Redhat Enterprise Linux Desktop vulnerabilities

CVE-2008-1945 [LOW] CVE-2008-1945: QEMU 0.9.0 does not properly handle changes to removable media, which allows guest OS users to read QEMU 0.9.0 does not properly handle changes to removable media, which allows guest OS users to read arbitrary files on the host OS by using the diskformat: parameter in the -usbdevice option to modify the disk-image header to identify a different format, a related issue to CVE-2008-2004.

CVE-2008-3272 [LOW] CWE-200 CVE-2008-3272: The snd_seq_oss_synth_make_info function in sound/core/seq/oss/seq_oss_synth.c in the sound subsyste The snd_seq_oss_synth_make_info function in sound/core/seq/oss/seq_oss_synth.c in the sound subsystem in the Linux kernel before 2.6.27-rc2 does not verify that the device number is within the range defined by max_synthdev before returning certain data to the caller, which allows local users to obtain sensitive information.

CVE-2008-2365 [MEDIUM] CWE-362 CVE-2008-2365: Race condition in the ptrace and utrace support in the Linux kernel 2.6.9 through 2.6.25, as used in Race condition in the ptrace and utrace support in the Linux kernel 2.6.9 through 2.6.25, as used in Red Hat Enterprise Linux (RHEL) 4, allows local users to cause a denial of service (oops) via a long series of PTRACE_ATTACH ptrace calls to another user's process that trigger a conflict between utrace_detach and report_quiescent, related to "late ptr

CVE-2008-2364 [MEDIUM] CWE-770 CVE-2008-2364: The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apach The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service (memory consumption) via a large number of interim responses.

CVE-2008-1767 [HIGH] CWE-119 CVE-2008-1767: Buffer overflow in pattern.c in libxslt before 1.1.24 allows context-dependent attackers to cause a Buffer overflow in pattern.c in libxslt before 1.1.24 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via an XSL style sheet file with a long XSLT "transformation match" condition that triggers a large number of steps.

CVE-2007-6282 [HIGH] CWE-16 CVE-2007-6282: The IPsec implementation in Linux kernel before 2.6.25 allows remote routers to cause a denial of se The IPsec implementation in Linux kernel before 2.6.25 allows remote routers to cause a denial of service (crash) via a fragmented ESP packet in which the first fragment does not contain the entire ESP header and IV.

CVE-2007-5001 [MEDIUM] CWE-399 CVE-2007-5001: Linux kernel before 2.4.21 allows local users to cause a denial of service (kernel panic) via asynch Linux kernel before 2.4.21 allows local users to cause a denial of service (kernel panic) via asynchronous input or output on a FIFO special file.

CVE-2008-1615 [MEDIUM] CWE-399 CVE-2008-1615: Linux kernel 2.6.18, and possibly other versions, when running on AMD64 architectures, allows local Linux kernel 2.6.18, and possibly other versions, when running on AMD64 architectures, allows local users to cause a denial of service (crash) via certain ptrace calls.

CVE-2007-4130 [HIGH] CWE-20 CVE-2007-4130: The Linux kernel 2.6.9 before 2.6.9-67 in Red Hat Enterprise Linux (RHEL) 4 on Itanium (ia64) does n The Linux kernel 2.6.9 before 2.6.9-67 in Red Hat Enterprise Linux (RHEL) 4 on Itanium (ia64) does not properly handle page faults during NUMA memory access, which allows local users to cause a denial of service (panic) via invalid arguments to set_mempolicy in an MPOL_BIND operation.

CVE-2008-0455 [MEDIUM] CWE-79 CVE-2008-0455: Cross-site scripting (XSS) vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2 Cross-site scripting (XSS) vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary web script or HTML by uploading a file with a name containing XSS sequences and a

CVE-2008-0456 [LOW] CWE-74 CVE-2008-0456: CRLF injection vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earli CRLF injection vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks by uploading a file with a multi-line n

CVE-2007-6283 [MEDIUM] CWE-200 CVE-2007-6283: Red Hat Enterprise Linux 5 and Fedora install the Bind /etc/rndc.key file with world-readable permis Red Hat Enterprise Linux 5 and Fedora install the Bind /etc/rndc.key file with world-readable permissions, which allows local users to perform unauthorized named commands, such as causing a denial of service by stopping named.

CVE-2007-6206 [LOW] CWE-200 CVE-2007-6206: The do_coredump function in fs/exec.c in Linux kernel 2.4.x and 2.6.x up to 2.6.24-rc3, and possibly The do_coredump function in fs/exec.c in Linux kernel 2.4.x and 2.6.x up to 2.6.24-rc3, and possibly other versions, does not change the UID of a core dump file if it exists before a root process creates a core dump in the same location, which might allow local users to obtain sensitive information.

CVE-2006-7226 [MEDIUM] CVE-2006-7226: Perl-Compatible Regular Expression (PCRE) library before 6.7 does not properly calculate the compile Perl-Compatible Regular Expression (PCRE) library before 6.7 does not properly calculate the compiled memory allocation for regular expressions that involve a quantified "subpattern containing a named recursion or subroutine reference," which allows context-dependent attackers to cause a denial of service (error or crash).

CVE-2007-3103 [MEDIUM] CWE-59 CVE-2007-3103: The init.d script for the X.Org X11 xfs font server on various Linux distributions might allow local The init.d script for the X.Org X11 xfs font server on various Linux distributions might allow local users to change the permissions of arbitrary files via a symlink attack on the /tmp/.font-unix temporary file.

CVE-2006-5752 [MEDIUM] CVE-2006-5752: Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Ser Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browsers that perform "charset detection" when the content-type i

CVE-2007-0773 [MEDIUM] CVE-2007-0773: The Linux kernel before 2.6.9-42.0.8 in Red Hat 4.4 allows local users to cause a denial of service The Linux kernel before 2.6.9-42.0.8 in Red Hat 4.4 allows local users to cause a denial of service (kernel OOPS from null dereference) via fput in a 32-bit ioctl on 64-bit x86 systems, an incomplete fix of CVE-2005-3044.1.

CVE-2007-3304 [MEDIUM] CVE-2007-3304: Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a de Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the worker_score and process_score arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the master process, aka "SIGUSR1 killer."

CVE-2007-1351 [HIGH] CWE-189 CVE-2007-1351: Integer overflow in the bdfReadCharacters function in bdfread.c in (1) X.Org libXfont before 2007040 Integer overflow in the bdfReadCharacters function in bdfread.c in (1) X.Org libXfont before 20070403 and (2) freetype 2.3.2 and earlier allows remote authenticated users to execute arbitrary code via crafted BDF fonts, which result in a heap overflow.

CVE-2007-1352 [LOW] CVE-2007-1352: Integer overflow in the FontFileInitTable function in X.Org libXfont before 20070403 allows remote a Integer overflow in the FontFileInitTable function in X.Org libXfont before 20070403 allows remote authenticated users to execute arbitrary code via a long first line in the fonts.dir file, which results in a heap overflow.