Weekly Vulnerabilities Reports > May 2 to 8, 2005
Overview
8 new vulnerabilities reported during this period, including 2 critical vulnerabilities and 4 high severity vulnerabilities. This weekly summary report vulnerabilities in 11 products from 10 vendors including Debian, Haxx, Gnome, Canonical, and Freebsd. Vulnerabilities are notably categorized as "Time-of-check Time-of-use (TOCTOU) Race Condition", "Origin Validation Error", "Missing Initialization of Resource", "Integer Underflow (Wrap or Wraparound)", and "Incorrect Calculation of Buffer Size".
- 5 reported vulnerabilities are remotely exploitables.
- 4 reported vulnerabilities are exploitable by an anonymous user.
- Debian has the most reported vulnerabilities, with 1 reported vulnerabilities.
- SIR has the most reported critical vulnerabilities, with 1 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
2 Critical Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2005-05-02 | CVE-2005-0269 | SIR | Improper Handling of Case Sensitivity vulnerability in SIR Gnuboard 3.40 The file extension check in GNUBoard 3.40 and earlier only verifies extensions that contain all lowercase letters, which allows remote attackers to upload arbitrary files via file extensions that include uppercase letters. | 9.8 |
| 2005-05-02 | CVE-2005-0199 | Barton | Integer Underflow (Wrap or Wraparound) vulnerability in Barton Ngircd Integer underflow in the Lists_MakeMask() function in lists.c in ngIRCd before 0.8.2 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long MODE line that causes an incorrect length calculation, which leads to a buffer overflow. | 9.8 |
4 High Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2005-05-02 | CVE-2005-0490 | Haxx | Incorrect Calculation of Buffer Size vulnerability in Haxx Curl and Libcurl Multiple stack-based buffer overflows in libcURL and cURL 7.12.1, and possibly other versions, allow remote malicious web servers to execute arbitrary code via base64 encoded replies that exceed the intended buffer lengths when decoded, which is not properly handled by (1) the Curl_input_ntlm function in http_ntlm.c during NTLM authentication or (2) the Curl_krb_kauth and krb4_auth functions in krb4.c during Kerberos authentication. | 8.8 |
| 2005-05-02 | CVE-2005-1036 | Freebsd | Missing Initialization of Resource vulnerability in Freebsd FreeBSD 5.x to 5.4 on AMD64 does not properly initialize the IO permission bitmap used to allow user access to certain hardware, which allows local users to bypass intended access restrictions to cause a denial of service, obtain sensitive information, and possibly gain privileges. | 7.8 |
| 2005-05-02 | CVE-2005-0891 | Gnome | Double Free vulnerability in Gnome GTK Double free vulnerability in gtk 2 (gtk2) before 2.2.4 allows remote attackers to cause a denial of service (crash) via a crafted BMP image. | 7.5 |
| 2005-05-02 | CVE-2005-0877 | Thekelleys | Origin Validation Error vulnerability in Thekelleys Dnsmasq Dnsmasq before 2.21 allows remote attackers to poison the DNS cache via answers to queries that were not made by Dnsmasq. | 7.5 |
2 Medium Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2005-05-02 | CVE-2005-0824 | Mathopd | Link Following vulnerability in Mathopd The internal_dump function in Mathopd before 1.5p5, and 1.6x before 1.6b6 BETA, when Mathopd is running with the -n option, allows local users to overwrite arbitrary files via a symlink attack on dump files that are triggered by a SIGWINCH signal. | 5.5 |
| 2005-05-02 | CVE-2005-1111 | GNU Debian Canonical | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in multiple products Race condition in cpio 2.6 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by cpio after the decompression is complete. | 4.7 |
0 Low Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|