var-200505-1240
Vulnerability from variot
The rsvp_print function in tcpdump 3.9.1 and earlier allows remote attackers to cause a denial of service (infinite loop) via a crafted RSVP packet of length 4. The gzip program contains a buffer overflow vulnerability that may allow an attacker to execute arbitrary code or create a denial-of-service condition. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. ------------ This vulnerability information is a summary of multiple vulnerabilities released at the same time. Please note that the contents of vulnerability information other than the title are included. ------------ tcpdump Is a management tool for capturing network traffic and supports multiple protocols. The issue occurs because of the way tcpdump decodes Resource ReSerVation Protocol (RSVP) packets. This issue affects tcpdump 3.9.x/CVS and earlier. This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig72CF56A4065A77499C855538 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable
Fedora Legacy Update Advisory
Synopsis: Updated tcpdump packages fix security issues Advisory ID: FLSA:156139 Issue date: 2006-04-04 Product: Red Hat Linux, Fedora Core Keywords: Bugfix, Security CVE Names: CVE-2005-1267, CVE-2005-1278, CVE-2005-1279, CVE-2005-1280
- Topic:
Updated tcpdump packages that fix several security issues are now available.
- Relevant releases/architectures:
Red Hat Linux 9 - i386 Fedora Core 1 - i386 Fedora Core 2 - i386
- Problem description:
Several denial of service bugs were found in the way tcpdump processes certain network packets. It is possible for an attacker to inject a carefully crafted packet onto the network, crashing a running tcpdump session. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2005-1267, CVE-2005-1278, CVE-2005-1279, and CVE-2005-1280 to these issues.
Users of tcpdump are advised to upgrade to these erratum packages, which contain backported security patches and are not vulnerable to these issues.
- Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied.
To update all RPMs for your particular architecture, run:
rpm -Fvh [filenames]
where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (.rpm) if your current directory only* contains the desired RPMs.
Please note that this update is also available via yum and apt. Many people find this an easier way to apply updates. To use yum issue:
yum update
or to use apt:
apt-get update; apt-get upgrade
This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. This assumes that you have yum or apt-get configured for obtaining Fedora Legacy content. Please visit http://www.fedoralegacy.org/docs for directions on how to configure yum and apt-get.
- Bug IDs fixed:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=3D156139
- RPMs required:
Red Hat Linux 9:
SRPM: http://download.fedoralegacy.org/redhat/9/updates/SRPMS/tcpdump-3.7.2-7.9= =2E4.legacy.src.rpm
i386: http://download.fedoralegacy.org/redhat/9/updates/i386/tcpdump-3.7.2-7.9.= 4.legacy.i386.rpm http://download.fedoralegacy.org/redhat/9/updates/i386/libpcap-0.7.2-7.9.= 4.legacy.i386.rpm http://download.fedoralegacy.org/redhat/9/updates/i386/arpwatch-2.1a11-7.= 9.4.legacy.i386.rpm
Fedora Core 1:
SRPM: http://download.fedoralegacy.org/fedora/1/updates/SRPMS/tcpdump-3.7.2-8.f= c1.3.legacy.src.rpm
i386: http://download.fedoralegacy.org/fedora/1/updates/i386/tcpdump-3.7.2-8.fc= 1.3.legacy.i386.rpm http://download.fedoralegacy.org/fedora/1/updates/i386/libpcap-0.7.2-8.fc= 1.3.legacy.i386.rpm http://download.fedoralegacy.org/fedora/1/updates/i386/arpwatch-2.1a11-8.= fc1.3.legacy.i386.rpm
Fedora Core 2:
SRPM: http://download.fedoralegacy.org/fedora/2/updates/SRPMS/tcpdump-3.8.2-6.F= C2.3.legacy.src.rpm
i386: http://download.fedoralegacy.org/fedora/2/updates/i386/tcpdump-3.8.2-6.FC= 2.3.legacy.i386.rpm http://download.fedoralegacy.org/fedora/2/updates/i386/libpcap-0.8.3-6.FC= 2.3.legacy.i386.rpm http://download.fedoralegacy.org/fedora/2/updates/i386/arpwatch-2.1a13-6.= FC2.3.legacy.i386.rpm
- Verification:
SHA1 sum Package Name
0beccb4a6dd929174bc2d70d680a2e3c4a094391 redhat/9/updates/i386/tcpdump-3.7.2-7.9.4.legacy.i386.rpm 71e1ffc2c4dbf2a5c754630e198f17af94000e66 redhat/9/updates/i386/libpcap-0.7.2-7.9.4.legacy.i386.rpm 843a832974f531413a8e406491f6c91d09bda24d redhat/9/updates/i386/arpwatch-2.1a11-7.9.4.legacy.i386.rpm 192fa5bbebe8039f3c23b8aa26804d1c4b788412 redhat/9/updates/SRPMS/tcpdump-3.7.2-7.9.4.legacy.src.rpm
1a426b6225718dbd325fbe0c6d54f8904b710103 fedora/1/updates/i386/tcpdump-3.7.2-8.fc1.3.legacy.i386.rpm 45cffdb7d98c2eb03da004d89b776a7050ff5c40 fedora/1/updates/i386/libpcap-0.7.2-8.fc1.3.legacy.i386.rpm 75e263aa296969c873d0475cc1c0785c30ea24d6 fedora/1/updates/i386/arpwatch-2.1a11-8.fc1.3.legacy.i386.rpm 6e86c20a8af1fc607809c713d7ac00ab5e2f717c fedora/1/updates/SRPMS/tcpdump-3.7.2-8.fc1.3.legacy.src.rpm
32d0dcf31fbe12225954cc32dad45dbcb6c5f5e4 fedora/2/updates/i386/tcpdump-3.8.2-6.FC2.3.legacy.i386.rpm c84625e92600faa8566129c8229daa6c328dcee9 fedora/2/updates/i386/libpcap-0.8.3-6.FC2.3.legacy.i386.rpm dbdcbed104a6d3985a0735aab55031a3be0e1a74 fedora/2/updates/i386/arpwatch-2.1a13-6.FC2.3.legacy.i386.rpm bb98c4cd71507e4dec94da2c1c9f95ee9bbacde1 fedora/2/updates/SRPMS/tcpdump-3.8.2-6.FC2.3.legacy.src.rpm
These packages are GPG signed by Fedora Legacy for security. Our key is available from http://www.fedoralegacy.org/about/security.php
You can verify each package with the following command:
rpm --checksig -v <filename>
If you only wish to verify that each package has not been corrupted or tampered with, examine only the sha1sum with the following command:
sha1sum <filename>
- References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2005-1267 http://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2005-1278 http://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2005-1279 http://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2005-1280
- Contact:
The Fedora Legacy security contact is secnotice@fedoralegacy.org. More project details at http://www.fedoralegacy.org
--------------enig72CF56A4065A77499C855538 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux)
iD8DBQFEMxLYLMAs/0C4zNoRAk8xAJ4utHt2OOExJbd3DH8xtLyfe4YcyACeLsad ZdMzjYDTapqXGKau0WRk570= =BXab -----END PGP SIGNATURE-----
--------------enig72CF56A4065A77499C855538--
.
Want to work within IT-Security?
Secunia is expanding its team of highly skilled security experts. We will help with relocation and obtaining a work permit.
Currently the following type of positions are available: http://secunia.com/quality_assurance_analyst/ http://secunia.com/web_application_security_specialist/ http://secunia.com/hardcore_disassembler_and_reverse_engineer/
TITLE: gzip Multiple Vulnerabilities
SECUNIA ADVISORY ID: SA21996
VERIFY ADVISORY: http://secunia.com/advisories/21996/
CRITICAL: Moderately critical
IMPACT: DoS, System access
WHERE:
From remote
SOFTWARE: gzip 1.x http://secunia.com/product/4220/
DESCRIPTION: Tavis Ormandy has reported some vulnerabilities in gzip, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.
1) A boundary error within the "make_table()" function in unlzh.c can be used to modify certain stack data. tricking a user or automated system into unpacking a specially crafted archive file. tricking a user or automated system into unpacking a specially crafted "pack" archive file.
3) A buffer overflow within the "make_table()" function of gzip's LZH support can be exploited to cause a DoS and potentially to compromise a vulnerable system by e.g. tricking a user or automated system into unpacking an archive containing a specially crafted decoding table.
4) A NULL pointer dereference within the "huft_build()" function and an infinite loop within the LZH handling can be exploited to cause a DoS by e.g. tricking a user or automated system into unpacking a specially crafted archive file.
The vulnerabilities have been reported in version 1.3.5. Other versions may also be affected.
SOLUTION: Do not unpack untrusted archive files.
PROVIDED AND/OR DISCOVERED BY: Tavis Ormandy, Google Security Team
ORIGINAL ADVISORY: http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=204676
OTHER REFERENCES: US-CERT VU#554780: http://www.kb.cert.org/vuls/id/554780
US-CERT VU#381508: http://www.kb.cert.org/vuls/id/381508
US-CERT VU#773548: http://www.kb.cert.org/vuls/id/773548
US-CERT VU#933712: http://www.kb.cert.org/vuls/id/933712
US-CERT VU#596848 http://www.kb.cert.org/vuls/id/596848
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
National Cyber Alert System
Technical Cyber Security Alert TA06-333A
Apple Releases Security Update to Address Multiple Vulnerabilities
Original release date: November 29, 2006 Last revised: -- Source: US-CERT
Systems Affected
* Apple Mac OS X version 10.3.x and 10.4.x
* Apple Mac OS X Server version 10.3.x and 10.4.x
* Apple Safari web browser
These vulnerabilities affect both Intel-based and PowerPC-based Apple systems.
Overview
Apple has released Security Update 2006-007 to correct multiple vulnerabilities affecting Mac OS X, Mac OS X Server, Safari web browser. Vulnerabilities in OpenSSL, gzip, and other products are also addressed. Description
Apple Security Update 2006-007 addresses a number of vulnerabilities affecting Mac OS X, OS X Server, Safari web browser, and other products. Further details are available in the related vulnerability notes.
This security update also addresses previously known vulnerabilities in PHP, Perl, OpenSSL, and gzip, which are shipped with Mac OS X.
II. Impact
The impacts of these vulnerabilities vary. For specific details, see the appropriate vulnerability notes. Potential consequences include remote execution of arbitrary code or commands, bypass of security restrictions, and denial of service.
III. Solution
Install updates
Install Apple Security Update 2006-007. This and other updates are available via Apple Update or via Apple Downloads.
IV. References
* Vulnerability Notes for Apple Security Update 2006-007 -
<http://www.kb.cert.org/vuls/byid?searchview&query=apple-2006-007>
* Vulnerability Notes for OpenSSL Security Advisory [28th September
2006] -
http://www.kb.cert.org/vuls/byid?searchview&query=openssl_secadv_20060928
* Vulnerability Note VU#845620 -
<http://www.kb.cert.org/vuls/id/845620>
* Vulnerability Note VU#933712 -
<http://www.kb.cert.org/vuls/id/933712>
* Vulnerability Note VU#381508 -
<http://www.kb.cert.org/vuls/id/381508>
* Vulnerability Note VU#554780 -
<http://www.kb.cert.org/vuls/id/554780>
* Vulnerability Note VU#596848 -
<http://www.kb.cert.org/vuls/id/596848>
* Vulnerability Note VU#773548 -
<http://www.kb.cert.org/vuls/id/773548>
* About the security content of Security Update 2006-007 -
<http://docs.info.apple.com/article.html?artnum=304829>
* Mac OS X: Updating your software -
<http://docs.info.apple.com/article.html?artnum=106704>
* Apple Downloads - <http://www.apple.com/support/downloads/>
* OpenSSL: OpenSSL vulnerabilities -
<http://www.openssl.org/news/vulnerabilities.html>
* Securing Your Web Browser -
<http://www.us-cert.gov/reading_room/securing_browser/#Safari>
The most recent version of this document can be found at:
<http://www.us-cert.gov/cas/techalerts/TA06-333A.html>
Feedback can be directed to US-CERT Technical Staff. Please send email to cert@cert.org with "TA06-333A Feedback VU#191336" in the subject.
Produced 2006 by US-CERT, a government organization.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-analyzer/tcpdump < 3.8.3-r2 >= 3.8.3-r2
Description
TCPDump improperly handles and decodes ISIS, BGP, LDP (CAN-2005-1279) and RSVP (CAN-2005-1280) packets. TCPDump might loop endlessly after receiving malformed packets.
Workaround
There is no known workaround at this time.
Resolution
All TCPDump users should upgrade to the latest available version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-analyzer/tcpdump-3.8.3-r2"
References
[ 1 ] CAN-2005-1279 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2005-1279 [ 2 ] CAN-2005-1280 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2005-1280
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-200505-06.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.
License
Copyright 2005 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.0
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200505-1240",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": null,
"scope": null,
"trust": 2.4,
"vendor": "debian gnu linux",
"version": null
},
{
"model": null,
"scope": null,
"trust": 2.4,
"vendor": "freebsd",
"version": null
},
{
"model": null,
"scope": null,
"trust": 2.4,
"vendor": "red hat",
"version": null
},
{
"model": null,
"scope": null,
"trust": 2.4,
"vendor": "slackware linux",
"version": null
},
{
"model": null,
"scope": null,
"trust": 2.4,
"vendor": "ubuntu",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "f5",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "openpkg",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "openssl",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "oracle",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "suse linux",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "rpath",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "apple computer",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "openwall gnu linux",
"version": null
},
{
"model": "tcpdump",
"scope": "lte",
"trust": 1.0,
"vendor": "lbl",
"version": "3.9.1"
},
{
"model": "tcpdump",
"scope": "eq",
"trust": 0.9,
"vendor": "lbl",
"version": "3.9.1"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "trustix secure linux",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "appgate network security",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "attachmatewrq",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "avaya",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "blue coat",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "gentoo linux",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "gnutls",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "hewlett packard",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "iaik java group",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ibm",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "internet consortium",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "intoto",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "juniper",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "mandriva",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "mozilla",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "opera",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "rsa security",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ssh security corp",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "sun microsystems",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "sybase",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "vmware",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "vandyke",
"version": null
},
{
"model": "seil/b1",
"scope": "eq",
"trust": 0.8,
"vendor": "internet initiative",
"version": "2.00 ~ 2.40"
},
{
"model": "seil/neu",
"scope": "eq",
"trust": 0.8,
"vendor": "internet initiative",
"version": "2fe plus 2.00 ~ 2.02"
},
{
"model": "seil/turbo",
"scope": "eq",
"trust": 0.8,
"vendor": "internet initiative",
"version": "2.00 ~ 2.02"
},
{
"model": "seil/x1,x2",
"scope": "eq",
"trust": 0.8,
"vendor": "internet initiative",
"version": "2.10 ~ 2.40"
},
{
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "3.0"
},
{
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "3.0 (x86-64)"
},
{
"model": "turbolinux server",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "10"
},
{
"model": "turbolinux server",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "7"
},
{
"model": "turbolinux server",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "8"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "3 (as)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "3 (es)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "3 (ws)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "4 (as)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "4 (es)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "4 (ws)"
},
{
"model": "server",
"scope": "eq",
"trust": 0.3,
"vendor": "turbolinux",
"version": "10.0"
},
{
"model": "appliance server workgroup edition",
"scope": "eq",
"trust": 0.3,
"vendor": "turbolinux",
"version": "1.0"
},
{
"model": "appliance server hosting edition",
"scope": "eq",
"trust": 0.3,
"vendor": "turbolinux",
"version": "1.0"
},
{
"model": "secure linux",
"scope": "eq",
"trust": 0.3,
"vendor": "trustix",
"version": "2.2"
},
{
"model": "secure linux",
"scope": "eq",
"trust": 0.3,
"vendor": "trustix",
"version": "2.1"
},
{
"model": "secure enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "trustix",
"version": "2.0"
},
{
"model": "linux enterprise server",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "8"
},
{
"model": "linux enterprise server",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "9"
},
{
"model": "linux desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "1.0"
},
{
"model": "propack",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "3.0"
},
{
"model": "unixware",
"scope": "eq",
"trust": 0.3,
"vendor": "sco",
"version": "7.1.4"
},
{
"model": "unixware up",
"scope": "eq",
"trust": 0.3,
"vendor": "sco",
"version": "7.1.3"
},
{
"model": "unixware",
"scope": "eq",
"trust": 0.3,
"vendor": "sco",
"version": "7.1.3"
},
{
"model": "open server",
"scope": "eq",
"trust": 0.3,
"vendor": "sco",
"version": "6.0"
},
{
"model": "suse linux school server for i386",
"scope": null,
"trust": 0.3,
"vendor": "s u s e",
"version": null
},
{
"model": "suse linux retail solution",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "8.0"
},
{
"model": "suse linux openexchange server",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "4.0"
},
{
"model": "open-enterprise-server",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9.0"
},
{
"model": "novell linux desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9.0"
},
{
"model": "linux professional x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9.3"
},
{
"model": "linux professional",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9.3"
},
{
"model": "linux professional x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9.2"
},
{
"model": "linux professional",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9.2"
},
{
"model": "linux professional x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9.1"
},
{
"model": "linux professional",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9.1"
},
{
"model": "linux professional x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9.0"
},
{
"model": "linux professional",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9.0"
},
{
"model": "linux professional",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "8.2"
},
{
"model": "linux personal x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9.3"
},
{
"model": "linux personal",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9.3"
},
{
"model": "linux personal x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9.2"
},
{
"model": "linux personal",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9.2"
},
{
"model": "linux personal x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9.1"
},
{
"model": "linux personal",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9.1"
},
{
"model": "linux personal x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9.0"
},
{
"model": "linux personal",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9.0"
},
{
"model": "linux personal",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "8.2"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "9.0"
},
{
"model": "fedora core3",
"scope": null,
"trust": 0.3,
"vendor": "redhat",
"version": null
},
{
"model": "fedora core2",
"scope": null,
"trust": 0.3,
"vendor": "redhat",
"version": null
},
{
"model": "fedora core1",
"scope": null,
"trust": 0.3,
"vendor": "redhat",
"version": null
},
{
"model": "enterprise linux ws",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"model": "enterprise linux es",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"model": "enterprise linux as",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"model": "desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4.0"
},
{
"model": "current",
"scope": null,
"trust": 0.3,
"vendor": "netbsd",
"version": null
},
{
"model": "netbsd",
"scope": "eq",
"trust": 0.3,
"vendor": "netbsd",
"version": "4.0"
},
{
"model": "linux mandrake x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "10.2"
},
{
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "10.2"
},
{
"model": "linux mandrake x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "10.1"
},
{
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "10.1"
},
{
"model": "linux mandrake amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "10.0"
},
{
"model": "corporate server x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "3.0"
},
{
"model": "corporate server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "3.0"
},
{
"model": "tcpdump",
"scope": "eq",
"trust": 0.3,
"vendor": "lbl",
"version": "3.9"
},
{
"model": "tcpdump",
"scope": "eq",
"trust": 0.3,
"vendor": "lbl",
"version": "3.8.3"
},
{
"model": "tcpdump",
"scope": "eq",
"trust": 0.3,
"vendor": "lbl",
"version": "3.8.2"
},
{
"model": "tcpdump",
"scope": "eq",
"trust": 0.3,
"vendor": "lbl",
"version": "3.8.1"
},
{
"model": "tcpdump",
"scope": "eq",
"trust": 0.3,
"vendor": "lbl",
"version": "3.7.2"
},
{
"model": "tcpdump",
"scope": "eq",
"trust": 0.3,
"vendor": "lbl",
"version": "3.7.1"
},
{
"model": "tcpdump",
"scope": "eq",
"trust": 0.3,
"vendor": "lbl",
"version": "3.7"
},
{
"model": "tcpdump",
"scope": "eq",
"trust": 0.3,
"vendor": "lbl",
"version": "3.6.3"
},
{
"model": "tcpdump",
"scope": "eq",
"trust": 0.3,
"vendor": "lbl",
"version": "3.6.2"
},
{
"model": "tcpdump",
"scope": "eq",
"trust": 0.3,
"vendor": "lbl",
"version": "3.5.2"
},
{
"model": "tcpdump alpha",
"scope": "eq",
"trust": 0.3,
"vendor": "lbl",
"version": "3.5"
},
{
"model": "tcpdump",
"scope": "eq",
"trust": 0.3,
"vendor": "lbl",
"version": "3.5"
},
{
"model": "tcpdump a6",
"scope": "eq",
"trust": 0.3,
"vendor": "lbl",
"version": "3.4"
},
{
"model": "tcpdump",
"scope": "eq",
"trust": 0.3,
"vendor": "lbl",
"version": "3.4"
},
{
"model": "ipcop",
"scope": "eq",
"trust": 0.3,
"vendor": "ipcop",
"version": "1.4.5"
},
{
"model": "ipcop",
"scope": "eq",
"trust": 0.3,
"vendor": "ipcop",
"version": "1.4.4"
},
{
"model": "ipcop",
"scope": "eq",
"trust": 0.3,
"vendor": "ipcop",
"version": "1.4.2"
},
{
"model": "ipcop",
"scope": "eq",
"trust": 0.3,
"vendor": "ipcop",
"version": "1.4.1"
},
{
"model": "linux",
"scope": null,
"trust": 0.3,
"vendor": "gentoo",
"version": null
},
{
"model": "-releng",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "5.4"
},
{
"model": "-release",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "5.4"
},
{
"model": "-prerelease",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "5.4"
},
{
"model": "-stable",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "5.3"
},
{
"model": "-releng",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "5.3"
},
{
"model": "-release",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "5.3"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "5.3"
},
{
"model": "-release",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "5.2.1"
},
{
"model": "-releng",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "5.2"
},
{
"model": "-release",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "5.2"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "5.2"
},
{
"model": "-releng",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "5.1"
},
{
"model": "-release/alpha",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "5.1"
},
{
"model": "-release-p5",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "5.1"
},
{
"model": "-release",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "5.1"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "5.1"
},
{
"model": "-releng",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "5.0"
},
{
"model": "-release-p14",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "5.0"
},
{
"model": "alpha",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "5.0"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "5.0"
},
{
"model": "big-ip",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.6.5"
},
{
"model": "big-ip",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.6.3"
},
{
"model": "big-ip",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.6.2"
},
{
"model": "big-ip",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.6"
},
{
"model": "big-ip",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.5.12"
},
{
"model": "big-ip",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.5.11"
},
{
"model": "big-ip",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.5.10"
},
{
"model": "big-ip",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.5.9"
},
{
"model": "big-ip",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.5.6"
},
{
"model": "big-ip",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.5"
},
{
"model": "big-ip",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.4"
},
{
"model": "big-ip",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.3"
},
{
"model": "big-ip",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.2"
},
{
"model": "big-ip",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.0"
},
{
"model": "3-dns",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.6.3"
},
{
"model": "3-dns",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.6.2"
},
{
"model": "3-dns",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.6"
},
{
"model": "3-dns",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.5.12"
},
{
"model": "3-dns",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.5.11"
},
{
"model": "3-dns",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.5"
},
{
"model": "3-dns",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.4"
},
{
"model": "3-dns",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.3"
},
{
"model": "3-dns",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.2"
},
{
"model": "s8710 r2.0.1",
"scope": null,
"trust": 0.3,
"vendor": "avaya",
"version": null
},
{
"model": "s8710 r2.0.0",
"scope": null,
"trust": 0.3,
"vendor": "avaya",
"version": null
},
{
"model": "s8700 r2.0.1",
"scope": null,
"trust": 0.3,
"vendor": "avaya",
"version": null
},
{
"model": "s8700 r2.0.0",
"scope": null,
"trust": 0.3,
"vendor": "avaya",
"version": null
},
{
"model": "s8500 r2.0.1",
"scope": null,
"trust": 0.3,
"vendor": "avaya",
"version": null
},
{
"model": "s8500 r2.0.0",
"scope": null,
"trust": 0.3,
"vendor": "avaya",
"version": null
},
{
"model": "s8300 r2.0.1",
"scope": null,
"trust": 0.3,
"vendor": "avaya",
"version": null
},
{
"model": "s8300 r2.0.0",
"scope": null,
"trust": 0.3,
"vendor": "avaya",
"version": null
},
{
"model": "modular messaging",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "2.0"
},
{
"model": "modular messaging",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "1.1"
},
{
"model": "mn100",
"scope": null,
"trust": 0.3,
"vendor": "avaya",
"version": null
},
{
"model": "intuity lx",
"scope": null,
"trust": 0.3,
"vendor": "avaya",
"version": null
},
{
"model": "converged communications server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "2.0"
},
{
"model": "big-ip",
"scope": "ne",
"trust": 0.3,
"vendor": "f5",
"version": "4.7"
},
{
"model": "big-ip",
"scope": "ne",
"trust": 0.3,
"vendor": "f5",
"version": "4.5.13"
},
{
"model": "3-dns",
"scope": "ne",
"trust": 0.3,
"vendor": "f5",
"version": "4.7"
},
{
"model": "3-dns",
"scope": "ne",
"trust": 0.3,
"vendor": "f5",
"version": "4.5.13"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#386964"
},
{
"db": "CERT/CC",
"id": "VU#773548"
},
{
"db": "CERT/CC",
"id": "VU#845620"
},
{
"db": "BID",
"id": "13390"
},
{
"db": "JVNDB",
"id": "JVNDB-2005-000283"
},
{
"db": "CNNVD",
"id": "CNNVD-200505-090"
},
{
"db": "NVD",
"id": "CVE-2005-1280"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:lbl:tcpdump:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.9.1",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2005-1280"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Vade 79 v9@fakehalo.deadpig.org",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200505-090"
}
],
"trust": 0.6
},
"cve": "CVE-2005-1280",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2005-1280",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2005-1280",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#386964",
"trust": 0.8,
"value": "0.32"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#773548",
"trust": 0.8,
"value": "1.57"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#845620",
"trust": 0.8,
"value": "7.56"
},
{
"author": "CNNVD",
"id": "CNNVD-200505-090",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#386964"
},
{
"db": "CERT/CC",
"id": "VU#773548"
},
{
"db": "CERT/CC",
"id": "VU#845620"
},
{
"db": "JVNDB",
"id": "JVNDB-2005-000283"
},
{
"db": "CNNVD",
"id": "CNNVD-200505-090"
},
{
"db": "NVD",
"id": "CVE-2005-1280"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The rsvp_print function in tcpdump 3.9.1 and earlier allows remote attackers to cause a denial of service (infinite loop) via a crafted RSVP packet of length 4. The gzip program contains a buffer overflow vulnerability that may allow an attacker to execute arbitrary code or create a denial-of-service condition. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. ------------ This vulnerability information is a summary of multiple vulnerabilities released at the same time. Please note that the contents of vulnerability information other than the title are included. ------------ tcpdump Is a management tool for capturing network traffic and supports multiple protocols. The issue occurs because of the way tcpdump decodes Resource ReSerVation Protocol (RSVP) packets. \nThis issue affects tcpdump 3.9.x/CVS and earlier. This is an OpenPGP/MIME signed message (RFC 2440 and 3156)\n--------------enig72CF56A4065A77499C855538\nContent-Type: text/plain; charset=ISO-8859-1\nContent-Transfer-Encoding: quoted-printable\n\n---------------------------------------------------------------------\n Fedora Legacy Update Advisory\n\nSynopsis: Updated tcpdump packages fix security issues\nAdvisory ID: FLSA:156139\nIssue date: 2006-04-04\nProduct: Red Hat Linux, Fedora Core\nKeywords: Bugfix, Security\nCVE Names: CVE-2005-1267, CVE-2005-1278, CVE-2005-1279,\n CVE-2005-1280\n---------------------------------------------------------------------\n\n\n---------------------------------------------------------------------\n1. Topic:\n\nUpdated tcpdump packages that fix several security issues are now\navailable. \n\n2. Relevant releases/architectures:\n\nRed Hat Linux 9 - i386\nFedora Core 1 - i386\nFedora Core 2 - i386\n\n3. Problem description:\n\nSeveral denial of service bugs were found in the way tcpdump processes\ncertain network packets. It is possible for an attacker to inject a\ncarefully crafted packet onto the network, crashing a running tcpdump\nsession. The Common Vulnerabilities and Exposures project\n(cve.mitre.org) has assigned the names CVE-2005-1267, CVE-2005-1278,\nCVE-2005-1279, and CVE-2005-1280 to these issues. \n\nUsers of tcpdump are advised to upgrade to these erratum packages, which\ncontain backported security patches and are not vulnerable to these\nissues. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade. Only those\nRPMs which are currently installed will be updated. Those RPMs which\nare not installed but included in the list will not be updated. Note\nthat you can also use wildcards (*.rpm) if your current directory *only*\ncontains the desired RPMs. \n\nPlease note that this update is also available via yum and apt. Many\npeople find this an easier way to apply updates. To use yum issue:\n\nyum update\n\nor to use apt:\n\napt-get update; apt-get upgrade\n\nThis will start an interactive process that will result in the\nappropriate RPMs being upgraded on your system. This assumes that you\nhave yum or apt-get configured for obtaining Fedora Legacy content. \nPlease visit http://www.fedoralegacy.org/docs for directions on how to\nconfigure yum and apt-get. \n\n5. Bug IDs fixed:\n\nhttps://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=3D156139\n\n6. RPMs required:\n\nRed Hat Linux 9:\n\nSRPM:\nhttp://download.fedoralegacy.org/redhat/9/updates/SRPMS/tcpdump-3.7.2-7.9=\n=2E4.legacy.src.rpm\n\ni386:\nhttp://download.fedoralegacy.org/redhat/9/updates/i386/tcpdump-3.7.2-7.9.=\n4.legacy.i386.rpm\nhttp://download.fedoralegacy.org/redhat/9/updates/i386/libpcap-0.7.2-7.9.=\n4.legacy.i386.rpm\nhttp://download.fedoralegacy.org/redhat/9/updates/i386/arpwatch-2.1a11-7.=\n9.4.legacy.i386.rpm\n\nFedora Core 1:\n\nSRPM:\nhttp://download.fedoralegacy.org/fedora/1/updates/SRPMS/tcpdump-3.7.2-8.f=\nc1.3.legacy.src.rpm\n\ni386:\nhttp://download.fedoralegacy.org/fedora/1/updates/i386/tcpdump-3.7.2-8.fc=\n1.3.legacy.i386.rpm\nhttp://download.fedoralegacy.org/fedora/1/updates/i386/libpcap-0.7.2-8.fc=\n1.3.legacy.i386.rpm\nhttp://download.fedoralegacy.org/fedora/1/updates/i386/arpwatch-2.1a11-8.=\nfc1.3.legacy.i386.rpm\n\nFedora Core 2:\n\nSRPM:\nhttp://download.fedoralegacy.org/fedora/2/updates/SRPMS/tcpdump-3.8.2-6.F=\nC2.3.legacy.src.rpm\n\ni386:\nhttp://download.fedoralegacy.org/fedora/2/updates/i386/tcpdump-3.8.2-6.FC=\n2.3.legacy.i386.rpm\nhttp://download.fedoralegacy.org/fedora/2/updates/i386/libpcap-0.8.3-6.FC=\n2.3.legacy.i386.rpm\nhttp://download.fedoralegacy.org/fedora/2/updates/i386/arpwatch-2.1a13-6.=\nFC2.3.legacy.i386.rpm\n\n7. Verification:\n\nSHA1 sum Package Name\n---------------------------------------------------------------------\n\n0beccb4a6dd929174bc2d70d680a2e3c4a094391\nredhat/9/updates/i386/tcpdump-3.7.2-7.9.4.legacy.i386.rpm\n71e1ffc2c4dbf2a5c754630e198f17af94000e66\nredhat/9/updates/i386/libpcap-0.7.2-7.9.4.legacy.i386.rpm\n843a832974f531413a8e406491f6c91d09bda24d\nredhat/9/updates/i386/arpwatch-2.1a11-7.9.4.legacy.i386.rpm\n192fa5bbebe8039f3c23b8aa26804d1c4b788412\nredhat/9/updates/SRPMS/tcpdump-3.7.2-7.9.4.legacy.src.rpm\n\n1a426b6225718dbd325fbe0c6d54f8904b710103\nfedora/1/updates/i386/tcpdump-3.7.2-8.fc1.3.legacy.i386.rpm\n45cffdb7d98c2eb03da004d89b776a7050ff5c40\nfedora/1/updates/i386/libpcap-0.7.2-8.fc1.3.legacy.i386.rpm\n75e263aa296969c873d0475cc1c0785c30ea24d6\nfedora/1/updates/i386/arpwatch-2.1a11-8.fc1.3.legacy.i386.rpm\n6e86c20a8af1fc607809c713d7ac00ab5e2f717c\nfedora/1/updates/SRPMS/tcpdump-3.7.2-8.fc1.3.legacy.src.rpm\n\n32d0dcf31fbe12225954cc32dad45dbcb6c5f5e4\nfedora/2/updates/i386/tcpdump-3.8.2-6.FC2.3.legacy.i386.rpm\nc84625e92600faa8566129c8229daa6c328dcee9\nfedora/2/updates/i386/libpcap-0.8.3-6.FC2.3.legacy.i386.rpm\ndbdcbed104a6d3985a0735aab55031a3be0e1a74\nfedora/2/updates/i386/arpwatch-2.1a13-6.FC2.3.legacy.i386.rpm\nbb98c4cd71507e4dec94da2c1c9f95ee9bbacde1\nfedora/2/updates/SRPMS/tcpdump-3.8.2-6.FC2.3.legacy.src.rpm\n\nThese packages are GPG signed by Fedora Legacy for security. Our key is\navailable from http://www.fedoralegacy.org/about/security.php\n\nYou can verify each package with the following command:\n\n rpm --checksig -v \u003cfilename\u003e\n\nIf you only wish to verify that each package has not been corrupted or\ntampered with, examine only the sha1sum with the following command:\n\n sha1sum \u003cfilename\u003e\n\n8. References:\n\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2005-1267\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2005-1278\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2005-1279\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2005-1280\n\n9. Contact:\n\nThe Fedora Legacy security contact is \u003csecnotice@fedoralegacy.org\u003e. More\nproject details at http://www.fedoralegacy.org\n\n---------------------------------------------------------------------\n\n\n\n--------------enig72CF56A4065A77499C855538\nContent-Type: application/pgp-signature; name=\"signature.asc\"\nContent-Description: OpenPGP digital signature\nContent-Disposition: attachment; filename=\"signature.asc\"\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.2.2 (GNU/Linux)\n\niD8DBQFEMxLYLMAs/0C4zNoRAk8xAJ4utHt2OOExJbd3DH8xtLyfe4YcyACeLsad\nZdMzjYDTapqXGKau0WRk570=\n=BXab\n-----END PGP SIGNATURE-----\n\n--------------enig72CF56A4065A77499C855538--\n\n. \n\n----------------------------------------------------------------------\n\nWant to work within IT-Security?\n\nSecunia is expanding its team of highly skilled security experts. \nWe will help with relocation and obtaining a work permit. \n\nCurrently the following type of positions are available:\nhttp://secunia.com/quality_assurance_analyst/\nhttp://secunia.com/web_application_security_specialist/ \nhttp://secunia.com/hardcore_disassembler_and_reverse_engineer/\n\n----------------------------------------------------------------------\n\nTITLE:\ngzip Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA21996\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/21996/\n\nCRITICAL:\nModerately critical\n\nIMPACT:\nDoS, System access\n\nWHERE:\n\u003eFrom remote\n\nSOFTWARE:\ngzip 1.x\nhttp://secunia.com/product/4220/\n\nDESCRIPTION:\nTavis Ormandy has reported some vulnerabilities in gzip, which can be\nexploited by malicious people to cause a DoS (Denial of Service) and\npotentially compromise a vulnerable system. \n\n1) A boundary error within the \"make_table()\" function in unlzh.c can\nbe used to modify certain stack data. tricking\na user or automated system into unpacking a specially crafted archive\nfile. tricking a user or\nautomated system into unpacking a specially crafted \"pack\" archive\nfile. \n\n3) A buffer overflow within the \"make_table()\" function of gzip\u0027s LZH\nsupport can be exploited to cause a DoS and potentially to compromise\na vulnerable system by e.g. tricking a user or automated system into\nunpacking an archive containing a specially crafted decoding table. \n\n4) A NULL pointer dereference within the \"huft_build()\" function and\nan infinite loop within the LZH handling can be exploited to cause a\nDoS by e.g. tricking a user or automated system into unpacking a\nspecially crafted archive file. \n\nThe vulnerabilities have been reported in version 1.3.5. Other\nversions may also be affected. \n\nSOLUTION:\nDo not unpack untrusted archive files. \n\nPROVIDED AND/OR DISCOVERED BY:\nTavis Ormandy, Google Security Team\n\nORIGINAL ADVISORY:\nhttp://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=204676\n\nOTHER REFERENCES:\nUS-CERT VU#554780:\nhttp://www.kb.cert.org/vuls/id/554780\n\nUS-CERT VU#381508:\nhttp://www.kb.cert.org/vuls/id/381508\n\nUS-CERT VU#773548:\nhttp://www.kb.cert.org/vuls/id/773548\n\nUS-CERT VU#933712:\nhttp://www.kb.cert.org/vuls/id/933712\n\nUS-CERT VU#596848\nhttp://www.kb.cert.org/vuls/id/596848\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. \n\n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n National Cyber Alert System\n\n Technical Cyber Security Alert TA06-333A\n\n\nApple Releases Security Update to Address Multiple Vulnerabilities\n\n Original release date: November 29, 2006\n Last revised: --\n Source: US-CERT\n\n\nSystems Affected\n\n * Apple Mac OS X version 10.3.x and 10.4.x\n * Apple Mac OS X Server version 10.3.x and 10.4.x\n * Apple Safari web browser\n\n These vulnerabilities affect both Intel-based and PowerPC-based Apple\n systems. \n\n\nOverview\n\n Apple has released Security Update 2006-007 to correct multiple\n vulnerabilities affecting Mac OS X, Mac OS X Server, Safari web\n browser. Vulnerabilities in OpenSSL, gzip, and other products are also\n addressed. Description\n\n Apple Security Update 2006-007 addresses a number of vulnerabilities\n affecting Mac OS X, OS X Server, Safari web browser, and other\n products. Further details are available in the related vulnerability\n notes. \n\n This security update also addresses previously known vulnerabilities\n in PHP, Perl, OpenSSL, and gzip, which are shipped with Mac OS X. \n\n\nII. Impact\n\n The impacts of these vulnerabilities vary. For specific details, see\n the appropriate vulnerability notes. Potential consequences include\n remote execution of arbitrary code or commands, bypass of security\n restrictions, and denial of service. \n\n\nIII. Solution\n\nInstall updates\n\n Install Apple Security Update 2006-007. This and other updates are\n available via Apple Update or via Apple Downloads. \n\n\nIV. References\n\n * Vulnerability Notes for Apple Security Update 2006-007 -\n \u003chttp://www.kb.cert.org/vuls/byid?searchview\u0026query=apple-2006-007\u003e\n\n * Vulnerability Notes for OpenSSL Security Advisory [28th September\n 2006] -\n\u003chttp://www.kb.cert.org/vuls/byid?searchview\u0026query=openssl_secadv_20060928\u003e\n\n * Vulnerability Note VU#845620 -\n \u003chttp://www.kb.cert.org/vuls/id/845620\u003e\n\n * Vulnerability Note VU#933712 -\n \u003chttp://www.kb.cert.org/vuls/id/933712\u003e\n\n * Vulnerability Note VU#381508 -\n \u003chttp://www.kb.cert.org/vuls/id/381508\u003e\n\n * Vulnerability Note VU#554780 -\n \u003chttp://www.kb.cert.org/vuls/id/554780\u003e\n\n * Vulnerability Note VU#596848 -\n \u003chttp://www.kb.cert.org/vuls/id/596848\u003e\n\n * Vulnerability Note VU#773548 -\n \u003chttp://www.kb.cert.org/vuls/id/773548\u003e\n\n * About the security content of Security Update 2006-007 -\n \u003chttp://docs.info.apple.com/article.html?artnum=304829\u003e\n\n * Mac OS X: Updating your software -\n \u003chttp://docs.info.apple.com/article.html?artnum=106704\u003e\n\n * Apple Downloads - \u003chttp://www.apple.com/support/downloads/\u003e\n\n * OpenSSL: OpenSSL vulnerabilities -\n \u003chttp://www.openssl.org/news/vulnerabilities.html\u003e\n\n * Securing Your Web Browser -\n \u003chttp://www.us-cert.gov/reading_room/securing_browser/#Safari\u003e\n\n _________________________________________________________________\n\n The most recent version of this document can be found at:\n\n \u003chttp://www.us-cert.gov/cas/techalerts/TA06-333A.html\u003e\n _________________________________________________________________\n\n Feedback can be directed to US-CERT Technical Staff. Please send\n email to \u003ccert@cert.org\u003e with \"TA06-333A Feedback VU#191336\" in the\n subject. \n _________________________________________________________________\n\n Produced 2006 by US-CERT, a government organization. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 net-analyzer/tcpdump \u003c 3.8.3-r2 \u003e= 3.8.3-r2\n\nDescription\n===========\n\nTCPDump improperly handles and decodes ISIS, BGP, LDP (CAN-2005-1279)\nand RSVP (CAN-2005-1280) packets. TCPDump might loop endlessly after\nreceiving malformed packets. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll TCPDump users should upgrade to the latest available version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=net-analyzer/tcpdump-3.8.3-r2\"\n\nReferences\n==========\n\n [ 1 ] CAN-2005-1279\n http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2005-1279\n [ 2 ] CAN-2005-1280\n http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2005-1280\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-200505-06.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttp://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2005 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.0\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2005-1280"
},
{
"db": "CERT/CC",
"id": "VU#386964"
},
{
"db": "CERT/CC",
"id": "VU#773548"
},
{
"db": "CERT/CC",
"id": "VU#845620"
},
{
"db": "JVNDB",
"id": "JVNDB-2005-000283"
},
{
"db": "BID",
"id": "13390"
},
{
"db": "PACKETSTORM",
"id": "45250"
},
{
"db": "PACKETSTORM",
"id": "50178"
},
{
"db": "PACKETSTORM",
"id": "52708"
},
{
"db": "PACKETSTORM",
"id": "38413"
}
],
"trust": 4.41
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2005-1280",
"trust": 2.9
},
{
"db": "BID",
"id": "13390",
"trust": 2.7
},
{
"db": "SECUNIA",
"id": "15125",
"trust": 2.4
},
{
"db": "BID",
"id": "22083",
"trust": 1.6
},
{
"db": "SECUNIA",
"id": "18146",
"trust": 1.6
},
{
"db": "CERT/CC",
"id": "VU#773548",
"trust": 1.0
},
{
"db": "CERT/CC",
"id": "VU#845620",
"trust": 0.9
},
{
"db": "SECUNIA",
"id": "23280",
"trust": 0.8
},
{
"db": "SECUNIA",
"id": "23309",
"trust": 0.8
},
{
"db": "BID",
"id": "20246",
"trust": 0.8
},
{
"db": "CERT/CC",
"id": "VU#386964",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2007.0014",
"trust": 0.8
},
{
"db": "SECUNIA",
"id": "21709",
"trust": 0.8
},
{
"db": "BID",
"id": "13380",
"trust": 0.8
},
{
"db": "BID",
"id": "13389",
"trust": 0.8
},
{
"db": "BID",
"id": "13392",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2005-000283",
"trust": 0.8
},
{
"db": "FEDORA",
"id": "FLSA:156139",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20050426 TCPDUMP(/ETHEREAL)[]: (RSVP) RSVP_PRINT() INFINITE LOOP DOS.",
"trust": 0.6
},
{
"db": "REDHAT",
"id": "RHSA-2005:417",
"trust": 0.6
},
{
"db": "REDHAT",
"id": "RHSA-2005:421",
"trust": 0.6
},
{
"db": "SCO",
"id": "SCOSA-2005.60",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200505-090",
"trust": 0.6
},
{
"db": "CERT/CC",
"id": "VU#554780",
"trust": 0.2
},
{
"db": "CERT/CC",
"id": "VU#933712",
"trust": 0.2
},
{
"db": "CERT/CC",
"id": "VU#596848",
"trust": 0.2
},
{
"db": "CERT/CC",
"id": "VU#381508",
"trust": 0.2
},
{
"db": "SECUNIA",
"id": "21996",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "45250",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "50178",
"trust": 0.1
},
{
"db": "USCERT",
"id": "TA06-333A",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "52708",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "38413",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#386964"
},
{
"db": "CERT/CC",
"id": "VU#773548"
},
{
"db": "CERT/CC",
"id": "VU#845620"
},
{
"db": "BID",
"id": "13390"
},
{
"db": "JVNDB",
"id": "JVNDB-2005-000283"
},
{
"db": "PACKETSTORM",
"id": "45250"
},
{
"db": "PACKETSTORM",
"id": "50178"
},
{
"db": "PACKETSTORM",
"id": "52708"
},
{
"db": "PACKETSTORM",
"id": "38413"
},
{
"db": "CNNVD",
"id": "CNNVD-200505-090"
},
{
"db": "NVD",
"id": "CVE-2005-1280"
}
]
},
"id": "VAR-200505-1240",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.4615448
},
"last_update_date": "2024-07-23T21:40:35.490000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "257",
"trust": 0.8,
"url": "http://www.miraclelinux.com/support/index.php?q=node/99\u0026errata_id=257"
},
{
"title": "156040",
"trust": 0.8,
"url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=156040"
},
{
"title": "RHSA-2005:421",
"trust": 0.8,
"url": "https://rhn.redhat.com/errata/rhsa-2005-421.html"
},
{
"title": "RHSA-2005:417",
"trust": 0.8,
"url": "https://rhn.redhat.com/errata/rhsa-2005-417.html"
},
{
"title": "tcpdump \u30b3\u30de\u30f3\u30c9\u5b9f\u884c\u6642\u306b\u304a\u3051\u308b\u8106\u5f31\u6027",
"trust": 0.8,
"url": "http://www.seil.jp/seilseries/security/2009/07061763.php"
},
{
"title": "TLSA-2005-63",
"trust": 0.8,
"url": "http://www.turbolinux.com/security/2005/tlsa-2005-63.txt"
},
{
"title": "RHSA-2005:417",
"trust": 0.8,
"url": "http://www.jp.redhat.com/support/errata/rhsa/rhsa-2005-417j.html"
},
{
"title": "RHSA-2005:421",
"trust": 0.8,
"url": "http://www.jp.redhat.com/support/errata/rhsa/rhsa-2005-421j.html"
},
{
"title": "TLSA-2005-63",
"trust": 0.8,
"url": "http://www.turbolinux.co.jp/security/2005/tlsa-2005-63j.txt"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2005-000283"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2005-1280"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://secunia.com/advisories/15125"
},
{
"trust": 2.4,
"url": "http://www.securityfocus.com/bid/13390"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/22083"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/archive/1/396930"
},
{
"trust": 1.6,
"url": "http://www.redhat.com/support/errata/rhsa-2005-421.html"
},
{
"trust": 1.6,
"url": "http://www.redhat.com/support/errata/rhsa-2005-417.html"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/18146"
},
{
"trust": 1.6,
"url": "ftp://ftp.sco.com/pub/updates/unixware/scosa-2005.60/scosa-2005.60.txt"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/archive/1/430292/100/0/threaded"
},
{
"trust": 1.0,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a10732"
},
{
"trust": 0.8,
"url": "http://www.openssl.org/news/secadv_20060928.txt"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu%23386964/index.html"
},
{
"trust": 0.8,
"url": "http://secunia.com/advisories/23280/"
},
{
"trust": 0.8,
"url": "http://secunia.com/advisories/23309/"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/20246"
},
{
"trust": 0.8,
"url": "http://www.gzip.org/"
},
{
"trust": 0.8,
"url": "http://www.auscert.org.au/7179"
},
{
"trust": 0.8,
"url": "http://www.imc.org/ietf-openpgp/mail-archive/msg14307.html"
},
{
"trust": 0.8,
"url": "http://www.matasano.com/log/469/many-rsa-signatures-may-be-forgeable-in-openssl-and-elsewhere/"
},
{
"trust": 0.8,
"url": "http://www.openssl.org/news/secadv_20060905.txt "
},
{
"trust": 0.8,
"url": "http://secunia.com/advisories/21709/"
},
{
"trust": 0.8,
"url": "http://www.rsasecurity.com/rsalabs/node.asp?id=2125"
},
{
"trust": 0.8,
"url": "http://www.ietf.org/rfc/rfc3447.txt"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-1280"
},
{
"trust": 0.8,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2005-1280"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/13392"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/13389"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/13380"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/430292/100/0/threaded"
},
{
"trust": 0.3,
"url": "http://support.avaya.com/elmodocs2/security/asa-2005-137_rhsa-2005-417_rhsa-2005-421.pdf"
},
{
"trust": 0.3,
"url": "http://www.ipcop.org/modules.php?op=modload\u0026name=news\u0026file=article\u0026sid=21\u0026mode=thread\u0026order=0\u0026thold=0"
},
{
"trust": 0.3,
"url": "http://rhn.redhat.com/errata/rhsa-2005-417.html"
},
{
"trust": 0.3,
"url": "http://tech.f5.com/home/bigip/solutions/advisories/sol4809.html"
},
{
"trust": 0.3,
"url": "http://www.tcpdump.org/"
},
{
"trust": 0.3,
"url": "/archive/1/396930"
},
{
"trust": 0.3,
"url": "/archive/1/396932"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=3d156139"
},
{
"trust": 0.1,
"url": "http://download.fedoralegacy.org/redhat/9/updates/i386/libpcap-0.7.2-7.9.="
},
{
"trust": 0.1,
"url": "http://download.fedoralegacy.org/fedora/2/updates/i386/libpcap-0.8.3-6.fc="
},
{
"trust": 0.1,
"url": "http://download.fedoralegacy.org/redhat/9/updates/srpms/tcpdump-3.7.2-7.9="
},
{
"trust": 0.1,
"url": "http://download.fedoralegacy.org/fedora/2/updates/i386/tcpdump-3.8.2-6.fc="
},
{
"trust": 0.1,
"url": "http://www.fedoralegacy.org/about/security.php"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=3dcve-2005-1267"
},
{
"trust": 0.1,
"url": "http://download.fedoralegacy.org/fedora/1/updates/i386/libpcap-0.7.2-8.fc="
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=3dcve-2005-1278"
},
{
"trust": 0.1,
"url": "http://download.fedoralegacy.org/fedora/1/updates/srpms/tcpdump-3.7.2-8.f="
},
{
"trust": 0.1,
"url": "http://download.fedoralegacy.org/fedora/2/updates/i386/arpwatch-2.1a13-6.="
},
{
"trust": 0.1,
"url": "http://download.fedoralegacy.org/fedora/1/updates/i386/arpwatch-2.1a11-8.="
},
{
"trust": 0.1,
"url": "http://download.fedoralegacy.org/redhat/9/updates/i386/arpwatch-2.1a11-7.="
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=3dcve-2005-1280"
},
{
"trust": 0.1,
"url": "http://www.fedoralegacy.org"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=3dcve-2005-1279"
},
{
"trust": 0.1,
"url": "http://download.fedoralegacy.org/fedora/2/updates/srpms/tcpdump-3.8.2-6.f="
},
{
"trust": 0.1,
"url": "http://www.fedoralegacy.org/docs"
},
{
"trust": 0.1,
"url": "http://download.fedoralegacy.org/fedora/1/updates/i386/tcpdump-3.7.2-8.fc="
},
{
"trust": 0.1,
"url": "http://download.fedoralegacy.org/redhat/9/updates/i386/tcpdump-3.7.2-7.9.="
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/554780"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/381508"
},
{
"trust": 0.1,
"url": "http://secunia.com/quality_assurance_analyst/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/4220/"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/773548"
},
{
"trust": 0.1,
"url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=204676"
},
{
"trust": 0.1,
"url": "http://secunia.com/hardcore_disassembler_and_reverse_engineer/"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/933712"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/596848"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/21996/"
},
{
"trust": 0.1,
"url": "http://secunia.com/web_application_security_specialist/"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/845620\u003e"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/773548\u003e"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/933712\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/techalerts/ta06-333a.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/596848\u003e"
},
{
"trust": 0.1,
"url": "http://www.openssl.org/news/vulnerabilities.html\u003e"
},
{
"trust": 0.1,
"url": "http://docs.info.apple.com/article.html?artnum=304829\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/reading_room/securing_browser/#safari\u003e"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/byid?searchview\u0026query=apple-2006-007\u003e"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/381508\u003e"
},
{
"trust": 0.1,
"url": "http://www.apple.com/support/downloads/\u003e"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/byid?searchview\u0026query=openssl_secadv_20060928\u003e"
},
{
"trust": 0.1,
"url": "http://docs.info.apple.com/article.html?artnum=106704\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/legal.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/554780\u003e"
},
{
"trust": 0.1,
"url": "http://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2005-1280"
},
{
"trust": 0.1,
"url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2005-1279"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.0"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2005-1279"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2005-1280"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/glsa/glsa-200505-06.xml"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#386964"
},
{
"db": "CERT/CC",
"id": "VU#773548"
},
{
"db": "CERT/CC",
"id": "VU#845620"
},
{
"db": "BID",
"id": "13390"
},
{
"db": "JVNDB",
"id": "JVNDB-2005-000283"
},
{
"db": "PACKETSTORM",
"id": "45250"
},
{
"db": "PACKETSTORM",
"id": "50178"
},
{
"db": "PACKETSTORM",
"id": "52708"
},
{
"db": "PACKETSTORM",
"id": "38413"
},
{
"db": "CNNVD",
"id": "CNNVD-200505-090"
},
{
"db": "NVD",
"id": "CVE-2005-1280"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#386964"
},
{
"db": "CERT/CC",
"id": "VU#773548"
},
{
"db": "CERT/CC",
"id": "VU#845620"
},
{
"db": "BID",
"id": "13390"
},
{
"db": "JVNDB",
"id": "JVNDB-2005-000283"
},
{
"db": "PACKETSTORM",
"id": "45250"
},
{
"db": "PACKETSTORM",
"id": "50178"
},
{
"db": "PACKETSTORM",
"id": "52708"
},
{
"db": "PACKETSTORM",
"id": "38413"
},
{
"db": "CNNVD",
"id": "CNNVD-200505-090"
},
{
"db": "NVD",
"id": "CVE-2005-1280"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2006-09-28T00:00:00",
"db": "CERT/CC",
"id": "VU#386964"
},
{
"date": "2006-09-19T00:00:00",
"db": "CERT/CC",
"id": "VU#773548"
},
{
"date": "2006-09-11T00:00:00",
"db": "CERT/CC",
"id": "VU#845620"
},
{
"date": "2005-04-26T00:00:00",
"db": "BID",
"id": "13390"
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2005-000283"
},
{
"date": "2006-04-06T22:26:29",
"db": "PACKETSTORM",
"id": "45250"
},
{
"date": "2006-09-21T23:56:25",
"db": "PACKETSTORM",
"id": "50178"
},
{
"date": "2006-12-06T02:47:36",
"db": "PACKETSTORM",
"id": "52708"
},
{
"date": "2005-07-02T00:59:37",
"db": "PACKETSTORM",
"id": "38413"
},
{
"date": "2005-04-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200505-090"
},
{
"date": "2005-05-02T04:00:00",
"db": "NVD",
"id": "CVE-2005-1280"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-07-22T00:00:00",
"db": "CERT/CC",
"id": "VU#386964"
},
{
"date": "2011-07-22T00:00:00",
"db": "CERT/CC",
"id": "VU#773548"
},
{
"date": "2007-02-08T00:00:00",
"db": "CERT/CC",
"id": "VU#845620"
},
{
"date": "2009-06-23T19:19:00",
"db": "BID",
"id": "13390"
},
{
"date": "2009-08-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2005-000283"
},
{
"date": "2005-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200505-090"
},
{
"date": "2018-10-19T15:31:46.737000",
"db": "NVD",
"id": "CVE-2005-1280"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "52708"
},
{
"db": "CNNVD",
"id": "CNNVD-200505-090"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "OpenSSL SSLv2 client code fails to properly check for NULL",
"sources": [
{
"db": "CERT/CC",
"id": "VU#386964"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200505-090"
}
],
"trust": 0.6
}
}
Loading...
Loading...
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.