Redhat Enterprise Linux Desktop vulnerabilities

CVE-2005-1194 [MEDIUM] CVE-2005-1194: Stack-based buffer overflow in the ieee_putascii function for nasm 0.98 and earlier allows attackers Stack-based buffer overflow in the ieee_putascii function for nasm 0.98 and earlier allows attackers to execute arbitrary code via a crafted asm file, a different vulnerability than CVE-2004-1287.

CVE-2005-0337 [HIGH] CVE-2005-0337: Postfix 2.1.3, when /proc/net/if_inet6 is not available and permit_mx_backup is enabled in smtpd_rec Postfix 2.1.3, when /proc/net/if_inet6 is not available and permit_mx_backup is enabled in smtpd_recipient_restrictions, allows remote attackers to bypass e-mail restrictions and perform mail relaying by sending mail to an IPv6 hostname.

CVE-2005-0086 [HIGH] CVE-2005-0086: Heap-based buffer overflow in less in Red Hat Enterprise Linux 3 allows attackers to cause a denial Heap-based buffer overflow in less in Red Hat Enterprise Linux 3 allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted file, as demonstrated using the UTF-8 locale.

CVE-2005-0091 [HIGH] CVE-2005-0091: Unknown vulnerability in the Red Hat Enterprise Linux 4 kernel 4GB/4GB split patch, when using the h Unknown vulnerability in the Red Hat Enterprise Linux 4 kernel 4GB/4GB split patch, when using the hugemem kernel, allows local users to read and write to arbitrary kernel memory and gain privileges via certain syscalls.

CVE-2005-0001 [MEDIUM] CVE-2005-0001: Race condition in the page fault handler (fault.c) for Linux kernel 2.2.x to 2.2.7, 2.4 to 2.4.29, a Race condition in the page fault handler (fault.c) for Linux kernel 2.2.x to 2.2.7, 2.4 to 2.4.29, and 2.6 to 2.6.10, when running on multiprocessor machines, allows local users to execute arbitrary code via concurrent threads that share the same virtual memory space and simultaneously request stack expansion.

CVE-2005-0078 [MEDIUM] CVE-2005-0078: The KDE screen saver in KDE before 3.0.5 does not properly check the return value from a certain fun The KDE screen saver in KDE before 3.0.5 does not properly check the return value from a certain function call, which allows attackers with physical access to cause a crash and access the desktop session.

CVE-2005-0090 [LOW] CVE-2005-0090: A regression error in the Red Hat Enterprise Linux 4 kernel 4GB/4GB split patch omits an "access che A regression error in the Red Hat Enterprise Linux 4 kernel 4GB/4GB split patch omits an "access check," which allows local users to cause a denial of service (crash).

CVE-2005-0207 [LOW] CVE-2005-0207: Unknown vulnerability in Linux kernel 2.4.x, 2.5.x, and 2.6.x allows NFS clients to cause a denial o Unknown vulnerability in Linux kernel 2.4.x, 2.5.x, and 2.6.x allows NFS clients to cause a denial of service via O_DIRECT.

CVE-2005-0077 [LOW] CVE-2005-0077: The DBI library (libdbi-perl) for Perl allows local users to overwrite arbitrary files via a symlink The DBI library (libdbi-perl) for Perl allows local users to overwrite arbitrary files via a symlink attack on a temporary PID file.

CVE-2005-0988 [LOW] CVE-2005-0988: Race condition in gzip 1.2.4, 1.3.3, and earlier, when decompressing a gzipped file, allows local us Race condition in gzip 1.2.4, 1.3.3, and earlier, when decompressing a gzipped file, allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by gzip after the decompression is complete.

CVE-2005-0206 [HIGH] CVE-2005-0206: The patch for integer overflow vulnerabilities in Xpdf 2.0 and 3.0 (CVE-2004-0888) is incomplete for The patch for integer overflow vulnerabilities in Xpdf 2.0 and 3.0 (CVE-2004-0888) is incomplete for 64-bit architectures on certain Linux distributions such as Red Hat, which could leave Xpdf users exposed to the original vulnerabilities.

CVE-2004-1235 [MEDIUM] CVE-2004-1235: Race condition in the (1) load_elf_library and (2) binfmt_aout function calls for uselib in Linux ke Race condition in the (1) load_elf_library and (2) binfmt_aout function calls for uselib in Linux kernel 2.4 through 2.429-rc2 and 2.6 through 2.6.10 allows local users to execute arbitrary code by manipulating the VMA descriptor.

CVE-2004-0812 [LOW] CVE-2004-0812: Unknown vulnerability in the Linux kernel before 2.4.23, on the AMD AMD64 and Intel EM64T architectu Unknown vulnerability in the Linux kernel before 2.4.23, on the AMD AMD64 and Intel EM64T architectures, associated with "setting up TSS limits," allows local users to cause a denial of service (crash) and possibly execute arbitrary code.

CVE-2004-1237 [LOW] CVE-2004-1237: Unknown vulnerability in the system call filtering code in the audit subsystem for Red Hat Enterpris Unknown vulnerability in the system call filtering code in the audit subsystem for Red Hat Enterprise Linux 3 allows local users to cause a denial of service (system crash) via unknown vectors.

CVE-2005-0003 [LOW] CVE-2005-0003: The 64 bit ELF support in Linux kernel 2.6 before 2.6.10, on 64-bit architectures, does not properly The 64 bit ELF support in Linux kernel 2.6 before 2.6.10, on 64-bit architectures, does not properly check for overlapping VMA (virtual memory address) allocations, which allows local users to cause a denial of service (system crash) or execute arbitrary code via a crafted ELF or a.out file.

CVE-2005-0750 [HIGH] CVE-2005-0750: The bluez_sock_create function in the Bluetooth stack for Linux kernel 2.4.6 through 2.4.30-rc1 and The bluez_sock_create function in the Bluetooth stack for Linux kernel 2.4.6 through 2.4.30-rc1 and 2.6 through 2.6.11.5 allows local users to gain privileges via (1) socket or (2) socketpair call with a negative protocol value.

CVE-2005-0398 [MEDIUM] CVE-2005-0398: The KAME racoon daemon in ipsec-tools before 0.5 allows remote attackers to cause a denial of servic The KAME racoon daemon in ipsec-tools before 0.5 allows remote attackers to cause a denial of service (crash) via malformed ISAKMP packets.

CVE-2005-0473 [MEDIUM] CVE-2005-0473: The HTML parsing functions in Gaim before 1.1.3 allow remote attackers to cause a denial of service The HTML parsing functions in Gaim before 1.1.3 allow remote attackers to cause a denial of service (application crash) via malformed HTML that causes "an invalid memory access," a different vulnerability than CVE-2005-0208.

CVE-2005-0472 [MEDIUM] CVE-2005-0472: Gaim before 1.1.3 allows remote attackers to cause a denial of service (infinite loop) via malformed Gaim before 1.1.3 allows remote attackers to cause a denial of service (infinite loop) via malformed SNAC packets from (1) AIM or (2) ICQ.

CVE-2005-0736 [LOW] CVE-2005-0736: Integer overflow in sys_epoll_wait in eventpoll.c for Linux kernel 2.6 to 2.6.11 allows local users Integer overflow in sys_epoll_wait in eventpoll.c for Linux kernel 2.6 to 2.6.11 allows local users to overwrite kernel memory via a large number of events.