Sgi Propack vulnerabilities

CVE-2004-0418 [CRITICAL] CVE-2004-0418: serve_notify in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle empt serve_notify in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle empty data lines, which may allow remote attackers to perform an "out-of-bounds" write for a single byte to execute arbitrary code or modify critical program data.

CVE-2004-0639 [MEDIUM] CVE-2004-0639: Multiple cross-site scripting (XSS) vulnerabilities in Squirrelmail 1.2.10 and earlier allow remote Multiple cross-site scripting (XSS) vulnerabilities in Squirrelmail 1.2.10 and earlier allow remote attackers to inject arbitrary HTML or script via (1) the $mailer variable in read_body.php, (2) the $senderNames_part variable in mailbox_display.php, and possibly other vectors including (3) the $event_title variable or (4) the $event_text variable.

CVE-2004-0417 [MEDIUM] CVE-2004-0417: Integer overflow in the "Max-dotdot" CVS protocol command (serve_max_dotdot) for CVS 1.12.x through Integer overflow in the "Max-dotdot" CVS protocol command (serve_max_dotdot) for CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, may allow remote attackers to cause a server crash, which could cause temporary data to remain undeleted and consume disk space.

CVE-2004-0424 [HIGH] CVE-2004-0424: Integer overflow in the ip_setsockopt function in Linux kernel 2.4.22 through 2.4.25 and 2.6.1 throu Integer overflow in the ip_setsockopt function in Linux kernel 2.4.22 through 2.4.25 and 2.6.1 through 2.6.3 allows local users to cause a denial of service (crash) or execute arbitrary code via the MCAST_MSFILTER socket option.

CVE-2004-0148 [HIGH] CVE-2004-0148: wu-ftpd 2.6.2 and earlier, with the restricted-gid option enabled, allows local users to bypass acce wu-ftpd 2.6.2 and earlier, with the restricted-gid option enabled, allows local users to bypass access restrictions by changing the permissions to prevent access to their home directory, which causes wu-ftpd to use the root directory instead.

CVE-2004-0111 [MEDIUM] CVE-2004-0111: gdk-pixbuf before 0.20 allows attackers to cause a denial of service (crash) via a malformed bitmap gdk-pixbuf before 0.20 allows attackers to cause a denial of service (crash) via a malformed bitmap (BMP) file.

CVE-2004-0107 [MEDIUM] CVE-2004-0107: The (1) post and (2) trigger scripts in sysstat 4.0.7 and earlier allow local users to overwrite arb The (1) post and (2) trigger scripts in sysstat 4.0.7 and earlier allow local users to overwrite arbitrary files via symlink attacks on temporary files, a different vulnerability than CVE-2004-0108.

CVE-2004-0108 [MEDIUM] CVE-2004-0108: The isag utility, which processes sysstat data, allows local users to overwrite arbitrary files via The isag utility, which processes sysstat data, allows local users to overwrite arbitrary files via a symlink attack on temporary files, a different vulnerability than CAN-2004-0107.

CVE-2004-0110 [HIGH] CVE-2004-0110: Buffer overflow in the (1) nanohttp or (2) nanoftp modules in XMLSoft Libxml 2 (Libxml2) 2.6.0 throu Buffer overflow in the (1) nanohttp or (2) nanoftp modules in XMLSoft Libxml 2 (Libxml2) 2.6.0 through 2.6.5 allow remote attackers to execute arbitrary code via a long URL.

CVE-2004-0105 [HIGH] CVE-2004-0105: Multiple buffer overflows in Metamail 2.7 and earlier allow remote attackers to execute arbitrary co Multiple buffer overflows in Metamail 2.7 and earlier allow remote attackers to execute arbitrary code.

CVE-2004-0104 [HIGH] CVE-2004-0104: Multiple format string vulnerabilities in Metamail 2.7 and earlier allow remote attackers to execute Multiple format string vulnerabilities in Metamail 2.7 and earlier allow remote attackers to execute arbitrary code.

CVE-2003-0991 [MEDIUM] CVE-2003-0991: Unknown vulnerability in the mail command handler in Mailman before 2.0.14 allows remote attackers t Unknown vulnerability in the mail command handler in Mailman before 2.0.14 allows remote attackers to cause a denial of service (crash) via malformed e-mail commands.

CVE-2003-0795 [MEDIUM] CWE-20 CVE-2003-0795: The vty layer in Quagga before 0.96.4, and Zebra 0.93b and earlier, does not verify that sub-negotia The vty layer in Quagga before 0.96.4, and Zebra 0.93b and earlier, does not verify that sub-negotiation is taking place when processing the SE marker, which allows remote attackers to cause a denial of service (crash) via a malformed telnet command to the telnet CLI port, which may trigger a null dereference.

CVE-2003-0859 [MEDIUM] CVE-2003-0859: The getifaddrs function in GNU libc (glibc) 2.2.4 and earlier allows local users to cause a denial o The getifaddrs function in GNU libc (glibc) 2.2.4 and earlier allows local users to cause a denial of service by sending spoofed messages as other users to the kernel netlink interface.