Suse Linux vulnerabilities

CVE-2004-1170 [CRITICAL] CVE-2004-1170: a2ps 4.13 allows remote attackers to execute arbitrary commands via shell metacharacters in the file a2ps 4.13 allows remote attackers to execute arbitrary commands via shell metacharacters in the filename.

CVE-2004-0914 [CRITICAL] CVE-2004-0914: Multiple vulnerabilities in libXpm for 6.8.1 and earlier, as used in XFree86 and other packages, inc Multiple vulnerabilities in libXpm for 6.8.1 and earlier, as used in XFree86 and other packages, include (1) multiple integer overflows, (2) out-of-bounds memory accesses, (3) directory traversal, (4) shell metacharacter, (5) endless loops, and (6) memory leaks, which could allow remote attackers to obtain sensitive information, cause a denial of service (a

CVE-2004-1098 [HIGH] CVE-2004-1098: MIMEDefang in MIME-tools 5.414 allows remote attackers to bypass virus scanning capabilities via an MIMEDefang in MIME-tools 5.414 allows remote attackers to bypass virus scanning capabilities via an e-mail attachment with a virus that contains an empty boundary string in the Content-Type header.

CVE-2004-1071 [HIGH] CVE-2004-1071: The binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, does The binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, does not properly handle a failed call to the mmap function, which causes an incorrect mapped image and may allow local users to execute arbitrary code.

CVE-2004-1096 [HIGH] CVE-2004-1096: Archive::Zip Perl module before 1.14, when used by antivirus programs such as amavisd-new, allows re Archive::Zip Perl module before 1.14, when used by antivirus programs such as amavisd-new, allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system.

CVE-2004-1070 [HIGH] CVE-2004-1070: The load_elf_binary function in the binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to 2.4 The load_elf_binary function in the binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, does not properly check return values from calls to the kernel_read function, which may allow local users to modify sensitive memory in a setuid program and execute arbitrary code.

CVE-2004-1072 [HIGH] CVE-2004-1072: The binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, may The binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, may create an interpreter name string that is not NULL terminated, which could cause strings longer than PATH_MAX to be used, leading to buffer overflows that allow local users to cause a denial of service (hang) and possibly execute arbitrary code.

CVE-2004-0949 [MEDIUM] CVE-2004-0949: The smb_recv_trans2 function call in the samba filesystem (smbfs) in Linux kernel 2.4 and 2.6 does n The smb_recv_trans2 function call in the samba filesystem (smbfs) in Linux kernel 2.4 and 2.6 does not properly handle the re-assembly of fragmented packets correctly, which could allow remote samba servers to (1) read arbitrary kernel information or (2) raise a counter value to an arbitrary number by sending the first part of the fragmented packet multiple t

CVE-2004-0956 [MEDIUM] CVE-2004-0956: MySQL before 4.0.20 allows remote attackers to cause a denial of service (application crash) via a M MySQL before 4.0.20 allows remote attackers to cause a denial of service (application crash) via a MATCH AGAINST query with an opening double quote but no closing double quote.

CVE-2004-0883 [MEDIUM] CVE-2004-0883: Multiple vulnerabilities in the samba filesystem (smbfs) in Linux kernel 2.4 and 2.6 allow remote sa Multiple vulnerabilities in the samba filesystem (smbfs) in Linux kernel 2.4 and 2.6 allow remote samba servers to cause a denial of service (crash) or gain sensitive information from kernel memory via a samba server (1) returning more data than requested to the smb_proc_read function, (2) returning a data offset from outside the samba packet to the smb_proc_

CVE-2004-1191 [LOW] CVE-2004-1191: Race condition in SuSE Linux 8.1 through 9.2, when run on SMP systems that have more than 4GB of mem Race condition in SuSE Linux 8.1 through 9.2, when run on SMP systems that have more than 4GB of memory, could allow local users to read unauthorized memory from "foreign memory pages."

CVE-2004-1073 [LOW] CVE-2004-1073: The open_exec function in the execve functionality (exec.c) in Linux kernel 2.4.x up to 2.4.27, and The open_exec function in the execve functionality (exec.c) in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, allows local users to read non-readable ELF binaries by using the interpreter (PT_INTERP) functionality.

CVE-2004-1190 [LOW] CVE-2004-1190: SUSE Linux before 9.1 and SUSE Linux Enterprise Server before 9 do not properly check commands sent SUSE Linux before 9.1 and SUSE Linux Enterprise Server before 9 do not properly check commands sent to CD devices that have been opened read-only, which could allow local users to conduct unauthorized write activities to modify the firmware of associated SCSI devices.

CVE-2004-0817 [HIGH] CVE-2004-0817: Multiple heap-based buffer overflows in the imlib BMP image handler allow remote attackers to execut Multiple heap-based buffer overflows in the imlib BMP image handler allow remote attackers to execute arbitrary code via a crafted BMP file.

CVE-2004-0802 [MEDIUM] CVE-2004-0802: Buffer overflow in the BMP loader in imlib2 before 1.1.2 allows remote attackers to execute arbitrar Buffer overflow in the BMP loader in imlib2 before 1.1.2 allows remote attackers to execute arbitrary code via a specially-crafted BMP image, a different vulnerability than CVE-2004-0817.

CVE-2004-0592 [MEDIUM] CVE-2004-0592: The tcp_find_option function of the netfilter subsystem for IPv6 in the SUSE Linux 2.6.5 kernel with The tcp_find_option function of the netfilter subsystem for IPv6 in the SUSE Linux 2.6.5 kernel with USAGI patches, when using iptables and TCP options rules, allows remote attackers to cause a denial of service (CPU consumption by infinite loop) via a large option length that produces a negative integer after a casting operation to the char type, a similar f

CVE-2004-1491 [MEDIUM] CVE-2004-1491: Opera 7.54 and earlier uses kfmclient exec to handle unknown MIME types, which allows remote attacke Opera 7.54 and earlier uses kfmclient exec to handle unknown MIME types, which allows remote attackers to execute arbitrary code via a shortcut or launcher that contains an Exec entry.

CVE-2004-1476 [MEDIUM] CVE-2004-1476: Stack-based buffer overflow in the VideoCD (VCD) code in xine-lib 1-rc2 through 1-rc5, as derived fr Stack-based buffer overflow in the VideoCD (VCD) code in xine-lib 1-rc2 through 1-rc5, as derived from libcdio, allows attackers to execute arbitrary code via a VideoCD with an unterminated disk label.

CVE-2004-1895 [LOW] CVE-2004-1895: YaST Online Update (YOU) in SuSE 8.2 and 9.0 allows local users to overwrite arbitrary files via a s YaST Online Update (YOU) in SuSE 8.2 and 9.0 allows local users to overwrite arbitrary files via a symlink attack on you-$USER/cookies.

CVE-2004-2658 [LOW] CVE-2004-2658: resmgr in SUSE CORE 9 does not properly identify terminal names, which allows local users to spoof t resmgr in SUSE CORE 9 does not properly identify terminal names, which allows local users to spoof terminals and login types.