Suse Linux vulnerabilities

CVE-2005-4790 [MEDIUM] CVE-2005-4790: Multiple untrusted search path vulnerabilities in SUSE Linux 9.3 and 10.0, and possibly other distri Multiple untrusted search path vulnerabilities in SUSE Linux 9.3 and 10.0, and possibly other distributions, cause the working directory to be added to LD_LIBRARY_PATH, which might allow local users to execute arbitrary code via (1) beagle, (2) tomboy, or (3) blam. NOTE: in August 2007, the tomboy vector was reported for other distributions.

CVE-2005-3624 [MEDIUM] CWE-189 CVE-2005-3624: The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, t The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others allows attackers to corrupt the heap via negative or large integers in a CCITTFaxDecode stream, which lead to integer overflows and integer underflows.

CVE-2005-3626 [MEDIUM] CWE-399 CVE-2005-3626: Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and oth Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (crash) via a crafted FlateDecode stream that triggers a null dereference.

CVE-2005-4789 [LOW] CVE-2005-4789: resmgr in SUSE Linux 9.2 and 9.3, and possibly other distributions, does not properly enforce class- resmgr in SUSE Linux 9.2 and 9.3, and possibly other distributions, does not properly enforce class-specific exclude rules in some situations, which allows local users to bypass intended access restrictions for USB devices that set their class ID at the interface level.

CVE-2005-4788 [LOW] CVE-2005-4788: resmgr in SUSE Linux 9.2 and 9.3, and possibly other distributions, allows local users to bypass acc resmgr in SUSE Linux 9.2 and 9.3, and possibly other distributions, allows local users to bypass access control rules for USB devices via "alternate syntax for specifying USB devices."

CVE-2005-3322 [MEDIUM] CVE-2005-3322: Unspecified vulnerability in Squid on SUSE Linux 9.0 allows remote attackers to cause a denial of se Unspecified vulnerability in Squid on SUSE Linux 9.0 allows remote attackers to cause a denial of service (crash) via HTTPs (SSL).

CVE-2005-3321 [MEDIUM] CVE-2005-3321: chkstat in SuSE Linux 9.0 through 10.0 allows local users to modify permissions of files by creating chkstat in SuSE Linux 9.0 through 10.0 allows local users to modify permissions of files by creating a hardlink to a file from a world-writable directory, which can cause the link count to drop to 1 when the file is deleted or replaced, which is then modified by chkstat to use weaker permissions.

CVE-2005-3298 [HIGH] CVE-2005-3298: Multiple buffer overflows in OpenWBEM on SuSE Linux 9 allow remote attackers to execute arbitrary co Multiple buffer overflows in OpenWBEM on SuSE Linux 9 allow remote attackers to execute arbitrary code via unknown vectors.

CVE-2005-3013 [MEDIUM] CVE-2005-3013: Buffer overflow in liby2util in Yet another Setup Tool (YaST) for SuSE Linux 9.3 allows local users Buffer overflow in liby2util in Yet another Setup Tool (YaST) for SuSE Linux 9.3 allows local users to execute arbitrary code via a long Loc entry.

CVE-2005-1761 [LOW] CWE-20 CVE-2005-1761: Linux kernel 2.6 and 2.4 on the IA64 architecture allows local users to cause a denial of service (k Linux kernel 2.6 and 2.4 on the IA64 architecture allows local users to cause a denial of service (kernel crash) via ptrace and the restore_sigcontext function.

CVE-2005-1767 [LOW] CVE-2005-1767: traps.c in the Linux kernel 2.6.x and 2.4.x executes stack segment faults on an exception stack, whi traps.c in the Linux kernel 2.6.x and 2.4.x executes stack segment faults on an exception stack, which allows local users to cause a denial of service (oops and stack fault exception).

CVE-2005-2023 [CRITICAL] CVE-2005-2023: The send_pinentry_environment function in asshelp.c in gpg2 on SUSE Linux 9.3 does not properly hand The send_pinentry_environment function in asshelp.c in gpg2 on SUSE Linux 9.3 does not properly handle certain options, which can prevent pinentry from being found and causes S/MIME signing to fail.

CVE-2005-1763 [HIGH] CVE-2005-1763: Buffer overflow in ptrace in the Linux Kernel for 64-bit architectures allows local users to write b Buffer overflow in ptrace in the Linux Kernel for 64-bit architectures allows local users to write bytes into kernel memory.

CVE-2005-0337 [HIGH] CVE-2005-0337: Postfix 2.1.3, when /proc/net/if_inet6 is not available and permit_mx_backup is enabled in smtpd_rec Postfix 2.1.3, when /proc/net/if_inet6 is not available and permit_mx_backup is enabled in smtpd_recipient_restrictions, allows remote attackers to bypass e-mail restrictions and perform mail relaying by sending mail to an IPv6 hostname.

CVE-2005-0005 [HIGH] CVE-2005-0005: Heap-based buffer overflow in psd.c for ImageMagick 6.1.0, 6.1.7, and possibly earlier versions allo Heap-based buffer overflow in psd.c for ImageMagick 6.1.0, 6.1.7, and possibly earlier versions allows remote attackers to execute arbitrary code via a .PSD image file with a large number of layers.

CVE-2005-0207 [LOW] CVE-2005-0207: Unknown vulnerability in Linux kernel 2.4.x, 2.5.x, and 2.6.x allows NFS clients to cause a denial o Unknown vulnerability in Linux kernel 2.4.x, 2.5.x, and 2.6.x allows NFS clients to cause a denial of service via O_DIRECT.

CVE-2005-0206 [HIGH] CVE-2005-0206: The patch for integer overflow vulnerabilities in Xpdf 2.0 and 3.0 (CVE-2004-0888) is incomplete for The patch for integer overflow vulnerabilities in Xpdf 2.0 and 3.0 (CVE-2004-0888) is incomplete for 64-bit architectures on certain Linux distributions such as Red Hat, which could leave Xpdf users exposed to the original vulnerabilities.

CVE-2005-0085 [MEDIUM] CVE-2005-0085: Cross-site scripting (XSS) vulnerability in ht://dig (htdig) before 3.1.6-r7 allows remote attackers Cross-site scripting (XSS) vulnerability in ht://dig (htdig) before 3.1.6-r7 allows remote attackers to execute arbitrary web script or HTML via the config parameter, which is not properly sanitized before it is displayed in an error message.

CVE-2004-1004 [HIGH] CVE-2004-1004: Multiple format string vulnerabilities in Midnight Commander (mc) 4.5.55 and earlier allow remote at Multiple format string vulnerabilities in Midnight Commander (mc) 4.5.55 and earlier allow remote attackers to have an unknown impact.

CVE-2004-1176 [HIGH] CVE-2004-1176: Buffer underflow in extfs.c in Midnight Commander (mc) 4.5.55 and earlier allows remote attackers to Buffer underflow in extfs.c in Midnight Commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code.