Red Hat Linux 9 Mutt Jay Beale 2003-0140 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED Buffer overflow in Mutt 1.4.0 and possibly earlier versions, 1.5.x up to 1.5.3, and other programs that use Mutt code such as Balsa before 2.0.10, allows a remote malicious IMAP server to cause a denial of service (crash) and possibly execute arbitrary code via a crafted folder ACCEPTED 1 Red Hat Linux 9 CUPS Jay Beale 2003-0195 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED CUPS before 1.1.19 allows remote attackers to cause a denial of service via a partial printing request to the IPP port (631), which does not time out ACCEPTED 1 Red Hat Linux 9 skk Jay Beale 2003-0539 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED skk (Simple Kana to Kanji conversion program) 12.1 and earlier, and the ddskk package which is based on skk, creates temporary files insecurely, which allows local users to overwrite arbitrary files ACCEPTED 1 Red Hat Linux 9 EOG Jay Beale 2003-0165 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED Format string vulnerability in Eye Of Gnome (EOG) allows attackers to execute arbitrary code via format string specifiers in a command line argument for the file to display ACCEPTED 1 Red Hat Linux 9 Ethereal Jay Beale 2003-0081 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED Format string vulnerability in packet-socks.c of the SOCKS dissector for Ethereal 0.8.7 through 0.9.9 allows remote attackers to execute arbitrary code via SOCKS packets containing format string specifiers ACCEPTED 1 Red Hat Linux 9 Ethereal Jay Beale 2003-0159 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED Heap-based buffer overflow in the NTLMSSP code for Ethereal 0.9.9 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code ACCEPTED 1 Red Hat Linux 9 Ethereal Jay Beale Jay Beale 2003-0356 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED Multiple off-by-one vulnerabilities in Ethereal 0.9.11 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via the (1) AIM, (2) GIOP Gryphon, (3) OSPF, (4) PPTP, (5) Quake, (6) Quake2, (7) Quake3, (8) Rsync, (9) SMB, (10) SMPP, and (11) TSP dissectors, which do not properly use the tvb_get_nstringz and tvb_get_nstringz0 functions ACCEPTED 1 Red Hat Linux 9 Ethereal Jay Beale Jay Beale 2003-0357 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED Multiple integer overflow vulnerabilities in Ethereal 0.9.11 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via the (1) Mount and (2) PPP dissectors ACCEPTED 1 Red Hat Linux 9 Ethereal Jay Beale Jay Beale 2003-0428 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED Unknown vulnerability in the DCERPC (DCE/RPC) dissector in Ethereal 0.9.12 and earlier allows remote attackers to cause a denial of service (memory consumption) via a certain NDR string ACCEPTED 1 Red Hat Linux 9 Ethereal Jay Beale Jay Beale 2003-0429 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED The OSI dissector in Ethereal 0.9.12 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via invalid IPv4 or IPv6 prefix lengths, possibly triggering a buffer overflow ACCEPTED 1 Red Hat Linux 9 Ethereal Jay Beale Jay Beale 2003-0430 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED The SPNEGO dissector in Ethereal 0.9.12 and earlier allows remote attackers to cause a denial of service (crash) via an invalid ASN.1 value ACCEPTED 1 Red Hat Linux 9 Ethereal Jay Beale Jay Beale 2003-0431 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED The tvb_get_nstringz0 function in Ethereal 0.9.12 and earlier does not properly handle a zero-length buffer size, with unknown consequences ACCEPTED 1 Red Hat Linux 9 Ethereal Jay Beale Jay Beale 2003-0432 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED Ethereal 0.9.12 and earlier does not handle certain strings properly, with unknown consequences, in the (1) BGP, (2) WTP, (3) DNS, (4) 802.11, (5) ISAKMP, (6) WSP, (7) CLNP, (8) ISIS, and (9) RMI dissectors ACCEPTED 1 Red Hat Linux 9 Ximian Evolution Jay Beale 2003-0128 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED The try_uudecoding function in mail-format.c for Ximian Evolution Mail User Agent 1.2.2 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a malicious uuencoded (UUE) header, possibly triggering a heap-based buffer overflow ACCEPTED 1 Red Hat Linux 9 Ximian Evolution Jay Beale 2003-0129 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED Ximian Evolution Mail User Agent 1.2.2 and earlier allows remote attackers to cause a denial of service (memory consumption) via a mail message that is uuencoded multiple times ACCEPTED 1 Red Hat Linux 9 Ximian Evolution Jay Beale 2003-0130 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED The handle_image function in mail-format.c for Ximian Evolution Mail User Agent 1.2.2 and earlier does not properly escape HTML characters, which allows remote attackers inject arbitrary data and HTML via a MIME Content-ID header in a MIME-encoded image ACCEPTED 1 Red Hat Linux 9 GDM Jay Beale 2003-0547 INTERIM ACCEPTED GDM before 2.4.1.6, when using the "examine session errors" feature, allows local users to read arbitrary files via a symlink attack on the ~/.xsession-errors file ACCEPTED 1 Red Hat Linux 9 GDM Jay Beale 2003-0548 INTERIM ACCEPTED The X Display Manager Control Protocol (XDMCP) support for GDM before 2.4.1.6 allows attackers to cause a denial of service (daemon crash) when a chosen host expires, a different issue than CAN-2003-0549 ACCEPTED 1 Red Hat Linux 9 GDM Jay Beale 2003-0549 INTERIM ACCEPTED The X Display Manager Control Protocol (XDMCP) support for GDM before 2.4.1.6 allows attackers to cause a denial of service (daemon crash) via a short authorization key name ACCEPTED 1 Red Hat Linux 9 GNU Ghostscript Jay Beale Jay Beale 2003-0354 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED Unknown vulnerability in GNU Ghostscript before 7.07 allows attackers to execute arbitrary commands, even when -dSAFER is enabled, via a PostScript file that causes the commands to be executed from a malicious print job ACCEPTED 1 Red Hat Linux 9 GnuPG Jay Beale 2003-0255 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED The key validation code in GnuPG before 1.2.2 does not properly determine the validity of keys with multiple user IDs and assigns the greatest validity of the most valid user ID, which prevents GnuPG from warning the encrypting user when a user ID does not have a trusted path ACCEPTED 1 Red Hat Linux 9 GtkHTML Jay Beale 2003-0133 INTERIM ACCEPTED GtkHTML, as included in Evolution before 1.2.4, allows remote attackers to cause a denial of service (crash) via certain malformed messages ACCEPTED 1 Red Hat Linux 9 GtkHTML Jay Beale 2003-0541 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED gtkhtml before 1.1.10, as used in Evolution, allows remote attackers to cause a denial of service (crash) via a malformed message that causes a null pointer dereference ACCEPTED 1 Red Hat Linux 9 Apache Jay Beale 2003-0020 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED Apache does not filter terminal escape sequences from its error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences ACCEPTED 1 Red Hat Linux 9 Apache Jay Beale 2003-0083 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED Apache 1.3 before 1.3.25 and Apache 2.0 before version 2.0.46 does not filter terminal escape sequences from its access logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences, a different vulnerability than CAN-2003-0020 ACCEPTED 1 Red Hat Linux 9 Apache Jay Beale 2003-0132 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED A memory leak in Apache 2.0 through 2.0.44 allows remote attackers to cause a denial of service (memory consumption) via large chunks of linefeed characters, which causes Apache to allocate 80 bytes for each linefeed ACCEPTED 1 Red Hat Linux 9 Apache Jay Beale 2003-0192 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED Apache 2 before 2.0.47, and certain versions of mod_ssl for Apache 1.3, do not properly handle "certain sequences of per-directory renegotiations and the SSLCipherSuite directive being used to upgrade from a weak ciphersuite to a strong one," which could cause Apache to use the weak ciphersuite ACCEPTED 1 Red Hat Linux 9 Apache Jay Beale 2003-0253 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED The prefork MPM in Apache 2 before 2.0.47 does not properly handle certain errors from accept, which could lead to a denial of service ACCEPTED 1 Red Hat Linux 9 Apache Jay Beale 2003-0254 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED Apache 2 before 2.0.47, when running on an IPv6 host, allows attackers to cause a denial of service (CPU consumption by infinite loop) when the FTP proxy server fails to create an IPv6 socket ACCEPTED 1 Red Hat Linux 9 KDM Jay Beale 2003-0690 INTERIM ACCEPTED KDM in KDE 3.1.3 and earlier does not verify whether the pam_setcred function call succeeds, which may allow attackers to gain root privileges by triggering error conditions within PAM modules, as demonstrated in certain configurations of the MIT pam_krb5 module ACCEPTED 1 Red Hat Linux 9 KDM Jay Beale 2003-0692 INTERIM ACCEPTED KDM in KDE 3.1.3 and earlier uses a weak session cookie generation algorithm that does not provide 128 bits of entropy, which allows attackers to guess session cookies via brute force methods and gain access to the user session ACCEPTED 1 Red Hat Linux 9 krb5 Jay Beale 2003-0028 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED Integer overflow in the xdrmem_getbytes() function, and possibly other functions, of XDR (external data representation) libraries derived from SunRPC, including libnsl, libc, glibc, and dietlibc, allows remote attackers to execute arbitrary code via certain integer values in length fields, a different vulnerability than CAN-2002-0391 ACCEPTED 1 Red Hat Linux 9 krb5 Jay Beale 2003-0082 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED The Key Distribution Center (KDC) in Kerberos 5 (krb5) 1.2.7 and earlier allows remote, authenticated attackers to cause a denial of service (crash) on KDCs within the same realm using a certain protocol request that causes the KDC to corrupt its heap (aka "buffer underrun") ACCEPTED 1 Red Hat Linux 9 krb5 Jay Beale 2003-0138 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED Version 4 of the Kerberos protocol (krb4), as used in Heimdal and other packages, allows an attacker to impersonate any principal in a realm via a chosen-plaintext attack ACCEPTED 1 Red Hat Linux 9 krb5 Jay Beale 2003-0139 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED Certain weaknesses in the implementation of version 4 of the Kerberos protocol (krb4) in the krb5 distribution, when triple-DES keys are used to key krb4 services, allow an attacker to create krb4 tickets for unauthorized principals using a cut-and-paste attack and "ticket splicing. ACCEPTED 1 Red Hat Linux 9 Linux kernel Jay Beale 2003-0127 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED The kernel module loader in Linux kernel 2.2.x before 2.2.25, and 2.4.x before 2.4.21, allows local users to gain root privileges by using ptrace to attach to a child process that is spawned by the kernel ACCEPTED 1 Red Hat Linux 9 Netfilter Jay Beale 2003-0187 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED The connection tracking core of Netfilter for Linux 2.4.20, with CONFIG_IP_NF_CONNTRACK enabled or the ip_conntrack module loaded, allows remote attackers to cause a denial of service (resource consumption) due to an inconsistency with Linux 2.4.20's support of linked lists, which causes Netfilter to fail to identify connections with an UNCONFIRMED status and use large timeouts ACCEPTED 1 Red Hat Linux 9 Netfilter Jay Beale 2003-0244 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED The route cache implementation in Linux 2.4, and the Netfilter IP conntrack module, allows remote attackers to cause a denial of service (CPU consumption) via packets with forged source addresses that cause a large number of hash table collisions ACCEPTED 1 Red Hat Linux 9 Linux kernel Jay Beale 2003-0246 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED The ioperm system call in Linux kernel 2.4.20 and earlier does not properly restrict privileges, which allows local users to gain read or write access to certain I/O ports ACCEPTED 1 Red Hat Linux 9 Linux kernel Jay Beale 2003-0247 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED Unknown vulnerability in the TTY layer of the Linux kernel 2.4 allows attackers to cause a denial of service ("kernel oops") ACCEPTED 1 Red Hat Linux 9 Linux kernel Jay Beale 2003-0248 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED The mxcsr code in Linux kernel 2.4 allows attackers to modify CPU state registers via a malformed address ACCEPTED 1 Red Hat Linux 9 Linux kernel Jay Beale 2003-0364 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED The TCP/IP fragment reassembly handling in the Linux kernel 2.4 allows remote attackers to cause a denial of service (CPU consumption) via certain packets that cause a large number of hash table collisions ACCEPTED 1 Red Hat Linux 9 /proc/tty/driver/serial Jay Beale 2003-0461 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED /proc/tty/driver/serial in Linux 2.4.x reveals the exact number of characters used in serial links, which could allow local users to obtain potentially sensitive information such as the length of passwords ACCEPTED 1 Red Hat Linux 9 Linux kernel Jay Beale 2003-0462 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED A race condition in the way env_start and env_end pointers are initialized in the execve system call and used in fs/proc/base.c on Linux 2.4 allows local users to cause a denial of service (crash) ACCEPTED 1 Red Hat Linux 9 Linux kernel Jay Beale 2003-0464 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED The RPC code in Linux kernel 2.4 sets the reuse flag when sockets are created, which could allow local users to bind to UDP ports that are used by privileged services such as nfsd ACCEPTED 1 Red Hat Linux 9 Linux kernel Jay Beale 2003-0476 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED The execve system call in Linux 2.4.x records the file descriptor of the executable process in the file table of the calling process, which allows local users to gain read access to restricted file descriptors ACCEPTED 1 Red Hat Linux 9 Linux kernel Jay Beale 2003-0501 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED The /proc filesystem in Linux allows local users to obtain sensitive information by opening various entries in /proc/self before executing a setuid program, which causes the program to fail to change the ownership and permissions of those entries ACCEPTED 1 Red Hat Linux 9 Linux kernel Jay Beale 2003-0550 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED The STP protocol, as enabled in Linux 2.4.x, does not provide sufficient security by design, which allows attackers to modify the bridge topology ACCEPTED 1 Red Hat Linux 9 Linux kernel Jay Beale 2003-0551 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED The STP protocol implementation in Linux 2.4.x does not properly verify certain lengths, which could allow attackers to cause a denial of service ACCEPTED 1 Red Hat Linux 9 Linux kernel Jay Beale 2003-0552 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED Linux 2.4.x allows remote attackers to spoof the bridge Forwarding table via forged packets whose source addresses are the same as the target ACCEPTED 1 Red Hat Linux 9 Linux kernel Jay Beale 2003-0619 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED Integer signedness error in the decode_fh function of nfs3xdr.c in Linux kernel before 2.4.21 allows remote attackers to cause a denial of service (kernel panic) via a negative size value within XDR data of an NFSv3 procedure call ACCEPTED 1 Red Hat Linux 9 Linux kernel Jay Beale 2003-0699 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED The C-Media PCI sound driver in Linux before 2.4.21 does not use the get_user function to access userspace, which crosses security boundaries and may facilitate the exploitation of vulnerabilities, a different vulnerability than CAN-2003-0700 ACCEPTED 1 Red Hat Linux 9 Linux kernel Jay Beale 2003-0700 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED The C-Media PCI sound driver in Linux before 2.4.22 does not use the get_user function to access userspace in certain conditions, which crosses security boundaries and may facilitate the exploitation of vulnerabilities, a different vulnerability than CAN-2003-0699 ACCEPTED 1 Red Hat Linux 9 Konqueror Jay Beale 2003-0459 INTERIM ACCEPTED KDE Konqueror for KDE 3.1.2 and earlier does not remove authentication credentials from URLs of the "user:password@host" form in the HTTP-Referer header, which could allow remote web sites to steal the credentials for pages that link to the sites ACCEPTED 1 Red Hat Linux 9 LPRng Jay Beale 2003-0136 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED psbanner in the LPRng package allows local users to overwrite arbitrary files via a symbolic link attack on the /tmp/before file ACCEPTED 1 Red Hat Linux 9 lv Jay Beale 2003-0188 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED lv reads a .lv file from the current working directory, which allows local users to execute arbitrary commands as other lv users by placing malicious .lv files into other directories ACCEPTED 1 Red Hat Linux 9 Mutt Jay Beale 2003-0140 INTERIM ACCEPTED Buffer overflow in Mutt 1.4.0 and possibly earlier versions, 1.5.x up to 1.5.3, and other programs that use Mutt code such as Balsa before 2.0.10, allows a remote malicious IMAP server to cause a denial of service (crash) and possibly execute arbitrary code via a crafted folder ACCEPTED 1 Red Hat Linux 9 MySQL Jay Beale 2003-0073 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED Double-free vulnerability in mysqld for MySQL before 3.23.55 allows attackers with MySQL access to cause a denial of service (crash) via mysql_change_user ACCEPTED 1 Red Hat Linux 9 MySQL Jay Beale 2003-0150 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED MySQL 3.23.55 and earlier creates world-writeable files and allows mysql users to gain root privileges by using the "SELECT * INFO OUTFILE" operator to overwrite a configuration file and cause mysql to run as root upon restart, as demonstrated by modifying my.cnf ACCEPTED 1 Red Hat Linux 9 nfs-utils Jay Beale 2003-0252 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED Off-by-one error in the xlog function of mountd in the Linux NFS utils package (nfs-utils) before 1.0.4 allows remote attackers to cause a denial of service and possibly execute arbitrary code via certain RPC requests to mountd that do not contain newlines ACCEPTED 1 Red Hat Linux 9 OpenSSH Jay Beale Jay Beale 2003-0190 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED OpenSSH-portable (OpenSSH) 3.6.1p1 and earlier with PAM support enabled immediately sends an error message when a user does not exist, which allows remote attackers to determine valid usernames via a timing attack ACCEPTED 1 Red Hat Linux 9 OpenSSH Jay Beale 2003-0682 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED "Memory bugs" in OpenSSH 3.7.1 and earlier, with unknown impact, a different set of vulnerabilities than CAN-2003-0693 and CAN-2003-0695 ACCEPTED 1 Red Hat Linux 9 OpenSSH Jay Beale 2003-0693 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED A "buffer management error" in buffer_append_space of buffer.c for OpenSSH before 3.7 may allow remote attackers to execute arbitrary code by causing an incorrect amount of memory to be freed and corrupting the heap, a different vulnerability than CAN-2003-0695 ACCEPTED 1 Red Hat Linux 9 OpenSSH Jay Beale 2003-0695 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED Multiple "buffer management errors" in OpenSSH before 3.7.1 may allow attackers to cause a denial of service or execute arbitrary code using (1) buffer_init in buffer.c, (2) buffer_free in buffer.c, or (3) a separate function in channels.c, a different vulnerability than CAN-2003-0693 ACCEPTED 1 Red Hat Linux 9 OpenSSL Jay Beale 2003-0131 Corrected syntax errors in sql verion of the definition. Added cmp-914 which uses an or to combine the 5 version tests. Previously the tests had been combined with an and. INTERIM ACCEPTED The SSL and TLS components for OpenSSL 0.9.6i and earlier, 0.9.7, and 0.9.7a allow remote attackers to perform an unauthorized RSA private key operation via a modified Bleichenbacher attack that uses a large number of SSL or TLS connections using PKCS #1 v1.5 padding that cause OpenSSL to leak information regarding the relationship between ciphertext and the associated plaintext, aka the "Klima-Pokorny-Rosa attack. ACCEPTED 1 Red Hat Linux 9 OpenSSL Jay Beale 2003-0147 Corrected syntax errors in sql verion of the definition. Added cmp-914 which uses an or to combine the 5 version tests. Previously the tests had been combined with an and. INTERIM ACCEPTED OpenSSL does not use RSA blinding by default, which allows local and remote attackers to obtain the server's private key by determining factors using timing differences on (1) the number of extra reductions during Montgomery reduction, and (2) the use of different integer multiplication algorithms ("Karatsuba" and normal) ACCEPTED 1 Red Hat Linux 9 pam_smb Jay Beale 2003-0686 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED Buffer overflow in PAM SMB module (pam_smb) 1.1.6 and earlier, when authenticating to a remote service, allows remote attackers to execute arbitrary code ACCEPTED 1 Red Hat Linux 9 CGI.pm Jay Beale 2003-0615 INTERIM ACCEPTED Cross-site scripting (XSS) vulnerability in start_form() of CGI.pm allows remote attackers to insert web script via a URL that is fed into the form's action parameter ACCEPTED 1 Red Hat Linux 9 php Jay Beale Jay Beale 2003-0442 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED Cross-site scripting (XSS) vulnerability in the transparent SID support capability for PHP before 4.3.2 (session.use_trans_sid) allows remote attackers to insert arbitrary script via the PHPSESSID parameter ACCEPTED 1 Red Hat Linux 9 pine Jay Beale 2003-0720 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED Buffer overflow in PINE before 4.58 allows remote attackers to execute arbitrary code via a malformed message/external-body MIME type ACCEPTED 1 Red Hat Linux 9 pine Jay Beale 2003-0721 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED Integer signedness error in rfc2231_get_param from strings.c in PINE before 4.58 allows remote attackers to execute arbitrary code via an email that causes an out-of-bounds array access using a negative number ACCEPTED 1 Red Hat Linux 9 Postfix Jay Beale 2003-0468 INTERIM ACCEPTED Postfix 1.1.11 and earlier allows remote attackers to use Postfix to conduct "bounce scans" or DDos attacks of other hosts via an email address to the local host containing the target IP address and service name followed by a "!" string, which causes Postfix to attempt to use SMTP to communicate with the target on the associated port ACCEPTED 1 Red Hat Linux 9 Postfix Jay Beale 2003-0540 INTERIM ACCEPTED The address parser code in Postfix 1.1.12 and earlier allows remote attackers to cause a denial of service (lock) via (1) a malformed envelope address to a local host that would generate a bounce and contains the ".!" string in the MAIL FROM or Errors-To headers, which causes nqmgr to lock up, or (2) via a valid MAIL FROM with a RCPT TO containing a ".!" string, which causes an instance of the SMTP listener to lock up ACCEPTED 1 Red Hat Linux 9 smbd Jay Beale 2003-0085 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED Buffer overflow in the SMB/CIFS packet fragment re-assembly code for SMB daemon (smbd) in Samba before 2.2.8, and Samba-TNG before 0.3.1, allows remote attackers to execute arbitrary code ACCEPTED 1 Red Hat Linux 9 Samba Jay Beale 2003-0086 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED The code for writing reg files in Samba before 2.2.8 allows local users to overwrite arbitrary files via a race condition involving chown ACCEPTED 1 Red Hat Linux 9 Samba Jay Beale 2003-0196 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED Multiple buffer overflows in Samba before 2.2.8a may allow remote attackers to execute arbitrary code or cause a denial of service, as discovered by the Samba team and a different vulnerability than CAN-2003-0201 ACCEPTED 1 Red Hat Linux 9 Samba, Samba-TNG Jay Beale 2003-0201 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED Buffer overflow in the call_trans2open function in trans2.c for Samba 2.2.x before 2.2.8a, 2.0.10 and earlier 2.0.x versions, and Samba-TNG before 0.3.2, allows remote attackers to execute arbitrary code ACCEPTED 1 Red Hat Linux 9 semi MIME library Jay Beale Jay Beale 2003-0440 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED The (1) semi MIME library 1.14.5 and earlier, and (2) wemi 1.14.0 and possibly other versions, allows local users to overwrite arbitrary files via a symlink attack on temporary files ACCEPTED 1 Red Hat Linux 9 Sendmail Jay Beale 2003-0694 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED The prescan function in Sendmail 8.12.9 allows remote attackers to execute arbitrary code via buffer overflow attacks, as demonstrated using the parseaddr function in parseaddr.c ACCEPTED 1 Red Hat Linux 9 Sendmail Jay Beale 2003-0681 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED A "potential buffer overflow in ruleset parsing" for Sendmail 8.12.9, when using the nonstandard rulesets (1) recipient (2), final, or (3) mailer-specific envelope recipients, has unknown consequences ACCEPTED 1 Red Hat Linux 9 Sendmail Jay Beale 2003-0688 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED The DNS map code in Sendmail 8.12.8 and earlier, when using the "enhdnsbl" feature, does not properly initialize certain data structures, which allows remote attackers to cause a denial of service (process crash) via an invalid DNS response that causes Sendmail to free incorrect data ACCEPTED 1 Red Hat Linux 9 Sendmail Jay Beale 2003-0694 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED The prescan function in Sendmail 8.12.9 allows remote attackers to execute arbitrary code via buffer overflow attacks, as demonstrated using the parseaddr function in parseaddr.c ACCEPTED 1 Red Hat Linux 9 SquirrelMail Jay Beale 2003-0160 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail before 1.2.11 allow remote attackers to inject arbitrary HTML code and steal information from a client's web browser ACCEPTED 1 Red Hat Linux 9 unzip Jay Beale 2003-0282 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED Directory traversal vulnerability in UnZip 5.50 allows attackers to overwrite arbitrary files via invalid characters between two . (dot) characters, which are filtered and result in a ".." sequence ACCEPTED 1 Red Hat Linux 9 up2date Jay Beale 2003-0546 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED up2date 3.0.7 and 3.1.23 does not properly verify RPM GPG signatures, which could allow remote attackers to cause unsigned packages to be installed from the Red Hat Network, if that network is compromised ACCEPTED 1 Red Hat Linux 9 vsftpd Jay Beale 2003-0135 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED vsftpd FTP daemon in Red Hat Linux 9 is not compiled against TCP wrappers (tcp_wrappers) but is installed as a standalone service, which inadvertently prevents vsftpd from restricting access as intended ACCEPTED 1 Red Hat Linux 9 xinetd Jay Beale 2003-0211 Corrected syntax errors in sql verion of the definition. Changed tested epoch in xinetd test rvt-253 to 2, based on testing. INTERIM ACCEPTED Memory leak in xinetd 2.3.10 allows remote attackers to cause a denial of service (memory consumption) via a large number of rejected connections ACCEPTED 1 Red Hat Linux 9 xpdf Jay Beale Jay Beale 2003-0434 INTERIM ACCEPTED Various PDF viewers including Adobe Acrobat 5.06 and Xpdf 1.01 allow remote attackers to execute arbitrary commands via shell metacharacters in an embedded hyperlink ACCEPTED 1 Red Hat Linux 9 ypserv Jay Beale Jay Beale 2003-0251 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED ypserv NIS server before 2.7 allows remote attackers to cause a denial of service via a TCP client request that does not respond to the server, which causes ypserv to block ACCEPTED 1 Red Hat Linux 9 PWLib Jay Beale Jay Beale Matt Busby 2004-0097 Added a program_name element to rlt-217 ACCEPTED Multiple vulnerabilities in PWLib before 1.6.0 allow remote attackers to cause a denial of service and possibly execute arbitrary code, as demonstrated by the NISCC/OUSPG PROTOS test suite for the H.225 protocol ACCEPTED 1 Red Hat Linux 9 netpbm Jay Beale Jay Beale Matt Busby 2003-0924 Corrected syntax errors in sql verion of the definition. ACCEPTED netpbm 9.25 and earlier does not properly create temporary files, which allows local users to overwrite arbitrary files ACCEPTED 1 Red Hat Linux 9 XFree86 Jay Beale Jay Beale Matt Busby 2004-0083 Corrected syntax errors in sql verion of the definition. ACCEPTED Buffer overflow in ReadFontAlias from dirfile.c of XFree86 4.1.0 through 4.3.0 allows local users and remote attackers to execute arbitrary code via a font alias file (font.alias) with a long token, a different vulnerability than CAN-2004-0084 and CAN-2004-0106 ACCEPTED 1 Red Hat Linux 9 XFree86 Jay Beale Jay Beale Matt Busby 2004-0084 Corrected syntax errors in sql verion of the definition. ACCEPTED Buffer overflow in the ReadFontAlias function in XFree86 4.1.0 to 4.3.0, when using the CopyISOLatin1Lowered function, allows local or remote authenticated users to execute arbitrary code via a malformed entry in the font alias (font.alias) file, a different vulnerability than CAN-2004-0083 and CAN-2004-0106 ACCEPTED 1 Red Hat Linux 9 XFree86 Jay Beale Jay Beale Matt Busby 2004-0106 Corrected syntax errors in sql verion of the definition. ACCEPTED Multiple unknown vulnerabilities in XFree86 4.1.0 to 4.3.0, related to improper handling of font files, a different set of vulnerabilities than CAN-2004-0083 and CAN-2004-0084 ACCEPTED 1 Red Hat Enterprise Linux 3 netpbm Jay Beale Jay Beale Matt Busby 2003-0924 Corrected syntax errors in sql verion of the definition. ACCEPTED netpbm 9.25 and earlier does not properly create temporary files, which allows local users to overwrite arbitrary files ACCEPTED 1 Red Hat Linux 9 Mutt Jay Beale Jay Beale 2004-0078 ACCEPTED Buffer overflow in the index menu code (menu_pad_string of menu.c) for Mutt 1.4.1 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain mail messages ACCEPTED 1 Red Hat Linux 9 Mailman Jay Beale Jay Beale 2003-0965 ACCEPTED Cross-site scripting (XSS) vulnerability in the admin CGI script for Mailman before 2.1.4 allows remote attackers to steal session cookies and conduct unauthorized activities ACCEPTED 1 Red Hat Linux 9 Mailman Jay Beale Jay Beale 2003-0992 ACCEPTED Cross-site scripting (XSS) vulnerability in the create CGI script for Mailman before 2.1.3 allows remote attackers to steal cookies of other users ACCEPTED 1 Red Hat Linux 9 Gaim Jay Beale Jay Beale 2004-0006 ACCEPTED Multiple buffer overflows in Gaim 0.75 and earlier, and Ultramagnetic before 0.81, allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) cookies in a Yahoo web connection, (2) a long name parameter in the Yahoo login web page, (3) a long value parameter in the Yahoo login page, (4) a YMSG packet, (5) the URL parser, and (6) HTTP proxy connect ACCEPTED 1 Red Hat Linux 9 Gaim Jay Beale Jay Beale 2004-0007 ACCEPTED Buffer overflow in the Extract Info Field Function for (1) MSN and (2) YMSG protocol handlers in Gaim 0.74 and earlier, and Ultramagnetic before 0.81, allows remote attackers to cause a denial of service and possibly execute arbitrary code ACCEPTED 1 Red Hat Linux 9 Gaim Jay Beale Jay Beale 2004-0008 ACCEPTED Integer overflow in Gaim 0.74 and earlier, and Ultramagnetic before 0.81, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a directIM packet that triggers a heap-based buffer overflow ACCEPTED 1 Red Hat Linux 9 slocate Jay Beale Jay Beale Matt Busby 2003-0848 Corrected syntax errors in sql verion of the definition. ACCEPTED Heap-based buffer overflow in main.c of slocate 2.6, and possibly other versions, may allow local users to gain privileges via a modified slocate database that causes a negative "pathlen" value to be used ACCEPTED 1 Red Hat Linux 9 Midnight Commander Jay Beale Matt Busby 2003-1023 Corrected syntax errors in sql verion of the definition. ACCEPTED Stack-based buffer overflow in vfs_s_resolve_symlink of vfs/direntry.c for Midnight Commander (mc) 4.6.0 and earlier, and possibly later versions, allows remote attackers to execute arbitrary code during symlink conversion ACCEPTED 1 Red Hat Linux 9 KDE Jay Beale Jay Beale 2003-0592 INTERIM ACCEPTED Konqueror in KDE 3.1.3 and earlier (kdelibs) allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory traversal sequences in a URL, which causes Konqueror to send the cookie outside the specified URL subsets, e.g. to a vulnerable application that runs on the same server as the target application ACCEPTED 1 Red Hat Enterprise Linux 3 mremap Jay Beale Jay Beale Matt Busby 2004-0077 Corrected syntax errors in sql verion of the definition. ACCEPTED The do_mremap function for the mremap system call in Linux 2.2 to 2.2.25, 2.4 to 2.4.24, and 2.6 to 2.6.2, does not properly check the return value from the do_munmap function when the maximum number of VMA descriptors is exceeded, which allows local users to gain root privileges, a different vulnerability than CAN-2003-0985 ACCEPTED 1 Red Hat Enterprise Linux 3 PWLib Jay Beale Jay Beale Matt Busby 2004-0097 Added a program_name element to rlt-217 ACCEPTED Multiple vulnerabilities in PWLib before 1.6.0 allow remote attackers to cause a denial of service and possibly execute arbitrary code, as demonstrated by the NISCC/OUSPG PROTOS test suite for the H.225 protocol ACCEPTED 1 Red Hat Enterprise Linux 3 Samba 3.0.0 and 3.0.1 Jay Beale Jay Beale Matt Busby 2004-0082 Corrected syntax errors in sql verion of the definition. ACCEPTED The mksmbpasswd shell script (mksmbpasswd.sh) in Samba 3.0.0 and 3.0.1, when creating an account but marking it as disabled, may overwrite the user password with an uninitialized buffer, which could enable the account with a more easily guessable password ACCEPTED 1 Red Hat Linux 9 mod_python Jay Beale Jay Beale Matt Busby 2003-0973 Corrected syntax errors in sql verion of the definition. ACCEPTED Unknown vulnerability in mod_python 3.0.x before 3.0.4, and 2.7.x before 2.7.9, allows remote attackers to cause a denial of service (httpd crash) via a certain query string ACCEPTED 1 Red Hat Enterprise Linux 3 XFree86 Jay Beale Matt Busby 2004-0083 Corrected syntax errors in sql verion of the definition. Corrected pattern used in rrt-206 ACCEPTED Buffer overflow in ReadFontAlias from dirfile.c of XFree86 4.1.0 through 4.3.0 allows local users and remote attackers to execute arbitrary code via a font alias file (font.alias) with a long token, a different vulnerability than CAN-2004-0084 and CAN-2004-0106 ACCEPTED 1 Red Hat Enterprise Linux 3 XFree86 Jay Beale Jay Beale Matt Busby 2004-0084 Corrected syntax errors in sql verion of the definition. Corrected pattern used in rrt-206 ACCEPTED Buffer overflow in the ReadFontAlias function in XFree86 4.1.0 to 4.3.0, when using the CopyISOLatin1Lowered function, allows local or remote authenticated users to execute arbitrary code via a malformed entry in the font alias (font.alias) file, a different vulnerability than CAN-2004-0083 and CAN-2004-0106 ACCEPTED 1 Red Hat Enterprise Linux 3 XFree86 Jay Beale Jay Beale Matt Busby 2004-0106 Corrected syntax errors in sql verion of the definition. ACCEPTED Multiple unknown vulnerabilities in XFree86 4.1.0 to 4.3.0, related to improper handling of font files, a different set of vulnerabilities than CAN-2004-0083 and CAN-2004-0084 ACCEPTED 1 Red Hat Enterprise Linux 3 XMLSoft Libxml2 Jay Beale Jay Beale Matt Busby 2004-0110 Corrected syntax errors in sql verion of the definition. Corrected pattern used in rrt-206 INTERIM ACCEPTED Buffer overflow in the (1) nanohttp or (2) nanoftp modules in XMLSoft Libxml2 2.6.0 through 2.6.5 allow remote attackers to execute arbitrary code via a long URL ACCEPTED 1 Red Hat Linux 9 Linux kernel Jay Beale Jay Beale Matt Busby 2004-0003 Corrected syntax errors in sql verion of the definition. ACCEPTED Unknown vulnerability in Linux kernel before 2.4.22 allows local users to gain privileges, related to "R128 DRI limits checking. ACCEPTED 1 Red Hat Linux 9 Linux kernel Jay Beale Jay Beale Matt Busby 2004-0010 Corrected syntax errors in sql verion of the definition. ACCEPTED Stack-based buffer overflow in the ncp_lookup function for ncpfs in Linux kernel 2.4.x allows local users to gain privileges ACCEPTED 1 Red Hat Linux 9 Vicam USB driver Jay Beale Jay Beale Matt Busby 2004-0075 Corrected syntax errors in sql verion of the definition. ACCEPTED The Vicam USB driver in Linux before 2.4.25 does not use the copy_from_user function when copying data from userspace to kernel space, which crosses security boundaries and allows local users to cause a denial of service ACCEPTED 1 Red Hat Linux 9 mremap Jay Beale Jay Beale Matt Busby 2004-0077 Corrected syntax errors in sql verion of the definition. ACCEPTED The do_mremap function for the mremap system call in Linux 2.2 to 2.2.25, 2.4 to 2.4.24, and 2.6 to 2.6.2, does not properly check the return value from the do_munmap function when the maximum number of VMA descriptors is exceeded, which allows local users to gain root privileges, a different vulnerability than CAN-2003-0985 ACCEPTED 1 Red Hat Enterprise Linux 3 Mutt Jay Beale Jay Beale Matt Busby 2004-0078 Corrected pattern used in rrt-206 ACCEPTED Buffer overflow in the index menu code (menu_pad_string of menu.c) for Mutt 1.4.1 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain mail messages ACCEPTED 1 Red Hat Linux 9 mod_python Jay Beale Jay Beale Matt Busby 2003-0973 Corrected syntax errors in sql verion of the definition. ACCEPTED Unknown vulnerability in mod_python 3.0.x before 3.0.4, and 2.7.x before 2.7.9, allows remote attackers to cause a denial of service (httpd crash) via a certain query string ACCEPTED 1 Red Hat Enterprise Linux 3 gdk-pixbuf Jay Beale Jay Beale Matt Busby 2004-0111 Corrected pattern used in rrt-206 INTERIM ACCEPTED gdk-pixbuf before 0.20 allows attackers to cause a denial of service (crash) via a malformed bitmap (BMP) file ACCEPTED 1 Red Hat Linux 9 gdk-pixbuf Jay Beale Jay Beale Matt Busby 2004-0111 Corrected pattern used in rrt-206 INTERIM ACCEPTED gdk-pixbuf before 0.20 allows attackers to cause a denial of service (crash) via a malformed bitmap (BMP) file ACCEPTED 1 Red Hat Linux 9 tcpdump Jay Beale Jay Beale 2003-0989 ACCEPTED tcpdump before 3.8.1 allows remote attackers to cause a denial of service (infinite loop) via certain ISAKMP packets, a different vulnerability than CAN-2004-0057 ACCEPTED 1 Red Hat Linux 9 sysstat Jay Beale Jay Beale Matt Busby 2004-0107 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED The (1) post and (2) trigger scripts in sysstat 4.0.7 and earlier allow local users to overwrite arbitrary files via symlink attacks on temporary files, a different vulnerability than CAN-2004-0108 ACCEPTED 1 Red Hat Linux 9 tcpdump Jay Beale Jay Beale 2004-0055 ACCEPTED The print_attr_string function in print-radius.c for tcpdump 3.8.1 and earlier allows remote attackers to cause a denial of service (segmentation fault) via a RADIUS attribute with a large length value ACCEPTED 1 Red Hat Linux 9 tcpdump Jay Beale Jay Beale 2004-0057 ACCEPTED The rawprint function in the ISAKMP decoding routines (print-isakmp.c) for tcpdump 3.8.1 and earlier allows remote attackers to cause a denial of service (segmentation fault) via malformed ISAKMP packets that cause invalid "len" or "loc" values to be used in a loop, a different vulnerability than CAN-2003-0989 ACCEPTED 1 Red Hat Enterprise Linux 3 tcpdump Jay Beale Jay Beale 2003-0989 ACCEPTED tcpdump before 3.8.1 allows remote attackers to cause a denial of service (infinite loop) via certain ISAKMP packets, a different vulnerability than CAN-2004-0057 ACCEPTED 1 Red Hat Enterprise Linux 3 tcpdump Jay Beale Jay Beale 2004-0055 ACCEPTED The print_attr_string function in print-radius.c for tcpdump 3.8.1 and earlier allows remote attackers to cause a denial of service (segmentation fault) via a RADIUS attribute with a large length value ACCEPTED 1 Red Hat Enterprise Linux 3 tcpdump Jay Beale Jay Beale Matt Busby 2004-0057 Corrected pattern used in rrt-206 ACCEPTED The rawprint function in the ISAKMP decoding routines (print-isakmp.c) for tcpdump 3.8.1 and earlier allows remote attackers to cause a denial of service (segmentation fault) via malformed ISAKMP packets that cause invalid "len" or "loc" values to be used in a loop, a different vulnerability than CAN-2003-0989 ACCEPTED 1 Red Hat Linux 9 CVS server Jay Beale Jay Beale Matt Busby 2003-0977 Corrected syntax errors in sql verion of the definition. ACCEPTED CVS server before 1.11.10 may allow attackers to cause the CVS server to create directories and files in the file system root directory via malformed module requests ACCEPTED 1 Red Hat Linux 9 Ethereal Jay Beale Jay Beale Matt Busby 2003-1012 Corrected syntax errors in sql verion of the definition. ACCEPTED The SMB dissector in Ethereal before 0.10.0 allows remote attackers to cause a denial of service via a malformed SMB packet that triggers a segmentation fault during processing of Selected packets ACCEPTED 1 Red Hat Linux 9 Tethereal Jay Beale Jay Beale Matt Busby 2003-1013 Corrected syntax errors in sql verion of the definition. ACCEPTED The Q.931 dissector in Ethereal before 0.10.0, and Tethereal, allows remote attackers to cause a denial of service (crash) via a malformed Q.931, which triggers a null dereference ACCEPTED 1 Red Hat Linux 9 KDE Personal Information Management (kdepim) Jay Beale Jay Beale 2003-0988 ACCEPTED Buffer overflow in the VCF file information reader for KDE Personal Information Management (kdepim) suite in KDE 3.1.0 through 3.1.4 allows attackers to execute arbitrary code via a VCF file ACCEPTED 1 Red Hat Linux 9 Linux kernel Jay Beale Jay Beale Matt Busby 2003-0984 Corrected syntax errors in sql verion of the definition. ACCEPTED Real time clock (RTC) routines in Linux kernel 2.4.23 and earlier do not properly initialize their structures, which could leak kernel data to user space ACCEPTED 1 Red Hat Linux 9 Linux kernel Jay Beale Jay Beale Matt Busby 2003-0985 Corrected syntax errors in sql verion of the definition. ACCEPTED The mremap system call (do_mremap) in Linux kernel 2.4.x before 2.4.21 does not properly perform bounds checks, which allows local users to cause a denial of service and possibly gain privileges by causing a remapping of a virtual memory area (VMA) to create a zero length VMA, a different vulnerability than CAN-2004-0077 ACCEPTED 1 Red Hat Enterprise Linux 3 nfs-utils packages Jay Beale Jay Beale Matt Busby 2004-0154 Corrected syntax errors in sql verion of the definition. Corrected pattern used in rrt-206 INTERIM ACCEPTED rpc.mountd in nfs-utils after 1.0.3 and before 1.0.6 allows attackers to cause a denial of service (crash) via an NFS mount of a directory from a client whose reverse DNS lookup name is different from the forward lookup name ACCEPTED 1 Red Hat Enterprise Linux 3 Sysstat Jay Beale Jay Beale Matt Busby 2004-0107 Corrected syntax errors in sql verion of the definition. Corrected pattern used in rrt-206 INTERIM ACCEPTED The (1) post and (2) trigger scripts in sysstat 4.0.7 and earlier allow local users to overwrite arbitrary files via symlink attacks on temporary files, a different vulnerability than CAN-2004-0108 ACCEPTED 1 Red Hat Linux 9 httpd Jay Beale Matt Busby 2003-0542 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED Multiple stack-based buffer overflows in (1) mod_alias and (2) mod_rewrite for Apache before 1.3.29 allow attackers to create configuration files to cause a denial of service (crash) or execute arbitrary code via a regular expression with more than 9 captures ACCEPTED 1 Red Hat Enterprise Linux 3 Apache Jay Beale Jay Beale Matt Busby 2003-0542 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED Multiple stack-based buffer overflows in (1) mod_alias and (2) mod_rewrite for Apache before 1.3.29 allow attackers to create configuration files to cause a denial of service (crash) or execute arbitrary code via a regular expression with more than 9 captures ACCEPTED 1 Red Hat Enterprise Linux 3 KDE Personal Information Management (kdepim) Jay Beale Jay Beale Matt Busby 2003-0988 Corrected pattern used in rrt-206 INTERIM ACCEPTED Buffer overflow in the VCF file information reader for KDE Personal Information Management (kdepim) suite in KDE 3.1.0 through 3.1.4 allows attackers to execute arbitrary code via a VCF file ACCEPTED 1 Red Hat Enterprise Linux 3 CVS server Jay Beale Jay Beale Matt Busby 2003-0977 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED CVS server before 1.11.10 may allow attackers to cause the CVS server to create directories and files in the file system root directory via malformed module requests ACCEPTED 1 Red Hat Enterprise Linux 3 Linux kernel Matt Busby Matt Busby 2003-0985 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED The mremap system call (do_mremap) in Linux kernel 2.4.x before 2.4.21 does not properly perform bounds checks, which allows local users to cause a denial of service and possibly gain privileges by causing a remapping of a virtual memory area (VMA) to create a zero length VMA, a different vulnerability than CAN-2004-0077 ACCEPTED 1 Red Hat Enterprise Linux 3 Linux kernel Matt Busby Matt Busby 2004-0001 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED Unknown vulnerability in the eflags checking in the 32-bit ptrace emulation for the Linux kernel on AMD64 systems allows local users to gain privileges ACCEPTED 1 Red Hat Enterprise Linux 3 Net-SNMP Matt Busby Matt Busby 2003-0935 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED Net-SNMP before 5.0.9 allows a user or community to access data in MIB objects, even if that data is not allowed to be viewed ACCEPTED 1 Red Hat Enterprise Linux 3 OpenSSL Matt Busby Matt Busby 2004-0079 Corrected syntax errors in sql verion of the definition. Corrected pattern used in rrt-206 INTERIM ACCEPTED The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference ACCEPTED 1 Red Hat Enterprise Linux 3 OpenSSL Matt Busby Matt Busby 2004-0081 Corrected syntax errors in sql verion of the definition. Corrected pattern used in rrt-206 INTERIM ACCEPTED OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool ACCEPTED 1 Red Hat Linux 9 mozilla Jay Beale 2003-0564 INTERIM ACCEPTED Multiple vulnerabilities in multiple vendor implementations of the Secure/Multipurpose Internet Mail Extensions (S/MIME) protocol allow remote attackers to cause a denial of service and possibly execute arbitrary code via an S/MIME email message containing certain unexpected ASN.1 constructs, as demonstrated using the NISSC test suite ACCEPTED 1 Red Hat Linux 9 mozilla Jay Beale 2003-0594 INTERIM ACCEPTED Mozilla allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory traversal sequences in a URL, which causes Mozilla to send the cookie outside the specified URL subsets, e.g. to a vulnerable application that runs on the same server as the target application ACCEPTED 1 Red Hat Linux 9 mozilla Jay Beale 2004-0191 INTERIM ACCEPTED Mozilla before 1.4.2 executes Javascript events in the context of a new page while it is being loaded, allowing it to interact with the previous page (zombie document) and enable cross-domain and cross-site scripting (XSS) attacks, as demonstrated using onmousemove events ACCEPTED 1 Red Hat Enterprise Linux 3 libxml2 Jay Beale 2004-0110 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED Buffer overflow in the (1) nanohttp or (2) nanoftp modules in XMLSoft Libxml2 2.6.0 through 2.6.5 allow remote attackers to execute arbitrary code via a long URL ACCEPTED 1 Red Hat Enterprise Linux 3 httpd Jay Beale 2004-0113 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED Memory leak in ssl_engine_io.c for mod_ssl in Apache 2 before 2.0.49 allows remote attackers to cause a denial of service (memory consumption) via plain HTTP requests to the SSL port of an SSL-enabled server ACCEPTED 1 Red Hat Linux 9 Red Hat 9 Jay Beale 2004-0189 INTERIM ACCEPTED The "%xx" URL decoding function in Squid 2.5STABLE4 and earlier allows remote attackers to bypass url_regex ACLs via a URL with a NULL ("%00") characterm, which causes Squid to use only a portion of the requested URL when comparing it against the access control lists ACCEPTED 1 Red Hat Linux 9 Red Hat 9 Jay Beale 2004-0176 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED Multiple buffer overflows in Ethereal 0.8.13 to 0.10.2 allow remote attackers to cause a denial of service and possibly execute arbitrary code via the (1) NetFlow, (2) IGAP, (3) EIGRP, (4) PGM, (5) IrDA, (6) BGP, (7) ISUP, or (8) TCAP dissectors ACCEPTED 1 Red Hat Linux 9 Red Hat 9 Jay Beale 2004-0365 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED The dissect_attribute_value_pairs function in packet-radius.c for Ethereal 0.8.13 to 0.10.2 allows remote attackers to cause a denial of service (crash) via a malformed RADIUS packet that triggers a null dereference ACCEPTED 1 Red Hat Linux 9 Red Hat 9 Jay Beale 2004-0367 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED Ethereal 0.10.1 to 0.10.2 allows remote attackers to cause a denial of service (crash) via a zero-length Presentation protocol selector ACCEPTED 1 Red Hat Enterprise Linux 3 Red Hat Enteprise Linux 3 Jay Beale 2004-0176 Corrected syntax errors in sql verion of the definition. Corrected pattern used in rrt-206 INTERIM ACCEPTED Multiple buffer overflows in Ethereal 0.8.13 to 0.10.2 allow remote attackers to cause a denial of service and possibly execute arbitrary code via the (1) NetFlow, (2) IGAP, (3) EIGRP, (4) PGM, (5) IrDA, (6) BGP, (7) ISUP, or (8) TCAP dissectors ACCEPTED 1 Red Hat Enterprise Linux 3 Red Hat Enteprise Linux 3 Jay Beale 2004-0365 Corrected syntax errors in sql verion of the definition. Corrected pattern used in rrt-206 INTERIM ACCEPTED The dissect_attribute_value_pairs function in packet-radius.c for Ethereal 0.8.13 to 0.10.2 allows remote attackers to cause a denial of service (crash) via a malformed RADIUS packet that triggers a null dereference ACCEPTED 1 Red Hat Linux 9 OpenSSL Matt Busby Matt Busby 2004-0081 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool ACCEPTED 1 Red Hat Enterprise Linux 3 Red Hat Enteprise Linux 3 Jay Beale 2004-0367 Corrected syntax errors in sql verion of the definition. Corrected pattern used in rrt-206 INTERIM ACCEPTED Ethereal 0.10.1 to 0.10.2 allows remote attackers to cause a denial of service (crash) via a zero-length Presentation protocol selector ACCEPTED 1 Red Hat Enterprise Linux 3 Red Hat Enteprise Linux 3 Jay Beale 2003-0564 Corrected pattern used in rrt-206 INTERIM ACCEPTED Multiple vulnerabilities in multiple vendor implementations of the Secure/Multipurpose Internet Mail Extensions (S/MIME) protocol allow remote attackers to cause a denial of service and possibly execute arbitrary code via an S/MIME email message containing certain unexpected ASN.1 constructs, as demonstrated using the NISSC test suite ACCEPTED 1 Red Hat Enterprise Linux 3 Red Hat Enteprise Linux 3 Jay Beale 2003-0594 Corrected pattern used in rrt-206 INTERIM ACCEPTED Mozilla allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory traversal sequences in a URL, which causes Mozilla to send the cookie outside the specified URL subsets, e.g. to a vulnerable application that runs on the same server as the target application ACCEPTED 1 Red Hat Enterprise Linux 3 OpenSSL Matt Busby Matt Busby 2004-0112 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that causes an out-of-bounds read ACCEPTED 1 Red Hat Enterprise Linux 3 Red Hat Enteprise Linux 3 Jay Beale 2004-0191 Corrected pattern used in rrt-206 INTERIM ACCEPTED Mozilla before 1.4.2 executes Javascript events in the context of a new page while it is being loaded, allowing it to interact with the previous page (zombie document) and enable cross-domain and cross-site scripting (XSS) attacks, as demonstrated using onmousemove events ACCEPTED 1 Red Hat Enterprise Linux 3 Red Hat Enteprise Linux 3 Jay Beale 2004-0424 INTERIM ACCEPTED Integer overflow in the ip_setsockopt function in Linux kernel 2.4.22 through 2.4.25 and 2.6.1 through 2.6.3 allows local users to cause a denial of service (crash) or execute arbitrary code via the MCAST_MSFILTER socket option ACCEPTED 1 Red Hat Enterprise Linux 3 Red Hat Enteprise Linux 3 Jay Beale 2004-0109 INTERIM ACCEPTED Buffer overflow in the ISO9660 file system component for Linux kernel 2.4.x, 2.5.x and 2.6.x , allows local users with physical access to overflow kernel memory and execute arbitrary code via a malformed CD containing a long symbolic link entry ACCEPTED 1 Red Hat Enterprise Linux 3 Red Hat Enteprise Linux 3 Jay Beale 2004-0189 INTERIM ACCEPTED The "%xx" URL decoding function in Squid 2.5STABLE4 and earlier allows remote attackers to bypass url_regex ACLs via a URL with a NULL ("%00") characterm, which causes Squid to use only a portion of the requested URL when comparing it against the access control lists ACCEPTED 1 Red Hat Enterprise Linux 3 Red Hat Enteprise Linux 3 Jay Beale Jay Beale 2004-0155 INTERIM ACCEPTED The KAME IKE Daemon Racoon, when authenticating a peer during Phase 1, validates the X.509 certificate but does not verify the RSA signature authentication, which allows remote attackers to establish unauthorized IP connections or conduct man-in-the-middle attacks using a valid, trusted X.509 certificate ACCEPTED 1 Red Hat Enterprise Linux 3 Red Hat Enteprise Linux 3 Jay Beale Jay Beale 2004-0164 INTERIM ACCEPTED KAME IKE daemon (racoon) does not properly handle hash values, which allows remote attackers to delete certificates via (1) a certain delete message that is not properly handled in isakmp.c or isakmp_inf.c, or (2) a certain INITIAL-CONTACT message that is not properly handled in isakmp_inf.c ACCEPTED 1 Red Hat Enterprise Linux 3 Red Hat Enteprise Linux 3 Jay Beale Jay Beale 2004-0411 INTERIM ACCEPTED The URI handlers in Konqueror for KDE 3.2.2 and earlier do not properly filter "-" characters that begin a hostname in a (1) telnet, (2) rlogin, (3) ssh, or (4) mailto URI, which allows remote attackers to manipulate the options that are passed to the associated programs, possibly to read arbitrary files or execute arbitrary code ACCEPTED 1 Red Hat Enterprise Linux 3 Red Hat Enteprise Linux 3 Jay Beale Jay Beale 2004-0426 INTERIM ACCEPTED rsync before 2.6.1 does not properly sanitize paths when running a read/write daemon without using chroot, which allows remote attackers to write files outside of the module's path ACCEPTED 1 Red Hat Enterprise Linux 3 Red Hat Enteprise Linux 3 Jay Beale 2004-0396 INTERIM ACCEPTED Heap-based buffer overflow in CVS 1.11.x up to 1.11.15, and 1.12.x up to 1.12.7, when using the pserver mechanism allows remote attackers to execute arbitrary code via Entry lines ACCEPTED 1 Red Hat Enterprise Linux 3 Red Hat Enteprise Linux 3 Jay Beale 2004-0421 INTERIM ACCEPTED The Portable Network Graphics library (libpng) 1.0.15 and earlier allows attackers to cause a denial of service (crash) via a malformed PNG image file that triggers an error that causes an out-of-bounds read when creating the error message ACCEPTED 1 Red Hat Enterprise Linux 3 Red Hat Enteprise Linux 3 Jay Beale 2004-0183 INTERIM ACCEPTED TCPDUMP 3.8.1 and earlier allows remote attackers to cause a denial of service (crash) via ISAKMP packets containing a Delete payload with a large number of SPI's, which causes an out-of-bounds read, as demonstrated by the Striker ISAKMP Protocol Test Suite ACCEPTED 1 Red Hat Linux 9 OpenSSL Matt Busby Matt Busby 2004-0079 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference ACCEPTED 1 Red Hat Enterprise Linux 3 Red Hat Enteprise Linux 3 Jay Beale 2004-0184 INTERIM ACCEPTED Integer underflow in the isakmp_id_print for TCPDUMP 3.8.1 and earlier allows remote attackers to cause a denial of service (crash) via an ISAKMP packet with an Identification payload with a length that becomes less than 8 during byte order conversion, which causes an out-of-bounds read, as demonstrated by the Striker ISAKMP Protocol Test Suite ACCEPTED 1 Red Hat Enterprise Linux 3 Red Hat Enteprise Linux 3 Jay Beale 2004-0234 INTERIM ACCEPTED Multiple stack-based buffer overflows in the get_header function in header.c for LHA 1.14 allow remote attackers or local users to execute arbitrary code via long directory or file names in an LHA archive, which triggers the overflow when testing or extracting the archive ACCEPTED 1 Red Hat Enterprise Linux 3 Red Hat Enteprise Linux 3 Jay Beale 2004-0235 INTERIM ACCEPTED Multiple directory traversal vulnerabilities in LHA 1.14 allow remote attackers or local users to create arbitrary files via an LHA archive containing filenames with (1) .. sequences or (2) absolute pathnames with double leading slashes ("//absolute/path") ACCEPTED 1 Red Hat Enterprise Linux 3 Red Hat Enteprise Linux 3 Jay Beale 2004-0233 INTERIM ACCEPTED Utempter allows device names that contain .. (dot dot) directory traversal sequences, which allows local users to overwrite arbitrary files via a symlink attack on device names in combination with an application that trusts the utmp or wtmp files ACCEPTED 1 Red Hat Enterprise Linux 3 Red Hat Enteprise Linux 3 Jay Beale 2004-0541 INTERIM ACCEPTED Buffer overflow in the ntlm_check_auth (NTLM authentication) function for Squid Web Proxy Cache 2.5.x and 3.x, when compiled with NTLM handlers enabled, allows remote attackers to execute arbitrary code via a long password ("pass" variable) ACCEPTED 1 Red Hat Enterprise Linux 3 Red Hat Enteprise Linux 3 Jay Beale 2004-0504 INTERIM ACCEPTED Ethereal 0.10.3 allows remote attackers to cause a denial of service (crash) via certain SIP messages between Hotsip servers and clients ACCEPTED 1 Red Hat Enterprise Linux 3 Red Hat Enteprise Linux 3 Jay Beale Jay Beale 2004-0403 INTERIM ACCEPTED Racoon before 20040408a allows remote attackers to cause a denial of service (memory consumption) via an ISAKMP packet with a large length field ACCEPTED 1 Red Hat Enterprise Linux 3 Red Hat Enteprise Linux 3 Jay Beale 2004-0505 INTERIM ACCEPTED The AIM dissector in Ethereal 0.10.3 allows remote attackers to cause a denial of service (assert error) via unknown attack vectors ACCEPTED 1 Red Hat Enterprise Linux 3 Red Hat Enteprise Linux 3 Jay Beale 2004-0506 INTERIM ACCEPTED The SPNEGO dissector in Ethereal 0.9.8 to 0.10.3 allows remote attackers to cause a denial of service (crash) via unknown attack vectors that cause a null pointer dereference ACCEPTED 1 Red Hat Enterprise Linux 3 Red Hat Enteprise Linux 3 Jay Beale 2004-0507 INTERIM ACCEPTED Buffer overflow in the MMSE dissector for Ethereal 0.10.1 to 0.10.3 allows remote attackers to cause a denial of service and possibly execute arbitrary code ACCEPTED 1 Red Hat Enterprise Linux 3 MIT Kerberos 5 (krb5) Jay Beale 2004-0523 INTERIM ACCEPTED Multiple buffer overflows in krb5_aname_to_localname for MIT Kerberos 5 (krb5) 1.3.3 and earlier allow remote attackers to execute arbitrary code as root ACCEPTED 1 Red Hat Enterprise Linux 3 CVS Jay Beale 2004-0414 INTERIM ACCEPTED CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle malformed "Entry" lines, which prevents a NULL terminator from being used and may lead to a denial of service (crash), modification of critical program data, or arbitrary code execution ACCEPTED 1 Red Hat Enterprise Linux 3 CVS Jay Beale 2004-0416 INTERIM ACCEPTED Double-free vulnerability for the error_prog_name string in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, may allow remote attackers to execute arbitrary code ACCEPTED 1 Red Hat Enterprise Linux 3 Red Hat Enteprise Linux 3 Jay Beale Jay Beale 2003-0461 INTERIM INTERIM ACCEPTED /proc/tty/driver/serial in Linux 2.4.x reveals the exact number of characters used in serial links, which could allow local users to obtain potentially sensitive information such as the length of passwords ACCEPTED 1 Red Hat Enterprise Linux 3 CVS Jay Beale 2004-0417 INTERIM ACCEPTED Integer overflow in the "Max-dotdot" CVS protocol command (serve_max_dotdot) for CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, may allow remote attackers to cause a server crash, which could cause temporary data to remain undeleted and consume disk space ACCEPTED 1 Red Hat Enterprise Linux 3 CVS Jay Beale 2004-0418 INTERIM ACCEPTED serve_notify in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle empty data lines, which may allow remote attackers to perform an "out-of-bounds" write for a single byte to execute arbitrary code or modify critical program data ACCEPTED 1 Red Hat Enterprise Linux 3 SquirrelMail Jay Beale 2004-0519 INTERIM ACCEPTED Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.2 allow remote attackers to execute arbitrary script as other users and possibly steal authentication information via multiple attack vectors, including the mailbox parameter in compose.php ACCEPTED 0 Red Hat Enterprise Linux 3 SquirrelMail Jay Beale 2004-0520 INTERIM ACCEPTED Cross-site scripting (XSS) vulnerability in mime.php for SquirrelMail before 1.4.3 allows remote attackers to insert arbitrary HTML and script via the content-type mail header, as demonstrated using read_body.php ACCEPTED 0 Red Hat Enterprise Linux 3 Red Hat Enteprise Linux 3 Jay Beale Jay Beale 2003-0984 INTERIM ACCEPTED Real time clock (RTC) routines in Linux kernel 2.4.23 and earlier do not properly initialize their structures, which could leak kernel data to user space ACCEPTED 2 Red Hat Enterprise Linux 3 Red Hat Enteprise Linux 3 Jay Beale Jay Beale 2004-0003 INTERIM ACCEPTED Unknown vulnerability in Linux kernel before 2.4.22 allows local users to gain privileges, related to "R128 DRI limits checking. ACCEPTED 1 Red Hat Enterprise Linux 3 SquirrelMail Jay Beale 2004-0521 INTERIM ACCEPTED SQL injection vulnerability in SquirrelMail before 1.4.3 RC1 allows remote attackers to execute unauthorized SQL statements, with unknown impact, probably via abook_database.php ACCEPTED 0 Red Hat Enterprise Linux 3 Red Hat Enteprise Linux 3 Jay Beale Jay Beale 2004-0010 INTERIM ACCEPTED Stack-based buffer overflow in the ncp_lookup function for ncpfs in Linux kernel 2.4.x allows local users to gain privileges ACCEPTED 2 Red Hat Enterprise Linux 3 Red Hat Enteprise Linux 3 Jay Beale 2004-0180 INTERIM ACCEPTED The client for CVS before 1.11 allows a remote malicious CVS server to create arbitrary files using certain RCS diff files that use absolute pathnames during checkouts or updates, a different vulnerability than CAN-2004-0405 ACCEPTED 1 Red Hat Linux 9 OpenSSL Matt Busby Matt Busby 2004-0112 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that causes an out-of-bounds read ACCEPTED 1 Red Hat Enterprise Linux 3 Red Hat Enteprise Linux 3 Jay Beale 2004-0405 INTERIM ACCEPTED CVS before 1.11 allows CVS clients to read arbitrary files via .. (dot dot) sequences in filenames via CVS client requests, a different vulnerability than CAN-2004-0180 ACCEPTED 1 Red Hat Enterprise Linux 3 Red Hat Enteprise Linux 3 Jay Beale 2004-0179 INTERIM ACCEPTED Multiple format string vulnerabilities in (1) neon 0.24.4 and earlier, and other products that use neon including (2) Cadaver, (3) Subversion, or (4) OpenOffice, allow remote malicious WebDAV servers to execute arbitrary code ACCEPTED 1 Red Hat Enterprise Linux 3 FreeRADIUS Jay Beale 2004-0938 DRAFT INTERIM ACCEPTED FreeRADIUS before 1.0.1 allows remote attackers to cause a denial of service (server crash) by sending an Ascend-Send-Secret attribute without the required leading packet ACCEPTED 1 Red Hat Enterprise Linux 3 Linux kernel Jay Beale 2004-0427 DRAFT INTERIM ACCEPTED The do_fork function in Linux 2.4.x before 2.4.26, and 2.6.x before 2.6.6, does not properly decrement the mm_count counter when an error occurs after the mm_struct for a child process has been activated, which triggers a memory leak that allows local users to cause a denial of service (memory exhaustion) via the clone (CLONE_VM) system call ACCEPTED 1 Red Hat Enterprise Linux 3 Linux kernel Jay Beale 2004-0554 DRAFT INTERIM ACCEPTED Linux kernel 2.4.x and 2.6.x for x86 allows local users to cause a denial of service (system crash), possibly via an infinite loop that triggers a signal handler with a certain sequence of fsave and frstor instructions, as originally demonstrated using a "crash.c" program ACCEPTED 1 Red Hat Enterprise Linux 3 Linux kernel Jay Beale 2004-0495 DRAFT INTERIM ACCEPTED Multiple unknown vulnerabilities in Linux kernel 2.4 and 2.6 allow local users to gain privileges or access kernel memory, as found by the Sparse source code checking tool ACCEPTED 1 Red Hat Enterprise Linux 3 libpng Jay Beale 2002-1363 DRAFT INTERIM ACCEPTED Portable Network Graphics (PNG) library libpng 1.2.5 and earlier does not correctly calculate offsets, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a buffer overflow attack on the row buffers ACCEPTED 1 OR OR AND OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR AND OR AND OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR AND OR OR OR AND OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR AND OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR ^.*rhnsd.*$ /bin/mount 1 /bin/mount 1 /usr/bin/telnet 1 /usr/bin/telnet 1 /usr/bin/telnet 1 /usr/kerberos/bin/telnet 1 /usr/kerberos/bin/telnet 1 /usr/kerberos/bin/telnet 1 /usr/bin/rlogin 1 /usr/bin/rlogin 1 /usr/bin/rlogin 1 /usr/kerberos/bin/rlogin 1 /usr/kerberos/bin/rlogin 1 /usr/kerberos/bin/rlogin 1 /usr/bin/ssh 1 /usr/bin/ssh 1 /usr/bin/ssh 1 /usr/bin/kmail 1 /usr/bin/kmail 1 /usr/bin/kmail 1 /usr/bin/cvs 1 /usr/bin/cvs 1 /usr/bin/cvs 1 /proc/tty/driver/serial 1 /proc/tty/driver/ 1 /proc/tty/ 1 /proc/ 1 /usr/bin/oocalc 1 /usr/bin/oocalc 1 /usr/bin/oocalc 1 /usr/bin/oodraw 1 /usr/bin/oodraw 1 /usr/bin/oodraw 1 /usr/bin/oofice 1 /usr/bin/oofice 1 /usr/bin/oofice 1 /usr/bin/ooimpress 1 /usr/bin/ooimpress 1 /usr/bin/ooimpress 1 /usr/bin/oowriter 1 /usr/bin/oowriter 1 /usr/bin/oowriter 1 /usr/sbin/tcpdump 1 /usr/sbin/tcpdump 1 /usr/sbin/tcpdump 1 /usr/bin/lha 1 /usr/bin/lha 1 /usr/bin/lha 1 /usr/sbin/utempter 1 /usr/sbin/utempter 1 /usr/sbin/utempter 1 /usr/sbin/utempter 1 /usr/bin/balsa 1 /usr/bin/balsa 1 /usr/bin/balsa 1 /usr/bin/eog 1 /usr/bin/eog 1 /usr/bin/eog 1 /usr/bin/gs 1 /usr/bin/gs 1 /usr/bin/gs 1 /usr/bin/gnupg 1 /usr/bin/gnupg 1 /usr/bin/evolution 1 /usr/bin/evolution 1 /usr/bin/evolution 1 /usr/bin/kdm 1 /usr/bin/kdm 1 /usr/bin/kdm 1 /usr/bin/konqueror 1 /usr/bin/konqueror 1 /usr/bin/konqueror 1 /usr/libexec/filters/psbanner 1 /usr/bin/mutt 1 /usr/bin/mutt 1 /usr/bin/mutt 1 /usr/bin/pine 1 /usr/bin/pine 1 /usr/bin/pine 1 /usr/bin/emacs 1 /usr/bin/emacs 1 /usr/bin/emacs 1 /usr/bin/xemacs 1 /usr/bin/xemacs 1 /usr/bin/xemacs 1 /usr/sbin/sendmail.sendmail 1 /usr/sbin/sendmail.sendmail 1 /usr/sbin/sendmail.sendmail 1 /usr/sbin/sendmail.sendmail 1 /usr/bin/unzip 1 /usr/bin/unzip 1 /usr/bin/unzip 1 /usr/bin/xpdf 1 /usr/bin/xpdf 1 /usr/bin/xpdf 1 /usr/bin/411toppm 1 /usr/bin/411toppm 1 /usr/bin/411toppm 1 /usr/bin/asciitopgm 1 /usr/bin/asciitopgm 1 /usr/bin/asciitopgm 1 /usr/bin/atktopbm 1 /usr/bin/atktopbm 1 /usr/bin/atktopbm 1 /usr/bin/bioradtopgm 1 /usr/bin/bioradtopgm 1 /usr/bin/bioradtopgm 1 /usr/bin/bmptoppm 1 /usr/bin/bmptoppm 1 /usr/bin/bmptoppm 1 /usr/bin/brushtopbm 1 /usr/bin/brushtopbm 1 /usr/bin/brushtopbm 1 /usr/bin/cmuwmtopbm 1 /usr/bin/cmuwmtopbm 1 /usr/bin/cmuwmtopbm 1 /usr/bin/eyuvtoppm 1 /usr/bin/eyuvtoppm 1 /usr/bin/eyuvtoppm 1 /usr/bin/fiascotopnm 1 /usr/bin/fiascotopnm 1 /usr/bin/fiascotopnm 1 /usr/bin/fitstopnm 1 /usr/bin/fitstopnm 1 /usr/bin/fitstopnm 1 /usr/bin/fstopgm 1 /usr/bin/fstopgm 1 /usr/bin/fstopgm 1 /usr/bin/g3topbm 1 /usr/bin/g3topbm 1 /usr/bin/g3topbm 1 /usr/bin/gemtopbm 1 /usr/bin/gemtopbm 1 /usr/bin/gemtopbm 1 /usr/bin/gemtopnm 1 /usr/bin/gemtopnm 1 /usr/bin/gemtopnm 1 /usr/bin/giftopnm 1 /usr/bin/giftopnm 1 /usr/bin/giftopnm 1 /usr/bin/gouldtoppm 1 /usr/bin/gouldtoppm 1 /usr/bin/gouldtoppm 1 /usr/bin/hipstopgm 1 /usr/bin/hipstopgm 1 /usr/bin/hipstopgm 1 /usr/bin/hpcdtoppm 1 /usr/bin/hpcdtoppm 1 /usr/bin/hpcdtoppm 1 /usr/bin/icontopbm 1 /usr/bin/icontopbm 1 /usr/bin/icontopbm 1 /usr/bin/ilbmtoppm 1 /usr/bin/ilbmtoppm 1 /usr/bin/ilbmtoppm 1 /usr/bin/imgtoppm 1 /usr/bin/imgtoppm 1 /usr/bin/imgtoppm 1 /usr/bin/jpegtopnm 1 /usr/bin/jpegtopnm 1 /usr/bin/jpegtopnm 1 /usr/bin/leaftoppm 1 /usr/bin/leaftoppm 1 /usr/bin/leaftoppm 1 /usr/bin/lispmtopgm 1 /usr/bin/lispmtopgm 1 /usr/bin/lispmtopgm 1 /usr/bin/macptopbm 1 /usr/bin/macptopbm 1 /usr/bin/macptopbm 1 /usr/bin/mdatopbm 1 /usr/bin/mdatopbm 1 /usr/bin/mdatopbm 1 /usr/bin/mgrtopbm 1 /usr/bin/mgrtopbm 1 /usr/bin/mgrtopbm 1 /usr/bin/mtvtoppm 1 /usr/bin/mtvtoppm 1 /usr/bin/mtvtoppm 1 /usr/bin/neotoppm 1 /usr/bin/neotoppm 1 /usr/bin/neotoppm 1 /usr/bin/palmtopnm 1 /usr/bin/palmtopnm 1 /usr/bin/palmtopnm 1 /usr/bin/pamchannel 1 /usr/bin/pamchannel 1 /usr/bin/pamchannel 1 /usr/bin/pamcut 1 /usr/bin/pamcut 1 /usr/bin/pamcut 1 /usr/bin/pamdeinterlace 1 /usr/bin/pamdeinterlace 1 /usr/bin/pamdeinterlace 1 /usr/bin/pamfile 1 /usr/bin/pamfile 1 /usr/bin/pamfile 1 /usr/bin/pamoil 1 /usr/bin/pamoil 1 /usr/bin/pamoil 1 /usr/bin/pamstretch 1 /usr/bin/pamstretch 1 /usr/bin/pamstretch 1 /usr/bin/pamtopnm 1 /usr/bin/pamtopnm 1 /usr/bin/pamtopnm 1 /usr/bin/pbmclean 1 /usr/bin/pbmclean 1 /usr/bin/pbmclean 1 /usr/bin/pbmlife 1 /usr/bin/pbmlife 1 /usr/bin/pbmlife 1 /usr/bin/pbmmake 1 /usr/bin/pbmmake 1 /usr/bin/pbmmake 1 /usr/bin/pbmmask 1 /usr/bin/pbmmask 1 /usr/bin/pbmmask 1 /usr/bin/pbmpage 1 /usr/bin/pbmpage 1 /usr/bin/pbmpage 1 /usr/bin/pbmpscale 1 /usr/bin/pbmpscale 1 /usr/bin/pbmpscale 1 /usr/bin/pbmreduce 1 /usr/bin/pbmreduce 1 /usr/bin/pbmreduce 1 /usr/bin/pbmtext 1 /usr/bin/pbmtext 1 /usr/bin/pbmtext 1 /usr/bin/pbmto10x 1 /usr/bin/pbmto10x 1 /usr/bin/pbmto10x 1 /usr/bin/pbmto4425 1 /usr/bin/pbmto4425 1 /usr/bin/pbmto4425 1 /usr/bin/pbmtoascii 1 /usr/bin/pbmtoascii 1 /usr/bin/pbmtoascii 1 /usr/bin/pbmtoatk 1 /usr/bin/pbmtoatk 1 /usr/bin/pbmtoatk 1 /usr/bin/pbmtobbnbg 1 /usr/bin/pbmtobbnbg 1 /usr/bin/pbmtobbnbg 1 /usr/bin/pbmtocmuwm 1 /usr/bin/pbmtocmuwm 1 /usr/bin/pbmtocmuwm 1 /usr/bin/pbmtoepsi 1 /usr/bin/pbmtoepsi 1 /usr/bin/pbmtoepsi 1 /usr/bin/pbmtoepson 1 /usr/bin/pbmtoepson 1 /usr/bin/pbmtoepson 1 /usr/bin/pbmtog3 1 /usr/bin/pbmtog3 1 /usr/bin/pbmtog3 1 /usr/bin/pbmtogem 1 /usr/bin/pbmtogem 1 /usr/bin/pbmtogem 1 /usr/bin/pbmtogo 1 /usr/bin/pbmtogo 1 /usr/bin/pbmtogo 1 /usr/bin/pbmtoicon 1 /usr/bin/pbmtoicon 1 /usr/bin/pbmtoicon 1 /usr/bin/pbmtolj 1 /usr/bin/pbmtolj 1 /usr/bin/pbmtolj 1 /usr/bin/pbmtoln03 1 /usr/bin/pbmtoln03 1 /usr/bin/pbmtoln03 1 /usr/bin/pbmtolps 1 /usr/bin/pbmtolps 1 /usr/bin/pbmtolps 1 /usr/bin/pbmtomacp 1 /usr/bin/pbmtomacp 1 /usr/bin/pbmtomacp 1 /usr/bin/pbmtomda 1 /usr/bin/pbmtomda 1 /usr/bin/pbmtomda 1 /usr/bin/pbmtomgr 1 /usr/bin/pbmtomgr 1 /usr/bin/pbmtomgr 1 /usr/bin/pbmtonokia 1 /usr/bin/pbmtonokia 1 /usr/bin/pbmtonokia 1 /usr/bin/pbmtopgm 1 /usr/bin/pbmtopgm 1 /usr/bin/pbmtopgm 1 /usr/bin/pbmtopi3 1 /usr/bin/pbmtopi3 1 /usr/bin/pbmtopi3 1 /usr/bin/pbmtopk 1 /usr/bin/pbmtopk 1 /usr/bin/pbmtopk 1 /usr/bin/pbmtoplot 1 /usr/bin/pbmtoplot 1 /usr/bin/pbmtoplot 1 /usr/bin/pbmtoppa 1 /usr/bin/pbmtoppa 1 /usr/bin/pbmtoppa 1 /usr/bin/pbmtopsg3 1 /usr/bin/pbmtopsg3 1 /usr/bin/pbmtopsg3 1 /usr/bin/pbmtoptx 1 /usr/bin/pbmtoptx 1 /usr/bin/pbmtoptx 1 /usr/bin/pbmtowbmp 1 /usr/bin/pbmtowbmp 1 /usr/bin/pbmtowbmp 1 /usr/bin/pbmtox10bm 1 /usr/bin/pbmtox10bm 1 /usr/bin/pbmtox10bm 1 /usr/bin/pbmtoxbm 1 /usr/bin/pbmtoxbm 1 /usr/bin/pbmtoxbm 1 /usr/bin/pbmtoybm 1 /usr/bin/pbmtoybm 1 /usr/bin/pbmtoybm 1 /usr/bin/pbmtozinc 1 /usr/bin/pbmtozinc 1 /usr/bin/pbmtozinc 1 /usr/bin/pbmupc 1 /usr/bin/pbmupc 1 /usr/bin/pbmupc 1 /usr/bin/pcxtoppm 1 /usr/bin/pcxtoppm 1 /usr/bin/pcxtoppm 1 /usr/bin/pgmbentley 1 /usr/bin/pgmbentley 1 /usr/bin/pgmbentley 1 /usr/bin/pgmcrater 1 /usr/bin/pgmcrater 1 /usr/bin/pgmcrater 1 /usr/bin/pgmedge 1 /usr/bin/pgmedge 1 /usr/bin/pgmedge 1 /usr/bin/pgmenhance 1 /usr/bin/pgmenhance 1 /usr/bin/pgmenhance 1 /usr/bin/pgmhist 1 /usr/bin/pgmhist 1 /usr/bin/pgmhist 1 /usr/bin/pgmkernel 1 /usr/bin/pgmkernel 1 /usr/bin/pgmkernel 1 /usr/bin/pgmnoise 1 /usr/bin/pgmnoise 1 /usr/bin/pgmnoise 1 /usr/bin/pgmnorm 1 /usr/bin/pgmnorm 1 /usr/bin/pgmnorm 1 /usr/bin/pgmoil 1 /usr/bin/pgmoil 1 /usr/bin/pgmoil 1 /usr/bin/pgmramp 1 /usr/bin/pgmramp 1 /usr/bin/pgmramp 1 /usr/bin/pgmslice 1 /usr/bin/pgmslice 1 /usr/bin/pgmslice 1 /usr/bin/pgmtexture 1 /usr/bin/pgmtexture 1 /usr/bin/pgmtexture 1 /usr/bin/pgmtofs 1 /usr/bin/pgmtofs 1 /usr/bin/pgmtofs 1 /usr/bin/pgmtolispm 1 /usr/bin/pgmtolispm 1 /usr/bin/pgmtolispm 1 /usr/bin/pgmtopbm 1 /usr/bin/pgmtopbm 1 /usr/bin/pgmtopbm 1 /usr/bin/pgmtoppm 1 /usr/bin/pgmtoppm 1 /usr/bin/pgmtoppm 1 /usr/bin/pi1toppm 1 /usr/bin/pi1toppm 1 /usr/bin/pi1toppm 1 /usr/bin/pi3topbm 1 /usr/bin/pi3topbm 1 /usr/bin/pi3topbm 1 /usr/bin/pjtoppm 1 /usr/bin/pjtoppm 1 /usr/bin/pjtoppm 1 /usr/bin/pktopbm 1 /usr/bin/pktopbm 1 /usr/bin/pktopbm 1 /usr/bin/pngtopnm 1 /usr/bin/pngtopnm 1 /usr/bin/pngtopnm 1 /usr/bin/pnmalias 1 /usr/bin/pnmalias 1 /usr/bin/pnmalias 1 /usr/bin/pnmarith 1 /usr/bin/pnmarith 1 /usr/bin/pnmarith 1 /usr/bin/pnmcat 1 /usr/bin/pnmcat 1 /usr/bin/pnmcat 1 /usr/bin/pnmcolormap 1 /usr/bin/pnmcolormap 1 /usr/bin/pnmcolormap 1 /usr/bin/pnmcomp 1 /usr/bin/pnmcomp 1 /usr/bin/pnmcomp 1 /usr/bin/pnmconvol 1 /usr/bin/pnmconvol 1 /usr/bin/pnmconvol 1 /usr/bin/pnmcrop 1 /usr/bin/pnmcrop 1 /usr/bin/pnmcrop 1 /usr/bin/pnmcut 1 /usr/bin/pnmcut 1 /usr/bin/pnmcut 1 /usr/bin/pnmdepth 1 /usr/bin/pnmdepth 1 /usr/bin/pnmdepth 1 /usr/bin/pnmenlarge 1 /usr/bin/pnmenlarge 1 /usr/bin/pnmenlarge 1 /usr/bin/pnmfile 1 /usr/bin/pnmfile 1 /usr/bin/pnmfile 1 /usr/bin/pnmflip 1 /usr/bin/pnmflip 1 /usr/bin/pnmflip 1 /usr/bin/pnmgamma 1 /usr/bin/pnmgamma 1 /usr/bin/pnmgamma 1 /usr/bin/pnmhisteq 1 /usr/bin/pnmhisteq 1 /usr/bin/pnmhisteq 1 /usr/bin/pnmhistmap 1 /usr/bin/pnmhistmap 1 /usr/bin/pnmhistmap 1 /usr/bin/pnminterp 1 /usr/bin/pnminterp 1 /usr/bin/pnminterp 1 /usr/bin/pnminvert 1 /usr/bin/pnminvert 1 /usr/bin/pnminvert 1 /usr/bin/pnmmontage 1 /usr/bin/pnmmontage 1 /usr/bin/pnmmontage 1 /usr/bin/pnmnlfilt 1 /usr/bin/pnmnlfilt 1 /usr/bin/pnmnlfilt 1 /usr/bin/pnmnoraw 1 /usr/bin/pnmnoraw 1 /usr/bin/pnmnoraw 1 /usr/bin/pnmpad 1 /usr/bin/pnmpad 1 /usr/bin/pnmpad 1 /usr/bin/pnmpaste 1 /usr/bin/pnmpaste 1 /usr/bin/pnmpaste 1 /usr/bin/pnmpsnr 1 /usr/bin/pnmpsnr 1 /usr/bin/pnmpsnr 1 /usr/bin/pnmremap 1 /usr/bin/pnmremap 1 /usr/bin/pnmremap 1 /usr/bin/pnmrotate 1 /usr/bin/pnmrotate 1 /usr/bin/pnmrotate 1 /usr/bin/pnmscale 1 /usr/bin/pnmscale 1 /usr/bin/pnmscale 1 /usr/bin/pnmscalefixed 1 /usr/bin/pnmscalefixed 1 /usr/bin/pnmscalefixed 1 /usr/bin/pnmshear 1 /usr/bin/pnmshear 1 /usr/bin/pnmshear 1 /usr/bin/pnmsmooth 1 /usr/bin/pnmsmooth 1 /usr/bin/pnmsmooth 1 /usr/bin/pnmsplit 1 /usr/bin/pnmsplit 1 /usr/bin/pnmsplit 1 /usr/bin/pnmtile 1 /usr/bin/pnmtile 1 /usr/bin/pnmtile 1 /usr/bin/pnmtoddif 1 /usr/bin/pnmtoddif 1 /usr/bin/pnmtoddif 1 /usr/bin/pnmtofiasco 1 /usr/bin/pnmtofiasco 1 /usr/bin/pnmtofiasco 1 /usr/bin/pnmtofits 1 /usr/bin/pnmtofits 1 /usr/bin/pnmtofits 1 /usr/bin/pnmtojpeg 1 /usr/bin/pnmtojpeg 1 /usr/bin/pnmtojpeg 1 /usr/bin/pnmtopalm 1 /usr/bin/pnmtopalm 1 /usr/bin/pnmtopalm 1 /usr/bin/pnmtoplainpnm 1 /usr/bin/pnmtoplainpnm 1 /usr/bin/pnmtoplainpnm 1 /usr/bin/pnmtopng 1 /usr/bin/pnmtopng 1 /usr/bin/pnmtopng 1 /usr/bin/pnmtops 1 /usr/bin/pnmtops 1 /usr/bin/pnmtops 1 /usr/bin/pnmtorast 1 /usr/bin/pnmtorast 1 /usr/bin/pnmtorast 1 /usr/bin/pnmtorle 1 /usr/bin/pnmtorle 1 /usr/bin/pnmtorle 1 /usr/bin/pnmtosgi 1 /usr/bin/pnmtosgi 1 /usr/bin/pnmtosgi 1 /usr/bin/pnmtosir 1 /usr/bin/pnmtosir 1 /usr/bin/pnmtosir 1 /usr/bin/pnmtotiff 1 /usr/bin/pnmtotiff 1 /usr/bin/pnmtotiff 1 /usr/bin/pnmtotiffcmyk 1 /usr/bin/pnmtotiffcmyk 1 /usr/bin/pnmtotiffcmyk 1 /usr/bin/pnmtoxwd 1 /usr/bin/pnmtoxwd 1 /usr/bin/pnmtoxwd 1 /usr/bin/ppm3d 1 /usr/bin/ppm3d 1 /usr/bin/ppm3d 1 /usr/bin/ppmbrighten 1 /usr/bin/ppmbrighten 1 /usr/bin/ppmbrighten 1 /usr/bin/ppmchange 1 /usr/bin/ppmchange 1 /usr/bin/ppmchange 1 /usr/bin/ppmcie 1 /usr/bin/ppmcie 1 /usr/bin/ppmcie 1 /usr/bin/ppmcolormask 1 /usr/bin/ppmcolormask 1 /usr/bin/ppmcolormask 1 /usr/bin/ppmcolors 1 /usr/bin/ppmcolors 1 /usr/bin/ppmcolors 1 /usr/bin/ppmdim 1 /usr/bin/ppmdim 1 /usr/bin/ppmdim 1 /usr/bin/ppmdist 1 /usr/bin/ppmdist 1 /usr/bin/ppmdist 1 /usr/bin/ppmdither 1 /usr/bin/ppmdither 1 /usr/bin/ppmdither 1 /usr/bin/ppmflash 1 /usr/bin/ppmflash 1 /usr/bin/ppmflash 1 /usr/bin/ppmforge 1 /usr/bin/ppmforge 1 /usr/bin/ppmforge 1 /usr/bin/ppmhist 1 /usr/bin/ppmhist 1 /usr/bin/ppmhist 1 /usr/bin/ppmlabel 1 /usr/bin/ppmlabel 1 /usr/bin/ppmlabel 1 /usr/bin/ppmmake 1 /usr/bin/ppmmake 1 /usr/bin/ppmmake 1 /usr/bin/ppmmix 1 /usr/bin/ppmmix 1 /usr/bin/ppmmix 1 /usr/bin/ppmnorm 1 /usr/bin/ppmnorm 1 /usr/bin/ppmnorm 1 /usr/bin/ppmntsc 1 /usr/bin/ppmntsc 1 /usr/bin/ppmntsc 1 /usr/bin/ppmpat 1 /usr/bin/ppmpat 1 /usr/bin/ppmpat 1 /usr/bin/ppmquant 1 /usr/bin/ppmquant 1 /usr/bin/ppmquant 1 /usr/bin/ppmqvga 1 /usr/bin/ppmqvga 1 /usr/bin/ppmqvga 1 /usr/bin/ppmrelief 1 /usr/bin/ppmrelief 1 /usr/bin/ppmrelief 1 /usr/bin/ppmshift 1 /usr/bin/ppmshift 1 /usr/bin/ppmshift 1 /usr/bin/ppmspread 1 /usr/bin/ppmspread 1 /usr/bin/ppmspread 1 /usr/bin/ppmtoacad 1 /usr/bin/ppmtoacad 1 /usr/bin/ppmtoacad 1 /usr/bin/ppmtobmp 1 /usr/bin/ppmtobmp 1 /usr/bin/ppmtobmp 1 /usr/bin/ppmtoeyuv 1 /usr/bin/ppmtoeyuv 1 /usr/bin/ppmtoeyuv 1 /usr/bin/ppmtogif 1 /usr/bin/ppmtogif 1 /usr/bin/ppmtogif 1 /usr/bin/ppmtoicr 1 /usr/bin/ppmtoicr 1 /usr/bin/ppmtoicr 1 /usr/bin/ppmtoilbm 1 /usr/bin/ppmtoilbm 1 /usr/bin/ppmtoilbm 1 /usr/bin/ppmtojpeg 1 /usr/bin/ppmtojpeg 1 /usr/bin/ppmtojpeg 1 /usr/bin/ppmtoleaf 1 /usr/bin/ppmtoleaf 1 /usr/bin/ppmtoleaf 1 /usr/bin/ppmtolj 1 /usr/bin/ppmtolj 1 /usr/bin/ppmtolj 1 /usr/bin/ppmtomitsu 1 /usr/bin/ppmtomitsu 1 /usr/bin/ppmtomitsu 1 /usr/bin/ppmtompeg 1 /usr/bin/ppmtompeg 1 /usr/bin/ppmtompeg 1 /usr/bin/ppmtoneo 1 /usr/bin/ppmtoneo 1 /usr/bin/ppmtoneo 1 /usr/bin/ppmtopcx 1 /usr/bin/ppmtopcx 1 /usr/bin/ppmtopcx 1 /usr/bin/ppmtopgm 1 /usr/bin/ppmtopgm 1 /usr/bin/ppmtopgm 1 /usr/bin/ppmtopi1 1 /usr/bin/ppmtopi1 1 /usr/bin/ppmtopi1 1 /usr/bin/ppmtopict 1 /usr/bin/ppmtopict 1 /usr/bin/ppmtopict 1 /usr/bin/ppmtopj 1 /usr/bin/ppmtopj 1 /usr/bin/ppmtopj 1 /usr/bin/ppmtopjxl 1 /usr/bin/ppmtopjxl 1 /usr/bin/ppmtopjxl 1 /usr/bin/ppmtopuzz 1 /usr/bin/ppmtopuzz 1 /usr/bin/ppmtopuzz 1 /usr/bin/ppmtorgb3 1 /usr/bin/ppmtorgb3 1 /usr/bin/ppmtorgb3 1 /usr/bin/ppmtosixel 1 /usr/bin/ppmtosixel 1 /usr/bin/ppmtosixel 1 /usr/bin/ppmtotga 1 /usr/bin/ppmtotga 1 /usr/bin/ppmtotga 1 /usr/bin/ppmtouil 1 /usr/bin/ppmtouil 1 /usr/bin/ppmtouil 1 /usr/bin/ppmtowinicon 1 /usr/bin/ppmtowinicon 1 /usr/bin/ppmtowinicon 1 /usr/bin/ppmtoxpm 1 /usr/bin/ppmtoxpm 1 /usr/bin/ppmtoxpm 1 /usr/bin/ppmtoyuv 1 /usr/bin/ppmtoyuv 1 /usr/bin/ppmtoyuv 1 /usr/bin/ppmtoyuvsplit 1 /usr/bin/ppmtoyuvsplit 1 /usr/bin/ppmtoyuvsplit 1 /usr/bin/ppmtv 1 /usr/bin/ppmtv 1 /usr/bin/ppmtv 1 /usr/bin/psidtopgm 1 /usr/bin/psidtopgm 1 /usr/bin/psidtopgm 1 /usr/bin/pstopnm 1 /usr/bin/pstopnm 1 /usr/bin/pstopnm 1 /usr/bin/qrttoppm 1 /usr/bin/qrttoppm 1 /usr/bin/qrttoppm 1 /usr/bin/rasttopnm 1 /usr/bin/rasttopnm 1 /usr/bin/rasttopnm 1 /usr/bin/rawtopgm 1 /usr/bin/rawtopgm 1 /usr/bin/rawtopgm 1 /usr/bin/rawtoppm 1 /usr/bin/rawtoppm 1 /usr/bin/rawtoppm 1 /usr/bin/rgb3toppm 1 /usr/bin/rgb3toppm 1 /usr/bin/rgb3toppm 1 /usr/bin/rletopnm 1 /usr/bin/rletopnm 1 /usr/bin/rletopnm 1 /usr/bin/sbigtopgm 1 /usr/bin/sbigtopgm 1 /usr/bin/sbigtopgm 1 /usr/bin/sgitopnm 1 /usr/bin/sgitopnm 1 /usr/bin/sgitopnm 1 /usr/bin/sirtopnm 1 /usr/bin/sirtopnm 1 /usr/bin/sirtopnm 1 /usr/bin/sldtoppm 1 /usr/bin/sldtoppm 1 /usr/bin/sldtoppm 1 /usr/bin/spctoppm 1 /usr/bin/spctoppm 1 /usr/bin/spctoppm 1 /usr/bin/spottopgm 1 /usr/bin/spottopgm 1 /usr/bin/spottopgm 1 /usr/bin/sputoppm 1 /usr/bin/sputoppm 1 /usr/bin/sputoppm 1 /usr/bin/tgatoppm 1 /usr/bin/tgatoppm 1 /usr/bin/tgatoppm 1 /usr/bin/thinkjettopbm 1 /usr/bin/thinkjettopbm 1 /usr/bin/thinkjettopbm 1 /usr/bin/tifftopnm 1 /usr/bin/tifftopnm 1 /usr/bin/tifftopnm 1 /usr/bin/wbmptopbm 1 /usr/bin/wbmptopbm 1 /usr/bin/wbmptopbm 1 /usr/bin/winicontoppm 1 /usr/bin/winicontoppm 1 /usr/bin/winicontoppm 1 /usr/bin/xbmtopbm 1 /usr/bin/xbmtopbm 1 /usr/bin/xbmtopbm 1 /usr/bin/ximtoppm 1 /usr/bin/ximtoppm 1 /usr/bin/ximtoppm 1 /usr/bin/xpmtoppm 1 /usr/bin/xpmtoppm 1 /usr/bin/xpmtoppm 1 /usr/bin/xvminitoppm 1 /usr/bin/xvminitoppm 1 /usr/bin/xvminitoppm 1 /usr/bin/xwdtopnm 1 /usr/bin/xwdtopnm 1 /usr/bin/xwdtopnm 1 /usr/bin/ybmtopbm 1 /usr/bin/ybmtopbm 1 /usr/bin/ybmtopbm 1 /usr/bin/yuvsplittoppm 1 /usr/bin/yuvsplittoppm 1 /usr/bin/yuvsplittoppm 1 /usr/bin/yuvtoppm 1 /usr/bin/yuvtoppm 1 /usr/bin/yuvtoppm 1 /usr/bin/zeisstopnm 1 /usr/bin/zeisstopnm 1 /usr/bin/zeisstopnm 1 /usr/X11R6/bin/XFree86 1 /usr/X11R6/bin/XFree86 1 /usr/X11R6/bin/XFree86 1 /usr/bin/gaim 1 /usr/bin/gaim 1 /usr/bin/gaim 1 /usr/bin/slocate 1 /usr/bin/slocate 1 /usr/bin/mc 1 /usr/bin/mc 1 /usr/bin/mc 1 /usr/sbin/tcpdump 1 /usr/sbin/tcpdump 1 /usr/sbin/tcpdump 1 / 1 /usr/bin/ethereal 1 /usr/bin/ethereal 1 /usr/bin/ethereal 1 /usr/sbin/ethereal 1 /usr/sbin/ethereal 1 /usr/sbin/ethereal 1 /usr/sbin/tethereal 1 /usr/sbin/tethereal 1 /usr/sbin/tethereal 1 /usr/share/services/kfile_vcf.desktop 1 /usr/share/services/kfile_vcf.desktop 1 /usr/share/services/kfile_vcf.desktop 1 /usr/bin/mozilla 1 /usr/bin/mozilla 1 /usr/bin/mozilla 1 /usr/bin/ethereal 1 /usr/bin/ethereal 1 /usr/bin/ethereal 1 /usr/sbin/ethereal 1 /usr/sbin/ethereal 1 /usr/sbin/ethereal 1 /usr/bin/tethereal 1 /usr/bin/tethereal 1 /usr/bin/tethereal 1 /etc/httpd/modules/libphp4.so ^.*cupsd.* ^.*httpd.* ^.*httpd\.worker.* ^.*lpd.* ^.*mysqld.* ^.*rpc\.mountd.* ^.*sshd.* ^.*smtpd.* ^.*smbd.* TCP ^.*smbd.* ^.*sendmail.* TCP ^.*sendmail.* ^.*vsftpd.* TCP ^.*xinetd.* ^.*ypserv.* 1720 .* ^.*httpd.* TCP ^.*httpd TCP ^.*rpc\.mountd ^.*snmpd.* ^.*squid.* ^.*racoon UDP ^.*squid 1812 .*/radiusd udp redhat-release 9 NULL kernel 6 2.4.20 redhat-release ^3.S redhat-release ^.*3.S php ^i.*86 2.4.20-6 x86_64 FreeRADIUS NULL 1.0.1 1 earlier balsa NULL 2.0.6 2 earlier cups NULL 1.1.17 13.3 earlier ddskk NULL 11.6.0 11.90 earlier ddskk-xemacs NULL 11.6.0 11.90 earlier eog NULL 2.2.0 2 earlier ethereal NULL 0.9.11 0.90.1 earlier ethereal NULL 0.9.13 1.90.1 earlier ethereal-gnome NULL 0.9.13 1.90.1 earlier evolution NULL 1.2.2 5 earlier gdm 1 2.4.1.3 5.1 earlier ghostscript NULL 7.05 32.1 earlier gnupg NULL 1.2.1 4 earlier gtkhtml NULL 1.1.9 0.9 earlier gtkhtml NULL 1.1.9 0.9.1 earlier httpd NULL 2.0.40 21.1 earlier httpd NULL 2.0.40 21.5 earlier kdebase 6 3.1 15 earlier krb5-server NULL 1.2.7 14 earlier krb5-libs NULL 1.2.7 14 earlier krb5-workstation NULL 1.2.7 14 earlier kernel NULL 2.4.20 13.9 earlier kernel NULL 2.4.20 18.9 earlier kernel NULL 2.4.20 19.9 earlier kdelibs 6 3.1 12 earlier lprng NULL 3.8.19 3.1 earlier lv NULL 4.49.4 9.9.1 earlier mutt 5 1.4.1 1 earlier mysql-server NULL 3.23.56 1.9 earlier nfs-utils NULL 1.0.1 3.9 earlier openssh-server NULL 3.5p1 6.9 earlier openssh-server NULL 3.5p1 11 earlier openssl NULL 0.9.7a 5 earlier openssl-devel NULL 0.9.7a 5 earlier openssl-perl NULL 0.9.7a 5 earlier openssl096 NULL 0.9.6 17 earlier openssl096b NULL 0.9.6b 6 earlier pam_smb NULL 1.1.6 9.9 earlier perl-CGI 2 2.81 88.3 earlier php NULL 4.2.2 17.2 earlier pine NULL 4.44 19.90.0 earlier postfix 2 1.1.12 1 earlier samba NULL 2.2.7a 7.9.0 earlier samba NULL 2.2.7a 8.9.0 earlier wl NULL 2.10.1 1.1 earlier wl-xemacs NULL 2.10.1 1.1 earlier sendmail NULL 8.12.8 5.90 earlier sendmail NULL 8.12.8 9.90 earlier sendmail NULL 8.12.8 6.90 earlier squirrelmail NULL 1.2.11 1 earlier unzip NULL 5.50 33 earlier up2date NULL 3.1.23.1 5 earlier vsftpd NULL 1.1.3 8 earlier xinetd 2 2.3.11 1.9.0 earlier xpdf 1 2.0.1 11 earlier ypserv NULL 2.8 0.9E earlier pwlib NULL 1.4.7 4.1 earlier netpbm NULL 9.24 10.90.1 earlier netpbm-devel NULL 9.24 10.90.1 earlier netpbm-progs NULL 9.24 10.90.1 earlier XFree86 NULL 4.3.0 2.90.55 earlier netpbm NULL 9.24 11.30.1 earlier netpbm-devel NULL 9.24 11.30.1 earlier netpbm-progs NULL 9.24 11.30.1 earlier mutt 5 1.4.1 3.3 earlier mailman 3 2.1.1 5 earlier gaim 1 0.75 0.9.0 earlier slocate NULL 2.7 2 earlier mc 1 4.6.0 7.9 earlier kdelibs 6 3.1 13 earlier kernel NULL 2.4.21 9.0.1.EL earlier kernel-smp NULL 2.4.21 9.0.1.EL earlier kernel-hugemem NULL 2.4.21 9.0.1.EL earlier pwlib NULL 1.4.7 7.EL earlier samba NULL 3.0.2 6.3E earlier mod_python NULL 3.0.1 4 earlier XFree86 NULL 4.3.0 55.EL earlier libxml2 NULL 2.5.10 6 earlier libxml2-devel NULL 2.5.10 6 earlier libxml2-python NULL 2.5.10 6 earlier kernel NULL 2.4.20 30.9 earlier kernel-smp NULL 2.4.20 30.9 earlier kernel-bigmem NULL 2.4.20 30.9 earlier mutt 5 1.4.1 3.4 earlier gdk-pixbuf 1 0.22.0 6.0.3 earlier gdk-pixbuf-devel 1 0.22.0 6.0.3 earlier gdk-pixbuf-gnome 1 0.22.0 6.0.3 earlier gdk-pixbuf 1 0.22.0 6.1.0 earlier gdk-pixbuf-devel 1 0.22.0 6.1.0 earlier gdk-pixbuf-gnome 1 0.22.0 6.1.0 earlier tcpdump 14 3.7.2 7.9.1 earlier sysstat NULL 4.0.7 4.rhl9.1 earlier tcpdump 14 3.7.2 7.E3.1 earlier cvs NULL 1.11.2 13 earlier ethereal NULL 0.10.0a 0.90.1 earlier ethereal=gnome NULL 0.10.0a 0.90.1 earlier kdepim 6 3.1 6 earlier kernel NULL 2.4.20 28.9 earlier kernel-smp NULL 2.4.20 28.9 earlier kernel-bigmem NULL 2.4.20 28.9 earlier nfs-utils NULL 1.0.6 7.EL earlier sysstat NULL 4.0.7 4.EL3.2 earlier httpd NULL 2.0.40 21.9 earlier httpd NULL 2.0.46 26.ent earlier kdepim 6 3.1.3 3.3 earlier cvs NULL 1.11.2 14 earlier kernel NULL 2.4.21 4.0.2.EL earlier kernel-smp NULL 2.4.21 4.0.2.EL earlier kernel-bigmem NULL 2.4.21 4.0.2.EL earlier kernel NULL 2.4.21 9.EL earlier net-snmp NULL 5.0.9 2.30E.1 earlier openssl NULL 0.9.7a 33.4 earlier openssl-devel NULL 0.9.7a 33.4 earlier openssl-perl NULL 0.9.7a 33.4 earlier openssl096b NULL 0.9.6b 16 earlier mozilla-nss 37 1.4.2 0.9.0 earlier mozilla 37 1.4.2 0.9.0 earlier openssl NULL 0.9.7a 20.2 earlier openssl-devel NULL 0.9.7a 20.2 earlier openssl-perl NULL 0.9.7a 20.2 earlier openssl096 NULL 0.9.6 25.9 earlier openssl096b NULL 0.9.6b 15 earlier mod_ssl NULL 2.0.46 32.ent earlier squid 7 2.5STABLE1 3.9 earlier ethereal NULL 0.10.3 0.90.1 earlier ethereal-gnome NULL 0.10.3 0.90.1 earlier ethereal NULL 0.10.3 0.30E.1 earlier ethereal-gnome NULL 0.10.3 0.30E.1 earlier mozilla-nss 37 1.4.2 3.0.2 earlier kernel NULL 2.4.21 9.0.3.EL earlier kernel-smp NULL 2.4.21 9.0.3.EL earlier kernel-hugemem NULL 2.4.21 9.0.3.EL earlier squid 7 2.5.STABLE3 5.3E earlier ipsec-tools NULL 0.2.5 0.4 earlier kdelibs 6 3.1.3 6.4 earlier rsync NULL 2.5.7 4.3E earlier cvs NULL 1.11.2 22 earlier libpng 2 1.2.2 21 earlier libpng-devel 2 1.2.2 21 earlier libpng NULL 1.0.13 12 earlier libpng-devel NULL 1.0.13 12 earlier kernel NULL 2.4.21 15.EL earlier kernel-unsupported NULL 2.4.21 15.EL earlier cvs NULL 1.11.2 18 earlier openoffice NULL 1.1.0 15.EL earlier tcpdump 14 3.7.2 7.E3.2 earlier lha NULL 1.14i 10.2 earlier utempter NULL 0.5.5 1.3EL.0 earlier squid 7 2.5.STABLE3 6.3E earlier ethereal NULL 0.10.3 0.30E.2 earlier ethereal-gnome NULL 0.10.3 0.30E.2 earlier krb5-libs NULL 1.2.7 24 earlier cvs NULL 1.11.2 24 earlier squirrelmail NULL 1.4.3 0.e3.1 earlier kernel 0 2.4.21 15.0.2.EL earlier kernel-hugemem 0 2.4.21 15.0.2.EL earlier kernel-smp 0 2.4.21 15.0.2.EL earlier libpng 2 1.2.2 24 earlier libpng-devel 2 1.2.2 24 earlier libpng10-devel 0 1.0.13 14 earlier libpng10 0 1.0.13 14 earlier