Summary
Detail | |||
---|---|---|---|
Vendor | Trustix | First view | 2005-01-10 |
Product | Secure Linux | Last view | 2007-02-13 |
Version | 2.2 | Type | Os |
Update | * | ||
Edition | * | ||
Language | * | ||
Sofware Edition | * | ||
Target Software | * | ||
Target Hardware | * | ||
Other | * | ||
CPE Product | cpe:2.3:o:trustix:secure_linux |
Activity : Overall
Related : CVE
Date | Alert | Description | |
---|---|---|---|
10 | 2007-02-13 | CVE-2007-0910 | Unspecified vulnerability in PHP before 5.2.1 allows attackers to "clobber" certain super-global variables via unspecified vectors. |
7.5 | 2007-02-13 | CVE-2007-0909 | Multiple format string vulnerabilities in PHP before 5.2.1 might allow attackers to execute arbitrary code via format string specifiers to (1) all of the *print functions on 64-bit systems, and (2) the odbc_result_all function. |
5 | 2007-02-13 | CVE-2007-0907 | Buffer underflow in PHP before 5.2.1 allows attackers to cause a denial of service via unspecified vectors involving the sapi_header_op function. |
7.5 | 2007-02-13 | CVE-2007-0906 | Multiple buffer overflows in PHP before 5.2.1 allow attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors in the (1) session, (2) zip, (3) imap, and (4) sqlite extensions; (5) stream filters; and the (6) str_replace, (7) mail, (8) ibase_delete_user, (9) ibase_add_user, and (10) ibase_modify_user functions. NOTE: vector 6 might actually be an integer overflow (CVE-2007-1885). NOTE: as of 20070411, vector (3) might involve the imap_mail_compose function (CVE-2007-1825). |
7.5 | 2007-02-13 | CVE-2007-0905 | PHP before 5.2.1 allows attackers to bypass safe_mode and open_basedir restrictions via unspecified vectors in the session extension. NOTE: it is possible that this issue is a duplicate of CVE-2006-6383. |
5 | 2005-12-31 | CVE-2005-3626 | Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (crash) via a crafted FlateDecode stream that triggers a null dereference. |
10 | 2005-12-31 | CVE-2005-3625 | Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (infinite loop) via streams that end prematurely, as demonstrated using the (1) CCITTFaxDecode and (2) DCTDecode streams, aka "Infinite CPU spins." |
5 | 2005-12-31 | CVE-2005-3624 | The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others allows attackers to corrupt the heap via negative or large integers in a CCITTFaxDecode stream, which lead to integer overflows and integer underflows. |
5 | 2005-06-10 | CVE-2005-1267 | The bgp_update_print function in tcpdump 3.x does not properly handle a -1 return value from the decode_prefix4 function, which allows remote attackers to cause a denial of service (infinite loop) via a crafted BGP packet. |
3.7 | 2005-05-02 | CVE-2005-0988 | Race condition in gzip 1.2.4, 1.3.3, and earlier, when decompressing a gzipped file, allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by gzip after the decompression is complete. |
6.9 | 2005-05-02 | CVE-2005-0001 | Race condition in the page fault handler (fault.c) for Linux kernel 2.2.x to 2.2.7, 2.4 to 2.4.29, and 2.6 to 2.6.10, when running on multiprocessor machines, allows local users to execute arbitrary code via concurrent threads that share the same virtual memory space and simultaneously request stack expansion. |
5 | 2005-03-15 | CVE-2005-0384 | Unknown vulnerability in the PPP driver for the Linux kernel 2.6.8.1 allows remote attackers to cause a denial of service (kernel crash) via a pppd client. |
7.2 | 2005-03-01 | CVE-2004-1051 | sudo before 1.6.8p2 allows local users to execute arbitrary commands by using "()" style environment variables to create functions that have the same name as any program within the bash script that is called without using the program's full pathname. |
10 | 2005-03-01 | CVE-2004-0990 | Integer overflow in GD Graphics Library libgd 2.0.28 (libgd2), and possibly other versions, allows remote attackers to cause a denial of service and possibly execute arbitrary code via PNG image files with large image rows values that lead to a heap-based buffer overflow in the gdImageCreateFromPngCtx function, a different set of vulnerabilities than CVE-2004-0941. |
10 | 2005-02-09 | CVE-2004-0941 | Multiple buffer overflows in the gd graphics library (libgd) 2.0.21 and earlier may allow remote attackers to execute arbitrary code via malformed image files that trigger the overflows due to improper calls to the gdMalloc function, a different set of vulnerabilities than CVE-2004-0990. |
2.1 | 2005-02-07 | CVE-2005-0156 | Buffer overflow in the PerlIO implementation in Perl 5.8.0, when installed with setuid support (sperl), allows local users to execute arbitrary code by setting the PERLIO_DEBUG variable and executing a Perl script whose full pathname contains a long directory tree. |
10 | 2005-01-10 | CVE-2004-1304 | Stack-based buffer overflow in the ELF header parsing code in file before 4.12 allows attackers to execute arbitrary code via a crafted ELF file. |
10 | 2005-01-10 | CVE-2004-1154 | Integer overflow in the Samba daemon (smbd) in Samba 2.x and 3.0.x through 3.0.9 allows remote authenticated users to cause a denial of service (application crash) and possibly execute arbitrary code via a Samba request with a large number of security descriptors that triggers a heap-based buffer overflow. |
2.1 | 2005-01-10 | CVE-2004-1073 | The open_exec function in the execve functionality (exec.c) in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, allows local users to read non-readable ELF binaries by using the interpreter (PT_INTERP) functionality. |
7.2 | 2005-01-10 | CVE-2004-1072 | The binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, may create an interpreter name string that is not NULL terminated, which could cause strings longer than PATH_MAX to be used, leading to buffer overflows that allow local users to cause a denial of service (hang) and possibly execute arbitrary code. |
7.2 | 2005-01-10 | CVE-2004-1071 | The binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, does not properly handle a failed call to the mmap function, which causes an incorrect mapped image and may allow local users to execute arbitrary code. |
7.2 | 2005-01-10 | CVE-2004-1070 | The load_elf_binary function in the binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, does not properly check return values from calls to the kernel_read function, which may allow local users to modify sensitive memory in a setuid program and execute arbitrary code. |
10 | 2005-01-10 | CVE-2004-1065 | Buffer overflow in the exif_read_data function in PHP before 4.3.10 and PHP 5.x up to 5.0.2 allows remote attackers to execute arbitrary code via a long section name in an image file. |
10 | 2005-01-10 | CVE-2004-1019 | The deserialization code in PHP before 4.3.10 and PHP 5.x up to 5.0.2 allows remote attackers to cause a denial of service and execute arbitrary code via untrusted data to the unserialize function that may trigger "information disclosure, double-free and negative reference index array underflow" results. |
10 | 2005-01-10 | CVE-2004-1013 | The argument parser of the FETCH command in Cyrus IMAP Server 2.2.x through 2.2.8 allows remote authenticated users to execute arbitrary code via certain commands such as (1) "body[p", (2) "binary[p", or (3) "binary[p") that cause an index increment error that leads to an out-of-bounds memory corruption. |
CWE : Common Weakness Enumeration
% | id | Name |
---|---|---|
40% (2) | CWE-399 | Resource Management Errors |
20% (1) | CWE-189 | Numeric Errors |
20% (1) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
20% (1) | CWE-20 | Improper Input Validation |
Open Source Vulnerability Database (OSVDB)
id | Description |
---|---|
34715 | PHP ibase_modify_user() Function Unspecified Overflow |
34714 | PHP ibase_add_user() Function Unspecified Overflow |
34713 | PHP ibase_delete_user() Function Unspecified Overflow |
34712 | PHP mail() Function Unspecified Overflow |
34711 | PHP str_replace() Function Unspecified Overflow |
34710 | PHP stream Filters Unspecified Overflow |
34709 | PHP sqlite Extension Unspecified Overflow |
34708 | PHP imap Extension Unspecified Overflow |
34707 | PHP zip Extension Unspecified Overflow |
34706 | PHP Session Extension Unspecified Overflow |
32768 | PHP Session Extension Multiple Restriction Bypass |
32767 | PHP sapi_header_op Function Underflow DoS |
32765 | PHP odbc_result_all Function Format String |
32764 | PHP on 64-bit Multiple print Function Format String |
32763 | PHP Super-global Variable Unspecified Clobber |
22235 | Multiple Products Xpdf/kpdf Crafted FlateDecode Stream NULL Dereference DoS |
22234 | Multiple Products Xpdf/kpdf Crafted CCITTFaxDecode / DCTDecode Stream DoS |
22233 | Multiple Products Xpdf/kpdf Stream.cc CCITTFaxStream::CCITTFaxStream Function... |
17227 | tcpdump bgp_update_print() Function Malformed BGP Protocol Data DoS |
15487 | gzip Race Condition Arbitrary File Permission Modification |
14810 | Linux Kernel Malformed PPP Packet Remote DoS |
13452 | Perl PERLIO_DEBUG Local Overflow |
12914 | Linux Kernel Multiprocessor Page Fault Handler Race Condition |
12602 | PHP exif_read_data Section Name Command Execution |
12422 | Samba smbd Security Descriptor Parsing Remote Overflow |
OpenVAS Exploits
id | Description |
---|---|
2012-06-21 | Name : PHP version smaller than 4.4.5 File : nvt/nopsec_php_4_4_5.nasl |
2012-06-21 | Name : PHP version smaller than 5.2.1 File : nvt/nopsec_php_5_2_1.nasl |
2010-04-23 | Name : PHP 5.2.0 and Prior Versions Multiple Vulnerabilities File : nvt/gb_php_22496.nasl |
2009-11-17 | Name : Mac OS X Version File : nvt/macosx_version.nasl |
2009-10-10 | Name : SLES9: Security update for PHP4 File : nvt/sles9p5021688.nasl |
2009-10-10 | Name : SLES9: Security update for PHP4 File : nvt/sles9p5009300.nasl |
2009-10-10 | Name : SLES9: Security update for Linux kernel File : nvt/sles9p5010817.nasl |
2009-10-10 | Name : SLES9: Security update for Linux kernel File : nvt/sles9p5011171.nasl |
2009-10-10 | Name : SLES9: Security update for PHP4 File : nvt/sles9p5015816.nasl |
2009-10-10 | Name : SLES9: Security update for PHP4 File : nvt/sles9p5019075.nasl |
2009-10-10 | Name : SLES9: Security update for PHP4 File : nvt/sles9p5020183.nasl |
2009-10-10 | Name : SLES9: Security update for PHP4 File : nvt/sles9p5020404.nasl |
2009-10-10 | Name : SLES9: Security update for gd File : nvt/sles9p5021249.nasl |
2009-10-10 | Name : SLES9: Security update for PHP4 File : nvt/sles9p5021505.nasl |
2009-10-10 | Name : SLES9: Security update for Perl File : nvt/sles9p5013510.nasl |
2009-06-03 | Name : Solaris Update for SunFreeware gzip 120719-02 File : nvt/gb_solaris_120719_02.nasl |
2009-04-09 | Name : Mandriva Update for kernel MDKSA-2007:078 (kernel) File : nvt/gb_mandriva_MDKSA_2007_078.nasl |
2009-04-09 | Name : Mandriva Update for php MDKSA-2007:048 (php) File : nvt/gb_mandriva_MDKSA_2007_048.nasl |
2009-04-09 | Name : Mandriva Update for kernel MDKSA-2007:060 (kernel) File : nvt/gb_mandriva_MDKSA_2007_060.nasl |
2009-03-23 | Name : Ubuntu Update for php5 regression USN-424-2 File : nvt/gb_ubuntu_USN_424_2.nasl |
2009-03-23 | Name : Ubuntu Update for php5 vulnerabilities USN-424-1 File : nvt/gb_ubuntu_USN_424_1.nasl |
2009-02-27 | Name : Fedora Update for php FEDORA-2007-526 File : nvt/gb_fedora_2007_526_php_fc5.nasl |
2009-02-27 | Name : Fedora Update for php FEDORA-2007-455 File : nvt/gb_fedora_2007_455_php_fc5.nasl |
2009-02-27 | Name : Fedora Update for php FEDORA-2007-287 File : nvt/gb_fedora_2007_287_php_fc5.nasl |
2009-02-27 | Name : Fedora Update for php FEDORA-2007-261 File : nvt/gb_fedora_2007_261_php_fc6.nasl |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | SMB NT Trans NT SET SECURITY DESC unicode andx DACL overflow attempt RuleID : 4674 - Type : NETBIOS - Revision : 4 |
2014-01-10 | SMB NT Trans NT SET SECURITY DESC unicode DACL overflow attempt RuleID : 4673 - Type : NETBIOS - Revision : 4 |
2014-01-10 | SMB NT Trans NT SET SECURITY DESC andx DACL overflow attempt RuleID : 4672 - Type : NETBIOS - Revision : 4 |
2014-01-10 | SMB NT Trans NT SET SECURITY DESC DACL overflow attempt RuleID : 4671 - Type : NETBIOS - Revision : 4 |
2014-01-10 | SMB-DS NT Trans NT SET SECURITY DESC unicode andx DACL overflow attempt RuleID : 4670 - Type : NETBIOS - Revision : 3 |
2014-01-10 | SMB-DS NT Trans NT SET SECURITY DESC unicode DACL overflow attempt RuleID : 4669 - Type : NETBIOS - Revision : 3 |
2014-01-10 | SMB-DS NT Trans NT SET SECURITY DESC andx DACL overflow attempt RuleID : 4668 - Type : NETBIOS - Revision : 3 |
2014-01-10 | SMB-DS NT Trans NT SET SECURITY DESC DACL overflow attempt RuleID : 4667 - Type : NETBIOS - Revision : 3 |
2014-01-10 | SMB NT Trans NT SET SECURITY DESC unicode andx DACL overflow attempt RuleID : 4666 - Type : NETBIOS - Revision : 2 |
2014-01-10 | SMB NT Trans NT SET SECURITY DESC unicode DACL overflow attempt RuleID : 4665 - Type : NETBIOS - Revision : 2 |
2014-01-10 | SMB NT Trans NT SET SECURITY DESC andx DACL overflow attempt RuleID : 4664 - Type : NETBIOS - Revision : 2 |
2014-01-10 | SMB NT Trans NT SET SECURITY DESC DACL overflow attempt RuleID : 4663 - Type : NETBIOS - Revision : 2 |
2014-01-10 | SMB NT Trans NT SET SECURITY DESC unicode andx SACL overflow attempt RuleID : 4662 - Type : NETBIOS - Revision : 4 |
2014-01-10 | SMB NT Trans NT SET SECURITY DESC unicode SACL overflow attempt RuleID : 4661 - Type : NETBIOS - Revision : 4 |
2014-01-10 | SMB NT Trans NT SET SECURITY DESC andx SACL overflow attempt RuleID : 4660 - Type : NETBIOS - Revision : 4 |
2014-01-10 | SMB NT Trans NT SET SECURITY DESC SACL overflow attempt RuleID : 4659 - Type : NETBIOS - Revision : 4 |
2014-01-10 | SMB-DS NT Trans NT SET SECURITY DESC unicode andx SACL overflow attempt RuleID : 4658 - Type : NETBIOS - Revision : 3 |
2014-01-10 | SMB-DS NT Trans NT SET SECURITY DESC unicode SACL overflow attempt RuleID : 4657 - Type : NETBIOS - Revision : 3 |
2014-01-10 | SMB-DS NT Trans NT SET SECURITY DESC andx SACL overflow attempt RuleID : 4656 - Type : NETBIOS - Revision : 3 |
2014-01-10 | SMB-DS NT Trans NT SET SECURITY DESC SACL overflow attempt RuleID : 4655 - Type : NETBIOS - Revision : 3 |
2014-01-10 | SMB NT Trans NT SET SECURITY DESC unicode andx SACL overflow attempt RuleID : 4654 - Type : NETBIOS - Revision : 2 |
2014-01-10 | SMB NT Trans NT SET SECURITY DESC unicode SACL overflow attempt RuleID : 4653 - Type : NETBIOS - Revision : 2 |
2014-01-10 | SMB NT Trans NT SET SECURITY DESC andx SACL overflow attempt RuleID : 4652 - Type : NETBIOS - Revision : 2 |
2014-01-10 | SMB NT Trans NT SET SECURITY DESC SACL overflow attempt RuleID : 4651 - Type : NETBIOS - Revision : 2 |
2014-12-23 | Microsoft and libpng multiple products PNG large image width overflow attempt RuleID : 32889-community - Type : FILE-IMAGE - Revision : 2 |
Nessus® Vulnerability Scanner
id | Description |
---|---|
2018-05-01 | Name: The remote Slackware host is missing a security update. File: Slackware_SSA_2018-120-01.nasl - Type: ACT_GATHER_INFO |
2016-08-29 | Name: The remote SUSE host is missing one or more security updates. File: suse_SU-2016-1638-1.nasl - Type: ACT_GATHER_INFO |
2015-07-16 | Name: The remote FreeBSD host is missing a security-related update. File: freebsd_pkg_ca139c7f2a8c11e5a4a5002590263bf5.nasl - Type: ACT_GATHER_INFO |
2015-02-20 | Name: The remote openSUSE host is missing a security update. File: openSUSE-2015-163.nasl - Type: ACT_GATHER_INFO |
2015-01-19 | Name: The remote Solaris system is missing a security patch for third-party software. File: solaris11_perl-58_20131015.nasl - Type: ACT_GATHER_INFO |
2015-01-09 | Name: The remote Amazon Linux AMI host is missing a security update. File: ala_ALAS-2015-463.nasl - Type: ACT_GATHER_INFO |
2015-01-09 | Name: The remote Amazon Linux AMI host is missing a security update. File: ala_ALAS-2015-464.nasl - Type: ACT_GATHER_INFO |
2013-07-12 | Name: The remote Oracle Linux host is missing one or more security updates. File: oraclelinux_ELSA-2007-0076.nasl - Type: ACT_GATHER_INFO |
2012-09-24 | Name: The remote Fedora Core host is missing a security update. File: fedora_2006-010.nasl - Type: ACT_GATHER_INFO |
2012-09-24 | Name: The remote Fedora Core host is missing a security update. File: fedora_2006-011.nasl - Type: ACT_GATHER_INFO |
2009-04-23 | Name: The remote FreeBSD host is missing one or more security-related updates. File: freebsd_pkg_622399682f2a11d9a9e70001020eed82.nasl - Type: ACT_GATHER_INFO |
2007-12-13 | Name: The remote SuSE 10 host is missing a security-related patch. File: suse_apache2-mod_php5-2684.nasl - Type: ACT_GATHER_INFO |
2007-12-13 | Name: The remote SuSE 10 host is missing a security-related patch. File: suse_php5-3754.nasl - Type: ACT_GATHER_INFO |
2007-11-10 | Name: The remote Ubuntu host is missing one or more security-related patches. File: ubuntu_USN-424-1.nasl - Type: ACT_GATHER_INFO |
2007-11-10 | Name: The remote Ubuntu host is missing one or more security-related patches. File: ubuntu_USN-424-2.nasl - Type: ACT_GATHER_INFO |
2007-10-17 | Name: The remote openSUSE host is missing a security update. File: suse_php5-2687.nasl - Type: ACT_GATHER_INFO |
2007-10-17 | Name: The remote openSUSE host is missing a security update. File: suse_php5-3745.nasl - Type: ACT_GATHER_INFO |
2007-10-17 | Name: The remote openSUSE host is missing a security update. File: suse_php5-3753.nasl - Type: ACT_GATHER_INFO |
2007-06-18 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-1304.nasl - Type: ACT_GATHER_INFO |
2007-05-25 | Name: The remote Red Hat host is missing one or more security updates. File: redhat-RHSA-2007-0082.nasl - Type: ACT_GATHER_INFO |
2007-05-03 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-1286.nasl - Type: ACT_GATHER_INFO |
2007-04-05 | Name: The remote Mandrake Linux host is missing one or more security updates. File: mandrake_MDKSA-2007-078.nasl - Type: ACT_GATHER_INFO |
2007-04-02 | Name: The remote web server uses a version of PHP that is affected by multiple flaws. File: php_4_4_5.nasl - Type: ACT_GATHER_INFO |
2007-04-02 | Name: The remote web server uses a version of PHP that is affected by multiple flaws. File: php_5_2_1.nasl - Type: ACT_GATHER_INFO |
2007-03-26 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-200703-21.nasl - Type: ACT_GATHER_INFO |