Summary
Detail | |||
---|---|---|---|
Vendor | Ubuntu | First view | 1996-07-16 |
Product | Ubuntu Linux | Last view | 2010-08-10 |
Version | 10.10 | Type | |
Update | |||
Edition | |||
Language | |||
Sofware Edition | |||
Target Software | |||
Target Hardware | |||
Other |
Activity : Overall
COMMON PLATFORM ENUMERATION: Repartition per Version
Related : CVE
Date | Alert | Description | |
---|---|---|---|
9.3 | 2010-08-10 | CVE-2010-0834 | The base-files package before 5.0.0ubuntu7.1 on Ubuntu 9.10 and before 5.0.0ubuntu20.10.04.2 on Ubuntu 10.04 LTS, as shipped on Dell Latitude 2110 netbooks, does not require authentication for package installation, which allows remote archive servers and man-in-the-middle attackers to execute arbitrary code via a crafted package. |
6.2 | 2009-03-04 | CVE-2009-0578 | GNOME NetworkManager before 0.7.0.99 does not properly verify privileges for dbus (1) modify and (2) delete requests, which allows local users to change or remove the network connections of arbitrary users via unspecified vectors related to org.freedesktop.NetworkManagerUserSettings and at_console. |
4.6 | 2009-03-04 | CVE-2009-0365 | nm-applet.conf in GNOME NetworkManager before 0.7.0.99 contains an incorrect deny setting, which allows local users to discover (1) network connection passwords and (2) pre-shared keys via calls to the GetSecrets method in the dbus request handler. |
7.2 | 2007-10-11 | CVE-2007-5365 | Stack-based buffer overflow in the cons_options function in options.c in dhcpd in OpenBSD 4.0 through 4.2, and some other dhcpd implementations based on ISC dhcp-2, allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a DHCP request specifying a maximum message size smaller than the minimum IP MTU. |
5 | 2007-08-30 | CVE-2007-4601 | A regression error in tcp-wrappers 7.6.dbs-10 and 7.6.dbs-11 might allow remote attackers to bypass intended access restrictions when a service uses libwrap but does not specify server connection information. |
8.5 | 2007-04-05 | CVE-2007-1351 | Integer overflow in the bdfReadCharacters function in bdfread.c in (1) X.Org libXfont before 20070403 and (2) freetype 2.3.2 and earlier allows remote authenticated users to execute arbitrary code via crafted BDF fonts, which result in a heap overflow. |
7.8 | 2007-02-23 | CVE-2006-5877 | The enigmail extension before 0.94.2 does not properly handle large, encrypted file e-mail attachments, which allows remote attackers to cause a denial of service (crash), as demonstrated with Mozilla Thunderbird. |
4.6 | 2006-12-13 | CVE-2006-5649 | Unspecified vulnerability in the "alignment check exception handling" in Ubuntu 5.10, 6.06 LTS, and 6.10 for the PowerPC (PPC) allows local users to cause a denial of service (kernel panic) via unspecified vectors. |
4.6 | 2006-12-13 | CVE-2006-5648 | Ubuntu Linux 6.10 for the PowerPC (PPC) allows local users to cause a denial of service (resource consumption) by using the (1) sys_get_robust_list and (2) sys_set_robust_list functions to create processes that cannot be killed. |
10 | 2006-12-07 | CVE-2006-6235 | A "stack overwrite" vulnerability in GnuPG (gpg) 1.x before 1.4.6, 2.x before 2.0.2, and 1.9.0 through 1.9.95 allows attackers to execute arbitrary code via crafted OpenPGP packets that cause GnuPG to dereference a function pointer from deallocated stack memory. |
5.4 | 2006-11-06 | CVE-2006-5466 | Heap-based buffer overflow in the showQueryPackage function in librpm in RPM Package Manager 4.4.8, when the LANG environment variable is set to ru_RU.UTF-8, might allow user-assisted attackers to execute arbitrary code via crafted RPM packages. |
7.2 | 2006-07-18 | CVE-2006-3597 | passwd before 1:4.0.13 on Ubuntu 6.06 LTS leaves the root password blank instead of locking it when the administrator selects the "Go Back" option after the final "Installation complete" message and uses the main menu, which causes the password to be zeroed out in the installer's memory. |
7.2 | 2006-07-06 | CVE-2006-3378 | passwd command in shadow in Ubuntu 5.04 through 6.06 LTS, when called with the -f, -g, or -s flag, does not check the return code of a setuid call, which might allow local users to gain root privileges if setuid fails in cases such as PAM failures or resource limits. |
7.2 | 2006-03-13 | CVE-2006-1183 | The Ubuntu 5.10 installer does not properly clear passwords from the installer log file (questions.dat), and leaves the log file with world-readable permissions, which allows local users to gain privileges. |
7.2 | 2006-01-09 | CVE-2006-0151 | sudo 1.6.8 and other versions does not clear the PYTHONINSPECT environment variable, which allows limited local users to gain privileges via a Python script, a variant of CVE-2005-4158. |
5 | 2005-12-31 | CVE-2005-3626 | Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (crash) via a crafted FlateDecode stream that triggers a null dereference. |
10 | 2005-12-31 | CVE-2005-3625 | Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (infinite loop) via streams that end prematurely, as demonstrated using the (1) CCITTFaxDecode and (2) DCTDecode streams, aka "Infinite CPU spins." |
5 | 2005-12-31 | CVE-2005-3624 | The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others allows attackers to corrupt the heap via negative or large integers in a CCITTFaxDecode stream, which lead to integer overflows and integer underflows. |
4.6 | 2005-05-03 | CVE-2005-0106 | SSLeay.pm in libnet-ssleay-perl before 1.25 uses the /tmp/entropy file for entropy if a source is not set in the EGD_PATH variable, which allows local users to reduce the cryptographic strength of certain operations by modifying the file. |
3.7 | 2005-05-02 | CVE-2005-0988 | Race condition in gzip 1.2.4, 1.3.3, and earlier, when decompressing a gzipped file, allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by gzip after the decompression is complete. |
5 | 2005-05-02 | CVE-2005-0080 | The 55_options_traceback.dpatch patch for mailman 2.1.5 in Ubuntu 4.10 displays a different error message depending on whether the e-mail address is subscribed to a private list, which allows remote attackers to determine the list membership for a given e-mail address. |
2.1 | 2005-05-02 | CVE-2005-0077 | The DBI library (libdbi-perl) for Perl allows local users to overwrite arbitrary files via a symlink attack on a temporary PID file. |
7.5 | 2005-04-27 | CVE-2005-0206 | The patch for integer overflow vulnerabilities in Xpdf 2.0 and 3.0 (CVE-2004-0888) is incomplete for 64-bit architectures on certain Linux distributions such as Red Hat, which could leave Xpdf users exposed to the original vulnerabilities. |
7.5 | 2005-04-22 | CVE-2005-0754 | Kommander in KDE 3.2 through KDE 3.4.0 executes data files without confirmation from the user, which allows remote attackers to execute arbitrary code. |
6.2 | 2005-04-14 | CVE-2004-1235 | Race condition in the (1) load_elf_library and (2) binfmt_aout function calls for uselib in Linux kernel 2.4 through 2.429-rc2 and 2.6 through 2.6.10 allows local users to execute arbitrary code by manipulating the VMA descriptor. |
CWE : Common Weakness Enumeration
% | id | Name |
---|---|---|
27% (3) | CWE-399 | Resource Management Errors |
27% (3) | CWE-264 | Permissions, Privileges, and Access Controls |
18% (2) | CWE-189 | Numeric Errors |
9% (1) | CWE-287 | Improper Authentication |
9% (1) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
9% (1) | CWE-20 | Improper Input Validation |
CAPEC : Common Attack Pattern Enumeration & Classification
id | Name |
---|---|
CAPEC-15 | Command Delimiters |
CAPEC-47 | Buffer Overflow via Parameter Expansion |
Oval Markup Language : Definitions
OvalID | Name |
---|---|
oval:org.mitre.oval:def:10888 | cpio on FreeBSD 2.1.0, Debian GNU/Linux 3.0, and possibly other operating sys... |
oval:org.mitre.oval:def:10728 | Multiple race conditions in the terminal layer in Linux 2.4.x, and 2.6.x befo... |
oval:org.mitre.oval:def:8843 | Multiple heap-based buffer overflows in the imlib BMP image handler allow rem... |
oval:org.mitre.oval:def:11123 | Multiple buffer overflows in the ImageMagick graphics library 5.x before 5.4.... |
oval:org.mitre.oval:def:9969 | Buffer overflow in the QFILEPATHINFO request handler in Samba 3.0.x through 3... |
oval:org.mitre.oval:def:10330 | Multiple vulnerabilities in the samba filesystem (smbfs) in Linux kernel 2.4 ... |
oval:org.mitre.oval:def:9714 | Multiple integer overflows in xpdf 2.0 and 3.0, and other packages that use x... |
oval:org.mitre.oval:def:11790 | Buffer overflow in the MSN protocol handler for gaim 0.79 to 1.0.1 allows rem... |
oval:org.mitre.oval:def:10931 | The asn_parse_header function (asn1.c) in the SNMP module for Squid Web Proxy... |
oval:org.mitre.oval:def:10360 | The smb_recv_trans2 function call in the samba filesystem (smbfs) in Linux ke... |
oval:org.mitre.oval:def:10268 | The CGI module in Ruby 1.6 before 1.6.8, and 1.8 before 1.8.2, allows remote ... |
oval:org.mitre.oval:def:1173 | Multiple Buffer Overflows in libXML2 |
oval:org.mitre.oval:def:10505 | Multiple buffer overflows in libXML 2.6.12 and 2.6.13 (libxml2), and possibly... |
oval:org.mitre.oval:def:11816 | The scm_send function in the scm layer for Linux kernel 2.4.x up to 2.4.28, a... |
oval:org.mitre.oval:def:10511 | The deserialization code in PHP before 4.3.10 and PHP 5.x up to 5.0.2 allows ... |
oval:org.mitre.oval:def:9795 | Direct Rendering Manager (DRM) driver in Linux kernel 2.6 does not properly c... |
oval:org.mitre.oval:def:10427 | Race condition in Linux kernel 2.6 allows local users to read the environment... |
oval:org.mitre.oval:def:10877 | Buffer overflow in the exif_read_data function in PHP before 4.3.10 and PHP 5... |
oval:org.mitre.oval:def:11384 | A "missing serialization" error in the unix_dgram_recvmsg function in Linux 2... |
oval:org.mitre.oval:def:11144 | Multiple vulnerabilities in the IGMP functionality for Linux kernel 2.4.22 to... |
oval:org.mitre.oval:def:9567 | Race condition in the (1) load_elf_library and (2) binfmt_aout function calls... |
oval:org.mitre.oval:def:10552 | arch/x86_64/lib/copy_user.S in the Linux kernel before 2.6.19 on some AMD64 s... |
oval:org.mitre.oval:def:9747 | Hyper-Threading technology, as used in FreeBSD and other operating systems th... |
oval:org.mitre.oval:def:10803 | Buffer overflow in the PerlIO implementation in Perl 5.8.0, when installed wi... |
oval:org.mitre.oval:def:11107 | The patch for integer overflow vulnerabilities in Xpdf 2.0 and 3.0 (CVE-2004-... |
Open Source Vulnerability Database (OSVDB)
id | Description |
---|---|
66963 | Ubuntu base-files on Dell Latitude 2110 Unauthenticated Package Installation |
53654 | GNOME NetworkManager dbus Multiple Arbitrary Network Connection Manipulation |
53653 | GNOME NetworkManager nm-applet.conf dbus Request Handler GetSecrets Method Lo... |
45258 | enigmail Extension Encrypted File Attachment Handling DoS |
44330 | CUPS on Red Hat 64-bit pdftops Crafted PDF File Handling Overflow |
41687 | Multiple Vendor dhcpd options.c cons_options Function DHCP Request Remote Ove... |
40140 | TCP Wrappers on Linux libwrap daemon_or_port_match Block Bypass |
34918 | X.Org X11 libXfont bdfReadCharacters Function BDF Font Handling Overflow |
34917 | FreeType bdfReadCharacters Function BDF Font Handling Overflow |
31832 | GnuPG OpenPGP Packet Decryption Overflow |
31373 | Linux PowerPC kernel Alignment Check Exception Handling DoS |
31372 | Linux PowerPC kernel sys_get_robust_list/sys_set_robust_list DoS |
30209 | RPM Package Manager showQueryPackage Function Overflow |
27091 | Ubuntu Linux Alternate/Server CD Installer Empty root Password |
26995 | shadow setuid Failure Local Privilege Escalation |
23868 | Ubuntu Installer Log File Cleartext Password Disclosure |
22235 | Multiple Products Xpdf/kpdf Crafted FlateDecode Stream NULL Dereference DoS |
22234 | Multiple Products Xpdf/kpdf Crafted CCITTFaxDecode / DCTDecode Stream DoS |
22233 | Multiple Products Xpdf/kpdf Stream.cc CCITTFaxStream::CCITTFaxStream Function... |
20764 | Sudo PERL5OPT Environment Cleaning Multiple Variable Privilege Escalation |
16894 | Xpdf Integer Overflow Patch 64 Bit Architecture Failure |
16440 | Multiple Unix Vendor Hyper-Threading (HTT) Arbitrary Thread Process Informati... |
16253 | Perl Net::SSLeay Module Entropy Source Manipulation Weakness |
15761 | KDE Kommander Dialog Action Arbitrary Script Execution |
15487 | gzip Race Condition Arbitrary File Permission Modification |
ExploitDB Exploits
id | Description |
---|---|
4601 | Ubuntu 6.06 DHCPd bug Remote Denial of Service Exploit |
OpenVAS Exploits
id | Description |
---|---|
2011-08-09 | Name : CentOS Update for NetworkManager CESA-2009:0361 centos5 i386 File : nvt/gb_CESA-2009_0361_NetworkManager_centos5_i386.nasl |
2011-08-09 | Name : CentOS Update for NetworkManager CESA-2009:0362 centos4 i386 File : nvt/gb_CESA-2009_0362_NetworkManager_centos4_i386.nasl |
2010-08-06 | Name : Ubuntu Update for base-files vulnerability USN-968-1 File : nvt/gb_ubuntu_USN_968_1.nasl |
2010-05-12 | Name : Mac OS X Security Update 2009-001 File : nvt/macosx_secupd_2009-001.nasl |
2009-12-30 | Name : Debian Security Advisory DSA 1955-1 (network-manager/network-manager-applet) File : nvt/deb_1955_1.nasl |
2009-11-17 | Name : Mac OS X Version File : nvt/macosx_version.nasl |
2009-10-13 | Name : Solaris Update for in.dhcpd libresolv and BIND9 112837-20 File : nvt/gb_solaris_112837_20.nasl |
2009-10-13 | Name : Solaris Update for in.dhcpd libresolv and BIND9 114265-19 File : nvt/gb_solaris_114265_19.nasl |
2009-10-13 | Name : SLES10: Security update for knetworkmanager File : nvt/sles10_NetworkManager-.nasl |
2009-10-13 | Name : SLES10: Security update for NetworkManager-gnome File : nvt/sles10_NetworkManager-0.nasl |
2009-10-13 | Name : SLES10: Security update for NetworkManager File : nvt/sles10_NetworkManager.nasl |
2009-10-11 | Name : SLES11: Security update for NetworkManager File : nvt/sles11_NetworkManager.nasl |
2009-10-10 | Name : SLES9: Security update for perl-DBI File : nvt/sles9p5010763.nasl |
2009-10-10 | Name : SLES9: Security update for Linux kernel File : nvt/sles9p5010817.nasl |
2009-10-10 | Name : SLES9: Security update for Linux kernel File : nvt/sles9p5011171.nasl |
2009-10-10 | Name : SLES9: Security update for Linux kernel File : nvt/sles9p5012650.nasl |
2009-10-10 | Name : SLES9: Security update for ruby File : nvt/sles9p5013198.nasl |
2009-10-10 | Name : SLES9: Security update for freetype2 File : nvt/sles9p5013340.nasl |
2009-10-10 | Name : SLES9: Security update for Perl File : nvt/sles9p5013510.nasl |
2009-10-10 | Name : SLES9: Security update for imlib File : nvt/sles9p5014360.nasl |
2009-10-10 | Name : SLES9: Security update for Linux kernel core File : nvt/sles9p5014380.nasl |
2009-10-10 | Name : SLES9: Security update for CUPS File : nvt/sles9p5014529.nasl |
2009-10-10 | Name : SLES9: Security update for PHP4 File : nvt/sles9p5015816.nasl |
2009-10-10 | Name : SLES9: Security update for MySQL File : nvt/sles9p5015996.nasl |
2009-10-10 | Name : SLES9: Security update for libxml File : nvt/sles9p5016394.nasl |
Snort® IPS/IDS
Date | Description |
---|---|
2017-08-29 | Sun Solaris dhcpd malformed bootp denial of service attempt RuleID : 43752 - Type : SERVER-OTHER - Revision : 2 |
2014-01-10 | Microsoft MSN Messenger png overflow RuleID : 3130-community - Type : PUA-OTHER - Revision : 8 |
2014-01-10 | Microsoft MSN Messenger png overflow RuleID : 3130 - Type : PUA-OTHER - Revision : 8 |
2014-01-10 | login buffer overflow attempt RuleID : 1842-community - Type : PROTOCOL-IMAP - Revision : 34 |
2014-01-10 | login buffer overflow attempt RuleID : 1842 - Type : PROTOCOL-IMAP - Revision : 34 |
2014-01-10 | SMB client TRANS response ring0 remote code execution attempt RuleID : 16531 - Type : NETBIOS - Revision : 11 |
2014-01-10 | Squid ASN.1 header parsing denial of service attempt RuleID : 15989 - Type : SERVER-OTHER - Revision : 5 |
2014-01-10 | Samba unicode filename buffer overflow attempt RuleID : 15986 - Type : SERVER-SAMBA - Revision : 8 |
Nessus® Vulnerability Scanner
id | Description |
---|---|
2016-08-29 | Name: The remote SUSE host is missing one or more security updates. File: suse_SU-2016-1638-1.nasl - Type: ACT_GATHER_INFO |
2015-02-20 | Name: The remote openSUSE host is missing a security update. File: openSUSE-2015-163.nasl - Type: ACT_GATHER_INFO |
2015-01-19 | Name: The remote Solaris system is missing a security patch for third-party software. File: solaris11_perl-58_20131015.nasl - Type: ACT_GATHER_INFO |
2015-01-09 | Name: The remote Amazon Linux AMI host is missing a security update. File: ala_ALAS-2015-463.nasl - Type: ACT_GATHER_INFO |
2015-01-09 | Name: The remote Amazon Linux AMI host is missing a security update. File: ala_ALAS-2015-464.nasl - Type: ACT_GATHER_INFO |
2013-07-12 | Name: The remote Oracle Linux host is missing a security update. File: oraclelinux_ELSA-2006-0754.nasl - Type: ACT_GATHER_INFO |
2013-07-12 | Name: The remote Oracle Linux host is missing one or more security updates. File: oraclelinux_ELSA-2007-0125.nasl - Type: ACT_GATHER_INFO |
2013-07-12 | Name: The remote Oracle Linux host is missing one or more security updates. File: oraclelinux_ELSA-2007-0126.nasl - Type: ACT_GATHER_INFO |
2013-07-12 | Name: The remote Oracle Linux host is missing one or more security updates. File: oraclelinux_ELSA-2007-0132.nasl - Type: ACT_GATHER_INFO |
2013-07-12 | Name: The remote Oracle Linux host is missing one or more security updates. File: oraclelinux_ELSA-2007-0150.nasl - Type: ACT_GATHER_INFO |
2013-07-12 | Name: The remote Oracle Linux host is missing one or more security updates. File: oraclelinux_ELSA-2008-0206.nasl - Type: ACT_GATHER_INFO |
2013-07-12 | Name: The remote Oracle Linux host is missing one or more security updates. File: oraclelinux_ELSA-2009-0361.nasl - Type: ACT_GATHER_INFO |
2013-07-12 | Name: The remote Oracle Linux host is missing one or more security updates. File: oraclelinux_ELSA-2009-0362.nasl - Type: ACT_GATHER_INFO |
2013-04-20 | Name: The remote Mandriva Linux host is missing one or more security updates. File: mandriva_MDVSA-2013-086.nasl - Type: ACT_GATHER_INFO |
2012-09-24 | Name: The remote Fedora Core host is missing a security update. File: fedora_2005-345.nasl - Type: ACT_GATHER_INFO |
2012-09-24 | Name: The remote Fedora Core host is missing a security update. File: fedora_2006-010.nasl - Type: ACT_GATHER_INFO |
2012-09-24 | Name: The remote Fedora Core host is missing a security update. File: fedora_2006-011.nasl - Type: ACT_GATHER_INFO |
2012-09-06 | Name: The remote Mandrake Linux host is missing one or more security updates. File: mandrake_MDKSA-2005-041.nasl - Type: ACT_GATHER_INFO |
2012-09-06 | Name: The remote Mandrake Linux host is missing a security update. File: mandrake_MDKSA-2005-042.nasl - Type: ACT_GATHER_INFO |
2012-09-06 | Name: The remote Mandrake Linux host is missing a security update. File: mandrake_MDKSA-2005-043.nasl - Type: ACT_GATHER_INFO |
2012-09-06 | Name: The remote Mandrake Linux host is missing one or more security updates. File: mandrake_MDKSA-2005-044.nasl - Type: ACT_GATHER_INFO |
2012-09-06 | Name: The remote Mandrake Linux host is missing one or more security updates. File: mandrake_MDKSA-2005-056.nasl - Type: ACT_GATHER_INFO |
2012-08-01 | Name: The remote Scientific Linux host is missing one or more security updates. File: sl_20080401_cups_on_SL3_x.nasl - Type: ACT_GATHER_INFO |
2012-08-01 | Name: The remote Scientific Linux host is missing one or more security updates. File: sl_20090325_NetworkManager_on_SL4_x.nasl - Type: ACT_GATHER_INFO |
2012-05-17 | Name: The remote SuSE 10 host is missing a security-related patch. File: suse_kernel-debug-2393.nasl - Type: ACT_GATHER_INFO |