Red Hat Linux 9 Mutt Jay Beale 2003-0140 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED Buffer overflow in Mutt 1.4.0 and possibly earlier versions, 1.5.x up to 1.5.3, and other programs that use Mutt code such as Balsa before 2.0.10, allows a remote malicious IMAP server to cause a denial of service (crash) and possibly execute arbitrary code via a crafted folder ACCEPTED 1 Red Hat Linux 9 CUPS Jay Beale 2003-0195 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED CUPS before 1.1.19 allows remote attackers to cause a denial of service via a partial printing request to the IPP port (631), which does not time out ACCEPTED 1 Red Hat Linux 9 skk Jay Beale 2003-0539 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED skk (Simple Kana to Kanji conversion program) 12.1 and earlier, and the ddskk package which is based on skk, creates temporary files insecurely, which allows local users to overwrite arbitrary files ACCEPTED 1 Red Hat Linux 9 EOG Jay Beale 2003-0165 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED Format string vulnerability in Eye Of Gnome (EOG) allows attackers to execute arbitrary code via format string specifiers in a command line argument for the file to display ACCEPTED 1 Red Hat Linux 9 Ethereal Jay Beale 2003-0081 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED Format string vulnerability in packet-socks.c of the SOCKS dissector for Ethereal 0.8.7 through 0.9.9 allows remote attackers to execute arbitrary code via SOCKS packets containing format string specifiers ACCEPTED 1 Red Hat Linux 9 Ethereal Jay Beale 2003-0159 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED Heap-based buffer overflow in the NTLMSSP code for Ethereal 0.9.9 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code ACCEPTED 1 Red Hat Linux 9 Ethereal Jay Beale Jay Beale 2003-0356 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED Multiple off-by-one vulnerabilities in Ethereal 0.9.11 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via the (1) AIM, (2) GIOP Gryphon, (3) OSPF, (4) PPTP, (5) Quake, (6) Quake2, (7) Quake3, (8) Rsync, (9) SMB, (10) SMPP, and (11) TSP dissectors, which do not properly use the tvb_get_nstringz and tvb_get_nstringz0 functions ACCEPTED 1 Red Hat Linux 9 Ethereal Jay Beale Jay Beale 2003-0357 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED Multiple integer overflow vulnerabilities in Ethereal 0.9.11 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via the (1) Mount and (2) PPP dissectors ACCEPTED 1 Red Hat Linux 9 Ethereal Jay Beale Jay Beale 2003-0428 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED Unknown vulnerability in the DCERPC (DCE/RPC) dissector in Ethereal 0.9.12 and earlier allows remote attackers to cause a denial of service (memory consumption) via a certain NDR string ACCEPTED 1 Red Hat Linux 9 Ethereal Jay Beale Jay Beale 2003-0429 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED The OSI dissector in Ethereal 0.9.12 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via invalid IPv4 or IPv6 prefix lengths, possibly triggering a buffer overflow ACCEPTED 1 Red Hat Linux 9 Ethereal Jay Beale Jay Beale 2003-0430 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED The SPNEGO dissector in Ethereal 0.9.12 and earlier allows remote attackers to cause a denial of service (crash) via an invalid ASN.1 value ACCEPTED 1 Red Hat Linux 9 Ethereal Jay Beale Jay Beale 2003-0431 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED The tvb_get_nstringz0 function in Ethereal 0.9.12 and earlier does not properly handle a zero-length buffer size, with unknown consequences ACCEPTED 1 Red Hat Linux 9 Ethereal Jay Beale Jay Beale 2003-0432 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED Ethereal 0.9.12 and earlier does not handle certain strings properly, with unknown consequences, in the (1) BGP, (2) WTP, (3) DNS, (4) 802.11, (5) ISAKMP, (6) WSP, (7) CLNP, (8) ISIS, and (9) RMI dissectors ACCEPTED 1 Red Hat Linux 9 Ximian Evolution Jay Beale 2003-0128 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED The try_uudecoding function in mail-format.c for Ximian Evolution Mail User Agent 1.2.2 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a malicious uuencoded (UUE) header, possibly triggering a heap-based buffer overflow ACCEPTED 1 Red Hat Linux 9 Ximian Evolution Jay Beale 2003-0129 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED Ximian Evolution Mail User Agent 1.2.2 and earlier allows remote attackers to cause a denial of service (memory consumption) via a mail message that is uuencoded multiple times ACCEPTED 1 Red Hat Linux 9 Ximian Evolution Jay Beale 2003-0130 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED The handle_image function in mail-format.c for Ximian Evolution Mail User Agent 1.2.2 and earlier does not properly escape HTML characters, which allows remote attackers inject arbitrary data and HTML via a MIME Content-ID header in a MIME-encoded image ACCEPTED 1 Red Hat Linux 9 GDM Jay Beale 2003-0547 INTERIM ACCEPTED GDM before 2.4.1.6, when using the "examine session errors" feature, allows local users to read arbitrary files via a symlink attack on the ~/.xsession-errors file ACCEPTED 1 Red Hat Linux 9 GDM Jay Beale 2003-0548 INTERIM ACCEPTED The X Display Manager Control Protocol (XDMCP) support for GDM before 2.4.1.6 allows attackers to cause a denial of service (daemon crash) when a chosen host expires, a different issue than CAN-2003-0549 ACCEPTED 1 Red Hat Linux 9 GDM Jay Beale 2003-0549 INTERIM ACCEPTED The X Display Manager Control Protocol (XDMCP) support for GDM before 2.4.1.6 allows attackers to cause a denial of service (daemon crash) via a short authorization key name ACCEPTED 1 Red Hat Linux 9 GNU Ghostscript Jay Beale Jay Beale 2003-0354 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED Unknown vulnerability in GNU Ghostscript before 7.07 allows attackers to execute arbitrary commands, even when -dSAFER is enabled, via a PostScript file that causes the commands to be executed from a malicious print job ACCEPTED 1 Red Hat Linux 9 GnuPG Jay Beale 2003-0255 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED The key validation code in GnuPG before 1.2.2 does not properly determine the validity of keys with multiple user IDs and assigns the greatest validity of the most valid user ID, which prevents GnuPG from warning the encrypting user when a user ID does not have a trusted path ACCEPTED 1 Red Hat Linux 9 GtkHTML Jay Beale 2003-0133 INTERIM ACCEPTED GtkHTML, as included in Evolution before 1.2.4, allows remote attackers to cause a denial of service (crash) via certain malformed messages ACCEPTED 1 Red Hat Linux 9 GtkHTML Jay Beale 2003-0541 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED gtkhtml before 1.1.10, as used in Evolution, allows remote attackers to cause a denial of service (crash) via a malformed message that causes a null pointer dereference ACCEPTED 1 Red Hat Linux 9 Apache Jay Beale 2003-0020 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED Apache does not filter terminal escape sequences from its error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences ACCEPTED 1 Red Hat Linux 9 Apache Jay Beale 2003-0083 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED Apache 1.3 before 1.3.25 and Apache 2.0 before version 2.0.46 does not filter terminal escape sequences from its access logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences, a different vulnerability than CAN-2003-0020 ACCEPTED 1 Red Hat Linux 9 Apache Jay Beale 2003-0132 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED A memory leak in Apache 2.0 through 2.0.44 allows remote attackers to cause a denial of service (memory consumption) via large chunks of linefeed characters, which causes Apache to allocate 80 bytes for each linefeed ACCEPTED 1 Red Hat Linux 9 Apache Jay Beale 2003-0192 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED Apache 2 before 2.0.47, and certain versions of mod_ssl for Apache 1.3, do not properly handle "certain sequences of per-directory renegotiations and the SSLCipherSuite directive being used to upgrade from a weak ciphersuite to a strong one," which could cause Apache to use the weak ciphersuite ACCEPTED 1 Red Hat Linux 9 Apache Jay Beale 2003-0253 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED The prefork MPM in Apache 2 before 2.0.47 does not properly handle certain errors from accept, which could lead to a denial of service ACCEPTED 1 Red Hat Linux 9 Apache Jay Beale 2003-0254 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED Apache 2 before 2.0.47, when running on an IPv6 host, allows attackers to cause a denial of service (CPU consumption by infinite loop) when the FTP proxy server fails to create an IPv6 socket ACCEPTED 1 Red Hat Linux 9 KDM Jay Beale 2003-0690 INTERIM ACCEPTED KDM in KDE 3.1.3 and earlier does not verify whether the pam_setcred function call succeeds, which may allow attackers to gain root privileges by triggering error conditions within PAM modules, as demonstrated in certain configurations of the MIT pam_krb5 module ACCEPTED 1 Red Hat Linux 9 KDM Jay Beale 2003-0692 INTERIM ACCEPTED KDM in KDE 3.1.3 and earlier uses a weak session cookie generation algorithm that does not provide 128 bits of entropy, which allows attackers to guess session cookies via brute force methods and gain access to the user session ACCEPTED 1 Red Hat Linux 9 krb5 Jay Beale 2003-0028 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED Integer overflow in the xdrmem_getbytes() function, and possibly other functions, of XDR (external data representation) libraries derived from SunRPC, including libnsl, libc, glibc, and dietlibc, allows remote attackers to execute arbitrary code via certain integer values in length fields, a different vulnerability than CAN-2002-0391 ACCEPTED 1 Red Hat Linux 9 krb5 Jay Beale 2003-0082 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED The Key Distribution Center (KDC) in Kerberos 5 (krb5) 1.2.7 and earlier allows remote, authenticated attackers to cause a denial of service (crash) on KDCs within the same realm using a certain protocol request that causes the KDC to corrupt its heap (aka "buffer underrun") ACCEPTED 1 Red Hat Linux 9 krb5 Jay Beale 2003-0138 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED Version 4 of the Kerberos protocol (krb4), as used in Heimdal and other packages, allows an attacker to impersonate any principal in a realm via a chosen-plaintext attack ACCEPTED 1 Red Hat Linux 9 krb5 Jay Beale 2003-0139 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED Certain weaknesses in the implementation of version 4 of the Kerberos protocol (krb4) in the krb5 distribution, when triple-DES keys are used to key krb4 services, allow an attacker to create krb4 tickets for unauthorized principals using a cut-and-paste attack and "ticket splicing. ACCEPTED 1 Red Hat Linux 9 Linux kernel Jay Beale 2003-0127 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED The kernel module loader in Linux kernel 2.2.x before 2.2.25, and 2.4.x before 2.4.21, allows local users to gain root privileges by using ptrace to attach to a child process that is spawned by the kernel ACCEPTED 1 Red Hat Linux 9 Netfilter Jay Beale 2003-0187 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED The connection tracking core of Netfilter for Linux 2.4.20, with CONFIG_IP_NF_CONNTRACK enabled or the ip_conntrack module loaded, allows remote attackers to cause a denial of service (resource consumption) due to an inconsistency with Linux 2.4.20's support of linked lists, which causes Netfilter to fail to identify connections with an UNCONFIRMED status and use large timeouts ACCEPTED 1 Red Hat Linux 9 Netfilter Jay Beale 2003-0244 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED The route cache implementation in Linux 2.4, and the Netfilter IP conntrack module, allows remote attackers to cause a denial of service (CPU consumption) via packets with forged source addresses that cause a large number of hash table collisions ACCEPTED 1 Red Hat Linux 9 Linux kernel Jay Beale 2003-0246 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED The ioperm system call in Linux kernel 2.4.20 and earlier does not properly restrict privileges, which allows local users to gain read or write access to certain I/O ports ACCEPTED 1 Red Hat Linux 9 Linux kernel Jay Beale 2003-0247 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED Unknown vulnerability in the TTY layer of the Linux kernel 2.4 allows attackers to cause a denial of service ("kernel oops") ACCEPTED 1 Red Hat Linux 9 Linux kernel Jay Beale 2003-0248 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED The mxcsr code in Linux kernel 2.4 allows attackers to modify CPU state registers via a malformed address ACCEPTED 1 Red Hat Linux 9 Linux kernel Jay Beale 2003-0364 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED The TCP/IP fragment reassembly handling in the Linux kernel 2.4 allows remote attackers to cause a denial of service (CPU consumption) via certain packets that cause a large number of hash table collisions ACCEPTED 1 Red Hat Linux 9 /proc/tty/driver/serial Jay Beale 2003-0461 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED /proc/tty/driver/serial in Linux 2.4.x reveals the exact number of characters used in serial links, which could allow local users to obtain potentially sensitive information such as the length of passwords ACCEPTED 1 Red Hat Linux 9 Linux kernel Jay Beale 2003-0462 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED A race condition in the way env_start and env_end pointers are initialized in the execve system call and used in fs/proc/base.c on Linux 2.4 allows local users to cause a denial of service (crash) ACCEPTED 1 Red Hat Linux 9 Linux kernel Jay Beale 2003-0464 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED The RPC code in Linux kernel 2.4 sets the reuse flag when sockets are created, which could allow local users to bind to UDP ports that are used by privileged services such as nfsd ACCEPTED 1 Red Hat Linux 9 Linux kernel Jay Beale 2003-0476 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED The execve system call in Linux 2.4.x records the file descriptor of the executable process in the file table of the calling process, which allows local users to gain read access to restricted file descriptors ACCEPTED 1 Red Hat Linux 9 Linux kernel Jay Beale 2003-0501 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED The /proc filesystem in Linux allows local users to obtain sensitive information by opening various entries in /proc/self before executing a setuid program, which causes the program to fail to change the ownership and permissions of those entries ACCEPTED 1 Red Hat Linux 9 Linux kernel Jay Beale 2003-0550 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED The STP protocol, as enabled in Linux 2.4.x, does not provide sufficient security by design, which allows attackers to modify the bridge topology ACCEPTED 1 Red Hat Linux 9 Linux kernel Jay Beale 2003-0551 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED The STP protocol implementation in Linux 2.4.x does not properly verify certain lengths, which could allow attackers to cause a denial of service ACCEPTED 1 Red Hat Linux 9 Linux kernel Jay Beale 2003-0552 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED Linux 2.4.x allows remote attackers to spoof the bridge Forwarding table via forged packets whose source addresses are the same as the target ACCEPTED 1 Red Hat Linux 9 Linux kernel Jay Beale 2003-0619 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED Integer signedness error in the decode_fh function of nfs3xdr.c in Linux kernel before 2.4.21 allows remote attackers to cause a denial of service (kernel panic) via a negative size value within XDR data of an NFSv3 procedure call ACCEPTED 1 Red Hat Linux 9 Linux kernel Jay Beale 2003-0699 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED The C-Media PCI sound driver in Linux before 2.4.21 does not use the get_user function to access userspace, which crosses security boundaries and may facilitate the exploitation of vulnerabilities, a different vulnerability than CAN-2003-0700 ACCEPTED 1 Red Hat Linux 9 Linux kernel Jay Beale 2003-0700 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED The C-Media PCI sound driver in Linux before 2.4.22 does not use the get_user function to access userspace in certain conditions, which crosses security boundaries and may facilitate the exploitation of vulnerabilities, a different vulnerability than CAN-2003-0699 ACCEPTED 1 Red Hat Linux 9 Konqueror Jay Beale 2003-0459 INTERIM ACCEPTED KDE Konqueror for KDE 3.1.2 and earlier does not remove authentication credentials from URLs of the "user:password@host" form in the HTTP-Referer header, which could allow remote web sites to steal the credentials for pages that link to the sites ACCEPTED 1 Red Hat Linux 9 LPRng Jay Beale 2003-0136 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED psbanner in the LPRng package allows local users to overwrite arbitrary files via a symbolic link attack on the /tmp/before file ACCEPTED 1 Red Hat Linux 9 lv Jay Beale 2003-0188 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED lv reads a .lv file from the current working directory, which allows local users to execute arbitrary commands as other lv users by placing malicious .lv files into other directories ACCEPTED 1 Red Hat Linux 9 Mutt Jay Beale 2003-0140 INTERIM ACCEPTED Buffer overflow in Mutt 1.4.0 and possibly earlier versions, 1.5.x up to 1.5.3, and other programs that use Mutt code such as Balsa before 2.0.10, allows a remote malicious IMAP server to cause a denial of service (crash) and possibly execute arbitrary code via a crafted folder ACCEPTED 1 Red Hat Linux 9 MySQL Jay Beale 2003-0073 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED Double-free vulnerability in mysqld for MySQL before 3.23.55 allows attackers with MySQL access to cause a denial of service (crash) via mysql_change_user ACCEPTED 1 Red Hat Linux 9 MySQL Jay Beale 2003-0150 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED MySQL 3.23.55 and earlier creates world-writeable files and allows mysql users to gain root privileges by using the "SELECT * INFO OUTFILE" operator to overwrite a configuration file and cause mysql to run as root upon restart, as demonstrated by modifying my.cnf ACCEPTED 1 Red Hat Linux 9 nfs-utils Jay Beale 2003-0252 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED Off-by-one error in the xlog function of mountd in the Linux NFS utils package (nfs-utils) before 1.0.4 allows remote attackers to cause a denial of service and possibly execute arbitrary code via certain RPC requests to mountd that do not contain newlines ACCEPTED 1 Red Hat Linux 9 OpenSSH Jay Beale Jay Beale 2003-0190 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED OpenSSH-portable (OpenSSH) 3.6.1p1 and earlier with PAM support enabled immediately sends an error message when a user does not exist, which allows remote attackers to determine valid usernames via a timing attack ACCEPTED 1 Red Hat Linux 9 OpenSSH Jay Beale 2003-0682 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED "Memory bugs" in OpenSSH 3.7.1 and earlier, with unknown impact, a different set of vulnerabilities than CAN-2003-0693 and CAN-2003-0695 ACCEPTED 1 Red Hat Linux 9 OpenSSH Jay Beale 2003-0693 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED A "buffer management error" in buffer_append_space of buffer.c for OpenSSH before 3.7 may allow remote attackers to execute arbitrary code by causing an incorrect amount of memory to be freed and corrupting the heap, a different vulnerability than CAN-2003-0695 ACCEPTED 1 Red Hat Linux 9 OpenSSH Jay Beale 2003-0695 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED Multiple "buffer management errors" in OpenSSH before 3.7.1 may allow attackers to cause a denial of service or execute arbitrary code using (1) buffer_init in buffer.c, (2) buffer_free in buffer.c, or (3) a separate function in channels.c, a different vulnerability than CAN-2003-0693 ACCEPTED 1 Red Hat Linux 9 OpenSSL Jay Beale 2003-0131 Corrected syntax errors in sql verion of the definition. Added cmp-914 which uses an or to combine the 5 version tests. Previously the tests had been combined with an and. INTERIM ACCEPTED The SSL and TLS components for OpenSSL 0.9.6i and earlier, 0.9.7, and 0.9.7a allow remote attackers to perform an unauthorized RSA private key operation via a modified Bleichenbacher attack that uses a large number of SSL or TLS connections using PKCS #1 v1.5 padding that cause OpenSSL to leak information regarding the relationship between ciphertext and the associated plaintext, aka the "Klima-Pokorny-Rosa attack. ACCEPTED 1 Red Hat Linux 9 OpenSSL Jay Beale 2003-0147 Corrected syntax errors in sql verion of the definition. Added cmp-914 which uses an or to combine the 5 version tests. Previously the tests had been combined with an and. INTERIM ACCEPTED OpenSSL does not use RSA blinding by default, which allows local and remote attackers to obtain the server's private key by determining factors using timing differences on (1) the number of extra reductions during Montgomery reduction, and (2) the use of different integer multiplication algorithms ("Karatsuba" and normal) ACCEPTED 1 Red Hat Linux 9 pam_smb Jay Beale 2003-0686 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED Buffer overflow in PAM SMB module (pam_smb) 1.1.6 and earlier, when authenticating to a remote service, allows remote attackers to execute arbitrary code ACCEPTED 1 Red Hat Linux 9 CGI.pm Jay Beale 2003-0615 INTERIM ACCEPTED Cross-site scripting (XSS) vulnerability in start_form() of CGI.pm allows remote attackers to insert web script via a URL that is fed into the form's action parameter ACCEPTED 1 Red Hat Linux 9 php Jay Beale Jay Beale 2003-0442 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED Cross-site scripting (XSS) vulnerability in the transparent SID support capability for PHP before 4.3.2 (session.use_trans_sid) allows remote attackers to insert arbitrary script via the PHPSESSID parameter ACCEPTED 1 Red Hat Linux 9 pine Jay Beale 2003-0720 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED Buffer overflow in PINE before 4.58 allows remote attackers to execute arbitrary code via a malformed message/external-body MIME type ACCEPTED 1 Red Hat Linux 9 pine Jay Beale 2003-0721 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED Integer signedness error in rfc2231_get_param from strings.c in PINE before 4.58 allows remote attackers to execute arbitrary code via an email that causes an out-of-bounds array access using a negative number ACCEPTED 1 Red Hat Linux 9 Postfix Jay Beale 2003-0468 INTERIM ACCEPTED Postfix 1.1.11 and earlier allows remote attackers to use Postfix to conduct "bounce scans" or DDos attacks of other hosts via an email address to the local host containing the target IP address and service name followed by a "!" string, which causes Postfix to attempt to use SMTP to communicate with the target on the associated port ACCEPTED 1 Red Hat Linux 9 Postfix Jay Beale 2003-0540 INTERIM ACCEPTED The address parser code in Postfix 1.1.12 and earlier allows remote attackers to cause a denial of service (lock) via (1) a malformed envelope address to a local host that would generate a bounce and contains the ".!" string in the MAIL FROM or Errors-To headers, which causes nqmgr to lock up, or (2) via a valid MAIL FROM with a RCPT TO containing a ".!" string, which causes an instance of the SMTP listener to lock up ACCEPTED 1 Red Hat Linux 9 smbd Jay Beale 2003-0085 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED Buffer overflow in the SMB/CIFS packet fragment re-assembly code for SMB daemon (smbd) in Samba before 2.2.8, and Samba-TNG before 0.3.1, allows remote attackers to execute arbitrary code ACCEPTED 1 Red Hat Linux 9 Samba Jay Beale 2003-0086 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED The code for writing reg files in Samba before 2.2.8 allows local users to overwrite arbitrary files via a race condition involving chown ACCEPTED 1 Red Hat Linux 9 Samba Jay Beale 2003-0196 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED Multiple buffer overflows in Samba before 2.2.8a may allow remote attackers to execute arbitrary code or cause a denial of service, as discovered by the Samba team and a different vulnerability than CAN-2003-0201 ACCEPTED 1 Red Hat Linux 9 Samba, Samba-TNG Jay Beale 2003-0201 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED Buffer overflow in the call_trans2open function in trans2.c for Samba 2.2.x before 2.2.8a, 2.0.10 and earlier 2.0.x versions, and Samba-TNG before 0.3.2, allows remote attackers to execute arbitrary code ACCEPTED 1 Red Hat Linux 9 semi MIME library Jay Beale Jay Beale 2003-0440 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED The (1) semi MIME library 1.14.5 and earlier, and (2) wemi 1.14.0 and possibly other versions, allows local users to overwrite arbitrary files via a symlink attack on temporary files ACCEPTED 1 Red Hat Linux 9 Sendmail Jay Beale 2003-0694 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED The prescan function in Sendmail 8.12.9 allows remote attackers to execute arbitrary code via buffer overflow attacks, as demonstrated using the parseaddr function in parseaddr.c ACCEPTED 1 Red Hat Linux 9 Sendmail Jay Beale 2003-0681 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED A "potential buffer overflow in ruleset parsing" for Sendmail 8.12.9, when using the nonstandard rulesets (1) recipient (2), final, or (3) mailer-specific envelope recipients, has unknown consequences ACCEPTED 1 Red Hat Linux 9 Sendmail Jay Beale 2003-0688 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED The DNS map code in Sendmail 8.12.8 and earlier, when using the "enhdnsbl" feature, does not properly initialize certain data structures, which allows remote attackers to cause a denial of service (process crash) via an invalid DNS response that causes Sendmail to free incorrect data ACCEPTED 1 Red Hat Linux 9 Sendmail Jay Beale 2003-0694 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED The prescan function in Sendmail 8.12.9 allows remote attackers to execute arbitrary code via buffer overflow attacks, as demonstrated using the parseaddr function in parseaddr.c ACCEPTED 1 Red Hat Linux 9 SquirrelMail Jay Beale 2003-0160 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail before 1.2.11 allow remote attackers to inject arbitrary HTML code and steal information from a client's web browser ACCEPTED 1 Red Hat Linux 9 unzip Jay Beale 2003-0282 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED Directory traversal vulnerability in UnZip 5.50 allows attackers to overwrite arbitrary files via invalid characters between two . (dot) characters, which are filtered and result in a ".." sequence ACCEPTED 1 Red Hat Linux 9 up2date Jay Beale 2003-0546 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED up2date 3.0.7 and 3.1.23 does not properly verify RPM GPG signatures, which could allow remote attackers to cause unsigned packages to be installed from the Red Hat Network, if that network is compromised ACCEPTED 1 Red Hat Linux 9 vsftpd Jay Beale 2003-0135 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED vsftpd FTP daemon in Red Hat Linux 9 is not compiled against TCP wrappers (tcp_wrappers) but is installed as a standalone service, which inadvertently prevents vsftpd from restricting access as intended ACCEPTED 1 Red Hat Linux 9 xinetd Jay Beale 2003-0211 Corrected syntax errors in sql verion of the definition. Changed tested epoch in xinetd test rvt-253 to 2, based on testing. INTERIM ACCEPTED Memory leak in xinetd 2.3.10 allows remote attackers to cause a denial of service (memory consumption) via a large number of rejected connections ACCEPTED 1 Red Hat Linux 9 xpdf Jay Beale Jay Beale 2003-0434 INTERIM ACCEPTED Various PDF viewers including Adobe Acrobat 5.06 and Xpdf 1.01 allow remote attackers to execute arbitrary commands via shell metacharacters in an embedded hyperlink ACCEPTED 1 Red Hat Linux 9 ypserv Jay Beale Jay Beale 2003-0251 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED ypserv NIS server before 2.7 allows remote attackers to cause a denial of service via a TCP client request that does not respond to the server, which causes ypserv to block ACCEPTED 1 Red Hat Linux 9 PWLib Jay Beale Jay Beale Matt Busby 2004-0097 Added a program_name element to rlt-217 ACCEPTED Multiple vulnerabilities in PWLib before 1.6.0 allow remote attackers to cause a denial of service and possibly execute arbitrary code, as demonstrated by the NISCC/OUSPG PROTOS test suite for the H.225 protocol ACCEPTED 1 Red Hat Linux 9 netpbm Jay Beale Jay Beale Matt Busby 2003-0924 Corrected syntax errors in sql verion of the definition. ACCEPTED netpbm 9.25 and earlier does not properly create temporary files, which allows local users to overwrite arbitrary files ACCEPTED 1 Red Hat Linux 9 XFree86 Jay Beale Jay Beale Matt Busby 2004-0083 Corrected syntax errors in sql verion of the definition. ACCEPTED Buffer overflow in ReadFontAlias from dirfile.c of XFree86 4.1.0 through 4.3.0 allows local users and remote attackers to execute arbitrary code via a font alias file (font.alias) with a long token, a different vulnerability than CAN-2004-0084 and CAN-2004-0106 ACCEPTED 1 Red Hat Linux 9 XFree86 Jay Beale Jay Beale Matt Busby 2004-0084 Corrected syntax errors in sql verion of the definition. ACCEPTED Buffer overflow in the ReadFontAlias function in XFree86 4.1.0 to 4.3.0, when using the CopyISOLatin1Lowered function, allows local or remote authenticated users to execute arbitrary code via a malformed entry in the font alias (font.alias) file, a different vulnerability than CAN-2004-0083 and CAN-2004-0106 ACCEPTED 1 Red Hat Linux 9 XFree86 Jay Beale Jay Beale Matt Busby 2004-0106 Corrected syntax errors in sql verion of the definition. ACCEPTED Multiple unknown vulnerabilities in XFree86 4.1.0 to 4.3.0, related to improper handling of font files, a different set of vulnerabilities than CAN-2004-0083 and CAN-2004-0084 ACCEPTED 1 Red Hat Enterprise Linux 3 netpbm Jay Beale Jay Beale Matt Busby 2003-0924 Corrected syntax errors in sql verion of the definition. ACCEPTED netpbm 9.25 and earlier does not properly create temporary files, which allows local users to overwrite arbitrary files ACCEPTED 1 Red Hat Linux 9 Mutt Jay Beale Jay Beale 2004-0078 ACCEPTED Buffer overflow in the index menu code (menu_pad_string of menu.c) for Mutt 1.4.1 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain mail messages ACCEPTED 1 Red Hat Linux 9 Mailman Jay Beale Jay Beale 2003-0965 ACCEPTED Cross-site scripting (XSS) vulnerability in the admin CGI script for Mailman before 2.1.4 allows remote attackers to steal session cookies and conduct unauthorized activities ACCEPTED 1 Red Hat Linux 9 Mailman Jay Beale Jay Beale 2003-0992 ACCEPTED Cross-site scripting (XSS) vulnerability in the create CGI script for Mailman before 2.1.3 allows remote attackers to steal cookies of other users ACCEPTED 1 Red Hat Linux 9 Gaim Jay Beale Jay Beale 2004-0006 ACCEPTED Multiple buffer overflows in Gaim 0.75 and earlier, and Ultramagnetic before 0.81, allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) cookies in a Yahoo web connection, (2) a long name parameter in the Yahoo login web page, (3) a long value parameter in the Yahoo login page, (4) a YMSG packet, (5) the URL parser, and (6) HTTP proxy connect ACCEPTED 1 Red Hat Linux 9 Gaim Jay Beale Jay Beale 2004-0007 ACCEPTED Buffer overflow in the Extract Info Field Function for (1) MSN and (2) YMSG protocol handlers in Gaim 0.74 and earlier, and Ultramagnetic before 0.81, allows remote attackers to cause a denial of service and possibly execute arbitrary code ACCEPTED 1 Red Hat Linux 9 Gaim Jay Beale Jay Beale 2004-0008 ACCEPTED Integer overflow in Gaim 0.74 and earlier, and Ultramagnetic before 0.81, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a directIM packet that trig