Weekly Vulnerabilities Reports > February 28 to March 6, 2005

Overview

2 new vulnerabilities reported during this period, including 0 critical vulnerabilities and 1 high severity vulnerabilities. This weekly summary report vulnerabilities in 10 products from 7 vendors including Redhat, Canonical, Freebsd, Samba, and SUN. Vulnerabilities are notably categorized as and "Integer Underflow (Wrap or Wraparound)".

  • 1 reported vulnerabilities are remotely exploitables.
  • 1 reported vulnerabilities are exploitable by an anonymous user.
  • Redhat has the most reported vulnerabilities, with 1 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

0 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS

1 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2005-03-01 CVE-2004-1002 Samba
Canonical 		Integer Underflow (Wrap or Wraparound) vulnerability in multiple products

Integer underflow in pppd in cbcp.c for ppp 2.4.1 allows remote attackers to cause a denial of service (daemon crash) via a CBCP packet with an invalid length value that causes pppd to access an incorrect memory location.
7.5

1 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2005-03-05 CVE-2005-0109 Freebsd
SCO
Redhat
Ubuntu
SUN 		Hyper-Threading technology, as used in FreeBSD and other operating systems that are run on Intel Pentium and other processors, allows local users to use a malicious thread to create covert channels, monitor the execution of other threads, and obtain sensitive information such as cryptographic keys, via a timing attack on memory cache misses.
5.6

0 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS