4.1 20051116211159 Red Hat Linux 9 Mutt Jay Beale INTERIM Jay Beale ACCEPTED Buffer overflow in Mutt 1.4.0 and possibly earlier versions, 1.5.x up to 1.5.3, and other programs that use Mutt code such as Balsa before 2.0.10, allows a remote malicious IMAP server to cause a denial of service (crash) and possibly execute arbitrary code via a crafted folder. CVE-2003-0140 ACCEPTED 1 Red Hat Linux 9 CUPS Jay Beale INTERIM Jay Beale ACCEPTED CUPS before 1.1.19 allows remote attackers to cause a denial of service via a partial printing request to the IPP port (631), which does not time out. CVE-2003-0195 ACCEPTED 1 Red Hat Linux 9 skk Jay Beale INTERIM Jay Beale ACCEPTED skk (Simple Kana to Kanji conversion program) 12.1 and earlier, and the ddskk package which is based on skk, creates temporary files insecurely, which allows local users to overwrite arbitrary files. CVE-2003-0539 ACCEPTED 1 Red Hat Linux 9 EOG Jay Beale INTERIM Jay Beale ACCEPTED Format string vulnerability in Eye Of Gnome (EOG) allows attackers to execute arbitrary code via format string specifiers in a command line argument for the file to display. CVE-2003-0165 ACCEPTED 1 Red Hat Linux 9 Ethereal Jay Beale INTERIM Jay Beale ACCEPTED Format string vulnerability in packet-socks.c of the SOCKS dissector for Ethereal 0.8.7 through 0.9.9 allows remote attackers to execute arbitrary code via SOCKS packets containing format string specifiers. CVE-2003-0081 ACCEPTED 1 Red Hat Linux 9 Ethereal Jay Beale INTERIM Jay Beale ACCEPTED Heap-based buffer overflow in the NTLMSSP code for Ethereal 0.9.9 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code. CVE-2003-0159 ACCEPTED 1 Red Hat Linux 9 Ethereal Jay Beale INTERIM Jay Beale ACCEPTED Multiple off-by-one vulnerabilities in Ethereal 0.9.11 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via the (1) AIM, (2) GIOP Gryphon, (3) OSPF, (4) PPTP, (5) Quake, (6) Quake2, (7) Quake3, (8) Rsync, (9) SMB, (10) SMPP, and (11) TSP dissectors, which do not properly use the tvb_get_nstringz and tvb_get_nstringz0 functions. CVE-2003-0356 ACCEPTED 1 Red Hat Linux 9 Ethereal Jay Beale INTERIM Jay Beale ACCEPTED Multiple integer overflow vulnerabilities in Ethereal 0.9.11 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via the (1) Mount and (2) PPP dissectors. CVE-2003-0357 ACCEPTED 1 Red Hat Linux 9 Ethereal Jay Beale INTERIM Jay Beale ACCEPTED Unknown vulnerability in the DCERPC (DCE/RPC) dissector in Ethereal 0.9.12 and earlier allows remote attackers to cause a denial of service (memory consumption) via a certain NDR string. CVE-2003-0428 ACCEPTED 1 Red Hat Linux 9 Ethereal Jay Beale INTERIM Jay Beale ACCEPTED The OSI dissector in Ethereal 0.9.12 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via invalid IPv4 or IPv6 prefix lengths, possibly triggering a buffer overflow. CVE-2003-0429 ACCEPTED 1 Red Hat Linux 9 Ethereal Jay Beale INTERIM Jay Beale ACCEPTED The SPNEGO dissector in Ethereal 0.9.12 and earlier allows remote attackers to cause a denial of service (crash) via an invalid ASN.1 value. CVE-2003-0430 ACCEPTED 1 Red Hat Linux 9 Ethereal Jay Beale INTERIM Jay Beale ACCEPTED The tvb_get_nstringz0 function in Ethereal 0.9.12 and earlier does not properly handle a zero-length buffer size, with unknown consequences. CVE-2003-0431 ACCEPTED 1 Red Hat Linux 9 Ethereal Jay Beale INTERIM Jay Beale ACCEPTED Ethereal 0.9.12 and earlier does not handle certain strings properly, with unknown consequences, in the (1) BGP, (2) WTP, (3) DNS, (4) 802.11, (5) ISAKMP, (6) WSP, (7) CLNP, (8) ISIS, and (9) RMI dissectors. CVE-2003-0432 ACCEPTED 1 Red Hat Linux 9 Ximian Evolution Jay Beale INTERIM Jay Beale ACCEPTED The try_uudecoding function in mail-format.c for Ximian Evolution Mail User Agent 1.2.2 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a malicious uuencoded (UUE) header, possibly triggering a heap-based buffer overflow. CVE-2003-0128 ACCEPTED 1 Red Hat Linux 9 Ximian Evolution Jay Beale INTERIM Jay Beale ACCEPTED Ximian Evolution Mail User Agent 1.2.2 and earlier allows remote attackers to cause a denial of service (memory consumption) via a mail message that is uuencoded multiple times. CVE-2003-0129 ACCEPTED 1 Red Hat Linux 9 Ximian Evolution Jay Beale INTERIM Jay Beale ACCEPTED The handle_image function in mail-format.c for Ximian Evolution Mail User Agent 1.2.2 and earlier does not properly escape HTML characters, which allows remote attackers inject arbitrary data and HTML via a MIME Content-ID header in a MIME-encoded image. CVE-2003-0130 ACCEPTED 1 Red Hat Linux 9 GDM Jay Beale INTERIM ACCEPTED GDM before 2.4.1.6, when using the "examine session errors" feature, allows local users to read arbitrary files via a symlink attack on the ~/.xsession-errors file. CVE-2003-0547 ACCEPTED 1 Red Hat Linux 9 GDM Jay Beale INTERIM ACCEPTED The X Display Manager Control Protocol (XDMCP) support for GDM before 2.4.1.6 allows attackers to cause a denial of service (daemon crash) when a chosen host expires, a different issue than CVE-2003-0549. CVE-2003-0548 ACCEPTED 1 Red Hat Linux 9 GDM Jay Beale INTERIM ACCEPTED The X Display Manager Control Protocol (XDMCP) support for GDM before 2.4.1.6 allows attackers to cause a denial of service (daemon crash) via a short authorization key name. CVE-2003-0549 ACCEPTED 1 Red Hat Linux 9 GNU Ghostscript Jay Beale INTERIM Jay Beale ACCEPTED Unknown vulnerability in GNU Ghostscript before 7.07 allows attackers to execute arbitrary commands, even when -dSAFER is enabled, via a PostScript file that causes the commands to be executed from a malicious print job. CVE-2003-0354 ACCEPTED 1 Red Hat Linux 9 GnuPG Jay Beale INTERIM Jay Beale ACCEPTED The key validation code in GnuPG before 1.2.2 does not properly determine the validity of keys with multiple user IDs and assigns the greatest validity of the most valid user ID, which prevents GnuPG from warning the encrypting user when a user ID does not have a trusted path. CVE-2003-0255 ACCEPTED 1 Red Hat Linux 9 GtkHTML Jay Beale INTERIM ACCEPTED GtkHTML, as included in Evolution before 1.2.4, allows remote attackers to cause a denial of service (crash) via certain malformed messages. CVE-2003-0133 ACCEPTED 1 Red Hat Linux 9 GtkHTML Jay Beale INTERIM Jay Beale ACCEPTED gtkhtml before 1.1.10, as used in Evolution, allows remote attackers to cause a denial of service (crash) via a malformed message that causes a null pointer dereference. CVE-2003-0541 ACCEPTED 1 Red Hat Linux 9 Apache Jay Beale INTERIM Jay Beale ACCEPTED Apache does not filter terminal escape sequences from its error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences. CVE-2003-0020 ACCEPTED 1 Red Hat Linux 9 Apache Jay Beale INTERIM Jay Beale ACCEPTED Apache 1.3 before 1.3.25 and Apache 2.0 before version 2.0.46 does not filter terminal escape sequences from its access logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences, a different vulnerability than CVE-2003-0020. CVE-2003-0083 ACCEPTED 1 Red Hat Linux 9 Apache Jay Beale INTERIM Jay Beale ACCEPTED A memory leak in Apache 2.0 through 2.0.44 allows remote attackers to cause a denial of service (memory consumption) via large chunks of linefeed characters, which causes Apache to allocate 80 bytes for each linefeed. CVE-2003-0132 ACCEPTED 1 Red Hat Enterprise Linux 3 OpenSSL Jay Beale DRAFT INTERIM ACCEPTED The der_chop script in the openssl package in Trustix Secure Linux 1.5 through 2.1 and other operating systems allows local users to overwrite files via a symlink attack on temporary files. CVE-2004-0975 ACCEPTED 1 Red Hat Linux 9 Apache Jay Beale INTERIM Jay Beale ACCEPTED Apache 2 before 2.0.47, and certain versions of mod_ssl for Apache 1.3, do not properly handle "certain sequences of per-directory renegotiations and the SSLCipherSuite directive being used to upgrade from a weak ciphersuite to a strong one," which could cause Apache to use the weak ciphersuite. CVE-2003-0192 ACCEPTED 1 Red Hat Linux 9 Apache Jay Beale INTERIM Jay Beale ACCEPTED The prefork MPM in Apache 2 before 2.0.47 does not properly handle certain errors from accept, which could lead to a denial of service. CVE-2003-0253 ACCEPTED 1 Red Hat Linux 9 Apache Jay Beale INTERIM Jay Beale ACCEPTED Apache 2 before 2.0.47, when running on an IPv6 host, allows attackers to cause a denial of service (CPU consumption by infinite loop) when the FTP proxy server fails to create an IPv6 socket. CVE-2003-0254 ACCEPTED 1 Red Hat Linux 9 KDM Jay Beale INTERIM ACCEPTED KDM in KDE 3.1.3 and earlier does not verify whether the pam_setcred function call succeeds, which may allow attackers to gain root privileges by triggering error conditions within PAM modules, as demonstrated in certain configurations of the MIT pam_krb5 module. CVE-2003-0690 ACCEPTED 1 Red Hat Linux 9 KDM Jay Beale INTERIM ACCEPTED KDM in KDE 3.1.3 and earlier uses a weak session cookie generation algorithm that does not provide 128 bits of entropy, which allows attackers to guess session cookies via brute force methods and gain access to the user session. CVE-2003-0692 ACCEPTED 1 Red Hat Linux 9 krb5 Jay Beale INTERIM Jay Beale ACCEPTED Integer overflow in the xdrmem_getbytes() function, and possibly other functions, of XDR (external data representation) libraries derived from SunRPC, including libnsl, libc, glibc, and dietlibc, allows remote attackers to execute arbitrary code via certain integer values in length fields, a different vulnerability than CVE-2002-0391. CVE-2003-0028 ACCEPTED 1 Red Hat Linux 9 krb5 Jay Beale INTERIM Jay Beale ACCEPTED The Key Distribution Center (KDC) in Kerberos 5 (krb5) 1.2.7 and earlier allows remote, authenticated attackers to cause a denial of service (crash) on KDCs within the same realm using a certain protocol request that causes the KDC to corrupt its heap (aka "buffer underrun"). CVE-2003-0082 ACCEPTED 1 Red Hat Linux 9 krb5 Jay Beale INTERIM Jay Beale ACCEPTED Version 4 of the Kerberos protocol (krb4), as used in Heimdal and other packages, allows an attacker to impersonate any principal in a realm via a chosen-plaintext attack. CVE-2003-0138 ACCEPTED 1 Red Hat Linux 9 krb5 Jay Beale INTERIM Jay Beale ACCEPTED Certain weaknesses in the implementation of version 4 of the Kerberos protocol (krb4) in the krb5 distribution, when triple-DES keys are used to key krb4 services, allow an attacker to create krb4 tickets for unauthorized principals using a cut-and-paste attack and "ticket splicing." CVE-2003-0139 ACCEPTED 1 Red Hat Linux 9 Linux kernel Jay Beale INTERIM Jay Beale ACCEPTED The kernel module loader in Linux kernel 2.2.x before 2.2.25, and 2.4.x before 2.4.21, allows local users to gain root privileges by using ptrace to attach to a child process that is spawned by the kernel. CVE-2003-0127 ACCEPTED 1 Red Hat Linux 9 Netfilter Jay Beale INTERIM Jay Beale ACCEPTED The connection tracking core of Netfilter for Linux 2.4.20, with CONFIG_IP_NF_CONNTRACK enabled or the ip_conntrack module loaded, allows remote attackers to cause a denial of service (resource consumption) due to an inconsistency with Linux 2.4.20's support of linked lists, which causes Netfilter to fail to identify connections with an UNCONFIRMED status and use large timeouts. CVE-2003-0187 ACCEPTED 1 Red Hat Linux 9 Netfilter Jay Beale INTERIM Jay Beale ACCEPTED The route cache implementation in Linux 2.4, and the Netfilter IP conntrack module, allows remote attackers to cause a denial of service (CPU consumption) via packets with forged source addresses that cause a large number of hash table collisions. CVE-2003-0244 ACCEPTED 1 Red Hat Enterprise Linux 3 Gaim Jay Beale DRAFT INTERIM ACCEPTED Gaim before 1.3.1 allows remote attackers to cause a denial of service (crash) via a malformed MSN message that leads to a memory allocation of a large size, possibly due to an integer signedness error. CVE-2005-1934 ACCEPTED 1 Red Hat Linux 9 Linux kernel Jay Beale INTERIM Jay Beale ACCEPTED The ioperm system call in Linux kernel 2.4.20 and earlier does not properly restrict privileges, which allows local users to gain read or write access to certain I/O ports. CVE-2003-0246 ACCEPTED 1 Red Hat Linux 9 Linux kernel Jay Beale INTERIM Jay Beale ACCEPTED Unknown vulnerability in the TTY layer of the Linux kernel 2.4 allows attackers to cause a denial of service ("kernel oops"). CVE-2003-0247 ACCEPTED 1 Red Hat Linux 9 Linux kernel Jay Beale INTERIM Jay Beale ACCEPTED The mxcsr code in Linux kernel 2.4 allows attackers to modify CPU state registers via a malformed address. CVE-2003-0248 ACCEPTED 1 Red Hat Linux 9 Linux kernel Jay Beale INTERIM Jay Beale ACCEPTED The TCP/IP fragment reassembly handling in the Linux kernel 2.4 allows remote attackers to cause a denial of service (CPU consumption) via certain packets that cause a large number of hash table collisions. CVE-2003-0364 ACCEPTED 1 Red Hat Linux 9 /proc/tty/driver/serial Jay Beale INTERIM Jay Beale ACCEPTED /proc/tty/driver/serial in Linux 2.4.x reveals the exact number of characters used in serial links, which could allow local users to obtain potentially sensitive information such as the length of passwords. CVE-2003-0461 ACCEPTED 1 Red Hat Linux 9 Linux kernel Jay Beale INTERIM Jay Beale ACCEPTED A race condition in the way env_start and env_end pointers are initialized in the execve system call and used in fs/proc/base.c on Linux 2.4 allows local users to cause a denial of service (crash). CVE-2003-0462 ACCEPTED 1 Red Hat Linux 9 Linux kernel Jay Beale INTERIM Jay Beale ACCEPTED The RPC code in Linux kernel 2.4 sets the reuse flag when sockets are created, which could allow local users to bind to UDP ports that are used by privileged services such as nfsd. CVE-2003-0464 ACCEPTED 1 Red Hat Linux 9 Linux kernel Jay Beale INTERIM Jay Beale ACCEPTED The execve system call in Linux 2.4.x records the file descriptor of the executable process in the file table of the calling process, which allows local users to gain read access to restricted file descriptors. CVE-2003-0476 ACCEPTED 1 Red Hat Linux 9 Linux kernel Jay Beale INTERIM Jay Beale ACCEPTED The /proc filesystem in Linux allows local users to obtain sensitive information by opening various entries in /proc/self before executing a setuid program, which causes the program to fail to change the ownership and permissions of those entries. CVE-2003-0501 ACCEPTED 1 Red Hat Enterprise Linux 3 php Jay Beale DRAFT INTERIM ACCEPTED Race condition in shtool 2.0.1 and earlier allows local users to create or modify arbitrary files via a symlink attack on the .shtool.$$ temporary file, a different vulnerability than CVE-2005-1759. CVE-2005-1751 ACCEPTED 1 Red Hat Enterprise Linux 3 php Jay Beale DRAFT INTERIM ACCEPTED Eval injection vulnerability in PEAR XML_RPC 1.3.0 and earlier (aka XML-RPC or xmlrpc) and PHPXMLRPC (aka XML-RPC For PHP or php-xmlrpc) 1.1 and earlier, as used in products such as (1) WordPress, (2) Serendipity, (3) Drupal, (4) egroupware, (5) MailWatch, (6) TikiWiki, (7) phpWebSite, (8) Ampache, and others, allows remote attackers to execute arbitrary PHP code via an XML file, which is not properly sanitized before being used in an eval statement. CVE-2005-1921 ACCEPTED 1 Red Hat Enterprise Linux 3 cpio Jay Beale DRAFT INTERIM ACCEPTED Race condition in cpio 2.6 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by cpio after the decompression is complete. CVE-2005-1111 ACCEPTED 1 Red Hat Linux 9 Linux kernel Jay Beale INTERIM Jay Beale ACCEPTED The STP protocol, as enabled in Linux 2.4.x, does not provide sufficient security by design, which allows attackers to modify the bridge topology. CVE-2003-0550 ACCEPTED 1 Red Hat Enterprise Linux 3 gzip Jay Beale DRAFT INTERIM ACCEPTED Directory traversal vulnerability in gunzip -N in gzip 1.2.4 through 1.3.5 allows remote attackers to write to arbitrary directories via a .. (dot dot) in the original filename within a compressed file. CVE-2005-1228 ACCEPTED 1 Red Hat Linux 9 Linux kernel Jay Beale INTERIM Jay Beale ACCEPTED The STP protocol implementation in Linux 2.4.x does not properly verify certain lengths, which could allow attackers to cause a denial of service. CVE-2003-0551 ACCEPTED 1 Red Hat Linux 9 Linux kernel Jay Beale INTERIM Jay Beale ACCEPTED Linux 2.4.x allows remote attackers to spoof the bridge Forwarding table via forged packets whose source addresses are the same as the target. CVE-2003-0552 ACCEPTED 1 Red Hat Linux 9 Linux kernel Jay Beale INTERIM Jay Beale ACCEPTED Integer signedness error in the decode_fh function of nfs3xdr.c in Linux kernel before 2.4.21 allows remote attackers to cause a denial of service (kernel panic) via a negative size value within XDR data of an NFSv3 procedure call. CVE-2003-0619 ACCEPTED 1 Red Hat Linux 9 Linux kernel Jay Beale INTERIM Jay Beale ACCEPTED The C-Media PCI sound driver in Linux before 2.4.21 does not use the get_user function to access userspace, which crosses security boundaries and may facilitate the exploitation of vulnerabilities, a different vulnerability than CVE-2003-0700. CVE-2003-0699 ACCEPTED 1 Red Hat Linux 9 Linux kernel Jay Beale INTERIM Jay Beale ACCEPTED The C-Media PCI sound driver in Linux before 2.4.22 does not use the get_user function to access userspace in certain conditions, which crosses security boundaries and may facilitate the exploitation of vulnerabilities, a different vulnerability than CVE-2003-0699. CVE-2003-0700 ACCEPTED 1 Red Hat Linux 9 Konqueror Jay Beale INTERIM ACCEPTED KDE Konqueror for KDE 3.1.2 and earlier does not remove authentication credentials from URLs of the "user:password@host" form in the HTTP-Referer header, which could allow remote web sites to steal the credentials for pages that link to the sites. CVE-2003-0459 ACCEPTED 1 Red Hat Enterprise Linux 4 mozilla Jay Beale DRAFT INTERIM ACCEPTED Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 and 7.2 allows remote attackers to cause a denial of service (access violation and crash), and possibly execute arbitrary code, by calling InstallVersion.compareTo with an object instead of a string. CVE-2005-2265 ACCEPTED 1 Red Hat Linux 9 LPRng Jay Beale INTERIM Jay Beale ACCEPTED psbanner in the LPRng package allows local users to overwrite arbitrary files via a symbolic link attack on the /tmp/before file. CVE-2003-0136 ACCEPTED 1 Red Hat Linux 9 lv Jay Beale INTERIM Jay Beale ACCEPTED lv reads a .lv file from the current working directory, which allows local users to execute arbitrary commands as other lv users by placing malicious .lv files into other directories. CVE-2003-0188 ACCEPTED 1 Red Hat Linux 9 Mutt Jay Beale INTERIM ACCEPTED Buffer overflow in Mutt 1.4.0 and possibly earlier versions, 1.5.x up to 1.5.3, and other programs that use Mutt code such as Balsa before 2.0.10, allows a remote malicious IMAP server to cause a denial of service (crash) and possibly execute arbitrary code via a crafted folder. CVE-2003-0140 ACCEPTED 1 Red Hat Linux 9 MySQL Jay Beale INTERIM Jay Beale ACCEPTED Double-free vulnerability in mysqld for MySQL before 3.23.55 allows attackers with MySQL access to cause a denial of service (crash) via mysql_change_user. CVE-2003-0073 ACCEPTED 1 Red Hat Linux 9 MySQL Jay Beale INTERIM Jay Beale ACCEPTED MySQL 3.23.55 and earlier creates world-writeable files and allows mysql users to gain root privileges by using the "SELECT * INFO OUTFILE" operator to overwrite a configuration file and cause mysql to run as root upon restart, as demonstrated by modifying my.cnf. CVE-2003-0150 ACCEPTED 1 Red Hat Linux 9 nfs-utils Jay Beale INTERIM Jay Beale ACCEPTED Off-by-one error in the xlog function of mountd in the Linux NFS utils package (nfs-utils) before 1.0.4 allows remote attackers to cause a denial of service and possibly execute arbitrary code via certain RPC requests to mountd that do not contain newlines. CVE-2003-0252 ACCEPTED 1 Red Hat Linux 9 OpenSSH Jay Beale INTERIM Jay Beale ACCEPTED OpenSSH-portable (OpenSSH) 3.6.1p1 and earlier with PAM support enabled immediately sends an error message when a user does not exist, which allows remote attackers to determine valid usernames via a timing attack. CVE-2003-0190 ACCEPTED 1 Red Hat Linux 9 OpenSSH Jay Beale INTERIM Jay Beale ACCEPTED "Memory bugs" in OpenSSH 3.7.1 and earlier, with unknown impact, a different set of vulnerabilities than CVE-2003-0693 and CVE-2003-0695. CVE-2003-0682 ACCEPTED 1 Red Hat Linux 9 OpenSSH Jay Beale INTERIM Jay Beale ACCEPTED A "buffer management error" in buffer_append_space of buffer.c for OpenSSH before 3.7 may allow remote attackers to execute arbitrary code by causing an incorrect amount of memory to be freed and corrupting the heap, a different vulnerability than CVE-2003-0695. CVE-2003-0693 ACCEPTED 1 Red Hat Linux 9 OpenSSH Jay Beale INTERIM Jay Beale ACCEPTED Multiple "buffer management errors" in OpenSSH before 3.7.1 may allow attackers to cause a denial of service or execute arbitrary code using (1) buffer_init in buffer.c, (2) buffer_free in buffer.c, or (3) a separate function in channels.c, a different vulnerability than CVE-2003-0693. CVE-2003-0695 ACCEPTED 1 Red Hat Linux 9 OpenSSL Jay Beale INTERIM Jay Beale Jay Beale ACCEPTED The SSL and TLS components for OpenSSL 0.9.6i and earlier, 0.9.7, and 0.9.7a allow remote attackers to perform an unauthorized RSA private key operation via a modified Bleichenbacher attack that uses a large number of SSL or TLS connections using PKCS #1 v1.5 padding that cause OpenSSL to leak information regarding the relationship between ciphertext and the associated plaintext, aka the "Klima-Pokorny-Rosa attack." CVE-2003-0131 ACCEPTED 1 Red Hat Linux 9 OpenSSL Jay Beale INTERIM Jay Beale Jay Beale ACCEPTED OpenSSL does not use RSA blinding by default, which allows local and remote attackers to obtain the server's private key by determining factors using timing differences on (1) the number of extra reductions during Montgomery reduction, and (2) the use of different integer multiplication algorithms ("Karatsuba" and normal). CVE-2003-0147 ACCEPTED 1 Red Hat Linux 9 pam_smb Jay Beale INTERIM Jay Beale ACCEPTED Buffer overflow in PAM SMB module (pam_smb) 1.1.6 and earlier, when authenticating to a remote service, allows remote attackers to execute arbitrary code. CVE-2003-0686 ACCEPTED 1 Red Hat Linux 9 CGI.pm Jay Beale INTERIM ACCEPTED Cross-site scripting (XSS) vulnerability in start_form() of CGI.pm allows remote attackers to insert web script via a URL that is fed into the form's action parameter. CVE-2003-0615 ACCEPTED 1 Red Hat Linux 9 php Jay Beale INTERIM Jay Beale ACCEPTED Cross-site scripting (XSS) vulnerability in the transparent SID support capability for PHP before 4.3.2 (session.use_trans_sid) allows remote attackers to insert arbitrary script via the PHPSESSID parameter. CVE-2003-0442 ACCEPTED 1 Red Hat Linux 9 pine Jay Beale INTERIM Jay Beale ACCEPTED Buffer overflow in PINE before 4.58 allows remote attackers to execute arbitrary code via a malformed message/external-body MIME type. CVE-2003-0720 ACCEPTED 1 Red Hat Linux 9 pine Jay Beale INTERIM Jay Beale ACCEPTED Integer signedness error in rfc2231_get_param from strings.c in PINE before 4.58 allows remote attackers to execute arbitrary code via an email that causes an out-of-bounds array access using a negative number. CVE-2003-0721 ACCEPTED 1 Red Hat Linux 9 Postfix Jay Beale INTERIM ACCEPTED Postfix 1.1.11 and earlier allows remote attackers to use Postfix to conduct "bounce scans" or DDos attacks of other hosts via an email address to the local host containing the target IP address and service name followed by a "!" string, which causes Postfix to attempt to use SMTP to communicate with the target on the associated port. CVE-2003-0468 ACCEPTED 1 Red Hat Linux 9 Postfix Jay Beale INTERIM ACCEPTED The address parser code in Postfix 1.1.12 and earlier allows remote attackers to cause a denial of service (lock) via (1) a malformed envelope address to a local host that would generate a bounce and contains the ".!" string in the MAIL FROM or Errors-To headers, which causes nqmgr to lock up, or (2) via a valid MAIL FROM with a RCPT TO containing a ".!" string, which causes an instance of the SMTP listener to lock up. CVE-2003-0540 ACCEPTED 1 Red Hat Enterprise Linux 4 mozilla Jay Beale DRAFT INTERIM ACCEPTED Firefox before 1.0.5 and Mozilla before 1.7.9 does not properly clone base objects, which allows remote attackers to execute arbitrary code by navigating the prototype chain to reach a privileged object. CVE-2005-2270 ACCEPTED 1 Red Hat Linux 9 smbd Jay Beale INTERIM Jay Beale ACCEPTED Buffer overflow in the SMB/CIFS packet fragment re-assembly code for SMB daemon (smbd) in Samba before 2.2.8, and Samba-TNG before 0.3.1, allows remote attackers to execute arbitrary code. CVE-2003-0085 ACCEPTED 1 Red Hat Linux 9 Samba Jay Beale INTERIM Jay Beale ACCEPTED The code for writing reg files in Samba before 2.2.8 allows local users to overwrite arbitrary files via a race condition involving chown. CVE-2003-0086 ACCEPTED 1 Red Hat Linux 9 Samba Jay Beale INTERIM Jay Beale ACCEPTED Multiple buffer overflows in Samba before 2.2.8a may allow remote attackers to execute arbitrary code or cause a denial of service, as discovered by the Samba team and a different vulnerability than CVE-2003-0201. CVE-2003-0196 ACCEPTED 1 Red Hat Linux 9 Samba, Samba-TNG Jay Beale INTERIM Jay Beale ACCEPTED Buffer overflow in the call_trans2open function in trans2.c for Samba 2.2.x before 2.2.8a, 2.0.10 and earlier 2.0.x versions, and Samba-TNG before 0.3.2, allows remote attackers to execute arbitrary code. CVE-2003-0201 ACCEPTED 1 Red Hat Linux 9 semi MIME library