ID CVE-2004-0757 Type cve Reporter NVD Modified 2017-10-10T21:29:32
Description
Heap-based buffer overflow in the SendUidl in the POP3 capability for Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, may allow remote POP3 mail servers to execute arbitrary code.
{"result": {"cert": [{"id": "VU:561022", "type": "cert", "title": "Mozilla contains a buffer overflow in the SendUidl() function", "description": "### Overview\n\nA vulnerability in the way Mozilla handles certain types of POP3 responses could allow a remote attacker to execute arbitrary code on an affected system.\n\n### Description\n\nPost Office Protocol Version 3 ([POP3](<http://www.ietf.org/rfc/rfc1939.txt>)) is a mail protocol that provides a means for retrieving email from a remote server. This protocol is supported by [Mozilla](<http://www.mozilla.org/products/mozilla1.x/>), [Firefox](<http://www.mozilla.org/products/firefox/>), and [Thunderbird](<http://www.mozilla.org/products/thunderbird/>). These clients contain a vulnerability that allows malformed POP3 responses to trigger a buffer overflow condition in the `SendUidl()` function. Such responses can be sent by a remote POP3 server and could result in arbitrary code execution. \n \n--- \n \n### Impact\n\nBy sending a specially crafted POP3 response to an affected client, a remote attacker could cause the client to crash or potentially execute arbitrary code. Exploitation of this vulnerability would require a user to connect to a malicious POP3 server. \n \n--- \n \n### Solution\n\n**Upgrade**\n\nUpgrade as specified by your vendor. This issue has been resolved in Mozilla 1.7, Firefox 0.9, and Thunderbird 0.7.2. \n \n--- \n \n### Systems Affected \n\nVendor| Status| Date Notified| Date Updated \n---|---|---|--- \nMozilla| | -| 20 Aug 2004 \nIf you are a vendor and your product is affected, [let us know](<mailto:cert@cert.org?Subject=VU%23561022 Vendor Status Inquiry>).\n\n### CVSS Metrics \n\nGroup | Score | Vector \n---|---|--- \nBase | N/A | N/A \nTemporal | N/A | N/A \nEnvironmental | N/A | N/A \n \n### References\n\n * <http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7>\n * <http://bugzilla.mozilla.org/show_bug.cgi?id=229374>\n * <http://xforce.iss.net/xforce/xfdb/16869>\n * <http://www.redhat.com/support/errata/RHSA-2004-421.html>\n * <http://secunia.com/advisories/10856/>\n * <http://www.ciac.org/ciac/bulletins/o-195.shtml>\n * [http://slackware.com/security/viewer.php?l=slackware-security&y;=2004&m;=slackware-security.667659](<http://slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.667659>)\n\n### Credit\n\nThis vulnerability was reported by Zen Parse.\n\nThis document was written by Damon Morda.\n\n### Other Information\n\n * CVE IDs: [CAN-2004-0757](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CAN-2004-0757>)\n * Date Public: 29 May 2004\n * Date First Published: 20 Aug 2004\n * Date Last Updated: 20 Aug 2004\n * Severity Metric: 2.70\n * Document Revision: 17\n\n", "published": "2004-08-20T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.kb.cert.org/vuls/id/561022", "cvelist": ["CVE-2004-0757", "CVE-2004-0757"], "lastseen": "2016-02-03T09:13:26"}], "osvdb": [{"id": "OSVDB:8303", "type": "osvdb", "title": "Mozilla Browsers SendUidl POP3 Overflow", "description": "## Vulnerability Description\nMozilla contains a flaw that may allow a malicious user to execute arbitrary code. The issue is triggered when a maliciously configured POP3 server overwrites heap memory in the users browser. It is possible that the flaw may allow remote code execution allowing system access and resulting in a loss of confidentiality and integrity.\n## Solution Description\nUpgrade to version 1.7 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nMozilla contains a flaw that may allow a malicious user to execute arbitrary code. The issue is triggered when a maliciously configured POP3 server overwrites heap memory in the users browser. It is possible that the flaw may allow remote code execution allowing system access and resulting in a loss of confidentiality and integrity.\n## References:\n[Vendor Specific Advisory URL](http://bugzilla.mozilla.org/show_bug.cgi?id=229374)\n[Vendor Specific Advisory URL](ftp://ftp.sco.com/pub/openserver5/507/mp/osr507mp4/osr507mp4.htm)\n[Vendor Specific Advisory URL](ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt)\n[Vendor Specific Advisory URL](http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7)\n[Secunia Advisory ID:15432](https://secuniaresearch.flexerasoftware.com/advisories/15432/)\n[Secunia Advisory ID:17645](https://secuniaresearch.flexerasoftware.com/advisories/17645/)\n[Secunia Advisory ID:12234](https://secuniaresearch.flexerasoftware.com/advisories/12234/)\n[Secunia Advisory ID:12283](https://secuniaresearch.flexerasoftware.com/advisories/12283/)\n[Secunia Advisory ID:10856](https://secuniaresearch.flexerasoftware.com/advisories/10856/)\n[Secunia Advisory ID:12747](https://secuniaresearch.flexerasoftware.com/advisories/12747/)\nRedHat RHSA: RHSA-2004:421-17\nOther Advisory URL: http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:082\nOther Advisory URL: http://www.suse.de/de/security/2004_36_mozilla.html\nOther Advisory URL: ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.25/SCOSA-2005.25.txt\nKeyword: SCOSA-2005.49\nISS X-Force ID: 16869\n[CVE-2004-0757](https://vulners.com/cve/CVE-2004-0757)\n", "published": "2004-08-03T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://vulners.com/osvdb/OSVDB:8303", "cvelist": ["CVE-2004-0757"], "lastseen": "2017-04-28T13:20:03"}], "nessus": [{"id": "FREEBSD_MOZILLA_172.NASL", "type": "nessus", "title": "FreeBSD : mozilla -- POP client heap overflow (116)", "description": "The following package needs to be updated: linux-mozilla", "published": "2004-09-16T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=14756", "cvelist": ["CVE-2004-0757"], "lastseen": "2016-09-26T17:23:54"}, {"id": "FREEBSD_PKG_C1D97A8B05ED11D9B45D000C41E2CDAD.NASL", "type": "nessus", "title": "FreeBSD : mozilla -- POP client heap overflow (c1d97a8b-05ed-11d9-b45d-000c41e2cdad)", "description": "zen-parse discovered a heap buffer overflow in Mozilla's POP client implementation. A malicious POP server could exploit this vulnerability to cause Mozilla to execute arbitrary code.", "published": "2009-04-23T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=37377", "cvelist": ["CVE-2004-0757"], "lastseen": "2017-10-29T13:35:59"}, {"id": "REDHAT-RHSA-2004-421.NASL", "type": "nessus", "title": "RHEL 2.1 / 3 : mozilla (RHSA-2004:421)", "description": "Updated mozilla packages based on version 1.4.3 that fix a number of security issues for Red Hat Enterprise Linux are now available.\n\nMozilla is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor.\n\nA number of flaws have been found in Mozilla 1.4 that have been fixed in the Mozilla 1.4.3 release :\n\nZen Parse reported improper input validation to the SOAPParameter object constructor leading to an integer overflow and controllable heap corruption. Malicious JavaScript could be written to utilize this flaw and could allow arbitrary code execution. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0722 to this issue.\n\nDuring a source code audit, Chris Evans discovered a buffer overflow and integer overflows which affect the libpng code inside Mozilla. An attacker could create a carefully crafted PNG file in such a way that it would cause Mozilla to crash or execute arbitrary code when the image was viewed. (CVE-2004-0597, CVE-2004-0599)\n\nZen Parse reported a flaw in the POP3 capability. A malicious POP3 server could send a carefully crafted response that would cause a heap overflow and potentially allow execution of arbitrary code as the user running Mozilla. (CVE-2004-0757)\n\nMarcel Boesch found a flaw that allows a CA certificate to be imported with a DN the same as that of the built-in CA root certificates, which can cause a denial of service to SSL pages, as the malicious certificate is treated as invalid. (CVE-2004-0758)\n\nMet - Martin Hassman reported a flaw in Mozilla that could allow malicious JavaScript code to upload local files from a users machine without requiring confirmation. (CVE-2004-0759)\n\nMindlock Security reported a flaw in ftp URI handling. By using a NULL character (%00) in a ftp URI, Mozilla can be confused into opening a resource as a different MIME type. (CVE-2004-0760)\n\nMozilla does not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates website spoofing and other attacks, also known as the frame injection vulnerability. (CVE-2004-0718)\n\nTolga Tarhan reported a flaw that can allow a malicious webpage to use a redirect sequence to spoof the security lock icon that makes a webpage appear to be encrypted. (CVE-2004-0761)\n\nJesse Ruderman reported a security issue that affects a number of browsers including Mozilla that could allow malicious websites to install arbitrary extensions by using interactive events to manipulate the XPInstall Security dialog box. (CVE-2004-0762)\n\nEmmanouel Kellinis discovered a caching flaw in Mozilla which allows malicious websites to spoof certificates of trusted websites via redirects and JavaScript that uses the 'onunload' method.\n(CVE-2004-0763)\n\nMozilla allowed malicious websites to hijack the user interface via the 'chrome' flag and XML User Interface Language (XUL) files.\n(CVE-2004-0764)\n\nThe cert_TestHostName function in Mozilla only checks the hostname portion of a certificate when the hostname portion of the URI is not a fully qualified domain name (FQDN). This flaw could be used for spoofing if an attacker had control of machines on a default DNS search path. (CVE-2004-0765)\n\nAll users are advised to update to these erratum packages which contain a snapshot of Mozilla 1.4.3 including backported fixes and are not vulnerable to these issues.", "published": "2004-08-05T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=14214", "cvelist": ["CVE-2004-0765", "CVE-2004-0762", "CVE-2004-0758", "CVE-2004-0718", "CVE-2004-0764", "CVE-2004-0757", "CVE-2004-0599", "CVE-2004-0597", "CVE-2004-0760", "CVE-2004-0722", "CVE-2004-0759", "CVE-2004-0763", "CVE-2004-0761"], "lastseen": "2017-12-19T00:57:55"}, {"id": "MANDRAKE_MDKSA-2004-082.NASL", "type": "nessus", "title": "Mandrake Linux Security Advisory : mozilla (MDKSA-2004:082)", "description": "A number of security vulnerabilities in mozilla are addressed by this update for Mandrakelinux 10.0 users, including a fix for frame spoofing, a fixed popup XPInstall/security dialog bug, a fix for untrusted chrome calls, a fix for SSL certificate spoofing, a fix for stealing secure HTTP Auth passwords via DNS spoofing, a fix for insecure matching of cert names for non-FQDNs, a fix for focus redefinition from another domain, a fix for a SOAP parameter overflow, a fix for text drag on file entry, a fix for certificate DoS, and a fix for lock icon and cert spoofing.\n\nAdditionally, mozilla for both Mandrakelinux 9.2 and 10.0 have been rebuilt to use the system libjpeg and libpng which addresses vulnerabilities discovered in libpng (ref: MDKSA-2004:079).", "published": "2004-08-22T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=14331", "cvelist": ["CVE-2004-0765", "CVE-2004-0779", "CVE-2004-0762", "CVE-2004-0758", "CVE-2004-0718", "CVE-2005-1937", "CVE-2004-1449", "CVE-2004-0764", "CVE-2004-0757", "CVE-2004-0599", "CVE-2004-0597", "CVE-2004-0760", "CVE-2004-0598", "CVE-2004-0722", "CVE-2004-0759", "CVE-2004-0763", "CVE-2004-0761"], "lastseen": "2017-10-29T13:39:52"}, {"id": "SLACKWARE_SSA_2004-223-01.NASL", "type": "nessus", "title": "Slackware 10.0 / 9.1 / current : Mozilla (SSA:2004-223-01)", "description": "New Mozilla packages are available for Slackware 9.1, 10.0, and\n-current to fix a number of security issues. Slackware 10.0 and\n-current were upgraded to Mozilla 1.7.2, and Slackware 9.1 was upgraded to Mozilla 1.4.3. As usual, new versions of Mozilla require new versions of things that link with the Mozilla libraries, so for Slackware 10.0 and -current new versions of epiphany, galeon, gaim, and mozilla-plugins have also been provided. There don't appear to be epiphany and galeon versions that are compatible with Mozilla 1.4.3 and the GNOME in Slackware 9.1, so these are not provided and Epiphany and Galeon will be broken on Slackware 9.1 if the new Mozilla package is installed. Furthermore, earlier versions of Mozilla (such as the 1.3 series) were not fixed upstream, so versions of Slackware earlier than 9.1 will remain vulnerable to these browser issues. If you still use Slackware 9.0 or earlier, you may want to consider removing Mozilla or upgrading to a newer version.", "published": "2005-07-13T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=18794", "cvelist": ["CVE-2004-0765", "CVE-2004-0762", "CVE-2004-0758", "CVE-2004-0718", "CVE-2004-0764", "CVE-2004-0757", "CVE-2004-0599", "CVE-2004-0597", "CVE-2004-0760", "CVE-2004-0598", "CVE-2004-0722", "CVE-2004-0759", "CVE-2004-0763", "CVE-2004-0761"], "lastseen": "2017-10-29T13:33:26"}], "openvas": [{"id": "OPENVAS:52393", "type": "openvas", "title": "FreeBSD Ports: mozilla", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "published": "2008-09-04T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=52393", "cvelist": ["CVE-2004-0757"], "lastseen": "2017-07-02T21:10:13"}, {"id": "OPENVAS:136141256231065531", "type": "openvas", "title": "SLES9: Security update for Mozilla", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n mozilla-dom-inspector\n mozilla-venkman\n mozilla-mail\n mozilla\n mozilla-calendar\n mozilla-irc\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5016546 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "published": "2009-10-10T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=136141256231065531", "cvelist": ["CVE-2004-0765", "CVE-2004-0762", "CVE-2004-0758", "CVE-2004-0718", "CVE-2004-0764", "CVE-2004-0757", "CVE-2004-0760", "CVE-2004-0722", "CVE-2004-0759", "CVE-2004-0763", "CVE-2004-0761"], "lastseen": "2018-04-06T11:37:13"}, {"id": "OPENVAS:65531", "type": "openvas", "title": "SLES9: Security update for Mozilla", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n mozilla-dom-inspector\n mozilla-venkman\n mozilla-mail\n mozilla\n mozilla-calendar\n mozilla-irc\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5016546 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "published": "2009-10-10T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=65531", "cvelist": ["CVE-2004-0765", "CVE-2004-0762", "CVE-2004-0758", "CVE-2004-0718", "CVE-2004-0764", "CVE-2004-0757", "CVE-2004-0760", "CVE-2004-0722", "CVE-2004-0759", "CVE-2004-0763", "CVE-2004-0761"], "lastseen": "2017-07-26T08:55:11"}, {"id": "OPENVAS:53919", "type": "openvas", "title": "Slackware Advisory SSA:2004-223-01 Mozilla", "description": "The remote host is missing an update as announced\nvia advisory SSA:2004-223-01.", "published": "2012-09-11T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=53919", "cvelist": ["CVE-2004-0765", "CVE-2004-0762", "CVE-2004-0758", "CVE-2004-0718", "CVE-2004-0764", "CVE-2004-0757", "CVE-2004-0599", "CVE-2004-0597", "CVE-2004-0760", "CVE-2004-0598", "CVE-2004-0722", "CVE-2004-0759", "CVE-2004-0763", "CVE-2004-0761"], "lastseen": "2017-09-18T11:13:07"}, {"id": "OPENVAS:136141256231053919", "type": "openvas", "title": "Slackware Advisory SSA:2004-223-01 Mozilla", "description": "The remote host is missing an update as announced\nvia advisory SSA:2004-223-01.", "published": "2012-09-11T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=136141256231053919", "cvelist": ["CVE-2004-0765", "CVE-2004-0762", "CVE-2004-0758", "CVE-2004-0718", "CVE-2004-0764", "CVE-2004-0757", "CVE-2004-0599", "CVE-2004-0597", "CVE-2004-0760", "CVE-2004-0598", "CVE-2004-0722", "CVE-2004-0759", "CVE-2004-0763", "CVE-2004-0761"], "lastseen": "2018-04-06T11:18:52"}], "freebsd": [{"id": "C1D97A8B-05ED-11D9-B45D-000C41E2CDAD", "type": "freebsd", "title": "mozilla -- POP client heap overflow", "description": "\nzen-parse discovered a heap buffer overflow in Mozilla's\n\t POP client implementation. A malicious POP server\n\t could exploit this vulnerability to cause Mozilla to execute\n\t arbitrary code.\n", "published": "2004-07-22T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://vuxml.freebsd.org/freebsd/c1d97a8b-05ed-11d9-b45d-000c41e2cdad.html", "cvelist": ["CVE-2004-0757"], "lastseen": "2016-09-26T17:25:21"}], "redhat": [{"id": "RHSA-2004:421", "type": "redhat", "title": "(RHSA-2004:421) mozilla security update", "description": "Mozilla is an open source Web browser, advanced email and newsgroup\nclient, IRC chat client, and HTML editor.\n\nA number of flaws have been found in Mozilla 1.4 that have been fixed in\nthe Mozilla 1.4.3 release: \n\nZen Parse reported improper input validation to the SOAPParameter object\nconstructor leading to an integer overflow and controllable heap\ncorruption. Malicious JavaScript could be written to utilize this flaw and\ncould allow arbitrary code execution. The Common Vulnerabilities and\nExposures project (cve.mitre.org) has assigned the name CAN-2004-0722 to\nthis issue.\n\nDuring a source code audit, Chris Evans discovered a buffer overflow and\ninteger overflows which affect the libpng code inside Mozilla. An attacker\ncould create a carefully crafted PNG file in such a way that it would cause\nMozilla to crash or execute arbitrary code when the image was viewed.\n(CAN-2004-0597, CAN-2004-0599)\n\nZen Parse reported a flaw in the POP3 capability. A malicious POP3 server\ncould send a carefully crafted response that would cause a heap overflow\nand potentially allow execution of arbitrary code as the user running\nMozilla. (CAN-2004-0757)\n\nMarcel Boesch found a flaw that allows a CA certificate to be imported with\na DN the same as that of the built-in CA root certificates, which can cause\na denial of service to SSL pages, as the malicious certificate is treated\nas invalid. (CAN-2004-0758)\n\nMet - Martin Hassman reported a flaw in Mozilla that could allow malicious\nJavascript code to upload local files from a users machine without\nrequiring confirmation. (CAN-2004-0759)\n\nMindlock Security reported a flaw in ftp URI handling. By using a NULL\ncharacter (%00) in a ftp URI, Mozilla can be confused into opening a\nresource as a different MIME type. (CAN-2004-0760)\n\nMozilla does not properly prevent a frame in one domain from injecting\ncontent into a frame that belongs to another domain, which facilitates\nwebsite spoofing and other attacks, also known as the frame injection\nvulnerability. (CAN-2004-0718)\n\nTolga Tarhan reported a flaw that can allow a malicious webpage to use a\nredirect sequence to spoof the security lock icon that makes a webpage\nappear to be encrypted. (CAN-2004-0761)\n\nJesse Ruderman reported a security issue that affects a number of browsers\nincluding Mozilla that could allow malicious websites to install arbitrary\nextensions by using interactive events to manipulate the XPInstall Security\ndialog box. (CAN-2004-0762)\n\nEmmanouel Kellinis discovered a caching flaw in Mozilla which allows\nmalicious websites to spoof certificates of trusted websites via\nredirects and Javascript that uses the \"onunload\" method. (CAN-2004-0763)\n\nMozilla allowed malicious websites to hijack the user interface via the\n\"chrome\" flag and XML User Interface Language (XUL) files. (CAN-2004-0764)\n\nThe cert_TestHostName function in Mozilla only checks the hostname portion\nof a certificate when the hostname portion of the URI is not a fully\nqualified domain name (FQDN). This flaw could be used for spoofing if an\nattacker had control of machines on a default DNS search path. (CAN-2004-0765)\n\nAll users are advised to update to these erratum packages which contain a\nsnapshot of Mozilla 1.4.3 including backported fixes and are not vulnerable\nto these issues.", "published": "2004-08-04T04:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2004:421", "cvelist": ["CVE-2004-0597", "CVE-2004-0599", "CVE-2004-0718", "CVE-2004-0722", "CVE-2004-0757", "CVE-2004-0758", "CVE-2004-0759", "CVE-2004-0760", "CVE-2004-0761", "CVE-2004-0762", "CVE-2004-0763", "CVE-2004-0764", "CVE-2004-0765"], "lastseen": "2018-05-11T21:14:01"}], "slackware": [{"id": "SSA-2004-223-01", "type": "slackware", "title": "Mozilla", "description": "New Mozilla packages are available for Slackware 9.1, 10.0, and -current\nto fix a number of security issues. Slackware 10.0 and -current were\nupgraded to Mozilla 1.7.2, and Slackware 9.1 was upgraded to Mozilla 1.4.3.\nAs usual, new versions of Mozilla require new versions of things that link\nwith the Mozilla libraries, so for Slackware 10.0 and -current new versions\nof epiphany, galeon, gaim, and mozilla-plugins have also been provided.\nThere don't appear to be epiphany and galeon versions that are compatible\nwith Mozilla 1.4.3 and the GNOME in Slackware 9.1, so these are not\nprovided and Epiphany and Galeon will be broken on Slackware 9.1 if the\nnew Mozilla package is installed. Furthermore, earlier versions of\nMozilla (such as the 1.3 series) were not fixed upstream, so versions\nof Slackware earlier than 9.1 will remain vulnerable to these browser\nissues. If you still use Slackware 9.0 or earlier, you may want to\nconsider removing Mozilla or upgrading to a newer version.\n\nMore details about these issues may be found in the Common\nVulnerabilities and Exposures (CVE) database:\n\n Issues fixed in Mozilla 1.7.2:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0597\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0598\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0599\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0763\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0758\n\n Issues fixed in Mozilla 1.4.3:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0597\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0718\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0722\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0757\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0758\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0759\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0760\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0761\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0762\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0763\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0764\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0765\n\n\nHere are the details from the Slackware 10.0 ChangeLog:\n\nMon Aug 9 01:56:43 PDT 2004\npatches/packages/epiphany-1.2.7-i486-1.tgz: Upgraded to epiphany-1.2.7.\n (compiled against Mozilla 1.7.2)\npatches/packages/gaim-0.81-i486-1.tgz: Upgraded to gaim-0.81.\n (compiled against Mozilla 1.7.2)\npatches/packages/galeon-1.3.17-i486-1.tgz: Upgraded to galeon-1.3.17.\n (compiled against Mozilla 1.7.2)\npatches/packages/mozilla-1.7.2-i486-1.tgz: Upgraded to Mozilla 1.7.2. This\n fixes three security vulnerabilities. For details, see:\n http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.2\n (* Security fix *)\npatches/packages/mozilla-plugins-1.7.2-noarch-1.tgz: Changed plugin symlinks\n for Mozilla 1.7.2.\n\nWhere to find the new packages:\n\nUpdated packages for Slackware 9.1:\nftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/mozilla-1.4.3-i486-1.tgz\nftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/mozilla-plugins-1.4.3-noarch-1.tgz\n\nUpdated packages for Slackware 10.0:\nftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/mozilla-1.7.2-i486-1.tgz\nftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/mozilla-plugins-1.7.2-noarch-1.tgz\nftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/epiphany-1.2.7-i486-1.tgz\nftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/gaim-0.81-i486-1.tgz\nftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/galeon-1.3.17-i486-1.tgz\n\nUpdated packages for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/mozilla-1.7.2-i486-1.tgz\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/mozilla-plugins-1.7.2-noarch-1.tgz\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/gnome/epiphany-1.2.7-i486-1.tgz\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/gnome/galeon-1.3.17-i486-1.tgz\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/gaim-0.81-i486-1.tgz\n\n\nMD5 signatures:\n\nSlackware 9.1 packages:\n29515193166b9b618be405a71b5e9a59 mozilla-1.4.3-i486-1.tgz\n49d537be814de72a3d62a5cc9f6e3b15 mozilla-plugins-1.4.3-noarch-1.tgz\n\nSlackware 10.0 packages:\n612a65758f03fe08a44e004b1ae92d70 mozilla-1.7.2-i486-1.tgz\n55da20d3c7acdd50a3b4abfe12191069 mozilla-plugins-1.7.2-noarch-1.tgz\n86034039fbf6b52584e05701a0598ca4 epiphany-1.2.7-i486-1.tgz\nc3f238fdba8684948d8817d7cf0db567 gaim-0.81-i486-1.tgz\n0e8393b8f1b992dc7804fe925a839755 galeon-1.3.17-i486-1.tgz\n\nSlackware -current packages:\n612a65758f03fe08a44e004b1ae92d70 mozilla-1.7.2-i486-1.tgz\n55da20d3c7acdd50a3b4abfe12191069 mozilla-plugins-1.7.2-noarch-1.tgz\n86034039fbf6b52584e05701a0598ca4 epiphany-1.2.7-i486-1.tgz\n0e8393b8f1b992dc7804fe925a839755 galeon-1.3.17-i486-1.tgz\nddb7281b985c6b7efb20afc69e5c2ffb gaim-0.81-i486-1.tgz\n\n\nInstallation instructions:\n\nUpgrade the packages as root:\n > upgradepkg mozilla-1.7.2-i486-1.tgz \\\n mozilla-plugins-1.7.2-noarch-1.tgz \\\n epiphany-1.2.7-i486-1.tgz \\\n gaim-0.81-i486-1.tgz \\\n galeon-1.3.17-i486-1.tgz", "published": "2004-08-10T14:17:12", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.667659", "cvelist": ["CVE-2004-0765", "CVE-2004-0762", "CVE-2004-0758", "CVE-2004-0718", "CVE-2004-0764", "CVE-2004-0757", "CVE-2004-0599", "CVE-2004-0597", "CVE-2004-0760", "CVE-2004-0598", "CVE-2004-0722", "CVE-2004-0759", "CVE-2004-0763", "CVE-2004-0761"], "lastseen": "2018-02-02T18:11:34"}], "suse": [{"id": "SUSE-SA:2004:030", "type": "suse", "title": "remote DoS condition in apache2", "description": "The mod_ssl apache module, as part of our apache2 package, enables the apache webserver to handle the HTTPS protocol. Within the mod_ssl module, two Denial of Service conditions in the input filter have been found. The CVE project assigned the identifiers CAN-2004-0748 and CAN-2004-0751 to these issues.\n#### Solution\nAs temporary workaround you may disable the mod_ssl module in your apache configuration and restart the apache process without SSL support.", "published": "2004-09-06T13:51:41", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2004-09/msg00009.html", "cvelist": ["CVE-2004-0765", "CVE-2004-0762", "CVE-2004-0758", "CVE-2004-0718", "CVE-2004-0748", "CVE-2004-0764", "CVE-2004-0757", "CVE-2004-0597", "CVE-2004-0760", "CVE-2004-0722", "CVE-2004-0759", "CVE-2004-0751", "CVE-2004-0763", "CVE-2004-0761"], "lastseen": "2016-09-04T12:45:49"}, {"id": "SUSE-SA:2004:036", "type": "suse", "title": "various vulnerabilities in mozilla", "description": "During the last months a number of security problems have been fixed in Mozilla and Mozilla based brwosers. These include:\n#### Solution\nSince there is no workaround, we recommend an update in any case if you use the mozilla browser.", "published": "2004-10-06T13:11:21", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2004-10/msg00006.html", "cvelist": ["CVE-2004-0909", "CVE-2004-0765", "CVE-2004-0906", "CVE-2004-0905", "CVE-2004-0903", "CVE-2004-0762", "CVE-2004-0758", "CVE-2004-0908", "CVE-2004-0902", "CVE-2004-0718", "CVE-2004-0764", "CVE-2004-0757", "CVE-2004-0760", "CVE-2004-0904", "CVE-2004-0722", "CVE-2004-0759", "CVE-2004-0763", "CVE-2004-0761"], "lastseen": "2016-04-13T01:00:44"}, {"id": "SUSE-SA:2004:034", "type": "suse", "title": "remote command execution in XFree86-libs, xshared", "description": "Chris Evans reported three vulnerabilities in libXpm which can be exploited remotely by providing malformed XPM image files. The function xpmParseColors() is vulnerable to an integer overflow and a stack-based buffer overflow. The functions ParseAndPutPixels() as well as ParsePixels() is vulnerable to a stack-based buffer overflow too. Additionally Matthieu Herrb found two one-byte buffer overflows.\n#### Solution\nThere is no workaround known.", "published": "2004-09-17T13:37:17", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2004-09/msg00013.html", "cvelist": ["CVE-2004-0688", "CVE-2004-0765", "CVE-2004-1170", "CVE-2004-0687", "CVE-2004-0762", "CVE-2004-0758", "CVE-2004-0784", "CVE-2004-0807", "CVE-2004-0718", "CVE-2004-0764", "CVE-2004-0757", "CVE-2004-0494", "CVE-2004-0808", "CVE-2004-0597", "CVE-2004-0722", "CVE-2004-0832", "CVE-2004-0785", "CVE-2004-0759", "CVE-2004-0754", "CVE-2004-0763", "CVE-2004-0761"], "lastseen": "2016-09-04T12:19:39"}, {"id": "SUSE-SA:2004:035", "type": "suse", "title": "remote file disclosure in samba", "description": "The Samba server, which allows to share files and resources via the SMB/CIFS protocol, contains a bug in the sanitation code of path names which allows remote attackers to access files outside of the defined share. In order to access these files, they must be readable by the account used for the SMB session. CAN-2004-0815 has been assigned to this issue.\n#### Solution\nAs a temporary workaround you can set the wide links = no option in smb.conf and restart the samba server. However an update is recommended nevertheless.", "published": "2004-10-05T14:57:32", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2004-10/msg00005.html", "cvelist": ["CVE-2004-0765", "CVE-2004-0762", "CVE-2004-0758", "CVE-2004-0691", "CVE-2004-0718", "CVE-2004-0764", "CVE-2004-0815", "CVE-2004-0757", "CVE-2004-0599", "CVE-2004-0746", "CVE-2004-0597", "CVE-2004-0760", "CVE-2004-0598", "CVE-2004-0722", "CVE-2004-0759", "CVE-2004-0763", "CVE-2004-0761"], "lastseen": "2016-09-04T12:10:59"}, {"id": "SUSE-SA:2004:033", "type": "suse", "title": "remote code execution in gtk2, gdk-pixbuf", "description": "gdk-pixbuf is an image loading and rendering library mostly used by GTK and GNOME applications. It is distributed as a separate package for gtk1 and integrated into the gtk2 package. Chris Evans has discovered a heap based, a stack based and an integer overflow in the XPM and ICO loaders of those libraries. The overflows can be exploited by tricking an application to display a malformed image to make it crash or to execute code.\n#### Solution\nThere is no known workaround, please install the update packages.", "published": "2004-09-17T10:02:50", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2004-09/msg00012.html", "cvelist": ["CVE-2004-0788", "CVE-2004-0765", "CVE-2004-0762", "CVE-2004-0758", "CVE-2004-0784", "CVE-2004-0718", "CVE-2004-0764", "CVE-2004-0757", "CVE-2004-0494", "CVE-2004-0782", "CVE-2004-0783", "CVE-2004-0597", "CVE-2004-0722", "CVE-2004-0832", "CVE-2004-0785", "CVE-2004-0759", "CVE-2004-0754", "CVE-2004-0763", "CVE-2004-0761"], "lastseen": "2016-09-04T12:19:06"}, {"id": "SUSE-SA:2004:031", "type": "suse", "title": "remote code execution in cups", "description": "The Common Unix Printing System (CUPS) enables local and remote users to obtain printing functionallity via the Internet Printing Protocol (IPP). Alvaro Martinez Echevarria has found a remote Denial of Service condition within CUPS which allows remote users to make the cups server unresponsive. Additionally the SUSE Security Team has discovered a flaw in the foomatic-rip print filter which is commonly installed along with cups. It allows remote attackers, which are listed in the printing ACLs, to execute arbitrary commands as the printing user 'lp'.\n#### Solution\nIf you use CUPS, we recommend an update in any case. Additionally the IPP port (TCP port 631) should be firewalled and the printing ACLs should be set up in a way to reflect the local security policy.", "published": "2004-09-15T14:45:26", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2004-09/msg00010.html", "cvelist": ["CVE-2004-0558", "CVE-2004-0765", "CVE-2004-0762", "CVE-2004-0758", "CVE-2004-0827", "CVE-2004-0718", "CVE-2004-0764", "CVE-2004-0757", "CVE-2004-0805", "CVE-2004-0801", "CVE-2004-0597", "CVE-2004-0760", "CVE-2004-0722", "CVE-2004-0759", "CVE-2004-0763", "CVE-2004-0761"], "lastseen": "2016-09-04T11:41:56"}, {"id": "SUSE-SA:2004:032", "type": "suse", "title": "remote denial-of-service in apache2", "description": "The Apache daemon is running on most of the web-servers used in the Internet today. The Red Hat ASF Security-Team and the Swedish IT Incident Center within the National Post and Telecom Agency (SITIC) have found a bug in apache2 each. The first vulnerability appears in the apr_uri_parse() function while handling IPv6 addresses. The affected code passes a negative length argument to the memcpy() function. On BSD systems this can lead to remote command execution due to the nature of the memcpy() implementation. On Linux this bug will result in a remote denial-of-service condition. The second bug is a local buffer overflow that occurs while expanding ${ENVVAR} in the .htaccess and httpd.conf file. Both files are not writeable by normal user by default.\n#### Solution\nThere is no known workaround.", "published": "2004-09-15T15:46:39", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2004-09/msg00011.html", "cvelist": ["CVE-2004-0788", "CVE-2004-0786", "CVE-2004-0765", "CVE-2004-0747", "CVE-2004-0762", "CVE-2004-0758", "CVE-2004-0784", "CVE-2004-0807", "CVE-2004-0718", "CVE-2004-0764", "CVE-2004-0757", "CVE-2004-0494", "CVE-2004-0808", "CVE-2004-0782", "CVE-2004-0783", "CVE-2004-0597", "CVE-2004-0722", "CVE-2004-0832", "CVE-2004-0785", "CVE-2004-0759", "CVE-2004-0754", "CVE-2004-0763", "CVE-2004-0761"], "lastseen": "2016-09-04T11:57:20"}]}}
