Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
4 vulnerabilities by Martin
CVE-2025-28883 (GCVE-0-2025-28883)
Vulnerability from nvd – Published: 2025-03-11 21:00 – Updated: 2026-04-28 16:11- CWE-352 - Cross-Site Request Forgery (CSRF)
| URL | Tags |
|---|---|
| https://patchstack.com/database/Wordpress/Plugin/… | vdb-entry |
| Vendor | Product | Version | |
|---|---|---|---|
| Martin | WP Compare Tables |
Affected:
0 , ≤ 1.0.5
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-28883",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-12T13:45:15.855666Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-12T13:51:49.781Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "wp-compare-tables",
"product": "WP Compare Tables",
"vendor": "Martin",
"versions": [
{
"lessThanOrEqual": "1.0.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Abdi Pranata | Patchstack Bug Bounty Program"
}
],
"datePublic": "2026-04-01T16:35:51.407Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Martin WP Compare Tables wp-compare-tables allows Stored XSS.\u003cp\u003eThis issue affects WP Compare Tables: from n/a through \u003c= 1.0.5.\u003c/p\u003e"
}
],
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Martin WP Compare Tables wp-compare-tables allows Stored XSS.This issue affects WP Compare Tables: from n/a through \u003c= 1.0.5."
}
],
"impacts": [
{
"capecId": "CAPEC-592",
"descriptions": [
{
"lang": "en",
"value": "Stored XSS"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T16:11:49.921Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/Wordpress/Plugin/wp-compare-tables/vulnerability/wordpress-wp-compare-tables-plugin-1-0-5-csrf-to-stored-xss-vulnerability?_s_id=cve"
}
],
"title": "WordPress WP Compare Tables plugin \u003c= 1.0.5 - CSRF to Stored XSS vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2025-28883",
"datePublished": "2025-03-11T21:00:44.586Z",
"dateReserved": "2025-03-11T08:09:00.484Z",
"dateUpdated": "2026-04-28T16:11:49.921Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-28883 (GCVE-0-2025-28883)
Vulnerability from cvelistv5 – Published: 2025-03-11 21:00 – Updated: 2026-04-28 16:11- CWE-352 - Cross-Site Request Forgery (CSRF)
| URL | Tags |
|---|---|
| https://patchstack.com/database/Wordpress/Plugin/… | vdb-entry |
| Vendor | Product | Version | |
|---|---|---|---|
| Martin | WP Compare Tables |
Affected:
0 , ≤ 1.0.5
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-28883",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-12T13:45:15.855666Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-12T13:51:49.781Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "wp-compare-tables",
"product": "WP Compare Tables",
"vendor": "Martin",
"versions": [
{
"lessThanOrEqual": "1.0.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Abdi Pranata | Patchstack Bug Bounty Program"
}
],
"datePublic": "2026-04-01T16:35:51.407Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Martin WP Compare Tables wp-compare-tables allows Stored XSS.\u003cp\u003eThis issue affects WP Compare Tables: from n/a through \u003c= 1.0.5.\u003c/p\u003e"
}
],
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Martin WP Compare Tables wp-compare-tables allows Stored XSS.This issue affects WP Compare Tables: from n/a through \u003c= 1.0.5."
}
],
"impacts": [
{
"capecId": "CAPEC-592",
"descriptions": [
{
"lang": "en",
"value": "Stored XSS"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T16:11:49.921Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/Wordpress/Plugin/wp-compare-tables/vulnerability/wordpress-wp-compare-tables-plugin-1-0-5-csrf-to-stored-xss-vulnerability?_s_id=cve"
}
],
"title": "WordPress WP Compare Tables plugin \u003c= 1.0.5 - CSRF to Stored XSS vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2025-28883",
"datePublished": "2025-03-11T21:00:44.586Z",
"dateReserved": "2025-03-11T08:09:00.484Z",
"dateUpdated": "2026-04-28T16:11:49.921Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
VAR-200106-0017
Vulnerability from variot - Updated: 2023-12-18 11:14ROADS search.pl program allows remote attackers to read arbitrary files by specifying the file name in the form parameter and terminating the filename with a null byte. Multiple Cisco networking products contain a denial-of-service vulnerability. There is an information integrity vulnerability in the SSH1 protocol that allows packets encrypted with a block cipher to be modified without notice. There is a remote integer overflow vulnerability in several implementations of the SSH1 protocol that allows an attacker to execute arbitrary code with the privileges of the SSH daemon, typically root. The program pgp4pine version 1.75.6 fails to properly identify expired keys when working with the Gnu Privacy Guard program (GnuPG). This failure may result in the clear-text transmission of senstive information when used with the PINE mail reading package. The SEDUM web server permits intruders to access files outside the web root. Secure Shell, or SSH, is an encrypted remote access protocol. SSH or code based on SSH is used by many systems all over the world and in a wide variety of commercial applications. An integer-overflow bug in the CRC32 compensation attack detection code may allow remote attackers to write values to arbitrary locations in memory. This would occur in situations where large SSH packets are recieved by either a client or server, and a 32 bit representation of the SSH packet length is assigned to a 16 bit integer. The difference in data representation in these situations will cause the 16 bit variable to be assigned to zero (or a really low value). As a result, future calls to malloc() as well as an index used to reference locations in memory can be corrupted by an attacker. This could occur in a manner that can be exploited to write certain numerical values to almost arbitrary locations in memory. UPDATE: There have been reports suggesting that exploitation of this vulnerability may be widespread. Since early september, independent, reliable sources have confirmed that this vulnerability is being exploited by attackers on the Internet. Security Focus does not currently have the exploit code being used, however this record will be updated if and when it becomes available. NOTE: Cisco 11000 Content Service Switch family is vulnerable to this issue. All WebNS releases prior, but excluding, versions: 4.01 B42s, 4.10 22s, 5.0 B11s, 5.01 B6s, are vulnerable. Secure Computing SafeWord Agent for SSH is reportedly prone to this issue, as it is based on a vulnerable version of SSH. ** NetScreen ScreenOS is not directly vulnerable to this issue, however the referenced exploit will cause devices using vulnerable versions of the software to stop functioning properly. This will result in a denial of service condition for NetScreen devices. This issue is in the Secure Command Shell (SCS) administrative interface, which is an implementation of SSHv1. SCS is not enabled on NetScreen devices by default. Cisco has reported that scanning for SSH vulnerabilities on affected devices will cause excessive CPU consumption. The condition is due to a failure of the Cisco SSH implementation to properly process large SSH packets. As many of these devices are critical infrastructure components, more serious network outages may occur. Cisco has released upgrades that will eliminate this vulnerability. An expired public key could cause GPG to fail the encryption of an outgoing message, without any error message or warning being delivered to the user. As a result, the user could transmit data, meant to be encrypted, as plaintext. A remote user could gain read access to known files outside of the root directory where Martin Hamilton ROADS resides. Requesting a specially crafted URL composed of '%00' sequences along with the known filename will disclose the requested file. TO UNSUBSCRIBE: email "unsubscribe alert" in the body of your message to majordomo@iss.net Contact alert-owner@iss.net for help with any problems!
-----BEGIN PGP SIGNED MESSAGE-----
ISS X-Force has received reports that some individuals were unable to verify the PGP signature on the Security Alert Summary distributed earlier in the week. Due to this issue, X-Force is re-distributing the Security Alert Summary. We apologize for any inconvience this may have caused.
Internet Security Systems Security Alert Summary March 5, 2001 Volume 6 Number 4
X-Force Vulnerability and Threat Database: http://xforce.iss.net/ To receive these Alert Summaries as well as other Alerts and Advisories, subscribe to the Internet Security Systems Alert mailing list at: http://xforce.iss.net/maillists/index.php
This summary can be found at http://xforce.iss.net/alerts/vol-6_num-4.php
Contents
90 Reported Vulnerabilities
Risk Factor Key
Date Reported: 2/27/01 Vulnerability: a1-server-dos Platforms Affected: A1 Server Risk Factor: Medium Attack Type: Network Based Brief Description: A1 Server denial of service X-Force URL: http://xforce.iss.net/static/6161.php
Date Reported: 2/27/01 Vulnerability: a1-server-directory-traversal Platforms Affected: A1 Server Risk Factor: Medium Attack Type: Network Based Brief Description: A1 Server directory traversal X-Force URL: http://xforce.iss.net/static/6162.php
Date Reported: 2/27/01 Vulnerability: webreflex-web-server-dos Platforms Affected: WebReflex Risk Factor: Medium Attack Type: Network Based Brief Description: WebReflex Web server denial of service X-Force URL: http://xforce.iss.net/static/6163.php
Date Reported: 2/26/01 Vulnerability: sudo-bo-elevate-privileges Platforms Affected: Sudo Risk Factor: Medium Attack Type: Host Based Brief Description: Sudo buffer overflow could allow elevated user privileges X-Force URL: http://xforce.iss.net/static/6153.php
Date Reported: 2/26/01 Vulnerability: mygetright-skin-overwrite-file Platforms Affected: My GetRight Risk Factor: High Attack Type: Network Based Brief Description: My GetRight 'skin' allows remote attacker to overwrite existing files X-Force URL: http://xforce.iss.net/static/6155.php
Date Reported: 2/26/01 Vulnerability: mygetright-directory-traversal Platforms Affected: My GetRight Risk Factor: Medium Attack Type: Network Based Brief Description: My GetRight directory traversal X-Force URL: http://xforce.iss.net/static/6156.php
Date Reported: 2/26/01 Vulnerability: win2k-event-viewer-bo Platforms Affected: Windows 2000 Risk Factor: once-only Attack Type: Host Based Brief Description: Windows 2000 event viewer buffer overflow X-Force URL: http://xforce.iss.net/static/6160.php
Date Reported: 2/26/01 Vulnerability: netscape-collabra-cpu-dos Platforms Affected: Netscape Risk Factor: Medium Attack Type: Network Based Brief Description: Netscape Collabra CPU denial of service X-Force URL: http://xforce.iss.net/static/6159.php
Date Reported: 2/26/01 Vulnerability: netscape-collabra-kernel-dos Platforms Affected: Netscape Risk Factor: Medium Attack Type: Network Based Brief Description: Netscape Collabra Server kernel denial of service X-Force URL: http://xforce.iss.net/static/6158.php
Date Reported: 2/23/01 Vulnerability: mercur-expn-bo Platforms Affected: MERCUR Risk Factor: High Attack Type: Network Based Brief Description: MERCUR Mailserver EXPN buffer overflow X-Force URL: http://xforce.iss.net/static/6149.php
Date Reported: 2/23/01 Vulnerability: sedum-http-dos Platforms Affected: SEDUM Risk Factor: Medium Attack Type: Network Based Brief Description: SEDUM HTTP server denial of service X-Force URL: http://xforce.iss.net/static/6152.php
Date Reported: 2/23/01 Vulnerability: tru64-inetd-dos Platforms Affected: Tru64 Risk Factor: Medium Attack Type: Host Based Brief Description: Tru64 UNIX inetd denial of service X-Force URL: http://xforce.iss.net/static/6157.php
Date Reported: 2/22/01 Vulnerability: outlook-vcard-bo Platforms Affected: Microsoft Outlook Risk Factor: High Attack Type: Host Based Brief Description: Outlook and Outlook Express vCards buffer overflow X-Force URL: http://xforce.iss.net/static/6145.php
Date Reported: 2/22/01 Vulnerability: ultimatebb-cookie-member-number Platforms Affected: Ultimate Bulletin Board Risk Factor: High Attack Type: Network Based Brief Description: Ultimate Bulletin Board cookie allows attacker to change member number X-Force URL: http://xforce.iss.net/static/6144.php
Date Reported: 2/21/01 Vulnerability: ultimatebb-cookie-gain-privileges Platforms Affected: Ultimate Bulletin Board Risk Factor: Medium Attack Type: Network Based Brief Description: Ultimate Bulletin Board allows remote attacker to obtain cookie information X-Force URL: http://xforce.iss.net/static/6142.php
Date Reported: 2/21/01 Vulnerability: sendmail-elevate-privileges Platforms Affected: Sendmail Risk Factor: High Attack Type: Host Based Brief Description: Sendmail -bt command could allow the elevation of privileges X-Force URL: http://xforce.iss.net/static/6147.php
Date Reported: 2/21/01 Vulnerability: jre-jdk-execute-commands Platforms Affected: JRE/JDK Risk Factor: High Attack Type: Host Based Brief Description: JRE/JDK could allow unauthorized execution of commands X-Force URL: http://xforce.iss.net/static/6143.php
Date Reported: 2/20/01 Vulnerability: licq-remote-port-dos Platforms Affected: LICQ Risk Factor: Medium Attack Type: Network Based Brief Description: LICQ remote denial of service X-Force URL: http://xforce.iss.net/static/6134.php
Date Reported: 2/20/01 Vulnerability: pgp4pine-expired-keys Platforms Affected: pgp4pine Risk Factor: Medium Attack Type: Host Based Brief Description: pgp4pine may transmit messages using expired public keys X-Force URL: http://xforce.iss.net/static/6135.php
Date Reported: 2/20/01 Vulnerability: chilisoft-asp-view-files Platforms Affected: Chili!Soft ASP Risk Factor: High Attack Type: Network Based Brief Description: Chili!Soft ASP allows remote attackers to gain access to sensitive information X-Force URL: http://xforce.iss.net/static/6137.php
Date Reported: 2/20/01 Vulnerability: win2k-domain-controller-dos Platforms Affected: Windows 2000 Risk Factor: once-only Attack Type: Network/Host Based Brief Description: Windows 2000 domain controller denial of service X-Force URL: http://xforce.iss.net/static/6136.php
Date Reported: 2/19/01 Vulnerability: asx-remote-dos Platforms Affected: ASX Switches Risk Factor: Medium Attack Type: Network Based Brief Description: ASX switches allow remote denial of service X-Force URL: http://xforce.iss.net/static/6133.php
Date Reported: 2/18/01 Vulnerability: http-cgi-mailnews-username Platforms Affected: Mailnews.cgi Risk Factor: High Attack Type: Network Based Brief Description: Mailnews.cgi allows remote attacker to execute shell commands using username X-Force URL: http://xforce.iss.net/static/6139.php
Date Reported: 2/17/01 Vulnerability: badblue-ext-reveal-path Platforms Affected: BadBlue Risk Factor: Low Attack Type: Network Based Brief Description: BadBlue ext.dll library reveals path X-Force URL: http://xforce.iss.net/static/6130.php
Date Reported: 2/17/01 Vulnerability: badblue-ext-dos Platforms Affected: BadBlue Risk Factor: Medium Attack Type: Network Based Brief Description: BadBlue ext.dll library denial of service X-Force URL: http://xforce.iss.net/static/6131.php
Date Reported: 2/17/01 Vulnerability: moby-netsuite-bo Platforms Affected: Moby's NetSuite Risk Factor: Medium Attack Type: Network Based Brief Description: Moby's NetSuite Web server buffer overflow X-Force URL: http://xforce.iss.net/static/6132.php
Date Reported: 2/16/01 Vulnerability: webactive-directory-traversal Platforms Affected: WEBactive Risk Factor: Medium Attack Type: Network/Host Based Brief Description: WEBactive HTTP Server directory traversal X-Force URL: http://xforce.iss.net/static/6121.php
Date Reported: 2/16/01 Vulnerability: esone-cgi-directory-traversal Platforms Affected: ES.One store.cgi Risk Factor: Medium Attack Type: Network Based Brief Description: Thinking Arts ES.One store.cgi directory traversal X-Force URL: http://xforce.iss.net/static/6124.php
Date Reported: 2/16/01 Vulnerability: vshell-username-bo Platforms Affected: VShell Risk Factor: High Attack Type: Network Based Brief Description: VShell username buffer overflow X-Force URL: http://xforce.iss.net/static/6146.php
Date Reported: 2/16/01 Vulnerability: vshell-port-forwarding-rule Platforms Affected: VShell Risk Factor: Medium Attack Type: Network/Host Based Brief Description: VShell uses weak port forwarding rule X-Force URL: http://xforce.iss.net/static/6148.php
Date Reported: 2/15/01 Vulnerability: pi3web-isapi-bo Platforms Affected: Pi3Web Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Pi3Web ISAPI tstisapi.dll denial of service X-Force URL: http://xforce.iss.net/static/6113.php
Date Reported: 2/15/01 Vulnerability: pi3web-reveal-path Platforms Affected: Pi3Web Risk Factor: Low Attack Type: Network Based Brief Description: Pi3Web reveals physical path of server X-Force URL: http://xforce.iss.net/static/6114.php
Date Reported: 2/15/01 Vulnerability: bajie-execute-shell Platforms Affected: Bajie HTTP JServer Risk Factor: High Attack Type: Network Based Brief Description: Bajie HTTP JServer execute shell commands X-Force URL: http://xforce.iss.net/static/6117.php
Date Reported: 2/15/01 Vulnerability: bajie-directory-traversal Platforms Affected: Bajie HTTP JServer Risk Factor: High Attack Type: Network Based Brief Description: Bajie HTTP JServer directory traversal X-Force URL: http://xforce.iss.net/static/6115.php
Date Reported: 2/15/01 Vulnerability: resin-directory-traversal Platforms Affected: Resin Risk Factor: Medium Attack Type: Network Based Brief Description: Resin Web server directory traversal X-Force URL: http://xforce.iss.net/static/6118.php
Date Reported: 2/15/01 Vulnerability: netware-mitm-recover-passwords Platforms Affected: Netware Risk Factor: Low Attack Type: Network Based Brief Description: Netware "man in the middle" attack password recovery X-Force URL: http://xforce.iss.net/static/6116.php
Date Reported: 2/14/01 Vulnerability: firebox-pptp-dos Platforms Affected: WatchGuard Firebox II Risk Factor: High Attack Type: Network Based Brief Description: WatchGuard Firebox II PPTP denial of service X-Force URL: http://xforce.iss.net/static/6109.php
Date Reported: 2/14/01 Vulnerability: hp-virtualvault-iws-dos Platforms Affected: HP VirtualVault Risk Factor: Medium Attack Type: Network/Host Based Brief Description: HP VirtualVault iPlanet Web Server denial of service X-Force URL: http://xforce.iss.net/static/6110.php
Date Reported: 2/14/01 Vulnerability: kicq-execute-commands Platforms Affected: KICQ Risk Factor: High Attack Type: Network Based Brief Description: kicq could allow remote execution of commands X-Force URL: http://xforce.iss.net/static/6112.php
Date Reported: 2/14/01 Vulnerability: hp-text-editor-bo Platforms Affected: HPUX Risk Factor: Medium Attack Type: Host Based Brief Description: HP Text editors buffer overflow X-Force URL: http://xforce.iss.net/static/6111.php
Date Reported: 2/13/01 Vulnerability: sendtemp-pl-read-files Platforms Affected: sendtemp.pl Risk Factor: Medium Attack Type: Network/Host Based Brief Description: sendtemp.pl could allow an attacker to read files on the server X-Force URL: http://xforce.iss.net/static/6104.php
Date Reported: 2/13/01 Vulnerability: analog-alias-bo Platforms Affected: Analog ALIAS Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Analog ALIAS command buffer overflow X-Force URL: http://xforce.iss.net/static/6105.php
Date Reported: 2/13/01 Vulnerability: elm-long-string-bo Platforms Affected: Elm Risk Factor: Medium Attack Type: Host Based Brief Description: ELM -f command long string buffer overflow X-Force URL: http://xforce.iss.net/static/6151.php
Date Reported: 2/13/01 Vulnerability: winnt-pptp-dos Platforms Affected: Windows NT Risk Factor: Medium Attack Type: Network Based Brief Description: Windows NT PPTP denial of service X-Force URL: http://xforce.iss.net/static/6103.php
Date Reported: 2/12/01 Vulnerability: startinnfeed-format-string Platforms Affected: Inn Risk Factor: High Attack Type: Host Based Brief Description: Inn 'startinnfeed' binary format string attack X-Force URL: http://xforce.iss.net/static/6099.php
Date Reported: 2/12/01 Vulnerability: his-auktion-cgi-url Platforms Affected: HIS Auktion Risk Factor: Medium Attack Type: Network/Host Based Brief Description: HIS Auktion CGI script could allow attackers to view unauthorized files or execute commands X-Force URL: http://xforce.iss.net/static/6090.php
Date Reported: 2/12/01 Vulnerability: wayboard-cgi-view-files Platforms Affected: Way-BOARD Risk Factor: Medium Attack Type: Network Based Brief Description: Way-BOARD CGI could allow attackers to view unauthorized files X-Force URL: http://xforce.iss.net/static/6091.php
Date Reported: 2/12/01 Vulnerability: muskat-empower-url-dir Platforms Affected: Musket Empower Risk Factor: Low Attack Type: Network/Host Based Brief Description: Musket Empower could allow attackers to gain access to the DB directory path X-Force URL: http://xforce.iss.net/static/6093.php
Date Reported: 2/12/01 Vulnerability: icq-icu-rtf-dos Platforms Affected: LICQ Gnome ICU Risk Factor: Low Attack Type: Network/Host Based Brief Description: LICQ and Gnome ICU rtf file denial of service X-Force URL: http://xforce.iss.net/static/6096.php
Date Reported: 2/12/01 Vulnerability: commerce-cgi-view-files Platforms Affected: Commerce.cgi Risk Factor: Medium Attack Type: Network Based Brief Description: Commerce.cgi could allow attackers to view unauthorized files X-Force URL: http://xforce.iss.net/static/6095.php
Date Reported: 2/12/01 Vulnerability: roads-search-view-files Platforms Affected: ROADS Risk Factor: Medium Attack Type: Network Based Brief Description: ROADS could allow attackers to view unauthorized files using search.pl program X-Force URL: http://xforce.iss.net/static/6097.php
Date Reported: 2/12/01 Vulnerability: webpage-cgi-view-info Platforms Affected: WebPage.cgi Risk Factor: Low Attack Type: Network Based Brief Description: WebPage.cgi allows attackers to view sensitive information X-Force URL: http://xforce.iss.net/static/6100.php
Date Reported: 2/12/01 Vulnerability: webspirs-cgi-view-files Platforms Affected: WebSPIRS Risk Factor: Medium Attack Type: Network Based Brief Description: WebSPIRS CGI could allow an attacker to view unauthorized files X-Force URL: http://xforce.iss.net/static/6101.php
Date Reported: 2/12/01 Vulnerability: webpals-library-cgi-url Platforms Affected: WebPALS Risk Factor: Medium Attack Type: Network Based Brief Description: WebPALS Library System CGI script could allow attackers to view unauthorized files or execute commands X-Force URL: http://xforce.iss.net/static/6102.php
Date Reported: 2/11/01 Vulnerability: cobol-apptrack-nolicense-permissions Platforms Affected: MicroFocus Cobol Risk Factor: High Attack Type: Host Based Brief Description: MicroFocus Cobol with AppTrack enabled with nolicense permissions X-Force URL: http://xforce.iss.net/static/6092.php
Date Reported: 2/11/01 Vulnerability: cobol-apptrack-nolicense-symlink Platforms Affected: MicroFocus Cobol Risk Factor: High Attack Type: Host Based Brief Description: MicroFocus Cobol with AppTrack enabled allows symlink in nolicense X-Force URL: http://xforce.iss.net/static/6094.php
Date Reported: 2/10/01 Vulnerability: vixie-crontab-bo Platforms Affected: Vixie crontab Risk Factor: Medium Attack Type: Host Based Brief Description: Vixie crontab buffer overflow X-Force URL: http://xforce.iss.net/static/6098.php
Date Reported: 2/10/01 Vulnerability: novell-groupwise-bypass-policies Platforms Affected: Novell GroupWise Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Novell Groupwise allows user to bypass policies and view files X-Force URL: http://xforce.iss.net/static/6089.php
Date Reported: 2/9/01 Vulnerability: infobot-calc-gain-access Platforms Affected: Infobot Risk Factor: High Attack Type: Network Based Brief Description: Infobot 'calc' command allows remote users to gain access X-Force URL: http://xforce.iss.net/static/6078.php
Date Reported: 2/8/01 Vulnerability: linux-sysctl-read-memory Platforms Affected: Linux Risk Factor: Medium Attack Type: Host Based Brief Description: Linux kernel sysctl() read memory X-Force URL: http://xforce.iss.net/static/6079.php
Date Reported: 2/8/01 Vulnerability: openssh-bypass-authentication Platforms Affected: OpenSSH Risk Factor: High Attack Type: Network/Host Based Brief Description: OpenSSH 2.3.1 allows remote users to bypass authentication X-Force URL: http://xforce.iss.net/static/6084.php
Date Reported: 2/8/01 Vulnerability: lotus-notes-stored-forms Platforms Affected: Lotus Notes Risk Factor: High Attack Type: Network/Host Based Brief Description: Lotus Notes stored forms X-Force URL: http://xforce.iss.net/static/6087.php
Date Reported: 2/8/01 Vulnerability: linux-ptrace-modify-process Platforms Affected: Linux Risk Factor: High Attack Type: Host Based Brief Description: Linux kernel ptrace modify process X-Force URL: http://xforce.iss.net/static/6080.php
Date Reported: 2/8/01 Vulnerability: ssh-deattack-overwrite-memory Platforms Affected: SSH Risk Factor: High Attack Type: Network/Host Based Brief Description: SSH protocol 1.5 deattack.c allows memory to be overwritten X-Force URL: http://xforce.iss.net/static/6083.php
Date Reported: 2/7/01 Vulnerability: dc20ctrl-port-bo Platforms Affected: FreeBSD Risk Factor: Medium Attack Type: Host Based Brief Description: FreeBSD dc20ctrl port buffer overflow X-Force URL: http://xforce.iss.net/static/6077.php
Date Reported: 2/7/01 Vulnerability: ja-xklock-bo Platforms Affected: FreeBSD Risk Factor: High Attack Type: Host Based Brief Description: ja-xklock buffer overflow X-Force URL: http://xforce.iss.net/static/6073.php
Date Reported: 2/7/01 Vulnerability: ja-elvis-elvrec-bo Platforms Affected: FreeBSD Risk Factor: High Attack Type: Host Based Brief Description: FreeBSD ja-elvis port buffer overflow X-Force URL: http://xforce.iss.net/static/6074.php
Date Reported: 2/7/01 Vulnerability: ko-helvis-elvrec-bo Platforms Affected: FreeBSD Risk Factor: High Attack Type: Host Based Brief Description: FreeBSD ko-helvis port buffer overflow X-Force URL: http://xforce.iss.net/static/6075.php
Date Reported: 2/7/01 Vulnerability: serverworx-directory-traversal Platforms Affected: ServerWorx Risk Factor: Medium Attack Type: Network Based Brief Description: ServerWorx directory traversal X-Force URL: http://xforce.iss.net/static/6081.php
Date Reported: 2/7/01 Vulnerability: ntlm-ssp-elevate-privileges Platforms Affected: NTLM Risk Factor: High Attack Type: Host Based Brief Description: NTLM Security Support Provider could allow elevation of privileges X-Force URL: http://xforce.iss.net/static/6076.php
Date Reported: 2/7/01 Vulnerability: ssh-session-key-recovery Platforms Affected: SSH Risk Factor: High Attack Type: Network/Host Based Brief Description: SSH protocol 1.5 session key recovery X-Force URL: http://xforce.iss.net/static/6082.php
Date Reported: 2/6/01 Vulnerability: aolserver-directory-traversal Platforms Affected: AOLserver Risk Factor: Medium Attack Type: Network Based Brief Description: AOLserver directory traversal X-Force URL: http://xforce.iss.net/static/6069.php
Date Reported: 2/6/01 Vulnerability: chilisoft-asp-elevate-privileges Platforms Affected: Chili!Soft Risk Factor: High Attack Type: Network/Host Based Brief Description: Chili!Soft ASP could allow elevated privileges X-Force URL: http://xforce.iss.net/static/6072.php
Date Reported: 2/6/01 Vulnerability: win-udp-dos Platforms Affected: Windows Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Windows UDP socket denial of service X-Force URL: http://xforce.iss.net/static/6070.php
Date Reported: 2/5/01 Vulnerability: ssh-daemon-failed-login Platforms Affected: SSH Risk Factor: High Attack Type: Network/Host Based Brief Description: SSH daemon failed login attempts are not logged X-Force URL: http://xforce.iss.net/static/6071.php
Date Reported: 2/5/01 Vulnerability: picserver-directory-traversal Platforms Affected: PicServer Risk Factor: Medium Attack Type: Network Based Brief Description: PicServer directory traversal X-Force URL: http://xforce.iss.net/static/6065.php
Date Reported: 2/5/01 Vulnerability: biblioweb-directory-traversal Platforms Affected: BiblioWeb Risk Factor: Medium Attack Type: Network Based Brief Description: BiblioWeb Server directory traversal X-Force URL: http://xforce.iss.net/static/6066.php
Date Reported: 2/5/01 Vulnerability: biblioweb-get-dos Platforms Affected: BiblioWeb Risk Factor: Low Attack Type: Network Based Brief Description: BiblioWeb Server GET request denial of service X-Force URL: http://xforce.iss.net/static/6068.php
Date Reported: 2/5/01 Vulnerability: ibm-netcommerce-reveal-information Platforms Affected: IBM Risk Factor: Medium Attack Type: Network/Host Based Brief Description: IBM Net.Commerce could reveal sensitive information X-Force URL: http://xforce.iss.net/static/6067.php
Date Reported: 2/5/01 Vulnerability: win-dde-elevate-privileges Platforms Affected: Windows DDE Risk Factor: High Attack Type: Host Based Brief Description: Windows DDE can allow the elevation of privileges X-Force URL: http://xforce.iss.net/static/6062.php
Date Reported: 2/4/01 Vulnerability: hsweb-directory-browsing Platforms Affected: HSWeb Risk Factor: Low Attack Type: Network Based Brief Description: HSWeb Web Server allows attacker to browse directories X-Force URL: http://xforce.iss.net/static/6061.php
Date Reported: 2/4/01 Vulnerability: sedum-directory-traversal Platforms Affected: SEDUM Risk Factor: Medium Attack Type: Network Based Brief Description: SEDUM HTTP Server directory traversal X-Force URL: http://xforce.iss.net/static/6063.php
Date Reported: 2/4/01 Vulnerability: free-java-directory-traversal Platforms Affected: Free Java Risk Factor: Medium Attack Type: Network Based Brief Description: Free Java Web Server directory traversal X-Force URL: http://xforce.iss.net/static/6064.php
Date Reported: 2/2/01 Vulnerability: goahead-directory-traversal Platforms Affected: GoAhead Risk Factor: High Attack Type: Network Based Brief Description: GoAhead Web Server directory traversal X-Force URL: http://xforce.iss.net/static/6046.php
Date Reported: 2/2/01 Vulnerability: gnuserv-tcp-cookie-overflow Platforms Affected: Gnuserv Risk Factor: High Attack Type: Network/Host Based Brief Description: Gnuserv TCP enabled cookie buffer overflow X-Force URL: http://xforce.iss.net/static/6056.php
Date Reported: 2/2/01 Vulnerability: xmail-ctrlserver-bo Platforms Affected: Xmail CTRLServer Risk Factor: High Attack Type: Network Based Brief Description: XMail CTRLServer buffer overflow X-Force URL: http://xforce.iss.net/static/6060.php
Date Reported: 2/2/01 Vulnerability: netscape-webpublisher-acl-permissions Platforms Affected: Netscape Web Publisher Risk Factor: Medium Attack Type: Network Based Brief Description: Netcape Web Publisher poor ACL permissions X-Force URL: http://xforce.iss.net/static/6058.php
Date Reported: 2/1/01 Vulnerability: cups-httpgets-dos Platforms Affected: CUPS Risk Factor: High Attack Type: Host Based Brief Description: CUPS httpGets() function denial of service X-Force URL: http://xforce.iss.net/static/6043.php
Date Reported: 2/1/01 Vulnerability: prospero-get-pin Platforms Affected: Prospero Risk Factor: High Attack Type: Network/Host Based Brief Description: Prospero GET request reveals PIN information X-Force URL: http://xforce.iss.net/static/6044.php
Date Reported: 2/1/01 Vulnerability: prospero-weak-permissions Platforms Affected: Prospero Risk Factor: High Attack Type: Network/Host Based Brief Description: Prospero uses weak permissions X-Force URL: http://xforce.iss.net/static/6045.php
Risk Factor Key:
High Any vulnerability that provides an attacker with immediate
access into a machine, gains superuser access, or bypasses
a firewall. Example: A vulnerable Sendmail 8.6.5 version
that allows an intruder to execute commands on mail
server.
Medium Any vulnerability that provides information that has a
high potential of giving system access to an intruder.
Example: A misconfigured TFTP or vulnerable NIS server
that allows an intruder to get the password file that
could contain an account with a guessable password.
Low Any vulnerability that provides information that
potentially could lead to a compromise. Example: A
finger that allows an intruder to find out who is online
and potential accounts to attempt to crack passwords
via brute force methods.
ISS is a leading global provider of security management solutions for e-business. By offering best-of-breed SAFEsuite(tm) security software, comprehensive ePatrol(tm) monitoring services and industry-leading expertise, ISS serves as its customers' trusted security provider protecting digital assets and ensuring the availability, confidentiality and integrity of computer systems and information critical to e-business success. ISS' security management solutions protect more than 5,000 customers including 21 of the 25 largest U.S. commercial banks, 9 of the 10 largest telecommunications companies and over 35 government agencies. Founded in 1994, ISS is headquartered in Atlanta, GA, with additional offices throughout North America and international operations in Asia, Australia, Europe and Latin America. For more information, visit the ISS Web site at www.iss.net or call 800-776-2362.
Copyright (c) 2001 by Internet Security Systems, Inc.
Permission is hereby granted for the redistribution of this Alert electronically. It is not to be edited in any way without express consent of the X-Force. If you wish to reprint the whole or any part of this Alert in any other medium excluding electronic medium, please e-mail xforce@iss.net for permission.
Disclaimer
The information within this paper may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties with regard to this information. In no event shall the author be liable for any damages whatsoever arising out of or in connection with the use or spread of this information. Any use of this information is at the user's own risk.
X-Force PGP Key available at: http://xforce.iss.net/sensitive.php as well as on MIT's PGP key server and PGP.com's key server.
Please send suggestions, updates, and comments to: X-Force xforce@iss.net of Internet Security Systems, Inc.
-----BEGIN PGP SIGNATURE----- Version: 2.6.3a Charset: noconv
iQCVAwUBOqb8ojRfJiV99eG9AQGEaAP+KH+SQYNBsbUcv/mUJNUz7dDPIYVcmPNV 1xyO/ctnG6qScWnlXGltYS7Rj8T8tYAAZC77oDhFSvvs8CX1Dr32ImEyvOIJhMLA h0wKCV3HOAYJ662BASe3jbO3nL/bumNKCRL5heuIU85pQOuH9xbqXkmFEimDmG2B tT+ylKw4hn4= =kfHg -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200106-0017",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": null,
"scope": null,
"trust": 3.2,
"vendor": "ssh security",
"version": null
},
{
"model": "catalyst csx",
"scope": "eq",
"trust": 2.4,
"vendor": "cisco",
"version": "60005.3"
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "cisco",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "openssh",
"version": null
},
{
"model": "roads",
"scope": "eq",
"trust": 1.6,
"vendor": "martin hamilton",
"version": "2.3"
},
{
"model": "ios 12.1 ex",
"scope": null,
"trust": 1.2,
"vendor": "cisco",
"version": null
},
{
"model": "catalyst",
"scope": "eq",
"trust": 0.9,
"vendor": "cisco",
"version": "60006.1"
},
{
"model": "catalyst",
"scope": "eq",
"trust": 0.9,
"vendor": "cisco",
"version": "60005.5"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "core sdi",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "freebsd",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "smoothwall",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "suse",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "holger lamm",
"version": null
},
{
"model": "ios 12.2xq",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2xh",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2xe",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2xd",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2xa",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2t",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "12.2"
},
{
"model": "ios 12.1yf",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1yd",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1yc",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1yb",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1xu",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1xt",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1xq",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1xp",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1xm",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1xl",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1xj",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1xi",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1xh",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1xg",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1xf",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1xc",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1xb",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1t",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1ec",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1e",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0s",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "catalyst",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "60006.2(0.110)"
},
{
"model": "communications security ssh",
"scope": "eq",
"trust": 0.3,
"vendor": "ssh",
"version": "1.2.31"
},
{
"model": "communications security ssh",
"scope": "eq",
"trust": 0.3,
"vendor": "ssh",
"version": "1.2.30"
},
{
"model": "communications security ssh",
"scope": "eq",
"trust": 0.3,
"vendor": "ssh",
"version": "1.2.29"
},
{
"model": "communications security ssh",
"scope": "eq",
"trust": 0.3,
"vendor": "ssh",
"version": "1.2.28"
},
{
"model": "communications security ssh",
"scope": "eq",
"trust": 0.3,
"vendor": "ssh",
"version": "1.2.27"
},
{
"model": "communications security ssh",
"scope": "eq",
"trust": 0.3,
"vendor": "ssh",
"version": "1.2.26"
},
{
"model": "communications security ssh",
"scope": "eq",
"trust": 0.3,
"vendor": "ssh",
"version": "1.2.25"
},
{
"model": "communications security ssh",
"scope": "eq",
"trust": 0.3,
"vendor": "ssh",
"version": "1.2.24"
},
{
"model": "computing safeword agent for ssh",
"scope": "eq",
"trust": 0.3,
"vendor": "secure",
"version": "1.0"
},
{
"model": "openssh",
"scope": "eq",
"trust": 0.3,
"vendor": "openssh",
"version": "2.2"
},
{
"model": "openssh",
"scope": "eq",
"trust": 0.3,
"vendor": "openssh",
"version": "2.1.1"
},
{
"model": "openssh",
"scope": "eq",
"trust": 0.3,
"vendor": "openssh",
"version": "2.1"
},
{
"model": "openssh",
"scope": "eq",
"trust": 0.3,
"vendor": "openssh",
"version": "1.2.3"
},
{
"model": "openssh",
"scope": "eq",
"trust": 0.3,
"vendor": "openssh",
"version": "1.2.2"
},
{
"model": "screenos r2",
"scope": "eq",
"trust": 0.3,
"vendor": "netscreen",
"version": "3.1.1"
},
{
"model": "screenos r9",
"scope": "eq",
"trust": 0.3,
"vendor": "netscreen",
"version": "3.1"
},
{
"model": "screenos r2",
"scope": "eq",
"trust": 0.3,
"vendor": "netscreen",
"version": "3.1"
},
{
"model": "screenos r1",
"scope": "eq",
"trust": 0.3,
"vendor": "netscreen",
"version": "3.1"
},
{
"model": "screenos r1.1",
"scope": "eq",
"trust": 0.3,
"vendor": "netscreen",
"version": "3.0.3"
},
{
"model": "screenos r2",
"scope": "eq",
"trust": 0.3,
"vendor": "netscreen",
"version": "3.0.1"
},
{
"model": "screenos r5",
"scope": "eq",
"trust": 0.3,
"vendor": "netscreen",
"version": "2.6.1"
},
{
"model": "screenos r4",
"scope": "eq",
"trust": 0.3,
"vendor": "netscreen",
"version": "2.6.1"
},
{
"model": "screenos r3",
"scope": "eq",
"trust": 0.3,
"vendor": "netscreen",
"version": "2.6.1"
},
{
"model": "screenos r2",
"scope": "eq",
"trust": 0.3,
"vendor": "netscreen",
"version": "2.6.1"
},
{
"model": "screenos r1",
"scope": "eq",
"trust": 0.3,
"vendor": "netscreen",
"version": "2.6.1"
},
{
"model": "screenos",
"scope": "eq",
"trust": 0.3,
"vendor": "netscreen",
"version": "2.6.1"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.3(1)"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.2(5)"
},
{
"model": "ios 12.1ya",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1xy",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.1xv"
},
{
"model": "ios 12.1xs",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1xr",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1xk",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1xe",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1xd",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1xa",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1ez",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1ey",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1ex",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1dc",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1db",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.10s",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "communications security ssh2",
"scope": "ne",
"trust": 0.3,
"vendor": "ssh",
"version": "2.4"
},
{
"model": "communications security ssh2",
"scope": "ne",
"trust": 0.3,
"vendor": "ssh",
"version": "2.3"
},
{
"model": "communications security ssh2",
"scope": "ne",
"trust": 0.3,
"vendor": "ssh",
"version": "2.2"
},
{
"model": "communications security ssh2",
"scope": "ne",
"trust": 0.3,
"vendor": "ssh",
"version": "2.1"
},
{
"model": "communications security ssh2",
"scope": "ne",
"trust": 0.3,
"vendor": "ssh",
"version": "2.0"
},
{
"model": "openssh",
"scope": "ne",
"trust": 0.3,
"vendor": "openssh",
"version": "2.3"
},
{
"model": "webns b11s",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "5.0"
},
{
"model": "webns 1b6s",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "5.0"
},
{
"model": "webns 0b22s",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "4.1"
},
{
"model": "webns 1b42s",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "4.0"
},
{
"model": "pix firewall",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "6.0(1)"
},
{
"model": "pix firewall",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "5.3(2)"
},
{
"model": "pix firewall",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "5.2(6)"
},
{
"model": "ios",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "12.2(3)"
},
{
"model": "ios 12.2 t",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xa",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "12.2(1.1)"
},
{
"model": "ios 12.2 xq",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xh",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xd1",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 e",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 ec3",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 ez1",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 ey",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 yf2",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 yd2",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 yc1",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 yb4",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 xy6",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "12.1(5)xv3"
},
{
"model": "ios 12.1 xu1",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 xr2",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 xg5",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 xm4",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 xt3",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 xp4",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 s",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "catalyst pan",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "60006.3"
},
{
"model": "catalyst",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "60006.2(0.111)"
},
{
"model": "catalyst",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "60006.1(2.13)"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.2"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.1"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.0"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.3"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.2"
},
{
"model": "ios 12.2yh",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2yg",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2yf",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2yd",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2yc",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2yb",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2ya",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2xw",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2xt",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2xs",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2xr",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2xn",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2xm",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2xl",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2xk",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2xj",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2xi",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2xg",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2xf",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2xb",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2s",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2dd",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2da",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2bc",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2b",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1yi",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1ye",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.0xv"
},
{
"model": "ios 12.0xm",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0xb",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0st",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0sp",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "css11000 content services switch",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "catalyst",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "60007.1(2)"
},
{
"model": "catalyst",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "60007.1"
},
{
"model": "catalyst",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "60006.3(4)"
},
{
"model": "catalyst pan",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "60006.3"
},
{
"model": "catalyst",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "60006.2(0.111)"
},
{
"model": "catalyst",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "60006.1(2.13)"
},
{
"model": "catalyst",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "60006.1(1)"
},
{
"model": "catalyst",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "60005.5(4)"
},
{
"model": "catalyst",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "60005.5(3)"
},
{
"model": "catalyst",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "60005.5(2)"
},
{
"model": "catalyst",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "60005.5(13)"
},
{
"model": "catalyst",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "60005.5(1)"
},
{
"model": "catalyst",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "60005.4.1"
},
{
"model": "catalyst",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "60005.4(4)"
},
{
"model": "catalyst",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "60005.4(3)"
},
{
"model": "catalyst",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "60005.4(2)"
},
{
"model": "catalyst",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "60005.4(1)"
},
{
"model": "catalyst",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "60005.4"
},
{
"model": "lamm pgp4pine",
"scope": "eq",
"trust": 0.3,
"vendor": "holger",
"version": "1.75.6"
},
{
"model": "hamilton roads",
"scope": "eq",
"trust": 0.3,
"vendor": "martin",
"version": "2.3"
},
{
"model": "hamilton roads",
"scope": "ne",
"trust": 0.3,
"vendor": "martin",
"version": "2.4"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#290140"
},
{
"db": "CERT/CC",
"id": "VU#13877"
},
{
"db": "CERT/CC",
"id": "VU#25309"
},
{
"db": "CERT/CC",
"id": "VU#945216"
},
{
"db": "CERT/CC",
"id": "VU#566640"
},
{
"db": "CERT/CC",
"id": "VU#315308"
},
{
"db": "BID",
"id": "2347"
},
{
"db": "BID",
"id": "5114"
},
{
"db": "BID",
"id": "2405"
},
{
"db": "BID",
"id": "2371"
},
{
"db": "NVD",
"id": "CVE-2001-0215"
},
{
"db": "CNNVD",
"id": "CNNVD-200106-020"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:martin_hamilton:roads:2.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2001-0215"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "UkR-XblP\u203b cuctema@ok.ru",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200106-020"
}
],
"trust": 0.6
},
"cve": "CVE-2001-0215",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2001-0215",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#290140",
"trust": 0.8,
"value": "21.09"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#13877",
"trust": 0.8,
"value": "6.84"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#25309",
"trust": 0.8,
"value": "0.39"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#945216",
"trust": 0.8,
"value": "99.00"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#566640",
"trust": 0.8,
"value": "0.68"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#651994",
"trust": 0.8,
"value": "1.50"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#315308",
"trust": 0.8,
"value": "2.06"
},
{
"author": "CNNVD",
"id": "CNNVD-200106-020",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#290140"
},
{
"db": "CERT/CC",
"id": "VU#13877"
},
{
"db": "CERT/CC",
"id": "VU#25309"
},
{
"db": "CERT/CC",
"id": "VU#945216"
},
{
"db": "CERT/CC",
"id": "VU#566640"
},
{
"db": "CERT/CC",
"id": "VU#651994"
},
{
"db": "CERT/CC",
"id": "VU#315308"
},
{
"db": "NVD",
"id": "CVE-2001-0215"
},
{
"db": "CNNVD",
"id": "CNNVD-200106-020"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ROADS search.pl program allows remote attackers to read arbitrary files by specifying the file name in the form parameter and terminating the filename with a null byte. Multiple Cisco networking products contain a denial-of-service vulnerability. There is an information integrity vulnerability in the SSH1 protocol that allows packets encrypted with a block cipher to be modified without notice. There is a remote integer overflow vulnerability in several implementations of the SSH1 protocol that allows an attacker to execute arbitrary code with the privileges of the SSH daemon, typically root. The program pgp4pine version 1.75.6 fails to properly identify expired keys when working with the Gnu Privacy Guard program (GnuPG). This failure may result in the clear-text transmission of senstive information when used with the PINE mail reading package. The SEDUM web server permits intruders to access files outside the web root. Secure Shell, or SSH, is an encrypted remote access protocol. SSH or code based on SSH is used by many systems all over the world and in a wide variety of commercial applications. An integer-overflow bug in the CRC32 compensation attack detection code may allow remote attackers to write values to arbitrary locations in memory. \nThis would occur in situations where large SSH packets are recieved by either a client or server, and a 32 bit representation of the SSH packet length is assigned to a 16 bit integer. The difference in data representation in these situations will cause the 16 bit variable to be assigned to zero (or a really low value). \nAs a result, future calls to malloc() as well as an index used to reference locations in memory can be corrupted by an attacker. This could occur in a manner that can be exploited to write certain numerical values to almost arbitrary locations in memory. \n**UPDATE**:\nThere have been reports suggesting that exploitation of this vulnerability may be widespread. \nSince early september, independent, reliable sources have confirmed that this vulnerability is being exploited by attackers on the Internet. Security Focus does not currently have the exploit code being used, however this record will be updated if and when it becomes available. \nNOTE: Cisco 11000 Content Service Switch family is vulnerable to this issue. All WebNS releases prior, but excluding, versions: 4.01 B42s, 4.10 22s, 5.0 B11s, 5.01 B6s, are vulnerable. \nSecure Computing SafeWord Agent for SSH is reportedly prone to this issue, as it is based on a vulnerable version of SSH. \n** NetScreen ScreenOS is not directly vulnerable to this issue, however the referenced exploit will cause devices using vulnerable versions of the software to stop functioning properly. This will result in a denial of service condition for NetScreen devices. This issue is in the Secure Command Shell (SCS) administrative interface, which is an implementation of SSHv1. SCS is not enabled on NetScreen devices by default. \nCisco has reported that scanning for SSH vulnerabilities on affected devices will cause excessive CPU consumption. The condition is due to a failure of the Cisco SSH implementation to properly process large SSH packets. As many of these devices are critical infrastructure components, more serious network outages may occur. \nCisco has released upgrades that will eliminate this vulnerability. An expired public key could cause GPG to fail the encryption of an outgoing message, without any error message or warning being delivered to the user. As a result, the user could transmit data, meant to be encrypted, as plaintext. A remote user could gain read access to known files outside of the root directory where Martin Hamilton ROADS resides. Requesting a specially crafted URL composed of \u0027%00\u0027 sequences along with the known filename will disclose the requested file. \nTO UNSUBSCRIBE: email \"unsubscribe alert\" in the body of your message to\nmajordomo@iss.net Contact alert-owner@iss.net for help with any problems!\n---------------------------------------------------------------------------\n\n-----BEGIN PGP SIGNED MESSAGE-----\n\nISS X-Force has received reports that some individuals were unable to \nverify the PGP signature on the Security Alert Summary distributed earlier \nin the week. Due to this issue, X-Force is re-distributing the Security \nAlert Summary. We apologize for any inconvience this may have caused. \n\nInternet Security Systems Security Alert Summary\nMarch 5, 2001\nVolume 6 Number 4\n\nX-Force Vulnerability and Threat Database: http://xforce.iss.net/ To\nreceive these Alert Summaries as well as other Alerts and Advisories,\nsubscribe to the Internet Security Systems Alert mailing list at:\nhttp://xforce.iss.net/maillists/index.php\n\nThis summary can be found at http://xforce.iss.net/alerts/vol-6_num-4.php\n_____\n\nContents\n\n90 Reported Vulnerabilities\n\nRisk Factor Key\n\n_____\n\nDate Reported: 2/27/01\nVulnerability: a1-server-dos\nPlatforms Affected: A1 Server\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: A1 Server denial of service\nX-Force URL: http://xforce.iss.net/static/6161.php\n\n_____\n\nDate Reported: 2/27/01\nVulnerability: a1-server-directory-traversal\nPlatforms Affected: A1 Server\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: A1 Server directory traversal\nX-Force URL: http://xforce.iss.net/static/6162.php\n\n_____\n\nDate Reported: 2/27/01\nVulnerability: webreflex-web-server-dos\nPlatforms Affected: WebReflex\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: WebReflex Web server denial of service\nX-Force URL: http://xforce.iss.net/static/6163.php\n\n_____\n\nDate Reported: 2/26/01\nVulnerability: sudo-bo-elevate-privileges\nPlatforms Affected: Sudo\nRisk Factor: Medium\nAttack Type: Host Based\nBrief Description: Sudo buffer overflow could allow elevated user privileges\nX-Force URL: http://xforce.iss.net/static/6153.php\n\n_____\n\nDate Reported: 2/26/01\nVulnerability: mygetright-skin-overwrite-file\nPlatforms Affected: My GetRight\nRisk Factor: High\nAttack Type: Network Based\nBrief Description: My GetRight \u0027skin\u0027 allows remote attacker to overwrite existing files\nX-Force URL: http://xforce.iss.net/static/6155.php\n\n_____\n\nDate Reported: 2/26/01\nVulnerability: mygetright-directory-traversal\nPlatforms Affected: My GetRight\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: My GetRight directory traversal\nX-Force URL: http://xforce.iss.net/static/6156.php\n\n_____\n\nDate Reported: 2/26/01\nVulnerability: win2k-event-viewer-bo\nPlatforms Affected: Windows 2000\nRisk Factor: once-only\nAttack Type: Host Based\nBrief Description: Windows 2000 event viewer buffer overflow\nX-Force URL: http://xforce.iss.net/static/6160.php\n\n_____\n\nDate Reported: 2/26/01\nVulnerability: netscape-collabra-cpu-dos\nPlatforms Affected: Netscape\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: Netscape Collabra CPU denial of service\nX-Force URL: http://xforce.iss.net/static/6159.php\n\n_____\n\nDate Reported: 2/26/01\nVulnerability: netscape-collabra-kernel-dos\nPlatforms Affected: Netscape\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: Netscape Collabra Server kernel denial of service\nX-Force URL: http://xforce.iss.net/static/6158.php\n\n_____\n\nDate Reported: 2/23/01\nVulnerability: mercur-expn-bo\nPlatforms Affected: MERCUR\nRisk Factor: High\nAttack Type: Network Based\nBrief Description: MERCUR Mailserver EXPN buffer overflow\nX-Force URL: http://xforce.iss.net/static/6149.php\n\n_____\n\nDate Reported: 2/23/01\nVulnerability: sedum-http-dos\nPlatforms Affected: SEDUM\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: SEDUM HTTP server denial of service\nX-Force URL: http://xforce.iss.net/static/6152.php\n\n_____\n\nDate Reported: 2/23/01\nVulnerability: tru64-inetd-dos\nPlatforms Affected: Tru64\nRisk Factor: Medium\nAttack Type: Host Based\nBrief Description: Tru64 UNIX inetd denial of service\nX-Force URL: http://xforce.iss.net/static/6157.php\n\n_____\n\nDate Reported: 2/22/01\nVulnerability: outlook-vcard-bo\nPlatforms Affected: Microsoft Outlook\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: Outlook and Outlook Express vCards buffer overflow\nX-Force URL: http://xforce.iss.net/static/6145.php\n\n_____\n\nDate Reported: 2/22/01\nVulnerability: ultimatebb-cookie-member-number\nPlatforms Affected: Ultimate Bulletin Board\nRisk Factor: High\nAttack Type: Network Based\nBrief Description: Ultimate Bulletin Board cookie allows attacker to change member number\nX-Force URL: http://xforce.iss.net/static/6144.php\n\n_____\n\nDate Reported: 2/21/01\nVulnerability: ultimatebb-cookie-gain-privileges\nPlatforms Affected: Ultimate Bulletin Board\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: Ultimate Bulletin Board allows remote attacker to obtain cookie information\nX-Force URL: http://xforce.iss.net/static/6142.php\n\n_____\n\nDate Reported: 2/21/01\nVulnerability: sendmail-elevate-privileges\nPlatforms Affected: Sendmail\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: Sendmail -bt command could allow the elevation of privileges\nX-Force URL: http://xforce.iss.net/static/6147.php\n\n_____\n\nDate Reported: 2/21/01\nVulnerability: jre-jdk-execute-commands\nPlatforms Affected: JRE/JDK\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: JRE/JDK could allow unauthorized execution of commands\nX-Force URL: http://xforce.iss.net/static/6143.php\n\n_____\n\nDate Reported: 2/20/01\nVulnerability: licq-remote-port-dos\nPlatforms Affected: LICQ\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: LICQ remote denial of service\nX-Force URL: http://xforce.iss.net/static/6134.php\n\n_____\n\nDate Reported: 2/20/01\nVulnerability: pgp4pine-expired-keys\nPlatforms Affected: pgp4pine\nRisk Factor: Medium\nAttack Type: Host Based\nBrief Description: pgp4pine may transmit messages using expired public keys\nX-Force URL: http://xforce.iss.net/static/6135.php\n\n_____\n\nDate Reported: 2/20/01\nVulnerability: chilisoft-asp-view-files\nPlatforms Affected: Chili!Soft ASP\nRisk Factor: High\nAttack Type: Network Based\nBrief Description: Chili!Soft ASP allows remote attackers to gain access to sensitive information\nX-Force URL: http://xforce.iss.net/static/6137.php\n\n_____\n\nDate Reported: 2/20/01\nVulnerability: win2k-domain-controller-dos\nPlatforms Affected: Windows 2000\nRisk Factor: once-only\nAttack Type: Network/Host Based\nBrief Description: Windows 2000 domain controller denial of service\nX-Force URL: http://xforce.iss.net/static/6136.php\n\n_____\n\nDate Reported: 2/19/01\nVulnerability: asx-remote-dos\nPlatforms Affected: ASX Switches\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: ASX switches allow remote denial of service\nX-Force URL: http://xforce.iss.net/static/6133.php\n\n_____\n\nDate Reported: 2/18/01\nVulnerability: http-cgi-mailnews-username\nPlatforms Affected: Mailnews.cgi\nRisk Factor: High\nAttack Type: Network Based\nBrief Description: Mailnews.cgi allows remote attacker to execute shell commands using username\nX-Force URL: http://xforce.iss.net/static/6139.php\n\n_____\n\nDate Reported: 2/17/01\nVulnerability: badblue-ext-reveal-path\nPlatforms Affected: BadBlue\nRisk Factor: Low\nAttack Type: Network Based\nBrief Description: BadBlue ext.dll library reveals path\nX-Force URL: http://xforce.iss.net/static/6130.php\n\n_____\n\nDate Reported: 2/17/01\nVulnerability: badblue-ext-dos\nPlatforms Affected: BadBlue\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: BadBlue ext.dll library denial of service\nX-Force URL: http://xforce.iss.net/static/6131.php\n\n_____\n\nDate Reported: 2/17/01\nVulnerability: moby-netsuite-bo\nPlatforms Affected: Moby\u0027s NetSuite\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: Moby\u0027s NetSuite Web server buffer overflow\nX-Force URL: http://xforce.iss.net/static/6132.php\n\n_____\n\nDate Reported: 2/16/01\nVulnerability: webactive-directory-traversal\nPlatforms Affected: WEBactive\nRisk Factor: Medium\nAttack Type: Network/Host Based\nBrief Description: WEBactive HTTP Server directory traversal\nX-Force URL: http://xforce.iss.net/static/6121.php\n\n_____\n\nDate Reported: 2/16/01\nVulnerability: esone-cgi-directory-traversal\nPlatforms Affected: ES.One store.cgi\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: Thinking Arts ES.One store.cgi directory traversal\nX-Force URL: http://xforce.iss.net/static/6124.php\n\n_____\n\nDate Reported: 2/16/01\nVulnerability: vshell-username-bo\nPlatforms Affected: VShell\nRisk Factor: High\nAttack Type: Network Based\nBrief Description: VShell username buffer overflow\nX-Force URL: http://xforce.iss.net/static/6146.php\n\n_____\n\nDate Reported: 2/16/01\nVulnerability: vshell-port-forwarding-rule\nPlatforms Affected: VShell\nRisk Factor: Medium\nAttack Type: Network/Host Based\nBrief Description: VShell uses weak port forwarding rule\nX-Force URL: http://xforce.iss.net/static/6148.php\n\n_____\n\nDate Reported: 2/15/01\nVulnerability: pi3web-isapi-bo\nPlatforms Affected: Pi3Web\nRisk Factor: Medium\nAttack Type: Network/Host Based\nBrief Description: Pi3Web ISAPI tstisapi.dll denial of service\nX-Force URL: http://xforce.iss.net/static/6113.php\n\n_____\n\nDate Reported: 2/15/01\nVulnerability: pi3web-reveal-path\nPlatforms Affected: Pi3Web\nRisk Factor: Low\nAttack Type: Network Based\nBrief Description: Pi3Web reveals physical path of server\nX-Force URL: http://xforce.iss.net/static/6114.php\n\n_____\n\nDate Reported: 2/15/01\nVulnerability: bajie-execute-shell\nPlatforms Affected: Bajie HTTP JServer\nRisk Factor: High\nAttack Type: Network Based\nBrief Description: Bajie HTTP JServer execute shell commands\nX-Force URL: http://xforce.iss.net/static/6117.php\n\n_____\n\nDate Reported: 2/15/01\nVulnerability: bajie-directory-traversal\nPlatforms Affected: Bajie HTTP JServer\nRisk Factor: High\nAttack Type: Network Based\nBrief Description: Bajie HTTP JServer directory traversal\nX-Force URL: http://xforce.iss.net/static/6115.php\n\n_____\n\nDate Reported: 2/15/01\nVulnerability: resin-directory-traversal\nPlatforms Affected: Resin\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: Resin Web server directory traversal\nX-Force URL: http://xforce.iss.net/static/6118.php\n\n_____\n\nDate Reported: 2/15/01\nVulnerability: netware-mitm-recover-passwords\nPlatforms Affected: Netware\nRisk Factor: Low\nAttack Type: Network Based\nBrief Description: Netware \"man in the middle\" attack password recovery\nX-Force URL: http://xforce.iss.net/static/6116.php\n\n_____\n\nDate Reported: 2/14/01\nVulnerability: firebox-pptp-dos\nPlatforms Affected: WatchGuard Firebox II\nRisk Factor: High\nAttack Type: Network Based\nBrief Description: WatchGuard Firebox II PPTP denial of service\nX-Force URL: http://xforce.iss.net/static/6109.php\n\n_____\n\nDate Reported: 2/14/01\nVulnerability: hp-virtualvault-iws-dos\nPlatforms Affected: HP VirtualVault\nRisk Factor: Medium\nAttack Type: Network/Host Based\nBrief Description: HP VirtualVault iPlanet Web Server denial of service\nX-Force URL: http://xforce.iss.net/static/6110.php\n\n_____\n\nDate Reported: 2/14/01\nVulnerability: kicq-execute-commands\nPlatforms Affected: KICQ\nRisk Factor: High\nAttack Type: Network Based\nBrief Description: kicq could allow remote execution of commands\nX-Force URL: http://xforce.iss.net/static/6112.php\n\n_____\n\nDate Reported: 2/14/01\nVulnerability: hp-text-editor-bo\nPlatforms Affected: HPUX\nRisk Factor: Medium\nAttack Type: Host Based\nBrief Description: HP Text editors buffer overflow\nX-Force URL: http://xforce.iss.net/static/6111.php\n\n_____\n\nDate Reported: 2/13/01\nVulnerability: sendtemp-pl-read-files\nPlatforms Affected: sendtemp.pl\nRisk Factor: Medium\nAttack Type: Network/Host Based\nBrief Description: sendtemp.pl could allow an attacker to read files on the server\nX-Force URL: http://xforce.iss.net/static/6104.php\n\n_____\n\nDate Reported: 2/13/01\nVulnerability: analog-alias-bo\nPlatforms Affected: Analog ALIAS\nRisk Factor: Medium\nAttack Type: Network/Host Based\nBrief Description: Analog ALIAS command buffer overflow\nX-Force URL: http://xforce.iss.net/static/6105.php\n\n_____\n\nDate Reported: 2/13/01\nVulnerability: elm-long-string-bo\nPlatforms Affected: Elm\nRisk Factor: Medium\nAttack Type: Host Based\nBrief Description: ELM -f command long string buffer overflow\nX-Force URL: http://xforce.iss.net/static/6151.php\n\n_____\n\nDate Reported: 2/13/01\nVulnerability: winnt-pptp-dos\nPlatforms Affected: Windows NT\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: Windows NT PPTP denial of service\nX-Force URL: http://xforce.iss.net/static/6103.php\n\n_____\n\nDate Reported: 2/12/01\nVulnerability: startinnfeed-format-string\nPlatforms Affected: Inn\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: Inn \u0027startinnfeed\u0027 binary format string attack\nX-Force URL: http://xforce.iss.net/static/6099.php\n\n_____\n\nDate Reported: 2/12/01\nVulnerability: his-auktion-cgi-url\nPlatforms Affected: HIS Auktion\nRisk Factor: Medium\nAttack Type: Network/Host Based\nBrief Description: HIS Auktion CGI script could allow attackers to view unauthorized \n files or execute commands\nX-Force URL: http://xforce.iss.net/static/6090.php\n\n_____\n\nDate Reported: 2/12/01\nVulnerability: wayboard-cgi-view-files\nPlatforms Affected: Way-BOARD\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: Way-BOARD CGI could allow attackers to view unauthorized files\nX-Force URL: http://xforce.iss.net/static/6091.php\n\n_____\n\nDate Reported: 2/12/01\nVulnerability: muskat-empower-url-dir\nPlatforms Affected: Musket Empower\nRisk Factor: Low\nAttack Type: Network/Host Based\nBrief Description: Musket Empower could allow attackers to gain access to the DB directory path\nX-Force URL: http://xforce.iss.net/static/6093.php\n\n_____\n\nDate Reported: 2/12/01\nVulnerability: icq-icu-rtf-dos\nPlatforms Affected: LICQ\n Gnome ICU\nRisk Factor: Low\nAttack Type: Network/Host Based\nBrief Description: LICQ and Gnome ICU rtf file denial of service\nX-Force URL: http://xforce.iss.net/static/6096.php\n\n_____\n\nDate Reported: 2/12/01\nVulnerability: commerce-cgi-view-files\nPlatforms Affected: Commerce.cgi\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: Commerce.cgi could allow attackers to view unauthorized files\nX-Force URL: http://xforce.iss.net/static/6095.php\n\n_____\n\nDate Reported: 2/12/01\nVulnerability: roads-search-view-files\nPlatforms Affected: ROADS\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: ROADS could allow attackers to view unauthorized files using search.pl program\nX-Force URL: http://xforce.iss.net/static/6097.php\n\n_____\n\nDate Reported: 2/12/01\nVulnerability: webpage-cgi-view-info\nPlatforms Affected: WebPage.cgi\nRisk Factor: Low\nAttack Type: Network Based\nBrief Description: WebPage.cgi allows attackers to view sensitive information\nX-Force URL: http://xforce.iss.net/static/6100.php\n\n_____\n\nDate Reported: 2/12/01\nVulnerability: webspirs-cgi-view-files\nPlatforms Affected: WebSPIRS\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: WebSPIRS CGI could allow an attacker to view unauthorized files\nX-Force URL: http://xforce.iss.net/static/6101.php\n\n_____\n\nDate Reported: 2/12/01\nVulnerability: webpals-library-cgi-url\nPlatforms Affected: WebPALS\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: WebPALS Library System CGI script could allow attackers to view \n unauthorized files or execute commands\nX-Force URL: http://xforce.iss.net/static/6102.php\n\n_____\n\nDate Reported: 2/11/01\nVulnerability: cobol-apptrack-nolicense-permissions\nPlatforms Affected: MicroFocus Cobol\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: MicroFocus Cobol with AppTrack enabled with nolicense permissions\nX-Force URL: http://xforce.iss.net/static/6092.php\n\n_____\n\nDate Reported: 2/11/01\nVulnerability: cobol-apptrack-nolicense-symlink\nPlatforms Affected: MicroFocus Cobol\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: MicroFocus Cobol with AppTrack enabled allows symlink in nolicense\nX-Force URL: http://xforce.iss.net/static/6094.php\n\n_____\n\nDate Reported: 2/10/01\nVulnerability: vixie-crontab-bo\nPlatforms Affected: Vixie crontab\nRisk Factor: Medium\nAttack Type: Host Based\nBrief Description: Vixie crontab buffer overflow\nX-Force URL: http://xforce.iss.net/static/6098.php\n\n_____\n\nDate Reported: 2/10/01\nVulnerability: novell-groupwise-bypass-policies\nPlatforms Affected: Novell GroupWise\nRisk Factor: Medium\nAttack Type: Network/Host Based\nBrief Description: Novell Groupwise allows user to bypass policies and view files\nX-Force URL: http://xforce.iss.net/static/6089.php\n\n_____\n\nDate Reported: 2/9/01\nVulnerability: infobot-calc-gain-access\nPlatforms Affected: Infobot\nRisk Factor: High\nAttack Type: Network Based\nBrief Description: Infobot \u0027calc\u0027 command allows remote users to gain access\nX-Force URL: http://xforce.iss.net/static/6078.php\n\n_____\n\nDate Reported: 2/8/01\nVulnerability: linux-sysctl-read-memory\nPlatforms Affected: Linux\nRisk Factor: Medium\nAttack Type: Host Based\nBrief Description: Linux kernel sysctl() read memory\nX-Force URL: http://xforce.iss.net/static/6079.php\n\n_____\n\nDate Reported: 2/8/01\nVulnerability: openssh-bypass-authentication\nPlatforms Affected: OpenSSH\nRisk Factor: High\nAttack Type: Network/Host Based\nBrief Description: OpenSSH 2.3.1 allows remote users to bypass authentication\nX-Force URL: http://xforce.iss.net/static/6084.php\n\n_____\n\nDate Reported: 2/8/01\nVulnerability: lotus-notes-stored-forms\nPlatforms Affected: Lotus Notes\nRisk Factor: High\nAttack Type: Network/Host Based\nBrief Description: Lotus Notes stored forms\nX-Force URL: http://xforce.iss.net/static/6087.php\n\n_____\n\nDate Reported: 2/8/01\nVulnerability: linux-ptrace-modify-process\nPlatforms Affected: Linux\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: Linux kernel ptrace modify process\nX-Force URL: http://xforce.iss.net/static/6080.php\n\n_____\n\nDate Reported: 2/8/01\nVulnerability: ssh-deattack-overwrite-memory\nPlatforms Affected: SSH\nRisk Factor: High\nAttack Type: Network/Host Based\nBrief Description: SSH protocol 1.5 deattack.c allows memory to be overwritten\nX-Force URL: http://xforce.iss.net/static/6083.php\n\n_____\n\nDate Reported: 2/7/01\nVulnerability: dc20ctrl-port-bo\nPlatforms Affected: FreeBSD\nRisk Factor: Medium\nAttack Type: Host Based\nBrief Description: FreeBSD dc20ctrl port buffer overflow\nX-Force URL: http://xforce.iss.net/static/6077.php\n\n_____\n\nDate Reported: 2/7/01\nVulnerability: ja-xklock-bo\nPlatforms Affected: FreeBSD\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: ja-xklock buffer overflow\nX-Force URL: http://xforce.iss.net/static/6073.php\n\n_____\n\nDate Reported: 2/7/01\nVulnerability: ja-elvis-elvrec-bo\nPlatforms Affected: FreeBSD\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: FreeBSD ja-elvis port buffer overflow\nX-Force URL: http://xforce.iss.net/static/6074.php\n\n_____\n\nDate Reported: 2/7/01\nVulnerability: ko-helvis-elvrec-bo\nPlatforms Affected: FreeBSD\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: FreeBSD ko-helvis port buffer overflow\nX-Force URL: http://xforce.iss.net/static/6075.php\n\n_____\n\nDate Reported: 2/7/01\nVulnerability: serverworx-directory-traversal\nPlatforms Affected: ServerWorx\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: ServerWorx directory traversal\nX-Force URL: http://xforce.iss.net/static/6081.php\n\n_____\n\nDate Reported: 2/7/01\nVulnerability: ntlm-ssp-elevate-privileges\nPlatforms Affected: NTLM\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: NTLM Security Support Provider could allow elevation of privileges\nX-Force URL: http://xforce.iss.net/static/6076.php\n\n_____\n\nDate Reported: 2/7/01\nVulnerability: ssh-session-key-recovery\nPlatforms Affected: SSH\nRisk Factor: High\nAttack Type: Network/Host Based\nBrief Description: SSH protocol 1.5 session key recovery\nX-Force URL: http://xforce.iss.net/static/6082.php\n\n_____\n\nDate Reported: 2/6/01\nVulnerability: aolserver-directory-traversal\nPlatforms Affected: AOLserver\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: AOLserver directory traversal\nX-Force URL: http://xforce.iss.net/static/6069.php\n\n_____\n\nDate Reported: 2/6/01\nVulnerability: chilisoft-asp-elevate-privileges\nPlatforms Affected: Chili!Soft\nRisk Factor: High\nAttack Type: Network/Host Based\nBrief Description: Chili!Soft ASP could allow elevated privileges\nX-Force URL: http://xforce.iss.net/static/6072.php\n\n_____\n\nDate Reported: 2/6/01\nVulnerability: win-udp-dos\nPlatforms Affected: Windows\nRisk Factor: Medium\nAttack Type: Network/Host Based\nBrief Description: Windows UDP socket denial of service\nX-Force URL: http://xforce.iss.net/static/6070.php\n\n_____\n\nDate Reported: 2/5/01\nVulnerability: ssh-daemon-failed-login\nPlatforms Affected: SSH\nRisk Factor: High\nAttack Type: Network/Host Based\nBrief Description: SSH daemon failed login attempts are not logged\nX-Force URL: http://xforce.iss.net/static/6071.php\n\n_____\n\nDate Reported: 2/5/01\nVulnerability: picserver-directory-traversal\nPlatforms Affected: PicServer\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: PicServer directory traversal\nX-Force URL: http://xforce.iss.net/static/6065.php\n\n_____\n\nDate Reported: 2/5/01\nVulnerability: biblioweb-directory-traversal\nPlatforms Affected: BiblioWeb\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: BiblioWeb Server directory traversal\nX-Force URL: http://xforce.iss.net/static/6066.php\n\n_____\n\nDate Reported: 2/5/01\nVulnerability: biblioweb-get-dos\nPlatforms Affected: BiblioWeb\nRisk Factor: Low\nAttack Type: Network Based\nBrief Description: BiblioWeb Server GET request denial of service\nX-Force URL: http://xforce.iss.net/static/6068.php\n\n_____\n\nDate Reported: 2/5/01\nVulnerability: ibm-netcommerce-reveal-information\nPlatforms Affected: IBM\nRisk Factor: Medium\nAttack Type: Network/Host Based\nBrief Description: IBM Net.Commerce could reveal sensitive information\nX-Force URL: http://xforce.iss.net/static/6067.php\n\n_____\n\nDate Reported: 2/5/01\nVulnerability: win-dde-elevate-privileges\nPlatforms Affected: Windows DDE\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: Windows DDE can allow the elevation of privileges\nX-Force URL: http://xforce.iss.net/static/6062.php\n\n_____\n\nDate Reported: 2/4/01\nVulnerability: hsweb-directory-browsing\nPlatforms Affected: HSWeb\nRisk Factor: Low\nAttack Type: Network Based\nBrief Description: HSWeb Web Server allows attacker to browse directories\nX-Force URL: http://xforce.iss.net/static/6061.php\n\n_____\n\nDate Reported: 2/4/01\nVulnerability: sedum-directory-traversal\nPlatforms Affected: SEDUM\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: SEDUM HTTP Server directory traversal\nX-Force URL: http://xforce.iss.net/static/6063.php\n\n_____\n\nDate Reported: 2/4/01\nVulnerability: free-java-directory-traversal\nPlatforms Affected: Free Java\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: Free Java Web Server directory traversal\nX-Force URL: http://xforce.iss.net/static/6064.php\n\n_____\n\nDate Reported: 2/2/01\nVulnerability: goahead-directory-traversal\nPlatforms Affected: GoAhead\nRisk Factor: High\nAttack Type: Network Based\nBrief Description: GoAhead Web Server directory traversal\nX-Force URL: http://xforce.iss.net/static/6046.php\n\n_____\n\nDate Reported: 2/2/01\nVulnerability: gnuserv-tcp-cookie-overflow\nPlatforms Affected: Gnuserv\nRisk Factor: High\nAttack Type: Network/Host Based\nBrief Description: Gnuserv TCP enabled cookie buffer overflow\nX-Force URL: http://xforce.iss.net/static/6056.php\n\n_____\n\nDate Reported: 2/2/01\nVulnerability: xmail-ctrlserver-bo\nPlatforms Affected: Xmail CTRLServer\nRisk Factor: High\nAttack Type: Network Based\nBrief Description: XMail CTRLServer buffer overflow\nX-Force URL: http://xforce.iss.net/static/6060.php\n\n_____\n\nDate Reported: 2/2/01\nVulnerability: netscape-webpublisher-acl-permissions\nPlatforms Affected: Netscape Web Publisher\nRisk Factor: Medium\nAttack Type: Network Based\nBrief Description: Netcape Web Publisher poor ACL permissions\nX-Force URL: http://xforce.iss.net/static/6058.php\n\n_____\n\nDate Reported: 2/1/01\nVulnerability: cups-httpgets-dos\nPlatforms Affected: CUPS\nRisk Factor: High\nAttack Type: Host Based\nBrief Description: CUPS httpGets() function denial of service\nX-Force URL: http://xforce.iss.net/static/6043.php\n\n_____\n\nDate Reported: 2/1/01\nVulnerability: prospero-get-pin\nPlatforms Affected: Prospero\nRisk Factor: High\nAttack Type: Network/Host Based\nBrief Description: Prospero GET request reveals PIN information\nX-Force URL: http://xforce.iss.net/static/6044.php\n\n_____\n\nDate Reported: 2/1/01\nVulnerability: prospero-weak-permissions\nPlatforms Affected: Prospero\nRisk Factor: High\nAttack Type: Network/Host Based\nBrief Description: Prospero uses weak permissions\nX-Force URL: http://xforce.iss.net/static/6045.php\n\n_____\n\nRisk Factor Key:\n\n High Any vulnerability that provides an attacker with immediate\n access into a machine, gains superuser access, or bypasses\n a firewall. Example: A vulnerable Sendmail 8.6.5 version\n that allows an intruder to execute commands on mail\n server. \n Medium Any vulnerability that provides information that has a\n high potential of giving system access to an intruder. \n Example: A misconfigured TFTP or vulnerable NIS server\n that allows an intruder to get the password file that\n could contain an account with a guessable password. \n Low Any vulnerability that provides information that\n potentially could lead to a compromise. Example: A\n finger that allows an intruder to find out who is online\n and potential accounts to attempt to crack passwords\n via brute force methods. \n\n________\n\n\nISS is a leading global provider of security management solutions for\ne-business. By offering best-of-breed SAFEsuite(tm) security software,\ncomprehensive ePatrol(tm) monitoring services and industry-leading\nexpertise, ISS serves as its customers\u0027 trusted security provider\nprotecting digital assets and ensuring the availability, confidentiality and\nintegrity of computer systems and information critical to e-business\nsuccess. ISS\u0027 security management solutions protect more than 5,000\ncustomers including 21 of the 25 largest U.S. commercial banks, 9 of the 10\nlargest telecommunications companies and over 35 government agencies. \nFounded in 1994, ISS is headquartered in Atlanta, GA, with additional\noffices throughout North America and international operations in Asia,\nAustralia, Europe and Latin America. For more information, visit the ISS Web\nsite at www.iss.net or call 800-776-2362. \n\nCopyright (c) 2001 by Internet Security Systems, Inc. \n\nPermission is hereby granted for the redistribution of this Alert\nelectronically. It is not to be edited in any way without express consent\nof the X-Force. If you wish to reprint the whole or any part of this Alert\nin any other medium excluding electronic medium, please e-mail\nxforce@iss.net for permission. \n\nDisclaimer\n\nThe information within this paper may change without notice. Use of this\ninformation constitutes acceptance for use in an AS IS condition. There are\nNO warranties with regard to this information. In no event shall the author\nbe liable for any damages whatsoever arising out of or in connection with\nthe use or spread of this information. Any use of this information is at the\nuser\u0027s own risk. \n\n\n\nX-Force PGP Key available at: http://xforce.iss.net/sensitive.php as \nwell as on MIT\u0027s PGP key server and PGP.com\u0027s key server. \n\nPlease send suggestions, updates, and comments to: X-Force xforce@iss.net\nof Internet Security Systems, Inc. \n\n-----BEGIN PGP SIGNATURE-----\nVersion: 2.6.3a\nCharset: noconv\n\niQCVAwUBOqb8ojRfJiV99eG9AQGEaAP+KH+SQYNBsbUcv/mUJNUz7dDPIYVcmPNV\n1xyO/ctnG6qScWnlXGltYS7Rj8T8tYAAZC77oDhFSvvs8CX1Dr32ImEyvOIJhMLA\nh0wKCV3HOAYJ662BASe3jbO3nL/bumNKCRL5heuIU85pQOuH9xbqXkmFEimDmG2B\ntT+ylKw4hn4=\n=kfHg\n-----END PGP SIGNATURE-----\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2001-0215"
},
{
"db": "CERT/CC",
"id": "VU#290140"
},
{
"db": "CERT/CC",
"id": "VU#13877"
},
{
"db": "CERT/CC",
"id": "VU#25309"
},
{
"db": "CERT/CC",
"id": "VU#945216"
},
{
"db": "CERT/CC",
"id": "VU#566640"
},
{
"db": "CERT/CC",
"id": "VU#651994"
},
{
"db": "CERT/CC",
"id": "VU#315308"
},
{
"db": "BID",
"id": "2347"
},
{
"db": "BID",
"id": "5114"
},
{
"db": "BID",
"id": "2405"
},
{
"db": "BID",
"id": "2371"
},
{
"db": "PACKETSTORM",
"id": "24431"
}
],
"trust": 7.11
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#13877",
"trust": 3.2
},
{
"db": "CERT/CC",
"id": "VU#945216",
"trust": 2.4
},
{
"db": "CERT/CC",
"id": "VU#25309",
"trust": 2.4
},
{
"db": "BID",
"id": "2371",
"trust": 1.9
},
{
"db": "NVD",
"id": "CVE-2001-0215",
"trust": 1.6
},
{
"db": "BID",
"id": "5114",
"trust": 1.1
},
{
"db": "BID",
"id": "2347",
"trust": 1.1
},
{
"db": "BID",
"id": "2405",
"trust": 1.1
},
{
"db": "XF",
"id": "6083",
"trust": 0.9
},
{
"db": "XF",
"id": "6135",
"trust": 0.9
},
{
"db": "XF",
"id": "6063",
"trust": 0.9
},
{
"db": "CERT/CC",
"id": "VU#290140",
"trust": 0.8
},
{
"db": "XF",
"id": "6449",
"trust": 0.8
},
{
"db": "CERT/CC",
"id": "VU#566640",
"trust": 0.8
},
{
"db": "BID",
"id": "2335",
"trust": 0.8
},
{
"db": "CERT/CC",
"id": "VU#651994",
"trust": 0.8
},
{
"db": "XF",
"id": "6472",
"trust": 0.8
},
{
"db": "CERT/CC",
"id": "VU#315308",
"trust": 0.8
},
{
"db": "XF",
"id": "6097",
"trust": 0.7
},
{
"db": "BUGTRAQ",
"id": "20010212 ROADS SEARCH SYSTEM \"SHOW FILES\" VULNERABILITY WITH \"NULL BITE\" BUG",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200106-020",
"trust": 0.6
},
{
"db": "XF",
"id": "6115",
"trust": 0.1
},
{
"db": "XF",
"id": "6075",
"trust": 0.1
},
{
"db": "XF",
"id": "6149",
"trust": 0.1
},
{
"db": "XF",
"id": "6145",
"trust": 0.1
},
{
"db": "XF",
"id": "6136",
"trust": 0.1
},
{
"db": "XF",
"id": "6065",
"trust": 0.1
},
{
"db": "XF",
"id": "6157",
"trust": 0.1
},
{
"db": "XF",
"id": "6058",
"trust": 0.1
},
{
"db": "XF",
"id": "6161",
"trust": 0.1
},
{
"db": "XF",
"id": "6109",
"trust": 0.1
},
{
"db": "XF",
"id": "6121",
"trust": 0.1
},
{
"db": "XF",
"id": "6062",
"trust": 0.1
},
{
"db": "XF",
"id": "6137",
"trust": 0.1
},
{
"db": "XF",
"id": "6101",
"trust": 0.1
},
{
"db": "XF",
"id": "6089",
"trust": 0.1
},
{
"db": "XF",
"id": "6072",
"trust": 0.1
},
{
"db": "XF",
"id": "6143",
"trust": 0.1
},
{
"db": "XF",
"id": "6084",
"trust": 0.1
},
{
"db": "XF",
"id": "6100",
"trust": 0.1
},
{
"db": "XF",
"id": "6080",
"trust": 0.1
},
{
"db": "XF",
"id": "6071",
"trust": 0.1
},
{
"db": "XF",
"id": "6073",
"trust": 0.1
},
{
"db": "XF",
"id": "6116",
"trust": 0.1
},
{
"db": "XF",
"id": "6144",
"trust": 0.1
},
{
"db": "XF",
"id": "6104",
"trust": 0.1
},
{
"db": "XF",
"id": "6094",
"trust": 0.1
},
{
"db": "XF",
"id": "6087",
"trust": 0.1
},
{
"db": "XF",
"id": "6090",
"trust": 0.1
},
{
"db": "XF",
"id": "6046",
"trust": 0.1
},
{
"db": "XF",
"id": "6056",
"trust": 0.1
},
{
"db": "XF",
"id": "6060",
"trust": 0.1
},
{
"db": "XF",
"id": "6130",
"trust": 0.1
},
{
"db": "XF",
"id": "6092",
"trust": 0.1
},
{
"db": "XF",
"id": "6118",
"trust": 0.1
},
{
"db": "XF",
"id": "6117",
"trust": 0.1
},
{
"db": "XF",
"id": "6098",
"trust": 0.1
},
{
"db": "XF",
"id": "6156",
"trust": 0.1
},
{
"db": "XF",
"id": "6113",
"trust": 0.1
},
{
"db": "XF",
"id": "6067",
"trust": 0.1
},
{
"db": "XF",
"id": "6064",
"trust": 0.1
},
{
"db": "XF",
"id": "6045",
"trust": 0.1
},
{
"db": "XF",
"id": "6147",
"trust": 0.1
},
{
"db": "XF",
"id": "6095",
"trust": 0.1
},
{
"db": "XF",
"id": "6131",
"trust": 0.1
},
{
"db": "XF",
"id": "6114",
"trust": 0.1
},
{
"db": "XF",
"id": "6134",
"trust": 0.1
},
{
"db": "XF",
"id": "6074",
"trust": 0.1
},
{
"db": "XF",
"id": "6044",
"trust": 0.1
},
{
"db": "XF",
"id": "6112",
"trust": 0.1
},
{
"db": "XF",
"id": "6077",
"trust": 0.1
},
{
"db": "XF",
"id": "6148",
"trust": 0.1
},
{
"db": "XF",
"id": "6146",
"trust": 0.1
},
{
"db": "XF",
"id": "6078",
"trust": 0.1
},
{
"db": "XF",
"id": "6110",
"trust": 0.1
},
{
"db": "XF",
"id": "6132",
"trust": 0.1
},
{
"db": "XF",
"id": "6099",
"trust": 0.1
},
{
"db": "XF",
"id": "6079",
"trust": 0.1
},
{
"db": "XF",
"id": "6102",
"trust": 0.1
},
{
"db": "XF",
"id": "6096",
"trust": 0.1
},
{
"db": "XF",
"id": "6142",
"trust": 0.1
},
{
"db": "XF",
"id": "6091",
"trust": 0.1
},
{
"db": "XF",
"id": "6158",
"trust": 0.1
},
{
"db": "XF",
"id": "6162",
"trust": 0.1
},
{
"db": "XF",
"id": "6163",
"trust": 0.1
},
{
"db": "XF",
"id": "6155",
"trust": 0.1
},
{
"db": "XF",
"id": "6081",
"trust": 0.1
},
{
"db": "XF",
"id": "6160",
"trust": 0.1
},
{
"db": "XF",
"id": "6111",
"trust": 0.1
},
{
"db": "XF",
"id": "6152",
"trust": 0.1
},
{
"db": "XF",
"id": "6068",
"trust": 0.1
},
{
"db": "XF",
"id": "6043",
"trust": 0.1
},
{
"db": "XF",
"id": "6076",
"trust": 0.1
},
{
"db": "XF",
"id": "6103",
"trust": 0.1
},
{
"db": "XF",
"id": "6070",
"trust": 0.1
},
{
"db": "XF",
"id": "6133",
"trust": 0.1
},
{
"db": "XF",
"id": "6153",
"trust": 0.1
},
{
"db": "XF",
"id": "6082",
"trust": 0.1
},
{
"db": "XF",
"id": "6124",
"trust": 0.1
},
{
"db": "XF",
"id": "6061",
"trust": 0.1
},
{
"db": "XF",
"id": "6066",
"trust": 0.1
},
{
"db": "XF",
"id": "6105",
"trust": 0.1
},
{
"db": "XF",
"id": "6159",
"trust": 0.1
},
{
"db": "XF",
"id": "6069",
"trust": 0.1
},
{
"db": "XF",
"id": "6093",
"trust": 0.1
},
{
"db": "XF",
"id": "6139",
"trust": 0.1
},
{
"db": "XF",
"id": "6151",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "24431",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#290140"
},
{
"db": "CERT/CC",
"id": "VU#13877"
},
{
"db": "CERT/CC",
"id": "VU#25309"
},
{
"db": "CERT/CC",
"id": "VU#945216"
},
{
"db": "CERT/CC",
"id": "VU#566640"
},
{
"db": "CERT/CC",
"id": "VU#651994"
},
{
"db": "CERT/CC",
"id": "VU#315308"
},
{
"db": "BID",
"id": "2347"
},
{
"db": "BID",
"id": "5114"
},
{
"db": "BID",
"id": "2405"
},
{
"db": "BID",
"id": "2371"
},
{
"db": "PACKETSTORM",
"id": "24431"
},
{
"db": "NVD",
"id": "CVE-2001-0215"
},
{
"db": "CNNVD",
"id": "CNNVD-200106-020"
}
]
},
"id": "VAR-200106-0017",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.8770026
},
"last_update_date": "2023-12-18T11:14:59.319000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2001-0215"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://www.kb.cert.org/vuls/id/13877"
},
{
"trust": 2.4,
"url": "http://www.ssh.com/products/ssh/cert/"
},
{
"trust": 1.6,
"url": "http://www.cert.org/advisories/ca-2001-35.html"
},
{
"trust": 1.6,
"url": "http://www.kb.cert.org/vuls/id/945216"
},
{
"trust": 1.6,
"url": "http://www.kb.cert.org/vuls/id/25309"
},
{
"trust": 1.6,
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-02/0213.html"
},
{
"trust": 1.6,
"url": "http://www.roads.lut.ac.uk/lists/open-roads/2001/02/0001.html"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/2371"
},
{
"trust": 1.1,
"url": "http://www.cisco.com/warp/public/707/ssh-scanning.shtml"
},
{
"trust": 1.1,
"url": "http://www.cisco.com/warp/public/707/ssh-multiple-pub.html"
},
{
"trust": 1.0,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6097"
},
{
"trust": 0.9,
"url": "http://xforce.iss.net/static/6083.php"
},
{
"trust": 0.9,
"url": "http://xforce.iss.net/static/6135.php"
},
{
"trust": 0.9,
"url": "http://xforce.iss.net/static/6063.php"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/5114"
},
{
"trust": 0.8,
"url": "http://www.corest.com/files/files/11/crc32.pdf"
},
{
"trust": 0.8,
"url": "http://www1.corest.com/common/showdoc.php?idx=131\u0026idxseccion=10"
},
{
"trust": 0.8,
"url": "http://xforce.iss.net/static/6449.php"
},
{
"trust": 0.8,
"url": "http://razor.bindview.com/publish/advisories/adv_ssh1crc.html"
},
{
"trust": 0.8,
"url": "http://www1.corest.com/common/showdoc.php?idx=81\u0026idxsection=10#"
},
{
"trust": 0.8,
"url": "http://www.openssh.com/security.html"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/2347"
},
{
"trust": 0.8,
"url": "http://www.ssh.com/products/ssh/advisories/ssh1_crc-32.cfm"
},
{
"trust": 0.8,
"url": "http://xforce.iss.net/alerts/advise100.php"
},
{
"trust": 0.8,
"url": "http://www.cryptnet.net/fcp/audit/pgp4pine/01.html"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/2405"
},
{
"trust": 0.8,
"url": "http://devrandom.net/lists/archives/2001/2/bugtraq/0383.html"
},
{
"trust": 0.8,
"url": "http://security-archive.merton.ox.ac.uk/bugtraq-200102/0389.html"
},
{
"trust": 0.8,
"url": "http://pgp4pine.flatline.de/"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/2335"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/archive/1/160452"
},
{
"trust": 0.8,
"url": "http://xforce.iss.net/static/6472.php"
},
{
"trust": 0.7,
"url": "http://xforce.iss.net/static/6097.php"
},
{
"trust": 0.3,
"url": "http://www.netscreen.com/index.html"
},
{
"trust": 0.3,
"url": "http://www.netscreen.com/support/alerts/11_06_02.html"
},
{
"trust": 0.3,
"url": "http://support.coresecurity.com/impact/exploits/56f46f9564b53fc1bca5bef469b60df7.html"
},
{
"trust": 0.3,
"url": "/archive/1/298289"
},
{
"trust": 0.3,
"url": "/archive/1/298274"
},
{
"trust": 0.3,
"url": "/archive/1/298288"
},
{
"trust": 0.3,
"url": "http://www.roads.lut.ac.uk/index.html"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6144.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6091.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6149.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6156.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6153.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6060.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6078.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6098.php"
},
{
"trust": 0.1,
"url": "https://www.iss.net"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6103.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6130.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6109.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6073.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6061.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6064.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6043.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6069.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6114.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6145.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6099.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6151.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6132.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6148.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6070.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6118.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6115.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6062.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6092.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6105.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6046.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6157.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6076.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6111.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6143.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6045.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6104.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6124.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6082.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6116.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6077.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6152.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6079.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6084.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6133.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6160.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6080.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6044.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6089.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6162.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6137.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6112.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6147.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6090.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6117.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6094.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6056.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6110.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/alerts/vol-6_num-4.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6074.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6155.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6058.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6102.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6121.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6139.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6146.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6081.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6095.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6071.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6159.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6134.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6100.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/maillists/index.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6101.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6096.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6066.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6113.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6093.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6065.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6087.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6068.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/sensitive.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6072.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6158.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6142.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6067.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6161.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6136.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6075.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6131.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6163.php"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#290140"
},
{
"db": "CERT/CC",
"id": "VU#13877"
},
{
"db": "CERT/CC",
"id": "VU#25309"
},
{
"db": "CERT/CC",
"id": "VU#945216"
},
{
"db": "CERT/CC",
"id": "VU#566640"
},
{
"db": "CERT/CC",
"id": "VU#651994"
},
{
"db": "CERT/CC",
"id": "VU#315308"
},
{
"db": "BID",
"id": "2347"
},
{
"db": "BID",
"id": "5114"
},
{
"db": "BID",
"id": "2371"
},
{
"db": "PACKETSTORM",
"id": "24431"
},
{
"db": "NVD",
"id": "CVE-2001-0215"
},
{
"db": "CNNVD",
"id": "CNNVD-200106-020"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#290140"
},
{
"db": "CERT/CC",
"id": "VU#13877"
},
{
"db": "CERT/CC",
"id": "VU#25309"
},
{
"db": "CERT/CC",
"id": "VU#945216"
},
{
"db": "CERT/CC",
"id": "VU#566640"
},
{
"db": "CERT/CC",
"id": "VU#651994"
},
{
"db": "CERT/CC",
"id": "VU#315308"
},
{
"db": "BID",
"id": "2347"
},
{
"db": "BID",
"id": "5114"
},
{
"db": "BID",
"id": "2405"
},
{
"db": "BID",
"id": "2371"
},
{
"db": "PACKETSTORM",
"id": "24431"
},
{
"db": "NVD",
"id": "CVE-2001-0215"
},
{
"db": "CNNVD",
"id": "CNNVD-200106-020"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2002-06-27T00:00:00",
"db": "CERT/CC",
"id": "VU#290140"
},
{
"date": "2001-11-07T00:00:00",
"db": "CERT/CC",
"id": "VU#13877"
},
{
"date": "2000-09-26T00:00:00",
"db": "CERT/CC",
"id": "VU#25309"
},
{
"date": "2001-10-24T00:00:00",
"db": "CERT/CC",
"id": "VU#945216"
},
{
"date": "2001-07-12T00:00:00",
"db": "CERT/CC",
"id": "VU#566640"
},
{
"date": "2001-05-16T00:00:00",
"db": "CERT/CC",
"id": "VU#651994"
},
{
"date": "2001-01-18T00:00:00",
"db": "CERT/CC",
"id": "VU#315308"
},
{
"date": "2001-02-08T00:00:00",
"db": "BID",
"id": "2347"
},
{
"date": "2002-06-27T00:00:00",
"db": "BID",
"id": "5114"
},
{
"date": "2001-02-20T00:00:00",
"db": "BID",
"id": "2405"
},
{
"date": "2001-02-12T00:00:00",
"db": "BID",
"id": "2371"
},
{
"date": "2001-03-13T23:54:42",
"db": "PACKETSTORM",
"id": "24431"
},
{
"date": "2001-06-02T04:00:00",
"db": "NVD",
"id": "CVE-2001-0215"
},
{
"date": "2001-02-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200106-020"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2002-12-12T00:00:00",
"db": "CERT/CC",
"id": "VU#290140"
},
{
"date": "2003-05-20T00:00:00",
"db": "CERT/CC",
"id": "VU#13877"
},
{
"date": "2002-03-05T00:00:00",
"db": "CERT/CC",
"id": "VU#25309"
},
{
"date": "2003-05-20T00:00:00",
"db": "CERT/CC",
"id": "VU#945216"
},
{
"date": "2002-01-15T00:00:00",
"db": "CERT/CC",
"id": "VU#566640"
},
{
"date": "2001-06-26T00:00:00",
"db": "CERT/CC",
"id": "VU#651994"
},
{
"date": "2002-03-05T00:00:00",
"db": "CERT/CC",
"id": "VU#315308"
},
{
"date": "2001-02-08T00:00:00",
"db": "BID",
"id": "2347"
},
{
"date": "2002-06-27T00:00:00",
"db": "BID",
"id": "5114"
},
{
"date": "2001-02-20T00:00:00",
"db": "BID",
"id": "2405"
},
{
"date": "2001-02-12T00:00:00",
"db": "BID",
"id": "2371"
},
{
"date": "2017-10-10T01:29:38.670000",
"db": "NVD",
"id": "CVE-2001-0215"
},
{
"date": "2005-05-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200106-020"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "2347"
},
{
"db": "BID",
"id": "5114"
},
{
"db": "BID",
"id": "2371"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple Cisco products consume excessive CPU resources in response to large SSH packets",
"sources": [
{
"db": "CERT/CC",
"id": "VU#290140"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Failure to Handle Exceptional Conditions",
"sources": [
{
"db": "BID",
"id": "5114"
},
{
"db": "BID",
"id": "2405"
}
],
"trust": 0.6
}
}
VAR-201006-0283
Vulnerability from variot - Updated: 2023-12-18 11:03The make_lockdir_name function in policy.c in pmount 0.9.18 allow local users to overwrite arbitrary files via a symlink attack on a file in /var/lock/. Pmount is a mobile device that allows regular users to attach without matching in /etc/fstab. Pmount does not securely create temporary files. Other attacks may also be possible. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Debian Security Advisory DSA-2063-1 security@debian.org http://www.debian.org/security/ Giuseppe Iuculano June 17, 2010 http://www.debian.org/security/faq
Package : pmount Vulnerability : insecure temporary file Problem type : local Debian-specific: no CVE Id : CVE-2010-2192
Dan Rosenberg discovered that pmount, a wrapper around the standard mount program which permits normal users to mount removable devices without a matching /etc/fstab entry, creates files in /var/lock insecurely.
For the stable distribution (lenny), this problem has been fixed in version 0.9.18-2+lenny1
For the unstable distribution (sid), this problem has been fixed in version 0.9.23-1, and will migrate to the testing distribution (squeeze) shortly.
We recommend that you upgrade your pmount package.
Upgrade instructions
wget url will fetch the file for you dpkg -i file.deb will install the referenced file.
If you are using the apt-get package manager, use the line for sources.list as given below:
apt-get update will update the internal database apt-get upgrade will install corrected packages
You may use an automated update by adding the resources from the footer to the proper configuration.
Debian GNU/Linux 5.0 alias lenny
Debian (stable)
Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/p/pmount/pmount_0.9.18.orig.tar.gz Size/MD5 checksum: 436009 d04973bde34edac7dd2e50bfe8f10700 http://security.debian.org/pool/updates/main/p/pmount/pmount_0.9.18-2+lenny1.dsc Size/MD5 checksum: 1202 d2a121965c3af232694c8df63821d713 http://security.debian.org/pool/updates/main/p/pmount/pmount_0.9.18-2+lenny1.diff.gz Size/MD5 checksum: 8778 96ad2faddf78f80b104a4b9d883507d5
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/p/pmount/pmount_0.9.18-2+lenny1_alpha.deb Size/MD5 checksum: 119610 b8734d5a360b76e0c8dc7e7d97ee2f9d
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/p/pmount/pmount_0.9.18-2+lenny1_amd64.deb Size/MD5 checksum: 117680 5ef3870410e876fbc7bdd0e092f08eef
arm architecture (ARM)
http://security.debian.org/pool/updates/main/p/pmount/pmount_0.9.18-2+lenny1_arm.deb Size/MD5 checksum: 100718 b04cb703b30df4605d9d121ee2c89c16
armel architecture (ARM EABI)
http://security.debian.org/pool/updates/main/p/pmount/pmount_0.9.18-2+lenny1_armel.deb Size/MD5 checksum: 101628 1ecb1c7cc49eda6d31de2165327dac99
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/p/pmount/pmount_0.9.18-2+lenny1_hppa.deb Size/MD5 checksum: 113350 189516bd992b63efaa489067cc9f6449
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/p/pmount/pmount_0.9.18-2+lenny1_i386.deb Size/MD5 checksum: 102034 5070f1a0a8a9d617c710bc2820bf65e9
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/p/pmount/pmount_0.9.18-2+lenny1_ia64.deb Size/MD5 checksum: 133204 747d5be1ca278b8bac08522d72282923
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/p/pmount/pmount_0.9.18-2+lenny1_mips.deb Size/MD5 checksum: 114712 661bf288a4790a6c99f826a9d23ed584
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/p/pmount/pmount_0.9.18-2+lenny1_mipsel.deb Size/MD5 checksum: 115204 e5fc95107322fa23317ac413b9d0dac5
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/p/pmount/pmount_0.9.18-2+lenny1_powerpc.deb Size/MD5 checksum: 124538 684de19e8f8df5ae941849b1b0298e33
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/p/pmount/pmount_0.9.18-2+lenny1_s390.deb Size/MD5 checksum: 116318 a80c45d4dbd5a7fb666f4926e5deac59
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/p/pmount/pmount_0.9.18-2+lenny1_sparc.deb Size/MD5 checksum: 102488 96c8d0f14087b1036c70bd500da2b032
These files will probably be moved into the stable distribution on its next update.
For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org Package info: `apt-cache show ' and http://packages.debian.org/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAkwacTUACgkQNxpp46476apEeACfSjvEfyP9UZu2/MC0Jm852lRD U3YAnAvDten0Kd7bucSdHv9DyRmqjiih =W8js -----END PGP SIGNATURE----- . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201412-08
http://security.gentoo.org/
Severity: High Title: Multiple packages, Multiple vulnerabilities fixed in 2010 Date: December 11, 2014 Bugs: #159556, #208464, #253822, #259968, #298067, #300375, #300943, #302478, #307525, #307633, #315235, #316697, #319719, #320961, #322457, #325507, #326759, #326953, #329125, #329939, #331421, #332527, #333661 ID: 201412-08
Synopsis
This GLSA contains notification of vulnerabilities found in several Gentoo packages which have been fixed prior to January 1, 2011. The worst of these vulnerabilities could lead to local privilege escalation and remote code execution. Please see the package list and CVE identifiers below for more information.
Background
For more information on the packages listed in this GLSA, please see their homepage referenced in the ebuild.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 dev-util/insight < 6.7.1-r1 >= 6.7.1-r1 2 dev-perl/perl-tk < 804.028-r2 >= 804.028-r2 3 dev-util/sourcenav < 5.1.4 >= 5.1.4 4 dev-lang/tk < 8.4.18-r1 >= 8.4.18-r1 5 sys-block/partimage < 0.6.8 >= 0.6.8 6 app-antivirus/bitdefender-console <= 7.1 Vulnerable! 7 net-mail/mlmmj < 1.2.17.1 >= 1.2.17.1 8 sys-apps/acl < 2.2.49 >= 2.2.49 9 x11-apps/xinit < 1.2.0-r4 >= 1.2.0-r4 10 app-arch/gzip < 1.4 >= 1.4 11 app-arch/ncompress < 4.2.4.3 >= 4.2.4.3 12 dev-libs/liblzw < 0.2 >= 0.2 13 media-gfx/splashutils < 1.5.4.3-r3 >= 1.5.4.3-r3 14 sys-devel/m4 < 1.4.14-r1 >= 1.4.14-r1 15 kde-base/kdm < 4.3.5-r1 >= 4.3.5-r1 16 x11-libs/gtk+ < 2.18.7 >= 2.18.7 17 kde-base/kget < 4.3.5-r1 >= 4.3.5-r1 18 app-text/dvipng < 1.13 >= 1.13 19 app-misc/beanstalkd < 1.4.6 >= 1.4.6 20 sys-apps/pmount < 0.9.23 >= 0.9.23 21 sys-auth/pam_krb5 < 4.3 >= 4.3 22 app-text/gv < 3.7.1 >= 3.7.1 23 net-ftp/lftp < 4.0.6 >= 4.0.6 24 www-client/uzbl < 2010.08.05 >= 2010.08.05 25 x11-misc/slim < 1.3.2 >= 1.3.2 26 net-misc/iputils < 20100418 >= 20100418 27 media-tv/dvbstreamer < 1.1-r1 >= 1.1-r1 ------------------------------------------------------------------- NOTE: Certain packages are still vulnerable. Users should migrate to another package if one is available or wait for the existing packages to be marked stable by their architecture maintainers. ------------------------------------------------------------------- 27 affected packages
Description
Vulnerabilities have been discovered in the packages listed below. Please review the CVE identifiers in the Reference section for details.
- Insight
- Perl Tk Module
- Source-Navigator
- Tk
- Partimage
- Mlmmj
- acl
- Xinit
- gzip
- ncompress
- liblzw
- splashutils
- GNU M4
- KDE Display Manager
- GTK+
- KGet
- dvipng
- Beanstalk
- Policy Mount
- pam_krb5
- GNU gv
- LFTP
- Uzbl
- Slim
- Bitdefender Console
- iputils
- DVBStreamer
Impact
A context-dependent attacker may be able to gain escalated privileges, execute arbitrary code, cause Denial of Service, obtain sensitive information, or otherwise bypass security restrictions.
Workaround
There are no known workarounds at this time.
Resolution
All Insight users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-util/insight-6.7.1-r1"
All Perl Tk Module users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-perl/perl-tk-804.028-r2"
All Source-Navigator users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-util/sourcenav-5.1.4"
All Tk users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-lang/tk-8.4.18-r1"
All Partimage users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=sys-block/partimage-0.6.8"
All Mlmmj users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-mail/mlmmj-1.2.17.1"
All acl users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=sys-apps/acl-2.2.49"
All Xinit users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=x11-apps/xinit-1.2.0-r4"
All gzip users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-arch/gzip-1.4"
All ncompress users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-arch/ncompress-4.2.4.3"
All liblzw users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/liblzw-0.2"
All splashutils users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot -v ">=media-gfx/splashutils-1.5.4.3-r3"
All GNU M4 users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=sys-devel/m4-1.4.14-r1"
All KDE Display Manager users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=kde-base/kdm-4.3.5-r1"
All GTK+ users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=x11-libs/gtk+-2.18.7"
All KGet 4.3 users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=kde-base/kget-4.3.5-r1"
All dvipng users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-text/dvipng-1.13"
All Beanstalk users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-misc/beanstalkd-1.4.6"
All Policy Mount users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=sys-apps/pmount-0.9.23"
All pam_krb5 users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=sys-auth/pam_krb5-4.3"
All GNU gv users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-text/gv-3.7.1"
All LFTP users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-ftp/lftp-4.0.6"
All Uzbl users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-client/uzbl-2010.08.05"
All Slim users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=x11-misc/slim-1.3.2"
All iputils users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/iputils-20100418"
All DVBStreamer users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=media-tv/dvbstreamer-1.1-r1"
Gentoo has discontinued support for Bitdefender Console. We recommend that users unmerge Bitdefender Console:
# emerge --unmerge "app-antivirus/bitdefender-console"
NOTE: This is a legacy GLSA. Updates for all affected architectures have been available since 2011. It is likely that your system is already no longer affected by these issues.
References
[ 1 ] CVE-2006-3005 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-3005 [ 2 ] CVE-2007-2741 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2741 [ 3 ] CVE-2008-0553 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0553 [ 4 ] CVE-2008-1382 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1382 [ 5 ] CVE-2008-5907 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5907 [ 6 ] CVE-2008-6218 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-6218 [ 7 ] CVE-2008-6661 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-6661 [ 8 ] CVE-2009-0040 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0040 [ 9 ] CVE-2009-0360 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0360 [ 10 ] CVE-2009-0361 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0361 [ 11 ] CVE-2009-0946 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0946 [ 12 ] CVE-2009-2042 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2042 [ 13 ] CVE-2009-2624 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2624 [ 14 ] CVE-2009-3736 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3736 [ 15 ] CVE-2009-4029 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4029 [ 16 ] CVE-2009-4411 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4411 [ 17 ] CVE-2009-4896 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4896 [ 18 ] CVE-2010-0001 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0001 [ 19 ] CVE-2010-0436 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0436 [ 20 ] CVE-2010-0732 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0732 [ 21 ] CVE-2010-0829 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0829 [ 22 ] CVE-2010-1000 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1000 [ 23 ] CVE-2010-1205 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1205 [ 24 ] CVE-2010-1511 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1511 [ 25 ] CVE-2010-2056 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2056 [ 26 ] CVE-2010-2060 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2060 [ 27 ] CVE-2010-2192 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2192 [ 28 ] CVE-2010-2251 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2251 [ 29 ] CVE-2010-2529 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2529 [ 30 ] CVE-2010-2809 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2809 [ 31 ] CVE-2010-2945 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2945
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201412-08.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201006-0283",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "pmount",
"scope": "eq",
"trust": 2.4,
"vendor": "vincent fourmond",
"version": "0.9.18"
},
{
"model": null,
"scope": null,
"trust": 0.6,
"vendor": "no",
"version": null
},
{
"model": "f. krafft pmount",
"scope": "eq",
"trust": 0.3,
"vendor": "martin",
"version": "0.9.22"
},
{
"model": "f. krafft pmount",
"scope": "eq",
"trust": 0.3,
"vendor": "martin",
"version": "0.9.21"
},
{
"model": "f. krafft pmount",
"scope": "eq",
"trust": 0.3,
"vendor": "martin",
"version": "0.9.20"
},
{
"model": "f. krafft pmount",
"scope": "eq",
"trust": 0.3,
"vendor": "martin",
"version": "0.9.19"
},
{
"model": "f. krafft pmount",
"scope": "eq",
"trust": 0.3,
"vendor": "martin",
"version": "0.9.17"
},
{
"model": "f. krafft pmount",
"scope": "eq",
"trust": 0.3,
"vendor": "martin",
"version": "0.9.16"
},
{
"model": "f. krafft pmount",
"scope": "eq",
"trust": 0.3,
"vendor": "martin",
"version": "0.9.15"
},
{
"model": "f. krafft pmount",
"scope": "eq",
"trust": 0.3,
"vendor": "martin",
"version": "0.9.14"
},
{
"model": "f. krafft pmount",
"scope": "eq",
"trust": 0.3,
"vendor": "martin",
"version": "0.9.13"
},
{
"model": "linux",
"scope": null,
"trust": 0.3,
"vendor": "gentoo",
"version": null
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux s/390",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux mipsel",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux mips",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux m68k",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux ia-64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux ia-32",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux hppa",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux armel",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux alpha",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-1121"
},
{
"db": "BID",
"id": "40939"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-005515"
},
{
"db": "NVD",
"id": "CVE-2010-2192"
},
{
"db": "CNNVD",
"id": "CNNVD-201006-316"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:vincent_fourmond:pmount:0.9.18:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2010-2192"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dan Rosenberg",
"sources": [
{
"db": "BID",
"id": "40939"
}
],
"trust": 0.3
},
"cve": "CVE-2010-2192",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 1.9,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.4,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:L/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 1.9,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2010-2192",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2010-2192",
"trust": 1.8,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-201006-316",
"trust": 0.6,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2010-005515"
},
{
"db": "NVD",
"id": "CVE-2010-2192"
},
{
"db": "CNNVD",
"id": "CNNVD-201006-316"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The make_lockdir_name function in policy.c in pmount 0.9.18 allow local users to overwrite arbitrary files via a symlink attack on a file in /var/lock/. Pmount is a mobile device that allows regular users to attach without matching in /etc/fstab. Pmount does not securely create temporary files. Other attacks may also be possible. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n- ------------------------------------------------------------------------\nDebian Security Advisory DSA-2063-1 security@debian.org\nhttp://www.debian.org/security/ Giuseppe Iuculano\nJune 17, 2010 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : pmount\nVulnerability : insecure temporary file\nProblem type : local\nDebian-specific: no\nCVE Id : CVE-2010-2192\n\n\nDan Rosenberg discovered that pmount, a wrapper around the standard mount\nprogram which permits normal users to mount removable devices without a\nmatching /etc/fstab entry, creates files in /var/lock insecurely. \n\n\nFor the stable distribution (lenny), this problem has been fixed in\nversion 0.9.18-2+lenny1\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 0.9.23-1, and will migrate to the testing distribution (squeeze)\nshortly. \n\nWe recommend that you upgrade your pmount package. \n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file. \n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration. \n\n\nDebian GNU/Linux 5.0 alias lenny\n- --------------------------------\n\nDebian (stable)\n- ---------------\n\nStable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. \n\nSource archives:\n\n http://security.debian.org/pool/updates/main/p/pmount/pmount_0.9.18.orig.tar.gz\n Size/MD5 checksum: 436009 d04973bde34edac7dd2e50bfe8f10700\n http://security.debian.org/pool/updates/main/p/pmount/pmount_0.9.18-2+lenny1.dsc\n Size/MD5 checksum: 1202 d2a121965c3af232694c8df63821d713\n http://security.debian.org/pool/updates/main/p/pmount/pmount_0.9.18-2+lenny1.diff.gz\n Size/MD5 checksum: 8778 96ad2faddf78f80b104a4b9d883507d5\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/p/pmount/pmount_0.9.18-2+lenny1_alpha.deb\n Size/MD5 checksum: 119610 b8734d5a360b76e0c8dc7e7d97ee2f9d\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/p/pmount/pmount_0.9.18-2+lenny1_amd64.deb\n Size/MD5 checksum: 117680 5ef3870410e876fbc7bdd0e092f08eef\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/p/pmount/pmount_0.9.18-2+lenny1_arm.deb\n Size/MD5 checksum: 100718 b04cb703b30df4605d9d121ee2c89c16\n\narmel architecture (ARM EABI)\n\n http://security.debian.org/pool/updates/main/p/pmount/pmount_0.9.18-2+lenny1_armel.deb\n Size/MD5 checksum: 101628 1ecb1c7cc49eda6d31de2165327dac99\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/p/pmount/pmount_0.9.18-2+lenny1_hppa.deb\n Size/MD5 checksum: 113350 189516bd992b63efaa489067cc9f6449\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/p/pmount/pmount_0.9.18-2+lenny1_i386.deb\n Size/MD5 checksum: 102034 5070f1a0a8a9d617c710bc2820bf65e9\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/p/pmount/pmount_0.9.18-2+lenny1_ia64.deb\n Size/MD5 checksum: 133204 747d5be1ca278b8bac08522d72282923\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/p/pmount/pmount_0.9.18-2+lenny1_mips.deb\n Size/MD5 checksum: 114712 661bf288a4790a6c99f826a9d23ed584\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/p/pmount/pmount_0.9.18-2+lenny1_mipsel.deb\n Size/MD5 checksum: 115204 e5fc95107322fa23317ac413b9d0dac5\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/p/pmount/pmount_0.9.18-2+lenny1_powerpc.deb\n Size/MD5 checksum: 124538 684de19e8f8df5ae941849b1b0298e33\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/p/pmount/pmount_0.9.18-2+lenny1_s390.deb\n Size/MD5 checksum: 116318 a80c45d4dbd5a7fb666f4926e5deac59\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/p/pmount/pmount_0.9.18-2+lenny1_sparc.deb\n Size/MD5 checksum: 102488 96c8d0f14087b1036c70bd500da2b032\n\n\n These files will probably be moved into the stable distribution on\n its next update. \n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show \u003cpkg\u003e\u0027 and http://packages.debian.org/\u003cpkg\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.10 (GNU/Linux)\n\niEYEARECAAYFAkwacTUACgkQNxpp46476apEeACfSjvEfyP9UZu2/MC0Jm852lRD\nU3YAnAvDten0Kd7bucSdHv9DyRmqjiih\n=W8js\n-----END PGP SIGNATURE-----\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201412-08\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n Title: Multiple packages, Multiple vulnerabilities fixed in 2010\n Date: December 11, 2014\n Bugs: #159556, #208464, #253822, #259968, #298067, #300375,\n #300943, #302478, #307525, #307633, #315235, #316697,\n #319719, #320961, #322457, #325507, #326759, #326953,\n #329125, #329939, #331421, #332527, #333661\n ID: 201412-08\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nThis GLSA contains notification of vulnerabilities found in several\nGentoo packages which have been fixed prior to January 1, 2011. The\nworst of these vulnerabilities could lead to local privilege escalation\nand remote code execution. Please see the package list and CVE\nidentifiers below for more information. \n\nBackground\n==========\n\nFor more information on the packages listed in this GLSA, please see\ntheir homepage referenced in the ebuild. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 dev-util/insight \u003c 6.7.1-r1 \u003e= 6.7.1-r1\n 2 dev-perl/perl-tk \u003c 804.028-r2 \u003e= 804.028-r2\n 3 dev-util/sourcenav \u003c 5.1.4 \u003e= 5.1.4\n 4 dev-lang/tk \u003c 8.4.18-r1 \u003e= 8.4.18-r1\n 5 sys-block/partimage \u003c 0.6.8 \u003e= 0.6.8\n 6 app-antivirus/bitdefender-console\n \u003c= 7.1 Vulnerable!\n 7 net-mail/mlmmj \u003c 1.2.17.1 \u003e= 1.2.17.1\n 8 sys-apps/acl \u003c 2.2.49 \u003e= 2.2.49\n 9 x11-apps/xinit \u003c 1.2.0-r4 \u003e= 1.2.0-r4\n 10 app-arch/gzip \u003c 1.4 \u003e= 1.4\n 11 app-arch/ncompress \u003c 4.2.4.3 \u003e= 4.2.4.3\n 12 dev-libs/liblzw \u003c 0.2 \u003e= 0.2\n 13 media-gfx/splashutils \u003c 1.5.4.3-r3 \u003e= 1.5.4.3-r3\n 14 sys-devel/m4 \u003c 1.4.14-r1 \u003e= 1.4.14-r1\n 15 kde-base/kdm \u003c 4.3.5-r1 \u003e= 4.3.5-r1\n 16 x11-libs/gtk+ \u003c 2.18.7 \u003e= 2.18.7\n 17 kde-base/kget \u003c 4.3.5-r1 \u003e= 4.3.5-r1\n 18 app-text/dvipng \u003c 1.13 \u003e= 1.13\n 19 app-misc/beanstalkd \u003c 1.4.6 \u003e= 1.4.6\n 20 sys-apps/pmount \u003c 0.9.23 \u003e= 0.9.23\n 21 sys-auth/pam_krb5 \u003c 4.3 \u003e= 4.3\n 22 app-text/gv \u003c 3.7.1 \u003e= 3.7.1\n 23 net-ftp/lftp \u003c 4.0.6 \u003e= 4.0.6\n 24 www-client/uzbl \u003c 2010.08.05 \u003e= 2010.08.05\n 25 x11-misc/slim \u003c 1.3.2 \u003e= 1.3.2\n 26 net-misc/iputils \u003c 20100418 \u003e= 20100418\n 27 media-tv/dvbstreamer \u003c 1.1-r1 \u003e= 1.1-r1\n -------------------------------------------------------------------\n NOTE: Certain packages are still vulnerable. Users should migrate\n to another package if one is available or wait for the\n existing packages to be marked stable by their\n architecture maintainers. \n -------------------------------------------------------------------\n 27 affected packages\n\nDescription\n===========\n\nVulnerabilities have been discovered in the packages listed below. \nPlease review the CVE identifiers in the Reference section for details. \n\n* Insight\n* Perl Tk Module\n* Source-Navigator\n* Tk\n* Partimage\n* Mlmmj\n* acl\n* Xinit\n* gzip\n* ncompress\n* liblzw\n* splashutils\n* GNU M4\n* KDE Display Manager\n* GTK+\n* KGet\n* dvipng\n* Beanstalk\n* Policy Mount\n* pam_krb5\n* GNU gv\n* LFTP\n* Uzbl\n* Slim\n* Bitdefender Console\n* iputils\n* DVBStreamer\n\nImpact\n======\n\nA context-dependent attacker may be able to gain escalated privileges,\nexecute arbitrary code, cause Denial of Service, obtain sensitive\ninformation, or otherwise bypass security restrictions. \n\nWorkaround\n==========\n\nThere are no known workarounds at this time. \n\nResolution\n==========\n\nAll Insight users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=dev-util/insight-6.7.1-r1\"\n\nAll Perl Tk Module users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=dev-perl/perl-tk-804.028-r2\"\n\nAll Source-Navigator users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=dev-util/sourcenav-5.1.4\"\n\nAll Tk users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=dev-lang/tk-8.4.18-r1\"\n\nAll Partimage users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=sys-block/partimage-0.6.8\"\n\nAll Mlmmj users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=net-mail/mlmmj-1.2.17.1\"\n\nAll acl users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=sys-apps/acl-2.2.49\"\n\nAll Xinit users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=x11-apps/xinit-1.2.0-r4\"\n\nAll gzip users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-arch/gzip-1.4\"\n\nAll ncompress users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-arch/ncompress-4.2.4.3\"\n\nAll liblzw users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=dev-libs/liblzw-0.2\"\n\nAll splashutils users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot -v \"\u003e=media-gfx/splashutils-1.5.4.3-r3\"\n\nAll GNU M4 users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=sys-devel/m4-1.4.14-r1\"\n\nAll KDE Display Manager users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=kde-base/kdm-4.3.5-r1\"\n\nAll GTK+ users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=x11-libs/gtk+-2.18.7\"\n\nAll KGet 4.3 users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=kde-base/kget-4.3.5-r1\"\n\nAll dvipng users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-text/dvipng-1.13\"\n\nAll Beanstalk users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-misc/beanstalkd-1.4.6\"\n\nAll Policy Mount users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=sys-apps/pmount-0.9.23\"\n\nAll pam_krb5 users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=sys-auth/pam_krb5-4.3\"\n\nAll GNU gv users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-text/gv-3.7.1\"\n\nAll LFTP users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=net-ftp/lftp-4.0.6\"\n\nAll Uzbl users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=www-client/uzbl-2010.08.05\"\n\nAll Slim users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=x11-misc/slim-1.3.2\"\n\nAll iputils users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=net-misc/iputils-20100418\"\n\nAll DVBStreamer users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=media-tv/dvbstreamer-1.1-r1\"\n\nGentoo has discontinued support for Bitdefender Console. We recommend\nthat users unmerge Bitdefender Console:\n\n # emerge --unmerge \"app-antivirus/bitdefender-console\"\n\nNOTE: This is a legacy GLSA. Updates for all affected architectures\nhave been available since 2011. It is likely that your system is\nalready no longer affected by these issues. \n\nReferences\n==========\n\n[ 1 ] CVE-2006-3005\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-3005\n[ 2 ] CVE-2007-2741\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2741\n[ 3 ] CVE-2008-0553\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0553\n[ 4 ] CVE-2008-1382\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1382\n[ 5 ] CVE-2008-5907\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5907\n[ 6 ] CVE-2008-6218\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-6218\n[ 7 ] CVE-2008-6661\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-6661\n[ 8 ] CVE-2009-0040\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0040\n[ 9 ] CVE-2009-0360\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0360\n[ 10 ] CVE-2009-0361\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0361\n[ 11 ] CVE-2009-0946\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0946\n[ 12 ] CVE-2009-2042\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2042\n[ 13 ] CVE-2009-2624\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2624\n[ 14 ] CVE-2009-3736\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3736\n[ 15 ] CVE-2009-4029\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4029\n[ 16 ] CVE-2009-4411\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4411\n[ 17 ] CVE-2009-4896\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4896\n[ 18 ] CVE-2010-0001\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0001\n[ 19 ] CVE-2010-0436\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0436\n[ 20 ] CVE-2010-0732\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0732\n[ 21 ] CVE-2010-0829\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0829\n[ 22 ] CVE-2010-1000\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1000\n[ 23 ] CVE-2010-1205\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1205\n[ 24 ] CVE-2010-1511\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1511\n[ 25 ] CVE-2010-2056\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2056\n[ 26 ] CVE-2010-2060\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2060\n[ 27 ] CVE-2010-2192\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2192\n[ 28 ] CVE-2010-2251\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2251\n[ 29 ] CVE-2010-2529\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2529\n[ 30 ] CVE-2010-2809\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2809\n[ 31 ] CVE-2010-2945\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2945\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201412-08.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2014 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2010-2192"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-005515"
},
{
"db": "CNVD",
"id": "CNVD-2010-1121"
},
{
"db": "BID",
"id": "40939"
},
{
"db": "PACKETSTORM",
"id": "90766"
},
{
"db": "PACKETSTORM",
"id": "129513"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2010-2192",
"trust": 3.5
},
{
"db": "BID",
"id": "40939",
"trust": 1.9
},
{
"db": "VUPEN",
"id": "ADV-2010-1520",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2010-005515",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2010-1121",
"trust": 0.6
},
{
"db": "DEBIAN",
"id": "DSA-2063",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201006-316",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "90766",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "129513",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-1121"
},
{
"db": "BID",
"id": "40939"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-005515"
},
{
"db": "PACKETSTORM",
"id": "90766"
},
{
"db": "PACKETSTORM",
"id": "129513"
},
{
"db": "NVD",
"id": "CVE-2010-2192"
},
{
"db": "CNNVD",
"id": "CNNVD-201006-316"
}
]
},
"id": "VAR-201006-0283",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-1121"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-1121"
}
]
},
"last_update_date": "2023-12-18T11:03:43.844000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "pmount",
"trust": 0.8,
"url": "https://alioth.debian.org/projects/pmount/"
},
{
"title": "Pmount unsafe temporary file to create a patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/483"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-1121"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-005515"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-59",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2010-005515"
},
{
"db": "NVD",
"id": "CVE-2010-2192"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://security.debian.org/pool/updates/main/p/pmount/pmount_0.9.18-2+lenny1.diff.gz"
},
{
"trust": 1.6,
"url": "http://www.debian.org/security/2010/dsa-2063"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/bid/40939"
},
{
"trust": 1.0,
"url": "http://www.vupen.com/english/advisories/2010/1520"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2192"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-2192"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/40939/"
},
{
"trust": 0.3,
"url": "http://www.debian.org/ "
},
{
"trust": 0.3,
"url": "https://alioth.debian.org/projects/pmount/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-2192"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/p/pmount/pmount_0.9.18-2+lenny1_s390.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/p/pmount/pmount_0.9.18-2+lenny1_hppa.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/p/pmount/pmount_0.9.18-2+lenny1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/p/pmount/pmount_0.9.18-2+lenny1_armel.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/p/pmount/pmount_0.9.18-2+lenny1_mips.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/p/pmount/pmount_0.9.18.orig.tar.gz"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/p/pmount/pmount_0.9.18-2+lenny1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/p/pmount/pmount_0.9.18-2+lenny1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/p/pmount/pmount_0.9.18-2+lenny1.dsc"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/p/pmount/pmount_0.9.18-2+lenny1_alpha.deb"
},
{
"trust": 0.1,
"url": "http://packages.debian.org/\u003cpkg\u003e"
},
{
"trust": 0.1,
"url": "http://security.debian.org/"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/p/pmount/pmount_0.9.18-2+lenny1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/p/pmount/pmount_0.9.18-2+lenny1_mipsel.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/p/pmount/pmount_0.9.18-2+lenny1_ia64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/p/pmount/pmount_0.9.18-2+lenny1_arm.deb"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-0360"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-0361"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-4029"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0001"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2251"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-2741"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2060"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-6218"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0829"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-6218"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-2042"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-3736"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-6661"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/glsa/glsa-201412-08.xml"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-1000"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-2056"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-2060"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-2251"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-0040"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-2042"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-5907"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-6661"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-1382"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-0553"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-0946"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-1205"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-2741"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2056"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2529"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-4029"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-0001"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-1511"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3736"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1511"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2006-3005"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-0436"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-0040"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0732"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-2624"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-0360"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0436"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2809"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-0553"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-0732"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1205"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-4896"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-4896"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-0829"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2945"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2006-3005"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-4411"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-0946"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-5907"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-4411"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-2624"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-0361"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1000"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2192"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-1382"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-1121"
},
{
"db": "BID",
"id": "40939"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-005515"
},
{
"db": "PACKETSTORM",
"id": "90766"
},
{
"db": "PACKETSTORM",
"id": "129513"
},
{
"db": "NVD",
"id": "CVE-2010-2192"
},
{
"db": "CNNVD",
"id": "CNNVD-201006-316"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2010-1121"
},
{
"db": "BID",
"id": "40939"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-005515"
},
{
"db": "PACKETSTORM",
"id": "90766"
},
{
"db": "PACKETSTORM",
"id": "129513"
},
{
"db": "NVD",
"id": "CVE-2010-2192"
},
{
"db": "CNNVD",
"id": "CNNVD-201006-316"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2010-06-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2010-1121"
},
{
"date": "2010-06-17T00:00:00",
"db": "BID",
"id": "40939"
},
{
"date": "2012-12-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2010-005515"
},
{
"date": "2010-06-18T03:56:24",
"db": "PACKETSTORM",
"id": "90766"
},
{
"date": "2014-12-12T17:37:19",
"db": "PACKETSTORM",
"id": "129513"
},
{
"date": "2010-06-18T16:30:01.517000",
"db": "NVD",
"id": "CVE-2010-2192"
},
{
"date": "2010-06-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201006-316"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2010-06-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2010-1121"
},
{
"date": "2014-12-24T01:54:00",
"db": "BID",
"id": "40939"
},
{
"date": "2012-12-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2010-005515"
},
{
"date": "2010-06-22T05:41:24.703000",
"db": "NVD",
"id": "CVE-2010-2192"
},
{
"date": "2010-06-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201006-316"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "40939"
},
{
"db": "PACKETSTORM",
"id": "90766"
},
{
"db": "CNNVD",
"id": "CNNVD-201006-316"
}
],
"trust": 1.0
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "pmount of policy.c Vulnerable to overwriting arbitrary files",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2010-005515"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "post link",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201006-316"
}
],
"trust": 0.6
}
}