Redhat Fedora Core vulnerabilities

CVE-2005-0736 [LOW] CVE-2005-0736: Integer overflow in sys_epoll_wait in eventpoll.c for Linux kernel 2.6 to 2.6.11 allows local users Integer overflow in sys_epoll_wait in eventpoll.c for Linux kernel 2.6 to 2.6.11 allows local users to overwrite kernel memory via a large number of events.

CVE-2005-0667 [MEDIUM] CVE-2005-0667: Buffer overflow in Sylpheed before 1.0.3 and other versions before 1.9.5 allows remote attackers to Buffer overflow in Sylpheed before 1.0.3 and other versions before 1.9.5 allows remote attackers to execute arbitrary code via an e-mail message with certain headers containing non-ASCII characters that are not properly handled when the user replies to the message.

CVE-2005-0109 [MEDIUM] CVE-2005-0109: Hyper-Threading technology, as used in FreeBSD and other operating systems that are run on Intel Pen Hyper-Threading technology, as used in FreeBSD and other operating systems that are run on Intel Pentium and other processors, allows local users to use a malicious thread to create covert channels, monitor the execution of other threads, and obtain sensitive information such as cryptographic keys, via a timing attack on memory cache misses.

CVE-2005-0605 [HIGH] CVE-2005-0605: scan.c for LibXPM may allow attackers to execute arbitrary code via a negative bitmap_unit value tha scan.c for LibXPM may allow attackers to execute arbitrary code via a negative bitmap_unit value that leads to a buffer overflow.

CVE-2004-0989 [CRITICAL] CVE-2004-0989: Multiple buffer overflows in libXML 2.6.12 and 2.6.13 (libxml2), and possibly other versions, may al Multiple buffer overflows in libXML 2.6.12 and 2.6.13 (libxml2), and possibly other versions, may allow remote attackers to execute arbitrary code via (1) a long FTP URL that is not properly handled by the xmlNanoFTPScanURL function, (2) a long proxy URL containing FTP data that is not properly handled by the xmlNanoFTPScanProxy function, and other overflow

CVE-2004-0986 [HIGH] CVE-2004-0986: Iptables before 1.2.11, under certain conditions, does not properly load the required modules at sys Iptables before 1.2.11, under certain conditions, does not properly load the required modules at system startup, which causes the firewall rules to fail to load and protect the system from remote attackers.

CVE-2004-0960 [MEDIUM] CVE-2004-0960: FreeRADIUS before 1.0.1 allows remote attackers to cause a denial of service (core dump) via malform FreeRADIUS before 1.0.1 allows remote attackers to cause a denial of service (core dump) via malformed USR vendor-specific attributes (VSA) that cause a memcpy operation with a -1 argument.

CVE-2004-0961 [MEDIUM] CVE-2004-0961: Memory leak in FreeRADIUS before 1.0.1 allows remote attackers to cause a denial of service (memory Memory leak in FreeRADIUS before 1.0.1 allows remote attackers to cause a denial of service (memory exhaustion) via a series of Access-Request packets with (1) Ascend-Send-Secret, (2) Ascend-Recv-Secret, or (3) Tunnel-Password attributes.

CVE-2004-0974 [LOW] CVE-2004-0974: The netatalk package in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, The netatalk package in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files.

CVE-2005-0156 [LOW] CVE-2005-0156: Buffer overflow in the PerlIO implementation in Perl 5.8.0, when installed with setuid support (sper Buffer overflow in the PerlIO implementation in Perl 5.8.0, when installed with setuid support (sperl), allows local users to execute arbitrary code by setting the PERLIO_DEBUG variable and executing a Perl script whose full pathname contains a long directory tree.

CVE-2004-0902 [CRITICAL] CVE-2004-0902: Multiple heap-based buffer overflows in Mozilla Firefox before the Preview Release, Mozilla before 1 Multiple heap-based buffer overflows in Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allow remote attackers to cause a denial of service (application crash) or execute arbitrary code via (1) the "Send page" functionality, (2) certain responses from a malicious POP3 server, or (3) a link containing a non-ASCII

CVE-2004-0888 [CRITICAL] CVE-2004-0888: Multiple integer overflows in xpdf 2.0 and 3.0, and other packages that use xpdf code such as CUPS, Multiple integer overflows in xpdf 2.0 and 3.0, and other packages that use xpdf code such as CUPS, gpdf, and kdegraphics, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, a different set of vulnerabilities than those identified by CVE-2004-0889.

CVE-2004-0903 [CRITICAL] CVE-2004-0903: Stack-based buffer overflow in the writeGroup function in nsVCardObj.cpp for Mozilla Firefox before Stack-based buffer overflow in the writeGroup function in nsVCardObj.cpp for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows remote attackers to execute arbitrary code via malformed VCard attachments that are not properly handled when previewing a message.

CVE-2004-0889 [CRITICAL] CVE-2004-0889: Multiple integer overflows in xpdf 3.0, and other packages that use xpdf code such as CUPS, allow re Multiple integer overflows in xpdf 3.0, and other packages that use xpdf code such as CUPS, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, a different set of vulnerabilities than those identified by CVE-2004-0888.

CVE-2004-0882 [CRITICAL] CVE-2004-0882: Buffer overflow in the QFILEPATHINFO request handler in Samba 3.0.x through 3.0.7 may allow remote a Buffer overflow in the QFILEPATHINFO request handler in Samba 3.0.x through 3.0.7 may allow remote attackers to execute arbitrary code via a TRANSACT2_QFILEPATHINFO request with a small "maximum data bytes" value.

CVE-2004-0930 [MEDIUM] CVE-2004-0930: The ms_fnmatch function in Samba 3.0.4 and 3.0.7 and possibly other versions allows remote authentic The ms_fnmatch function in Samba 3.0.4 and 3.0.7 and possibly other versions allows remote authenticated users to cause a denial of service (CPU consumption) via a SAMBA request that contains multiple * (wildcard) characters.

CVE-2004-0918 [MEDIUM] CWE-399 CVE-2004-0918: The asn_parse_header function (asn1.c) in the SNMP module for Squid Web Proxy Cache before 2.4.STABL The asn_parse_header function (asn1.c) in the SNMP module for Squid Web Proxy Cache before 2.4.STABLE7 allows remote attackers to cause a denial of service (server restart) via certain SNMP packets with negative length fields that trigger a memory allocation error.

CVE-2004-0886 [MEDIUM] CVE-2004-0886: Multiple integer overflows in libtiff 3.6.1 and earlier allow remote attackers to cause a denial of Multiple integer overflows in libtiff 3.6.1 and earlier allow remote attackers to cause a denial of service (crash or memory corruption) via TIFF images that lead to incorrect malloc calls.

CVE-2004-1184 [MEDIUM] CVE-2004-1184: The EPSF pipe support in enscript 1.6.3 allows remote attackers or local users to execute arbitrary The EPSF pipe support in enscript 1.6.3 allows remote attackers or local users to execute arbitrary commands via shell metacharacters.

CVE-2004-1154 [CRITICAL] CVE-2004-1154: Integer overflow in the Samba daemon (smbd) in Samba 2.x and 3.0.x through 3.0.9 allows remote authe Integer overflow in the Samba daemon (smbd) in Samba 2.x and 3.0.x through 3.0.9 allows remote authenticated users to cause a denial of service (application crash) and possibly execute arbitrary code via a Samba request with a large number of security descriptors that triggers a heap-based buffer overflow.