Summary
Detail | |||
---|---|---|---|
Vendor | Suse | First view | 2003-12-31 |
Product | Suse Linux | Last view | 2007-05-14 |
Version | 8 | Type | Os |
Update | * | ||
Edition | enterprise_server | ||
Language | * | ||
Sofware Edition | * | ||
Target Software | * | ||
Target Hardware | * | ||
Other | * | ||
CPE Product | cpe:2.3:o:suse:suse_linux |
Activity : Overall
Related : CVE
Date | Alert | Description | |
---|---|---|---|
4.4 | 2007-05-14 | CVE-2007-2654 | xfs_fsr in xfsdump creates a .fsr temporary directory with insecure permissions, which allows local users to read or overwrite arbitrary files on xfs filesystems. |
10 | 2007-02-15 | CVE-2007-0980 | Unspecified vulnerability in HP Serviceguard for Linux; packaged for SuSE SLES8 and United Linux 1.0 before SG A.11.15.07, SuSE SLES9 and SLES10 before SG A.11.16.10, and Red Hat Enterprise Linux (RHEL) before SG A.11.16.10; allows remote attackers to obtain unauthorized access via unspecified vectors. |
10 | 2007-01-23 | CVE-2007-0460 | Multiple buffer overflows in ulogd for SUSE Linux 9.3 up to 10.1, and possibly other distributions, have unknown impact and attack vectors related to "improper string length calculations." |
6.4 | 2005-12-31 | CVE-2005-4772 | liby2util in Yet another Setup Tool (YaST) in SUSE Linux before 20051007 preserves permissions and ownerships when copying a remote repository, which might allow local users to read or modify sensitive files, possibly giving local users the ability to exploit CVE-2005-3013. |
2.1 | 2005-08-05 | CVE-2005-1767 | traps.c in the Linux kernel 2.6.x and 2.4.x executes stack segment faults on an exception stack, which allows local users to cause a denial of service (oops and stack fault exception). |
2.1 | 2005-08-05 | CVE-2005-1761 | Linux kernel 2.6 and 2.4 on the IA64 architecture allows local users to cause a denial of service (kernel crash) via ptrace and the restore_sigcontext function. |
7.2 | 2005-06-09 | CVE-2005-1763 | Buffer overflow in ptrace in the Linux Kernel for 64-bit architectures allows local users to write bytes into kernel memory. |
2.1 | 2005-05-02 | CVE-2005-0207 | Unknown vulnerability in Linux kernel 2.4.x, 2.5.x, and 2.6.x allows NFS clients to cause a denial of service via O_DIRECT. |
2.1 | 2005-04-14 | CVE-2004-1237 | Unknown vulnerability in the system call filtering code in the audit subsystem for Red Hat Enterprise Linux 3 allows local users to cause a denial of service (system crash) via unknown vectors. |
6.2 | 2005-04-14 | CVE-2004-1235 | Race condition in the (1) load_elf_library and (2) binfmt_aout function calls for uselib in Linux kernel 2.4 through 2.429-rc2 and 2.6 through 2.6.10 allows local users to execute arbitrary code by manipulating the VMA descriptor. |
10 | 2005-01-27 | CVE-2004-0929 | Heap-based buffer overflow in the OJPEGVSetField function in tif_ojpeg.c for libtiff 3.6.1 and earlier, when compiled with the OJPEG_SUPPORT (old JPEG support) option, allows remote attackers to execute arbitrary code via a malformed TIFF image. |
10 | 2005-01-27 | CVE-2004-0903 | Stack-based buffer overflow in the writeGroup function in nsVCardObj.cpp for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows remote attackers to execute arbitrary code via malformed VCard attachments that are not properly handled when previewing a message. |
10 | 2005-01-27 | CVE-2004-0902 | Multiple heap-based buffer overflows in Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allow remote attackers to cause a denial of service (application crash) or execute arbitrary code via (1) the "Send page" functionality, (2) certain responses from a malicious POP3 server, or (3) a link containing a non-ASCII hostname. |
5 | 2005-01-27 | CVE-2004-0886 | Multiple integer overflows in libtiff 3.6.1 and earlier allow remote attackers to cause a denial of service (crash or memory corruption) via TIFF images that lead to incorrect malloc calls. |
10 | 2005-01-10 | CVE-2004-1170 | a2ps 4.13 allows remote attackers to execute arbitrary commands via shell metacharacters in the filename. |
2.1 | 2005-01-10 | CVE-2004-1073 | The open_exec function in the execve functionality (exec.c) in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, allows local users to read non-readable ELF binaries by using the interpreter (PT_INTERP) functionality. |
7.2 | 2005-01-10 | CVE-2004-1072 | The binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, may create an interpreter name string that is not NULL terminated, which could cause strings longer than PATH_MAX to be used, leading to buffer overflows that allow local users to cause a denial of service (hang) and possibly execute arbitrary code. |
7.2 | 2005-01-10 | CVE-2004-1071 | The binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, does not properly handle a failed call to the mmap function, which causes an incorrect mapped image and may allow local users to execute arbitrary code. |
7.2 | 2005-01-10 | CVE-2004-1070 | The load_elf_binary function in the binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, does not properly check return values from calls to the kernel_read function, which may allow local users to modify sensitive memory in a setuid program and execute arbitrary code. |
6.4 | 2005-01-10 | CVE-2004-0949 | The smb_recv_trans2 function call in the samba filesystem (smbfs) in Linux kernel 2.4 and 2.6 does not properly handle the re-assembly of fragmented packets correctly, which could allow remote samba servers to (1) read arbitrary kernel information or (2) raise a counter value to an arbitrary number by sending the first part of the fragmented packet multiple times. |
10 | 2005-01-10 | CVE-2004-0914 | Multiple vulnerabilities in libXpm for 6.8.1 and earlier, as used in XFree86 and other packages, include (1) multiple integer overflows, (2) out-of-bounds memory accesses, (3) directory traversal, (4) shell metacharacter, (5) endless loops, and (6) memory leaks, which could allow remote attackers to obtain sensitive information, cause a denial of service (application crash), or execute arbitrary code via a certain XPM image file. NOTE: it is highly likely that this candidate will be SPLIT into other candidates in the future, per CVE's content decisions. |
6.4 | 2005-01-10 | CVE-2004-0883 | Multiple vulnerabilities in the samba filesystem (smbfs) in Linux kernel 2.4 and 2.6 allow remote samba servers to cause a denial of service (crash) or gain sensitive information from kernel memory via a samba server (1) returning more data than requested to the smb_proc_read function, (2) returning a data offset from outside the samba packet to the smb_proc_readX function, (3) sending a certain TRANS2 fragmented packet to the smb_receive_trans2 function, (4) sending a samba packet with a certain header size to the smb_proc_readX_data function, or (5) sending a certain packet based offset for the data in a packet to the smb_receive_trans2 function. |
7.5 | 2004-12-23 | CVE-2004-0867 | Mozilla Firefox 0.9.2 allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk, and .sch.uk, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session. NOTE: it was later reported that 2.x is also affected. |
7.5 | 2004-12-23 | CVE-2004-0803 | Multiple vulnerabilities in the RLE (run length encoding) decoders for libtiff 3.6.1 and earlier, related to buffer overflows and integer overflows, allow remote attackers to execute arbitrary code via TIFF files. |
7.2 | 2004-12-06 | CVE-2004-0496 | Multiple unknown vulnerabilities in Linux kernel 2.6 allow local users to gain privileges or access kernel memory, a different set of vulnerabilities than those identified in CVE-2004-0495, as found by the Sparse source code checking tool. |
CWE : Common Weakness Enumeration
% | id | Name |
---|---|---|
40% (2) | CWE-20 | Improper Input Validation |
20% (1) | CWE-362 | Race Condition |
20% (1) | CWE-264 | Permissions, Privileges, and Access Controls |
20% (1) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
Open Source Vulnerability Database (OSVDB)
id | Description |
---|---|
60220 | susehelp in SuSE CGI Query Shell Metacharacter Arbitrary Remote Command Execu... |
36716 | xfsdump xfs_fsr Symlink Arbitrary File Manipulation |
33201 | HP Serviceguard for Linux Unspecified Remote Access |
32939 | ulogd Multiple Unspecified Overflows |
19979 | SuSE Linux YaST liby2util Package Repository Permission Weakness |
18702 | SuSE Linux Kernel Unspecified Stack Fault Exception Local DoS |
17546 | Linux Kernel on 64Bit ptrace Function Local Overflow |
17479 | Linux Kernel ptrace / restore_sigcontext ar.rsc Access Issue |
15214 | Linux Kernel NFS Client O_DIRECT DoS |
13052 | Red Hat RHEL 3 Audit Subsystem DoS |
12791 | Linux Kernel sys_uselib Binary Format Loader Local Privilege Escalation |
11991 | X11 libXpm Multiple Unspecified Loops / Leaks DoS |
11990 | X11 libXpm Unspecified Path Traversal |
11989 | X11 libXpm Unspecified Out-of-bounds Memory DoS |
11988 | X11 libXpm Unspecified Multiple Overflows |
11985 | Linux Kernel smb Filesystem smb_receive_trans2 Arbitrary Memory Disclosure |
11984 | Linux Kernel smb Filesystem smb_proc_readX_data DoS |
11983 | Linux Kernel smb Filesystem smb_receive_trans2 Overflow |
11982 | Linux Kernel smb Filesystem smb_proc_readX Arbitrary Memory Disclosure |
11981 | Linux Kernel smb Filesystem smb_proc_read(X) Overflow |
11600 | Linux Kernel ELF Binary Loader open_exec() Binary Read Permission Error |
11599 | Linux Kernel ELF Binary Loader Interpreter Name String Parsing Issue |
11598 | Linux Kernel ELF Binary Loader mmap() Failure Handling Issue |
11597 | Linux Kernel ELF Binary Loader Bad Return Value Issue |
11147 | LibTIFF OJPEGVSetField Malformed TIFF Overflow |
OpenVAS Exploits
id | Description |
---|---|
2009-10-10 | Name : SLES9: Security update for openmotif File : nvt/sles9p5020391.nasl |
2009-10-10 | Name : SLES9: Security update for libtiff File : nvt/sles9p5017742.nasl |
2009-10-10 | Name : SLES9: Security update for OpenMotif File : nvt/sles9p5014940.nasl |
2009-10-10 | Name : SLES9: Security update for Linux kernel core File : nvt/sles9p5014380.nasl |
2009-10-10 | Name : SLES9: Security update for Mozilla File : nvt/sles9p5012017.nasl |
2009-10-10 | Name : SLES9: Security update for openmotif File : nvt/sles9p5010938.nasl |
2009-10-10 | Name : SLES9: Security update for Linux kernel File : nvt/sles9p5010817.nasl |
2009-06-03 | Name : Solaris Update for sdtimage 114220-11 File : nvt/gb_solaris_114220_11.nasl |
2009-06-03 | Name : Solaris Update for CDE 1.5 114219-11 File : nvt/gb_solaris_114219_11.nasl |
2009-06-03 | Name : Solaris Update for sdtimage 109932-10 File : nvt/gb_solaris_109932_10.nasl |
2009-06-03 | Name : Solaris Update for CDE 1.4 109931-10 File : nvt/gb_solaris_109931_10.nasl |
2009-04-09 | Name : Mandriva Update for kernel MDKSA-2007:060 (kernel) File : nvt/gb_mandriva_MDKSA_2007_060.nasl |
2009-04-09 | Name : Mandriva Update for xfsdump MDKSA-2007:134 (xfsdump) File : nvt/gb_mandriva_MDKSA_2007_134.nasl |
2009-04-09 | Name : Mandriva Update for kernel MDKSA-2007:078 (kernel) File : nvt/gb_mandriva_MDKSA_2007_078.nasl |
2009-03-23 | Name : Ubuntu Update for xfsdump vulnerability USN-516-1 File : nvt/gb_ubuntu_USN_516_1.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200412-17 (kfax) File : nvt/glsa_200412_17.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200409-26 (Mozilla) File : nvt/glsa_200409_26.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200409-16 (Samba) File : nvt/glsa_200409_16.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200407-16 (Kernel) File : nvt/glsa_200407_16.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200407-02 (Kernel) File : nvt/glsa_200407_02.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200501-02 (a2ps) File : nvt/glsa_200501_02.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200502-06 (lesstif) File : nvt/glsa_200502_06.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200502-07 (openmotif) File : nvt/glsa_200502_07.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200703-17 (ulogd) File : nvt/glsa_200703_17.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200409-34 (X) File : nvt/glsa_200409_34.nasl |
Snort® IPS/IDS
Date | Description |
---|---|
2018-01-17 | Mozilla Firefox buffer overflow attempt RuleID : 45172 - Type : BROWSER-FIREFOX - Revision : 1 |
2018-01-17 | Mozilla Firefox buffer overflow attempt RuleID : 45171 - Type : BROWSER-FIREFOX - Revision : 1 |
2014-01-10 | SMB client TRANS response ring0 remote code execution attempt RuleID : 16531 - Type : NETBIOS - Revision : 11 |
Nessus® Vulnerability Scanner
id | Description |
---|---|
2010-01-10 | Name: The remote Red Hat host is missing one or more security updates. File: redhat-RHSA-2008-0524.nasl - Type: ACT_GATHER_INFO |
2009-09-24 | Name: The remote SuSE 9 host is missing a security-related patch. File: suse9_9399.nasl - Type: ACT_GATHER_INFO |
2009-04-23 | Name: The remote FreeBSD host is missing one or more security-related updates. File: freebsd_pkg_3897a2f81d5711d9bc4a000c41e2cdad.nasl - Type: ACT_GATHER_INFO |
2009-04-23 | Name: The remote FreeBSD host is missing one or more security-related updates. File: freebsd_pkg_8091fceaf35e11d881b0000347a4fa7d.nasl - Type: ACT_GATHER_INFO |
2009-04-23 | Name: The remote FreeBSD host is missing one or more security-related updates. File: freebsd_pkg_a711de5c05fa11d9a9b200061bc2ad93.nasl - Type: ACT_GATHER_INFO |
2007-11-10 | Name: The remote Ubuntu host is missing a security-related patch. File: ubuntu_USN-516-1.nasl - Type: ACT_GATHER_INFO |
2007-06-27 | Name: The remote Mandrake Linux host is missing a security update. File: mandrake_MDKSA-2007-134.nasl - Type: ACT_GATHER_INFO |
2007-06-18 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-1304.nasl - Type: ACT_GATHER_INFO |
2007-05-03 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-1286.nasl - Type: ACT_GATHER_INFO |
2007-04-05 | Name: The remote Mandrake Linux host is missing one or more security updates. File: mandrake_MDKSA-2007-078.nasl - Type: ACT_GATHER_INFO |
2007-03-19 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-200703-17.nasl - Type: ACT_GATHER_INFO |
2007-03-12 | Name: The remote Mandrake Linux host is missing one or more security updates. File: mandrake_MDKSA-2007-060.nasl - Type: ACT_GATHER_INFO |
2007-02-18 | Name: The remote Mandrake Linux host is missing one or more security updates. File: mandrake_MDKSA-2004-111.nasl - Type: ACT_GATHER_INFO |
2006-10-14 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-1018.nasl - Type: ACT_GATHER_INFO |
2006-10-14 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-1067.nasl - Type: ACT_GATHER_INFO |
2006-10-14 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-1069.nasl - Type: ACT_GATHER_INFO |
2006-10-14 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-1070.nasl - Type: ACT_GATHER_INFO |
2006-10-14 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-1082.nasl - Type: ACT_GATHER_INFO |
2006-10-14 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-921.nasl - Type: ACT_GATHER_INFO |
2006-10-14 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-922.nasl - Type: ACT_GATHER_INFO |
2006-07-05 | Name: The remote CentOS host is missing one or more security updates. File: centos_RHSA-2005-293.nasl - Type: ACT_GATHER_INFO |
2006-07-05 | Name: The remote CentOS host is missing one or more security updates. File: centos_RHSA-2005-366.nasl - Type: ACT_GATHER_INFO |
2006-07-05 | Name: The remote CentOS host is missing one or more security updates. File: centos_RHSA-2005-514.nasl - Type: ACT_GATHER_INFO |
2006-07-03 | Name: The remote CentOS host is missing one or more security updates. File: centos_RHSA-2005-021.nasl - Type: ACT_GATHER_INFO |
2006-07-03 | Name: The remote CentOS host is missing one or more security updates. File: centos_RHSA-2005-354.nasl - Type: ACT_GATHER_INFO |