SANS has posted a new version of its
20 most critical Internet security
vulnerabilities list. As always, this list is a good starting point
for those looking for potential security problems on their networks. Here
are some highlights from the current version:
- Five of the twenty items concern Windows and other Microsoft
software.
- There are ten vulnerabilities in "cross-platform applications"
listed. Some of these (commercial DNS servers, for example) do not
apply to most Linux systems. But others do, including anti-virus
software (ClamAV in particular), PHP-based applications (several
vulnerabilities), database managers, file-sharing applications, media
players, and Mozilla-based browsers.
- There are only two Unix-specific vulnerabilities, and one of those is
a general item on Mac OS X. The other vulnerability is
"configuration weaknesses," with an emphasis on SSH attacks.
Once upon a time, this list was evenly divided between Windows and Unix
vulnerabilities. A casual reading of the current list suggests that things
have shifted in favor of Unix-based systems. While it may be true that
Unix-based systems are easier to keep secure on the net, there is still no
reason to be overly complacent. A system compromised by way of a Firefox
or PHP vulnerability is still compromised.
Comments (3 posted)
New vulnerabilities
apache2: memory leak
| Package(s): | apache2 |
CVE #(s): | CVE-2005-2970
|
| Created: | December 6, 2005 |
Updated: | December 19, 2005 |
| Description: |
A memory leak was found in the Apache 2 'worker' module in the
handling of aborted TCP connections. By repeatedly triggering this
situation, a remote attacker could drain all available memory, which
eventually led to a Denial of Service. |
| Alerts: |
|
Comments (none posted)
ktools: buffer overflow
| Package(s): | centericq |
CVE #(s): | CVE-2005-3863
|
| Created: | December 7, 2005 |
Updated: | August 29, 2006 |
| Description: |
From the Debian-Testing alert: Mehdi Oudad "deepfear" and Kevin Fernandez "Siegfried" from the Zone-H
Research Team discovered a buffer overflow in kkstrtext.h of the ktools
library, which is included in (at least) centericq and motor. |
| Alerts: |
|
Comments (none posted)
helix-player: integer overflow
| Package(s): | helix-player |
CVE #(s): | CVE-2005-2629
|
| Created: | December 2, 2005 |
Updated: | December 7, 2005 |
| Description: |
An integer overflow has been discovered in helix-player, the helix
audio and video player. This flaw could allow a remote attacker to
run arbitrary code on a victims computer by supplying a specially
crafted network resource. |
| Alerts: |
|
Comments (none posted)
inkscape: insecure temp files
| Package(s): | inkscape |
CVE #(s): | CVE-2005-3885
|
| Created: | December 5, 2005 |
Updated: | December 7, 2005 |
| Description: |
Javier Fernández-Sanguino Peña discovered that Inkscape's ps2epsi.sh
script, which converts PostScript files to Encapsulated PostScript
format, creates a temporary file in an insecure way. A local attacker
could exploit this with a symlink attack to create or overwrite
arbitrary files with the privileges of the user running Inkscape. |
| Alerts: |
|
Comments (1 posted)
ipsec-tools: denial of service
| Package(s): | ipsec-tools |
CVE #(s): | CVE-2005-3732
|
| Created: | December 1, 2005 |
Updated: | June 8, 2006 |
| Description: |
ipsec-tools has a remote
denial of service vulnerability in the racoon daemon.
If racoon is running in aggressive mode, it fails to check all peer
payloads during
When the daemon the IKE negotiation phase, allowing a malicious peer
to crash the daemon. One should always be careful around aggressive racoons. |
| Alerts: |
|
Comments (none posted)
mailman: denial of service
| Package(s): | mailman |
CVE #(s): | CVE-2005-3573
|
| Created: | December 2, 2005 |
Updated: | March 8, 2006 |
| Description: |
Scrubber.py in Mailman 2.1.4 - 2.1.6 does not properly handle UTF8
character encodings in filenames of e-mail attachments, which allows
remote attackers to cause a denial of service. |
| Alerts: |
|
Comments (none posted)
perl: integer overflow
| Package(s): | perl |
CVE #(s): | CVE-2005-3962
CVE-2005-3912
|
| Created: | December 1, 2005 |
Updated: | February 27, 2006 |
| Description: |
Perl has an sprintf integer overflow vulnerability
that may be used for a denial of service, remote code
execution and information leakage. |
| Alerts: |
|
Comments (none posted)
trackballs: symlink vulnerability
| Package(s): | trackballs |
CVE #(s): | |
| Created: | December 7, 2005 |
Updated: | December 7, 2005 |
| Description: |
Trackballs follows symbolic links, possibly allowing unprivileged users to access and modify files accessible by the games group. |
| Alerts: |
| Debian-Testing |
DTSA-26-1 |
trackballs |
2005-12-05 |
|
Comments (none posted)
xpdf: arbitrary code execution
| Package(s): | xpdf |
CVE #(s): | CVE-2005-3193
|
| Created: | December 6, 2005 |
Updated: | January 11, 2006 |
| Description: |
Several flaws were discovered in Xpdf. An
attacker could construct a carefully crafted PDF file that could cause Xpdf
to crash or possibly execute arbitrary code when opened. |
| Alerts: |
|
Comments (none posted)
Page editor: Jonathan Corbet
Next page:
Kernel development>>
