Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTA-2006-AVI-317
Vulnerability from certfr_avis - Published: - Updated:
De nombreuses vulnérabilités ont été identifiées dans le systèmes d'exploitation Mac OS X. Elles concernent plusieurs applications et services, notamment DHCP, bluetooth, fetchmail, gunzip, ImageIO, telnet, OpenSSH ou LaunchServices. Les risques sont variés, certains peuvant conduire à l'exécution de code arbitraire à distance.
Description
De nombreuses vulnérabilités ont été identifiées dans le systèmes d'exploitation Mac OS X. Elles concernent plusieurs applications et services. Parmi celles-ci :
- DHCP : le service bootpd ne gère pas correctement certaines requêtes, pouvant provoquer un débordement de tampon. Une personne malveillante peut profiter de cette vulnérabilité pour exécuter du code arbitraire à distance, par le biais d'une requête spécialement conçue. Le service bootpd n'est cependant pas activé par défaut sur Mac OS X.
- bluetooth : la clé secrète générée automatiquement pour la phase d'association avec d'autres appareils bluetooth n'est pas suffisamment longue. Elle facilite les attaques par recherche exhaustive.
- gunzip : il serait possible, localement, de modifier les permissions de fichiers appartenant à d'autres utilisateurs exécutant gunzip.
- ImageIO : cette application ne gère pas correctement certaines images de type Radiance ou GIF. L'ouverture d'images malveillantes exploitant ces vulnérabilités peut provoquer un déni de service, ou l'exécution de code arbitraire.
- OpenSSH : un utilisateur malveillant peut chercher à se connecter à distance (remote login) sur une machine vulnérable en testant plusieurs identifiants. La répétition de cette opération peut conduire à la découverte de comptes valides sur le serveur et à son mauvais fonctionnement (déni de service).
- telnet : au cours de la connexion à un serveur Telnet distant, un utilisateur malveillant peut accéder à plusieurs variables d'environnement confidentielles à l'insu de l'utilisateur qui s'y connecte.
D'autres vulnérabilités touchent dyld (gestion des liens dynamiques pour les bibliothèques), AFP Server (non activé par défaut), Bom (système de fichiers pour l'installation), Image RAW, WebKit et AppKit. Les risques sont variés, certains pouvant conduire à l'exécution de code arbitraire à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Intel | N/A | la version Mac 0S X 10.4.7 (PPC et Intel) ainsi que celles antérieures ; | ||
| Intel | N/A | La version Mac 0S X 10.3.9 ainsi que celles antérieures ; | ||
| Intel | N/A | la version Mac 0S X 10.4.7 Server (PPC et Intel) ainsi que celles antérieures. | ||
| Intel | N/A | la version Mac 0S X 10.3.9 Server ainsi que celles antérieures ; |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "la version Mac 0S X 10.4.7 (PPC et Intel) ainsi que celles ant\u00e9rieures ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "La version Mac 0S X 10.3.9 ainsi que celles ant\u00e9rieures ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "la version Mac 0S X 10.4.7 Server (PPC et Intel) ainsi que celles ant\u00e9rieures.",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "la version Mac 0S X 10.3.9 Server ainsi que celles ant\u00e9rieures ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nDe nombreuses vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 identifi\u00e9es dans le syst\u00e8mes\nd\u0027exploitation Mac OS X. Elles concernent plusieurs applications et\nservices. Parmi celles-ci :\n\n- DHCP : le service bootpd ne g\u00e8re pas correctement certaines\n requ\u00eates, pouvant provoquer un d\u00e9bordement de tampon. Une personne\n malveillante peut profiter de cette vuln\u00e9rabilit\u00e9 pour ex\u00e9cuter du\n code arbitraire \u00e0 distance, par le biais d\u0027une requ\u00eate sp\u00e9cialement\n con\u00e7ue. Le service bootpd n\u0027est cependant pas activ\u00e9 par d\u00e9faut sur\n Mac OS X.\n- bluetooth : la cl\u00e9 secr\u00e8te g\u00e9n\u00e9r\u00e9e automatiquement pour la phase\n d\u0027association avec d\u0027autres appareils bluetooth n\u0027est pas\n suffisamment longue. Elle facilite les attaques par recherche\n exhaustive.\n- gunzip : il serait possible, localement, de modifier les permissions\n de fichiers appartenant \u00e0 d\u0027autres utilisateurs ex\u00e9cutant gunzip.\n- ImageIO : cette application ne g\u00e8re pas correctement certaines\n images de type Radiance ou GIF. L\u0027ouverture d\u0027images malveillantes\n exploitant ces vuln\u00e9rabilit\u00e9s peut provoquer un d\u00e9ni de service, ou\n l\u0027ex\u00e9cution de code arbitraire.\n- OpenSSH : un utilisateur malveillant peut chercher \u00e0 se connecter \u00e0\n distance (remote login) sur une machine vuln\u00e9rable en testant\n plusieurs identifiants. La r\u00e9p\u00e9tition de cette op\u00e9ration peut\n conduire \u00e0 la d\u00e9couverte de comptes valides sur le serveur et \u00e0 son\n mauvais fonctionnement (d\u00e9ni de service).\n- telnet : au cours de la connexion \u00e0 un serveur Telnet distant, un\n utilisateur malveillant peut acc\u00e9der \u00e0 plusieurs variables\n d\u0027environnement confidentielles \u00e0 l\u0027insu de l\u0027utilisateur qui s\u0027y\n connecte.\n\nD\u0027autres vuln\u00e9rabilit\u00e9s touchent dyld (gestion des liens dynamiques pour\nles biblioth\u00e8ques), AFP Server (non activ\u00e9 par d\u00e9faut), Bom (syst\u00e8me de\nfichiers pour l\u0027installation), Image RAW, WebKit et AppKit. Les risques\nsont vari\u00e9s, certains pouvant conduire \u00e0 l\u0027ex\u00e9cution de code arbitraire\n\u00e0 distance.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2005-4348",
"url": "https://www.cve.org/CVERecord?id=CVE-2005-4348"
},
{
"name": "CVE-2005-3088",
"url": "https://www.cve.org/CVERecord?id=CVE-2005-3088"
},
{
"name": "CVE-2006-3465",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-3465"
},
{
"name": "CVE-2006-1473",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-1473"
},
{
"name": "CVE-2006-3497",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-3497"
},
{
"name": "CVE-2006-3501",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-3501"
},
{
"name": "CVE-2006-3504",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-3504"
},
{
"name": "CVE-2005-0488",
"url": "https://www.cve.org/CVERecord?id=CVE-2005-0488"
},
{
"name": "CVE-2006-0321",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-0321"
},
{
"name": "CVE-2005-1228",
"url": "https://www.cve.org/CVERecord?id=CVE-2005-1228"
},
{
"name": "CVE-2006-0392",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-0392"
},
{
"name": "CVE-2005-0393",
"url": "https://www.cve.org/CVERecord?id=CVE-2005-0393"
},
{
"name": "CVE-2006-3496",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-3496"
},
{
"name": "CVE-2006-3503",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-3503"
},
{
"name": "CVE-2006-0393",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-0393"
},
{
"name": "CVE-2006-3459",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-3459"
},
{
"name": "CVE-2005-0988",
"url": "https://www.cve.org/CVERecord?id=CVE-2005-0988"
},
{
"name": "CVE-2005-2335",
"url": "https://www.cve.org/CVERecord?id=CVE-2005-2335"
},
{
"name": "CVE-2006-3505",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-3505"
},
{
"name": "CVE-2006-3502",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-3502"
},
{
"name": "CVE-2006-3498",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-3498"
},
{
"name": "CVE-2006-3462",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-3462"
},
{
"name": "CVE-2006-3499",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-3499"
},
{
"name": "CVE-2006-3495",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-3495"
},
{
"name": "CVE-2006-3461",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-3461"
},
{
"name": "CVE-2006-3500",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-3500"
},
{
"name": "CVE-2006-1472",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-1472"
}
],
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 2006-004 Apple du 01 ao\u00fbt 2006 :",
"url": "http://docs.info.apple.com/article.html?artnum=304063"
}
],
"reference": "CERTA-2006-AVI-317",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2006-08-02T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De nombreuses vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 identifi\u00e9es dans le syst\u00e8mes\nd\u0027exploitation Mac OS X. Elles concernent plusieurs applications et\nservices, notamment DHCP, bluetooth, fetchmail, gunzip, ImageIO, telnet,\nOpenSSH ou LaunchServices. Les risques sont vari\u00e9s, certains peuvant\nconduire \u00e0 l\u0027ex\u00e9cution de code arbitraire \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Mac OS X",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple du 01/08/2006",
"url": null
}
]
}
CVE-2005-0393 (GCVE-0-2005-0393)
Vulnerability from cvelistv5 – Published: 2005-07-01 04:00 – Updated: 2024-09-16 20:12
VLAI?
EPSS
Summary
The helper scripts for crip 3.5 do not properly use temporary files, which allows local users to have an unknown impact with unknown attack vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| http://www.debian.org/security/2005/dsa-733 | vendor-advisoryx_refsource_DEBIAN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:13:54.145Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-733",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-733"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The helper scripts for crip 3.5 do not properly use temporary files, which allows local users to have an unknown impact with unknown attack vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-07-01T04:00:00.000Z",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"name": "DSA-733",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-733"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2005-0393",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The helper scripts for crip 3.5 do not properly use temporary files, which allows local users to have an unknown impact with unknown attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-733",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-733"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2005-0393",
"datePublished": "2005-07-01T04:00:00.000Z",
"dateReserved": "2005-02-14T00:00:00.000Z",
"dateUpdated": "2024-09-16T20:12:33.006Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-0488 (GCVE-0-2005-0488)
Vulnerability from cvelistv5 – Published: 2005-06-14 04:00 – Updated: 2024-08-07 21:13
VLAI?
EPSS
Summary
Certain BSD-based Telnet clients, including those used on Solaris and SuSE Linux, allow remote malicious Telnet servers to read sensitive environment variables via the NEW-ENVIRON option with a SEND ENV_USERVAR command.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
19 references
Date Public ?
2005-06-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:13:54.198Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "APPLE-SA-2006-08-01",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2006//Aug/msg00000.html"
},
{
"name": "RHSA-2005:504",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-504.html"
},
{
"name": "1014203",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1014203"
},
{
"name": "13940",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/13940"
},
{
"name": "57755",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57755-1"
},
{
"name": "ADV-2006-3101",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/3101"
},
{
"name": "21253",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21253"
},
{
"name": "VU#800829",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/800829"
},
{
"name": "19289",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/19289"
},
{
"name": "RHSA-2005:562",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-562.html"
},
{
"name": "TA06-214A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA06-214A.html"
},
{
"name": "oval:org.mitre.oval:def:11373",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11373"
},
{
"name": "101665",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101665-1"
},
{
"name": "oval:org.mitre.oval:def:1139",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1139"
},
{
"name": "20050614 Multiple Vendor Telnet Client Information Disclosure Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://idefense.com/application/poi/display?id=260\u0026type=vulnerabilities"
},
{
"name": "17135",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17135"
},
{
"name": "57761",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57761-1"
},
{
"name": "101671",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101671-1"
},
{
"name": "SUSE-SR:2005:016",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2005_16_sr.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-06-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Certain BSD-based Telnet clients, including those used on Solaris and SuSE Linux, allow remote malicious Telnet servers to read sensitive environment variables via the NEW-ENVIRON option with a SEND ENV_USERVAR command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "APPLE-SA-2006-08-01",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2006//Aug/msg00000.html"
},
{
"name": "RHSA-2005:504",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-504.html"
},
{
"name": "1014203",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1014203"
},
{
"name": "13940",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/13940"
},
{
"name": "57755",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57755-1"
},
{
"name": "ADV-2006-3101",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/3101"
},
{
"name": "21253",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21253"
},
{
"name": "VU#800829",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/800829"
},
{
"name": "19289",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/19289"
},
{
"name": "RHSA-2005:562",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-562.html"
},
{
"name": "TA06-214A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA06-214A.html"
},
{
"name": "oval:org.mitre.oval:def:11373",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11373"
},
{
"name": "101665",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101665-1"
},
{
"name": "oval:org.mitre.oval:def:1139",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1139"
},
{
"name": "20050614 Multiple Vendor Telnet Client Information Disclosure Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://idefense.com/application/poi/display?id=260\u0026type=vulnerabilities"
},
{
"name": "17135",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17135"
},
{
"name": "57761",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57761-1"
},
{
"name": "101671",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101671-1"
},
{
"name": "SUSE-SR:2005:016",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2005_16_sr.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0488",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Certain BSD-based Telnet clients, including those used on Solaris and SuSE Linux, allow remote malicious Telnet servers to read sensitive environment variables via the NEW-ENVIRON option with a SEND ENV_USERVAR command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "APPLE-SA-2006-08-01",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2006//Aug/msg00000.html"
},
{
"name": "RHSA-2005:504",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-504.html"
},
{
"name": "1014203",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1014203"
},
{
"name": "13940",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/13940"
},
{
"name": "57755",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57755-1"
},
{
"name": "ADV-2006-3101",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3101"
},
{
"name": "21253",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21253"
},
{
"name": "VU#800829",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/800829"
},
{
"name": "19289",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19289"
},
{
"name": "RHSA-2005:562",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-562.html"
},
{
"name": "TA06-214A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA06-214A.html"
},
{
"name": "oval:org.mitre.oval:def:11373",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11373"
},
{
"name": "101665",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101665-1"
},
{
"name": "oval:org.mitre.oval:def:1139",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1139"
},
{
"name": "20050614 Multiple Vendor Telnet Client Information Disclosure Vulnerability",
"refsource": "IDEFENSE",
"url": "http://idefense.com/application/poi/display?id=260\u0026type=vulnerabilities"
},
{
"name": "17135",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17135"
},
{
"name": "57761",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57761-1"
},
{
"name": "101671",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101671-1"
},
{
"name": "SUSE-SR:2005:016",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2005_16_sr.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-0488",
"datePublished": "2005-06-14T04:00:00.000Z",
"dateReserved": "2005-02-20T00:00:00.000Z",
"dateUpdated": "2024-08-07T21:13:54.198Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-0988 (GCVE-0-2005-0988)
Vulnerability from cvelistv5 – Published: 2005-04-06 04:00 – Updated: 2024-08-07 21:35
VLAI?
EPSS
Summary
Race condition in gzip 1.2.4, 1.3.3, and earlier, when decompressing a gzipped file, allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by gzip after the decompression is complete.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
18 references
Date Public ?
2005-04-05 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:35:59.902Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "APPLE-SA-2006-08-01",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2006//Aug/msg00000.html"
},
{
"name": "22033",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22033"
},
{
"name": "ADV-2006-3101",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/3101"
},
{
"name": "21253",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21253"
},
{
"name": "DSA-752",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-752"
},
{
"name": "101816",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101816-1"
},
{
"name": "RHSA-2005:357",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2005-357.html"
},
{
"name": "19289",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/19289"
},
{
"name": "TA06-214A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA06-214A.html"
},
{
"name": "12996",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/12996"
},
{
"name": "15487",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/15487"
},
{
"name": "oval:org.mitre.oval:def:765",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A765"
},
{
"name": "oval:org.mitre.oval:def:10242",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10242"
},
{
"name": "oval:org.mitre.oval:def:1169",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1169"
},
{
"name": "SCOSA-2005.58",
"tags": [
"vendor-advisory",
"x_refsource_SCO",
"x_transferred"
],
"url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.58/SCOSA-2005.58.txt"
},
{
"name": "18100",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18100"
},
{
"name": "SSA:2006-262",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE",
"x_transferred"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.555852"
},
{
"name": "20050404 gzip TOCTOU file-permissions vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/394965"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-04-05T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Race condition in gzip 1.2.4, 1.3.3, and earlier, when decompressing a gzipped file, allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by gzip after the decompression is complete."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "APPLE-SA-2006-08-01",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2006//Aug/msg00000.html"
},
{
"name": "22033",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22033"
},
{
"name": "ADV-2006-3101",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/3101"
},
{
"name": "21253",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21253"
},
{
"name": "DSA-752",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-752"
},
{
"name": "101816",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101816-1"
},
{
"name": "RHSA-2005:357",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2005-357.html"
},
{
"name": "19289",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/19289"
},
{
"name": "TA06-214A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA06-214A.html"
},
{
"name": "12996",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/12996"
},
{
"name": "15487",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/15487"
},
{
"name": "oval:org.mitre.oval:def:765",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A765"
},
{
"name": "oval:org.mitre.oval:def:10242",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10242"
},
{
"name": "oval:org.mitre.oval:def:1169",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1169"
},
{
"name": "SCOSA-2005.58",
"tags": [
"vendor-advisory",
"x_refsource_SCO"
],
"url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.58/SCOSA-2005.58.txt"
},
{
"name": "18100",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18100"
},
{
"name": "SSA:2006-262",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.555852"
},
{
"name": "20050404 gzip TOCTOU file-permissions vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/394965"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0988",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Race condition in gzip 1.2.4, 1.3.3, and earlier, when decompressing a gzipped file, allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by gzip after the decompression is complete."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "APPLE-SA-2006-08-01",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2006//Aug/msg00000.html"
},
{
"name": "22033",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22033"
},
{
"name": "ADV-2006-3101",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3101"
},
{
"name": "21253",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21253"
},
{
"name": "DSA-752",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-752"
},
{
"name": "101816",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101816-1"
},
{
"name": "RHSA-2005:357",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2005-357.html"
},
{
"name": "19289",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19289"
},
{
"name": "TA06-214A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA06-214A.html"
},
{
"name": "12996",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12996"
},
{
"name": "15487",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/15487"
},
{
"name": "oval:org.mitre.oval:def:765",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A765"
},
{
"name": "oval:org.mitre.oval:def:10242",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10242"
},
{
"name": "oval:org.mitre.oval:def:1169",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1169"
},
{
"name": "SCOSA-2005.58",
"refsource": "SCO",
"url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.58/SCOSA-2005.58.txt"
},
{
"name": "18100",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18100"
},
{
"name": "SSA:2006-262",
"refsource": "SLACKWARE",
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.555852"
},
{
"name": "20050404 gzip TOCTOU file-permissions vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/394965"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-0988",
"datePublished": "2005-04-06T04:00:00.000Z",
"dateReserved": "2005-04-06T00:00:00.000Z",
"dateUpdated": "2024-08-07T21:35:59.902Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-1228 (GCVE-0-2005-1228)
Vulnerability from cvelistv5 – Published: 2005-04-22 04:00 – Updated: 2024-08-07 21:44
VLAI?
EPSS
Summary
Directory traversal vulnerability in gunzip -N in gzip 1.2.4 through 1.3.5 allows remote attackers to write to arbitrary directories via a .. (dot dot) in the original filename within a compressed file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
20 references
Date Public ?
2005-04-20 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:44:05.218Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "APPLE-SA-2006-08-01",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2006//Aug/msg00000.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=305255"
},
{
"name": "15721",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/15721"
},
{
"name": "gzip-n-directory-traversal(20199)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20199"
},
{
"name": "22033",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22033"
},
{
"name": "ADV-2006-3101",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/3101"
},
{
"name": "21253",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21253"
},
{
"name": "DSA-752",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-752"
},
{
"name": "101816",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101816-1"
},
{
"name": "RHSA-2005:357",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2005-357.html"
},
{
"name": "19289",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/19289"
},
{
"name": "TA06-214A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA06-214A.html"
},
{
"name": "15047",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/15047"
},
{
"name": "oval:org.mitre.oval:def:382",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A382"
},
{
"name": "oval:org.mitre.oval:def:170",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A170"
},
{
"name": "oval:org.mitre.oval:def:11057",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11057"
},
{
"name": "20050420 gzip directory traversal vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111402732406477\u0026w=2"
},
{
"name": "SCOSA-2005.58",
"tags": [
"vendor-advisory",
"x_refsource_SCO",
"x_transferred"
],
"url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.58/SCOSA-2005.58.txt"
},
{
"name": "18100",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18100"
},
{
"name": "SSA:2006-262",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE",
"x_transferred"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.555852"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-04-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in gunzip -N in gzip 1.2.4 through 1.3.5 allows remote attackers to write to arbitrary directories via a .. (dot dot) in the original filename within a compressed file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "APPLE-SA-2006-08-01",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2006//Aug/msg00000.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=305255"
},
{
"name": "15721",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/15721"
},
{
"name": "gzip-n-directory-traversal(20199)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20199"
},
{
"name": "22033",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22033"
},
{
"name": "ADV-2006-3101",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/3101"
},
{
"name": "21253",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21253"
},
{
"name": "DSA-752",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-752"
},
{
"name": "101816",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101816-1"
},
{
"name": "RHSA-2005:357",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2005-357.html"
},
{
"name": "19289",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/19289"
},
{
"name": "TA06-214A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA06-214A.html"
},
{
"name": "15047",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/15047"
},
{
"name": "oval:org.mitre.oval:def:382",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A382"
},
{
"name": "oval:org.mitre.oval:def:170",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A170"
},
{
"name": "oval:org.mitre.oval:def:11057",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11057"
},
{
"name": "20050420 gzip directory traversal vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111402732406477\u0026w=2"
},
{
"name": "SCOSA-2005.58",
"tags": [
"vendor-advisory",
"x_refsource_SCO"
],
"url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.58/SCOSA-2005.58.txt"
},
{
"name": "18100",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18100"
},
{
"name": "SSA:2006-262",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.555852"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1228",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in gunzip -N in gzip 1.2.4 through 1.3.5 allows remote attackers to write to arbitrary directories via a .. (dot dot) in the original filename within a compressed file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "APPLE-SA-2006-08-01",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2006//Aug/msg00000.html"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=305255",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=305255"
},
{
"name": "15721",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/15721"
},
{
"name": "gzip-n-directory-traversal(20199)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20199"
},
{
"name": "22033",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22033"
},
{
"name": "ADV-2006-3101",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3101"
},
{
"name": "21253",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21253"
},
{
"name": "DSA-752",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-752"
},
{
"name": "101816",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101816-1"
},
{
"name": "RHSA-2005:357",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2005-357.html"
},
{
"name": "19289",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19289"
},
{
"name": "TA06-214A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA06-214A.html"
},
{
"name": "15047",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15047"
},
{
"name": "oval:org.mitre.oval:def:382",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A382"
},
{
"name": "oval:org.mitre.oval:def:170",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A170"
},
{
"name": "oval:org.mitre.oval:def:11057",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11057"
},
{
"name": "20050420 gzip directory traversal vulnerability",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=111402732406477\u0026w=2"
},
{
"name": "SCOSA-2005.58",
"refsource": "SCO",
"url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.58/SCOSA-2005.58.txt"
},
{
"name": "18100",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18100"
},
{
"name": "SSA:2006-262",
"refsource": "SLACKWARE",
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.555852"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-1228",
"datePublished": "2005-04-22T04:00:00.000Z",
"dateReserved": "2005-04-22T00:00:00.000Z",
"dateUpdated": "2024-08-07T21:44:05.218Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-2335 (GCVE-0-2005-2335)
Vulnerability from cvelistv5 – Published: 2005-07-27 04:00 – Updated: 2024-08-07 22:22
VLAI?
EPSS
Summary
Buffer overflow in the POP3 client in Fetchmail before 6.2.5.2 allows remote POP3 servers to cause a denial of service and possibly execute arbitrary code via long UIDL responses. NOTE: a typo in an advisory accidentally used the wrong CVE identifier for the Fetchmail issue. This is the correct identifier.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
22 references
Date Public ?
2005-07-21 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:22:48.888Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "APPLE-SA-2006-08-01",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2006//Aug/msg00000.html"
},
{
"name": "14349",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/14349"
},
{
"name": "SUSE-SR:2005:018",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2005_18_sr.html"
},
{
"name": "ADV-2006-3101",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/3101"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.redhat.com/archives/fedora-announce-list/2005-July/msg00104.html"
},
{
"name": "ADV-2005-1171",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/1171"
},
{
"name": "21253",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21253"
},
{
"name": "19289",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/19289"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://fetchmail.berlios.de/fetchmail-SA-2005-01.txt"
},
{
"name": "18174",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/18174"
},
{
"name": "TA06-214A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA06-214A.html"
},
{
"name": "oval:org.mitre.oval:def:1124",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1124"
},
{
"name": "FEDORA-2005-613",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://www.redhat.com/archives/fedora-announce-list/2005-July/msg00088.html"
},
{
"name": "oval:org.mitre.oval:def:1038",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1038"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://developer.berlios.de/project/shownotes.php?release_id=6617"
},
{
"name": "20060801 DMA[2006-0801a] - \u0027Apple OSX fetchmail buffer overflow\u0027",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/441856/100/200/threaded"
},
{
"name": "oval:org.mitre.oval:def:8833",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8833"
},
{
"name": "DSA-774",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-774"
},
{
"name": "RHSA-2005:640",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-640.html"
},
{
"name": "FEDORA-2005-614",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://www.redhat.com/archives/fedora-announce-list/2005-July/msg00089.html"
},
{
"name": "20060526 rPSA-2006-0084-1 fetchmail",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/435197/100/0/threaded"
},
{
"name": "16176",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/16176"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-07-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the POP3 client in Fetchmail before 6.2.5.2 allows remote POP3 servers to cause a denial of service and possibly execute arbitrary code via long UIDL responses. NOTE: a typo in an advisory accidentally used the wrong CVE identifier for the Fetchmail issue. This is the correct identifier."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "APPLE-SA-2006-08-01",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2006//Aug/msg00000.html"
},
{
"name": "14349",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/14349"
},
{
"name": "SUSE-SR:2005:018",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2005_18_sr.html"
},
{
"name": "ADV-2006-3101",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/3101"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.redhat.com/archives/fedora-announce-list/2005-July/msg00104.html"
},
{
"name": "ADV-2005-1171",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/1171"
},
{
"name": "21253",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21253"
},
{
"name": "19289",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/19289"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://fetchmail.berlios.de/fetchmail-SA-2005-01.txt"
},
{
"name": "18174",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/18174"
},
{
"name": "TA06-214A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA06-214A.html"
},
{
"name": "oval:org.mitre.oval:def:1124",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1124"
},
{
"name": "FEDORA-2005-613",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://www.redhat.com/archives/fedora-announce-list/2005-July/msg00088.html"
},
{
"name": "oval:org.mitre.oval:def:1038",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1038"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://developer.berlios.de/project/shownotes.php?release_id=6617"
},
{
"name": "20060801 DMA[2006-0801a] - \u0027Apple OSX fetchmail buffer overflow\u0027",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/441856/100/200/threaded"
},
{
"name": "oval:org.mitre.oval:def:8833",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8833"
},
{
"name": "DSA-774",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-774"
},
{
"name": "RHSA-2005:640",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-640.html"
},
{
"name": "FEDORA-2005-614",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://www.redhat.com/archives/fedora-announce-list/2005-July/msg00089.html"
},
{
"name": "20060526 rPSA-2006-0084-1 fetchmail",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/435197/100/0/threaded"
},
{
"name": "16176",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/16176"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-2335",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the POP3 client in Fetchmail before 6.2.5.2 allows remote POP3 servers to cause a denial of service and possibly execute arbitrary code via long UIDL responses. NOTE: a typo in an advisory accidentally used the wrong CVE identifier for the Fetchmail issue. This is the correct identifier."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "APPLE-SA-2006-08-01",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2006//Aug/msg00000.html"
},
{
"name": "14349",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/14349"
},
{
"name": "SUSE-SR:2005:018",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2005_18_sr.html"
},
{
"name": "ADV-2006-3101",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3101"
},
{
"name": "http://www.redhat.com/archives/fedora-announce-list/2005-July/msg00104.html",
"refsource": "MISC",
"url": "http://www.redhat.com/archives/fedora-announce-list/2005-July/msg00104.html"
},
{
"name": "ADV-2005-1171",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/1171"
},
{
"name": "21253",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21253"
},
{
"name": "19289",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19289"
},
{
"name": "http://fetchmail.berlios.de/fetchmail-SA-2005-01.txt",
"refsource": "CONFIRM",
"url": "http://fetchmail.berlios.de/fetchmail-SA-2005-01.txt"
},
{
"name": "18174",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/18174"
},
{
"name": "TA06-214A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA06-214A.html"
},
{
"name": "oval:org.mitre.oval:def:1124",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1124"
},
{
"name": "FEDORA-2005-613",
"refsource": "FEDORA",
"url": "http://www.redhat.com/archives/fedora-announce-list/2005-July/msg00088.html"
},
{
"name": "oval:org.mitre.oval:def:1038",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1038"
},
{
"name": "http://developer.berlios.de/project/shownotes.php?release_id=6617",
"refsource": "CONFIRM",
"url": "http://developer.berlios.de/project/shownotes.php?release_id=6617"
},
{
"name": "20060801 DMA[2006-0801a] - \u0027Apple OSX fetchmail buffer overflow\u0027",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/441856/100/200/threaded"
},
{
"name": "oval:org.mitre.oval:def:8833",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8833"
},
{
"name": "DSA-774",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-774"
},
{
"name": "RHSA-2005:640",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-640.html"
},
{
"name": "FEDORA-2005-614",
"refsource": "FEDORA",
"url": "http://www.redhat.com/archives/fedora-announce-list/2005-July/msg00089.html"
},
{
"name": "20060526 rPSA-2006-0084-1 fetchmail",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/435197/100/0/threaded"
},
{
"name": "16176",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16176"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-2335",
"datePublished": "2005-07-27T04:00:00.000Z",
"dateReserved": "2005-07-21T00:00:00.000Z",
"dateUpdated": "2024-08-07T22:22:48.888Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-3088 (GCVE-0-2005-3088)
Vulnerability from cvelistv5 – Published: 2005-10-27 04:00 – Updated: 2024-08-07 23:01
VLAI?
EPSS
Summary
fetchmailconf before 1.49 in fetchmail 6.2.0, 6.2.5 and 6.2.5.2 creates configuration files with insecure world-readable permissions, which allows local users to obtain sensitive information such as passwords.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
24 references
Date Public ?
2005-10-24 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:01:57.815Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2005-2182",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/2182"
},
{
"name": "APPLE-SA-2006-08-01",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2006//Aug/msg00000.html"
},
{
"name": "20267",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/20267"
},
{
"name": "17293",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17293"
},
{
"name": "17349",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17349"
},
{
"name": "17446",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17446"
},
{
"name": "ADV-2006-3101",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/3101"
},
{
"name": "1015114",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015114"
},
{
"name": "21253",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21253"
},
{
"name": "SSA:2006-045-01",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE",
"x_transferred"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.443499"
},
{
"name": "19289",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/19289"
},
{
"name": "TA06-214A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA06-214A.html"
},
{
"name": "20051027 fetchmail security announcement 2005-02 (CVE-2005-3088)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=113042785902031\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://fetchmail.berlios.de/fetchmail-SA-2005-02.txt"
},
{
"name": "DSA-900",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-900"
},
{
"name": "15179",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15179"
},
{
"name": "RHSA-2005:823",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-823.html"
},
{
"name": "17495",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17495"
},
{
"name": "USN-215-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/215-1/"
},
{
"name": "MDKSA-2005:209",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:209"
},
{
"name": "17491",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17491"
},
{
"name": "18895",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18895"
},
{
"name": "GLSA-200511-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200511-06.xml"
},
{
"name": "17631",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17631"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-10-24T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "fetchmailconf before 1.49 in fetchmail 6.2.0, 6.2.5 and 6.2.5.2 creates configuration files with insecure world-readable permissions, which allows local users to obtain sensitive information such as passwords."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-03T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2005-2182",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/2182"
},
{
"name": "APPLE-SA-2006-08-01",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2006//Aug/msg00000.html"
},
{
"name": "20267",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/20267"
},
{
"name": "17293",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17293"
},
{
"name": "17349",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17349"
},
{
"name": "17446",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17446"
},
{
"name": "ADV-2006-3101",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/3101"
},
{
"name": "1015114",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015114"
},
{
"name": "21253",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21253"
},
{
"name": "SSA:2006-045-01",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.443499"
},
{
"name": "19289",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/19289"
},
{
"name": "TA06-214A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA06-214A.html"
},
{
"name": "20051027 fetchmail security announcement 2005-02 (CVE-2005-3088)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=113042785902031\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://fetchmail.berlios.de/fetchmail-SA-2005-02.txt"
},
{
"name": "DSA-900",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-900"
},
{
"name": "15179",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15179"
},
{
"name": "RHSA-2005:823",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-823.html"
},
{
"name": "17495",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17495"
},
{
"name": "USN-215-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/215-1/"
},
{
"name": "MDKSA-2005:209",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:209"
},
{
"name": "17491",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17491"
},
{
"name": "18895",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18895"
},
{
"name": "GLSA-200511-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200511-06.xml"
},
{
"name": "17631",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17631"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3088",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "fetchmailconf before 1.49 in fetchmail 6.2.0, 6.2.5 and 6.2.5.2 creates configuration files with insecure world-readable permissions, which allows local users to obtain sensitive information such as passwords."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2005-2182",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2182"
},
{
"name": "APPLE-SA-2006-08-01",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2006//Aug/msg00000.html"
},
{
"name": "20267",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/20267"
},
{
"name": "17293",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17293"
},
{
"name": "17349",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17349"
},
{
"name": "17446",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17446"
},
{
"name": "ADV-2006-3101",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3101"
},
{
"name": "1015114",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015114"
},
{
"name": "21253",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21253"
},
{
"name": "SSA:2006-045-01",
"refsource": "SLACKWARE",
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.443499"
},
{
"name": "19289",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19289"
},
{
"name": "TA06-214A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA06-214A.html"
},
{
"name": "20051027 fetchmail security announcement 2005-02 (CVE-2005-3088)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=113042785902031\u0026w=2"
},
{
"name": "http://fetchmail.berlios.de/fetchmail-SA-2005-02.txt",
"refsource": "CONFIRM",
"url": "http://fetchmail.berlios.de/fetchmail-SA-2005-02.txt"
},
{
"name": "DSA-900",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-900"
},
{
"name": "15179",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15179"
},
{
"name": "RHSA-2005:823",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-823.html"
},
{
"name": "17495",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17495"
},
{
"name": "USN-215-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/215-1/"
},
{
"name": "MDKSA-2005:209",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:209"
},
{
"name": "17491",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17491"
},
{
"name": "18895",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18895"
},
{
"name": "GLSA-200511-06",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200511-06.xml"
},
{
"name": "17631",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17631"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3088",
"datePublished": "2005-10-27T04:00:00.000Z",
"dateReserved": "2005-09-28T00:00:00.000Z",
"dateUpdated": "2024-08-07T23:01:57.815Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-4348 (GCVE-0-2005-4348)
Vulnerability from cvelistv5 – Published: 2005-12-21 00:00 – Updated: 2024-08-07 23:38
VLAI?
EPSS
Summary
fetchmail before 6.3.1 and before 6.2.5.5, when configured for multidrop mode, allows remote attackers to cause a denial of service (application crash) by sending messages without headers from upstream mail servers.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
30 references
Date Public ?
2005-12-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:38:51.851Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "18266",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18266"
},
{
"name": "18172",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18172"
},
{
"name": "18231",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18231"
},
{
"name": "ADV-2006-3101",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/3101"
},
{
"name": "20051221 fetchmail security announcement fetchmail-SA-2005-03 (CVE-2005-4348)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/420098/100/0/threaded"
},
{
"name": "21253",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21253"
},
{
"name": "1015383",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015383"
},
{
"name": "SSA:2006-045-01",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE",
"x_transferred"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.443499"
},
{
"name": "17891",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17891"
},
{
"name": "19289",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/19289"
},
{
"name": "2006-0002",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX",
"x_transferred"
],
"url": "http://www.trustix.org/errata/2006/0002/"
},
{
"name": "18463",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18463"
},
{
"name": "24284",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24284"
},
{
"name": "24007",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24007"
},
{
"name": "oval:org.mitre.oval:def:9659",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9659"
},
{
"name": "15987",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15987"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=343836"
},
{
"name": "fetchmail-null-pointer-dos(23713)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23713"
},
{
"name": "SUSE-SR:2007:004",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2007_4_sr.html"
},
{
"name": "USN-233-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/233-1/"
},
{
"name": "21906",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/21906"
},
{
"name": "ADV-2005-2996",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/2996"
},
{
"name": "MDKSA-2005:236",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2005:236"
},
{
"name": "20060526 rPSA-2006-0084-1 fetchmail",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/435197/100/0/threaded"
},
{
"name": "20070201-01-P",
"tags": [
"vendor-advisory",
"x_refsource_SGI",
"x_transferred"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20070201-01-P.asc"
},
{
"name": "RHSA-2007:0018",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0018.html"
},
{
"name": "18895",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18895"
},
{
"name": "DSA-939",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-939"
},
{
"name": "18433",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18433"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://fetchmail.berlios.de/fetchmail-SA-2005-03.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-12-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "fetchmail before 6.3.1 and before 6.2.5.5, when configured for multidrop mode, allows remote attackers to cause a denial of service (application crash) by sending messages without headers from upstream mail servers."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "18266",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18266"
},
{
"name": "18172",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18172"
},
{
"name": "18231",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18231"
},
{
"name": "ADV-2006-3101",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/3101"
},
{
"name": "20051221 fetchmail security announcement fetchmail-SA-2005-03 (CVE-2005-4348)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/420098/100/0/threaded"
},
{
"name": "21253",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21253"
},
{
"name": "1015383",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015383"
},
{
"name": "SSA:2006-045-01",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.443499"
},
{
"name": "17891",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17891"
},
{
"name": "19289",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/19289"
},
{
"name": "2006-0002",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX"
],
"url": "http://www.trustix.org/errata/2006/0002/"
},
{
"name": "18463",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18463"
},
{
"name": "24284",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24284"
},
{
"name": "24007",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24007"
},
{
"name": "oval:org.mitre.oval:def:9659",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9659"
},
{
"name": "15987",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15987"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=343836"
},
{
"name": "fetchmail-null-pointer-dos(23713)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23713"
},
{
"name": "SUSE-SR:2007:004",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2007_4_sr.html"
},
{
"name": "USN-233-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/233-1/"
},
{
"name": "21906",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/21906"
},
{
"name": "ADV-2005-2996",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/2996"
},
{
"name": "MDKSA-2005:236",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2005:236"
},
{
"name": "20060526 rPSA-2006-0084-1 fetchmail",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/435197/100/0/threaded"
},
{
"name": "20070201-01-P",
"tags": [
"vendor-advisory",
"x_refsource_SGI"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20070201-01-P.asc"
},
{
"name": "RHSA-2007:0018",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0018.html"
},
{
"name": "18895",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18895"
},
{
"name": "DSA-939",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-939"
},
{
"name": "18433",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18433"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://fetchmail.berlios.de/fetchmail-SA-2005-03.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4348",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "fetchmail before 6.3.1 and before 6.2.5.5, when configured for multidrop mode, allows remote attackers to cause a denial of service (application crash) by sending messages without headers from upstream mail servers."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "18266",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18266"
},
{
"name": "18172",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18172"
},
{
"name": "18231",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18231"
},
{
"name": "ADV-2006-3101",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3101"
},
{
"name": "20051221 fetchmail security announcement fetchmail-SA-2005-03 (CVE-2005-4348)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/420098/100/0/threaded"
},
{
"name": "21253",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21253"
},
{
"name": "1015383",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015383"
},
{
"name": "SSA:2006-045-01",
"refsource": "SLACKWARE",
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.443499"
},
{
"name": "17891",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17891"
},
{
"name": "19289",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19289"
},
{
"name": "2006-0002",
"refsource": "TRUSTIX",
"url": "http://www.trustix.org/errata/2006/0002/"
},
{
"name": "18463",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18463"
},
{
"name": "24284",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24284"
},
{
"name": "24007",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24007"
},
{
"name": "oval:org.mitre.oval:def:9659",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9659"
},
{
"name": "15987",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15987"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=343836",
"refsource": "MISC",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=343836"
},
{
"name": "fetchmail-null-pointer-dos(23713)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23713"
},
{
"name": "SUSE-SR:2007:004",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2007_4_sr.html"
},
{
"name": "USN-233-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/233-1/"
},
{
"name": "21906",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21906"
},
{
"name": "ADV-2005-2996",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2996"
},
{
"name": "MDKSA-2005:236",
"refsource": "MANDRIVA",
"url": "http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2005:236"
},
{
"name": "20060526 rPSA-2006-0084-1 fetchmail",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/435197/100/0/threaded"
},
{
"name": "20070201-01-P",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20070201-01-P.asc"
},
{
"name": "RHSA-2007:0018",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0018.html"
},
{
"name": "18895",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18895"
},
{
"name": "DSA-939",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-939"
},
{
"name": "18433",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18433"
},
{
"name": "http://fetchmail.berlios.de/fetchmail-SA-2005-03.txt",
"refsource": "CONFIRM",
"url": "http://fetchmail.berlios.de/fetchmail-SA-2005-03.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-4348",
"datePublished": "2005-12-21T00:00:00.000Z",
"dateReserved": "2005-12-19T00:00:00.000Z",
"dateUpdated": "2024-08-07T23:38:51.851Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-0321 (GCVE-0-2006-0321)
Vulnerability from cvelistv5 – Published: 2006-01-24 00:00 – Updated: 2024-08-07 16:34
VLAI?
EPSS
Summary
fetchmail 6.3.0 and other versions before 6.3.2 allows remote attackers to cause a denial of service (crash) via crafted e-mail messages that cause a free of an invalid pointer when fetchmail bounces the message to the originator or local postmaster.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
17 references
Date Public ?
2006-01-23 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:34:13.607Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "APPLE-SA-2006-08-01",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2006//Aug/msg00000.html"
},
{
"name": "16365",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16365"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://developer.berlios.de/project/shownotes.php?release_id=8784"
},
{
"name": "fetchmail-message-bounce-dos(24265)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24265"
},
{
"name": "20060122 fetchmail security announcement fetchmail-SA-2006-01 (CVE-2006-0321)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/422936/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://fetchmail.berlios.de/fetchmail-SA-2006-01.txt"
},
{
"name": "ADV-2006-3101",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/3101"
},
{
"name": "21253",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21253"
},
{
"name": "18571",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18571"
},
{
"name": "SSA:2006-045-01",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE",
"x_transferred"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.443499"
},
{
"name": "ADV-2006-0300",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0300"
},
{
"name": "19289",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/19289"
},
{
"name": "TA06-214A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA06-214A.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=348747"
},
{
"name": "22691",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/22691"
},
{
"name": "1015527",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015527"
},
{
"name": "18895",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18895"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-01-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "fetchmail 6.3.0 and other versions before 6.3.2 allows remote attackers to cause a denial of service (crash) via crafted e-mail messages that cause a free of an invalid pointer when fetchmail bounces the message to the originator or local postmaster."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "APPLE-SA-2006-08-01",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2006//Aug/msg00000.html"
},
{
"name": "16365",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/16365"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://developer.berlios.de/project/shownotes.php?release_id=8784"
},
{
"name": "fetchmail-message-bounce-dos(24265)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24265"
},
{
"name": "20060122 fetchmail security announcement fetchmail-SA-2006-01 (CVE-2006-0321)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/422936/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://fetchmail.berlios.de/fetchmail-SA-2006-01.txt"
},
{
"name": "ADV-2006-3101",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/3101"
},
{
"name": "21253",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21253"
},
{
"name": "18571",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18571"
},
{
"name": "SSA:2006-045-01",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.443499"
},
{
"name": "ADV-2006-0300",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0300"
},
{
"name": "19289",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/19289"
},
{
"name": "TA06-214A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA06-214A.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=348747"
},
{
"name": "22691",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/22691"
},
{
"name": "1015527",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015527"
},
{
"name": "18895",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18895"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0321",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "fetchmail 6.3.0 and other versions before 6.3.2 allows remote attackers to cause a denial of service (crash) via crafted e-mail messages that cause a free of an invalid pointer when fetchmail bounces the message to the originator or local postmaster."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "APPLE-SA-2006-08-01",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2006//Aug/msg00000.html"
},
{
"name": "16365",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16365"
},
{
"name": "http://developer.berlios.de/project/shownotes.php?release_id=8784",
"refsource": "CONFIRM",
"url": "http://developer.berlios.de/project/shownotes.php?release_id=8784"
},
{
"name": "fetchmail-message-bounce-dos(24265)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24265"
},
{
"name": "20060122 fetchmail security announcement fetchmail-SA-2006-01 (CVE-2006-0321)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/422936/100/0/threaded"
},
{
"name": "http://fetchmail.berlios.de/fetchmail-SA-2006-01.txt",
"refsource": "CONFIRM",
"url": "http://fetchmail.berlios.de/fetchmail-SA-2006-01.txt"
},
{
"name": "ADV-2006-3101",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3101"
},
{
"name": "21253",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21253"
},
{
"name": "18571",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18571"
},
{
"name": "SSA:2006-045-01",
"refsource": "SLACKWARE",
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.443499"
},
{
"name": "ADV-2006-0300",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0300"
},
{
"name": "19289",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19289"
},
{
"name": "TA06-214A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA06-214A.html"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=348747",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=348747"
},
{
"name": "22691",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22691"
},
{
"name": "1015527",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015527"
},
{
"name": "18895",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18895"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-0321",
"datePublished": "2006-01-24T00:00:00.000Z",
"dateReserved": "2006-01-19T00:00:00.000Z",
"dateUpdated": "2024-08-07T16:34:13.607Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-0392 (GCVE-0-2006-0392)
Vulnerability from cvelistv5 – Published: 2006-08-03 01:00 – Updated: 2024-08-07 16:34
VLAI?
EPSS
Summary
Buffer overflow in Apple Mac OS X 10.4.7 allows user-assisted attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted Canon RAW image.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| http://lists.apple.com/archives/security-announce… | vendor-advisoryx_refsource_APPLE |
| http://www.vupen.com/english/advisories/2006/3101 | vdb-entryx_refsource_VUPEN |
| http://secunia.com/advisories/21253 | third-party-advisoryx_refsource_SECUNIA |
| http://www.kb.cert.org/vuls/id/527236 | third-party-advisoryx_refsource_CERT-VN |
| http://www.securityfocus.com/bid/19289 | vdb-entryx_refsource_BID |
| http://www.us-cert.gov/cas/techalerts/TA06-214A.html | third-party-advisoryx_refsource_CERT |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.osvdb.org/27739 | vdb-entryx_refsource_OSVDB |
Date Public ?
2006-08-01 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:34:14.528Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "APPLE-SA-2006-08-01",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2006//Aug/msg00000.html"
},
{
"name": "ADV-2006-3101",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/3101"
},
{
"name": "21253",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21253"
},
{
"name": "VU#527236",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/527236"
},
{
"name": "19289",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/19289"
},
{
"name": "TA06-214A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA06-214A.html"
},
{
"name": "macosx-raw-image-bo(28142)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28142"
},
{
"name": "27739",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/27739"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-08-01T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in Apple Mac OS X 10.4.7 allows user-assisted attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted Canon RAW image."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "APPLE-SA-2006-08-01",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2006//Aug/msg00000.html"
},
{
"name": "ADV-2006-3101",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/3101"
},
{
"name": "21253",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21253"
},
{
"name": "VU#527236",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/527236"
},
{
"name": "19289",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/19289"
},
{
"name": "TA06-214A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA06-214A.html"
},
{
"name": "macosx-raw-image-bo(28142)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28142"
},
{
"name": "27739",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/27739"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0392",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in Apple Mac OS X 10.4.7 allows user-assisted attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted Canon RAW image."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "APPLE-SA-2006-08-01",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2006//Aug/msg00000.html"
},
{
"name": "ADV-2006-3101",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3101"
},
{
"name": "21253",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21253"
},
{
"name": "VU#527236",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/527236"
},
{
"name": "19289",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19289"
},
{
"name": "TA06-214A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA06-214A.html"
},
{
"name": "macosx-raw-image-bo(28142)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28142"
},
{
"name": "27739",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27739"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-0392",
"datePublished": "2006-08-03T01:00:00.000Z",
"dateReserved": "2006-01-24T00:00:00.000Z",
"dateUpdated": "2024-08-07T16:34:14.528Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-0393 (GCVE-0-2006-0393)
Vulnerability from cvelistv5 – Published: 2006-08-03 01:00 – Updated: 2024-08-07 16:34
VLAI?
EPSS
Summary
OpenSSH in Apple Mac OS X 10.4.7 allows remote attackers to cause a denial of service or determine account existence by attempting to log in using an invalid user, which causes the server to hang.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| http://lists.apple.com/archives/security-announce… | vendor-advisoryx_refsource_APPLE |
| http://www.osvdb.org/27745 | vdb-entryx_refsource_OSVDB |
| http://www.vupen.com/english/advisories/2006/3101 | vdb-entryx_refsource_VUPEN |
| http://secunia.com/advisories/21253 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/bid/19289 | vdb-entryx_refsource_BID |
| http://www.us-cert.gov/cas/techalerts/TA06-214A.html | third-party-advisoryx_refsource_CERT |
| http://securitytracker.com/id?1016672 | vdb-entryx_refsource_SECTRACK |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public ?
2006-08-01 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:34:14.677Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "APPLE-SA-2006-08-01",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2006//Aug/msg00000.html"
},
{
"name": "27745",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/27745"
},
{
"name": "ADV-2006-3101",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/3101"
},
{
"name": "21253",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21253"
},
{
"name": "19289",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/19289"
},
{
"name": "TA06-214A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA06-214A.html"
},
{
"name": "1016672",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016672"
},
{
"name": "macosx-openssh-nonexistent-user-dos(28147)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28147"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-08-01T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "OpenSSH in Apple Mac OS X 10.4.7 allows remote attackers to cause a denial of service or determine account existence by attempting to log in using an invalid user, which causes the server to hang."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "APPLE-SA-2006-08-01",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2006//Aug/msg00000.html"
},
{
"name": "27745",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/27745"
},
{
"name": "ADV-2006-3101",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/3101"
},
{
"name": "21253",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21253"
},
{
"name": "19289",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/19289"
},
{
"name": "TA06-214A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA06-214A.html"
},
{
"name": "1016672",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016672"
},
{
"name": "macosx-openssh-nonexistent-user-dos(28147)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28147"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0393",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenSSH in Apple Mac OS X 10.4.7 allows remote attackers to cause a denial of service or determine account existence by attempting to log in using an invalid user, which causes the server to hang."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "APPLE-SA-2006-08-01",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2006//Aug/msg00000.html"
},
{
"name": "27745",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27745"
},
{
"name": "ADV-2006-3101",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3101"
},
{
"name": "21253",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21253"
},
{
"name": "19289",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19289"
},
{
"name": "TA06-214A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA06-214A.html"
},
{
"name": "1016672",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016672"
},
{
"name": "macosx-openssh-nonexistent-user-dos(28147)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28147"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-0393",
"datePublished": "2006-08-03T01:00:00.000Z",
"dateReserved": "2006-01-24T00:00:00.000Z",
"dateUpdated": "2024-08-07T16:34:14.677Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…