Gentoo Linux vulnerabilities

CVE-2004-0495 [HIGH] CVE-2004-0495: Multiple unknown vulnerabilities in Linux kernel 2.4 and 2.6 allow local users to gain privileges or Multiple unknown vulnerabilities in Linux kernel 2.4 and 2.6 allow local users to gain privileges or access kernel memory, as found by the Sparse source code checking tool.

CVE-2004-0493 [MEDIUM] CVE-2004-0493: The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows remote attackers to cause a deni The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows remote attackers to cause a denial of service (memory exhaustion), and possibly an integer signedness error leading to a heap-based buffer overflow on 64 bit systems, via long header lines with large numbers of space or tab characters.

CVE-2004-0417 [MEDIUM] CVE-2004-0417: Integer overflow in the "Max-dotdot" CVS protocol command (serve_max_dotdot) for CVS 1.12.x through Integer overflow in the "Max-dotdot" CVS protocol command (serve_max_dotdot) for CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, may allow remote attackers to cause a server crash, which could cause temporary data to remain undeleted and consume disk space.

CVE-2004-0535 [LOW] CVE-2004-0535: The e1000 driver for Linux kernel 2.4.26 and earlier does not properly initialize memory before usin The e1000 driver for Linux kernel 2.4.26 and earlier does not properly initialize memory before using it, which allows local users to read portions of kernel memory. NOTE: this issue was originally incorrectly reported as a "buffer overflow" by some sources.

CVE-2004-0554 [LOW] CVE-2004-0554: Linux kernel 2.4.x and 2.6.x for x86 allows local users to cause a denial of service (system crash), Linux kernel 2.4.x and 2.6.x for x86 allows local users to cause a denial of service (system crash), possibly via an infinite loop that triggers a signal handler with a certain sequence of fsave and frstor instructions, as originally demonstrated using a "crash.c" program.

CVE-2004-0700 [HIGH] CVE-2004-0700: Format string vulnerability in the mod_proxy hook functions function in ssl_engine_log.c in mod_ssl Format string vulnerability in the mod_proxy hook functions function in ssl_engine_log.c in mod_ssl before 2.8.19 for Apache before 1.3.31 may allow remote attackers to execute arbitrary messages via format string specifiers in certain log messages for HTTPS that are handled by the ssl_log function.

CVE-2004-0386 [CRITICAL] CVE-2004-0386: Buffer overflow in the HTTP parser for MPlayer 1.0pre3 and earlier, 0.90, and 0.91 allows remote att Buffer overflow in the HTTP parser for MPlayer 1.0pre3 and earlier, 0.90, and 0.91 allows remote attackers to execute arbitrary code via a long Location header.

CVE-2004-1983 [LOW] CVE-2004-1983: The arch_get_unmapped_area function in mmap.c in the PaX patches for Linux kernel 2.6, when Address The arch_get_unmapped_area function in mmap.c in the PaX patches for Linux kernel 2.6, when Address Space Layout Randomization (ASLR) is enabled, allows local users to cause a denial of service (infinite loop) via unknown attack vectors.

CVE-2004-0224 [HIGH] CVE-2004-0224: Multiple buffer overflows in (1) iso2022jp.c or (2) shiftjis.c for Courier-IMAP before 3.0.0, Courie Multiple buffer overflows in (1) iso2022jp.c or (2) shiftjis.c for Courier-IMAP before 3.0.0, Courier before 0.45, and SqWebMail before 4.0.0 may allow remote attackers to execute arbitrary code "when Unicode character is out of BMP range."

CVE-2003-0694 [CRITICAL] CVE-2003-0694: The prescan function in Sendmail 8.12.9 allows remote attackers to execute arbitrary code via buffer The prescan function in Sendmail 8.12.9 allows remote attackers to execute arbitrary code via buffer overflow attacks, as demonstrated using the parseaddr function in parseaddr.c.

CVE-2003-0681 [HIGH] CVE-2003-0681: A "potential buffer overflow in ruleset parsing" for Sendmail 8.12.9, when using the nonstandard rul A "potential buffer overflow in ruleset parsing" for Sendmail 8.12.9, when using the nonstandard rulesets (1) recipient (2), final, or (3) mailer-specific envelope recipients, has unknown consequences.

CVE-2002-1337 [CRITICAL] CWE-120 CVE-2002-1337: Buffer overflow in Sendmail 5.79 to 8.12.7 allows remote attackers to execute arbitrary code via cer Buffer overflow in Sendmail 5.79 to 8.12.7 allows remote attackers to execute arbitrary code via certain formatted address fields, related to sender and recipient header comments as processed by the crackaddr function of headers.c.