Vulnerabilities > CVE-2005-0469 - Remote Buffer Overflow vulnerability in Multiple Vendor Telnet Client LINEMODE Sub-Options
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Buffer overflow in the slc_add_reply function in various BSD-based Telnet clients, when handling LINEMODE suboptions, allows remote attackers to execute arbitrary code via a reply with a large number of Set Local Character (SLC) commands.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Nessus
NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2005-210-01.NASL description New tcpip packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, and -current to fix a security issues with the telnet client. Overflows in the telnet client may lead to the execution of arbitrary code as the telnet user if the user connects to a malicious telnet server. last seen 2020-06-01 modified 2020-06-02 plugin id 19857 published 2005-10-05 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/19857 title Slackware 10.0 / 10.1 / 8.1 / 9.0 / 9.1 / current : telnet client (SSA:2005-210-01) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Slackware Security Advisory 2005-210-01. The text # itself is copyright (C) Slackware Linux, Inc. # include("compat.inc"); if (description) { script_id(19857); script_version("1.15"); script_cvs_date("Date: 2019/10/25 13:36:20"); script_cve_id("CVE-2005-0468", "CVE-2005-0469"); script_xref(name:"SSA", value:"2005-210-01"); script_name(english:"Slackware 10.0 / 10.1 / 8.1 / 9.0 / 9.1 / current : telnet client (SSA:2005-210-01)"); script_summary(english:"Checks for updated package in /var/log/packages"); script_set_attribute( attribute:"synopsis", value:"The remote Slackware host is missing a security update." ); script_set_attribute( attribute:"description", value: "New tcpip packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, and -current to fix a security issues with the telnet client. Overflows in the telnet client may lead to the execution of arbitrary code as the telnet user if the user connects to a malicious telnet server." ); # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2005&m=slackware-security.425797 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?c46ea4eb" ); script_set_attribute(attribute:"solution", value:"Update the affected tcpip package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:slackware:slackware_linux:tcpip"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:10.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:10.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:8.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:9.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:9.1"); script_set_attribute(attribute:"patch_publication_date", value:"2005/07/30"); script_set_attribute(attribute:"plugin_publication_date", value:"2005/10/05"); script_set_attribute(attribute:"vuln_publication_date", value:"2005/03/28"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2019 Tenable Network Security, Inc."); script_family(english:"Slackware Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Slackware/release", "Host/Slackware/packages"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("slackware.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Slackware/release")) audit(AUDIT_OS_NOT, "Slackware"); if (!get_kb_item("Host/Slackware/packages")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Slackware", cpu); flag = 0; if (slackware_check(osver:"8.1", pkgname:"tcpip", pkgver:"0.17", pkgarch:"i386", pkgnum:"13b")) flag++; if (slackware_check(osver:"9.0", pkgname:"tcpip", pkgver:"0.17", pkgarch:"i386", pkgnum:"16b")) flag++; if (slackware_check(osver:"9.1", pkgname:"tcpip", pkgver:"0.17", pkgarch:"i486", pkgnum:"24b")) flag++; if (slackware_check(osver:"10.0", pkgname:"tcpip", pkgver:"0.17", pkgarch:"i486", pkgnum:"29b")) flag++; if (slackware_check(osver:"10.1", pkgname:"tcpip", pkgver:"0.17", pkgarch:"i486", pkgnum:"31b")) flag++; if (slackware_check(osver:"current", pkgname:"tcpip", pkgver:"0.17", pkgarch:"i486", pkgnum:"33")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:slackware_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_B62C80C2B81A11DABEC500123FFE8333.NASL description A Project heimdal Security Advisory reports : The telnet client program in Heimdal has buffer overflows in the functions slc_add_reply() and env_opt_add(), which may lead to remote code execution. The telnetd server program in Heimdal has buffer overflows in the function getterminaltype, which may lead to remote code execution. The rshd server in Heimdal has a privilege escalation bug when storing forwarded credentials. The code allowes a user to overwrite a file with its credential cache, and get ownership of the file. last seen 2020-06-01 modified 2020-06-02 plugin id 21499 published 2006-05-13 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/21499 title FreeBSD : heimdal -- Multiple vulnerabilities (b62c80c2-b81a-11da-bec5-00123ffe8333) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-773.NASL description This advisory adds security support for the stable amd64 distribution. It covers all security updates since the release of sarge, which were missing updated packages for the not yet official amd64 port. Future security advisories will include updates for this port as well. last seen 2020-06-01 modified 2020-06-02 plugin id 57528 published 2012-01-12 reporter This script is Copyright (C) 2012-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/57528 title Debian DSA-773-1 : amd64 - several vulnerabilities NASL family Fedora Local Security Checks NASL id FEDORA_2005-269.NASL description Updated krb5 packages which fix two buffer overflow vulnerabilities in the included Kerberos-aware telnet client are now available. Kerberos is a networked authentication system which uses a trusted third-party (a KDC) to authenticate clients and servers to each other. The krb5-workstation package includes a Kerberos-aware telnet client. Two buffer overflow flaws were discovered in the way the telnet client handles messages from a server. An attacker may be able to execute arbitrary code on a victim last seen 2020-06-01 modified 2020-06-02 plugin id 18327 published 2005-05-19 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/18327 title Fedora Core 2 : krb5-1.3.6-4 (2005-269) NASL family Fedora Local Security Checks NASL id FEDORA_2005-274.NASL description Two buffer overflow flaws were discovered in the way the telnet client handles messages from a server. An attacker may be able to execute arbitrary code on a victim last seen 2020-06-01 modified 2020-06-02 plugin id 19642 published 2005-09-12 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/19642 title Fedora Core 3 : telnet-0.17-32.FC3.2 (2005-274) NASL family Fedora Local Security Checks NASL id FEDORA_2005-277.NASL description Two buffer overflow flaws were discovered in the way the telnet client handles messages from a server. An attacker may be able to execute arbitrary code on a victim last seen 2020-06-01 modified 2020-06-02 plugin id 18330 published 2005-05-19 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/18330 title Fedora Core 2 : telnet-0.17-28.FC2.1 (2005-277) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200504-04.NASL description The remote host is affected by the vulnerability described in GLSA-200504-04 (mit-krb5: Multiple buffer overflows in telnet client) A buffer overflow has been identified in the env_opt_add() function, where a response requiring excessive escaping can cause a heap-based buffer overflow. Another issue has been identified in the slc_add_reply() function, where a large number of SLC commands can overflow a fixed size buffer. Impact : Successful exploitation would require a vulnerable user to connect to an attacker-controlled telnet host, potentially executing arbitrary code with the permissions of the telnet user on the client. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 17978 published 2005-04-06 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/17978 title GLSA-200504-04 : mit-krb5: Multiple buffer overflows in telnet client NASL family Fedora Local Security Checks NASL id FEDORA_2005-270.NASL description Updated krb5 packages which fix two buffer overflow vulnerabilities in the included Kerberos-aware telnet client are now available. Kerberos is a networked authentication system which uses a trusted third-party (a KDC) to authenticate clients and servers to each other. The krb5-workstation package includes a Kerberos-aware telnet client. Two buffer overflow flaws were discovered in the way the telnet client handles messages from a server. An attacker may be able to execute arbitrary code on a victim last seen 2020-06-01 modified 2020-06-02 plugin id 62255 published 2012-09-24 reporter This script is Copyright (C) 2012-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/62255 title Fedora Core 3 : krb5-1.3.6-5 (2005-270) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200504-01.NASL description The remote host is affected by the vulnerability described in GLSA-200504-01 (telnet-bsd: Multiple buffer overflows) A buffer overflow has been identified in the env_opt_add() function of telnet-bsd, where a response requiring excessive escaping can cause a heap-based buffer overflow. Another issue has been identified in the slc_add_reply() function, where a large number of SLC commands can overflow a fixed size buffer. Impact : Successful exploitation would require a vulnerable user to connect to an attacker-controlled host using telnet, potentially executing arbitrary code with the permissions of the telnet user. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 17675 published 2005-04-02 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/17675 title GLSA-200504-01 : telnet-bsd: Multiple buffer overflows NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-224-1.NASL description Gael Delalleau discovered a buffer overflow in the env_opt_add() function of the Kerberos 4 and 5 telnet clients. By sending specially crafted replies, a malicious telnet server could exploit this to execute arbitrary code with the privileges of the user running the telnet client. (CVE-2005-0468) Gael Delalleau discovered a buffer overflow in the handling of the LINEMODE suboptions in the telnet clients of Kerberos 4 and 5. By sending a specially constructed reply containing a large number of SLC (Set Local Character) commands, a remote attacker (i. e. a malicious telnet server) could execute arbitrary commands with the privileges of the user running the telnet client. (CVE-2005-0469) Daniel Wachdorf discovered two remote vulnerabilities in the Key Distribution Center of Kerberos 5 (krb5-kdc). By sending certain TCP connection requests, a remote attacker could trigger a double-freeing of memory, which led to memory corruption and a crash of the KDC server. (CVE-2005-1174). Under rare circumstances the same type of TCP connection requests could also trigger a buffer overflow that could be exploited to run arbitrary code with the privileges of the KDC server. (CVE-2005-1175) Magnus Hagander discovered that the krb5_recvauth() function attempted to free previously freed memory in some situations. A remote attacker could possibly exploit this to run arbitrary code with the privileges of the program that called this function. Most imporantly, this affects the following daemons: kpropd (from the krb5-kdc package), klogind, and kshd (both from the krb5-rsh-server package). (CVE-2005-1689) Please note that these packages are not officially supported by Ubuntu (they are in the last seen 2020-06-01 modified 2020-06-02 plugin id 20767 published 2006-01-21 reporter Ubuntu Security Notice (C) 2005-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/20767 title Ubuntu 4.10 / 5.04 : krb4, krb5 vulnerabilities (USN-224-1) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-731.NASL description Several problems have been discovered in telnet clients that could be exploited by malicious daemons the client connects to. The Common Vulnerabilities and Exposures project identifies the following problems : - CAN-2005-0468 Gael Delalleau discovered a buffer overflow in the env_opt_add() function that allow a remote attacker to execute arbitrary code. - CAN-2005-0469 Gael Delalleau discovered a buffer overflow in the handling of the LINEMODE suboptions in telnet clients. This can lead to the execution of arbitrary code when connected to a malicious server. last seen 2020-06-01 modified 2020-06-02 plugin id 18518 published 2005-06-17 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/18518 title Debian DSA-731-1 : krb4 - buffer overflows NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2005-327.NASL description Updated telnet packages that fix two buffer overflow vulnerabilities are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. The telnet package provides a command line telnet client. The telnet-server package includes a telnet daemon, telnetd, that supports remote login to the host machine. Two buffer overflow flaws were discovered in the way the telnet client handles messages from a server. An attacker may be able to execute arbitrary code on a victim last seen 2020-06-01 modified 2020-06-02 plugin id 17645 published 2005-03-29 reporter This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/17645 title RHEL 2.1 / 3 / 4 : telnet (RHSA-2005:327) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-699.NASL description Gael Delalleau discovered a buffer overflow in the handling of the LINEMODE suboptions in telnet clients. This can lead to the execution of arbitrary code when connected to a malicious server. last seen 2020-06-01 modified 2020-06-02 plugin id 17641 published 2005-03-29 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/17641 title Debian DSA-699-1 : netkit-telnet-ssl - buffer overflow NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2005-330.NASL description Updated krb5 packages which fix two buffer overflow vulnerabilities in the included Kerberos-aware telnet client are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. Kerberos is a networked authentication system which uses a trusted third party (a KDC) to authenticate clients and servers to each other. The krb5-workstation package includes a Kerberos-aware telnet client. Two buffer overflow flaws were discovered in the way the telnet client handles messages from a server. An attacker may be able to execute arbitrary code on a victim last seen 2020-06-01 modified 2020-06-02 plugin id 17659 published 2005-03-30 reporter This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/17659 title RHEL 2.1 / 3 / 4 : krb5 (RHSA-2005:330) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-101-1.NASL description A buffer overflow was discovered in the telnet client last seen 2020-06-01 modified 2020-06-02 plugin id 20487 published 2006-01-15 reporter Ubuntu Security Notice (C) 2005-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/20487 title Ubuntu 4.10 : netkit-telnet vulnerabilities (USN-101-1) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200503-36.NASL description The remote host is affected by the vulnerability described in GLSA-200503-36 (netkit-telnetd: Buffer overflow) A buffer overflow has been identified in the slc_add_reply() function of netkit-telnetd client, where a large number of SLC commands can overflow a fixed size buffer. Impact : Successful exploitation would require a vulnerable user to connect to an attacker-controlled host using telnet, potentially executing arbitrary code with the permissions of the telnet user. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 17666 published 2005-04-01 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/17666 title GLSA-200503-36 : netkit-telnetd: Buffer overflow NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2005-330.NASL description Updated krb5 packages which fix two buffer overflow vulnerabilities in the included Kerberos-aware telnet client are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. Kerberos is a networked authentication system which uses a trusted third party (a KDC) to authenticate clients and servers to each other. The krb5-workstation package includes a Kerberos-aware telnet client. Two buffer overflow flaws were discovered in the way the telnet client handles messages from a server. An attacker may be able to execute arbitrary code on a victim last seen 2020-06-01 modified 2020-06-02 plugin id 21803 published 2006-07-03 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/21803 title CentOS 3 : krb5 (CESA-2005:330) NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2005-061.NASL description Two buffer overflow issues were discovered in the way telnet clients handle messages from a server. Because of these issues, an attacker may be able to execute arbitrary code on the victim last seen 2020-06-01 modified 2020-06-02 plugin id 17658 published 2005-03-30 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/17658 title Mandrake Linux Security Advisory : krb5 (MDKSA-2005:061) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200504-28.NASL description The remote host is affected by the vulnerability described in GLSA-200504-28 (Heimdal: Buffer overflow vulnerabilities) Buffer overflow vulnerabilities in the slc_add_reply() and env_opt_add() functions have been discovered by Gael Delalleau in the telnet client in Heimdal. Impact : Successful exploitation would require a vulnerable user to connect to an attacker-controlled host using the telnet client, potentially executing arbitrary code with the permissions of the user running the application. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 18159 published 2005-04-29 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/18159 title GLSA-200504-28 : Heimdal: Buffer overflow vulnerabilities NASL family Debian Local Security Checks NASL id DEBIAN_DSA-703.NASL description Several problems have been discovered in telnet clients that could be exploited by malicious daemons the client connects to. The Common Vulnerabilities and Exposures project identifies the following problems : - CAN-2005-0468 Gael Delalleau discovered a buffer overflow in the env_opt_add() function that allow a remote attacker to execute arbitrary code. - CAN-2005-0469 Gael Delalleau discovered a buffer overflow in the handling of the LINEMODE suboptions in telnet clients. This can lead to the execution of arbitrary code when connected to a malicious server. last seen 2020-06-01 modified 2020-06-02 plugin id 17674 published 2005-04-02 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/17674 title Debian DSA-703-1 : krb5 - buffer overflows NASL family Debian Local Security Checks NASL id DEBIAN_DSA-765.NASL description Gael Delalleau discovered a buffer overflow in the handling of the LINEMODE suboptions in telnet clients. Heimdal, a free implementation of Kerberos 5, also contains such a client. This can lead to the execution of arbitrary code when connected to a malicious server. last seen 2020-06-01 modified 2020-06-02 plugin id 19270 published 2005-07-22 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/19270 title Debian DSA-765-1 : heimdal - buffer overflow NASL family Debian Local Security Checks NASL id DEBIAN_DSA-697.NASL description Gael Delalleau discovered a buffer overflow in the handling of the LINEMODE suboptions in telnet clients. This can lead to the execution of arbitrary code when connected to a malicious server. last seen 2020-06-01 modified 2020-06-02 plugin id 17639 published 2005-03-29 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/17639 title Debian DSA-697-1 : netkit-telnet - buffer overflow
Oval
| accepted | 2013-04-29T04:21:29.965-04:00 | ||||||||||||||||||||
| class | vulnerability | ||||||||||||||||||||
| contributors |
| ||||||||||||||||||||
| definition_extensions |
| ||||||||||||||||||||
| description | Buffer overflow in the slc_add_reply function in various BSD-based Telnet clients, when handling LINEMODE suboptions, allows remote attackers to execute arbitrary code via a reply with a large number of Set Local Character (SLC) commands. | ||||||||||||||||||||
| family | unix | ||||||||||||||||||||
| id | oval:org.mitre.oval:def:9708 | ||||||||||||||||||||
| status | accepted | ||||||||||||||||||||
| submitted | 2010-07-09T03:56:16-04:00 | ||||||||||||||||||||
| title | Buffer overflow in the slc_add_reply function in various BSD-based Telnet clients, when handling LINEMODE suboptions, allows remote attackers to execute arbitrary code via a reply with a large number of Set Local Character (SLC) commands. | ||||||||||||||||||||
| version | 27 |
Redhat
| advisories |
| ||||||||
| rpms |
|
Statements
| contributor | Mark J Cox |
| lastmodified | 2007-03-14 |
| organization | Red Hat |
| statement | Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. |
References
- ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:01.telnet.asc
- ftp://patches.sgi.com/support/free/security/advisories/20050405-01-P
- http://secunia.com/advisories/14745
- http://secunia.com/advisories/17899
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-101665-1
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-101671-1
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-57755-1
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-57761-1
- http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2005-001-telnet.txt
- http://www.debian.de/security/2005/dsa-731
- http://www.debian.org/security/2005/dsa-697
- http://www.debian.org/security/2005/dsa-699
- http://www.debian.org/security/2005/dsa-703
- http://www.gentoo.org/security/en/glsa/glsa-200503-36.xml
- http://www.idefense.com/application/poi/display?id=220&type=vulnerabilities
- http://www.kb.cert.org/vuls/id/291924
- http://www.mandriva.com/security/advisories?name=MDKSA-2005:061
- http://www.redhat.com/support/errata/RHSA-2005-327.html
- http://www.redhat.com/support/errata/RHSA-2005-330.html
- http://www.securityfocus.com/bid/12918
- http://www.ubuntulinux.org/usn/usn-224-1
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9708