Mandrakesoft Mandrake Linux vulnerabilities

CVE-2008-0595 [MEDIUM] CWE-863 CVE-2008-0595: dbus-daemon in D-Bus before 1.0.3, and 1.1.x before 1.1.20, recognizes send_interface attributes in dbus-daemon in D-Bus before 1.0.3, and 1.1.x before 1.1.20, recognizes send_interface attributes in allow directives in the security policy only for fully qualified method calls, which allows local users to bypass intended access restrictions via a method call with a NULL interface.

CVE-2007-6284 [MEDIUM] CWE-399 CVE-2007-6284: The xmlCurrentChar function in libxml2 before 2.6.31 allows context-dependent attackers to cause a d The xmlCurrentChar function in libxml2 before 2.6.31 allows context-dependent attackers to cause a denial of service (infinite loop) via XML containing invalid UTF-8 sequences.

CVE-2007-0454 [HIGH] CWE-134 CVE-2007-0454: Format string vulnerability in the afsacl.so VFS module in Samba 3.0.6 through 3.0.23d allows contex Format string vulnerability in the afsacl.so VFS module in Samba 3.0.6 through 3.0.23d allows context-dependent attackers to execute arbitrary code via format string specifiers in a filename on an AFS file system, which is not properly handled during Windows ACL mapping.

CVE-2006-0745 [HIGH] CVE-2006-0745: X.Org server (xorg-server) 1.0.0 and later, X11R6.9.0, and X11R7.0 inadvertently treats the address X.Org server (xorg-server) 1.0.0 and later, X11R6.9.0, and X11R7.0 inadvertently treats the address of the geteuid function as if it is the return value of a call to geteuid, which allows local users to bypass intended restrictions and (1) execute arbitrary code via the -modulepath command line option or (2) overwrite arbitrary files via -logfile.

CVE-2005-3625 [CRITICAL] CWE-399 CVE-2005-3625: Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and oth Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (infinite loop) via streams that end prematurely, as demonstrated using the (1) CCITTFaxDecode and (2) DCTDecode streams, aka "Infinite CPU spins."

CVE-2005-3624 [MEDIUM] CWE-189 CVE-2005-3624: The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, t The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others allows attackers to corrupt the heap via negative or large integers in a CCITTFaxDecode stream, which lead to integer overflows and integer underflows.

CVE-2005-3626 [MEDIUM] CWE-399 CVE-2005-3626: Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and oth Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (crash) via a crafted FlateDecode stream that triggers a null dereference.

CVE-2005-2377 [MEDIUM] CVE-2005-2377: nss_ldap 181 to versions before 213, as used in Mandrake Corporate Server and Mandrake 10.0, and oth nss_ldap 181 to versions before 213, as used in Mandrake Corporate Server and Mandrake 10.0, and other operating systems, does not properly handle a SIGPIPE signal when sending a search request to an LDAP directory server, which might allow remote attackers to cause a denial of service (crond and other application crash) if they can cause an LDAP server to be

CVE-2005-1267 [MEDIUM] CVE-2005-1267: The bgp_update_print function in tcpdump 3.x does not properly handle a -1 return value from the dec The bgp_update_print function in tcpdump 3.x does not properly handle a -1 return value from the decode_prefix4 function, which allows remote attackers to cause a denial of service (infinite loop) via a crafted BGP packet.

CVE-2005-0085 [MEDIUM] CVE-2005-0085: Cross-site scripting (XSS) vulnerability in ht://dig (htdig) before 3.1.6-r7 allows remote attackers Cross-site scripting (XSS) vulnerability in ht://dig (htdig) before 3.1.6-r7 allows remote attackers to execute arbitrary web script or HTML via the config parameter, which is not properly sanitized before it is displayed in an error message.

CVE-2005-0020 [HIGH] CVE-2005-0020: Buffer overflow in playmidi before 2.4 allows local users to execute arbitrary code. Buffer overflow in playmidi before 2.4 allows local users to execute arbitrary code.

CVE-2004-1235 [MEDIUM] CVE-2004-1235: Race condition in the (1) load_elf_library and (2) binfmt_aout function calls for uselib in Linux ke Race condition in the (1) load_elf_library and (2) binfmt_aout function calls for uselib in Linux kernel 2.4 through 2.429-rc2 and 2.6 through 2.6.10 allows local users to execute arbitrary code by manipulating the VMA descriptor.

CVE-2005-0003 [LOW] CVE-2005-0003: The 64 bit ELF support in Linux kernel 2.6 before 2.6.10, on 64-bit architectures, does not properly The 64 bit ELF support in Linux kernel 2.6 before 2.6.10, on 64-bit architectures, does not properly check for overlapping VMA (virtual memory address) allocations, which allows local users to cause a denial of service (system crash) or execute arbitrary code via a crafted ELF or a.out file.

CVE-2005-0473 [MEDIUM] CVE-2005-0473: The HTML parsing functions in Gaim before 1.1.3 allow remote attackers to cause a denial of service The HTML parsing functions in Gaim before 1.1.3 allow remote attackers to cause a denial of service (application crash) via malformed HTML that causes "an invalid memory access," a different vulnerability than CVE-2005-0208.

CVE-2005-0472 [MEDIUM] CVE-2005-0472: Gaim before 1.1.3 allows remote attackers to cause a denial of service (infinite loop) via malformed Gaim before 1.1.3 allows remote attackers to cause a denial of service (infinite loop) via malformed SNAC packets from (1) AIM or (2) ICQ.

CVE-2005-0605 [HIGH] CVE-2005-0605: scan.c for LibXPM may allow attackers to execute arbitrary code via a negative bitmap_unit value tha scan.c for LibXPM may allow attackers to execute arbitrary code via a negative bitmap_unit value that leads to a buffer overflow.

CVE-2004-1051 [HIGH] CVE-2004-1051: sudo before 1.6.8p2 allows local users to execute arbitrary commands by using "()" style environment sudo before 1.6.8p2 allows local users to execute arbitrary commands by using "()" style environment variables to create functions that have the same name as any program within the bash script that is called without using the program's full pathname.

CVE-2004-0983 [MEDIUM] CVE-2004-0983: The CGI module in Ruby 1.6 before 1.6.8, and 1.8 before 1.8.2, allows remote attackers to cause a de The CGI module in Ruby 1.6 before 1.6.8, and 1.8 before 1.8.2, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a certain HTTP request.

CVE-2005-0503 [MEDIUM] CVE-2005-0503: uim before 0.4.5.1 trusts certain environment variables when libUIM is used in setuid or setgid appl uim before 0.4.5.1 trusts certain environment variables when libUIM is used in setuid or setgid applications, which allows local users to gain privileges.

CVE-2004-0937 [HIGH] CVE-2004-0937: Sophos Anti-Virus before 3.87.0, and Sophos Anti-Virus for Windows 95, 98, and Me before 3.88.0, all Sophos Anti-Virus before 3.87.0, and Sophos Anti-Virus for Windows 95, 98, and Me before 3.88.0, allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system.