Vulnerabilities > Suse

DATE CVE VULNERABILITY TITLE RISK
2005-01-10 CVE-2004-1070 Local Privilege Escalation vulnerability in Linux Kernel BINFMT_ELF Loader
The load_elf_binary function in the binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, does not properly check return values from calls to the kernel_read function, which may allow local users to modify sensitive memory in a setuid program and execute arbitrary code.
local
low complexity
linux redhat suse trustix turbolinux
7.2
2005-01-10 CVE-2004-0956 MySQL before 4.0.20 allows remote attackers to cause a denial of service (application crash) via a MATCH AGAINST query with an opening double quote but no closing double quote.
network
low complexity
oracle suse ubuntu
5.0
2005-01-10 CVE-2004-0949 Remote vulnerability in Linux Kernel SMBFS
The smb_recv_trans2 function call in the samba filesystem (smbfs) in Linux kernel 2.4 and 2.6 does not properly handle the re-assembly of fragmented packets correctly, which could allow remote samba servers to (1) read arbitrary kernel information or (2) raise a counter value to an arbitrary number by sending the first part of the fragmented packet multiple times.
network
low complexity
linux redhat suse trustix ubuntu
6.4
2005-01-10 CVE-2004-0914 Multiple Unspecified vulnerability in LibXPM
Multiple vulnerabilities in libXpm for 6.8.1 and earlier, as used in XFree86 and other packages, include (1) multiple integer overflows, (2) out-of-bounds memory accesses, (3) directory traversal, (4) shell metacharacter, (5) endless loops, and (6) memory leaks, which could allow remote attackers to obtain sensitive information, cause a denial of service (application crash), or execute arbitrary code via a certain XPM image file.
network
low complexity
lesstif x-org xfree86-project gentoo redhat suse
critical
10.0
2005-01-10 CVE-2004-0883 Remote vulnerability in Linux Kernel SMBFS
Multiple vulnerabilities in the samba filesystem (smbfs) in Linux kernel 2.4 and 2.6 allow remote samba servers to cause a denial of service (crash) or gain sensitive information from kernel memory via a samba server (1) returning more data than requested to the smb_proc_read function, (2) returning a data offset from outside the samba packet to the smb_proc_readX function, (3) sending a certain TRANS2 fragmented packet to the smb_receive_trans2 function, (4) sending a samba packet with a certain header size to the smb_proc_readX_data function, or (5) sending a certain packet based offset for the data in a packet to the smb_receive_trans2 function.
network
low complexity
linux redhat suse trustix ubuntu
6.4
2004-12-31 CVE-2004-2658 Local Security vulnerability in Suse Linux 9.0
resmgr in SUSE CORE 9 does not properly identify terminal names, which allows local users to spoof terminals and login types.
local
low complexity
suse
2.1
2004-12-31 CVE-2004-2097 Scripts Insecure Temporary File Handling Symbolic Link vulnerability in Suse Linux 9.0
Multiple scripts on SuSE Linux 9.0 allow local users to overwrite arbitrary files via a symlink attack on (1) /tmp/fvwm-bug created by fvwm-bug, (2) /tmp/wmmenu created by wm-oldmenu2new, (3) /tmp/rates created by x11perfcomp, (4) /tmp/xf86debug.1.log created by xf86debug, (5) /tmp/.winpopup-new created by winpopup-send.sh, or (6) /tmp/initrd created by lvmcreate_initrd.
local
low complexity
suse
2.1
2004-12-31 CVE-2004-1895 Unspecified vulnerability in Suse Linux 8.2/9.0
YaST Online Update (YOU) in SuSE 8.2 and 9.0 allows local users to overwrite arbitrary files via a symlink attack on you-$USER/cookies.
local
low complexity
suse
2.1
2004-12-31 CVE-2004-1491 Opera 7.54 and earlier uses kfmclient exec to handle unknown MIME types, which allows remote attackers to execute arbitrary code via a shortcut or launcher that contains an Exec entry.
network
low complexity
opera gentoo kde suse
5.0
2004-12-31 CVE-2004-1476 Stack Overflow vulnerability in Xine-lib VideoCD And Text Subtitle
Stack-based buffer overflow in the VideoCD (VCD) code in xine-lib 1-rc2 through 1-rc5, as derived from libcdio, allows attackers to execute arbitrary code via a VideoCD with an unterminated disk label.
network
high complexity
xine suse
5.1