This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Trustix First view 2004-06-01
Product Secure Linux Last view 2005-12-31
Version 2.0 Type Os
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:o:trustix:secure_linux

Activity : Overall

Related : CVE

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
5 2005-12-31 CVE-2005-3626

Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (crash) via a crafted FlateDecode stream that triggers a null dereference.

10 2005-12-31 CVE-2005-3625

Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (infinite loop) via streams that end prematurely, as demonstrated using the (1) CCITTFaxDecode and (2) DCTDecode streams, aka "Infinite CPU spins."

5 2005-12-31 CVE-2005-3624

The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others allows attackers to corrupt the heap via negative or large integers in a CCITTFaxDecode stream, which lead to integer overflows and integer underflows.

5 2005-06-10 CVE-2005-1267

The bgp_update_print function in tcpdump 3.x does not properly handle a -1 return value from the decode_prefix4 function, which allows remote attackers to cause a denial of service (infinite loop) via a crafted BGP packet.

2.1 2005-05-03 CVE-2005-1410

The tsearch2 module in PostgreSQL 7.4 through 8.0.x declares the (1) dex_init, (2) snb_en_init, (3) snb_ru_init, (4) spell_init, and (5) syn_init functions as "internal" even when they do not take an internal argument, which allows attackers to cause a denial of service (application crash) and possibly have other impacts via SQL commands that call other functions that accept internal arguments.

3.7 2005-05-02 CVE-2005-0988

Race condition in gzip 1.2.4, 1.3.3, and earlier, when decompressing a gzipped file, allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by gzip after the decompression is complete.

7.2 2005-03-01 CVE-2004-1051

sudo before 1.6.8p2 allows local users to execute arbitrary commands by using "()" style environment variables to create functions that have the same name as any program within the bash script that is called without using the program's full pathname.

10 2005-03-01 CVE-2004-0990

Integer overflow in GD Graphics Library libgd 2.0.28 (libgd2), and possibly other versions, allows remote attackers to cause a denial of service and possibly execute arbitrary code via PNG image files with large image rows values that lead to a heap-based buffer overflow in the gdImageCreateFromPngCtx function, a different set of vulnerabilities than CVE-2004-0941.

10 2005-03-01 CVE-2004-0989

Multiple buffer overflows in libXML 2.6.12 and 2.6.13 (libxml2), and possibly other versions, may allow remote attackers to execute arbitrary code via (1) a long FTP URL that is not properly handled by the xmlNanoFTPScanURL function, (2) a long proxy URL containing FTP data that is not properly handled by the xmlNanoFTPScanProxy function, and other overflows related to manipulation of DNS length values, including (3) xmlNanoFTPConnect, (4) xmlNanoHTTPConnectHost, and (5) xmlNanoHTTPConnectHost.

2.1 2005-02-09 CVE-2004-0977

The make_oidjoins_check script in PostgreSQL 7.4.5 and earlier allows local users to overwrite files via a symlink attack on temporary files.

6.8 2005-02-09 CVE-2004-0957

Unknown vulnerability in MySQL 3.23.58 and earlier, when a local user has privileges for a database whose name includes a "_" (underscore), grants privileges to other databases that have similar names, which can allow the user to conduct unauthorized activities.

10 2005-02-09 CVE-2004-0941

Multiple buffer overflows in the gd graphics library (libgd) 2.0.21 and earlier may allow remote attackers to execute arbitrary code via malformed image files that trigger the overflows due to improper calls to the gdMalloc function, a different set of vulnerabilities than CVE-2004-0990.

2.1 2005-02-07 CVE-2005-0156

Buffer overflow in the PerlIO implementation in Perl 5.8.0, when installed with setuid support (sperl), allows local users to execute arbitrary code by setting the PERLIO_DEBUG variable and executing a Perl script whose full pathname contains a long directory tree.

5 2005-01-27 CVE-2004-0918

The asn_parse_header function (asn1.c) in the SNMP module for Squid Web Proxy Cache before 2.4.STABLE7 allows remote attackers to cause a denial of service (server restart) via certain SNMP packets with negative length fields that trigger a memory allocation error.

5 2005-01-27 CVE-2004-0886

Multiple integer overflows in libtiff 3.6.1 and earlier allow remote attackers to cause a denial of service (crash or memory corruption) via TIFF images that lead to incorrect malloc calls.

10 2005-01-10 CVE-2004-1304

Stack-based buffer overflow in the ELF header parsing code in file before 4.12 allows attackers to execute arbitrary code via a crafted ELF file.

10 2005-01-10 CVE-2004-1154

Integer overflow in the Samba daemon (smbd) in Samba 2.x and 3.0.x through 3.0.9 allows remote authenticated users to cause a denial of service (application crash) and possibly execute arbitrary code via a Samba request with a large number of security descriptors that triggers a heap-based buffer overflow.

2.1 2005-01-10 CVE-2004-1073

The open_exec function in the execve functionality (exec.c) in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, allows local users to read non-readable ELF binaries by using the interpreter (PT_INTERP) functionality.

7.2 2005-01-10 CVE-2004-1072

The binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, may create an interpreter name string that is not NULL terminated, which could cause strings longer than PATH_MAX to be used, leading to buffer overflows that allow local users to cause a denial of service (hang) and possibly execute arbitrary code.

7.2 2005-01-10 CVE-2004-1071

The binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, does not properly handle a failed call to the mmap function, which causes an incorrect mapped image and may allow local users to execute arbitrary code.

7.2 2005-01-10 CVE-2004-1070

The load_elf_binary function in the binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, does not properly check return values from calls to the kernel_read function, which may allow local users to modify sensitive memory in a setuid program and execute arbitrary code.

10 2005-01-10 CVE-2004-1065

Buffer overflow in the exif_read_data function in PHP before 4.3.10 and PHP 5.x up to 5.0.2 allows remote attackers to execute arbitrary code via a long section name in an image file.

10 2005-01-10 CVE-2004-1019

The deserialization code in PHP before 4.3.10 and PHP 5.x up to 5.0.2 allows remote attackers to cause a denial of service and execute arbitrary code via untrusted data to the unserialize function that may trigger "information disclosure, double-free and negative reference index array underflow" results.

10 2005-01-10 CVE-2004-1013

The argument parser of the FETCH command in Cyrus IMAP Server 2.2.x through 2.2.8 allows remote authenticated users to execute arbitrary code via certain commands such as (1) "body[p", (2) "binary[p", or (3) "binary[p") that cause an index increment error that leads to an out-of-bounds memory corruption.

10 2005-01-10 CVE-2004-1012

The argument parser of the PARTIAL command in Cyrus IMAP Server 2.2.6 and earlier allows remote authenticated users to execute arbitrary code via a certain command ("body[p") that is treated as a different command ("body.peek") and causes an index increment error that leads to an out-of-bounds memory corruption.

CWE : Common Weakness Enumeration

%idName
60% (3) CWE-399 Resource Management Errors
20% (1) CWE-189 Numeric Errors
20% (1) CWE-20 Improper Input Validation

CAPEC : Common Attack Pattern Enumeration & Classification

id Name
CAPEC-3 Using Leading 'Ghost' Character Sequences to Bypass Input Filters
CAPEC-6 Argument Injection
CAPEC-15 Command Delimiters
CAPEC-18 Embedding Scripts in Nonscript Elements
CAPEC-27 Leveraging Race Conditions via Symbolic Links
CAPEC-29 Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions
CAPEC-32 Embedding Scripts in HTTP Query Strings
CAPEC-43 Exploiting Multiple Input Interpretation Layers
CAPEC-47 Buffer Overflow via Parameter Expansion
CAPEC-63 Simple Script Injection
CAPEC-71 Using Unicode Encoding to Bypass Validation Logic
CAPEC-73 User-Controlled Filename
CAPEC-85 Client Network Footprinting (using AJAX/XSS)
CAPEC-86 Embedding Script (XSS ) in HTTP Headers
CAPEC-163 Spear Phishing
CAPEC-247 Cross-Site Scripting with Masking through Invalid Characters in Identifiers

Open Source Vulnerability Database (OSVDB)

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
73493 libpng pngerror.c png_format_buffer() Off-by-one PNG Image Handling Remote DoS
60303 OSC2Nuke / OSC2NukeLite eregi() Function Calling Script Access Path Disclosure
60302 Nuke Cops eregi() Function Calling Script Access Path Disclosure
23282 Samba Unspecified Remote Memory Leak Information Disclosure
22235 Multiple Products Xpdf/kpdf Crafted FlateDecode Stream NULL Dereference DoS
22234 Multiple Products Xpdf/kpdf Crafted CCITTFaxDecode / DCTDecode Stream DoS
22233 Multiple Products Xpdf/kpdf Stream.cc CCITTFaxStream::CCITTFaxStream Function...
17227 tcpdump bgp_update_print() Function Malformed BGP Protocol Data DoS
16324 PostgreSQL tsearch2 Module Multiple Function Internal Processing Issue
15487 gzip Race Condition Arbitrary File Permission Modification
13452 Perl PERLIO_DEBUG Local Overflow
12602 PHP exif_read_data Section Name Command Execution
12422 Samba smbd Security Descriptor Parsing Remote Overflow
12415 PHP unserialize() Function Negative Reference Arbitrary Code Execution
12255 file ELF Header Parsing Unspecified Stack Manipulation
12098 Cyrus IMAP Server FETCH Command Partial Argument Remote Overflow
12097 Cyrus IMAP Server Partial Command Argument Parser Remote Overflow
12096 Cyrus IMAP Server IMAPMAGICPLUS Option Pre-Authentication Remote Overflow
11985 Linux Kernel smb Filesystem smb_receive_trans2 Arbitrary Memory Disclosure
11984 Linux Kernel smb Filesystem smb_proc_readX_data DoS
11983 Linux Kernel smb Filesystem smb_receive_trans2 Overflow
11982 Linux Kernel smb Filesystem smb_proc_readX Arbitrary Memory Disclosure
11981 Linux Kernel smb Filesystem smb_proc_read(X) Overflow
11760 GD Graphics Library (libgd) gdMalloc Multiple Overflows
11716 sudo Bash Script Subversion Arbitrary Command Execution

ExploitDB Exploits

id Description
718 Linux Kernel 2.6.x chown() Group Ownership Alteration Exploit
375 Linux Kernel File Offset Pointer Handling Memory Disclosure Exploit

OpenVAS Exploits

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2012-09-10 Name : Slackware Advisory SSA:2011-210-01 libpng
File : nvt/esoft_slk_ssa_2011_210_01.nasl
2012-07-09 Name : RedHat Update for libpng RHSA-2011:1105-01
File : nvt/gb_RHSA-2011_1105-01_libpng.nasl
2012-04-11 Name : Fedora Update for libpng10 FEDORA-2012-5079
File : nvt/gb_fedora_2012_5079_libpng10_fc15.nasl
2012-04-02 Name : Fedora Update for libpng10 FEDORA-2012-3536
File : nvt/gb_fedora_2012_3536_libpng10_fc15.nasl
2012-03-07 Name : Fedora Update for libpng10 FEDORA-2012-2008
File : nvt/gb_fedora_2012_2008_libpng10_fc15.nasl
2011-10-21 Name : Mandriva Update for libpng MDVSA-2011:151 (libpng)
File : nvt/gb_mandriva_MDVSA_2011_151.nasl
2011-08-02 Name : Fedora Update for libpng FEDORA-2011-9336
File : nvt/gb_fedora_2011_9336_libpng_fc14.nasl
2011-07-27 Name : Fedora Update for libpng10 FEDORA-2011-8844
File : nvt/gb_fedora_2011_8844_libpng10_fc15.nasl
2011-07-27 Name : Fedora Update for libpng10 FEDORA-2011-8867
File : nvt/gb_fedora_2011_8867_libpng10_fc14.nasl
2011-07-22 Name : Fedora Update for libpng FEDORA-2011-9343
File : nvt/gb_fedora_2011_9343_libpng_fc15.nasl
2011-07-18 Name : Fedora Update for mingw32-libpng FEDORA-2011-8868
File : nvt/gb_fedora_2011_8868_mingw32-libpng_fc14.nasl
2011-07-18 Name : Fedora Update for mingw32-libpng FEDORA-2011-8874
File : nvt/gb_fedora_2011_8874_mingw32-libpng_fc15.nasl
2009-11-17 Name : Mac OS X Version
File : nvt/macosx_version.nasl
2009-10-10 Name : SLES9: Security update for Apache 2
File : nvt/sles9p5009547.nasl
2009-10-10 Name : SLES9: Security update for Linux kernel
File : nvt/sles9p5010817.nasl
2009-10-10 Name : SLES9: Security update for PostgreSQL
File : nvt/sles9p5010972.nasl
2009-10-10 Name : SLES9: Security update for Perl
File : nvt/sles9p5013510.nasl
2009-10-10 Name : SLES9: Security update for webdav apache module
File : nvt/sles9p5013988.nasl
2009-10-10 Name : SLES9: Security update for PHP4
File : nvt/sles9p5015816.nasl
2009-10-10 Name : SLES9: Security update for MySQL
File : nvt/sles9p5015996.nasl
2009-10-10 Name : SLES9: Security update for samba
File : nvt/sles9p5016221.nasl
2009-10-10 Name : SLES9: Security update for libxml
File : nvt/sles9p5016394.nasl
2009-10-10 Name : SLES9: Security update for libtiff
File : nvt/sles9p5017742.nasl
2009-10-10 Name : SLES9: Security update for PHP4
File : nvt/sles9p5019075.nasl
2009-10-10 Name : SLES9: Security update for CUPS
File : nvt/sles9p5019347.nasl

Snort® IPS/IDS

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
Date Description
2014-01-10 SMB NT Trans NT SET SECURITY DESC unicode andx DACL overflow attempt
RuleID : 4674 - Type : NETBIOS - Revision : 4
2014-01-10 SMB NT Trans NT SET SECURITY DESC unicode DACL overflow attempt
RuleID : 4673 - Type : NETBIOS - Revision : 4
2014-01-10 SMB NT Trans NT SET SECURITY DESC andx DACL overflow attempt
RuleID : 4672 - Type : NETBIOS - Revision : 4
2014-01-10 SMB NT Trans NT SET SECURITY DESC DACL overflow attempt
RuleID : 4671 - Type : NETBIOS - Revision : 4
2014-01-10 SMB-DS NT Trans NT SET SECURITY DESC unicode andx DACL overflow attempt
RuleID : 4670 - Type : NETBIOS - Revision : 3
2014-01-10 SMB-DS NT Trans NT SET SECURITY DESC unicode DACL overflow attempt
RuleID : 4669 - Type : NETBIOS - Revision : 3
2014-01-10 SMB-DS NT Trans NT SET SECURITY DESC andx DACL overflow attempt
RuleID : 4668 - Type : NETBIOS - Revision : 3
2014-01-10 SMB-DS NT Trans NT SET SECURITY DESC DACL overflow attempt
RuleID : 4667 - Type : NETBIOS - Revision : 3
2014-01-10 SMB NT Trans NT SET SECURITY DESC unicode andx DACL overflow attempt
RuleID : 4666 - Type : NETBIOS - Revision : 2
2014-01-10 SMB NT Trans NT SET SECURITY DESC unicode DACL overflow attempt
RuleID : 4665 - Type : NETBIOS - Revision : 2
2014-01-10 SMB NT Trans NT SET SECURITY DESC andx DACL overflow attempt
RuleID : 4664 - Type : NETBIOS - Revision : 2
2014-01-10 SMB NT Trans NT SET SECURITY DESC DACL overflow attempt
RuleID : 4663 - Type : NETBIOS - Revision : 2
2014-01-10 SMB NT Trans NT SET SECURITY DESC unicode andx SACL overflow attempt
RuleID : 4662 - Type : NETBIOS - Revision : 4
2014-01-10 SMB NT Trans NT SET SECURITY DESC unicode SACL overflow attempt
RuleID : 4661 - Type : NETBIOS - Revision : 4
2014-01-10 SMB NT Trans NT SET SECURITY DESC andx SACL overflow attempt
RuleID : 4660 - Type : NETBIOS - Revision : 4
2014-01-10 SMB NT Trans NT SET SECURITY DESC SACL overflow attempt
RuleID : 4659 - Type : NETBIOS - Revision : 4
2014-01-10 SMB-DS NT Trans NT SET SECURITY DESC unicode andx SACL overflow attempt
RuleID : 4658 - Type : NETBIOS - Revision : 3
2014-01-10 SMB-DS NT Trans NT SET SECURITY DESC unicode SACL overflow attempt
RuleID : 4657 - Type : NETBIOS - Revision : 3
2014-01-10 SMB-DS NT Trans NT SET SECURITY DESC andx SACL overflow attempt
RuleID : 4656 - Type : NETBIOS - Revision : 3
2014-01-10 SMB-DS NT Trans NT SET SECURITY DESC SACL overflow attempt
RuleID : 4655 - Type : NETBIOS - Revision : 3
2014-01-10 SMB NT Trans NT SET SECURITY DESC unicode andx SACL overflow attempt
RuleID : 4654 - Type : NETBIOS - Revision : 2
2014-01-10 SMB NT Trans NT SET SECURITY DESC unicode SACL overflow attempt
RuleID : 4653 - Type : NETBIOS - Revision : 2
2014-01-10 SMB NT Trans NT SET SECURITY DESC andx SACL overflow attempt
RuleID : 4652 - Type : NETBIOS - Revision : 2
2014-01-10 SMB NT Trans NT SET SECURITY DESC SACL overflow attempt
RuleID : 4651 - Type : NETBIOS - Revision : 2
2014-12-23 Microsoft and libpng multiple products PNG large image width overflow attempt
RuleID : 32889-community - Type : FILE-IMAGE - Revision : 2

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2018-05-01 Name: The remote Slackware host is missing a security update.
File: Slackware_SSA_2018-120-01.nasl - Type: ACT_GATHER_INFO
2016-08-29 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2016-1638-1.nasl - Type: ACT_GATHER_INFO
2015-07-16 Name: The remote FreeBSD host is missing a security-related update.
File: freebsd_pkg_ca139c7f2a8c11e5a4a5002590263bf5.nasl - Type: ACT_GATHER_INFO
2015-02-20 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2015-163.nasl - Type: ACT_GATHER_INFO
2015-01-19 Name: The remote Solaris system is missing a security patch for third-party software.
File: solaris11_perl-58_20131015.nasl - Type: ACT_GATHER_INFO
2015-01-09 Name: The remote Amazon Linux AMI host is missing a security update.
File: ala_ALAS-2015-463.nasl - Type: ACT_GATHER_INFO
2015-01-09 Name: The remote Amazon Linux AMI host is missing a security update.
File: ala_ALAS-2015-464.nasl - Type: ACT_GATHER_INFO
2014-06-13 Name: The remote openSUSE host is missing a security update.
File: suse_11_3_hplip-110812.nasl - Type: ACT_GATHER_INFO
2014-06-13 Name: The remote openSUSE host is missing a security update.
File: suse_11_4_hplip-110812.nasl - Type: ACT_GATHER_INFO
2013-01-24 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2008-0523.nasl - Type: ACT_GATHER_INFO
2012-09-24 Name: The remote Fedora Core host is missing a security update.
File: fedora_2006-010.nasl - Type: ACT_GATHER_INFO
2012-09-24 Name: The remote Fedora Core host is missing a security update.
File: fedora_2006-011.nasl - Type: ACT_GATHER_INFO
2011-11-18 Name: The remote Samba server is affected by a buffer overflow vulnerability.
File: samba_3_0_5.nasl - Type: ACT_GATHER_INFO
2011-11-18 Name: The remote host is running a service that contains multiple memory leaks.
File: samba_3_0_6.nasl - Type: ACT_GATHER_INFO
2011-10-18 Name: The remote Mandriva Linux host is missing one or more security updates.
File: mandriva_MDVSA-2011-151.nasl - Type: ACT_GATHER_INFO
2011-08-26 Name: The remote SuSE 11 host is missing one or more security updates.
File: suse_11_hplip-110812.nasl - Type: ACT_GATHER_INFO
2011-08-01 Name: The remote Fedora host is missing a security update.
File: fedora_2011-9336.nasl - Type: ACT_GATHER_INFO
2011-07-25 Name: The remote Fedora host is missing a security update.
File: fedora_2011-8844.nasl - Type: ACT_GATHER_INFO
2011-07-25 Name: The remote Fedora host is missing a security update.
File: fedora_2011-8867.nasl - Type: ACT_GATHER_INFO
2011-07-19 Name: The remote Fedora host is missing a security update.
File: fedora_2011-9343.nasl - Type: ACT_GATHER_INFO
2011-07-18 Name: The remote Fedora host is missing a security update.
File: fedora_2011-8868.nasl - Type: ACT_GATHER_INFO
2011-07-18 Name: The remote Fedora host is missing a security update.
File: fedora_2011-8874.nasl - Type: ACT_GATHER_INFO
2009-09-24 Name: The remote SuSE 9 host is missing a security-related patch.
File: suse9_9363.nasl - Type: ACT_GATHER_INFO
2009-09-24 Name: The remote SuSE 9 host is missing a security-related patch.
File: suse9_9579.nasl - Type: ACT_GATHER_INFO
2009-08-18 Name: The remote Fedora host is missing a security update.
File: fedora_2009-8582.nasl - Type: ACT_GATHER_INFO