Summary
| Detail | |||
|---|---|---|---|
| Vendor | Suse | First view | 2004-08-06 |
| Product | Suse Linux | Last view | 2007-02-15 |
| Version | 9.0 | Type | Os |
| Update | * | ||
| Edition | x86_64 | ||
| Language | * | ||
| Sofware Edition | * | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:o:suse:suse_linux | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 10 | 2007-02-15 | CVE-2007-0980 | Unspecified vulnerability in HP Serviceguard for Linux; packaged for SuSE SLES8 and United Linux 1.0 before SG A.11.15.07, SuSE SLES9 and SLES10 before SG A.11.16.10, and Red Hat Enterprise Linux (RHEL) before SG A.11.16.10; allows remote attackers to obtain unauthorized access via unspecified vectors. |
| 10 | 2007-01-23 | CVE-2007-0460 | Multiple buffer overflows in ulogd for SUSE Linux 9.3 up to 10.1, and possibly other distributions, have unknown impact and attack vectors related to "improper string length calculations." |
| 6.4 | 2005-12-31 | CVE-2005-4772 | liby2util in Yet another Setup Tool (YaST) in SUSE Linux before 20051007 preserves permissions and ownerships when copying a remote repository, which might allow local users to read or modify sensitive files, possibly giving local users the ability to exploit CVE-2005-3013. |
| 5 | 2005-12-31 | CVE-2005-3626 | Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (crash) via a crafted FlateDecode stream that triggers a null dereference. |
| 10 | 2005-12-31 | CVE-2005-3625 | Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (infinite loop) via streams that end prematurely, as demonstrated using the (1) CCITTFaxDecode and (2) DCTDecode streams, aka "Infinite CPU spins." |
| 5 | 2005-12-31 | CVE-2005-3624 | The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others allows attackers to corrupt the heap via negative or large integers in a CCITTFaxDecode stream, which lead to integer overflows and integer underflows. |
| 4.6 | 2005-10-27 | CVE-2005-3321 | chkstat in SuSE Linux 9.0 through 10.0 allows local users to modify permissions of files by creating a hardlink to a file from a world-writable directory, which can cause the link count to drop to 1 when the file is deleted or replaced, which is then modified by chkstat to use weaker permissions. |
| 7.5 | 2005-05-02 | CVE-2005-0337 | Postfix 2.1.3, when /proc/net/if_inet6 is not available and permit_mx_backup is enabled in smtpd_recipient_restrictions, allows remote attackers to bypass e-mail restrictions and perform mail relaying by sending mail to an IPv6 hostname. |
| 7.5 | 2005-05-02 | CVE-2005-0005 | Heap-based buffer overflow in psd.c for ImageMagick 6.1.0, 6.1.7, and possibly earlier versions allows remote attackers to execute arbitrary code via a .PSD image file with a large number of layers. |
| 7.5 | 2005-04-27 | CVE-2005-0206 | The patch for integer overflow vulnerabilities in Xpdf 2.0 and 3.0 (CVE-2004-0888) is incomplete for 64-bit architectures on certain Linux distributions such as Red Hat, which could leave Xpdf users exposed to the original vulnerabilities. |
| 6.8 | 2005-04-27 | CVE-2005-0085 | Cross-site scripting (XSS) vulnerability in ht://dig (htdig) before 3.1.6-r7 allows remote attackers to execute arbitrary web script or HTML via the config parameter, which is not properly sanitized before it is displayed in an error message. |
| 5 | 2005-04-14 | CVE-2005-1043 | exif.c in PHP before 4.3.11 allows remote attackers to cause a denial of service (memory consumption and crash) via an EXIF header with a large IFD nesting level, which causes significant stack recursion. |
| 7.5 | 2005-04-14 | CVE-2004-1176 | Buffer underflow in extfs.c in Midnight Commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code. |
| 7.5 | 2005-04-14 | CVE-2004-1175 | fish.c in midnight commander allows remote attackers to execute arbitrary programs via "insecure filename quoting," possibly using shell metacharacters. |
| 5 | 2005-04-14 | CVE-2004-1174 | direntry.c in Midnight Commander (mc) 4.5.55 and earlier allows attackers to cause a denial of service by "manipulating non-existing file handles." |
| 5 | 2005-04-14 | CVE-2004-1093 | Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service via "use of already freed memory." |
| 5 | 2005-04-14 | CVE-2004-1092 | Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service by causing mc to free unallocated memory. |
| 5 | 2005-04-14 | CVE-2004-1091 | Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service by triggering a null dereference. |
| 5 | 2005-04-14 | CVE-2004-1090 | Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service via "a corrupt section header." |
| 5 | 2005-04-14 | CVE-2004-1009 | Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service (infinite loop) via unknown attack vectors. |
| 7.5 | 2005-04-14 | CVE-2004-1005 | Multiple buffer overflows in Midnight Commander (mc) 4.5.55 and earlier allow remote attackers to have an unknown impact. |
| 7.5 | 2005-04-14 | CVE-2004-1004 | Multiple format string vulnerabilities in Midnight Commander (mc) 4.5.55 and earlier allow remote attackers to have an unknown impact. |
| 7.5 | 2005-03-02 | CVE-2005-0639 | Multiple vulnerabilities in xli before 1.17 may allow remote attackers to execute arbitrary code via "buffer management errors" from certain image properties, some of which may be related to integer overflows in PPM files. |
| 7.5 | 2005-03-02 | CVE-2005-0638 | xloadimage before 4.1-r2, and xli before 1.17, allows attackers to execute arbitrary commands via shell metacharacters in filenames for compressed images, which are not properly quoted when calling the gunzip command. |
| 7.5 | 2005-03-02 | CVE-2005-0605 | scan.c for LibXPM may allow attackers to execute arbitrary code via a negative bitmap_unit value that leads to a buffer overflow. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 40% (2) | CWE-399 | Resource Management Errors |
| 40% (2) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
| 20% (1) | CWE-189 | Numeric Errors |
CAPEC : Common Attack Pattern Enumeration & Classification
| id | Name |
|---|---|
| CAPEC-15 | Command Delimiters |
| CAPEC-47 | Buffer Overflow via Parameter Expansion |
| CAPEC-100 | Overflow Buffers |
| CAPEC-123 | Buffer Attacks |
Open Source Vulnerability Database (OSVDB)
| id | Description |
|---|---|
| 44330 | CUPS on Red Hat 64-bit pdftops Crafted PDF File Handling Overflow |
| 33201 | HP Serviceguard for Linux Unspecified Remote Access |
| 32939 | ulogd Multiple Unspecified Overflows |
| 22235 | Multiple Products Xpdf/kpdf Crafted FlateDecode Stream NULL Dereference DoS |
| 22234 | Multiple Products Xpdf/kpdf Crafted CCITTFaxDecode / DCTDecode Stream DoS |
| 22233 | Multiple Products Xpdf/kpdf Stream.cc CCITTFaxStream::CCITTFaxStream Function... |
| 20263 | SUSE Permissions Bypass chkstat Arbitrary File Access |
| 19979 | SuSE Linux YaST liby2util Package Repository Permission Weakness |
| 16894 | Xpdf Integer Overflow Patch 64 Bit Architecture Failure |
| 15630 | PHP EXIF Header Large IFD Nesting Level DoS |
| 14373 | libXpm XPM Image GetImagePixels() / PutImagePixels() Overflow |
| 14366 | xli Unspecified Image Properties Overflow |
| 14357 | xloadimage Compressed Image Filename Shell Metacharacter Arbitrary Command Ex... |
| 13735 | MIME-tools MIMEDefang Empty Boundary Content-Type Virus Scan Bypass |
| 13520 | ht://Dig (htdig) config Parameter XSS |
| 13470 | Postfix IPv6 Patch if_inet6 Failure Arbitrary Mail Relay |
| 13452 | Perl PERLIO_DEBUG Local Overflow |
| 13154 | GNU Enscript EPSF Pipe Support Arbitrary Command Execution |
| 13149 | Xpdf Multiple Unspecified Remote Overflows |
| 13028 | ImageMagick PSD Image Decoding Module Overflow |
| 12911 | Midnight Commander Unspecified Underflow DoS |
| 12910 | Midnight Commander Insecure Filename Quoting Arbitrary Command Execution |
| 12909 | Midnight Commander Nonexistent File Descriptor Handling DoS |
| 12908 | Midnight Commander Unspecified Freed Memory DoS |
| 12907 | Midnight Commander Unspecified Unallocated Memory Issue |
OpenVAS Exploits
| id | Description |
|---|---|
| 2010-05-12 | Name : Mac OS X 10.5.7 Update / Mac OS X Security Update 2009-002 File : nvt/macosx_upd_10_5_7_secupd_2009-002.nasl |
| 2010-02-03 | Name : Solaris Update for CDE 1.6 119280-22 File : nvt/gb_solaris_119280_22.nasl |
| 2010-02-03 | Name : Solaris Update for Runtime library for Solaris 10 119281-22 File : nvt/gb_solaris_119281_22.nasl |
| 2009-11-17 | Name : Mac OS X Version File : nvt/macosx_version.nasl |
| 2009-10-10 | Name : SLES9: Security update for Linux kernel File : nvt/sles9p5010817.nasl |
| 2009-10-10 | Name : SLES9: Security update for openmotif File : nvt/sles9p5010938.nasl |
| 2009-10-10 | Name : SLES9: Security update for ethereal File : nvt/sles9p5010966.nasl |
| 2009-10-10 | Name : SLES9: Security update for enscript File : nvt/sles9p5011436.nasl |
| 2009-10-10 | Name : SLES9: Security update for Midnight Commander File : nvt/sles9p5011441.nasl |
| 2009-10-10 | Name : SLES9: Security update for cyrus-sasl File : nvt/sles9p5011476.nasl |
| 2009-10-10 | Name : SLES9: Security update for kdelibs3 File : nvt/sles9p5011912.nasl |
| 2009-10-10 | Name : SLES9: Security update for Mozilla File : nvt/sles9p5012017.nasl |
| 2009-10-10 | Name : SLES9: Security update for Perl File : nvt/sles9p5013510.nasl |
| 2009-10-10 | Name : SLES9: Security update for apache File : nvt/sles9p5014050.nasl |
| 2009-10-10 | Name : SLES9: Security update for imlib File : nvt/sles9p5014360.nasl |
| 2009-10-10 | Name : SLES9: Security update for CUPS File : nvt/sles9p5014529.nasl |
| 2009-10-10 | Name : SLES9: Security update for OpenMotif File : nvt/sles9p5014940.nasl |
| 2009-10-10 | Name : SLES9: Security update for PHP4 File : nvt/sles9p5015816.nasl |
| 2009-10-10 | Name : SLES9: Security update for MySQL File : nvt/sles9p5015996.nasl |
| 2009-10-10 | Name : SLES9: Security update for XFree86-libs File : nvt/sles9p5016773.nasl |
| 2009-10-10 | Name : SLES9: Security update for ethereal File : nvt/sles9p5016846.nasl |
| 2009-10-10 | Name : SLES9: Security update for htdig File : nvt/sles9p5018082.nasl |
| 2009-10-10 | Name : SLES9: Security update for openmotif File : nvt/sles9p5020391.nasl |
| 2009-10-10 | Name : SLES9: Security update for MySQL File : nvt/sles9p5020865.nasl |
| 2009-10-10 | Name : SLES9: Security update for gd File : nvt/sles9p5021249.nasl |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2019-08-31 | Postfix IPv6 Relaying Security Issue RuleID : 50859 - Type : SERVER-MAIL - Revision : 1 |
| 2014-01-10 | SMB NT Trans NT SET SECURITY DESC unicode andx DACL overflow attempt RuleID : 4674 - Type : NETBIOS - Revision : 4 |
| 2014-01-10 | SMB NT Trans NT SET SECURITY DESC unicode DACL overflow attempt RuleID : 4673 - Type : NETBIOS - Revision : 4 |
| 2014-01-10 | SMB NT Trans NT SET SECURITY DESC andx DACL overflow attempt RuleID : 4672 - Type : NETBIOS - Revision : 4 |
| 2014-01-10 | SMB NT Trans NT SET SECURITY DESC DACL overflow attempt RuleID : 4671 - Type : NETBIOS - Revision : 4 |
| 2014-01-10 | SMB-DS NT Trans NT SET SECURITY DESC unicode andx DACL overflow attempt RuleID : 4670 - Type : NETBIOS - Revision : 3 |
| 2014-01-10 | SMB-DS NT Trans NT SET SECURITY DESC unicode DACL overflow attempt RuleID : 4669 - Type : NETBIOS - Revision : 3 |
| 2014-01-10 | SMB-DS NT Trans NT SET SECURITY DESC andx DACL overflow attempt RuleID : 4668 - Type : NETBIOS - Revision : 3 |
| 2014-01-10 | SMB-DS NT Trans NT SET SECURITY DESC DACL overflow attempt RuleID : 4667 - Type : NETBIOS - Revision : 3 |
| 2014-01-10 | SMB NT Trans NT SET SECURITY DESC unicode andx DACL overflow attempt RuleID : 4666 - Type : NETBIOS - Revision : 2 |
| 2014-01-10 | SMB NT Trans NT SET SECURITY DESC unicode DACL overflow attempt RuleID : 4665 - Type : NETBIOS - Revision : 2 |
| 2014-01-10 | SMB NT Trans NT SET SECURITY DESC andx DACL overflow attempt RuleID : 4664 - Type : NETBIOS - Revision : 2 |
| 2014-01-10 | SMB NT Trans NT SET SECURITY DESC DACL overflow attempt RuleID : 4663 - Type : NETBIOS - Revision : 2 |
| 2014-01-10 | SMB NT Trans NT SET SECURITY DESC unicode andx SACL overflow attempt RuleID : 4662 - Type : NETBIOS - Revision : 4 |
| 2014-01-10 | SMB NT Trans NT SET SECURITY DESC unicode SACL overflow attempt RuleID : 4661 - Type : NETBIOS - Revision : 4 |
| 2014-01-10 | SMB NT Trans NT SET SECURITY DESC andx SACL overflow attempt RuleID : 4660 - Type : NETBIOS - Revision : 4 |
| 2014-01-10 | SMB NT Trans NT SET SECURITY DESC SACL overflow attempt RuleID : 4659 - Type : NETBIOS - Revision : 4 |
| 2014-01-10 | SMB-DS NT Trans NT SET SECURITY DESC unicode andx SACL overflow attempt RuleID : 4658 - Type : NETBIOS - Revision : 3 |
| 2014-01-10 | SMB-DS NT Trans NT SET SECURITY DESC unicode SACL overflow attempt RuleID : 4657 - Type : NETBIOS - Revision : 3 |
| 2014-01-10 | SMB-DS NT Trans NT SET SECURITY DESC andx SACL overflow attempt RuleID : 4656 - Type : NETBIOS - Revision : 3 |
| 2014-01-10 | SMB-DS NT Trans NT SET SECURITY DESC SACL overflow attempt RuleID : 4655 - Type : NETBIOS - Revision : 3 |
| 2014-01-10 | SMB NT Trans NT SET SECURITY DESC unicode andx SACL overflow attempt RuleID : 4654 - Type : NETBIOS - Revision : 2 |
| 2014-01-10 | SMB NT Trans NT SET SECURITY DESC unicode SACL overflow attempt RuleID : 4653 - Type : NETBIOS - Revision : 2 |
| 2014-01-10 | SMB NT Trans NT SET SECURITY DESC andx SACL overflow attempt RuleID : 4652 - Type : NETBIOS - Revision : 2 |
| 2014-01-10 | SMB NT Trans NT SET SECURITY DESC SACL overflow attempt RuleID : 4651 - Type : NETBIOS - Revision : 2 |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2015-07-16 | Name: The remote FreeBSD host is missing a security-related update. File: freebsd_pkg_ca139c7f2a8c11e5a4a5002590263bf5.nasl - Type: ACT_GATHER_INFO |
| 2015-01-19 | Name: The remote Solaris system is missing a security patch for third-party software. File: solaris11_perl-58_20131015.nasl - Type: ACT_GATHER_INFO |
| 2013-07-12 | Name: The remote Oracle Linux host is missing one or more security updates. File: oraclelinux_ELSA-2008-0206.nasl - Type: ACT_GATHER_INFO |
| 2013-06-29 | Name: The remote CentOS host is missing a security update. File: centos_RHSA-2005-332-01.nasl - Type: ACT_GATHER_INFO |
| 2012-09-24 | Name: The remote Fedora Core host is missing a security update. File: fedora_2006-010.nasl - Type: ACT_GATHER_INFO |
| 2012-09-24 | Name: The remote Fedora Core host is missing a security update. File: fedora_2006-011.nasl - Type: ACT_GATHER_INFO |
| 2012-09-06 | Name: The remote Mandrake Linux host is missing one or more security updates. File: mandrake_MDKSA-2005-041.nasl - Type: ACT_GATHER_INFO |
| 2012-09-06 | Name: The remote Mandrake Linux host is missing a security update. File: mandrake_MDKSA-2005-042.nasl - Type: ACT_GATHER_INFO |
| 2012-09-06 | Name: The remote Mandrake Linux host is missing a security update. File: mandrake_MDKSA-2005-043.nasl - Type: ACT_GATHER_INFO |
| 2012-09-06 | Name: The remote Mandrake Linux host is missing one or more security updates. File: mandrake_MDKSA-2005-044.nasl - Type: ACT_GATHER_INFO |
| 2012-09-06 | Name: The remote Mandrake Linux host is missing one or more security updates. File: mandrake_MDKSA-2005-056.nasl - Type: ACT_GATHER_INFO |
| 2012-08-01 | Name: The remote Scientific Linux host is missing one or more security updates. File: sl_20080401_cups_on_SL3_x.nasl - Type: ACT_GATHER_INFO |
| 2010-01-10 | Name: The remote Red Hat host is missing one or more security updates. File: redhat-RHSA-2008-0261.nasl - Type: ACT_GATHER_INFO |
| 2010-01-10 | Name: The remote Red Hat host is missing one or more security updates. File: redhat-RHSA-2008-0524.nasl - Type: ACT_GATHER_INFO |
| 2009-09-24 | Name: The remote SuSE 9 host is missing a security-related patch. File: suse9_9399.nasl - Type: ACT_GATHER_INFO |
| 2009-09-24 | Name: The remote SuSE 9 host is missing a security-related patch. File: suse9_9797.nasl - Type: ACT_GATHER_INFO |
| 2009-09-24 | Name: The remote SuSE 9 host is missing a security-related patch. File: suse9_9833.nasl - Type: ACT_GATHER_INFO |
| 2009-09-24 | Name: The remote SuSE 9 host is missing a security-related patch. File: suse9_9867.nasl - Type: ACT_GATHER_INFO |
| 2009-05-13 | Name: The remote host is missing a Mac OS X update that fixes various security issues. File: macosx_10_5_7.nasl - Type: ACT_GATHER_INFO |
| 2009-05-13 | Name: The remote host is missing a Mac OS X update that fixes various security issues. File: macosx_SecUpd2009-002.nasl - Type: ACT_GATHER_INFO |
| 2009-04-23 | Name: The remote FreeBSD host is missing a security-related update. File: freebsd_pkg_00644f03fb5811d89837000c41e2cdad.nasl - Type: ACT_GATHER_INFO |
| 2009-04-23 | Name: The remote FreeBSD host is missing one or more security-related updates. File: freebsd_pkg_622399682f2a11d9a9e70001020eed82.nasl - Type: ACT_GATHER_INFO |
| 2009-04-23 | Name: The remote FreeBSD host is missing one or more security-related updates. File: freebsd_pkg_6e6a6b8a2fde11d9b3a20050fc56d258.nasl - Type: ACT_GATHER_INFO |
| 2009-04-23 | Name: The remote FreeBSD host is missing one or more security-related updates. File: freebsd_pkg_8091fceaf35e11d881b0000347a4fa7d.nasl - Type: ACT_GATHER_INFO |
| 2009-04-23 | Name: The remote FreeBSD host is missing one or more security-related updates. File: freebsd_pkg_a711de5c05fa11d9a9b200061bc2ad93.nasl - Type: ACT_GATHER_INFO |
