | 2006-09-12 | CVE-2006-2658 | Directory traversal vulnerability in the xsp component in mod_mono in Mono/C# web server, as used in SUSE Open-Enterprise-Server 1 and SUSE Linux 9.2 through 10.0, allows remote attackers to read arbitrary files via a .. (dot dot) sequence in an HTTP request. |
| 7.2 | 2006-03-20 | CVE-2006-0745 | X.Org server (xorg-server) 1.0.0 and later, X11R6.9.0, and X11R7.0 inadvertently treats the address of the geteuid function as if it is the return value of a call to geteuid, which allows local users to bypass intended restrictions and (1) execute arbitrary code via the -modulepath command line option or (2) overwrite arbitrary files via -logfile. |
| 6.4 | 2005-12-31 | CVE-2005-4772 | liby2util in Yet another Setup Tool (YaST) in SUSE Linux before 20051007 preserves permissions and ownerships when copying a remote repository, which might allow local users to read or modify sensitive files, possibly giving local users the ability to exploit CVE-2005-3013. |
| 5 | 2005-12-31 | CVE-2005-3626 | Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (crash) via a crafted FlateDecode stream that triggers a null dereference. |
| 10 | 2005-12-31 | CVE-2005-3625 | Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (infinite loop) via streams that end prematurely, as demonstrated using the (1) CCITTFaxDecode and (2) DCTDecode streams, aka "Infinite CPU spins." |
| 5 | 2005-12-31 | CVE-2005-3624 | The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others allows attackers to corrupt the heap via negative or large integers in a CCITTFaxDecode stream, which lead to integer overflows and integer underflows. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 50% (2) | CWE-399 | Resource Management Errors |
| 25% (1) | CWE-189 | Numeric Errors |
| 25% (1) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
Open Source Vulnerability Database (OSVDB)
| id | Description |
|---|---|
| 32939 | ulogd Multiple Unspecified Overflows |
| 30078 | OpenPBS Multiple Unspecified Issues |
| 28743 | Mono/C# Web Server mod_mono xsp Component Traversal Arbitrary File Access |
| 24001 | X.Org / X11 -logfile Parameter Arbitrary File Overwrite |
| 24000 | X.Org / X11 -modulepath Parameter Privileged Code Execution |
| 22235 | Multiple Products Xpdf/kpdf Crafted FlateDecode Stream NULL Dereference DoS |
| 22234 | Multiple Products Xpdf/kpdf Crafted CCITTFaxDecode / DCTDecode Stream DoS |
| 22233 | Multiple Products Xpdf/kpdf Stream.cc CCITTFaxStream::CCITTFaxStream Function... |
| 19979 | SuSE Linux YaST liby2util Package Repository Permission Weakness |
OpenVAS Exploits
| id | Description |
|---|---|
| 2008-09-24 | Name : Gentoo Security Advisory GLSA 200601-02 (kdegraphics, kpdf, koffice, kword) File : nvt/glsa_200601_02.nasl |
| 2008-09-24 | Name : Gentoo Security Advisory GLSA 200601-17 (xpdf poppler gpdf libextractor pdfto... File : nvt/glsa_200601_17.nasl |
| 2008-09-24 | Name : Gentoo Security Advisory GLSA 200703-17 (ulogd) File : nvt/glsa_200703_17.nasl |
| 2008-09-24 | Name : Gentoo Security Advisory GLSA 200704-04 (openpbs) File : nvt/glsa_200704_04.nasl |
| 2008-09-04 | Name : FreeBSD Ports: xorg-server File : nvt/freebsd_xorg-server.nasl |
| 2008-01-17 | Name : Debian Security Advisory DSA 931-1 (xpdf) File : nvt/deb_931_1.nasl |
| 2008-01-17 | Name : Debian Security Advisory DSA 932-1 (xpdf) File : nvt/deb_932_1.nasl |
| 2008-01-17 | Name : Debian Security Advisory DSA 936-1 (libextractor) File : nvt/deb_936_1.nasl |
| 2008-01-17 | Name : Debian Security Advisory DSA 937-1 (tetex-bin) File : nvt/deb_937_1.nasl |
| 2008-01-17 | Name : Debian Security Advisory DSA 938-1 (koffice) File : nvt/deb_938_1.nasl |
| 2008-01-17 | Name : Debian Security Advisory DSA 940-1 (gpdf) File : nvt/deb_940_1.nasl |
| 2008-01-17 | Name : Debian Security Advisory DSA 950-1 (cupsys) File : nvt/deb_950_1.nasl |
| 2008-01-17 | Name : Debian Security Advisory DSA 961-1 (pdfkit.framework) File : nvt/deb_961_1.nasl |
| 2008-01-17 | Name : Debian Security Advisory DSA 962-1 (pdftohtml) File : nvt/deb_962_1.nasl |
| 0000-00-00 | Name : Slackware Advisory SSA:2006-045-04 kdegraphics File : nvt/esoft_slk_ssa_2006_045_04.nasl |
| 0000-00-00 | Name : Slackware Advisory SSA:2006-045-09 xpdf File : nvt/esoft_slk_ssa_2006_045_09.nasl |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2012-09-24 | Name: The remote Fedora Core host is missing a security update. File: fedora_2006-011.nasl - Type: ACT_GATHER_INFO |
| 2012-09-24 | Name: The remote Fedora Core host is missing a security update. File: fedora_2006-010.nasl - Type: ACT_GATHER_INFO |
| 2007-04-10 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-1278.nasl - Type: ACT_GATHER_INFO |
| 2007-04-05 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-200704-04.nasl - Type: ACT_GATHER_INFO |
| 2007-03-19 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-200703-17.nasl - Type: ACT_GATHER_INFO |
| 2006-10-14 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-938.nasl - Type: ACT_GATHER_INFO |
| 2006-10-14 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-962.nasl - Type: ACT_GATHER_INFO |
| 2006-10-14 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-961.nasl - Type: ACT_GATHER_INFO |
| 2006-10-14 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-950.nasl - Type: ACT_GATHER_INFO |
| 2006-10-14 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-940.nasl - Type: ACT_GATHER_INFO |
| 2006-10-14 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-937.nasl - Type: ACT_GATHER_INFO |
| 2006-10-14 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-936.nasl - Type: ACT_GATHER_INFO |
| 2006-10-14 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-932.nasl - Type: ACT_GATHER_INFO |
| 2006-10-14 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-931.nasl - Type: ACT_GATHER_INFO |
| 2006-07-05 | Name: The remote CentOS host is missing a security update. File: centos_RHSA-2006-0177.nasl - Type: ACT_GATHER_INFO |
| 2006-07-05 | Name: The remote CentOS host is missing one or more security updates. File: centos_RHSA-2005-868.nasl - Type: ACT_GATHER_INFO |
| 2006-07-03 | Name: The remote CentOS host is missing one or more security updates. File: centos_RHSA-2006-0163.nasl - Type: ACT_GATHER_INFO |
| 2006-07-03 | Name: The remote CentOS host is missing one or more security updates. File: centos_RHSA-2006-0160.nasl - Type: ACT_GATHER_INFO |
| 2006-07-03 | Name: The remote CentOS host is missing a security update. File: centos_RHSA-2005-840.nasl - Type: ACT_GATHER_INFO |
| 2006-05-13 | Name: The remote FreeBSD host is missing a security-related update. File: freebsd_pkg_61534682b8f411da8e62000e0c33c2dc.nasl - Type: ACT_GATHER_INFO |
| 2006-03-23 | Name: The remote host is missing a vendor-supplied security patch File: suse_SA_2006_016.nasl - Type: ACT_GATHER_INFO |
| 2006-03-21 | Name: The remote Fedora Core host is missing a security update. File: fedora_2006-172.nasl - Type: ACT_GATHER_INFO |
| 2006-03-21 | Name: The remote Mandrake Linux host is missing one or more security updates. File: mandrake_MDKSA-2006-056.nasl - Type: ACT_GATHER_INFO |
| 2006-02-15 | Name: The remote Slackware host is missing a security update. File: Slackware_SSA_2006-045-09.nasl - Type: ACT_GATHER_INFO |
| 2006-02-15 | Name: The remote Slackware host is missing a security update. File: Slackware_SSA_2006-045-04.nasl - Type: ACT_GATHER_INFO |
