Search criteria
26 vulnerabilities found for security_linux by astaro
FKIE_CVE-2005-3985
Vulnerability from fkie_nvd - Published: 2005-12-04 22:03 - Updated: 2025-04-03 01:03
Severity ?
Summary
The Internet Key Exchange version 1 (IKEv1) implementation in Astaro Security Linux before 6.102 allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. NOTE: due to the lack of details in the advisory, it is unclear which of CVE-2005-3666, CVE-2005-3667, and/or CVE-2005-3668 this issue applies to.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| astaro | security_linux | 6.001 | |
| astaro | security_linux | 6.002 | |
| astaro | security_linux | 6.101 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:astaro:security_linux:6.001:*:*:*:*:*:*:*",
"matchCriteriaId": "290BEAF7-4B5C-43F0-B35B-46B34459822A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:astaro:security_linux:6.002:*:*:*:*:*:*:*",
"matchCriteriaId": "9B5DD50C-CB7A-4081-B5B8-F4BB013F51E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:astaro:security_linux:6.101:*:*:*:*:*:*:*",
"matchCriteriaId": "85B925F1-8770-4798-8B30-F846D468DC94",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Internet Key Exchange version 1 (IKEv1) implementation in Astaro Security Linux before 6.102 allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. NOTE: due to the lack of details in the advisory, it is unclear which of CVE-2005-3666, CVE-2005-3667, and/or CVE-2005-3668 this issue applies to."
}
],
"id": "CVE-2005-3985",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-12-04T22:03:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/17838"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.astaro.org/showflat.php?Cat=\u0026Number=63958\u0026page=0\u0026view=collapsed\u0026sb=5\u0026o=\u0026fpart=1#63958"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/15666"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2005/2678"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/17838"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.astaro.org/showflat.php?Cat=\u0026Number=63958\u0026page=0\u0026view=collapsed\u0026sb=5\u0026o=\u0026fpart=1#63958"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/15666"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2005/2678"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2005-3100
Vulnerability from fkie_nvd - Published: 2005-09-28 23:03 - Updated: 2025-04-03 01:03
Severity ?
Summary
Unspecified "PPTP Remote DoS Vulnerability" in Astaro Security Linux 4.027 allows attackers to cause a denial of service.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| astaro | security_linux | 4.027 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:astaro:security_linux:4.027:*:*:*:*:*:*:*",
"matchCriteriaId": "B1772367-33D8-4234-A321-F681550F9D97",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified \"PPTP Remote DoS Vulnerability\" in Astaro Security Linux 4.027 allows attackers to cause a denial of service."
}
],
"id": "CVE-2005-3100",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-09-28T23:03:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/16967"
},
{
"source": "cve@mitre.org",
"url": "http://www.astaro.org/showflat.php?Cat=\u0026Number=62289\u0026Main=62289"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/20971"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/14950"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/16967"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.astaro.org/showflat.php?Cat=\u0026Number=62289\u0026Main=62289"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/20971"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/14950"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2005-2731
Vulnerability from fkie_nvd - Published: 2005-08-30 11:45 - Updated: 2025-04-03 01:03
Severity ?
Summary
Directory traversal vulnerability in Astaro Security Linux 6.0, when using Webmin, allows remote authenticated webmin users to read arbitrary files via a .. (dot dot) in the wfe_download parameter to index.fpl.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| astaro | security_linux | 6.001 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:astaro:security_linux:6.001:*:*:*:*:*:*:*",
"matchCriteriaId": "290BEAF7-4B5C-43F0-B35B-46B34459822A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in Astaro Security Linux 6.0, when using Webmin, allows remote authenticated webmin users to read arbitrary files via a .. (dot dot) in the wfe_download parameter to index.fpl."
}
],
"id": "CVE-2005-2731",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-08-30T11:45:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=112501186602731\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=112501186602731\u0026w=2"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2005-2730
Vulnerability from fkie_nvd - Published: 2005-08-30 11:45 - Updated: 2025-04-03 01:03
Severity ?
Summary
The HTTP proxy in Astaro Security Linux 6.0 allows remote attackers to obtain sensitive information via an invalid request, which reveals a Proxy-authorization string in an error message.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| astaro | security_linux | 6.001 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:astaro:security_linux:6.001:*:*:*:*:*:*:*",
"matchCriteriaId": "290BEAF7-4B5C-43F0-B35B-46B34459822A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The HTTP proxy in Astaro Security Linux 6.0 allows remote attackers to obtain sensitive information via an invalid request, which reveals a Proxy-authorization string in an error message."
}
],
"id": "CVE-2005-2730",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-08-30T11:45:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=112501186602731\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22024"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=112501186602731\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22024"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2005-2729
Vulnerability from fkie_nvd - Published: 2005-08-30 11:45 - Updated: 2025-04-03 01:03
Severity ?
Summary
The HTTP proxy in Astaro Security Linux 6.0 does not properly filter HTTP CONNECT requests to localhost, which allows remote attackers to bypass firewall rules and connect to local services.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| astaro | security_linux | 6.001 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:astaro:security_linux:6.001:*:*:*:*:*:*:*",
"matchCriteriaId": "290BEAF7-4B5C-43F0-B35B-46B34459822A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The HTTP proxy in Astaro Security Linux 6.0 does not properly filter HTTP CONNECT requests to localhost, which allows remote attackers to bypass firewall rules and connect to local services."
}
],
"id": "CVE-2005-2729",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-08-30T11:45:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=112501186602731\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/16578/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/14665"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22021"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=112501186602731\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/16578/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/14665"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22021"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2004-2251
Vulnerability from fkie_nvd - Published: 2004-12-31 05:00 - Updated: 2025-04-03 01:03
Severity ?
Summary
The PPTP server in Astaro Security Linux before 4.024 provides information about its version, which makes it easier for remote attackers to construct specialized attacks.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| astaro | security_linux | 4.017 | |
| astaro | security_linux | 4.018 | |
| astaro | security_linux | 4.019 | |
| astaro | security_linux | 4.020 | |
| astaro | security_linux | 4.021 | |
| astaro | security_linux | 4.022 | |
| astaro | security_linux | 4.023 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:astaro:security_linux:4.017:*:*:*:*:*:*:*",
"matchCriteriaId": "7F3C0573-ED41-4B3A-A3DD-47D1FE7ECCAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:astaro:security_linux:4.018:*:*:*:*:*:*:*",
"matchCriteriaId": "3D36AB13-39FA-456F-8CE7-52B480A2B225",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:astaro:security_linux:4.019:*:*:*:*:*:*:*",
"matchCriteriaId": "A01E7E5C-0FA3-4B6C-A25E-4FA3182FC027",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:astaro:security_linux:4.020:*:*:*:*:*:*:*",
"matchCriteriaId": "763399B8-881F-4D03-8755-A2023DDBD939",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:astaro:security_linux:4.021:*:*:*:*:*:*:*",
"matchCriteriaId": "98CD6DC4-991D-4DB7-9592-3BE513B15D34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:astaro:security_linux:4.022:*:*:*:*:*:*:*",
"matchCriteriaId": "F6B9A21C-CBDE-4177-BE19-FF41D7491B61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:astaro:security_linux:4.023:*:*:*:*:*:*:*",
"matchCriteriaId": "E69910B1-565A-4A54-8A3B-0E3E903B981B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The PPTP server in Astaro Security Linux before 4.024 provides information about its version, which makes it easier for remote attackers to construct specialized attacks."
}
],
"id": "CVE-2004-2251",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/13089"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://securitytracker.com/id?1012065"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.astaro.org/showflat.php?Cat=\u0026Number=51459\u0026page=0\u0026view=collapsed\u0026sb=5\u0026o=\u0026fpart=1#51459"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/11406"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17959"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/13089"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://securitytracker.com/id?1012065"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.astaro.org/showflat.php?Cat=\u0026Number=51459\u0026page=0\u0026view=collapsed\u0026sb=5\u0026o=\u0026fpart=1#51459"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/11406"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17959"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2002-1737
Vulnerability from fkie_nvd - Published: 2002-12-31 05:00 - Updated: 2025-04-03 01:03
Severity ?
Summary
Astaro Security Linux 2.016 creates world-writable files and directories, which allows local users to overwrite arbitrary files.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| astaro | security_linux | 2.01 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:astaro:security_linux:2.01:*:*:*:*:*:*:*",
"matchCriteriaId": "E4C23F03-AF17-43B6-B93C-0ACFE6A87990",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Astaro Security Linux 2.016 creates world-writable files and directories, which allows local users to overwrite arbitrary files."
}
],
"id": "CVE-2002-1737",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://online.securityfocus.com/archive/1/256124"
},
{
"source": "cve@mitre.org",
"url": "http://online.securityfocus.com/archive/1/256127"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/4103"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8190"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://online.securityfocus.com/archive/1/256124"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://online.securityfocus.com/archive/1/256127"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/4103"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8190"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2002-0029
Vulnerability from fkie_nvd - Published: 2002-11-29 05:00 - Updated: 2025-04-03 01:03
Severity ?
Summary
Buffer overflows in the DNS stub resolver library in ISC BIND 4.9.2 through 4.9.10, and other derived libraries such as BSD libc and GNU glibc, allow remote attackers to execute arbitrary code via DNS server responses that trigger the overflow in the (1) getnetbyname, or (2) getnetbyaddr functions, aka "LIBRESOLV: buffer overrun" and a different vulnerability than CVE-2002-0684.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| isc | bind | 4.9.2 | |
| isc | bind | 4.9.3 | |
| isc | bind | 4.9.4 | |
| isc | bind | 4.9.5 | |
| isc | bind | 4.9.6 | |
| isc | bind | 4.9.7 | |
| isc | bind | 4.9.8 | |
| isc | bind | 4.9.9 | |
| isc | bind | 4.9.10 | |
| astaro | security_linux | 2.0.23 | |
| astaro | security_linux | 2.0.24 | |
| astaro | security_linux | 2.0.25 | |
| astaro | security_linux | 2.0.26 | |
| astaro | security_linux | 2.0.27 | |
| astaro | security_linux | 2.0.30 | |
| astaro | security_linux | 3.2.0 | |
| astaro | security_linux | 3.2.10 | |
| astaro | security_linux | 3.2.11 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:isc:bind:4.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6E820DA7-FF69-48AD-B031-3C583EFE3679",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:bind:4.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "94C41E69-3034-4E30-A99E-A2C3EE9AE337",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:bind:4.9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "262EFABD-8349-4C34-8653-39767923C2DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:bind:4.9.5:*:*:*:*:*:*:*",
"matchCriteriaId": "AB7F1274-7E0E-40C8-8006-ACFDBE757D35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:bind:4.9.6:*:*:*:*:*:*:*",
"matchCriteriaId": "8257C916-6F4D-4B7E-8EED-B2789B3B35AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:bind:4.9.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B959A2AB-703C-4354-8E23-809D2D13EC06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:bind:4.9.8:*:*:*:*:*:*:*",
"matchCriteriaId": "0064E411-C26F-4831-B7C4-63E2E1EF98DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:bind:4.9.9:*:*:*:*:*:*:*",
"matchCriteriaId": "982BB8D9-F396-4D99-A130-A2D8A5E61E3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:bind:4.9.10:*:*:*:*:*:*:*",
"matchCriteriaId": "9CEBE5DC-7D81-404C-929A-B92951AADA14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:astaro:security_linux:2.0.23:*:*:*:*:*:*:*",
"matchCriteriaId": "BDC424CD-9B05-4643-9D05-A1ACC9B5E788",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:astaro:security_linux:2.0.24:*:*:*:*:*:*:*",
"matchCriteriaId": "929C2102-C9DE-448D-B367-7FD90A238BC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:astaro:security_linux:2.0.25:*:*:*:*:*:*:*",
"matchCriteriaId": "17D74044-DBBB-41CE-BA23-91F81FCB3050",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:astaro:security_linux:2.0.26:*:*:*:*:*:*:*",
"matchCriteriaId": "DDABBB48-8C12-49FC-ADCF-2BF1907A2439",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:astaro:security_linux:2.0.27:*:*:*:*:*:*:*",
"matchCriteriaId": "556BD271-D766-4D36-BB9E-AE7345023D76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:astaro:security_linux:2.0.30:*:*:*:*:*:*:*",
"matchCriteriaId": "267E0669-8D08-4874-B98C-49B6CF018C71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:astaro:security_linux:3.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5F20757E-285F-46D1-B7B6-C0C90F0E3758",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:astaro:security_linux:3.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "526601CE-5AE1-4AD4-896E-817A377F28C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:astaro:security_linux:3.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "270D4B66-C834-4C9C-B7C3-FC8BE9128B2F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflows in the DNS stub resolver library in ISC BIND 4.9.2 through 4.9.10, and other derived libraries such as BSD libc and GNU glibc, allow remote attackers to execute arbitrary code via DNS server responses that trigger the overflow in the (1) getnetbyname, or (2) getnetbyaddr functions, aka \"LIBRESOLV: buffer overrun\" and a different vulnerability than CVE-2002-0684."
},
{
"lang": "es",
"value": "Desbordamientos de b\u00fafer en la libreria de resoluci\u00f3n de ra\u00edz DNS en ISC BIND 4.9.2 a 4.9.10, y otras librer\u00edas derivadas como BSD libc y GNU libc, permite a atacantes remotos ejecutar c\u00f3digo arbitrario mediante respuestas de servidor DNS que disparan el desbordamiento en las funciones getnetbyname() y getnetbyaddr(). Tambi\u00e9n conocidad como \"LIBRESOLV:desbordamiento de b\u00fafer. Es una vulnerabilidad distinta de CAN-2002-0684."
}
],
"id": "CVE-2002-0029",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-11-29T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-028.txt.asc"
},
{
"source": "cve@mitre.org",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20021201-01-P"
},
{
"source": "cve@mitre.org",
"url": "http://lists.apple.com/archives/Security-announce/2002/Nov/msg00000.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.cert.org/advisories/CA-2002-31.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.isc.org/products/BIND/bind-security.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.iss.net/security_center/static/10624.php"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/844360"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/6186"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-028.txt.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20021201-01-P"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/Security-announce/2002/Nov/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.cert.org/advisories/CA-2002-31.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.isc.org/products/BIND/bind-security.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.iss.net/security_center/static/10624.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/844360"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/6186"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2005-3985 (GCVE-0-2005-3985)
Vulnerability from cvelistv5 – Published: 2005-12-04 22:00 – Updated: 2024-08-07 23:31
VLAI?
Summary
The Internet Key Exchange version 1 (IKEv1) implementation in Astaro Security Linux before 6.102 allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. NOTE: due to the lack of details in the advisory, it is unclear which of CVE-2005-3666, CVE-2005-3667, and/or CVE-2005-3668 this issue applies to.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:31:48.965Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.astaro.org/showflat.php?Cat=\u0026Number=63958\u0026page=0\u0026view=collapsed\u0026sb=5\u0026o=\u0026fpart=1#63958"
},
{
"name": "17838",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17838"
},
{
"name": "ADV-2005-2678",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/2678"
},
{
"name": "15666",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15666"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-12-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Internet Key Exchange version 1 (IKEv1) implementation in Astaro Security Linux before 6.102 allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. NOTE: due to the lack of details in the advisory, it is unclear which of CVE-2005-3666, CVE-2005-3667, and/or CVE-2005-3668 this issue applies to."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-02-26T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.astaro.org/showflat.php?Cat=\u0026Number=63958\u0026page=0\u0026view=collapsed\u0026sb=5\u0026o=\u0026fpart=1#63958"
},
{
"name": "17838",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17838"
},
{
"name": "ADV-2005-2678",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/2678"
},
{
"name": "15666",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15666"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3985",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Internet Key Exchange version 1 (IKEv1) implementation in Astaro Security Linux before 6.102 allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. NOTE: due to the lack of details in the advisory, it is unclear which of CVE-2005-3666, CVE-2005-3667, and/or CVE-2005-3668 this issue applies to."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.astaro.org/showflat.php?Cat=\u0026Number=63958\u0026page=0\u0026view=collapsed\u0026sb=5\u0026o=\u0026fpart=1#63958",
"refsource": "CONFIRM",
"url": "http://www.astaro.org/showflat.php?Cat=\u0026Number=63958\u0026page=0\u0026view=collapsed\u0026sb=5\u0026o=\u0026fpart=1#63958"
},
{
"name": "17838",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17838"
},
{
"name": "ADV-2005-2678",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2678"
},
{
"name": "15666",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15666"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3985",
"datePublished": "2005-12-04T22:00:00",
"dateReserved": "2005-12-04T00:00:00",
"dateUpdated": "2024-08-07T23:31:48.965Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-3100 (GCVE-0-2005-3100)
Vulnerability from cvelistv5 – Published: 2005-09-28 04:00 – Updated: 2024-08-07 23:01
VLAI?
Summary
Unspecified "PPTP Remote DoS Vulnerability" in Astaro Security Linux 4.027 allows attackers to cause a denial of service.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:01:57.959Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "14950",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/14950"
},
{
"name": "20971",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/20971"
},
{
"name": "16967",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/16967"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.astaro.org/showflat.php?Cat=\u0026Number=62289\u0026Main=62289"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-09-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified \"PPTP Remote DoS Vulnerability\" in Astaro Security Linux 4.027 allows attackers to cause a denial of service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2006-04-04T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "14950",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/14950"
},
{
"name": "20971",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/20971"
},
{
"name": "16967",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/16967"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.astaro.org/showflat.php?Cat=\u0026Number=62289\u0026Main=62289"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3100",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified \"PPTP Remote DoS Vulnerability\" in Astaro Security Linux 4.027 allows attackers to cause a denial of service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "14950",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/14950"
},
{
"name": "20971",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/20971"
},
{
"name": "16967",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16967"
},
{
"name": "http://www.astaro.org/showflat.php?Cat=\u0026Number=62289\u0026Main=62289",
"refsource": "CONFIRM",
"url": "http://www.astaro.org/showflat.php?Cat=\u0026Number=62289\u0026Main=62289"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3100",
"datePublished": "2005-09-28T04:00:00",
"dateReserved": "2005-09-28T00:00:00",
"dateUpdated": "2024-08-07T23:01:57.959Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-2730 (GCVE-0-2005-2730)
Vulnerability from cvelistv5 – Published: 2005-08-29 04:00 – Updated: 2024-08-07 22:45
VLAI?
Summary
The HTTP proxy in Astaro Security Linux 6.0 allows remote attackers to obtain sensitive information via an invalid request, which reveals a Proxy-authorization string in an error message.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:45:02.073Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20050825 Astaro Security Linux 6.0 - HTTP CONNECT Access Localhost Weakness",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112501186602731\u0026w=2"
},
{
"name": "astaro-proxy-information-disclosure(22024)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22024"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-08-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The HTTP proxy in Astaro Security Linux 6.0 allows remote attackers to obtain sensitive information via an invalid request, which reveals a Proxy-authorization string in an error message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20050825 Astaro Security Linux 6.0 - HTTP CONNECT Access Localhost Weakness",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112501186602731\u0026w=2"
},
{
"name": "astaro-proxy-information-disclosure(22024)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22024"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-2730",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The HTTP proxy in Astaro Security Linux 6.0 allows remote attackers to obtain sensitive information via an invalid request, which reveals a Proxy-authorization string in an error message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20050825 Astaro Security Linux 6.0 - HTTP CONNECT Access Localhost Weakness",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=112501186602731\u0026w=2"
},
{
"name": "astaro-proxy-information-disclosure(22024)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22024"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-2730",
"datePublished": "2005-08-29T04:00:00",
"dateReserved": "2005-08-29T00:00:00",
"dateUpdated": "2024-08-07T22:45:02.073Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-2731 (GCVE-0-2005-2731)
Vulnerability from cvelistv5 – Published: 2005-08-29 04:00 – Updated: 2024-08-07 22:45
VLAI?
Summary
Directory traversal vulnerability in Astaro Security Linux 6.0, when using Webmin, allows remote authenticated webmin users to read arbitrary files via a .. (dot dot) in the wfe_download parameter to index.fpl.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:45:02.040Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20050825 Astaro Security Linux 6.0 - HTTP CONNECT Access Localhost Weakness",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112501186602731\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-08-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in Astaro Security Linux 6.0, when using Webmin, allows remote authenticated webmin users to read arbitrary files via a .. (dot dot) in the wfe_download parameter to index.fpl."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20050825 Astaro Security Linux 6.0 - HTTP CONNECT Access Localhost Weakness",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112501186602731\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-2731",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in Astaro Security Linux 6.0, when using Webmin, allows remote authenticated webmin users to read arbitrary files via a .. (dot dot) in the wfe_download parameter to index.fpl."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20050825 Astaro Security Linux 6.0 - HTTP CONNECT Access Localhost Weakness",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=112501186602731\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-2731",
"datePublished": "2005-08-29T04:00:00",
"dateReserved": "2005-08-29T00:00:00",
"dateUpdated": "2024-08-07T22:45:02.040Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-2729 (GCVE-0-2005-2729)
Vulnerability from cvelistv5 – Published: 2005-08-29 04:00 – Updated: 2024-08-07 22:45
VLAI?
Summary
The HTTP proxy in Astaro Security Linux 6.0 does not properly filter HTTP CONNECT requests to localhost, which allows remote attackers to bypass firewall rules and connect to local services.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:45:02.072Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "16578",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/16578/"
},
{
"name": "20050825 Astaro Security Linux 6.0 - HTTP CONNECT Access Localhost Weakness",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112501186602731\u0026w=2"
},
{
"name": "14665",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/14665"
},
{
"name": "astaro-http-proxy-tcp-connect(22021)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22021"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-08-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The HTTP proxy in Astaro Security Linux 6.0 does not properly filter HTTP CONNECT requests to localhost, which allows remote attackers to bypass firewall rules and connect to local services."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "16578",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/16578/"
},
{
"name": "20050825 Astaro Security Linux 6.0 - HTTP CONNECT Access Localhost Weakness",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112501186602731\u0026w=2"
},
{
"name": "14665",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/14665"
},
{
"name": "astaro-http-proxy-tcp-connect(22021)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22021"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-2729",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The HTTP proxy in Astaro Security Linux 6.0 does not properly filter HTTP CONNECT requests to localhost, which allows remote attackers to bypass firewall rules and connect to local services."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "16578",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16578/"
},
{
"name": "20050825 Astaro Security Linux 6.0 - HTTP CONNECT Access Localhost Weakness",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=112501186602731\u0026w=2"
},
{
"name": "14665",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/14665"
},
{
"name": "astaro-http-proxy-tcp-connect(22021)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22021"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-2729",
"datePublished": "2005-08-29T04:00:00",
"dateReserved": "2005-08-29T00:00:00",
"dateUpdated": "2024-08-07T22:45:02.072Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-2252 (GCVE-0-2004-2252)
Vulnerability from cvelistv5 – Published: 2005-07-17 04:00 – Updated: 2024-08-08 01:22
VLAI?
Summary
The firewall in Astaro Security Linux before 4.024 sends responses to SYN-FIN packets, which makes it easier for remote attackers to obtain information about the system and construct specialized attacks.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:22:13.678Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "astaro-firewall-info-disclosure(17960)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17960"
},
{
"name": "11407",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/11407"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.astaro.org/showflat.php?Cat=\u0026Number=51459\u0026page=0\u0026view=collapsed\u0026sb=5\u0026o=\u0026fpart=1#51459"
},
{
"name": "13089",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/13089"
},
{
"name": "1012065",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1012065"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-11-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The firewall in Astaro Security Linux before 4.024 sends responses to SYN-FIN packets, which makes it easier for remote attackers to obtain information about the system and construct specialized attacks."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "astaro-firewall-info-disclosure(17960)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17960"
},
{
"name": "11407",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/11407"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.astaro.org/showflat.php?Cat=\u0026Number=51459\u0026page=0\u0026view=collapsed\u0026sb=5\u0026o=\u0026fpart=1#51459"
},
{
"name": "13089",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/13089"
},
{
"name": "1012065",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1012065"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2252",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The firewall in Astaro Security Linux before 4.024 sends responses to SYN-FIN packets, which makes it easier for remote attackers to obtain information about the system and construct specialized attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "astaro-firewall-info-disclosure(17960)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17960"
},
{
"name": "11407",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/11407"
},
{
"name": "http://www.astaro.org/showflat.php?Cat=\u0026Number=51459\u0026page=0\u0026view=collapsed\u0026sb=5\u0026o=\u0026fpart=1#51459",
"refsource": "CONFIRM",
"url": "http://www.astaro.org/showflat.php?Cat=\u0026Number=51459\u0026page=0\u0026view=collapsed\u0026sb=5\u0026o=\u0026fpart=1#51459"
},
{
"name": "13089",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/13089"
},
{
"name": "1012065",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1012065"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-2252",
"datePublished": "2005-07-17T04:00:00",
"dateReserved": "2005-07-17T00:00:00",
"dateUpdated": "2024-08-08T01:22:13.678Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-2251 (GCVE-0-2004-2251)
Vulnerability from cvelistv5 – Published: 2005-07-17 04:00 – Updated: 2024-08-08 01:22
VLAI?
Summary
The PPTP server in Astaro Security Linux before 4.024 provides information about its version, which makes it easier for remote attackers to construct specialized attacks.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:22:13.229Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "11406",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/11406"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.astaro.org/showflat.php?Cat=\u0026Number=51459\u0026page=0\u0026view=collapsed\u0026sb=5\u0026o=\u0026fpart=1#51459"
},
{
"name": "astaro-pptp-info-disclosure(17959)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17959"
},
{
"name": "13089",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/13089"
},
{
"name": "1012065",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1012065"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-11-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The PPTP server in Astaro Security Linux before 4.024 provides information about its version, which makes it easier for remote attackers to construct specialized attacks."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "11406",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/11406"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.astaro.org/showflat.php?Cat=\u0026Number=51459\u0026page=0\u0026view=collapsed\u0026sb=5\u0026o=\u0026fpart=1#51459"
},
{
"name": "astaro-pptp-info-disclosure(17959)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17959"
},
{
"name": "13089",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/13089"
},
{
"name": "1012065",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1012065"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2251",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The PPTP server in Astaro Security Linux before 4.024 provides information about its version, which makes it easier for remote attackers to construct specialized attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "11406",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/11406"
},
{
"name": "http://www.astaro.org/showflat.php?Cat=\u0026Number=51459\u0026page=0\u0026view=collapsed\u0026sb=5\u0026o=\u0026fpart=1#51459",
"refsource": "CONFIRM",
"url": "http://www.astaro.org/showflat.php?Cat=\u0026Number=51459\u0026page=0\u0026view=collapsed\u0026sb=5\u0026o=\u0026fpart=1#51459"
},
{
"name": "astaro-pptp-info-disclosure(17959)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17959"
},
{
"name": "13089",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/13089"
},
{
"name": "1012065",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1012065"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-2251",
"datePublished": "2005-07-17T04:00:00",
"dateReserved": "2005-07-17T00:00:00",
"dateUpdated": "2024-08-08T01:22:13.229Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2002-1737 (GCVE-0-2002-1737)
Vulnerability from cvelistv5 – Published: 2005-06-21 04:00 – Updated: 2024-08-08 03:34
VLAI?
Summary
Astaro Security Linux 2.016 creates world-writable files and directories, which allows local users to overwrite arbitrary files.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:34:56.062Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20020212 Astaro Security Linux Improper File Permissions Flaw",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://online.securityfocus.com/archive/1/256124"
},
{
"name": "4103",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/4103"
},
{
"name": "20020212 RE: Astaro Security Linux Improper File Permissions Flaw",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://online.securityfocus.com/archive/1/256127"
},
{
"name": "astaro-insecure-file-permissions(8190)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8190"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-02-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Astaro Security Linux 2.016 creates world-writable files and directories, which allows local users to overwrite arbitrary files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20020212 Astaro Security Linux Improper File Permissions Flaw",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://online.securityfocus.com/archive/1/256124"
},
{
"name": "4103",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/4103"
},
{
"name": "20020212 RE: Astaro Security Linux Improper File Permissions Flaw",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://online.securityfocus.com/archive/1/256127"
},
{
"name": "astaro-insecure-file-permissions(8190)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8190"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1737",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Astaro Security Linux 2.016 creates world-writable files and directories, which allows local users to overwrite arbitrary files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20020212 Astaro Security Linux Improper File Permissions Flaw",
"refsource": "BUGTRAQ",
"url": "http://online.securityfocus.com/archive/1/256124"
},
{
"name": "4103",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4103"
},
{
"name": "20020212 RE: Astaro Security Linux Improper File Permissions Flaw",
"refsource": "BUGTRAQ",
"url": "http://online.securityfocus.com/archive/1/256127"
},
{
"name": "astaro-insecure-file-permissions(8190)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8190"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-1737",
"datePublished": "2005-06-21T04:00:00",
"dateReserved": "2005-06-21T00:00:00",
"dateUpdated": "2024-08-08T03:34:56.062Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2002-0029 (GCVE-0-2002-0029)
Vulnerability from cvelistv5 – Published: 2002-11-21 05:00 – Updated: 2024-08-08 02:35
VLAI?
Summary
Buffer overflows in the DNS stub resolver library in ISC BIND 4.9.2 through 4.9.10, and other derived libraries such as BSD libc and GNU glibc, allow remote attackers to execute arbitrary code via DNS server responses that trigger the overflow in the (1) getnetbyname, or (2) getnetbyaddr functions, aka "LIBRESOLV: buffer overrun" and a different vulnerability than CVE-2002-0684.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:35:17.387Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "bind-dns-libresolv-bo(10624)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/10624.php"
},
{
"name": "NetBSD-SA2002-028",
"tags": [
"vendor-advisory",
"x_refsource_NETBSD",
"x_transferred"
],
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-028.txt.asc"
},
{
"name": "CA-2002-31",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.cert.org/advisories/CA-2002-31.html"
},
{
"name": "6186",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/6186"
},
{
"name": "VU#844360",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/844360"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.isc.org/products/BIND/bind-security.html"
},
{
"name": "2002-11-21",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/Security-announce/2002/Nov/msg00000.html"
},
{
"name": "20021201-01-P",
"tags": [
"vendor-advisory",
"x_refsource_SGI",
"x_transferred"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20021201-01-P"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-11-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflows in the DNS stub resolver library in ISC BIND 4.9.2 through 4.9.10, and other derived libraries such as BSD libc and GNU glibc, allow remote attackers to execute arbitrary code via DNS server responses that trigger the overflow in the (1) getnetbyname, or (2) getnetbyaddr functions, aka \"LIBRESOLV: buffer overrun\" and a different vulnerability than CVE-2002-0684."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2003-02-26T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "bind-dns-libresolv-bo(10624)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/10624.php"
},
{
"name": "NetBSD-SA2002-028",
"tags": [
"vendor-advisory",
"x_refsource_NETBSD"
],
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-028.txt.asc"
},
{
"name": "CA-2002-31",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.cert.org/advisories/CA-2002-31.html"
},
{
"name": "6186",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/6186"
},
{
"name": "VU#844360",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/844360"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.isc.org/products/BIND/bind-security.html"
},
{
"name": "2002-11-21",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/Security-announce/2002/Nov/msg00000.html"
},
{
"name": "20021201-01-P",
"tags": [
"vendor-advisory",
"x_refsource_SGI"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20021201-01-P"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0029",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflows in the DNS stub resolver library in ISC BIND 4.9.2 through 4.9.10, and other derived libraries such as BSD libc and GNU glibc, allow remote attackers to execute arbitrary code via DNS server responses that trigger the overflow in the (1) getnetbyname, or (2) getnetbyaddr functions, aka \"LIBRESOLV: buffer overrun\" and a different vulnerability than CVE-2002-0684."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "bind-dns-libresolv-bo(10624)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/10624.php"
},
{
"name": "NetBSD-SA2002-028",
"refsource": "NETBSD",
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-028.txt.asc"
},
{
"name": "CA-2002-31",
"refsource": "CERT",
"url": "http://www.cert.org/advisories/CA-2002-31.html"
},
{
"name": "6186",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6186"
},
{
"name": "VU#844360",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/844360"
},
{
"name": "http://www.isc.org/products/BIND/bind-security.html",
"refsource": "CONFIRM",
"url": "http://www.isc.org/products/BIND/bind-security.html"
},
{
"name": "2002-11-21",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/Security-announce/2002/Nov/msg00000.html"
},
{
"name": "20021201-01-P",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20021201-01-P"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-0029",
"datePublished": "2002-11-21T05:00:00",
"dateReserved": "2002-01-16T00:00:00",
"dateUpdated": "2024-08-08T02:35:17.387Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-3985 (GCVE-0-2005-3985)
Vulnerability from nvd – Published: 2005-12-04 22:00 – Updated: 2024-08-07 23:31
VLAI?
Summary
The Internet Key Exchange version 1 (IKEv1) implementation in Astaro Security Linux before 6.102 allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. NOTE: due to the lack of details in the advisory, it is unclear which of CVE-2005-3666, CVE-2005-3667, and/or CVE-2005-3668 this issue applies to.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:31:48.965Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.astaro.org/showflat.php?Cat=\u0026Number=63958\u0026page=0\u0026view=collapsed\u0026sb=5\u0026o=\u0026fpart=1#63958"
},
{
"name": "17838",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17838"
},
{
"name": "ADV-2005-2678",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/2678"
},
{
"name": "15666",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15666"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-12-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Internet Key Exchange version 1 (IKEv1) implementation in Astaro Security Linux before 6.102 allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. NOTE: due to the lack of details in the advisory, it is unclear which of CVE-2005-3666, CVE-2005-3667, and/or CVE-2005-3668 this issue applies to."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-02-26T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.astaro.org/showflat.php?Cat=\u0026Number=63958\u0026page=0\u0026view=collapsed\u0026sb=5\u0026o=\u0026fpart=1#63958"
},
{
"name": "17838",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17838"
},
{
"name": "ADV-2005-2678",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/2678"
},
{
"name": "15666",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15666"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3985",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Internet Key Exchange version 1 (IKEv1) implementation in Astaro Security Linux before 6.102 allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. NOTE: due to the lack of details in the advisory, it is unclear which of CVE-2005-3666, CVE-2005-3667, and/or CVE-2005-3668 this issue applies to."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.astaro.org/showflat.php?Cat=\u0026Number=63958\u0026page=0\u0026view=collapsed\u0026sb=5\u0026o=\u0026fpart=1#63958",
"refsource": "CONFIRM",
"url": "http://www.astaro.org/showflat.php?Cat=\u0026Number=63958\u0026page=0\u0026view=collapsed\u0026sb=5\u0026o=\u0026fpart=1#63958"
},
{
"name": "17838",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17838"
},
{
"name": "ADV-2005-2678",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2678"
},
{
"name": "15666",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15666"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3985",
"datePublished": "2005-12-04T22:00:00",
"dateReserved": "2005-12-04T00:00:00",
"dateUpdated": "2024-08-07T23:31:48.965Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-3100 (GCVE-0-2005-3100)
Vulnerability from nvd – Published: 2005-09-28 04:00 – Updated: 2024-08-07 23:01
VLAI?
Summary
Unspecified "PPTP Remote DoS Vulnerability" in Astaro Security Linux 4.027 allows attackers to cause a denial of service.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:01:57.959Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "14950",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/14950"
},
{
"name": "20971",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/20971"
},
{
"name": "16967",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/16967"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.astaro.org/showflat.php?Cat=\u0026Number=62289\u0026Main=62289"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-09-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified \"PPTP Remote DoS Vulnerability\" in Astaro Security Linux 4.027 allows attackers to cause a denial of service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2006-04-04T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "14950",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/14950"
},
{
"name": "20971",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/20971"
},
{
"name": "16967",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/16967"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.astaro.org/showflat.php?Cat=\u0026Number=62289\u0026Main=62289"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3100",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified \"PPTP Remote DoS Vulnerability\" in Astaro Security Linux 4.027 allows attackers to cause a denial of service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "14950",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/14950"
},
{
"name": "20971",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/20971"
},
{
"name": "16967",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16967"
},
{
"name": "http://www.astaro.org/showflat.php?Cat=\u0026Number=62289\u0026Main=62289",
"refsource": "CONFIRM",
"url": "http://www.astaro.org/showflat.php?Cat=\u0026Number=62289\u0026Main=62289"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3100",
"datePublished": "2005-09-28T04:00:00",
"dateReserved": "2005-09-28T00:00:00",
"dateUpdated": "2024-08-07T23:01:57.959Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-2730 (GCVE-0-2005-2730)
Vulnerability from nvd – Published: 2005-08-29 04:00 – Updated: 2024-08-07 22:45
VLAI?
Summary
The HTTP proxy in Astaro Security Linux 6.0 allows remote attackers to obtain sensitive information via an invalid request, which reveals a Proxy-authorization string in an error message.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:45:02.073Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20050825 Astaro Security Linux 6.0 - HTTP CONNECT Access Localhost Weakness",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112501186602731\u0026w=2"
},
{
"name": "astaro-proxy-information-disclosure(22024)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22024"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-08-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The HTTP proxy in Astaro Security Linux 6.0 allows remote attackers to obtain sensitive information via an invalid request, which reveals a Proxy-authorization string in an error message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20050825 Astaro Security Linux 6.0 - HTTP CONNECT Access Localhost Weakness",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112501186602731\u0026w=2"
},
{
"name": "astaro-proxy-information-disclosure(22024)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22024"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-2730",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The HTTP proxy in Astaro Security Linux 6.0 allows remote attackers to obtain sensitive information via an invalid request, which reveals a Proxy-authorization string in an error message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20050825 Astaro Security Linux 6.0 - HTTP CONNECT Access Localhost Weakness",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=112501186602731\u0026w=2"
},
{
"name": "astaro-proxy-information-disclosure(22024)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22024"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-2730",
"datePublished": "2005-08-29T04:00:00",
"dateReserved": "2005-08-29T00:00:00",
"dateUpdated": "2024-08-07T22:45:02.073Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-2731 (GCVE-0-2005-2731)
Vulnerability from nvd – Published: 2005-08-29 04:00 – Updated: 2024-08-07 22:45
VLAI?
Summary
Directory traversal vulnerability in Astaro Security Linux 6.0, when using Webmin, allows remote authenticated webmin users to read arbitrary files via a .. (dot dot) in the wfe_download parameter to index.fpl.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:45:02.040Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20050825 Astaro Security Linux 6.0 - HTTP CONNECT Access Localhost Weakness",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112501186602731\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-08-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in Astaro Security Linux 6.0, when using Webmin, allows remote authenticated webmin users to read arbitrary files via a .. (dot dot) in the wfe_download parameter to index.fpl."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20050825 Astaro Security Linux 6.0 - HTTP CONNECT Access Localhost Weakness",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112501186602731\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-2731",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in Astaro Security Linux 6.0, when using Webmin, allows remote authenticated webmin users to read arbitrary files via a .. (dot dot) in the wfe_download parameter to index.fpl."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20050825 Astaro Security Linux 6.0 - HTTP CONNECT Access Localhost Weakness",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=112501186602731\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-2731",
"datePublished": "2005-08-29T04:00:00",
"dateReserved": "2005-08-29T00:00:00",
"dateUpdated": "2024-08-07T22:45:02.040Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-2729 (GCVE-0-2005-2729)
Vulnerability from nvd – Published: 2005-08-29 04:00 – Updated: 2024-08-07 22:45
VLAI?
Summary
The HTTP proxy in Astaro Security Linux 6.0 does not properly filter HTTP CONNECT requests to localhost, which allows remote attackers to bypass firewall rules and connect to local services.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:45:02.072Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "16578",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/16578/"
},
{
"name": "20050825 Astaro Security Linux 6.0 - HTTP CONNECT Access Localhost Weakness",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112501186602731\u0026w=2"
},
{
"name": "14665",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/14665"
},
{
"name": "astaro-http-proxy-tcp-connect(22021)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22021"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-08-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The HTTP proxy in Astaro Security Linux 6.0 does not properly filter HTTP CONNECT requests to localhost, which allows remote attackers to bypass firewall rules and connect to local services."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "16578",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/16578/"
},
{
"name": "20050825 Astaro Security Linux 6.0 - HTTP CONNECT Access Localhost Weakness",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112501186602731\u0026w=2"
},
{
"name": "14665",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/14665"
},
{
"name": "astaro-http-proxy-tcp-connect(22021)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22021"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-2729",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The HTTP proxy in Astaro Security Linux 6.0 does not properly filter HTTP CONNECT requests to localhost, which allows remote attackers to bypass firewall rules and connect to local services."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "16578",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16578/"
},
{
"name": "20050825 Astaro Security Linux 6.0 - HTTP CONNECT Access Localhost Weakness",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=112501186602731\u0026w=2"
},
{
"name": "14665",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/14665"
},
{
"name": "astaro-http-proxy-tcp-connect(22021)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22021"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-2729",
"datePublished": "2005-08-29T04:00:00",
"dateReserved": "2005-08-29T00:00:00",
"dateUpdated": "2024-08-07T22:45:02.072Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-2252 (GCVE-0-2004-2252)
Vulnerability from nvd – Published: 2005-07-17 04:00 – Updated: 2024-08-08 01:22
VLAI?
Summary
The firewall in Astaro Security Linux before 4.024 sends responses to SYN-FIN packets, which makes it easier for remote attackers to obtain information about the system and construct specialized attacks.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:22:13.678Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "astaro-firewall-info-disclosure(17960)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17960"
},
{
"name": "11407",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/11407"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.astaro.org/showflat.php?Cat=\u0026Number=51459\u0026page=0\u0026view=collapsed\u0026sb=5\u0026o=\u0026fpart=1#51459"
},
{
"name": "13089",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/13089"
},
{
"name": "1012065",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1012065"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-11-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The firewall in Astaro Security Linux before 4.024 sends responses to SYN-FIN packets, which makes it easier for remote attackers to obtain information about the system and construct specialized attacks."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "astaro-firewall-info-disclosure(17960)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17960"
},
{
"name": "11407",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/11407"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.astaro.org/showflat.php?Cat=\u0026Number=51459\u0026page=0\u0026view=collapsed\u0026sb=5\u0026o=\u0026fpart=1#51459"
},
{
"name": "13089",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/13089"
},
{
"name": "1012065",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1012065"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2252",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The firewall in Astaro Security Linux before 4.024 sends responses to SYN-FIN packets, which makes it easier for remote attackers to obtain information about the system and construct specialized attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "astaro-firewall-info-disclosure(17960)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17960"
},
{
"name": "11407",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/11407"
},
{
"name": "http://www.astaro.org/showflat.php?Cat=\u0026Number=51459\u0026page=0\u0026view=collapsed\u0026sb=5\u0026o=\u0026fpart=1#51459",
"refsource": "CONFIRM",
"url": "http://www.astaro.org/showflat.php?Cat=\u0026Number=51459\u0026page=0\u0026view=collapsed\u0026sb=5\u0026o=\u0026fpart=1#51459"
},
{
"name": "13089",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/13089"
},
{
"name": "1012065",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1012065"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-2252",
"datePublished": "2005-07-17T04:00:00",
"dateReserved": "2005-07-17T00:00:00",
"dateUpdated": "2024-08-08T01:22:13.678Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-2251 (GCVE-0-2004-2251)
Vulnerability from nvd – Published: 2005-07-17 04:00 – Updated: 2024-08-08 01:22
VLAI?
Summary
The PPTP server in Astaro Security Linux before 4.024 provides information about its version, which makes it easier for remote attackers to construct specialized attacks.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:22:13.229Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "11406",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/11406"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.astaro.org/showflat.php?Cat=\u0026Number=51459\u0026page=0\u0026view=collapsed\u0026sb=5\u0026o=\u0026fpart=1#51459"
},
{
"name": "astaro-pptp-info-disclosure(17959)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17959"
},
{
"name": "13089",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/13089"
},
{
"name": "1012065",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1012065"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-11-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The PPTP server in Astaro Security Linux before 4.024 provides information about its version, which makes it easier for remote attackers to construct specialized attacks."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "11406",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/11406"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.astaro.org/showflat.php?Cat=\u0026Number=51459\u0026page=0\u0026view=collapsed\u0026sb=5\u0026o=\u0026fpart=1#51459"
},
{
"name": "astaro-pptp-info-disclosure(17959)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17959"
},
{
"name": "13089",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/13089"
},
{
"name": "1012065",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1012065"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2251",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The PPTP server in Astaro Security Linux before 4.024 provides information about its version, which makes it easier for remote attackers to construct specialized attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "11406",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/11406"
},
{
"name": "http://www.astaro.org/showflat.php?Cat=\u0026Number=51459\u0026page=0\u0026view=collapsed\u0026sb=5\u0026o=\u0026fpart=1#51459",
"refsource": "CONFIRM",
"url": "http://www.astaro.org/showflat.php?Cat=\u0026Number=51459\u0026page=0\u0026view=collapsed\u0026sb=5\u0026o=\u0026fpart=1#51459"
},
{
"name": "astaro-pptp-info-disclosure(17959)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17959"
},
{
"name": "13089",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/13089"
},
{
"name": "1012065",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1012065"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-2251",
"datePublished": "2005-07-17T04:00:00",
"dateReserved": "2005-07-17T00:00:00",
"dateUpdated": "2024-08-08T01:22:13.229Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2002-1737 (GCVE-0-2002-1737)
Vulnerability from nvd – Published: 2005-06-21 04:00 – Updated: 2024-08-08 03:34
VLAI?
Summary
Astaro Security Linux 2.016 creates world-writable files and directories, which allows local users to overwrite arbitrary files.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:34:56.062Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20020212 Astaro Security Linux Improper File Permissions Flaw",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://online.securityfocus.com/archive/1/256124"
},
{
"name": "4103",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/4103"
},
{
"name": "20020212 RE: Astaro Security Linux Improper File Permissions Flaw",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://online.securityfocus.com/archive/1/256127"
},
{
"name": "astaro-insecure-file-permissions(8190)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8190"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-02-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Astaro Security Linux 2.016 creates world-writable files and directories, which allows local users to overwrite arbitrary files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20020212 Astaro Security Linux Improper File Permissions Flaw",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://online.securityfocus.com/archive/1/256124"
},
{
"name": "4103",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/4103"
},
{
"name": "20020212 RE: Astaro Security Linux Improper File Permissions Flaw",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://online.securityfocus.com/archive/1/256127"
},
{
"name": "astaro-insecure-file-permissions(8190)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8190"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1737",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Astaro Security Linux 2.016 creates world-writable files and directories, which allows local users to overwrite arbitrary files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20020212 Astaro Security Linux Improper File Permissions Flaw",
"refsource": "BUGTRAQ",
"url": "http://online.securityfocus.com/archive/1/256124"
},
{
"name": "4103",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4103"
},
{
"name": "20020212 RE: Astaro Security Linux Improper File Permissions Flaw",
"refsource": "BUGTRAQ",
"url": "http://online.securityfocus.com/archive/1/256127"
},
{
"name": "astaro-insecure-file-permissions(8190)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8190"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-1737",
"datePublished": "2005-06-21T04:00:00",
"dateReserved": "2005-06-21T00:00:00",
"dateUpdated": "2024-08-08T03:34:56.062Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2002-0029 (GCVE-0-2002-0029)
Vulnerability from nvd – Published: 2002-11-21 05:00 – Updated: 2024-08-08 02:35
VLAI?
Summary
Buffer overflows in the DNS stub resolver library in ISC BIND 4.9.2 through 4.9.10, and other derived libraries such as BSD libc and GNU glibc, allow remote attackers to execute arbitrary code via DNS server responses that trigger the overflow in the (1) getnetbyname, or (2) getnetbyaddr functions, aka "LIBRESOLV: buffer overrun" and a different vulnerability than CVE-2002-0684.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:35:17.387Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "bind-dns-libresolv-bo(10624)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/10624.php"
},
{
"name": "NetBSD-SA2002-028",
"tags": [
"vendor-advisory",
"x_refsource_NETBSD",
"x_transferred"
],
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-028.txt.asc"
},
{
"name": "CA-2002-31",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.cert.org/advisories/CA-2002-31.html"
},
{
"name": "6186",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/6186"
},
{
"name": "VU#844360",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/844360"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.isc.org/products/BIND/bind-security.html"
},
{
"name": "2002-11-21",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/Security-announce/2002/Nov/msg00000.html"
},
{
"name": "20021201-01-P",
"tags": [
"vendor-advisory",
"x_refsource_SGI",
"x_transferred"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20021201-01-P"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-11-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflows in the DNS stub resolver library in ISC BIND 4.9.2 through 4.9.10, and other derived libraries such as BSD libc and GNU glibc, allow remote attackers to execute arbitrary code via DNS server responses that trigger the overflow in the (1) getnetbyname, or (2) getnetbyaddr functions, aka \"LIBRESOLV: buffer overrun\" and a different vulnerability than CVE-2002-0684."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2003-02-26T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "bind-dns-libresolv-bo(10624)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/10624.php"
},
{
"name": "NetBSD-SA2002-028",
"tags": [
"vendor-advisory",
"x_refsource_NETBSD"
],
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-028.txt.asc"
},
{
"name": "CA-2002-31",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.cert.org/advisories/CA-2002-31.html"
},
{
"name": "6186",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/6186"
},
{
"name": "VU#844360",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/844360"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.isc.org/products/BIND/bind-security.html"
},
{
"name": "2002-11-21",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/Security-announce/2002/Nov/msg00000.html"
},
{
"name": "20021201-01-P",
"tags": [
"vendor-advisory",
"x_refsource_SGI"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20021201-01-P"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0029",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflows in the DNS stub resolver library in ISC BIND 4.9.2 through 4.9.10, and other derived libraries such as BSD libc and GNU glibc, allow remote attackers to execute arbitrary code via DNS server responses that trigger the overflow in the (1) getnetbyname, or (2) getnetbyaddr functions, aka \"LIBRESOLV: buffer overrun\" and a different vulnerability than CVE-2002-0684."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "bind-dns-libresolv-bo(10624)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/10624.php"
},
{
"name": "NetBSD-SA2002-028",
"refsource": "NETBSD",
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-028.txt.asc"
},
{
"name": "CA-2002-31",
"refsource": "CERT",
"url": "http://www.cert.org/advisories/CA-2002-31.html"
},
{
"name": "6186",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6186"
},
{
"name": "VU#844360",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/844360"
},
{
"name": "http://www.isc.org/products/BIND/bind-security.html",
"refsource": "CONFIRM",
"url": "http://www.isc.org/products/BIND/bind-security.html"
},
{
"name": "2002-11-21",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/Security-announce/2002/Nov/msg00000.html"
},
{
"name": "20021201-01-P",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20021201-01-P"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-0029",
"datePublished": "2002-11-21T05:00:00",
"dateReserved": "2002-01-16T00:00:00",
"dateUpdated": "2024-08-08T02:35:17.387Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}