This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Ubuntu First view 2005-03-05
Product Ubuntu Linux Last view 2007-02-23
Version 5.04 Type Os
Update *  
Edition i386  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:o:ubuntu:ubuntu_linux

Activity : Overall

Related : CVE

  Date Alert Description
7.8 2007-02-23 CVE-2006-5877

The enigmail extension before 0.94.2 does not properly handle large, encrypted file e-mail attachments, which allows remote attackers to cause a denial of service (crash), as demonstrated with Mozilla Thunderbird.

7.2 2006-07-06 CVE-2006-3378

passwd command in shadow in Ubuntu 5.04 through 6.06 LTS, when called with the -f, -g, or -s flag, does not check the return code of a setuid call, which might allow local users to gain root privileges if setuid fails in cases such as PAM failures or resource limits.

7.2 2006-01-09 CVE-2006-0151

sudo 1.6.8 and other versions does not clear the PYTHONINSPECT environment variable, which allows limited local users to gain privileges via a Python script, a variant of CVE-2005-4158.

5 2005-12-31 CVE-2005-3626

Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (crash) via a crafted FlateDecode stream that triggers a null dereference.

10 2005-12-31 CVE-2005-3625

Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (infinite loop) via streams that end prematurely, as demonstrated using the (1) CCITTFaxDecode and (2) DCTDecode streams, aka "Infinite CPU spins."

5 2005-12-31 CVE-2005-3624

The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others allows attackers to corrupt the heap via negative or large integers in a CCITTFaxDecode stream, which lead to integer overflows and integer underflows.

5 2005-08-15 CVE-2005-1527

Eval injection vulnerability in awstats.pl in AWStats 6.4 and earlier, when a URLPlugin is enabled, allows remote attackers to execute arbitrary Perl code via the HTTP Referrer, which is used in a $url parameter that is inserted into an eval function call.

3.7 2005-05-02 CVE-2005-0988

Race condition in gzip 1.2.4, 1.3.3, and earlier, when decompressing a gzipped file, allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by gzip after the decompression is complete.

7.5 2005-04-22 CVE-2005-0754

Kommander in KDE 3.2 through KDE 3.4.0 executes data files without confirmation from the user, which allows remote attackers to execute arbitrary code.

5.6 2005-03-05 CVE-2005-0109

Hyper-Threading technology, as used in FreeBSD and other operating systems that are run on Intel Pentium and other processors, allows local users to use a malicious thread to create covert channels, monitor the execution of other threads, and obtain sensitive information such as cryptographic keys, via a timing attack on memory cache misses.

CWE : Common Weakness Enumeration

%idName
66% (2) CWE-399 Resource Management Errors
33% (1) CWE-189 Numeric Errors

CAPEC : Common Attack Pattern Enumeration & Classification

id Name
CAPEC-35 Leverage Executable Code in Nonexecutable Files

Open Source Vulnerability Database (OSVDB)

id Description
45258 enigmail Extension Encrypted File Attachment Handling DoS
26995 shadow setuid Failure Local Privilege Escalation
22235 Multiple Products Xpdf/kpdf Crafted FlateDecode Stream NULL Dereference DoS
22234 Multiple Products Xpdf/kpdf Crafted CCITTFaxDecode / DCTDecode Stream DoS
22233 Multiple Products Xpdf/kpdf Stream.cc CCITTFaxStream::CCITTFaxStream Function...
20764 Sudo PERL5OPT Environment Cleaning Multiple Variable Privilege Escalation
18696 AWStats ShowInfoURL Arbitrary Perl Code Execution
16440 Multiple Unix Vendor Hyper-Threading (HTT) Arbitrary Thread Process Informati...
15761 KDE Kommander Dialog Action Arbitrary Script Execution
15487 gzip Race Condition Arbitrary File Permission Modification

OpenVAS Exploits

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2009-11-17 Name : Mac OS X Version
File : nvt/macosx_version.nasl
2009-06-03 Name : Solaris Update for SunFreeware gzip 120719-02
File : nvt/gb_solaris_120719_02.nasl
2009-03-23 Name : Ubuntu Update for enigmail vulnerability USN-427-1
File : nvt/gb_ubuntu_USN_427_1.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200601-17 (xpdf poppler gpdf libextractor pdfto...
File : nvt/glsa_200601_17.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200601-02 (kdegraphics, kpdf, koffice, kword)
File : nvt/glsa_200601_02.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200508-07 (awstats)
File : nvt/glsa_200508_07.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200505-05 (gzip)
File : nvt/glsa_200505_05.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200504-23 (Kommander)
File : nvt/glsa_200504_23.nasl
2008-09-04 Name : FreeBSD Security Advisory (FreeBSD-SA-05:09.htt.asc)
File : nvt/freebsdsa_htt.nasl
2008-09-04 Name : FreeBSD Security Advisory (FreeBSD-SA-05:11.gzip.asc)
File : nvt/freebsdsa_gzip.nasl
2008-09-04 Name : FreeBSD Ports: kdewebdev
File : nvt/freebsd_kdewebdev.nasl
2008-09-04 Name : FreeBSD Ports: gzip
File : nvt/freebsd_gzip.nasl
2008-09-04 Name : FreeBSD Ports: awstats
File : nvt/freebsd_awstats1.nasl
2008-01-17 Name : Debian Security Advisory DSA 892-1 (awstats)
File : nvt/deb_892_1.nasl
2008-01-17 Name : Debian Security Advisory DSA 962-1 (pdftohtml)
File : nvt/deb_962_1.nasl
2008-01-17 Name : Debian Security Advisory DSA 961-1 (pdfkit.framework)
File : nvt/deb_961_1.nasl
2008-01-17 Name : Debian Security Advisory DSA 950-1 (cupsys)
File : nvt/deb_950_1.nasl
2008-01-17 Name : Debian Security Advisory DSA 946-2 (sudo)
File : nvt/deb_946_2.nasl
2008-01-17 Name : Debian Security Advisory DSA 946-1 (sudo)
File : nvt/deb_946_1.nasl
2008-01-17 Name : Debian Security Advisory DSA 940-1 (gpdf)
File : nvt/deb_940_1.nasl
2008-01-17 Name : Debian Security Advisory DSA 938-1 (koffice)
File : nvt/deb_938_1.nasl
2008-01-17 Name : Debian Security Advisory DSA 937-1 (tetex-bin)
File : nvt/deb_937_1.nasl
2008-01-17 Name : Debian Security Advisory DSA 936-1 (libextractor)
File : nvt/deb_936_1.nasl
2008-01-17 Name : Debian Security Advisory DSA 932-1 (xpdf)
File : nvt/deb_932_1.nasl
2008-01-17 Name : Debian Security Advisory DSA 931-1 (xpdf)
File : nvt/deb_931_1.nasl

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2012-09-24 Name: The remote Fedora Core host is missing a security update.
File: fedora_2006-010.nasl - Type: ACT_GATHER_INFO
2012-09-24 Name: The remote Fedora Core host is missing a security update.
File: fedora_2005-345.nasl - Type: ACT_GATHER_INFO
2012-09-24 Name: The remote Fedora Core host is missing a security update.
File: fedora_2006-011.nasl - Type: ACT_GATHER_INFO
2007-11-10 Name: The remote Ubuntu host is missing a security-related patch.
File: ubuntu_USN-427-1.nasl - Type: ACT_GATHER_INFO
2007-11-10 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-308-1.nasl - Type: ACT_GATHER_INFO
2006-12-16 Name: The remote Mandrake Linux host is missing a security update.
File: mandrake_MDKSA-2006-159.nasl - Type: ACT_GATHER_INFO
2006-10-14 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-946.nasl - Type: ACT_GATHER_INFO
2006-10-14 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-940.nasl - Type: ACT_GATHER_INFO
2006-10-14 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-938.nasl - Type: ACT_GATHER_INFO
2006-10-14 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-937.nasl - Type: ACT_GATHER_INFO
2006-10-14 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-936.nasl - Type: ACT_GATHER_INFO
2006-10-14 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-932.nasl - Type: ACT_GATHER_INFO
2006-10-14 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-931.nasl - Type: ACT_GATHER_INFO
2006-10-14 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-892.nasl - Type: ACT_GATHER_INFO
2006-10-14 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-1150.nasl - Type: ACT_GATHER_INFO
2006-10-14 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-950.nasl - Type: ACT_GATHER_INFO
2006-10-14 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-961.nasl - Type: ACT_GATHER_INFO
2006-10-14 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-962.nasl - Type: ACT_GATHER_INFO
2006-09-22 Name: The remote Slackware host is missing a security update.
File: Slackware_SSA_2006-262-01.nasl - Type: ACT_GATHER_INFO
2006-08-01 Name: The remote operating system is missing a vendor-supplied patch.
File: macosx_SecUpd2006-004.nasl - Type: ACT_GATHER_INFO
2006-07-05 Name: The remote CentOS host is missing a security update.
File: centos_RHSA-2006-0177.nasl - Type: ACT_GATHER_INFO
2006-07-05 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2005-868.nasl - Type: ACT_GATHER_INFO
2006-07-03 Name: The remote CentOS host is missing a security update.
File: centos_RHSA-2005-357.nasl - Type: ACT_GATHER_INFO
2006-07-03 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2006-0163.nasl - Type: ACT_GATHER_INFO
2006-07-03 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2006-0160.nasl - Type: ACT_GATHER_INFO