Vulnerabilities > Trustix > Secure Linux

DATE CVE VULNERABILITY TITLE RISK
2005-05-02 CVE-2005-0988 Race condition in gzip 1.2.4, 1.3.3, and earlier, when decompressing a gzipped file, allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by gzip after the decompression is complete.
local
high complexity
gnu freebsd gentoo redhat trustix turbolinux ubuntu
3.7
2005-05-02 CVE-2005-0001 Local Privilege Escalation vulnerability in Linux Kernel Symmetrical Multiprocessing Page Fault
Race condition in the page fault handler (fault.c) for Linux kernel 2.2.x to 2.2.7, 2.4 to 2.4.29, and 2.6 to 2.6.10, when running on multiprocessor machines, allows local users to execute arbitrary code via concurrent threads that share the same virtual memory space and simultaneously request stack expansion.
6.9
2005-03-15 CVE-2005-0384 Remote Denial Of Service vulnerability in Linux Kernel PPP Driver
Unknown vulnerability in the PPP driver for the Linux kernel 2.6.8.1 allows remote attackers to cause a denial of service (kernel crash) via a pppd client.
network
low complexity
redhat suse trustix ubuntu
5.0
2005-03-01 CVE-2004-1051 sudo before 1.6.8p2 allows local users to execute arbitrary commands by using "()" style environment variables to create functions that have the same name as any program within the bash script that is called without using the program's full pathname. 7.2
2005-03-01 CVE-2004-0990 Remote Integer Overflow vulnerability in GD Graphics Library
Integer overflow in GD Graphics Library libgd 2.0.28 (libgd2), and possibly other versions, allows remote attackers to cause a denial of service and possibly execute arbitrary code via PNG image files with large image rows values that lead to a heap-based buffer overflow in the gdImageCreateFromPngCtx function, a different set of vulnerabilities than CVE-2004-0941.
network
low complexity
gd-graphics-library openpkg gentoo suse trustix
critical
10.0
2005-03-01 CVE-2004-0989 Remote Stack Buffer Overflow vulnerability in Libxml2
Multiple buffer overflows in libXML 2.6.12 and 2.6.13 (libxml2), and possibly other versions, may allow remote attackers to execute arbitrary code via (1) a long FTP URL that is not properly handled by the xmlNanoFTPScanURL function, (2) a long proxy URL containing FTP data that is not properly handled by the xmlNanoFTPScanProxy function, and other overflows related to manipulation of DNS length values, including (3) xmlNanoFTPConnect, (4) xmlNanoHTTPConnectHost, and (5) xmlNanoHTTPConnectHost.
network
low complexity
xmlsoft xmlstarlet redhat trustix ubuntu
critical
10.0
2005-02-09 CVE-2004-0957 Unknown vulnerability in MySQL 3.23.58 and earlier, when a local user has privileges for a database whose name includes a "_" (underscore), grants privileges to other databases that have similar names, which can allow the user to conduct unauthorized activities. 6.8
2005-02-09 CVE-2004-0941 Remote Buffer overflow vulnerability in GD Graphics Library
Multiple buffer overflows in the gd graphics library (libgd) 2.0.21 and earlier may allow remote attackers to execute arbitrary code via malformed image files that trigger the overflows due to improper calls to the gdMalloc function, a different set of vulnerabilities than CVE-2004-0990.
network
low complexity
gd-graphics-library trustix
critical
10.0
2005-02-09 CVE-2004-0940 Incorrect Calculation of Buffer Size vulnerability in multiple products
Buffer overflow in the get_tag function in mod_include for Apache 1.3.x to 1.3.32 allows local users who can create SSI documents to execute arbitrary code as the apache user via SSI (XSSI) documents that trigger a length calculation error.
local
low complexity
openpkg apache slackware hp suse trustix CWE-131
7.8
2005-01-27 CVE-2004-0918 Resource Management Errors vulnerability in multiple products
The asn_parse_header function (asn1.c) in the SNMP module for Squid Web Proxy Cache before 2.4.STABLE7 allows remote attackers to cause a denial of service (server restart) via certain SNMP packets with negative length fields that trigger a memory allocation error.
network
low complexity
openpkg squid gentoo redhat trustix ubuntu CWE-399
5.0