Redhat Enterprise Linux vulnerabilities

CVE-2004-0557 [CRITICAL] CVE-2004-0557: Multiple buffer overflows in the st_wavstartread function in wav.c for Sound eXchange (SoX) 12.17.2 Multiple buffer overflows in the st_wavstartread function in wav.c for Sound eXchange (SoX) 12.17.2 through 12.17.4 allow remote attackers to execute arbitrary code via certain WAV file header fields.

CVE-2004-0495 [HIGH] CVE-2004-0495: Multiple unknown vulnerabilities in Linux kernel 2.4 and 2.6 allow local users to gain privileges or Multiple unknown vulnerabilities in Linux kernel 2.4 and 2.6 allow local users to gain privileges or access kernel memory, as found by the Sparse source code checking tool.

CVE-2004-0554 [LOW] CVE-2004-0554: Linux kernel 2.4.x and 2.6.x for x86 allows local users to cause a denial of service (system crash), Linux kernel 2.4.x and 2.6.x for x86 allows local users to cause a denial of service (system crash), possibly via an infinite loop that triggers a signal handler with a certain sequence of fsave and frstor instructions, as originally demonstrated using a "crash.c" program.

CVE-2004-0111 [MEDIUM] CVE-2004-0111: gdk-pixbuf before 0.20 allows attackers to cause a denial of service (crash) via a malformed bitmap gdk-pixbuf before 0.20 allows attackers to cause a denial of service (crash) via a malformed bitmap (BMP) file.

CVE-2004-0105 [HIGH] CVE-2004-0105: Multiple buffer overflows in Metamail 2.7 and earlier allow remote attackers to execute arbitrary co Multiple buffer overflows in Metamail 2.7 and earlier allow remote attackers to execute arbitrary code.

CVE-2004-0104 [HIGH] CVE-2004-0104: Multiple format string vulnerabilities in Metamail 2.7 and earlier allow remote attackers to execute Multiple format string vulnerabilities in Metamail 2.7 and earlier allow remote attackers to execute arbitrary code.

CVE-2003-0857 [MEDIUM] CWE-264 CVE-2003-0857: The (1) ipq_read and (2) ipulog_read functions in iptables allow local users to cause a denial of se The (1) ipq_read and (2) ipulog_read functions in iptables allow local users to cause a denial of service by sending spoofed messages as other users to the kernel netlink interface.

CVE-2003-1295 [LOW] CVE-2003-1295: Unspecified vulnerability in xscreensaver 4.12, and possibly other versions, allows attackers to cau Unspecified vulnerability in xscreensaver 4.12, and possibly other versions, allows attackers to cause xscreensaver to crash via unspecified vectors "while verifying the user-password."

CVE-2003-0986 [LOW] CVE-2003-0986: Various routines for the ppc64 architecture on Linux kernel 2.6 prior to 2.6.2 and 2.4 prior to 2.4. Various routines for the ppc64 architecture on Linux kernel 2.6 prior to 2.6.2 and 2.4 prior to 2.4.24 do not use the copy_from_user function when copying data from userspace to kernelspace, which crosses security boundaries and allows local users to cause a denial of service.

CVE-2003-0859 [MEDIUM] CVE-2003-0859: The getifaddrs function in GNU libc (glibc) 2.2.4 and earlier allows local users to cause a denial o The getifaddrs function in GNU libc (glibc) 2.2.4 and earlier allows local users to cause a denial of service by sending spoofed messages as other users to the kernel netlink interface.

CVE-2003-0689 [HIGH] CVE-2003-0689: The getgrouplist function in GNU libc (glibc) 2.2.4 and earlier allows attackers to cause a denial o The getgrouplist function in GNU libc (glibc) 2.2.4 and earlier allows attackers to cause a denial of service (segmentation fault) and execute arbitrary code when a user is a member of a large number of groups, which can cause a buffer overflow.

CVE-2003-0699 [HIGH] CVE-2003-0699: The C-Media PCI sound driver in Linux before 2.4.21 does not use the get_user function to access use The C-Media PCI sound driver in Linux before 2.4.21 does not use the get_user function to access userspace, which crosses security boundaries and may facilitate the exploitation of vulnerabilities, a different vulnerability than CVE-2003-0700.

CVE-2003-0548 [MEDIUM] CVE-2003-0548: The X Display Manager Control Protocol (XDMCP) support for GDM before 2.4.1.6 allows attackers to ca The X Display Manager Control Protocol (XDMCP) support for GDM before 2.4.1.6 allows attackers to cause a denial of service (daemon crash) when a chosen host expires, a different issue than CVE-2003-0549.

CVE-2003-0549 [MEDIUM] CVE-2003-0549: The X Display Manager Control Protocol (XDMCP) support for GDM before 2.4.1.6 allows attackers to ca The X Display Manager Control Protocol (XDMCP) support for GDM before 2.4.1.6 allows attackers to cause a denial of service (daemon crash) via a short authorization key name.

CVE-2003-0434 [HIGH] CVE-2003-0434: Various PDF viewers including (1) Adobe Acrobat 5.06 and (2) Xpdf 1.01 allow remote attackers to exe Various PDF viewers including (1) Adobe Acrobat 5.06 and (2) Xpdf 1.01 allow remote attackers to execute arbitrary commands via shell metacharacters in an embedded hyperlink.

CVE-2002-2185 [MEDIUM] CVE-2002-2185: The Internet Group Management Protocol (IGMP) allows local users to cause a denial of service via an The Internet Group Management Protocol (IGMP) allows local users to cause a denial of service via an IGMP membership report to a target's Ethernet address instead of the Multicast group address, which causes the target to stop sending reports to the router and effectively disconnect the group from the network.

CVE-2002-1323 [MEDIUM] CVE-2002-1323: Safe.pm 2.0.7 and earlier, when used in Perl 5.8.0 and earlier, may allow attackers to break out of Safe.pm 2.0.7 and earlier, when used in Perl 5.8.0 and earlier, may allow attackers to break out of safe compartments in (1) Safe::reval or (2) Safe::rdo using a redefined @_ variable, which is not reset between successive calls.

CVE-1999-1572 [LOW] CVE-1999-1572: cpio on FreeBSD 2.1.0, Debian GNU/Linux 3.0, and possibly other operating systems, uses a 0 umask wh cpio on FreeBSD 2.1.0, Debian GNU/Linux 3.0, and possibly other operating systems, uses a 0 umask when creating files using the -O (archive) or -F options, which creates the files with mode 0666 and allows local users to read or overwrite those files.