Summary
Detail | |||
---|---|---|---|
Vendor | Turbolinux | First view | 2003-06-16 |
Product | Turbolinux Server | Last view | 2005-12-31 |
Version | Type | ||
Update | |||
Edition | |||
Language | |||
Sofware Edition | |||
Target Software | |||
Target Hardware | |||
Other |
Activity : Overall
COMMON PLATFORM ENUMERATION: Repartition per Version
Related : CVE
Date | Alert | Description | |
---|---|---|---|
5 | 2005-12-31 | CVE-2005-3626 | Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (crash) via a crafted FlateDecode stream that triggers a null dereference. |
10 | 2005-12-31 | CVE-2005-3625 | Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (infinite loop) via streams that end prematurely, as demonstrated using the (1) CCITTFaxDecode and (2) DCTDecode streams, aka "Infinite CPU spins." |
5 | 2005-12-31 | CVE-2005-3624 | The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others allows attackers to corrupt the heap via negative or large integers in a CCITTFaxDecode stream, which lead to integer overflows and integer underflows. |
3.7 | 2005-05-02 | CVE-2005-0988 | Race condition in gzip 1.2.4, 1.3.3, and earlier, when decompressing a gzipped file, allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by gzip after the decompression is complete. |
7.5 | 2005-04-14 | CVE-2004-1176 | Buffer underflow in extfs.c in Midnight Commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code. |
7.5 | 2005-04-14 | CVE-2004-1175 | fish.c in midnight commander allows remote attackers to execute arbitrary programs via "insecure filename quoting," possibly using shell metacharacters. |
5 | 2005-04-14 | CVE-2004-1174 | direntry.c in Midnight Commander (mc) 4.5.55 and earlier allows attackers to cause a denial of service by "manipulating non-existing file handles." |
5 | 2005-04-14 | CVE-2004-1093 | Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service via "use of already freed memory." |
5 | 2005-04-14 | CVE-2004-1092 | Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service by causing mc to free unallocated memory. |
5 | 2005-04-14 | CVE-2004-1091 | Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service by triggering a null dereference. |
5 | 2005-04-14 | CVE-2004-1090 | Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service via "a corrupt section header." |
5 | 2005-04-14 | CVE-2004-1009 | Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service (infinite loop) via unknown attack vectors. |
7.5 | 2005-04-14 | CVE-2004-1005 | Multiple buffer overflows in Midnight Commander (mc) 4.5.55 and earlier allow remote attackers to have an unknown impact. |
7.5 | 2005-04-14 | CVE-2004-1004 | Multiple format string vulnerabilities in Midnight Commander (mc) 4.5.55 and earlier allow remote attackers to have an unknown impact. |
2.1 | 2005-01-10 | CVE-2004-1073 | The open_exec function in the execve functionality (exec.c) in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, allows local users to read non-readable ELF binaries by using the interpreter (PT_INTERP) functionality. |
7.2 | 2005-01-10 | CVE-2004-1072 | The binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, may create an interpreter name string that is not NULL terminated, which could cause strings longer than PATH_MAX to be used, leading to buffer overflows that allow local users to cause a denial of service (hang) and possibly execute arbitrary code. |
7.2 | 2005-01-10 | CVE-2004-1071 | The binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, does not properly handle a failed call to the mmap function, which causes an incorrect mapped image and may allow local users to execute arbitrary code. |
7.2 | 2005-01-10 | CVE-2004-1070 | The load_elf_binary function in the binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, does not properly check return values from calls to the kernel_read function, which may allow local users to modify sensitive memory in a setuid program and execute arbitrary code. |
7.5 | 2004-12-31 | CVE-2004-0817 | Multiple heap-based buffer overflows in the imlib BMP image handler allow remote attackers to execute arbitrary code via a crafted BMP file. |
5.1 | 2004-12-31 | CVE-2004-0802 | Buffer overflow in the BMP loader in imlib2 before 1.1.2 allows remote attackers to execute arbitrary code via a specially-crafted BMP image, a different vulnerability than CVE-2004-0817. |
2.1 | 2004-12-27 | CVE-2004-1377 | The (1) fixps (aka fixps.in) and (2) psmandup (aka psmandup.in) scripts in a2ps before 4.13 allow local users to overwrite arbitrary files via a symlink attack on temporary files. |
5 | 2004-09-16 | CVE-2004-0809 | The mod_dav module in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (child process crash) via a certain sequence of LOCK requests for a location that allows WebDAV authoring access. |
10 | 2003-10-06 | CVE-2003-0694 | The prescan function in Sendmail 8.12.9 allows remote attackers to execute arbitrary code via buffer overflow attacks, as demonstrated using the parseaddr function in parseaddr.c. |
7.5 | 2003-10-06 | CVE-2003-0681 | A "potential buffer overflow in ruleset parsing" for Sendmail 8.12.9, when using the nonstandard rulesets (1) recipient (2), final, or (3) mailer-specific envelope recipients, has unknown consequences. |
7.5 | 2003-06-16 | CVE-2003-0370 | Konqueror Embedded and KDE 2.2.2 and earlier does not validate the Common Name (CN) field for X.509 Certificates, which could allow remote attackers to spoof certificates via a man-in-the-middle attack. |
CWE : Common Weakness Enumeration
% | id | Name |
---|---|---|
66% (2) | CWE-399 | Resource Management Errors |
33% (1) | CWE-189 | Numeric Errors |
Oval Markup Language : Definitions
OvalID | Name |
---|---|
oval:org.mitre.oval:def:595 | Potential BO in Ruleset Parsing for Sendmail |
oval:org.mitre.oval:def:3606 | Sendmail Ruleset Parsing Buffer Overflow |
oval:org.mitre.oval:def:603 | Sendmail BO in prescan Function |
oval:org.mitre.oval:def:572 | Sendmail BO in Prescan Function |
oval:org.mitre.oval:def:2975 | Sendmail prescan function Buffer Overflow |
oval:org.mitre.oval:def:9588 | The mod_dav module in Apache 2.0.50 and earlier allows remote attackers to ca... |
oval:org.mitre.oval:def:8843 | Multiple heap-based buffer overflows in the imlib BMP image handler allow rem... |
oval:org.mitre.oval:def:9450 | The load_elf_binary function in the binfmt_elf loader (binfmt_elf.c) in Linux... |
oval:org.mitre.oval:def:9917 | The binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to 2.4.27, and ... |
oval:org.mitre.oval:def:11195 | The binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to 2.4.27, and ... |
oval:org.mitre.oval:def:18892 | DSA-1286-1 linux-2.6 |
oval:org.mitre.oval:def:11503 | The open_exec function in the execve functionality (exec.c) in Linux kernel 2... |
oval:org.mitre.oval:def:765 | GNU GZip CHMod File Permission Modification Race ConditionWeakness |
oval:org.mitre.oval:def:1169 | gzip Hard Link Attack |
oval:org.mitre.oval:def:10242 | Race condition in gzip 1.2.4, 1.3.3, and earlier, when decompressing a gzippe... |
oval:org.mitre.oval:def:9437 | The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf... |
oval:org.mitre.oval:def:9575 | Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS... |
oval:org.mitre.oval:def:9992 | Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS... |
Open Source Vulnerability Database (OSVDB)
id | Description |
---|---|
22235 | Multiple Products Xpdf/kpdf Crafted FlateDecode Stream NULL Dereference DoS |
22234 | Multiple Products Xpdf/kpdf Crafted CCITTFaxDecode / DCTDecode Stream DoS |
22233 | Multiple Products Xpdf/kpdf Stream.cc CCITTFaxStream::CCITTFaxStream Function... |
15487 | gzip Race Condition Arbitrary File Permission Modification |
12911 | Midnight Commander Unspecified Underflow DoS |
12910 | Midnight Commander Insecure Filename Quoting Arbitrary Command Execution |
12909 | Midnight Commander Nonexistent File Descriptor Handling DoS |
12908 | Midnight Commander Unspecified Freed Memory DoS |
12907 | Midnight Commander Unspecified Unallocated Memory Issue |
12906 | Midnight Commander Unspecified Null Dereference DoS |
12905 | Midnight Commander Corrupted Selection Header DoS |
12904 | Midnight Commander Unspecified Infinite Loop DoS |
12903 | Midnight Commander Multiple Unspecified Overflows |
12902 | Midnight Commander Multiple Unspecified Format Strings |
12845 | GNU a2ps psmandup Script Symlink Arbitrary File Overwrite |
12844 | GNU a2ps fixps Script Symlink Arbitrary File Overwrite |
11600 | Linux Kernel ELF Binary Loader open_exec() Binary Read Permission Error |
11599 | Linux Kernel ELF Binary Loader Interpreter Name String Parsing Issue |
11598 | Linux Kernel ELF Binary Loader mmap() Failure Handling Issue |
11597 | Linux Kernel ELF Binary Loader Bad Return Value Issue |
9948 | mod_dav for Apache HTTP Server LOCK Request DoS |
9781 | imlib2 BMP Image Decoding Overflow |
9436 | imlib2 BMP Decoding Overflow |
9435 | imlib BMP Decoding Overflow |
2577 | Sendmail prescan() Function Remote Overflow |
OpenVAS Exploits
id | Description |
---|---|
2009-11-17 | Name : Mac OS X Version File : nvt/macosx_version.nasl |
2009-10-10 | Name : SLES9: Security update for imlib File : nvt/sles9p5014360.nasl |
2009-10-10 | Name : SLES9: Security update for webdav apache module File : nvt/sles9p5013988.nasl |
2009-10-10 | Name : SLES9: Security update for Midnight Commander File : nvt/sles9p5011441.nasl |
2009-10-10 | Name : SLES9: Security update for Apache 2 File : nvt/sles9p5009547.nasl |
2009-06-03 | Name : Solaris Update for SunFreeware gzip 120719-02 File : nvt/gb_solaris_120719_02.nasl |
2009-05-05 | Name : HP-UX Update for sendmail HPSBUX00281 File : nvt/gb_hp_ux_HPSBUX00281.nasl |
2009-05-05 | Name : HP-UX Update for Apache with PHP HPSBUX01090 File : nvt/gb_hp_ux_HPSBUX01090.nasl |
2009-04-09 | Name : Mandriva Update for kernel MDKSA-2007:060 (kernel) File : nvt/gb_mandriva_MDKSA_2007_060.nasl |
2009-04-09 | Name : Mandriva Update for kernel MDKSA-2007:078 (kernel) File : nvt/gb_mandriva_MDKSA_2007_078.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200409-07 (xv) File : nvt/glsa_200409_07.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200409-12 (imagemagick imlib) File : nvt/glsa_200409_12.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200409-21 (apache) File : nvt/glsa_200409_21.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200502-24 (mc) File : nvt/glsa_200502_24.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200505-05 (gzip) File : nvt/glsa_200505_05.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200601-02 (kdegraphics, kpdf, koffice, kword) File : nvt/glsa_200601_02.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200601-17 (xpdf poppler gpdf libextractor pdfto... File : nvt/glsa_200601_17.nasl |
2008-09-04 | Name : FreeBSD Security Advisory (FreeBSD-SA-05:11.gzip.asc) File : nvt/freebsdsa_gzip.nasl |
2008-09-04 | Name : FreeBSD Ports: mc File : nvt/freebsd_mc.nasl |
2008-09-04 | Name : FreeBSD Ports: imlib2 File : nvt/freebsd_imlib2.nasl |
2008-09-04 | Name : FreeBSD Ports: imlib File : nvt/freebsd_imlib0.nasl |
2008-09-04 | Name : FreeBSD Ports: gzip File : nvt/freebsd_gzip.nasl |
2008-09-04 | Name : FreeBSD Ports: apache File : nvt/freebsd_apache4.nasl |
2008-09-04 | Name : FreeBSD Ports: a2ps-a4, a2ps-letter, a2ps-letterdj File : nvt/freebsd_a2ps-a4.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1070-1 (kernel-source-2.4.19,kernel-image-sparc-... File : nvt/deb_1070_1.nasl |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | RCPT TO overflow RuleID : 654-community - Type : SERVER-MAIL - Revision : 28 |
2014-01-10 | RCPT TO overflow RuleID : 654 - Type : SERVER-MAIL - Revision : 28 |
2014-01-10 | Sendmail RCPT TO prescan too long addresses overflow RuleID : 2270-community - Type : SERVER-MAIL - Revision : 18 |
2014-01-10 | Sendmail RCPT TO prescan too long addresses overflow RuleID : 2270 - Type : SERVER-MAIL - Revision : 18 |
2014-01-10 | RCPT TO overflow RuleID : 18574 - Type : SERVER-MAIL - Revision : 6 |
Nessus® Vulnerability Scanner
id | Description |
---|---|
2012-09-24 | Name: The remote Fedora Core host is missing a security update. File: fedora_2006-010.nasl - Type: ACT_GATHER_INFO |
2012-09-24 | Name: The remote Fedora Core host is missing a security update. File: fedora_2006-011.nasl - Type: ACT_GATHER_INFO |
2009-09-24 | Name: The remote SuSE 9 host is missing a security-related patch. File: suse9_9363.nasl - Type: ACT_GATHER_INFO |
2009-09-24 | Name: The remote SuSE 9 host is missing a security-related patch. File: suse9_9797.nasl - Type: ACT_GATHER_INFO |
2009-04-23 | Name: The remote FreeBSD host is missing a security-related update. File: freebsd_pkg_00644f03fb5811d89837000c41e2cdad.nasl - Type: ACT_GATHER_INFO |
2009-04-23 | Name: The remote FreeBSD host is missing one or more security-related updates. File: freebsd_pkg_013fa252072411d9b45d000c41e2cdad.nasl - Type: ACT_GATHER_INFO |
2009-04-23 | Name: The remote FreeBSD host is missing a security-related update. File: freebsd_pkg_ba005226fb5b11d89837000c41e2cdad.nasl - Type: ACT_GATHER_INFO |
2007-09-25 | Name: The remote HP-UX host is missing a security-related patch. File: hpux_PHNE_35483.nasl - Type: ACT_GATHER_INFO |
2007-09-25 | Name: The remote HP-UX host is missing a security-related patch. File: hpux_PHNE_35484.nasl - Type: ACT_GATHER_INFO |
2007-09-25 | Name: The remote HP-UX host is missing a security-related patch. File: hpux_PHNE_35485.nasl - Type: ACT_GATHER_INFO |
2007-06-18 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-1304.nasl - Type: ACT_GATHER_INFO |
2007-05-03 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-1286.nasl - Type: ACT_GATHER_INFO |
2007-04-05 | Name: The remote Mandrake Linux host is missing one or more security updates. File: mandrake_MDKSA-2007-078.nasl - Type: ACT_GATHER_INFO |
2007-03-12 | Name: The remote Mandrake Linux host is missing one or more security updates. File: mandrake_MDKSA-2007-060.nasl - Type: ACT_GATHER_INFO |
2006-10-14 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-1067.nasl - Type: ACT_GATHER_INFO |
2006-10-14 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-1069.nasl - Type: ACT_GATHER_INFO |
2006-10-14 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-1070.nasl - Type: ACT_GATHER_INFO |
2006-10-14 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-1082.nasl - Type: ACT_GATHER_INFO |
2006-10-14 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-931.nasl - Type: ACT_GATHER_INFO |
2006-10-14 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-932.nasl - Type: ACT_GATHER_INFO |
2006-10-14 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-936.nasl - Type: ACT_GATHER_INFO |
2006-10-14 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-937.nasl - Type: ACT_GATHER_INFO |
2006-10-14 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-938.nasl - Type: ACT_GATHER_INFO |
2006-10-14 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-940.nasl - Type: ACT_GATHER_INFO |
2006-10-14 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-950.nasl - Type: ACT_GATHER_INFO |