ID GLSA-200404-14 Type gentoo Reporter Gentoo Foundation Modified 2004-04-19T00:00:00
Description
Background
According to http://www.webdav.org/cadaver, cadaver is a command-line WebDAV client for Unix. It supports file upload, download, on-screen display, namespace operations (move/copy), collection creation and deletion, and locking operations.
Description
Cadaver code includes the neon library, which in versions 0.24.4 and previous is vulnerable to multiple format string attacks. The latest version of cadaver uses version 0.24.5 of the neon library, which makes it immune to this vulnerability.
Impact
When using cadaver to connect to an untrusted WebDAV server, this vulnerability can allow a malicious remote server to execute arbitrary code on the client with the rights of the user using cadaver.
Workaround
A workaround is not currently known for this issue. All users are advised to upgrade to the latest version of the affected package.
Resolution
cadaver users should upgrade to version 0.22.1 or later:
{"id": "GLSA-200404-14", "vendorId": null, "type": "gentoo", "bulletinFamily": "unix", "title": "Multiple format string vulnerabilities in cadaver", "description": "### Background\n\nAccording to http://www.webdav.org/cadaver, cadaver is a command-line WebDAV client for Unix. It supports file upload, download, on-screen display, namespace operations (move/copy), collection creation and deletion, and locking operations. \n\n### Description\n\nCadaver code includes the neon library, which in versions 0.24.4 and previous is vulnerable to multiple format string attacks. The latest version of cadaver uses version 0.24.5 of the neon library, which makes it immune to this vulnerability. \n\n### Impact\n\nWhen using cadaver to connect to an untrusted WebDAV server, this vulnerability can allow a malicious remote server to execute arbitrary code on the client with the rights of the user using cadaver. \n\n### Workaround\n\nA workaround is not currently known for this issue. All users are advised to upgrade to the latest version of the affected package. \n\n### Resolution\n\ncadaver users should upgrade to version 0.22.1 or later: \n \n \n # emerge sync\n \n # emerge -pv \">=net-misc/cadaver-0.22.1\"\n # emerge \">=net-misc/cadaver-0.22.1\"", "published": "2004-04-19T00:00:00", "modified": "2004-04-19T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {}, "href": "https://security.gentoo.org/glsa/200404-14", "reporter": "Gentoo Foundation", "references": [], "cvelist": ["CVE-2004-0179"], "immutableFields": [], "lastseen": "2022-01-17T19:21:41", "viewCount": 8, "enchantments": {"dependencies": {"references": [{"type": "cert", "idList": ["VU:973654"]}, {"type": "cve", "idList": ["CVE-2004-0179"]}, {"type": "debian", "idList": ["DEBIAN:DSA-487-1:6DB17"]}, {"type": "freebsd", "idList": ["84237895-8F39-11D8-8B29-0020ED76EF5A"]}, {"type": "gentoo", "idList": ["GLSA-200405-01", "GLSA-200405-04"]}, {"type": "nessus", "idList": ["1779.PRM", "DEBIAN_DSA-487.NASL", "FREEBSD_NEON_0245.NASL", "FREEBSD_PKG_842378958F3911D88B290020ED76EF5A.NASL", "GENTOO_GLSA-200404-14.NASL", "GENTOO_GLSA-200405-01.NASL", "GENTOO_GLSA-200405-04.NASL", "MANDRAKE_MDKSA-2004-032.NASL", "MANDRAKE_MDKSA-2004-078.NASL", "REDHAT-RHSA-2004-157.NASL", "REDHAT-RHSA-2004-160.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:52451", "OPENVAS:53181", "OPENVAS:54553", "OPENVAS:54561", "OPENVAS:54564"]}, {"type": "redhat", "idList": ["RHSA-2004:157", "RHSA-2004:160"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:6072", "SECURITYVULNS:DOC:6078", "SECURITYVULNS:DOC:6082", "SECURITYVULNS:DOC:6093", "SECURITYVULNS:DOC:6096", "SECURITYVULNS:DOC:6202", "SECURITYVULNS:DOC:6363", "SECURITYVULNS:DOC:6436"]}, {"type": "suse", "idList": ["SUSE-SA:2004:008", "SUSE-SA:2004:009", "SUSE-SA:2004:015", "SUSE-SA:2004:016", "SUSE-SA:2004:017", "SUSE-SA:2004:018", "SUSE-SA:2004:019", "SUSE-SA:2004:020", "SUSE-SA:2004:021", "SUSE-SA:2004:022"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2004-0179"]}], "rev": 4}, "score": {"value": 8.1, "vector": "NONE"}, "backreferences": {"references": [{"type": "cert", "idList": ["VU:973654"]}, {"type": "cve", "idList": ["CVE-2004-0179"]}, {"type": "debian", "idList": ["DEBIAN:DSA-487-1:6DB17"]}, {"type": "freebsd", "idList": ["84237895-8F39-11D8-8B29-0020ED76EF5A"]}, {"type": "gentoo", "idList": ["GLSA-200405-04"]}, {"type": "nessus", "idList": ["REDHAT-RHSA-2004-157.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:53181"]}, {"type": "redhat", "idList": ["RHSA-2004:160"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:6093"]}, {"type": "suse", "idList": ["SUSE-SA:2004:015"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2004-0179"]}]}, "exploitation": null, "vulnersScore": 8.1}, "affectedPackage": [{"OS": "Gentoo", "OSVersion": "any", "arch": "all", "packageFilename": "UNKNOWN", "packageVersion": "0.22.1", "operator": "lt", "packageName": "net-misc/cadaver"}], "_state": {"dependencies": 1647589307, "score": 0}}
{"ubuntucve": [{"lastseen": "2021-11-22T22:04:47", "description": "Multiple format string vulnerabilities in (1) neon 0.24.4 and earlier, and\nother products that use neon including (2) Cadaver, (3) Subversion, and (4)\nOpenOffice, allow remote malicious WebDAV servers to execute arbitrary\ncode.", "cvss3": {}, "published": "2004-06-01T00:00:00", "type": "ubuntucve", "title": "CVE-2004-0179", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2004-0179"], "modified": "2004-06-01T00:00:00", "id": "UB:CVE-2004-0179", "href": "https://ubuntu.com/security/CVE-2004-0179", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2021-08-19T13:18:48", "description": "Multiple format string vulnerabilities were discovered in neon, an HTTP and WebDAV client library. These vulnerabilities could potentially be exploited by a malicious WebDAV server to execute arbitrary code with the privileges of the process using libneon.", "cvss3": {"score": null, "vector": null}, "published": "2004-09-29T00:00:00", "type": "nessus", "title": "Debian DSA-487-1 : neon - format string", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2004-0179"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:neon", "cpe:/o:debian:debian_linux:3.0"], "id": "DEBIAN_DSA-487.NASL", "href": "https://www.tenable.com/plugins/nessus/15324", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-487. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(15324);\n script_version(\"1.21\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2004-0179\");\n script_bugtraq_id(10136);\n script_xref(name:\"DSA\", value:\"487\");\n\n script_name(english:\"Debian DSA-487-1 : neon - format string\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple format string vulnerabilities were discovered in neon, an\nHTTP and WebDAV client library. These vulnerabilities could\npotentially be exploited by a malicious WebDAV server to execute\narbitrary code with the privileges of the process using libneon.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.debian.org/security/2004/dsa-487\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"For the current stable distribution (woody) these problems have been\nfixed in version 0.19.3-2woody3.\n\nWe recommend that you update your neon package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:neon\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:3.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2004/04/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/09/29\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"3.0\", prefix:\"libneon-dev\", reference:\"0.19.3-2woody3\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"libneon19\", reference:\"0.19.3-2woody3\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T13:20:04", "description": "An updated cadaver package that fixes a vulnerability in neon exploitable by a malicious DAV server is now available.\n\ncadaver is a command-line WebDAV client that uses inbuilt code from neon, an HTTP and WebDAV client library.\n\nVersions of the neon client library up to and including 0.24.4 have been found to contain a number of format string bugs. An attacker could create a malicious WebDAV server in such a way as to allow arbitrary code execution on the client should a user connect to it using cadaver. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0179 to this issue.\n\nUsers of cadaver are advised to upgrade to this updated package, which contains a patch correcting this issue.", "cvss3": {"score": null, "vector": null}, "published": "2004-07-06T00:00:00", "type": "nessus", "title": "RHEL 2.1 : cadaver (RHSA-2004:157)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2004-0179"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:cadaver", "cpe:/o:redhat:enterprise_linux:2.1"], "id": "REDHAT-RHSA-2004-157.NASL", "href": "https://www.tenable.com/plugins/nessus/12486", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2004:157. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(12486);\n script_version(\"1.25\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2004-0179\");\n script_xref(name:\"RHSA\", value:\"2004:157\");\n\n script_name(english:\"RHEL 2.1 : cadaver (RHSA-2004:157)\");\n script_summary(english:\"Checks the rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated cadaver package that fixes a vulnerability in neon\nexploitable by a malicious DAV server is now available.\n\ncadaver is a command-line WebDAV client that uses inbuilt code from\nneon, an HTTP and WebDAV client library.\n\nVersions of the neon client library up to and including 0.24.4 have\nbeen found to contain a number of format string bugs. An attacker\ncould create a malicious WebDAV server in such a way as to allow\narbitrary code execution on the client should a user connect to it\nusing cadaver. The Common Vulnerabilities and Exposures project\n(cve.mitre.org) has assigned the name CVE-2004-0179 to this issue.\n\nUsers of cadaver are advised to upgrade to this updated package, which\ncontains a patch correcting this issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2004-0179\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2004:157\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected cadaver package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:cadaver\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:2.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2004/06/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2004/04/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/07/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^2\\.1([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 2.1\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\nif (cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i386\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2004:157\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"cadaver-0.22.0-2.1\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"cadaver\");\n }\n}\n", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T13:19:44", "description": "A number of various format string vulnerabilities were discovered in the error output handling of Neon, the HTTP and WebDAV client library, by Thomas Wana. These problems affect all versions of Neon from 0.19.0 up to and including 0.24.4.\n\nAll users are encouraged to upgrade. All client software using this library is affected.", "cvss3": {"score": null, "vector": null}, "published": "2004-07-31T00:00:00", "type": "nessus", "title": "Mandrake Linux Security Advisory : libneon (MDKSA-2004:032)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2004-0179"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:lib64neon0.24", "p-cpe:/a:mandriva:linux:lib64neon0.24-devel", "p-cpe:/a:mandriva:linux:lib64neon0.24-static-devel", "p-cpe:/a:mandriva:linux:libneon0.24", "p-cpe:/a:mandriva:linux:libneon0.24-devel", "p-cpe:/a:mandriva:linux:libneon0.24-static-devel", "cpe:/o:mandrakesoft:mandrake_linux:10.0", "cpe:/o:mandrakesoft:mandrake_linux:9.2"], "id": "MANDRAKE_MDKSA-2004-032.NASL", "href": "https://www.tenable.com/plugins/nessus/14131", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandrake Linux Security Advisory MDKSA-2004:032. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(14131);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2004-0179\");\n script_xref(name:\"MDKSA\", value:\"2004:032\");\n\n script_name(english:\"Mandrake Linux Security Advisory : libneon (MDKSA-2004:032)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandrake Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A number of various format string vulnerabilities were discovered in\nthe error output handling of Neon, the HTTP and WebDAV client library,\nby Thomas Wana. These problems affect all versions of Neon from 0.19.0\nup to and including 0.24.4.\n\nAll users are encouraged to upgrade. All client software using this\nlibrary is affected.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64neon0.24\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64neon0.24-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64neon0.24-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libneon0.24\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libneon0.24-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libneon0.24-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandrakesoft:mandrake_linux:10.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandrakesoft:mandrake_linux:9.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2004/04/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/07/31\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK10.0\", cpu:\"i386\", reference:\"libneon0.24-0.24.5-0.1.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", cpu:\"i386\", reference:\"libneon0.24-devel-0.24.5-0.1.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", cpu:\"i386\", reference:\"libneon0.24-static-devel-0.24.5-0.1.100mdk\", yank:\"mdk\")) flag++;\n\nif (rpm_check(release:\"MDK9.2\", cpu:\"amd64\", reference:\"lib64neon0.24-0.24.5-0.1.92mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.2\", cpu:\"amd64\", reference:\"lib64neon0.24-devel-0.24.5-0.1.92mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.2\", cpu:\"amd64\", reference:\"lib64neon0.24-static-devel-0.24.5-0.1.92mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.2\", cpu:\"i386\", reference:\"libneon0.24-0.24.5-0.1.92mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.2\", cpu:\"i386\", reference:\"libneon0.24-devel-0.24.5-0.1.92mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.2\", cpu:\"i386\", reference:\"libneon0.24-static-devel-0.24.5-0.1.92mdk\", yank:\"mdk\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T13:20:10", "description": "The following package needs to be updated: neon", "cvss3": {"score": null, "vector": null}, "published": "2004-07-06T00:00:00", "type": "nessus", "title": "FreeBSD : neon format string vulnerabilities (127)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2004-0179"], "modified": "2004-07-06T00:00:00", "cpe": [], "id": "FREEBSD_NEON_0245.NASL", "href": "https://www.tenable.com/plugins/nessus/12585", "sourceData": "#%NASL_MIN_LEVEL 999999\n\n# @DEPRECATED@\n#\n# This script has been deprecated by freebsd_pkg_842378958f3911d88b290020ed76ef5a.nasl.\n#\n# Disabled on 2011/10/02.\n#\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# This script contains information extracted from VuXML :\n#\n# Copyright 2003-2006 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n#\n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n#\n#\n\ninclude('compat.inc');\n\nif ( description )\n{\n script_id(12585);\n script_version(\"1.10\");\n script_cve_id(\"CVE-2004-0179\");\n\n script_name(english:\"FreeBSD : neon format string vulnerabilities (127)\");\n\nscript_set_attribute(attribute:'synopsis', value: 'The remote host is missing a security update');\nscript_set_attribute(attribute:'description', value:'The following package needs to be updated: neon');\nscript_set_attribute(attribute: 'cvss_vector', value: 'CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P');\nscript_set_attribute(attribute:'solution', value: 'Update the package on the remote host');\nscript_set_attribute(attribute: 'see_also', value: 'http://bugs.mysql.com/bug.php?id=4017\nhttp://lists.gnupg.org/pipermail/gnupg-announce/2005q1/000191.html\nhttp://secunia.com/advisories/11785\nhttp://www.mozilla.org/projects/security/known-vulnerabilities.html\nhttp://www.mozilla.org/security/announce/2008/mfsa2008-01.html\nhttp://www.mozilla.org/security/announce/2008/mfsa2008-02.html\nhttp://www.mozilla.org/security/announce/2008/mfsa2008-03.html\nhttp://www.mozilla.org/security/announce/2008/mfsa2008-04.html\nhttp://www.mozilla.org/security/announce/2008/mfsa2008-05.html\nhttp://www.mozilla.org/security/announce/2008/mfsa2008-06.html\nhttp://www.mozilla.org/security/announce/2008/mfsa2008-07.html\nhttp://www.mozilla.org/security/announce/mfsa2005-47.html\nhttp://www.webdav.org/neon/');\nscript_set_attribute(attribute:'see_also', value: 'http://www.FreeBSD.org/ports/portaudit/84237895-8f39-11d8-8b29-0020ed76ef5a.html');\n\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2004/07/06\");\n script_end_attributes();\n script_summary(english:\"Check for neon\");\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc.\");\n family[\"english\"] = \"FreeBSD Local Security Checks\";\n script_family(english:family[\"english\"]);\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/FreeBSD/pkg_info\");\n exit(0);\n}\n\n# Deprecated.\nexit(0, \"This plugin has been deprecated. Refer to plugin #36636 (freebsd_pkg_842378958f3911d88b290020ed76ef5a.nasl) instead.\");\n\nglobal_var cvss_score;\ncvss_score=5;\ninclude('freebsd_package.inc');\n\n\npkg_test(pkg:\"neon<0.24.5\");\n\npkg_test(pkg:\"tla<1.2_1\");\n\npkg_test(pkg:\"sitecopy<=0.13.4_1\");\n", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T13:19:01", "description": "The remote host is affected by the vulnerability described in GLSA-200405-01 (Multiple format string vulnerabilities in neon 0.24.4 and earlier)\n\n There are multiple format string vulnerabilities in libneon which may allow a malicious WebDAV server to execute arbitrary code under the context of the process using libneon.\n Impact :\n\n An attacker may be able to execute arbitrary code under the context of the process using libneon.\n Workaround :\n\n A workaround is not currently known for this issue. All users are advised to upgrade to the latest version of the affected package.", "cvss3": {"score": null, "vector": null}, "published": "2004-08-30T00:00:00", "type": "nessus", "title": "GLSA-200405-01 : Multiple format string vulnerabilities in neon 0.24.4 and earlier", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2004-0179"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:neon", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-200405-01.NASL", "href": "https://www.tenable.com/plugins/nessus/14487", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200405-01.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(14487);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2004-0179\");\n script_xref(name:\"GLSA\", value:\"200405-01\");\n\n script_name(english:\"GLSA-200405-01 : Multiple format string vulnerabilities in neon 0.24.4 and earlier\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200405-01\n(Multiple format string vulnerabilities in neon 0.24.4 and earlier)\n\n There are multiple format string vulnerabilities in libneon which may allow\n a malicious WebDAV server to execute arbitrary code under the context of\n the process using libneon.\n \nImpact :\n\n An attacker may be able to execute arbitrary code under the context of the\n process using libneon.\n \nWorkaround :\n\n A workaround is not currently known for this issue. All users are advised\n to upgrade to the latest version of the affected package.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200405-01\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Neon users should upgrade to version 0.24.5 or later:\n # emerge sync\n # emerge -pv '>=net-misc/neon-0.24.5'\n # emerge '>=net-misc/neon-0.24.5'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:neon\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2004/05/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/08/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"net-misc/neon\", unaffected:make_list(\"ge 0.24.5\"), vulnerable:make_list(\"le 0.24.4\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"net-misc/neon\");\n}\n", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T13:20:04", "description": "Updated OpenOffice packages that fix a vulnerability in neon exploitable by a malicious DAV server are now available.\n\nOpenOffice.org is an Open Source, community-developed, multi-platform office productivity suite. OpenOffice internally uses inbuilt code from neon, an HTTP and WebDAV client library.\n\nVersions of the neon client library up to and including 0.24.4 have been found to contain a number of format string bugs. An attacker could create a malicious WebDAV server in such a way as to allow arbitrary code execution on the client should a user connect to it using OpenOffice. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0179 to this issue.\n\nUsers of OpenOffice are advised to upgrade to these updated packages, which contain a patch correcting this issue.", "cvss3": {"score": null, "vector": null}, "published": "2004-07-06T00:00:00", "type": "nessus", "title": "RHEL 3 : openoffice.org (RHSA-2004:160)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2004-0179"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:openoffice.org", "p-cpe:/a:redhat:enterprise_linux:openoffice.org-i18n", "p-cpe:/a:redhat:enterprise_linux:openoffice.org-libs", "cpe:/o:redhat:enterprise_linux:3"], "id": "REDHAT-RHSA-2004-160.NASL", "href": "https://www.tenable.com/plugins/nessus/12487", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2004:160. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(12487);\n script_version(\"1.26\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2004-0179\");\n script_xref(name:\"RHSA\", value:\"2004:160\");\n\n script_name(english:\"RHEL 3 : openoffice.org (RHSA-2004:160)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated OpenOffice packages that fix a vulnerability in neon\nexploitable by a malicious DAV server are now available.\n\nOpenOffice.org is an Open Source, community-developed, multi-platform\noffice productivity suite. OpenOffice internally uses inbuilt code\nfrom neon, an HTTP and WebDAV client library.\n\nVersions of the neon client library up to and including 0.24.4 have\nbeen found to contain a number of format string bugs. An attacker\ncould create a malicious WebDAV server in such a way as to allow\narbitrary code execution on the client should a user connect to it\nusing OpenOffice. The Common Vulnerabilities and Exposures project\n(cve.mitre.org) has assigned the name CVE-2004-0179 to this issue.\n\nUsers of OpenOffice are advised to upgrade to these updated packages,\nwhich contain a patch correcting this issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2004-0179\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2004:160\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected openoffice.org, openoffice.org-i18n and / or\nopenoffice.org-libs packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openoffice.org\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openoffice.org-i18n\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openoffice.org-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2004/06/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2004/04/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/07/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^3([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 3.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\nif (cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i386\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2004:160\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL3\", cpu:\"i386\", reference:\"openoffice.org-1.1.0-15.EL\")) flag++;\n if (rpm_check(release:\"RHEL3\", cpu:\"i386\", reference:\"openoffice.org-i18n-1.1.0-15.EL\")) flag++;\n if (rpm_check(release:\"RHEL3\", cpu:\"i386\", reference:\"openoffice.org-libs-1.1.0-15.EL\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openoffice.org / openoffice.org-i18n / openoffice.org-libs\");\n }\n}\n", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T13:19:01", "description": "The remote host is affected by the vulnerability described in GLSA-200405-04 (OpenOffice.org vulnerability when using DAV servers)\n\n OpenOffice.org includes code from the Neon library in functions related to publication on WebDAV servers. This library is vulnerable to several format string attacks.\n Impact :\n\n If you use the WebDAV publication and connect to a malicious WebDAV server, this server can exploit these vulnerabilities to execute arbitrary code with the rights of the user running OpenOffice.org.\n Workaround :\n\n As a workaround, you should not use the WebDAV publication facilities.", "cvss3": {"score": null, "vector": null}, "published": "2004-08-30T00:00:00", "type": "nessus", "title": "GLSA-200405-04 : OpenOffice.org vulnerability when using DAV servers", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2004-0179"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:openoffice", "p-cpe:/a:gentoo:linux:openoffice-bin", "p-cpe:/a:gentoo:linux:openoffice-ximian", "p-cpe:/a:gentoo:linux:openoffice-ximian-bin", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-200405-04.NASL", "href": "https://www.tenable.com/plugins/nessus/14490", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200405-04.\n#\n# The advisory text is Copyright (C) 2001-2018 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(14490);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2004-0179\");\n script_xref(name:\"GLSA\", value:\"200405-04\");\n\n script_name(english:\"GLSA-200405-04 : OpenOffice.org vulnerability when using DAV servers\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200405-04\n(OpenOffice.org vulnerability when using DAV servers)\n\n OpenOffice.org includes code from the Neon library in functions related to\n publication on WebDAV servers. This library is vulnerable to several format\n string attacks.\n \nImpact :\n\n If you use the WebDAV publication and connect to a malicious WebDAV server,\n this server can exploit these vulnerabilities to execute arbitrary code\n with the rights of the user running OpenOffice.org.\n \nWorkaround :\n\n As a workaround, you should not use the WebDAV publication facilities.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200405-01\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200405-04\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"There is no Ximian OpenOffice.org binary version including the fix yet. All\n users of the openoffice-ximian-bin package making use of the WebDAV\n openoffice-ximian source-based package.\n openoffice users on the x86 architecture should:\n # emerge sync\n # emerge -pv '>=app-office/openoffice-1.1.1-r1'\n # emerge '>=app-office/openoffice-1.1.1-r1'\n openoffice users on the sparc architecture should:\n # emerge sync\n # emerge -pv '>=app-office/openoffice-1.1.0-r3'\n # emerge '>=app-office/openoffice-1.1.0-r3'\n openoffice users on the ppc architecture should:\n # emerge sync\n # emerge -pv '>=app-office/openoffice-1.0.3-r1'\n # emerge '>=app-office/openoffice-1.0.3-r1'\n openoffice-ximian users should:\n # emerge sync\n # emerge -pv '>=app-office/openoffice-ximian-1.1.51-r1'\n # emerge '>=app-office/openoffice-ximian-1.1.51-r1'\n openoffice-bin users should:\n # emerge sync\n # emerge -pv '>=app-office/openoffice-bin-1.1.2'\n # emerge '>=app-office/openoffice-bin-1.1.2'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:openoffice\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:openoffice-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:openoffice-ximian\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:openoffice-ximian-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2004/05/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/08/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\", \"Host/Gentoo/arch\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\nourarch = get_kb_item(\"Host/Gentoo/arch\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"app-office/openoffice-ximian\", unaffected:make_list(\"ge 1.1.51-r1\"), vulnerable:make_list(\"le 1.1.51\"))) flag++;\nif (qpkg_check(package:\"app-office/openoffice-ximian-bin\", unaffected:make_list(), vulnerable:make_list(\"le 1.1.52\"))) flag++;\nif (qpkg_check(package:\"app-office/openoffice-bin\", unaffected:make_list(\"ge 1.1.2\"), vulnerable:make_list(\"lt 1.1.2\"))) flag++;\nif (qpkg_check(package:\"app-office/openoffice\", arch:\"sparc\", unaffected:make_list(\"ge 1.1.0-r4\"), vulnerable:make_list(\"le 1.1.0-r3\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"app-office/openoffice-ximian / app-office/openoffice-ximian-bin / etc\");\n}\n", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T13:19:01", "description": "The remote host is affected by the vulnerability described in GLSA-200404-14 (Multiple format string vulnerabilities in cadaver)\n\n Cadaver code includes the neon library, which in versions 0.24.4 and previous is vulnerable to multiple format string attacks. The latest version of cadaver uses version 0.24.5 of the neon library, which makes it immune to this vulnerability.\n Impact :\n\n When using cadaver to connect to an untrusted WebDAV server, this vulnerability can allow a malicious remote server to execute arbitrary code on the client with the rights of the user using cadaver.\n Workaround :\n\n A workaround is not currently known for this issue. All users are advised to upgrade to the latest version of the affected package.", "cvss3": {"score": null, "vector": null}, "published": "2004-08-30T00:00:00", "type": "nessus", "title": "GLSA-200404-14 : Multiple format string vulnerabilities in cadaver", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2004-0179"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:cadaver", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-200404-14.NASL", "href": "https://www.tenable.com/plugins/nessus/14479", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200404-14.\n#\n# The advisory text is Copyright (C) 2001-2018 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(14479);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2004-0179\");\n script_xref(name:\"GLSA\", value:\"200404-14\");\n\n script_name(english:\"GLSA-200404-14 : Multiple format string vulnerabilities in cadaver\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200404-14\n(Multiple format string vulnerabilities in cadaver)\n\n Cadaver code includes the neon library, which in versions 0.24.4 and\n previous is vulnerable to multiple format string attacks. The latest\n version of cadaver uses version 0.24.5 of the neon library, which makes it\n immune to this vulnerability.\n \nImpact :\n\n When using cadaver to connect to an untrusted WebDAV server, this\n vulnerability can allow a malicious remote server to execute arbitrary code\n on the client with the rights of the user using cadaver.\n \nWorkaround :\n\n A workaround is not currently known for this issue. All users are advised\n to upgrade to the latest version of the affected package.\"\n );\n # http://www.webdav.org/cadaver\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.webdav.org/cadaver/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200404-14\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"cadaver users should upgrade to version 0.22.1 or later:\n # emerge sync\n # emerge -pv '>=net-misc/cadaver-0.22.1'\n # emerge '>=net-misc/cadaver-0.22.1'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:cadaver\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2004/04/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/08/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"net-misc/cadaver\", unaffected:make_list(\"ge 0.22.1\"), vulnerable:make_list(\"lt 0.22.1\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"net-misc/cadaver\");\n}\n", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T13:08:33", "description": "Greuff reports that the neon WebDAV client library contains several format string bugs within error reporting code. A malicious server may exploit these bugs by sending specially crafted PROPFIND or PROPPATCH responses.\n\nAlthough several applications include neon, such as cadaver and subversion, the FreeBSD Ports of these applications are not impacted.\nThey are specifically configured to NOT use the included neon. Only packages listed as affected in this notice are believed to be impacted.", "cvss3": {"score": null, "vector": null}, "published": "2009-04-23T00:00:00", "type": "nessus", "title": "FreeBSD : neon format string vulnerabilities (84237895-8f39-11d8-8b29-0020ed76ef5a)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2004-0179"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:neon", "p-cpe:/a:freebsd:freebsd:sitecopy", "p-cpe:/a:freebsd:freebsd:tla", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_842378958F3911D88B290020ED76EF5A.NASL", "href": "https://www.tenable.com/plugins/nessus/36636", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(36636);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2004-0179\");\n script_xref(name:\"Secunia\", value:\"11785\");\n\n script_name(english:\"FreeBSD : neon format string vulnerabilities (84237895-8f39-11d8-8b29-0020ed76ef5a)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Greuff reports that the neon WebDAV client library contains several\nformat string bugs within error reporting code. A malicious server may\nexploit these bugs by sending specially crafted PROPFIND or PROPPATCH\nresponses.\n\nAlthough several applications include neon, such as cadaver and\nsubversion, the FreeBSD Ports of these applications are not impacted.\nThey are specifically configured to NOT use the included neon. Only\npackages listed as affected in this notice are believed to be\nimpacted.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.webdav.org/neon/\"\n );\n # https://vuxml.freebsd.org/freebsd/84237895-8f39-11d8-8b29-0020ed76ef5a.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0e89a795\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:neon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:sitecopy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:tla\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2004/04/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2004/04/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/04/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"neon<0.24.5\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"tla<1.2_1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"sitecopy<=0.13.4_1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T13:19:39", "description": "The OpenOffice.org office suite contains an internal libneon library which allows it to connect to WebDAV servers. This internal library is subject to the same vulnerabilities that were fixed in libneon recently. These updated packages contain fixes to libneon to correct the several format string vulnerabilities in it, as well as a heap-based buffer overflow vulnerability.", "cvss3": {"score": null, "vector": null}, "published": "2004-07-31T00:00:00", "type": "nessus", "title": "Mandrake Linux Security Advisory : OpenOffice.org (MDKSA-2004:078)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2004-0179", "CVE-2004-0398"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:OpenOffice.org", "p-cpe:/a:mandriva:linux:OpenOffice.org-help-cs", "p-cpe:/a:mandriva:linux:OpenOffice.org-help-de", "p-cpe:/a:mandriva:linux:OpenOffice.org-help-en", "p-cpe:/a:mandriva:linux:OpenOffice.org-help-es", "p-cpe:/a:mandriva:linux:OpenOffice.org-help-eu", "p-cpe:/a:mandriva:linux:OpenOffice.org-help-fi", "p-cpe:/a:mandriva:linux:OpenOffice.org-help-fr", "p-cpe:/a:mandriva:linux:OpenOffice.org-help-it", "p-cpe:/a:mandriva:linux:OpenOffice.org-help-ja", "p-cpe:/a:mandriva:linux:OpenOffice.org-help-ko", "p-cpe:/a:mandriva:linux:OpenOffice.org-help-nl", "p-cpe:/a:mandriva:linux:OpenOffice.org-help-ru", "p-cpe:/a:mandriva:linux:OpenOffice.org-help-sk", "p-cpe:/a:mandriva:linux:OpenOffice.org-help-sv", "p-cpe:/a:mandriva:linux:OpenOffice.org-help-zh_CN", "p-cpe:/a:mandriva:linux:OpenOffice.org-help-zh_TW", "p-cpe:/a:mandriva:linux:OpenOffice.org-l10n-ar", "p-cpe:/a:mandriva:linux:OpenOffice.org-l10n-ca", "p-cpe:/a:mandriva:linux:OpenOffice.org-l10n-cs", "p-cpe:/a:mandriva:linux:OpenOffice.org-l10n-da", "p-cpe:/a:mandriva:linux:OpenOffice.org-l10n-de", "p-cpe:/a:mandriva:linux:OpenOffice.org-l10n-el", "p-cpe:/a:mandriva:linux:OpenOffice.org-l10n-en", "p-cpe:/a:mandriva:linux:OpenOffice.org-l10n-es", "p-cpe:/a:mandriva:linux:OpenOffice.org-l10n-et", "p-cpe:/a:mandriva:linux:OpenOffice.org-l10n-eu", "p-cpe:/a:mandriva:linux:OpenOffice.org-l10n-fi", "p-cpe:/a:mandriva:linux:OpenOffice.org-l10n-fr", "p-cpe:/a:mandriva:linux:OpenOffice.org-l10n-it", "p-cpe:/a:mandriva:linux:OpenOffice.org-l10n-ja", "p-cpe:/a:mandriva:linux:OpenOffice.org-l10n-ko", "p-cpe:/a:mandriva:linux:OpenOffice.org-l10n-nl", "p-cpe:/a:mandriva:linux:OpenOffice.org-l10n-pl", "p-cpe:/a:mandriva:linux:OpenOffice.org-l10n-pt", "p-cpe:/a:mandriva:linux:OpenOffice.org-l10n-pt_BR", "p-cpe:/a:mandriva:linux:OpenOffice.org-l10n-ru", "p-cpe:/a:mandriva:linux:OpenOffice.org-l10n-sk", "p-cpe:/a:mandriva:linux:OpenOffice.org-l10n-sv", "p-cpe:/a:mandriva:linux:OpenOffice.org-l10n-tr", "p-cpe:/a:mandriva:linux:OpenOffice.org-l10n-zh_CN", "p-cpe:/a:mandriva:linux:OpenOffice.org-l10n-zh_TW", "p-cpe:/a:mandriva:linux:OpenOffice.org-libs", "cpe:/o:mandrakesoft:mandrake_linux:10.0"], "id": "MANDRAKE_MDKSA-2004-078.NASL", "href": "https://www.tenable.com/plugins/nessus/14176", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandrake Linux Security Advisory MDKSA-2004:078. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(14176);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2004-0179\", \"CVE-2004-0398\");\n script_xref(name:\"MDKSA\", value:\"2004:078\");\n\n script_name(english:\"Mandrake Linux Security Advisory : OpenOffice.org (MDKSA-2004:078)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandrake Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The OpenOffice.org office suite contains an internal libneon library\nwhich allows it to connect to WebDAV servers. This internal library is\nsubject to the same vulnerabilities that were fixed in libneon\nrecently. These updated packages contain fixes to libneon to correct\nthe several format string vulnerabilities in it, as well as a\nheap-based buffer overflow vulnerability.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:OpenOffice.org\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:OpenOffice.org-help-cs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:OpenOffice.org-help-de\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:OpenOffice.org-help-en\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:OpenOffice.org-help-es\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:OpenOffice.org-help-eu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:OpenOffice.org-help-fi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:OpenOffice.org-help-fr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:OpenOffice.org-help-it\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:OpenOffice.org-help-ja\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:OpenOffice.org-help-ko\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:OpenOffice.org-help-nl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:OpenOffice.org-help-ru\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:OpenOffice.org-help-sk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:OpenOffice.org-help-sv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:OpenOffice.org-help-zh_CN\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:OpenOffice.org-help-zh_TW\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:OpenOffice.org-l10n-ar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:OpenOffice.org-l10n-ca\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:OpenOffice.org-l10n-cs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:OpenOffice.org-l10n-da\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:OpenOffice.org-l10n-de\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:OpenOffice.org-l10n-el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:OpenOffice.org-l10n-en\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:OpenOffice.org-l10n-es\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:OpenOffice.org-l10n-et\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:OpenOffice.org-l10n-eu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:OpenOffice.org-l10n-fi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:OpenOffice.org-l10n-fr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:OpenOffice.org-l10n-it\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:OpenOffice.org-l10n-ja\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:OpenOffice.org-l10n-ko\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:OpenOffice.org-l10n-nl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:OpenOffice.org-l10n-pl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:OpenOffice.org-l10n-pt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:OpenOffice.org-l10n-pt_BR\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:OpenOffice.org-l10n-ru\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:OpenOffice.org-l10n-sk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:OpenOffice.org-l10n-sv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:OpenOffice.org-l10n-tr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:OpenOffice.org-l10n-zh_CN\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:OpenOffice.org-l10n-zh_TW\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:OpenOffice.org-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandrakesoft:mandrake_linux:10.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2004/07/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/07/31\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK10.0\", cpu:\"i386\", reference:\"OpenOffice.org-1.1.2-3.1.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", cpu:\"i386\", reference:\"OpenOffice.org-help-cs-1.1.2-3.1.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", cpu:\"i386\", reference:\"OpenOffice.org-help-de-1.1.2-3.1.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", cpu:\"i386\", reference:\"OpenOffice.org-help-en-1.1.2-3.1.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", cpu:\"i386\", reference:\"OpenOffice.org-help-es-1.1.2-3.1.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", cpu:\"i386\", reference:\"OpenOffice.org-help-eu-1.1.2-3.1.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", cpu:\"i386\", reference:\"OpenOffice.org-help-fi-1.1.2-3.1.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", cpu:\"i386\", reference:\"OpenOffice.org-help-fr-1.1.2-3.1.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", cpu:\"i386\", reference:\"OpenOffice.org-help-it-1.1.2-3.1.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", cpu:\"i386\", reference:\"OpenOffice.org-help-ja-1.1.2-3.1.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", cpu:\"i386\", reference:\"OpenOffice.org-help-ko-1.1.2-3.1.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", cpu:\"i386\", reference:\"OpenOffice.org-help-nl-1.1.2-3.1.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", cpu:\"i386\", reference:\"OpenOffice.org-help-ru-1.1.2-3.1.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", cpu:\"i386\", reference:\"OpenOffice.org-help-sk-1.1.2-3.1.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", cpu:\"i386\", reference:\"OpenOffice.org-help-sv-1.1.2-3.1.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", cpu:\"i386\", reference:\"OpenOffice.org-help-zh_CN-1.1.2-3.1.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", cpu:\"i386\", reference:\"OpenOffice.org-help-zh_TW-1.1.2-3.1.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", cpu:\"i386\", reference:\"OpenOffice.org-l10n-ar-1.1.2-3.1.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", cpu:\"i386\", reference:\"OpenOffice.org-l10n-ca-1.1.2-3.1.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", cpu:\"i386\", reference:\"OpenOffice.org-l10n-cs-1.1.2-3.1.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", cpu:\"i386\", reference:\"OpenOffice.org-l10n-da-1.1.2-3.1.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", cpu:\"i386\", reference:\"OpenOffice.org-l10n-de-1.1.2-3.1.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", cpu:\"i386\", reference:\"OpenOffice.org-l10n-el-1.1.2-3.1.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", cpu:\"i386\", reference:\"OpenOffice.org-l10n-en-1.1.2-3.1.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", cpu:\"i386\", reference:\"OpenOffice.org-l10n-es-1.1.2-3.1.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", cpu:\"i386\", reference:\"OpenOffice.org-l10n-et-1.1.2-3.1.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", cpu:\"i386\", reference:\"OpenOffice.org-l10n-eu-1.1.2-3.1.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", cpu:\"i386\", reference:\"OpenOffice.org-l10n-fi-1.1.2-3.1.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", cpu:\"i386\", reference:\"OpenOffice.org-l10n-fr-1.1.2-3.1.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", cpu:\"i386\", reference:\"OpenOffice.org-l10n-it-1.1.2-3.1.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", cpu:\"i386\", reference:\"OpenOffice.org-l10n-ja-1.1.2-3.1.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", cpu:\"i386\", reference:\"OpenOffice.org-l10n-ko-1.1.2-3.1.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", cpu:\"i386\", reference:\"OpenOffice.org-l10n-nl-1.1.2-3.1.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", cpu:\"i386\", reference:\"OpenOffice.org-l10n-pl-1.1.2-3.1.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", cpu:\"i386\", reference:\"OpenOffice.org-l10n-pt-1.1.2-3.1.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", cpu:\"i386\", reference:\"OpenOffice.org-l10n-pt_BR-1.1.2-3.1.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", cpu:\"i386\", reference:\"OpenOffice.org-l10n-ru-1.1.2-3.1.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", cpu:\"i386\", reference:\"OpenOffice.org-l10n-sk-1.1.2-3.1.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", cpu:\"i386\", reference:\"OpenOffice.org-l10n-sv-1.1.2-3.1.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", cpu:\"i386\", reference:\"OpenOffice.org-l10n-tr-1.1.2-3.1.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", cpu:\"i386\", reference:\"OpenOffice.org-l10n-zh_CN-1.1.2-3.1.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", cpu:\"i386\", reference:\"OpenOffice.org-l10n-zh_TW-1.1.2-3.1.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", cpu:\"i386\", reference:\"OpenOffice.org-libs-1.1.2-3.1.100mdk\", yank:\"mdk\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T13:19:27", "description": "The remote host is using software based on a vulnerable version of the Neon Library, an open-source HTTP and WebDAV client library. An attacker running a malicious WebDAV server may execute arbitrary code on the host.", "cvss3": {}, "published": "2004-08-20T00:00:00", "type": "nessus", "title": "Neon < 0.24.5 WebDAV Client Library Format String Vulnerabilities (deprecated)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": true}, "cvelist": ["CVE-2004-0179", "CVE-2004-0398"], "modified": "2018-09-16T00:00:00", "cpe": [], "id": "1779.PRM", "href": "https://www.tenable.com/plugins/nnm/1779", "sourceData": "Binary data 1779.prm", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "redhat": [{"lastseen": "2021-10-19T20:39:20", "description": "OpenOffice.org is an Open Source, community-developed, multi-platform\noffice productivity suite. OpenOffice internally uses inbuilt code\nfrom neon, an HTTP and WebDAV client library.\n\nVersions of the neon client library up to and including 0.24.4 have been\nfound to contain a number of format string bugs. An attacker could create\na malicious WebDAV server in such a way as to allow arbitrary code\nexecution on the client should a user connect to it using OpenOffice. The\nCommon Vulnerabilities and Exposures project (cve.mitre.org) has assigned\nthe name CAN-2004-0179 to this issue.\n\nUsers of OpenOffice are advised to upgrade to these updated packages, which\ncontain a patch correcting this issue.", "cvss3": {}, "published": "2004-04-14T00:00:00", "type": "redhat", "title": "(RHSA-2004:160) openoffice.org security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2004-0179"], "modified": "2019-03-22T19:43:45", "id": "RHSA-2004:160", "href": "https://access.redhat.com/errata/RHSA-2004:160", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-10-21T04:46:25", "description": "cadaver is a command-line WebDAV client that uses inbuilt code from neon,\nan HTTP and WebDAV client library.\n\nVersions of the neon client library up to and including 0.24.4 have been\nfound to contain a number of format string bugs. An attacker could create\na malicious WebDAV server in such a way as to allow arbitrary code\nexecution on the client should a user connect to it using cadaver. The\nCommon Vulnerabilities and Exposures project (cve.mitre.org) has assigned\nthe name CAN-2004-0179 to this issue.\n\nUsers of cadaver are advised to upgrade to this updated package, which\ncontains a patch correcting this issue.", "cvss3": {}, "published": "2004-04-14T00:00:00", "type": "redhat", "title": "(RHSA-2004:157) cadaver security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2004-0179"], "modified": "2018-03-14T15:26:59", "id": "RHSA-2004:157", "href": "https://access.redhat.com/errata/RHSA-2004:157", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "openvas": [{"lastseen": "2017-07-24T12:50:11", "description": "The remote host is missing an update to neon\nannounced via advisory DSA 487-1.", "cvss3": {}, "published": "2008-01-17T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 487-1 (neon)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2004-0179"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:53181", "href": "http://plugins.openvas.org/nasl.php?oid=53181", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_487_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 487-1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple format string vulnerabilities were discovered in neon, an\nHTTP and WebDAV client library. These vulnerabilities could\npotentially be exploited by a malicious WebDAV server to execute\narbitrary code with the privileges of the process using libneon.\n\nFor the current stable distribution (woody) these problems have been\nfixed in version 0.19.3-2woody3.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 0.24.5-1.\n\nWe recommend that you update your neon package.\";\ntag_summary = \"The remote host is missing an update to neon\nannounced via advisory DSA 487-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20487-1\";\n\nif(description)\n{\n script_id(53181);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 22:41:51 +0100 (Thu, 17 Jan 2008)\");\n script_bugtraq_id(10136);\n script_cve_id(\"CVE-2004-0179\");\n script_tag(name:\"cvss_base\", value:\"5.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n script_name(\"Debian Security Advisory DSA 487-1 (neon)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libneon-dev\", ver:\"0.19.3-2woody3\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libneon19\", ver:\"0.19.3-2woody3\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:50:04", "description": "The remote host is missing updates announced in\nadvisory GLSA 200405-01.", "cvss3": {}, "published": "2008-09-24T00:00:00", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200405-01 (neon)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2004-0179"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:54561", "href": "http://plugins.openvas.org/nasl.php?oid=54561", "sourceData": "# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"There are multiple format string vulnerabilities in libneon which may allow\na malicious WebDAV server to execute arbitrary code.\";\ntag_solution = \"Neon users should upgrade to version 0.24.5 or later:\n\n # emerge sync\n\n # emerge -pv '>=net-misc/neon-0.24.5'\n # emerge '>=net-misc/neon-0.24.5'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200405-01\nhttp://bugs.gentoo.org/show_bug.cgi?id=48448\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200405-01.\";\n\n \n\nif(description)\n{\n script_id(54561);\n script_version(\"$Revision: 6596 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:21:37 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)\");\n script_bugtraq_id(10136);\n script_cve_id(\"CVE-2004-0179\");\n script_tag(name:\"cvss_base\", value:\"5.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n script_name(\"Gentoo Security Advisory GLSA 200405-01 (neon)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"net-misc/neon\", unaffected: make_list(\"ge 0.24.5\"), vulnerable: make_list(\"le 0.24.4\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-02T21:10:15", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "cvss3": {}, "published": "2008-09-04T00:00:00", "type": "openvas", "title": "FreeBSD Ports: neon", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2004-0179"], "modified": "2016-09-26T00:00:00", "id": "OPENVAS:52451", "href": "http://plugins.openvas.org/nasl.php?oid=52451", "sourceData": "#\n#VID 84237895-8f39-11d8-8b29-0020ed76ef5a\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from vuxml or freebsd advisories\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following packages are affected:\n neon\n tla\n sitecopy\n\nCVE-2004-0179\nMultiple format string vulnerabilities in (1) neon 0.24.4 and earlier,\nand other products that use neon including (2) Cadaver, (3) Subversion,\nor (4) OpenOffice, allow remote malicious WebDAV servers to execute\narbitrary code.\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://www.webdav.org/neon/\nhttp://secunia.com/advisories/11785\nhttp://www.vuxml.org/freebsd/84237895-8f39-11d8-8b29-0020ed76ef5a.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\nif(description)\n{\n script_id(52451);\n script_version(\"$Revision: 4144 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-09-26 07:28:56 +0200 (Mon, 26 Sep 2016) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-04 20:41:11 +0200 (Thu, 04 Sep 2008)\");\n script_bugtraq_id(10136);\n script_cve_id(\"CVE-2004-0179\");\n script_tag(name:\"cvss_base\", value:\"5.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n script_name(\"FreeBSD Ports: neon\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"neon\");\nif(!isnull(bver) && revcomp(a:bver, b:\"0.24.5\")<0) {\n txt += 'Package neon version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"tla\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.2_1\")<0) {\n txt += 'Package tla version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"sitecopy\");\nif(!isnull(bver) && revcomp(a:bver, b:\"0.13.4_1\")<=0) {\n txt += 'Package sitecopy version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:50:22", "description": "The remote host is missing updates announced in\nadvisory GLSA 200405-04.", "cvss3": {}, "published": "2008-09-24T00:00:00", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200405-04 (openoffice)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2004-0179"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:54564", "href": "http://plugins.openvas.org/nasl.php?oid=54564", "sourceData": "# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several format string vulnerabilities are present in the Neon library\nincluded in OpenOffice.org, allowing remote execution of arbitrary code\nwhen connected to an untrusted WebDAV server.\";\ntag_solution = \"There is no Ximian OpenOffice.org binary version including the fix yet. All\nusers of the openoffice-ximian-bin package making use of the WebDAV\nopenoffice-ximian source-based package should:\n\n# emerge sync\n# emerge -pv '>=app-office/openoffice-VERSION'\n# emerge '>=app-office/openoffice-VERSION'\n\nopenoffice users on x86 should use version: 1.1.1-r1\nopenoffice users on sparc should use version: 1.1.0-r3\nopenoffice users on ppc should use version: 1.0.3-r1\nopenoffice-ximian users should use version: 1.1.51-r1\nopenoffice-bin users should use version: 1.1.2\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200405-04\nhttp://bugs.gentoo.org/show_bug.cgi?id=47926\nhttp://www.gentoo.org/security/en/glsa/glsa-200405-01.xml\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200405-04.\";\n\n \n\nif(description)\n{\n script_id(54564);\n script_version(\"$Revision: 6596 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:21:37 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)\");\n script_bugtraq_id(10136);\n script_cve_id(\"CVE-2004-0179\");\n script_tag(name:\"cvss_base\", value:\"5.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n script_name(\"Gentoo Security Advisory GLSA 200405-04 (openoffice)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"app-office/openoffice\", unaffected: make_list(\"ge 1.1.1-r1\"), vulnerable: make_list(\"le 1.1.1\"))) != NULL) {\n report += res;\n}\nif ((res = ispkgvuln(pkg:\"app-office/openoffice\", unaffected: make_list(\"ge 1.0.3-r2\"), vulnerable: make_list(\"le 1.0.3-r1\"))) != NULL) {\n report += res;\n}\nif ((res = ispkgvuln(pkg:\"app-office/openoffice\", unaffected: make_list(\"ge 1.1.0-r4\"), vulnerable: make_list(\"le 1.1.0-r3\"))) != NULL) {\n report += res;\n}\nif ((res = ispkgvuln(pkg:\"app-office/openoffice-ximian\", unaffected: make_list(\"ge 1.1.51-r1\"), vulnerable: make_list(\"le 1.1.51\"))) != NULL) {\n report += res;\n}\nif ((res = ispkgvuln(pkg:\"app-office/openoffice-bin\", unaffected: make_list(\"ge 1.1.2\"), vulnerable: make_list(\"lt 1.1.2\"))) != NULL) {\n report += res;\n}\nif ((res = ispkgvuln(pkg:\"app-office/openoffice-ximian-bin\", unaffected: make_list(), vulnerable: make_list(\"le 1.1.52\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:50:01", "description": "The remote host is missing updates announced in\nadvisory GLSA 200404-14.", "cvss3": {}, "published": "2008-09-24T00:00:00", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200404-14 (cadaver)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2004-0179"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:54553", "href": "http://plugins.openvas.org/nasl.php?oid=54553", "sourceData": "# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"There are multiple format string vulnerabilities in the neon library used\nin cadaver, possibly leading to execution of arbitrary code when connected\nto a malicious server.\";\ntag_solution = \"cadaver users should upgrade to version 0.22.1 or later:\n\n # emerge sync\n\n # emerge -pv '>=net-misc/cadaver-0.22.1'\n # emerge '>=net-misc/cadaver-0.22.1'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200404-14\nhttp://bugs.gentoo.org/show_bug.cgi?id=47799\nhttp://www.webdav.org/cadaver\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200404-14.\";\n\n \n\nif(description)\n{\n script_id(54553);\n script_version(\"$Revision: 6596 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:21:37 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)\");\n script_bugtraq_id(10136);\n script_cve_id(\"CVE-2004-0179\");\n script_tag(name:\"cvss_base\", value:\"5.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n script_name(\"Gentoo Security Advisory GLSA 200404-14 (cadaver)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"net-misc/cadaver\", unaffected: make_list(\"ge 0.22.1\"), vulnerable: make_list(\"lt 0.22.1\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "freebsd": [{"lastseen": "2022-01-19T16:03:51", "description": "\n\nGreuff reports that the neon WebDAV client library contains\n\t several format string bugs within error reporting code. A\n\t malicious server may exploit these bugs by sending specially\n\t crafted PROPFIND or PROPPATCH responses.\nAlthough several applications include neon, such as cadaver and\n\t subversion, the FreeBSD Ports of these applications are not\n\t impacted. They are specifically configured to NOT use the\n\t included neon. Only packages listed as affected in this\n\t notice are believed to be impacted.\n\n", "cvss3": {}, "published": "2004-04-14T00:00:00", "type": "freebsd", "title": "neon format string vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2004-0179"], "modified": "2004-06-25T00:00:00", "id": "84237895-8F39-11D8-8B29-0020ED76EF5A", "href": "https://vuxml.freebsd.org/freebsd/84237895-8f39-11d8-8b29-0020ed76ef5a.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "cve": [{"lastseen": "2022-03-23T11:33:09", "description": "Multiple format string vulnerabilities in (1) neon 0.24.4 and earlier, and other products that use neon including (2) Cadaver, (3) Subversion, and (4) OpenOffice, allow remote malicious WebDAV servers to execute arbitrary code.", "cvss3": {}, "published": "2004-06-01T04:00:00", "type": "cve", "title": "CVE-2004-0179", "cwe": ["CWE-134"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2004-0179"], "modified": "2020-10-13T16:52:00", "cpe": ["cpe:/o:debian:debian_linux:3.0"], "id": "CVE-2004-0179", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-0179", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:3.0:*:*:*:*:*:*:*"]}], "debian": [{"lastseen": "2021-10-22T03:57:47", "description": "- --------------------------------------------------------------------------\nDebian Security Advisory DSA 487-1 security@debian.org\nhttp://www.debian.org/security/ Matt Zimmerman\nApril 16th, 2004 http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage : neon\nVulnerability : format string\nProblem-Type : remote\nDebian-specific: no\nCVE Ids : CAN-2004-0179\n\nMultiple format string vulnerabilities were discovered in neon, an\nHTTP and WebDAV client library. These vulnerabilities could\npotentially be exploited by a malicious WebDAV server to execute\narbitrary code with the privileges of the process using libneon.\n\nFor the current stable distribution (woody) these problems have been\nfixed in version 0.19.3-2woody3.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 0.24.5-1.\n\nWe recommend that you update your neon package.\n\nUpgrade Instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\nDebian GNU/Linux 3.0 alias woody\n- --------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/n/neon/neon_0.19.3-2woody3.dsc\n Size/MD5 checksum: 582 4753d19632b3ba69e7d97f61b21da8b1\n http://security.debian.org/pool/updates/main/n/neon/neon_0.19.3-2woody3.diff.gz\n Size/MD5 checksum: 4081 6ed8f310baae56db47a34f3affdf0dd5\n http://security.debian.org/pool/updates/main/n/neon/neon_0.19.3.orig.tar.gz\n Size/MD5 checksum: 499574 9dbb8c276e5fc58a707b6e908abdce63\n\n Alpha architecture:\n\n http://security.debian.org/pool/updates/main/n/neon/libneon-dev_0.19.3-2woody3_alpha.deb\n Size/MD5 checksum: 122054 f8455a4aca0ad0eed97b8635f7552ecc\n http://security.debian.org/pool/updates/main/n/neon/libneon19_0.19.3-2woody3_alpha.deb\n Size/MD5 checksum: 77894 12283440f135e0b68b328151c78d5240\n\n ARM architecture:\n\n http://security.debian.org/pool/updates/main/n/neon/libneon-dev_0.19.3-2woody3_arm.deb\n Size/MD5 checksum: 100820 6ac65c11b484429f9f388ae0bab9136c\n http://security.debian.org/pool/updates/main/n/neon/libneon19_0.19.3-2woody3_arm.deb\n Size/MD5 checksum: 70256 d16830700754df93ec06fcc72d952be6\n\n Intel IA-32 architecture:\n\n http://security.debian.org/pool/updates/main/n/neon/libneon-dev_0.19.3-2woody3_i386.deb\n Size/MD5 checksum: 94820 7a7f0c168b101390a619ffde40f9efc3\n http://security.debian.org/pool/updates/main/n/neon/libneon19_0.19.3-2woody3_i386.deb\n Size/MD5 checksum: 65780 b72a10b0dbcbfb149b36b3053627a9d2\n\n Intel IA-64 architecture:\n\n http://security.debian.org/pool/updates/main/n/neon/libneon-dev_0.19.3-2woody3_ia64.deb\n Size/MD5 checksum: 131246 dda199f3b1d6598bb8aa2f6ba37521d4\n http://security.debian.org/pool/updates/main/n/neon/libneon19_0.19.3-2woody3_ia64.deb\n Size/MD5 checksum: 96250 043f6b4d3eb394bcaa2b7dda6a78b676\n\n HP Precision architecture:\n\n http://security.debian.org/pool/updates/main/n/neon/libneon-dev_0.19.3-2woody3_hppa.deb\n Size/MD5 checksum: 118574 d7904398181654ebc8eab408a2d96cec\n http://security.debian.org/pool/updates/main/n/neon/libneon19_0.19.3-2woody3_hppa.deb\n Size/MD5 checksum: 80776 fdb1f1e337ee50318cbccfeeda0ec32f\n\n Motorola 680x0 architecture:\n\n http://security.debian.org/pool/updates/main/n/neon/libneon-dev_0.19.3-2woody3_m68k.deb\n Size/MD5 checksum: 93110 7993e9e642cbefb27ea6a7085615bb55\n http://security.debian.org/pool/updates/main/n/neon/libneon19_0.19.3-2woody3_m68k.deb\n Size/MD5 checksum: 67668 fc37364b5b44454a637b69b591ce8c04\n\n Big endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/n/neon/libneon-dev_0.19.3-2woody3_mips.deb\n Size/MD5 checksum: 110704 3fbe497c5ac44aee13457fcfe9b785cf\n http://security.debian.org/pool/updates/main/n/neon/libneon19_0.19.3-2woody3_mips.deb\n Size/MD5 checksum: 68644 29c7188a9dfe0da26a218eea6714997b\n\n Little endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/n/neon/libneon-dev_0.19.3-2woody3_mipsel.deb\n Size/MD5 checksum: 110502 73eb5e6338f9ce6f5fd0c0cd27cbac48\n http://security.debian.org/pool/updates/main/n/neon/libneon19_0.19.3-2woody3_mipsel.deb\n Size/MD5 checksum: 68626 f85bcdab3e2957d53f00569966eaa3b6\n\n PowerPC architecture:\n\n http://security.debian.org/pool/updates/main/n/neon/libneon-dev_0.19.3-2woody3_powerpc.deb\n Size/MD5 checksum: 107168 c1994dba85b7e2150b1419fd4da44a14\n http://security.debian.org/pool/updates/main/n/neon/libneon19_0.19.3-2woody3_powerpc.deb\n Size/MD5 checksum: 71544 5e1812c5242835b7567d3549a334d9d8\n\n IBM S/390 architecture:\n\n http://security.debian.org/pool/updates/main/n/neon/libneon-dev_0.19.3-2woody3_s390.deb\n Size/MD5 checksum: 96930 022ad2200a279efc9ab1482e599b47d3\n http://security.debian.org/pool/updates/main/n/neon/libneon19_0.19.3-2woody3_s390.deb\n Size/MD5 checksum: 70958 632017c6cd495f5a35a3ced63f2bab88\n\n Sun Sparc architecture:\n\n http://security.debian.org/pool/updates/main/n/neon/libneon-dev_0.19.3-2woody3_sparc.deb\n Size/MD5 checksum: 102406 d3e5c72b6de6f90f2272c62d4ee3c88c\n http://security.debian.org/pool/updates/main/n/neon/libneon19_0.19.3-2woody3_sparc.deb\n Size/MD5 checksum: 70812 c36ba230074c19cb6a58b76da986767d\n\n These files will probably be moved into the stable distribution on\n its next revision.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>", "cvss3": {}, "published": "2004-04-17T01:44:24", "type": "debian", "title": "[SECURITY] [DSA 487-1] New neon packages fix format string vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2004-0179"], "modified": "2004-04-17T01:44:24", "id": "DEBIAN:DSA-487-1:6DB17", "href": "https://lists.debian.org/debian-security-announce/2004/msg00086.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "gentoo": [{"lastseen": "2022-01-17T19:21:27", "description": "### Background\n\nOpenOffice.org is an office productivity suite, including word processing, spreadsheets, presentations, drawings, data charting, formula editing, and file conversion facilities. \n\n### Description\n\nOpenOffice.org includes code from the Neon library in functions related to publication on WebDAV servers. This library is vulnerable to several format string attacks. \n\n### Impact\n\nIf you use the WebDAV publication and connect to a malicious WebDAV server, this server can exploit these vulnerabilities to execute arbitrary code with the rights of the user running OpenOffice.org. \n\n### Workaround\n\nAs a workaround, you should not use the WebDAV publication facilities. \n\n### Resolution\n\nThere is no Ximian OpenOffice.org binary version including the fix yet. All users of the openoffice-ximian-bin package making use of the WebDAV openoffice-ximian source-based package. \n\nopenoffice users on the x86 architecture should: \n \n \n # emerge sync\n \n # emerge -pv \">=app-office/openoffice-1.1.1-r1\"\n # emerge \">=app-office/openoffice-1.1.1-r1\"\n\nopenoffice users on the sparc architecture should: \n \n \n # emerge sync\n \n # emerge -pv \">=app-office/openoffice-1.1.0-r3\"\n # emerge \">=app-office/openoffice-1.1.0-r3\"\n\nopenoffice users on the ppc architecture should: \n \n \n # emerge sync\n \n # emerge -pv \">=app-office/openoffice-1.0.3-r1\"\n # emerge \">=app-office/openoffice-1.0.3-r1\"\n\nopenoffice-ximian users should: \n \n \n # emerge sync\n \n # emerge -pv \">=app-office/openoffice-ximian-1.1.51-r1\"\n # emerge \">=app-office/openoffice-ximian-1.1.51-r1\"\n\nopenoffice-bin users should: \n \n \n # emerge sync\n \n # emerge -pv \">=app-office/openoffice-bin-1.1.2\"\n # emerge \">=app-office/openoffice-bin-1.1.2\"", "cvss3": {}, "published": "2004-05-11T00:00:00", "type": "gentoo", "title": "OpenOffice.org vulnerability when using DAV servers", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2004-0179"], "modified": "2004-10-27T00:00:00", "id": "GLSA-200405-04", "href": "https://security.gentoo.org/glsa/200405-04", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-01-17T19:21:28", "description": "### Background\n\nneon provides an HTTP and WebDAV client library. \n\n### Description\n\nThere are multiple format string vulnerabilities in libneon which may allow a malicious WebDAV server to execute arbitrary code under the context of the process using libneon. \n\n### Impact\n\nAn attacker may be able to execute arbitrary code under the context of the process using libneon. \n\n### Workaround\n\nA workaround is not currently known for this issue. All users are advised to upgrade to the latest version of the affected package. \n\n### Resolution\n\nNeon users should upgrade to version 0.24.5 or later: \n \n \n # emerge sync\n \n # emerge -pv \">=net-misc/neon-0.24.5\"\n # emerge \">=net-misc/neon-0.24.5\"", "cvss3": {}, "published": "2004-05-09T00:00:00", "type": "gentoo", "title": "Multiple format string vulnerabilities in neon 0.24.4 and earlier", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2004-0179"], "modified": "2004-05-09T00:00:00", "id": "GLSA-200405-01", "href": "https://security.gentoo.org/glsa/200405-01", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:09", "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n________________________________________________________________________\r\n\r\nOpenPKG Security Advisory The OpenPKG Project\r\nhttp://www.openpkg.org/security.html http://www.openpkg.org\r\nopenpkg-security@openpkg.org openpkg@openpkg.org\r\nOpenPKG-SA-2004.016 16-Apr-2004\r\n________________________________________________________________________\r\n\r\nPackage: neon, subversion, cadaver, sitecopy, tla\r\nVulnerability: remote code execution\r\nOpenPKG Specific: no\r\n\r\nAffected Releases: Affected Packages: Corrected Packages:\r\nOpenPKG CURRENT <= neon-0.24.4-20040207 >= neon-0.24.5-20040414\r\n <= subversion-1.0.1-20040313 >= subversion-1.0.1-20040416\r\n <= cadaver-0.22.0-20040207 >= cadaver-0.22.1-20040415\r\n <= sitecopy-0.13.4-20040207 >= sitecopy-0.13.4-20040416\r\n <= tla-1.2-20040227 >= tla-1.2-20040416\r\nOpenPKG 2.0 <= neon-0.24.4-2.0.0 >= neon-0.24.4-2.0.1\r\n <= subversion-1.0.0-2.0.0 >= subversion-1.0.0-2.0.1\r\n <= cadaver-0.22.0-2.0.0 >= cadaver-0.22.0-2.0.1\r\n <= sitecopy-0.13.4-2.0.0 >= sitecopy-0.13.4-2.0.1\r\nOpenPKG 1.3 <= neon-0.24.0-1.3.0 >= neon-0.24.0-1.3.1\r\n <= sitecopy-0.13.3-1.3.0 >= sitecopy-0.13.3-1.3.1\r\n\r\nDependent Packages: none\r\n\r\nDescription:\r\n Greuff of VOID.AT discovered various format string vulnerabilities in\r\n the error output handling routines of the Neon HTTP and WebDAV client\r\n library [1]. The Common Vulnerabilities and Exposures (CVE) project\r\n assigned the id CAN-2004-0179 [2] to the problem.\r\n\r\n Please check whether you are affected by running "<prefix>/bin/rpm\r\n -q neon" (respectively for "subversion", "cadaver", "sitecopy" and\r\n "tla"). If you have one of the packages installed and its version is\r\n affected (see above), we recommend that you immediately upgrade it\r\n (see Solution) [3][4].\r\n\r\nSolution:\r\n Select the updated source RPM appropriate for your OpenPKG release\r\n [5][6][7][8][9], fetch it from the OpenPKG FTP service [11][12] or\r\n a mirror location, verify its integrity [13], build a corresponding\r\n binary RPM from it [3] and update your OpenPKG installation by\r\n applying the binary RPM [4]. For the most recent release OpenPKG 2.0,\r\n perform the following operations to permanently fix the security\r\n problem (for other releases adjust accordingly).\r\n\r\n $ ftp ftp.openpkg.org\r\n ftp> bin\r\n ftp> cd release/2.0/UPD\r\n ftp> get neon-0.24.4-2.0.1.src.rpm\r\n ftp> bye\r\n $ <prefix>/bin/openpkg rpm -v --checksig neon-0.24.4-2.0.1.src.rpm\r\n $ <prefix>/bin/openpkg rpm --rebuild neon-0.24.4-2.0.1.src.rpm\r\n $ su -\r\n # <prefix>/bin/openpkg rpm -Fvh <prefix>/RPM/PKG/neon-0.24.4-2.0.1.*.rpm\r\n\r\n Additionally, perform similar steps for the "subversion", "cadaver",\r\n "sitecopy" and "tla" packages.\r\n________________________________________________________________________\r\n\r\nReferences:\r\n [1] http://www.webdav.org/neon/\r\n [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0179\r\n [3] http://www.openpkg.org/tutorial.html#regular-source\r\n [4] http://www.openpkg.org/tutorial.html#regular-binary\r\n [5] ftp://ftp.openpkg.org/release/1.3/UPD/neon-0.24.0-1.3.1.src.rpm\r\n [6] ftp://ftp.openpkg.org/release/1.3/UPD/sitecopy-0.13.3-1.3.1.src.rpm\r\n [7] ftp://ftp.openpkg.org/release/2.0/UPD/neon-0.24.4-2.0.1.src.rpm\r\n [8] ftp://ftp.openpkg.org/release/2.0/UPD/subversion-1.0.0-2.0.1.src.rpm\r\n [9] ftp://ftp.openpkg.org/release/2.0/UPD/cadaver-0.22.0-2.0.1.src.rpm\r\n [10] ftp://ftp.openpkg.org/release/2.0/UPD/sitecopy-0.13.4-2.0.1.src.rpm\r\n [11] ftp://ftp.openpkg.org/release/1.3/UPD/\r\n [12] ftp://ftp.openpkg.org/release/2.0/UPD/\r\n [13] http://www.openpkg.org/security.html#signature\r\n________________________________________________________________________\r\n\r\nFor security reasons, this advisory was digitally signed with the\r\nOpenPGP public key "OpenPKG <openpkg@openpkg.org>" (ID 63C4CB9F) of the\r\nOpenPKG project which you can retrieve from http://pgp.openpkg.org and\r\nhkp://pgp.openpkg.org. Follow the instructions on http://pgp.openpkg.org/\r\nfor details on how to verify the integrity of this advisory.\r\n________________________________________________________________________\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nComment: OpenPKG <openpkg@openpkg.org>\r\n\r\niD8DBQFAgA7GgHWT4GPEy58RAmFPAKD0v+UgdvryqEn8n1Jw/6LKeNUNOQCg119x\r\no9sy8KDOBDkKtT68XccSVrQ=\r\n=7zcy\r\n-----END PGP SIGNATURE-----\r\n\r\n_______________________________________________\r\nFull-Disclosure - We believe in it.\r\nCharter: http://lists.netsys.com/full-disclosure-charter.html", "edition": 1, "cvss3": {}, "published": "2004-04-17T00:00:00", "title": "[Full-Disclosure] [OpenPKG-SA-2004.016] OpenPKG Security Advisory (neon)", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2004-0179"], "modified": "2004-04-17T00:00:00", "id": "SECURITYVULNS:DOC:6093", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:6093", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:09", "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n- ---------------------------------------------------------------------\r\n Red Hat Security Advisory\r\n\r\nSynopsis: Updated Subversion packages fix security vulnerability in neon\r\nAdvisory ID: RHSA-2004:159-01\r\nIssue date: 2004-04-15\r\nUpdated on: 2004-04-15\r\nProduct: Red Hat Linux\r\nKeywords: \r\nCross references: \r\nObsoletes: \r\nCVE Names: CAN-2004-0179\r\n- ---------------------------------------------------------------------\r\n\r\n1. Topic:\r\n\r\nUpdated Subversion packages that fix a vulnerability in neon, exploitable by\r\na malicious DAV server, are now available.\r\n\r\n2. Relevant releases/architectures:\r\n\r\nRed Hat Linux 9 - i386\r\n\r\n3. Problem description:\r\n\r\nSubversion is a concurrent version control system that uses inbuilt code\r\nfrom neon, an HTTP and WebDAV client library.\r\n\r\nVersions of the neon client library up to and including 0.24.4 have been\r\nfound to contain a number of format string bugs. An attacker could create\r\na malicious WebDAV server in such a way as to allow arbitrary code\r\nexecution on the client should a user connect to it using subversion. The\r\nCommon Vulnerabilities and Exposures project (cve.mitre.org) has assigned\r\nthe name CAN-2004-0179 to this issue.\r\n\r\nThis update includes a patch to correct this issue, and an upgrade to\r\nSubversion 0.27.0, the last version which is compatible with the database\r\nschema used by Subversion 0.17.0. Users of Subversion are advised to\r\nupgrade to these updated packages.\r\n\r\n4. Solution:\r\n\r\nBefore applying this update, make sure all previously released errata\r\nrelevant to your system have been applied.\r\n\r\nTo update all RPMs for your particular architecture, run:\r\n\r\nrpm -Fvh [filenames]\r\n\r\nwhere [filenames] is a list of the RPMs you wish to upgrade. Only those\r\nRPMs which are currently installed will be updated. Those RPMs which are\r\nnot installed but included in the list will not be updated. Note that you\r\ncan also use wildcards (*.rpm) if your current directory *only* contains the\r\ndesired RPMs.\r\n\r\nPlease note that this update is also available via Red Hat Network. Many\r\npeople find this an easier way to apply updates. To use Red Hat Network,\r\nlaunch the Red Hat Update Agent with the following command:\r\n\r\nup2date\r\n\r\nThis will start an interactive process that will result in the appropriate\r\nRPMs being upgraded on your system.\r\n\r\nIf up2date fails to connect to Red Hat Network due to SSL\r\nCertificate Errors, you need to install a version of the\r\nup2date client with an updated certificate. The latest version of\r\nup2date is available from the Red Hat FTP site and may also be\r\ndownloaded directly from the RHN website:\r\n\r\nhttps://rhn.redhat.com/help/latest-up2date.pxt\r\n\r\n5. RPMs required:\r\n\r\nRed Hat Linux 9:\r\n\r\nSRPMS:\r\nftp://updates.redhat.com/9/en/os/SRPMS/subversion-0.27.0-2.src.rpm\r\n\r\ni386:\r\nftp://updates.redhat.com/9/en/os/i386/subversion-0.27.0-2.i386.rpm\r\nftp://updates.redhat.com/9/en/os/i386/subversion-devel-0.27.0-2.i386.rpm\r\n\r\n\r\n\r\n6. Verification:\r\n\r\nMD5 sum Package Name\r\n- --------------------------------------------------------------------------\r\n\r\n690c5d22e0f2baaf19f554f3466981b9 9/en/os/SRPMS/subversion-0.27.0-2.src.rpm\r\n2a20d39d786e5ca72617a0719266e01d 9/en/os/i386/subversion-0.27.0-2.i386.rpm\r\nc811a52c5b714e5700afc394f48b4c52 9/en/os/i386/subversion-devel-0.27.0-2.i386.rpm\r\n\r\nThese packages are GPG signed by Red Hat for security. Our key is\r\navailable from https://www.redhat.com/security/team/key.html\r\n\r\nYou can verify each package with the following command:\r\n \r\n rpm --checksig -v <filename>\r\n\r\nIf you only wish to verify that each package has not been corrupted or\r\ntampered with, examine only the md5sum with the following command:\r\n \r\n md5sum <filename>\r\n\r\n\r\n7. References:\r\n\r\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0179\r\n\r\n8. Contact:\r\n\r\nThe Red Hat security contact is <secalert@redhat.com>. More contact\r\ndetails at https://www.redhat.com/security/team/contact.html\r\n\r\nCopyright 2004 Red Hat, Inc.\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.0.7 (GNU/Linux)\r\n\r\niD8DBQFAflSxXlSAg2UNWIIRAve1AKCWGdv5AgYB2qQDy0mQlJiBTyUB0ACgtfcd\r\nbWursxJlWA9zCfIgSN2vKGo=\r\n=PNjq\r\n-----END PGP SIGNATURE-----\r\n\r\n_______________________________________________\r\nFull-Disclosure - We believe in it.\r\nCharter: http://lists.netsys.com/full-disclosure-charter.html", "edition": 1, "cvss3": {}, "published": "2004-04-15T00:00:00", "title": "[Full-Disclosure] [RHSA-2004:159-01] Updated Subversion packages fix security vulnerability in neon", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2004-0179"], "modified": "2004-04-15T00:00:00", "id": "SECURITYVULNS:DOC:6082", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:6082", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:09", "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\nGentoo Linux Security Advisory GLSA 200405-04\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\n http://security.gentoo.org/\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\n\r\n Severity: High\r\n Title: OpenOffice.org vulnerability when using DAV servers\r\n Date: May 11, 2004\r\n Bugs: #47926\r\n ID: 200405-04\r\n\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\n\r\nSynopsis\r\n========\r\n\r\nSeveral format string vulnerabilities are present in the Neon library\r\nincluded in OpenOffice.org, allowing remote execution of arbitrary\r\ncode when connected to an untrusted WebDAV server.\r\n\r\nBackground\r\n==========\r\n\r\nOpenOffice.org is an office productivity suite, including word\r\nprocessing, spreadsheets, presentations, drawings, data charting,\r\nformula editing, and file conversion facilities.\r\n\r\nAffected packages\r\n=================\r\n\r\n -------------------------------------------------------------------\r\n Package / Vulnerable / Unaffected\r\n -------------------------------------------------------------------\r\n 1 app-office/openoffice <= 1.1.1 >= 1.1.1-r1\r\n 2 app-office/openoffice <= 1.0.3-r1 >= 1.0.3-r2\r\n 3 app-office/openoffice <= 1.1.0-r3 >= 1.1.0-r4\r\n 4 app-office/openoffice-ximian <= 1.1.51 >= 1.1.51-r1\r\n 5 app-office/openoffice-ximian-bin <= 1.1.52 1.1.51-r1\r\n 6 app-office/openoffice-bin <= 1.1.1 1.1.51-r1\r\n -------------------------------------------------------------------\r\n # Package 1 [app-office/openoffice] only applies to X86 users.\r\n # Package 2 [app-office/openoffice] only applies to PPC users.\r\n # Package 3 [app-office/openoffice] only applies to SPARC users.\r\n\r\n NOTE: All packages listed without architecture tags apply to all\r\n architectures...\r\n -------------------------------------------------------------------\r\n 6 affected packages\r\n -------------------------------------------------------------------\r\n\r\nDescription\r\n===========\r\n\r\nOpenOffice.org includes code from the Neon library in functions related\r\nto publication on WebDAV servers. This library is vulnerable to several\r\nformat string attacks.\r\n\r\nImpact\r\n======\r\n\r\nIf you use the WebDAV publication and connect to a malicious WebDAV\r\nserver, this server can exploit these vulnerabilities to execute\r\narbitrary code with the rights of the user running OpenOffice.org.\r\n\r\nWorkaround\r\n==========\r\n\r\nAs a workaround, you should not use the WebDAV publication facilities.\r\n\r\nResolution\r\n==========\r\n\r\nThere is no binary version including the fix yet. All users of the\r\nopenoffice-bin and ximian-openoffice-bin packages making use of the\r\nWebDAV publication functions should upgrade to the latest version of\r\nthe corresponding source-based package.\r\n\r\nopenoffice users on the x86 architecture should:\r\n\r\n # emerge sync\r\n\r\n # emerge -pv ">=app-office/openoffice-1.1.1-r1"\r\n # emerge ">=app-office/openoffice-1.1.1-r1"\r\n\r\nopenoffice users on the sparc architecture should:\r\n\r\n # emerge sync\r\n\r\n # emerge -pv ">=app-office/openoffice-1.1.0-r3"\r\n # emerge ">=app-office/openoffice-1.1.0-r3"\r\n\r\nopenoffice users on the ppc architecture should:\r\n\r\n # emerge sync\r\n\r\n # emerge -pv ">=app-office/openoffice-1.0.3-r1"\r\n # emerge ">=app-office/openoffice-1.0.3-r1"\r\n\r\nopenoffice-ximian users should:\r\n\r\n # emerge sync\r\n\r\n # emerge -pv ">=app-office/openoffice-ximian-1.1.51-r1"\r\n # emerge ">=app-office/openoffice-ximian-1.1.51-r1"\r\n\r\nReferences\r\n==========\r\n\r\n [ 1 ] CAN-2004-0179\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0179\r\n [ 2 ] Neon vulnerabilities (GLSA 200405-01)\r\n http://www.gentoo.org/security/en/glsa/glsa-200405-01.xml\r\n\r\nAvailability\r\n============\r\n\r\nThis GLSA and any updates to it are available for viewing at\r\nthe Gentoo Security Website:\r\n\r\n http://security.gentoo.org/glsa/glsa-200405-04.xml\r\n\r\nConcerns?\r\n=========\r\n\r\nSecurity is a primary focus of Gentoo Linux and ensuring the\r\nconfidentiality and security of our users machines is of utmost\r\nimportance to us. Any security concerns should be addressed to\r\nsecurity@gentoo.org or alternatively, you may file a bug at\r\nhttp://bugs.gentoo.org.\r\n\r\nLicense\r\n=======\r\n\r\nCopyright 2004 Gentoo Technologies, Inc; referenced text\r\nbelongs to its owner(s).\r\n\r\nThe contents of this document are licensed under the\r\nCreative Commons - Attribution / Share Alike license.\r\n\r\nhttp://creativecommons.org/licenses/by-sa/1.0\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.2.4 (GNU/Linux)\r\nComment: Using GnuPG with Mozilla - http://enigmail.mozdev.org\r\n\r\niD8DBQFAoT54vcL1obalX08RAqHCAJ4qq6n1xxdkwwfhgKEmLCzqGpVWYgCeNZdk\r\nZMEJQ2zQmHCgvX1IGYqRz2U=\r\n=Kj/1\r\n-----END PGP SIGNATURE-----", "edition": 1, "cvss3": {}, "published": "2004-05-12T00:00:00", "title": "[ GLSA 200405-04 ] OpenOffice.org vulnerability when using DAV servers", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2004-0179"], "modified": "2004-05-12T00:00:00", "id": "SECURITYVULNS:DOC:6202", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:6202", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:09", "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n- ---------------------------------------------------------------------\r\n Red Hat Security Advisory\r\n\r\nSynopsis: Updated cadaver package fixes security vulnerability in neon\r\nAdvisory ID: RHSA-2004:158-01\r\nIssue date: 2004-04-14\r\nUpdated on: 2004-04-14\r\nProduct: Red Hat Linux\r\nKeywords: \r\nCross references: \r\nObsoletes: \r\nCVE Names: CAN-2004-0179\r\n- ---------------------------------------------------------------------\r\n\r\n1. Topic:\r\n\r\nAn updated cadaver package that fixes a vulnerability in neon exploitable\r\nby a malicious DAV server is now available.\r\n\r\n2. Relevant releases/architectures:\r\n\r\nRed Hat Linux 9 - i386\r\n\r\n3. Problem description:\r\n\r\ncadaver is a command-line WebDAV client that uses inbuilt code from neon,\r\nan HTTP and WebDAV client library.\r\n\r\nVersions of the neon client library up to and including 0.24.4 have been\r\nfound to contain a number of format string bugs. An attacker could create\r\na malicious WebDAV server in such a way as to allow arbitrary code\r\nexecution on the client should a user connect to it using cadaver. The\r\nCommon Vulnerabilities and Exposures project (cve.mitre.org) has assigned\r\nthe name CAN-2004-0179 to this issue.\r\n\r\nUsers of cadaver are advised to upgrade to this updated package, which\r\ncontains a patch correcting this issue.\r\n\r\n4. Solution:\r\n\r\nBefore applying this update, make sure all previously released errata\r\nrelevant to your system have been applied.\r\n\r\nTo update all RPMs for your particular architecture, run:\r\n\r\nrpm -Fvh [filenames]\r\n\r\nwhere [filenames] is a list of the RPMs you wish to upgrade. Only those\r\nRPMs which are currently installed will be updated. Those RPMs which are\r\nnot installed but included in the list will not be updated. Note that you\r\ncan also use wildcards (*.rpm) if your current directory *only* contains the\r\ndesired RPMs.\r\n\r\nPlease note that this update is also available via Red Hat Network. Many\r\npeople find this an easier way to apply updates. To use Red Hat Network,\r\nlaunch the Red Hat Update Agent with the following command:\r\n\r\nup2date\r\n\r\nThis will start an interactive process that will result in the appropriate\r\nRPMs being upgraded on your system.\r\n\r\nIf up2date fails to connect to Red Hat Network due to SSL\r\nCertificate Errors, you need to install a version of the\r\nup2date client with an updated certificate. The latest version of\r\nup2date is available from the Red Hat FTP site and may also be\r\ndownloaded directly from the RHN website:\r\n\r\nhttps://rhn.redhat.com/help/latest-up2date.pxt\r\n\r\n5. RPMs required:\r\n\r\nRed Hat Linux 9:\r\n\r\nSRPMS:\r\nftp://updates.redhat.com/9/en/os/SRPMS/cadaver-0.22.0-2.2.src.rpm\r\n\r\ni386:\r\nftp://updates.redhat.com/9/en/os/i386/cadaver-0.22.0-2.2.i386.rpm\r\n\r\n\r\n\r\n6. Verification:\r\n\r\nMD5 sum Package Name\r\n- --------------------------------------------------------------------------\r\n\r\n517f4e41e80560cf0c40e12112cfd748 9/en/os/SRPMS/cadaver-0.22.0-2.2.src.rpm\r\n53a4af284026d42b837f704fe6568ce8 9/en/os/i386/cadaver-0.22.0-2.2.i386.rpm\r\n\r\nThese packages are GPG signed by Red Hat for security. Our key is\r\navailable from https://www.redhat.com/security/team/key.html\r\n\r\nYou can verify each package with the following command:\r\n \r\n rpm --checksig -v <filename>\r\n\r\nIf you only wish to verify that each package has not been corrupted or\r\ntampered with, examine only the md5sum with the following command:\r\n \r\n md5sum <filename>\r\n\r\n\r\n7. References:\r\n\r\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0179\r\n\r\n8. Contact:\r\n\r\nThe Red Hat security contact is <secalert@redhat.com>. More contact\r\ndetails at https://www.redhat.com/security/team/contact.html\r\n\r\nCopyright 2004 Red Hat, Inc.\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.0.7 (GNU/Linux)\r\n\r\niD8DBQFAfUdaXlSAg2UNWIIRArGEAJ4g7KzYeM3BJmY3Z9A8F9DVBQHCzACgmoG/\r\nnnttOXskniL8FWvNbT/DhM4=\r\n=9gxb\r\n-----END PGP SIGNATURE-----\r\n\r\n_______________________________________________\r\nFull-Disclosure - We believe in it.\r\nCharter: http://lists.netsys.com/full-disclosure-charter.html", "edition": 1, "cvss3": {}, "published": "2004-04-14T00:00:00", "title": "[Full-Disclosure] [RHSA-2004:158-01] Updated cadaver package fixes security vulnerability in neon", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2004-0179"], "modified": "2004-04-14T00:00:00", "id": "SECURITYVULNS:DOC:6072", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:6072", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:09", "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n[VSA0401 - neon - void.at security notice]\r\n\r\nOverview\r\n========\r\n\r\nWe have discovered a format string vulnerability in neon\r\n(http://www.webdav.org/neon). neon is a webdav client\r\nlibrary, used by Subversion and others.\r\n\r\nCVE has assigned the name CAN-2004-0179 to this issue.\r\n\r\nAffected Versions\r\n=================\r\n\r\nThis affects neon versions 0.19.0 onwards when ne_set_error\r\nwas changed from taking a single char* to taking printf-style\r\nvarargs.\r\n\r\nImpact\r\n======\r\n\r\nMiddle. Man-in-the-middle-attack or fake server needed. Note\r\nthat all clients using this library (such as Subversion) are\r\naffected.\r\n\r\nWorkaround:\r\n===========\r\n\r\nneon 0.24.5 fixes the described problem. You can get it from\r\nhttp://www.webdav.org/neon/neon-0.24.5.tar.gz.\r\n\r\nDetails\r\n=======\r\n\r\ngrep for ne_set_error and see for yourself.\r\nOne particular bug is that if the response of the webserver\r\ndoesn't start with "HTTP", it is considered invalid and will\r\nbe logged via ne_set_error. You can supply %08x%08x etc there\r\nand it will be executed by a libc format function.\r\n\r\nwebdav-requests always start with PROPFIND:\r\n\r\nRequest\r\n- -------\r\n\r\nPROPFIND /lenya/blog/authoring/entries/2003/08/24/peanuts/ HTTP/1.1\r\nPragma: no-cache\r\nCache-control: no-cache\r\nAccept: text/*, image/jpeg, image/png, image/*, */*\r\nAccept-Encoding: x-gzip, gzip, identity\r\nAccept-Charset: iso-8859-1, utf-8;q=0.5, *;q=0.5\r\nAccept-Language: en\r\nHost: 127.0.0.1\r\nDepth: 0\r\n\r\nResponse\r\n- --------\r\n\r\nHTTP/1.1 207 Multi-Status\r\nX-Cocoon-Version: 2.1\r\nSet-Cookie: JSESSIONID=320E3B1395B867B5BC42B5FC93457C36; Path=/lenya\r\nContent-Type: text/xml\r\nTransfer-Encoding: chunked\r\nDate: Mon, 25 Aug 2003 14:27:12 GMT\r\nServer: Apache Coyote/1.0\r\n\r\n\r\n<?xml version="1.0" encoding="UTF-8"?>\r\n<D:multistatus xmlns:D="DAV:">\r\n\r\n<D:response xmlns:lp1="DAV:" xmlns:lp2="http://apache.org/dav/props/">\r\n<D:href>/lenya/blog/authoring/entries/2003/08/24/peanuts/</D:href>\r\n<D:propstat>\r\n<D:prop>\r\n<lp1:resourcetype><D:collection/></lp1:resourcetype>\r\n<D:getcontenttype>httpd/unix-directory</D:getcontenttype>\r\n</D:prop>\r\n<D:status>HTTP/1.1 200 OK</D:status>\r\n</D:propstat>\r\n</D:response>\r\n\r\n</D:multistatus>\r\n\r\nThe formatstring bug can be triggered with a response like:\r\n...\r\n<D:status>%08x%08x</D:status>\r\n...\r\n\r\nTimeline\r\n========\r\n\r\n2004-03-10: Bug discovered\r\n2004-03-15: Contacted jorton@redhat.com (maintainer)\r\n2004-03-16: Maintainer confirmation\r\n2004-04-14: Maintainer released fixed version 0.24.5\r\n2004-04-16: Public disclosure\r\n\r\nDiscovered by\r\n=============\r\n\r\nThomas Wana <greuff@void.at>\r\n\r\nCredits\r\n=======\r\n\r\nvoid.at\r\nJoe Orton (neon maintainer)\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.2.4 (GNU/Linux)\r\n\r\niD8DBQFAgCWNLd3EzkyJNR8RAg0vAJ9y1Go4v5beg1haBez2UNB+59WuMACbBqoE\r\nOVS/aw8YTpuu97qqpLuahnk=\r\n=TFIo\r\n-----END PGP SIGNATURE-----", "edition": 1, "cvss3": {}, "published": "2004-04-17T00:00:00", "title": "void.at - neon format string bugs", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2004-0179"], "modified": "2004-04-17T00:00:00", "id": "SECURITYVULNS:DOC:6096", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:6096", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:10", "description": "\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\n\r\n______________________________________________________________________________\r\n\r\n SUSE Security Announcement\r\n\r\n Package: kernel\r\n Announcement-ID: SuSE-SA:2004:017\r\n Date: Wednesday, Jun 16th 2004 15:20 MEST\r\n Affected products: 8.0, 8.1, 8.2, 9.0, 9.1\r\n SuSE Linux Database Server,\r\n SuSE eMail Server III, 3.1\r\n SuSE Linux Enterprise Server 7, 8\r\n SuSE Linux Firewall on CD/Admin host\r\n SuSE Linux Connectivity Server\r\n SuSE Linux Office Server\r\n Vulnerability Type: local denial-of-service attack\r\n Severity (1-10): 4\r\n SUSE default package: no\r\n Cross References: CAN-2004-0554\r\n\r\n Content of this advisory:\r\n 1) security vulnerability resolved:\r\n - floating point exception causes system crash\r\n problem description, discussion, solution and upgrade information\r\n 2) pending vulnerabilities, solutions, workarounds:\r\n - icecast\r\n - sitecopy\r\n - cadaver\r\n - OpenOffice_org\r\n - tripwire\r\n - postgresql\r\n - lha\r\n - XDM\r\n - mod_proxy\r\n 3) standard appendix (further information)\r\n\r\n______________________________________________________________________________\r\n\r\n1) problem description, brief discussion, solution, upgrade information\r\n\r\n The Linux kernel is vulnerable to a local denial-of-service attack.\r\n By using a C program it is possible to trigger a floating point\r\n exception that puts the kernel into an unusable state.\r\n To execute this attack a malicious user needs shell access to the\r\n victim's machine.\r\n The severity of this bug is considered low because local denial-of-\r\n service attacks are hard to prevent in general.\r\n Additionally the bug is limited to x86 and x86_64 architecture.\r\n\r\n\r\n\r\n SPECIAL INSTALL INSTRUCTIONS:\r\n ==============================\r\n The following paragraphs will guide you through the installation\r\n process in a step-by-step fashion. The character sequence "****"\r\n marks the beginning of a new paragraph. In some cases, the steps\r\n outlined in a particular paragraph may or may not be applicable\r\n to your situation.\r\n Therefore, please make sure to read through all of the steps below\r\n before attempting any of these procedures.\r\n All of the commands that need to be executed are required to be\r\n run as the superuser (root). Each step relies on the steps before\r\n it to complete successfully.\r\n Note: The update packages for the SuSE Linux Enterprise Server 7\r\n (SLES7) are being tested at the moment and will be published as soon\r\n as possible.\r\n\r\n\r\n **** Step 1: Determine the needed kernel type\r\n\r\n Please use the following command to find the kernel type that is\r\n installed on your system:\r\n\r\n rpm -qf /boot/vmlinuz\r\n\r\n Following are the possible kernel types (disregard the version and\r\n build number following the name separated by the "-" character)\r\n\r\n k_deflt # default kernel, good for most systems.\r\n k_i386 # kernel for older processors and chipsets\r\n k_athlon # kernel made specifically for AMD Athlon(tm) family processors\r\n k_psmp # kernel for Pentium-I dual processor systems\r\n k_smp # kernel for SMP systems (Pentium-II and above)\r\n k_smp4G # kernel for SMP systems which supports a maximum of 4G of RAM\r\n kernel-64k-pagesize\r\n kernel-bigsmp\r\n kernel-default\r\n kernel-smp\r\n\r\n **** Step 2: Download the package for your system\r\n\r\n Please download the kernel RPM package for your distribution with the\r\n name as indicated by Step 1. The list of all kernel rpm packages is\r\n appended below. Note: The kernel-source package does not\r\n contain a binary kernel in bootable form. Instead, it contains the\r\n sources that the binary kernel rpm packages are created from. It can be\r\n used by administrators who have decided to build their own kernel.\r\n Since the kernel-source.rpm is an installable (compiled) package that\r\n contains sources for the linux kernel, it is not the source RPM for\r\n the kernel RPM binary packages.\r\n\r\n The kernel RPM binary packages for the distributions can be found at the\r\n locations below ftp://ftp.suse.com/pub/suse/i386/update/.\r\n\r\n 8.0/images/\r\n 8.1/rpm/i586\r\n 8.2/rpm/i586\r\n 9.0/rpm/i586\r\n 9.1/rpm/i586\r\n\r\n After downloading the kernel RPM package for your system, you should\r\n verify the authenticity of the kernel rpm package using the methods as\r\n listed in section 3) of each SUSE Security Announcement.\r\n\r\n\r\n **** Step 3: Installing your kernel rpm package\r\n\r\n Install the rpm package that you have downloaded in Steps 3 or 4 with\r\n the command\r\n rpm -Uhv --nodeps --force <K_FILE.RPM>\r\n where <K_FILE.RPM> is the name of the rpm package that you downloaded.\r\n\r\n Warning: After performing this step, your system will likely not be\r\n able to boot if the following steps have not been fully\r\n followed.\r\n\r\n\r\n If you run SUSE LINUX 8.1 and haven't applied the kernel update\r\n (SUSE-SA:2003:034), AND you are using the freeswan package, you also\r\n need to update the freeswan rpm as a dependency as offered\r\n by YOU (YaST Online Update). The package can be downloaded from\r\n ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/\r\n\r\n **** Step 4: configuring and creating the initrd\r\n\r\n The initrd is a ramdisk that is loaded into the memory of your\r\n system together with the kernel boot image by the bootloader. The\r\n kernel uses the content of this ramdisk to execute commands that must\r\n be run before the kernel can mount its actual root filesystem. It is\r\n usually used to initialize SCSI drivers or NIC drivers for diskless\r\n operation.\r\n\r\n The variable INITRD_MODULES in /etc/sysconfig/kernel determines\r\n which kernel modules will be loaded in the initrd before the kernel\r\n has mounted its actual root filesystem. The variable should contain\r\n your SCSI adapter (if any) or filesystem driver modules.\r\n\r\n With the installation of the new kernel, the initrd has to be\r\n re-packed with the update kernel modules. Please run the command\r\n\r\n mk_initrd\r\n\r\n as root to create a new init ramdisk (initrd) for your system.\r\n On SuSE Linux 8.1 and later, this is done automatically when the\r\n RPM is installed.\r\n\r\n\r\n **** Step 5: bootloader\r\n\r\n If you run a SUSE LINUX 8.x, SLES8, or SUSE LINUX 9.x system, there\r\n are two options:\r\n Depending on your software configuration, you have either the lilo\r\n bootloader or the grub bootloader installed and initialized on your\r\n system.\r\n The grub bootloader does not require any further actions to be\r\n performed after the new kernel images have been moved in place by the\r\n rpm Update command.\r\n If you have a lilo bootloader installed and initialized, then the lilo\r\n program must be run as root. Use the command\r\n\r\n grep LOADER_TYPE /etc/sysconfig/bootloader\r\n\r\n to find out which boot loader is configured. If it is lilo, then you\r\n must run the lilo command as root. If grub is listed, then your system\r\n does not require any bootloader initialization.\r\n\r\n Warning: An improperly installed bootloader may render your system\r\n unbootable.\r\n\r\n **** Step 6: reboot\r\n\r\n If all of the steps above have been successfully completed on your\r\n system, then the new kernel including the kernel modules and the\r\n initrd should be ready to boot. The system needs to be rebooted for\r\n the changes to become active. Please make sure that all steps have\r\n completed, then reboot using the command\r\n shutdown -r now\r\n or\r\n init 6\r\n\r\n Your system should now shut down and reboot with the new kernel.\r\n\r\n\r\n There is no workaround known.\r\n\r\n\r\n Please download the update package for your distribution and verify its\r\n integrity by the methods listed in section 3) of this announcement.\r\n Then, install the package using the command "rpm -Fhv file.rpm" to apply\r\n the update.\r\n Our maintenance customers are being notified individually. The packages\r\n are being offered to install from the maintenance web.\r\n\r\n\r\n Intel i386 Platform:\r\n\r\n SuSE-9.1:\r\n ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/kernel-source-2.6.5-7.75.i586.rpm\r\n 8d11469e1815c5b2fa143fce62c17b95\r\n ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/kernel-default-2.6.5-7.75.i586.rpm\r\n 75222182ad4c766b6482e5b83658819d\r\n ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/kernel-smp-2.6.5-7.75.i586.rpm\r\n 45f1244f153ab1387a9dc67e7bcf20bb\r\n ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/kernel-bigsmp-2.6.5-7.75.i586.rpm\r\n 517647d955770503fe61ae2549c453dd\r\n source rpm(s):\r\n ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/src/kernel-source-2.6.5-7.75.src.rpm\r\n 9103503f430b9d854630ecb8855a2fb3\r\n ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/src/kernel-default-2.6.5-7.75.nosrc.rpm\r\n 9381c56f1f64835c5379dde278ac768d\r\n ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/src/kernel-smp-2.6.5-7.75.nosrc.rpm\r\n 4f47dc2be58f5315cf596c051c2892b5\r\n ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/src/kernel-bigsmp-2.6.5-7.75.nosrc.rpm\r\n 732c1e7d2a9e41780464eccdc0d54505\r\n\r\n SuSE-9.0:\r\n ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/kernel-source-2.4.21-226.i586.rpm\r\n 7b6022e2f80325b42fa7dc3188360530\r\n ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/k_athlon-2.4.21-226.i586.rpm\r\n 594efe04ccc233e890bfb277e8296c2d\r\n ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/k_deflt-2.4.21-226.i586.rpm\r\n f41d088cf20bfe583e57f95a6b46d625\r\n ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/k_smp-2.4.21-226.i586.rpm\r\n 39e2c09ece3f22b50eb777b85a7218ef\r\n ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/k_smp4G-2.4.21-226.i586.rpm\r\n 83398954810403b9dfb65bcf1af25352\r\n ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/k_um-2.4.21-226.i586.rpm\r\n 18dde4a8af68dd1f78a0177c3214457a\r\n source rpm(s):\r\n ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/src/kernel-source-2.4.21-226.src.rpm\r\n d5b037aaf122b1b05917e3f0b475baae\r\n ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/src/k_athlon-2.4.21-226.src.rpm\r\n e10aea97785eb12716ad7d5e20cbd723\r\n ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/src/k_deflt-2.4.21-226.src.rpm\r\n 54b8bbd368998abc1a63224caa880473\r\n ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/src/k_smp-2.4.21-226.src.rpm\r\n f944b14978ecd211c26f8169238292bf\r\n ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/src/k_smp4G-2.4.21-226.src.rpm\r\n 66a116aeb9757c538a0643e8322095a7\r\n ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/src/k_um-2.4.21-226.src.rpm\r\n 5e3694ba088fd39891a5979380679d20\r\n\r\n SuSE-8.2:\r\n ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/kernel-source-2.4.20.SuSE-113.i586.rpm\r\n a5843cb4e2b16515d70574d83113ac48\r\n ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/k_athlon-2.4.20-113.i586.rpm\r\n 724529485d3a304f0479f9216fc361af\r\n ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/k_deflt-2.4.20-113.i586.rpm\r\n b0e687c208053d546b7057257beb7d32\r\n ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/k_psmp-2.4.20-113.i586.rpm\r\n 749b101e7fc4aa5c62e2a5b650002803\r\n ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/k_smp-2.4.20-113.i586.rpm\r\n 3377544a5f6d9c73fdfe05140fce0813\r\n source rpm(s):\r\n ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/src/kernel-source-2.4.20.SuSE-113.src.rpm\r\n 0a41c750b8cd3953d47e27ea15c58697\r\n ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/src/k_athlon-2.4.20-113.src.rpm\r\n a5e5790e5f7fe62905d29750543c9e20\r\n ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/src/k_deflt-2.4.20-113.src.rpm\r\n 9defa7cb706e924f8336dd03fafbcfd5\r\n ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/src/k_psmp-2.4.20-113.src.rpm\r\n 8469dbc8810dd292100d085e00bb6081\r\n ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/src/k_smp-2.4.20-113.src.rpm\r\n d990fcbace1f21ff383abdf7608a17ef\r\n\r\n SuSE-8.1:\r\n ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/kernel-source-2.4.21-226.i586.rpm\r\n 43ee5eae102f0258a414dd15e3fd9433\r\n ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/k_athlon-2.4.21-226.i586.rpm\r\n 0c6289e168307d615bfe6cef9ebcf879\r\n ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/k_deflt-2.4.21-226.i586.rpm\r\n 003a38c53fe91070eeae85983930c70e\r\n ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/k_psmp-2.4.21-226.i586.rpm\r\n 657d08fa4b5a2ba7de2a314a7d1622e1\r\n ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/k_smp-2.4.21-226.i586.rpm\r\n e19239b4ca52ebd21f775b5e6195f144\r\n source rpm(s):\r\n ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/src/kernel-source-2.4.21-226.src.rpm\r\n ee67f5db0ea2f1431f46b7dd27815a56\r\n ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/src/k_athlon-2.4.21-226.src.rpm\r\n b29021156d6582e315666b16231b2a60\r\n ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/src/k_deflt-2.4.21-226.src.rpm\r\n ce5e47d527cee6968cd95bb8430d3e18\r\n ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/src/k_psmp-2.4.21-226.src.rpm\r\n a081a0f1e31f5491cdeba1fea5ea6411\r\n ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/src/k_smp-2.4.21-226.src.rpm\r\n 1dbfd3b5f272fc75342ae55bbe7ab45c\r\n\r\n SuSE-8.0:\r\n ftp://ftp.suse.com/pub/suse/i386/update/8.0/d3/kernel-source-2.4.18.SuSE-299.i386.rpm\r\n 7de319a4e6c667fba359686b814d4a73\r\n ftp://ftp.suse.com/pub/suse/i386/update/8.0/images/k_deflt-2.4.18-299.i386.rpm\r\n df5aad7c423625a19af151bbba0f2ca8\r\n ftp://ftp.suse.com/pub/suse/i386/update/8.0/images/k_psmp-2.4.18-299.i386.rpm\r\n cb02c8381962eda997ebb115ef68ae4c\r\n ftp://ftp.suse.com/pub/suse/i386/update/8.0/images/k_smp-2.4.18-299.i386.rpm\r\n 903c6e61927803c2d592ac50fe9da6ce\r\n ftp://ftp.suse.com/pub/suse/i386/update/8.0/images/k_i386-2.4.18-299.i386.rpm\r\n e2abf9ccdc8191e7d2ace58e8a1b5b5a\r\n source rpm(s):\r\n ftp://ftp.suse.com/pub/suse/i386/update/8.0/zq1/kernel-source-2.4.18.SuSE-299.nosrc.rpm\r\n 622c85342dd84abd0400103902d05eed\r\n ftp://ftp.suse.com/pub/suse/i386/update/8.0/zq1/k_deflt-2.4.18-299.src.rpm\r\n 37916ea39febc4dd43fabfccce9322db\r\n ftp://ftp.suse.com/pub/suse/i386/update/8.0/zq1/k_psmp-2.4.18-299.src.rpm\r\n 0dde0e6758e42de5479e8776475ae76f\r\n ftp://ftp.suse.com/pub/suse/i386/update/8.0/zq1/k_smp-2.4.18-299.src.rpm\r\n 523bef4e31fa67f078d5fcbdc426a4c0\r\n ftp://ftp.suse.com/pub/suse/i386/update/8.0/zq1/k_i386-2.4.18-299.src.rpm\r\n 06a2a062a54764a30adae0b8ea40cb29\r\n\r\n\r\n\r\n Opteron x86_64 Platform:\r\n\r\n SuSE-9.1:\r\n ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/kernel-source-2.6.5-7.75.x86_64.rpm\r\n 1c878b1e29a9bea40547637b6a307b2d\r\n ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/kernel-default-2.6.5-7.75.x86_64.rpm\r\n 16de3ee2390bb2b92f9fe50451d4f082\r\n ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/kernel-smp-2.6.5-7.75.x86_64.rpm\r\n c310268daa83f18fcfd4cf19434f06e0\r\n source rpm(s):\r\n ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/src/kernel-source-2.6.5-7.75.src.rpm\r\n 2fed0a8f3936027261add7d1cbfa5341\r\n ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/src/kernel-default-2.6.5-7.75.nosrc.rpm\r\n 9ad26d15566337c83273121390ea4e32\r\n ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/src/kernel-smp-2.6.5-7.75.nosrc.rpm\r\n 352951be42b3093efb0148320a6f4c27\r\n\r\n SuSE-9.0:\r\n ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/kernel-source-2.4.21-226.x86_64.rpm\r\n ced9c66ffa28bf7e7c795781f92083fe\r\n ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/k_deflt-2.4.21-226.x86_64.rpm\r\n 60539bc47e8cac0664ac5ca824d311e0\r\n ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/k_smp-2.4.21-226.x86_64.rpm\r\n 083aeedd2a88ccc2e00c8f66cd61b81c\r\n source rpm(s):\r\n ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/src/kernel-source-2.4.21-226.src.rpm\r\n 58c40a206f6f615daa3486fc6d6ade38\r\n ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/src/k_deflt-2.4.21-226.src.rpm\r\n 1c234f6c0475680b41c644c575ff8ef6\r\n ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/src/k_smp-2.4.21-226.src.rpm\r\n e9b90824615859405b1979793662bc0d\r\n\r\n______________________________________________________________________________\r\n\r\n2) Pending vulnerabilities in SUSE Distributions and Workarounds:\r\n\r\n - icecast\r\n The icecast service is vulnerable to a remote denial-of-service\r\n attack. Update packages will be available soon.\r\n\r\n - sitecopy\r\n The sitecopy package includes a vulnerable version of the\r\n neon library (CAN-2004-0179, CAN-2004-0398). Update packages will be\r\n available soon.\r\n\r\n - cadaver\r\n The cadaver package includes a vulnerable version of the\r\n neon library (CAN-2004-0179, CAN-2004-0398). Update packages will be\r\n available soon.\r\n\r\n - OpenOffice_org\r\n The OpenOffice_org package includes a vulnerable version\r\n of the neon library (CAN-2004-0179, CAN-2004-0398). Update packages\r\n will be available soon.\r\n\r\n - tripwire\r\n A format string bug in tripwire can be exploited locally\r\n to gain root permissions. Update packages will be available soon.\r\n\r\n - postgresql\r\n A buffer overflow in psqlODBC could be exploited to crash the\r\n application using it. E.g. a PHP script that uses ODBC to access a\r\n PostgreSQL database can be utilized to crash the surrounding Apache\r\n web-server. Other parts of PostgreSQL are not affected.\r\n Update packages will be available soon.\r\n\r\n - lha\r\n Minor security fix for a buffer overflow while handling command\r\n line options. This buffer overflow could be exploited in conjunction\r\n with other mechanisms to gain higher privileges or access the system\r\n remotely.\r\n\r\n - XDM/XFree86\r\n This update resolves random listening to ports by XDM\r\n that allows to connect via the XDMCP. SUSE LINUX 9.1\r\n is affected only.\r\n New packages are currently being tested and will be\r\n available soon.\r\n\r\n - mod_proxy\r\n A buffer overflow can be triggered by malicious remote\r\n servers that return a negative Content-Length value.\r\n This vulnerability can be used to execute commands remotely\r\n New packages are currently being tested and will be\r\n available soon.\r\n\r\n______________________________________________________________________________\r\n\r\n3) standard appendix: authenticity verification, additional information\r\n\r\n - Package authenticity verification:\r\n\r\n SUSE update packages are available on many mirror ftp servers around\r\n the world. While this service is considered valuable and important\r\n to the free and open source software community, many users wish to be\r\n certain as to be the origin of the package and its content before\r\n installing the package. There are two independent verification methods\r\n that can be used to prove the authenticity of a downloaded file or\r\n rpm package:\r\n 1) md5sums as provided in the (cryptographically signed) announcement.\r\n 2) using the internal gpg signatures of the rpm package.\r\n\r\n 1) execute the command\r\n md5sum <name-of-the-file.rpm>\r\n after you have downloaded the file from a SUSE ftp server or its\r\n mirrors. Then, compare the resulting md5sum with the one that is\r\n listed in the announcement. Since the announcement containing the\r\n checksums is cryptographically signed (usually using the key\r\n security@suse.de), the checksums offer proof of the authenticity\r\n of the package.\r\n We recommend against subscribing to security lists which cause the\r\n email message containing the announcement to be modified so that\r\n the signature does not match after transport through the mailing\r\n list software.\r\n Downsides: You must be able to verify the authenticity of the\r\n announcement in the first place. If RPM packages are being rebuilt\r\n and a new version of a package is published on the ftp server, all\r\n md5 sums for the files are useless.\r\n\r\n 2) rpm package signatures provide an easy way to verify the authenticity\r\n of an rpm package. Use the command\r\n rpm -v --checksig <file.rpm>\r\n to verify the signature of the package, where <file.rpm> is the\r\n filename of the rpm package that you have downloaded. Of course,\r\n package authenticity verification can only target an un-installed rpm\r\n package file.\r\n Prerequisites:\r\n a) gpg is installed\r\n b) The package is signed using a certain key. The public part of this\r\n key must be installed by the gpg program in the directory\r\n ~/.gnupg/ under the user's home directory who performs the\r\n signature verification (usually root). You can import the key\r\n that is used by SUSE in rpm packages for SUSE Linux by saving\r\n this announcement to a file ("announcement.txt") and\r\n running the command (do "su -" to be root):\r\n gpg --batch; gpg < announcement.txt | gpg --import\r\n SUSE Linux distributions version 7.1 and thereafter install the\r\n key "build@suse.de" upon installation or upgrade, provided that\r\n the package gpg is installed. The file containing the public key\r\n is placed at the top-level directory of the first CD (pubring.gpg)\r\n and at ftp://ftp.suse.com/pub/suse/pubring.gpg-build.suse.de .\r\n\r\n\r\n - SUSE runs two security mailing lists to which any interested party may\r\n subscribe:\r\n\r\n suse-security@suse.com\r\n - general/linux/SUSE security discussion.\r\n All SUSE security announcements are sent to this list.\r\n To subscribe, send an email to\r\n <suse-security-subscribe@suse.com>.\r\n\r\n suse-security-announce@suse.com\r\n - SUSE's announce-only mailing list.\r\n Only SUSE's security announcements are sent to this list.\r\n To subscribe, send an email to\r\n <suse-security-announce-subscribe@suse.com>.\r\n\r\n For general information or the frequently asked questions (faq)\r\n send mail to:\r\n <suse-security-info@suse.com> or\r\n <suse-security-faq@suse.com> respectively.\r\n\r\n =====================================================================\r\n SUSE's security contact is <security@suse.com> or <security@suse.de>.\r\n The <security@suse.de> public key is listed below.\r\n =====================================================================\r\n______________________________________________________________________________\r\n\r\n The information in this advisory may be distributed or reproduced,\r\n provided that the advisory is not modified in any way. In particular,\r\n it is desired that the clear-text signature must show proof of the\r\n authenticity of the text.\r\n SUSE Linux AG makes no warranties of any kind whatsoever with respect\r\n to the information contained in this security advisory.\r\n\r\nType Bits/KeyID Date User ID\r\npub 2048R/3D25D3D9 1999-03-06 SuSE Security Team <security@suse.de>\r\npub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <build@suse.de>\r\n\r\n- -----BEGIN PGP PUBLIC KEY BLOCK-----\r\nVersion: GnuPG v1.0.6 (GNU/Linux)\r\nComment: For info see http://www.gnupg.org\r\n\r\nmQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCkYS3yEKeueNWc+z/0Kvff\r\n4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP+Y0PFPboMvKx0FXl/A0d\r\nM+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR8xocQSVCFxcwvwCglVcO\r\nQliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U8c/yE/vdvpN6lF0tmFrK\r\nXBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0ScZqITuZC4CWxJa9GynBE\r\nD3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEhELBeGaPdNCcmfZ66rKUd\r\nG5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtBUVKn4zLUOf6aeBAoV6NM\r\nCC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOoAqajLfvkURHAeSsxXIoE\r\nmyW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1nKFvF+rQoU3VTRSBQYWNr\r\nYWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohcBBMRAgAcBQI57vSBBQkD\r\nwmcABAsKAwQDFQMCAxYCAQIXgAAKCRCoTtronIAKyl8sAJ98BgD40zw0GHJHIf6d\r\nNfnwI2PAsgCgjH1+PnYEl7TFjtZsqhezX7vZvYCIRgQQEQIABgUCOnBeUgAKCRCe\r\nQOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lxyoAejACeOO1HIbActAevk5MUBhNe\r\nLZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWnB/9An5vfiUUE1VQnt+T/EYklES3t\r\nXXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDVwM2OgSEISZxbzdXGnqIlcT08TzBU\r\nD9i579uifklLsnr35SJDZ6ram51/CWOnnaVhUzneOA9gTPSr+/fT3WeVnwJiQCQ3\r\n0kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF5Yryk23pQUPAgJENDEqeU6iIO9Ot\r\n1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3D3EN8C1yPqZd5CvvznYvB6bWBIpW\r\ncRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGuzgpJt9IXSzyohEJB6XG5+D0BiF0E\r\nExECAB0FAjxqqTQFCQoAgrMFCwcKAwQDFQMCAxYCAQIXgAAKCRCoTtronIAKyp1f\r\nAJ9dR7saz2KPNwD3U+fy/0BDKXrYGACfbJ8fQcJqCBQxeHvt9yMPDVq0B0W5Ag0E\r\nOe70khAIAISR0E3ozF/la+oNaRwxHLrCet30NgnxRROYhPaJB/Tu1FQokn2/Qld/\r\nHZnh3TwhBIw1FqrhWBJ7491iAjLR9uPbdWJrn+A7t8kSkPaF3Z/6kyc5a8fas44h\r\nt5h+6HMBzoFCMAq2aBHQRFRNp9Mz1ZvoXXcI1lk1l8OqcUM/ovXbDfPcXsUVeTPT\r\ntGzcAi2jVl9hl3iwJKkyv/RLmcusdsi8YunbvWGFAF5GaagYQo7YlF6UaBQnYJTM\r\n523AMgpPQtsKm9o/w9WdgXkgWhgkhZEeqUS3m5xNey1nLu9iMvq9M/iXnGz4sg6Q\r\n2Y+GqZ+yAvNWjRRou3zSE7Bzg28MI4sAAwYH/2D71Xc5HPDgu87WnBFgmp8MpSr8\r\nQnSs0wwPg3xEullGEocolSb2c0ctuSyeVnCttJMzkukL9TqyF4s/6XRstWirSWaw\r\nJxRLKH6Zjo/FaKsshYKf8gBkAaddvpl3pO0gmUYbqmpQ3xDEYlhCeieXS5MkockQ\r\n1sj2xYdB1xO0ExzfiCiscUKjUFy+mdzUsUutafuZ+gbHog1CN/ccZCkxcBa5IFCH\r\nORrNjq9pYWlrxsEn6ApsG7JJbM2besW1PkdEoxak74z1senh36m5jQvVjA3U4xq1\r\nwwylxadmmJaJHzeiLfb7G1ZRjZTsB7fyYxqDzMVul6o9BSwO/1XsIAnV1uuITAQY\r\nEQIADAUCOe70kgUJA8JnAAAKCRCoTtronIAKyksiAJsFB3/77SkH3JlYOGrEe1Ol\r\n0JdGwACeKTttgeVPFB+iGJdiwQlxasOfuXyITAQYEQIADAUCPGqpWQUJCgCCxwAK\r\nCRCoTtronIAKyofBAKCSZM2UFyta/fe9WgITK9I5hbxxtQCfX+0ar2CZmSknn3co\r\nSPihn1+OBNyZAQ0DNuEtBAAAAQgAoCRcd7SVZEFcumffyEwfLTcXQjhKzOahzxpo\r\nomuF+HIyU4AGq+SU8sTZ/1SsjhdzzrSAfv1lETACA+3SmLr5KV40Us1w0UC64cwt\r\nA46xowVq1vMlH2Lib+V/qr3b1hE67nMHjysECVx9Ob4gFuKNoR2eqnAaJvjnAT8J\r\n/LoUC20EdCHUqn6v+M9t/WZgC+WNR8cq69uDy3YQhDP/nIan6fm2uf2kSV9A7ZxE\r\nGrwsWl/WX5Q/sQqMWaU6r4az98X3z90/cN+eJJ3vwtA+rm+nxEvyev+jaLuOQBDf\r\nebh/XA4FZ35xmi+spdiVeJH4F/ubaGlmj7+wDOF3suYAPSXT2QAFEbQlU3VTRSBT\r\nZWN1cml0eSBUZWFtIDxzZWN1cml0eUBzdXNlLmRlPokBFQMFEDbhLUfkWLKHsco8\r\nRQEBVw4H/1vIdiOLX/7hdzYaG9crQVIk3QwaB5eBbjvLEMvuCZHiY2COUg5QdmPQ\r\n8SlWNZ6k4nu1BLcv2g/pymPUWP9fG4tuSnlUJDrWGm3nhyhAC9iudP2u1YQY37Gb\r\nB6NPVaZiYMnEb4QYFcqv5c/r2ghSXUTYk7etd6SW6WCOpEqizhx1cqDKNZnsI/1X\r\n11pFcO2N7rc6byDBJ1T+cK+F1Ehan9XBt/shryJmv04nli5CXQMEbiqYYMOu8iaA\r\n8AWRgXPCWqhyGhcVD3LRhUJXjUOdH4ZiHCXaoF3zVPxpeGKEQY8iBrDeDyB3wHmj\r\nqY9WCX6cmogGQRgYG6yJqDalLqrDOdmJARUDBRA24S0Ed7LmAD0l09kBAW04B/4p\r\nWH3f1vQn3i6/+SmDjGzUu2GWGq6Fsdwo2hVM2ym6CILeow/K9JfhdwGvY8LRxWRL\r\nhn09j2IJ9P7H1Yz3qDf10AX6V7YILHtchKT1dcngCkTLmDgC4rs1iAAl3f089sRG\r\nBafGPGKv2DQjHfR1LfRtbf0P7c09Tkej1MP8HtQMW9hPkBYeXcwbCjdrVGFOzqx+\r\nAvvJDdT6a+oyRMTFlvmZ83UV5pgoyimgjhWnM1V4bFBYjPrtWMkdXJSUXbR6Q7Pi\r\nRZWCzGRzwbaxqpl3rK/YTCphOLwEMB27B4/fcqtBzgoMOiaZA0M5fFoo54KgRIh0\r\nzinsSx2OrWgvSiLEXXYKiEYEEBECAAYFAjseYcMACgkQnkDjEAAKq6ROVACgjhDM\r\n/3KM+iFjs5QXsnd4oFPOnbkAnjYGa1J3em+bmV2aiCdYXdOuGn4ZiQCVAwUQN7c7\r\nwhaQN/7O/JIVAQEB+QP/cYblSAmPXxSFiaHWB+MiUNw8B6ozBLK0QcMQ2YcL6+Vl\r\nD+nSZP20+Ja2nfiKjnibCv5ss83yXoHkYk2Rsa8foz6Y7tHwuPiccvqnIC/c9Cvz\r\ndbIsdxpfsi0qWPfvX/jLMpXqqnPjdIZErgxpwujas1n9016PuXA8K3MJwVjCqSKI\r\nRgQQEQIABgUCOhpCpAAKCRDHUqoysN/3gCt7AJ9adNQMbmA1iSYcbhtgvx9ByLPI\r\nDgCfZ5Wj+f7cnYpFZI6GkAyyczG09sE=\r\n=LRKC\r\n- -----END PGP PUBLIC KEY BLOCK-----\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.2.2 (GNU/Linux)\r\n\r\niQEVAwUBQNBTgney5gA9JdPZAQHB7Af/XRy01sYB1rDi0L+TwlQtW4nr4vwrJTOt\r\n6pA/M+oNsW0SUPK3kCcN+v7mvuIrA69c1VZeYgfI4/dy0bdMntcVkOliikn0+m0i\r\ne2SvKYY+/KC8wZaUIrKFbH4PA0Gdf40GmNVj4uq5KdwohJLGQDTa8eguiYocMjXv\r\nE8QAdGTaPXEBGz8Ode6YMYAbauHbWXip9x6TyQ7NgiQ4mylabmmw8AUebVyM4oWS\r\na28uoT8nWPu+BwYNW0zt26clPhLvmHWFpIpqyaWERaWMuCrFHwlc753B2PCOVdnm\r\nYj/ugqlkkGRysclITz3WFbUGUKtd91AdZAEK6l+MxkuqRDZmNUYgHw==\r\n=q9W1\r\n-----END PGP SIGNATURE-----", "edition": 1, "cvss3": {}, "published": "2004-06-18T00:00:00", "title": "SUSE Security Announcement: kernel (SuSE-SA:2004:017)", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2004-0398", "CVE-2004-0179", "CVE-2004-0554"], "modified": "2004-06-18T00:00:00", "id": "SECURITYVULNS:DOC:6363", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:6363", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:09", "description": "\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\n\r\n______________________________________________________________________________\r\n\r\n SUSE Security Announcement\r\n\r\n Package: cvs\r\n Announcement-ID: SuSE-SA:2004:008\r\n Date: Wed Apr 14 16:00:00 MEST 2004\r\n Affected products: 8.0, 8.1, 8.2, 9.0\r\n SuSE Firewall on CD 2\r\n SuSE Linux Enterprise Server 7, 8\r\n SLES 8 for IBM iSeries and IBM pSeries\r\n SuSE Linux Office Server\r\n UnitedLinux 1.0\r\n Vulnerability Type: remote code execution\r\n Severity (1-10): 5\r\n SUSE default package: No\r\n Cross References: \r\n\r\n Content of this advisory:\r\n 1) security vulnerability resolved: arbitrary file creation in cvs\r\n problem description, discussion, solution and upgrade information\r\n 2) pending vulnerabilities, solutions, workarounds:\r\n - neon\r\n - tcpdump\r\n - openssh\r\n - kdeprint/kdelibs3\r\n - MPlayer\r\n - mailman\r\n - systat\r\n - apache2\r\n - emil\r\n 3) standard appendix (further information)\r\n\r\n______________________________________________________________________________\r\n\r\n1) problem description, brief discussion, solution, upgrade information\r\n\r\n The Concurrent Versions System (CVS) offers tools which allow developers\r\n to share and maintain large software projects.\r\n During the analyzation of the CVS protocol and their implementation, the\r\n SuSE Security Team discovered a flaw within the handling of pathnames.\r\n Evil CVS servers could specify absolute pathnames during checkouts and\r\n updates, which allows to create arbitrary files with the permissions of\r\n the user invoking the CVS client. This could lead to a compromise of the\r\n system.\r\n \r\n Please download the update package for your distribution and verify its\r\n integrity by the methods listed in section 3) of this announcement.\r\n Then, install the package using the command "rpm -Fhv file.rpm" to apply\r\n the update.\r\n Our maintenance customers are being notified individually. The packages\r\n are being offered to install from the maintenance web.\r\n\r\n Intel i386 Platform:\r\n\r\n SuSE-9.0:\r\n ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/cvs-1.11.6-79.i586.rpm\r\n 392353d02948dee01fa98832841699be\r\n patch rpm(s):\r\n ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/cvs-1.11.6-79.i586.patch.rpm\r\n fd287ccde902d5a93ce54c141f4f888d\r\n source rpm(s):\r\n ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/src/cvs-1.11.6-79.src.rpm\r\n f094e09f54e176747f7441d44c20e12c\r\n\r\n SuSE-8.2:\r\n ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/cvs-1.11.5-103.i586.rpm\r\n a690613adaf637365f8b99a91373f5cf\r\n patch rpm(s):\r\n ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/cvs-1.11.5-103.i586.patch.rpm\r\n 844400ec62905d78b9e196c311f49207\r\n source rpm(s):\r\n ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/src/cvs-1.11.5-103.src.rpm\r\n 202d2afd939caff003fbe73f65977ee6\r\n\r\n SuSE-8.1:\r\n ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/cvs-1.11.1p1-326.i586.rpm\r\n 90401ed5771c3570310c23efcd503bee\r\n patch rpm(s):\r\n ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/cvs-1.11.1p1-326.i586.patch.rpm\r\n 42335546a7937ccc0fc6173ba1697ed9\r\n source rpm(s):\r\n ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/src/cvs-1.11.1p1-326.src.rpm\r\n ca6cb008ba8004635f9892552ed3e569\r\n\r\n SuSE-8.0:\r\n ftp://ftp.suse.com/pub/suse/i386/update/8.0/d3/cvs-1.11.1p1-326.i386.rpm\r\n b24bca587706433d0cfa81ae96822e81\r\n patch rpm(s):\r\n ftp://ftp.suse.com/pub/suse/i386/update/8.0/d3/cvs-1.11.1p1-326.i386.patch.rpm\r\n b5df706c6862ade002714607ba6027f6\r\n source rpm(s):\r\n ftp://ftp.suse.com/pub/suse/i386/update/8.0/zq1/cvs-1.11.1p1-326.src.rpm\r\n 26b4e34fb562fdccf33f35bfde16a403\r\n\r\n\r\n Opteron x86_64 Platform:\r\n\r\n SuSE-9.0:\r\n ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/cvs-1.11.6-78.x86_64.rpm\r\n dae12f94ea7eb35ed9b5172a8288d032\r\n patch rpm(s):\r\n ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/cvs-1.11.6-78.x86_64.patch.rpm\r\n 07ca7acf86abd38e617a60e28dedfb0c\r\n source rpm(s):\r\n ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/src/cvs-1.11.6-78.src.rpm\r\n 02d1e7f89a0f5372dc8a702032f4f4c2\r\n\r\n______________________________________________________________________________\r\n\r\n2) Pending vulnerabilities in SUSE Distributions and Workarounds:\r\n\r\n - neon\r\n The neon package contained various format string vulnerabilities\r\n which have been fixed. New packages are available on our FTP servers.\r\n Maintained products do not contain the neon package and are therefore\r\n not affected. (CAN-2004-0179)\r\n\r\n - tcpdump\r\n The tcpdump program contains a remotely exploitable denial of service\r\n condition in its ISAKMP packet handling. New tcpdump packages are\r\n currently being tested and will soon be available on our FTP servers.\r\n\r\n - openssh\r\n The scp program which is part of the openssh package allowed evil\r\n servers to trick clients into creating arbitrary files with\r\n permissions of the user invoking scp. New packages are available on\r\n our FTP servers.\r\n\r\n - kdeprint/kdelibs3\r\n The kdeprint system called the ghostscript program without the -dSAFER\r\n option. This has been fixed. New packages are available on our FTP\r\n servers. The package is named "kdelibs3". Maintained products are\r\n not affected.\r\n\r\n - MPlayer\r\n The mplayer program contained a buffer overflow while escaping\r\n large URLs. This has been fixed. New MPlayer packages are currently\r\n being tested and will be available soon on our FTP servers.\r\n\r\n - mailman\r\n The mailing list manager mailman can be tricked to deny service by\r\n remote attackers. (CAN-2003-0991)\r\n New packages are available on our FTP servers.\r\n\r\n - sysstat\r\n This update close two cases of insecure temporary file handling in\r\n the isag code.\r\n New packages are available on our FTP servers.\r\n\r\n - apache2\r\n This update fixes a memory leak in the mod_ssl module of apache2\r\n (CAN-2004-0113), a possible remote DoS attack on accessing rarely\r\n used listening ports (CAN-2004-0174), and a problem with unescaped\r\n special characters in log files that could present a security hazard\r\n for terminal emulators (CAN-2003-0020).\r\n New packages are available on our FTP servers.\r\n\r\n - emil\r\n The emil mail filter conatins buffer overflows and format-string\r\n bugs that can be exploited remotely if emil is used in conjunction\r\n with procmail, sendmail and alike. (CAN-2004-0152, CAN-2004-0153)\r\n New packages are available on our FTP servers.\r\n\r\n\r\n______________________________________________________________________________\r\n\r\n3) standard appendix: authenticity verification, additional information\r\n\r\n - Package authenticity verification:\r\n\r\n SUSE update packages are available on many mirror ftp servers all over \r\n the world. While this service is being considered valuable and important\r\n to the free and open source software community, many users wish to be \r\n sure about the origin of the package and its content before installing\r\n the package. There are two verification methods that can be used \r\n independently from each other to prove the authenticity of a downloaded\r\n file or rpm package:\r\n 1) md5sums as provided in the (cryptographically signed) announcement.\r\n 2) using the internal gpg signatures of the rpm package.\r\n\r\n 1) execute the command \r\n md5sum <name-of-the-file.rpm>\r\n after you downloaded the file from a SUSE ftp server or its mirrors.\r\n Then, compare the resulting md5sum with the one that is listed in the\r\n announcement. Since the announcement containing the checksums is \r\n cryptographically signed (usually using the key security@suse.de), \r\n the checksums show proof of the authenticity of the package.\r\n We disrecommend to subscribe to security lists which cause the \r\n email message containing the announcement to be modified so that\r\n the signature does not match after transport through the mailing \r\n list software.\r\n Downsides: You must be able to verify the authenticity of the\r\n announcement in the first place. If RPM packages are being rebuilt\r\n and a new version of a package is published on the ftp server, all \r\n md5 sums for the files are useless.\r\n\r\n 2) rpm package signatures provide an easy way to verify the authenticity\r\n of an rpm package. Use the command\r\n rpm -v --checksig <file.rpm>\r\n to verify the signature of the package, where <file.rpm> is the\r\n filename of the rpm package that you have downloaded. Of course, \r\n package authenticity verification can only target an un-installed rpm\r\n package file.\r\n Prerequisites:\r\n a) gpg is installed\r\n b) The package is signed using a certain key. The public part of this\r\n key must be installed by the gpg program in the directory \r\n ~/.gnupg/ under the user's home directory who performs the\r\n signature verification (usually root). You can import the key\r\n that is used by SUSE in rpm packages for SUSE Linux by saving\r\n this announcement to a file ("announcement.txt") and\r\n running the command (do "su -" to be root):\r\n gpg --batch; gpg < announcement.txt | gpg --import\r\n SUSE Linux distributions version 7.1 and thereafter install the\r\n key "build@suse.de" upon installation or upgrade, provided that\r\n the package gpg is installed. The file containing the public key\r\n is placed at the top-level directory of the first CD (pubring.gpg)\r\n and at ftp://ftp.suse.com/pub/suse/pubring.gpg-build.suse.de .\r\n\r\n\r\n - SUSE runs two security mailing lists to which any interested party may\r\n subscribe:\r\n\r\n suse-security@suse.com\r\n - general/linux/SUSE security discussion. \r\n All SUSE security announcements are sent to this list.\r\n To subscribe, send an email to \r\n <suse-security-subscribe@suse.com>.\r\n\r\n suse-security-announce@suse.com\r\n - SUSE's announce-only mailing list.\r\n Only SUSE's security announcements are sent to this list.\r\n To subscribe, send an email to\r\n <suse-security-announce-subscribe@suse.com>.\r\n\r\n For general information or the frequently asked questions (faq) \r\n send mail to:\r\n <suse-security-info@suse.com> or\r\n <suse-security-faq@suse.com> respectively.\r\n\r\n =====================================================================\r\n SUSE's security contact is <security@suse.com> or <security@suse.de>.\r\n The <security@suse.de> public key is listed below.\r\n =====================================================================\r\n______________________________________________________________________________\r\n\r\n The information in this advisory may be distributed or reproduced,\r\n provided that the advisory is not modified in any way. In particular,\r\n it is desired that the clear-text signature shows proof of the\r\n authenticity of the text.\r\n SUSE Linux AG makes no warranties of any kind whatsoever with respect\r\n to the information contained in this security advisory.\r\n\r\nType Bits/KeyID Date User ID\r\npub 2048R/3D25D3D9 1999-03-06 SuSE Security Team <security@suse.de>\r\npub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <build@suse.de>\r\n\r\n- -----BEGIN PGP PUBLIC KEY BLOCK-----\r\nVersion: GnuPG v1.0.6 (GNU/Linux)\r\nComment: For info see http://www.gnupg.org\r\n\r\nmQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCkYS3yEKeueNWc+z/0Kvff\r\n4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP+Y0PFPboMvKx0FXl/A0d\r\nM+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR8xocQSVCFxcwvwCglVcO\r\nQliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U8c/yE/vdvpN6lF0tmFrK\r\nXBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0ScZqITuZC4CWxJa9GynBE\r\nD3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEhELBeGaPdNCcmfZ66rKUd\r\nG5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtBUVKn4zLUOf6aeBAoV6NM\r\nCC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOoAqajLfvkURHAeSsxXIoE\r\nmyW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1nKFvF+rQoU3VTRSBQYWNr\r\nYWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohcBBMRAgAcBQI57vSBBQkD\r\nwmcABAsKAwQDFQMCAxYCAQIXgAAKCRCoTtronIAKyl8sAJ98BgD40zw0GHJHIf6d\r\nNfnwI2PAsgCgjH1+PnYEl7TFjtZsqhezX7vZvYCIRgQQEQIABgUCOnBeUgAKCRCe\r\nQOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lxyoAejACeOO1HIbActAevk5MUBhNe\r\nLZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWnB/9An5vfiUUE1VQnt+T/EYklES3t\r\nXXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDVwM2OgSEISZxbzdXGnqIlcT08TzBU\r\nD9i579uifklLsnr35SJDZ6ram51/CWOnnaVhUzneOA9gTPSr+/fT3WeVnwJiQCQ3\r\n0kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF5Yryk23pQUPAgJENDEqeU6iIO9Ot\r\n1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3D3EN8C1yPqZd5CvvznYvB6bWBIpW\r\ncRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGuzgpJt9IXSzyohEJB6XG5+D0BiF0E\r\nExECAB0FAjxqqTQFCQoAgrMFCwcKAwQDFQMCAxYCAQIXgAAKCRCoTtronIAKyp1f\r\nAJ9dR7saz2KPNwD3U+fy/0BDKXrYGACfbJ8fQcJqCBQxeHvt9yMPDVq0B0W5Ag0E\r\nOe70khAIAISR0E3ozF/la+oNaRwxHLrCet30NgnxRROYhPaJB/Tu1FQokn2/Qld/\r\nHZnh3TwhBIw1FqrhWBJ7491iAjLR9uPbdWJrn+A7t8kSkPaF3Z/6kyc5a8fas44h\r\nt5h+6HMBzoFCMAq2aBHQRFRNp9Mz1ZvoXXcI1lk1l8OqcUM/ovXbDfPcXsUVeTPT\r\ntGzcAi2jVl9hl3iwJKkyv/RLmcusdsi8YunbvWGFAF5GaagYQo7YlF6UaBQnYJTM\r\n523AMgpPQtsKm9o/w9WdgXkgWhgkhZEeqUS3m5xNey1nLu9iMvq9M/iXnGz4sg6Q\r\n2Y+GqZ+yAvNWjRRou3zSE7Bzg28MI4sAAwYH/2D71Xc5HPDgu87WnBFgmp8MpSr8\r\nQnSs0wwPg3xEullGEocolSb2c0ctuSyeVnCttJMzkukL9TqyF4s/6XRstWirSWaw\r\nJxRLKH6Zjo/FaKsshYKf8gBkAaddvpl3pO0gmUYbqmpQ3xDEYlhCeieXS5MkockQ\r\n1sj2xYdB1xO0ExzfiCiscUKjUFy+mdzUsUutafuZ+gbHog1CN/ccZCkxcBa5IFCH\r\nORrNjq9pYWlrxsEn6ApsG7JJbM2besW1PkdEoxak74z1senh36m5jQvVjA3U4xq1\r\nwwylxadmmJaJHzeiLfb7G1ZRjZTsB7fyYxqDzMVul6o9BSwO/1XsIAnV1uuITAQY\r\nEQIADAUCOe70kgUJA8JnAAAKCRCoTtronIAKyksiAJsFB3/77SkH3JlYOGrEe1Ol\r\n0JdGwACeKTttgeVPFB+iGJdiwQlxasOfuXyITAQYEQIADAUCPGqpWQUJCgCCxwAK\r\nCRCoTtronIAKyofBAKCSZM2UFyta/fe9WgITK9I5hbxxtQCfX+0ar2CZmSknn3co\r\nSPihn1+OBNyZAQ0DNuEtBAAAAQgAoCRcd7SVZEFcumffyEwfLTcXQjhKzOahzxpo\r\nomuF+HIyU4AGq+SU8sTZ/1SsjhdzzrSAfv1lETACA+3SmLr5KV40Us1w0UC64cwt\r\nA46xowVq1vMlH2Lib+V/qr3b1hE67nMHjysECVx9Ob4gFuKNoR2eqnAaJvjnAT8J\r\n/LoUC20EdCHUqn6v+M9t/WZgC+WNR8cq69uDy3YQhDP/nIan6fm2uf2kSV9A7ZxE\r\nGrwsWl/WX5Q/sQqMWaU6r4az98X3z90/cN+eJJ3vwtA+rm+nxEvyev+jaLuOQBDf\r\nebh/XA4FZ35xmi+spdiVeJH4F/ubaGlmj7+wDOF3suYAPSXT2QAFEbQlU3VTRSBT\r\nZWN1cml0eSBUZWFtIDxzZWN1cml0eUBzdXNlLmRlPokBFQMFEDbhLUfkWLKHsco8\r\nRQEBVw4H/1vIdiOLX/7hdzYaG9crQVIk3QwaB5eBbjvLEMvuCZHiY2COUg5QdmPQ\r\n8SlWNZ6k4nu1BLcv2g/pymPUWP9fG4tuSnlUJDrWGm3nhyhAC9iudP2u1YQY37Gb\r\nB6NPVaZiYMnEb4QYFcqv5c/r2ghSXUTYk7etd6SW6WCOpEqizhx1cqDKNZnsI/1X\r\n11pFcO2N7rc6byDBJ1T+cK+F1Ehan9XBt/shryJmv04nli5CXQMEbiqYYMOu8iaA\r\n8AWRgXPCWqhyGhcVD3LRhUJXjUOdH4ZiHCXaoF3zVPxpeGKEQY8iBrDeDyB3wHmj\r\nqY9WCX6cmogGQRgYG6yJqDalLqrDOdmJARUDBRA24S0Ed7LmAD0l09kBAW04B/4p\r\nWH3f1vQn3i6/+SmDjGzUu2GWGq6Fsdwo2hVM2ym6CILeow/K9JfhdwGvY8LRxWRL\r\nhn09j2IJ9P7H1Yz3qDf10AX6V7YILHtchKT1dcngCkTLmDgC4rs1iAAl3f089sRG\r\nBafGPGKv2DQjHfR1LfRtbf0P7c09Tkej1MP8HtQMW9hPkBYeXcwbCjdrVGFOzqx+\r\nAvvJDdT6a+oyRMTFlvmZ83UV5pgoyimgjhWnM1V4bFBYjPrtWMkdXJSUXbR6Q7Pi\r\nRZWCzGRzwbaxqpl3rK/YTCphOLwEMB27B4/fcqtBzgoMOiaZA0M5fFoo54KgRIh0\r\nzinsSx2OrWgvSiLEXXYKiEYEEBECAAYFAjseYcMACgkQnkDjEAAKq6ROVACgjhDM\r\n/3KM+iFjs5QXsnd4oFPOnbkAnjYGa1J3em+bmV2aiCdYXdOuGn4ZiQCVAwUQN7c7\r\nwhaQN/7O/JIVAQEB+QP/cYblSAmPXxSFiaHWB+MiUNw8B6ozBLK0QcMQ2YcL6+Vl\r\nD+nSZP20+Ja2nfiKjnibCv5ss83yXoHkYk2Rsa8foz6Y7tHwuPiccvqnIC/c9Cvz\r\ndbIsdxpfsi0qWPfvX/jLMpXqqnPjdIZErgxpwujas1n9016PuXA8K3MJwVjCqSKI\r\nRgQQEQIABgUCOhpCpAAKCRDHUqoysN/3gCt7AJ9adNQMbmA1iSYcbhtgvx9ByLPI\r\nDgCfZ5Wj+f7cnYpFZI6GkAyyczG09sE=\r\n=LRKC\r\n- -----END PGP PUBLIC KEY BLOCK-----\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.0.7 (GNU/Linux)\r\n\r\niQEVAwUBQH1dEHey5gA9JdPZAQFt1Af9G1LkLrTC/LAyaTE9qn6XS2gD5HXmN3Tc\r\nhWFlO9i9ZsVyn/9GJJsnFq1Grd9s3ka9SPrYKSadi4UxOKDGTp0y4on+rOQZKZo8\r\n7aOs84BG+EMVLBgQ288i5VsngazvT2xcc1AhnAE7oph26QlAevv6j1jEqBITPWou\r\nFmy49I2z/yif9ZDAyw6qzm5khvaSjw5uk922VohjNBec3nLLs+ev+sb8pwPvdN2A\r\njlu7Vo2nclCmSMGM4N4+LWr/0HMUdkoajyuscdZ9+igz50XXjswS6U89LKVmrS59\r\n5IMEJa7h14x+D9rU8dEJKm6qCPB2Dig3N9dfzV8d+0pLmEOQHgEOJA==\r\n=I/9T\r\n-----END PGP SIGNATURE-----", "edition": 1, "cvss3": {}, "published": "2004-04-15T00:00:00", "title": "SUSE Security Announcement: cvs (SuSE-SA:2004:008)", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2003-0991", "CVE-2004-0113", "CVE-2004-0179", "CVE-2004-0174", "CVE-2004-0153", "CVE-2003-0020", "CVE-2004-0152"], "modified": "2004-04-15T00:00:00", "id": "SECURITYVULNS:DOC:6078", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:6078", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:10", "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\n\r\n______________________________________________________________________________\r\n\r\n SUSE Security Announcement\r\n\r\n Package: kernel\r\n Announcement-ID: SUSE-SA:2004:020\r\n Date: Tuesday, Jul 2nd 2004 18:00 MEST\r\n Affected products: 8.0, 8.1, 8.2, 9.0, 9.1\r\n SUSE Linux Database Server,\r\n SUSE eMail Server III, 3.1\r\n SUSE Linux Enterprise Server 7, 8\r\n SUSE Linux Firewall on CD/Admin host\r\n SUSE Linux Connectivity Server\r\n SUSE Linux Office Server\r\n Vulnerability Type: local privilege escalation\r\n Severity (1-10): 6\r\n SUSE default package: yes\r\n Cross References: CAN-2004-0495\r\n CAN-2004-0496\r\n CAN-2004-0497\r\n CAN-2004-0535\r\n CAN-2004-0626\r\n\r\n\r\n Content of this advisory:\r\n 1) security vulnerability resolved:\r\n - chown: users can change the group affiliation of arbitrary\r\n files to the group they belong to\r\n - missing DAC check in chown(2): local privilege escalation\r\n - overflow with signals: local denial-of-service\r\n - pss, mpu401 sound driver: read/write to complete memory\r\n - airo driver: read/write to complete memory\r\n - ALSA: copy_from_user/copy_to_user confused\r\n - acpi_asus: read from random memory\r\n - decnet: write to memory without checking\r\n - e1000 driver: read complete memory\r\n problem description, discussion, solution and upgrade information\r\n 2) pending vulnerabilities, solutions, workarounds:\r\n - icecast\r\n - sitecopy\r\n - cadaver\r\n - OpenOffice_org\r\n - tripwire\r\n - postgresql*\r\n - mod_proxy\r\n - freeswan\r\n - ipsec-tools\r\n - less\r\n - libpng\r\n - pavuk\r\n - XFree86*\r\n - kdebase3\r\n 3) standard appendix (further information)\r\n\r\n______________________________________________________________________________\r\n\r\n1) problem description, brief discussion, solution, upgrade information\r\n\r\n Multiple security vulnerabilities are being addressed with this security\r\n update of the Linux kernel.\r\n\r\n Kernel memory access vulnerabilities are fixed in the e1000, decnet, \r\n acpi_asus, alsa, airo/WLAN, pss and mpu401 drivers. These \r\n vulnerabilities can lead to kernel memory read access, write access \r\n and local denial of service conditions, resulting in access to the \r\n root account for an attacker with a local account on the affected \r\n system.\r\n\r\n Missing Discretionary Access Control (DAC) checks in the chown(2) system\r\n call allow an attacker with a local account to change the group\r\n ownership of arbitrary files, which leads to root privileges on affected\r\n systems. It is specific to kernel version 2.6 based systems such as \r\n the SUSE Linux 9.1 product, that only local shell access is needed to \r\n exploit this vulnerability. An interesting variant of the missing \r\n checks is that the ownership of files in the /proc filesystem can be \r\n altered, while the changed ownership still does not allow the files to \r\n be accessed as a non-root user for to be able to exploit the \r\n vulnerability. Systems that are based on a version 2.4 kernel are not \r\n vulnerable to the /proc weakness, and exploitation of the weakness \r\n requires the use of the kernel NFS server (knfsd). If the knfsd NFS \r\n server is not activated (it is off by default), the vulnerability is \r\n not exposed. These issues related to the chown(2) system call have been \r\n discovered by Michael Schroeder and Ruediger Oertel, both SUSE LINUX.\r\n\r\n The only network-related vulnerability fixed with the kernel updates\r\n that are subject to this announcement affect the SUSE Linux 9.1 \r\n distribution only, as it is based on a 2.6 kernel. Found and reported \r\n to bugtraq by Adam Osuchowski and Tomasz Dubinski, the vulnerability \r\n allows a remote attacker to send a specially crafted TCP packet to a \r\n vulnerable system, causing that system to stall if it makes use of \r\n TCP option matching netfilter rules.\r\n\r\n In some rare configurations of the SUSE Linux 9.1 distribution, some \r\n users have experienced stalling systems during system startup. These \r\n problems are fixed with this kernel update.\r\n\r\n\r\n\r\n SPECIAL INSTALL INSTRUCTIONS:\r\n ==============================\r\n For the impatient: Run YOU (Yast2 Online Update, command \r\n "yast2 online_update" as root) to install the updates (semi) \r\n automatically, if you have a SUSE Linux 8.1 and newer system.\r\n\r\n For those who wish to install their kernel updates manually and for \r\n those who use a SUSE Linux 8.0 system:\r\n\r\n The following paragraphs will guide you through the installation\r\n process in a step-by-step fashion. The character sequence "****"\r\n marks the beginning of a new paragraph. In some cases, the steps\r\n outlined in a particular paragraph may or may not be applicable\r\n to your situation.\r\n Therefore, please make sure to read through all of the steps below\r\n before attempting any of these procedures.\r\n All of the commands that need to be executed are required to be\r\n run as the superuser (root). Each step relies on the steps before\r\n it to complete successfully.\r\n\r\n\r\n **** Step 1: Determine the needed kernel type\r\n\r\n Please use the following command to find the kernel type that is\r\n installed on your system:\r\n\r\n rpm -qf /boot/vmlinuz\r\n\r\n Following are the possible kernel types (disregard the version and\r\n build number following the name separated by the "-" character)\r\n\r\n k_deflt # default kernel, good for most systems.\r\n k_i386 # kernel for older processors and chipsets\r\n k_athlon # kernel made specifically for AMD Athlon(tm) family processors\r\n k_psmp # kernel for Pentium-I dual processor systems\r\n k_smp # kernel for SMP systems (Pentium-II and above)\r\n k_smp4G # kernel for SMP systems which supports a maximum of 4G of RAM\r\n kernel-64k-pagesize\r\n kernel-bigsmp\r\n kernel-default\r\n kernel-smp\r\n\r\n **** Step 2: Download the package for your system\r\n\r\n Please download the kernel RPM package for your distribution with the\r\n name as indicated by Step 1. The list of all kernel rpm packages is\r\n appended below. Note: The kernel-source package does not\r\n contain a binary kernel in bootable form. Instead, it contains the\r\n sources that the binary kernel rpm packages are created from. It can be\r\n used by administrators who have decided to build their own kernel.\r\n Since the kernel-source.rpm is an installable (compiled) package that\r\n contains sources for the linux kernel, it is not the source RPM for\r\n the kernel RPM binary packages.\r\n\r\n The kernel RPM binary packages for the distributions can be found at the\r\n locations below ftp://ftp.suse.com/pub/suse/i386/update/.\r\n\r\n 8.0/images/\r\n 8.1/rpm/i586\r\n 8.2/rpm/i586\r\n 9.0/rpm/i586\r\n 9.1/rpm/i586\r\n\r\n After downloading the kernel RPM package for your system, you should\r\n verify the authenticity of the kernel rpm package using the methods as\r\n listed in section 3) of each SUSE Security Announcement.\r\n\r\n\r\n **** Step 3: Installing your kernel rpm package\r\n\r\n Install the rpm package that you have downloaded in Steps 3 or 4 with\r\n the command\r\n rpm -Uhv --nodeps --force <K_FILE.RPM>\r\n where <K_FILE.RPM> is the name of the rpm package that you downloaded.\r\n\r\n Warning: After performing this step, your system will likely not be\r\n able to boot if the following steps have not been fully\r\n followed.\r\n\r\n\r\n If you run SUSE LINUX 8.1 and haven't applied the kernel update\r\n (SUSE-SA:2003:034), AND you are using the freeswan package, you also\r\n need to update the freeswan rpm as a dependency as offered\r\n by YOU (YaST Online Update). The package can be downloaded from\r\n ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/\r\n\r\n **** Step 4: configuring and creating the initrd\r\n\r\n The initrd is a ramdisk that is loaded into the memory of your\r\n system together with the kernel boot image by the bootloader. The\r\n kernel uses the content of this ramdisk to execute commands that must\r\n be run before the kernel can mount its actual root filesystem. It is\r\n usually used to initialize SCSI drivers or NIC drivers for diskless\r\n operation.\r\n\r\n The variable INITRD_MODULES in /etc/sysconfig/kernel determines\r\n which kernel modules will be loaded in the initrd before the kernel\r\n has mounted its actual root filesystem. The variable should contain\r\n your SCSI adapter (if any) or filesystem driver modules.\r\n\r\n With the installation of the new kernel, the initrd has to be\r\n re-packed with the update kernel modules. Please run the command\r\n\r\n mk_initrd\r\n\r\n as root to create a new init ramdisk (initrd) for your system.\r\n On SuSE Linux 8.1 and later, this is done automatically when the\r\n RPM is installed.\r\n\r\n\r\n **** Step 5: bootloader\r\n\r\n If you run a SUSE LINUX 8.x, SLES8, or SUSE LINUX 9.x system, there\r\n are two options:\r\n Depending on your software configuration, you have either the lilo\r\n bootloader or the grub bootloader installed and initialized on your\r\n system.\r\n The grub bootloader does not require any further actions to be\r\n performed after the new kernel images have been moved in place by the\r\n rpm Update command.\r\n If you have a lilo bootloader installed and initialized, then the lilo\r\n program must be run as root. Use the command\r\n\r\n grep LOADER_TYPE /etc/sysconfig/bootloader\r\n\r\n to find out which boot loader is configured. If it is lilo, then you\r\n must run the lilo command as root. If grub is listed, then your system\r\n does not require any bootloader initialization.\r\n\r\n Warning: An improperly installed bootloader may render your system\r\n unbootable.\r\n\r\n **** Step 6: reboot\r\n\r\n If all of the steps above have been successfully completed on your\r\n system, then the new kernel including the kernel modules and the\r\n initrd should be ready to boot. The system needs to be rebooted for\r\n the changes to become active. Please make sure that all steps have\r\n completed, then reboot using the command\r\n shutdown -r now\r\n or\r\n init 6\r\n\r\n Your system should now shut down and reboot with the new kernel.\r\n\r\n\r\n There is no workaround known.\r\n\r\n\r\n Please download the update package for your distribution and verify its\r\n integrity by the methods listed in section 3) of this announcement.\r\n Then, install the package using the command "rpm -Fhv file.rpm" to apply\r\n the update.\r\n Our maintenance customers are being notified individually. The packages\r\n are being offered to install from the maintenance web.\r\n\r\n\r\n\r\n\r\n\r\n x86 Platform:\r\n\r\n SUSE Linux 9.1:\r\n ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/kernel-default-2.6.5-7.95.i586.rpm\r\n 800418d3dddf6d3b83925f562842205a\r\n ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/kernel-smp-2.6.5-7.95.i586.rpm\r\n 0cb990b159e10685bb29b76d312ddd25\r\n ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/kernel-bigsmp-2.6.5-7.95.i586.rpm\r\n 7446bb70f52bce57a914066be4ed8e45\r\n ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/kernel-bigsmp-2.6.5-7.95.i586.rpm\r\n 7446bb70f52bce57a914066be4ed8e45\r\n ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/kernel-source-2.6.5-7.95.i586.rpm\r\n ede031495ee19d8b6eca1873e7155332\r\n source rpm(s):\r\n ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/src/kernel-default-2.6.5-7.95.nosrc.rpm\r\n 620ef40226fec31a773397cf3051bf36\r\n ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/src/kernel-smp-2.6.5-7.95.nosrc.rpm\r\n 9b61b5a70b304f5554cb18a6bae5b5fd\r\n ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/src/kernel-bigsmp-2.6.5-7.95.nosrc.rpm\r\n 227c85280ee17a66c8590fe1bb14c596\r\n ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/src/kernel-source-2.6.5-7.95.src.rpm\r\n 895fee3033de0810ff1173ce8ee87936\r\n\r\n SUSE Linux 9.0:\r\n ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/k_deflt-2.4.21-231.i586.rpm\r\n 48be395b96329909486ae3a5152348fa\r\n ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/k_athlon-2.4.21-231.i586.rpm\r\n 4cd322b4f511d5fe4c483ed28a82097e\r\n ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/k_smp-2.4.21-231.i586.rpm\r\n 262e33cebf1b0d35fb6d3235c9ab8815\r\n ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/k_smp4G-2.4.21-231.i586.rpm\r\n 8d81370f90736b12aa71b9c744f6e0e2\r\n ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/k_um-2.4.21-231.i586.rpm\r\n bc59c838c84ba318dc4d24da08a3022e\r\n ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/kernel-source-2.4.21-231.i586.rpm\r\n f9586ba982e0398c3e48871955b661aa\r\n source rpm(s):\r\n ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/src/k_deflt-2.4.21-231.src.rpm\r\n 18673b0bf347fe9557d4e67ca02000c0\r\n ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/src/k_athlon-2.4.21-231.src.rpm\r\n 71496daac44196b0e0a3836ee6a3b4ed\r\n ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/src/k_smp-2.4.21-231.src.rpm\r\n 7c208e9e3f7be1a68c3c8457eb2cafc4\r\n ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/src/k_smp4G-2.4.21-231.src.rpm\r\n b77863c863aaf4b931bff263220e6ec9\r\n ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/src/k_um-2.4.21-231.src.rpm\r\n bed7e964e22c5e5d2f5e7a5e3816dde4\r\n ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/src/kernel-source-2.4.21-231.src.rpm\r\n 6b5137bf379fbfc861441151039575da\r\n\r\n SUSE Linux 8.2:\r\n ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/k_deflt-2.4.20-115.i586.rpm\r\n 50d261b44616f9145a0dc16df501a504\r\n ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/k_athlon-2.4.20-115.i586.rpm\r\n 10095854c0bdae20991d90b822352e14\r\n ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/k_smp-2.4.20-115.i586.rpm\r\n a2ef7cfb0e62ad955dda2b0574eb3150\r\n ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/k_psmp-2.4.20-115.i586.rpm\r\n 1d2b0d0e2c7998685ed04c24e593b196\r\n ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/kernel-source-2.4.20.SuSE-115.i586.rpm\r\n d8bf98c46ba5313db286d5706f7fb3b8\r\n source rpm(s):\r\n ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/src/k_deflt-2.4.20-115.src.rpm\r\n e13a7b4c2b185cfeb991c31607f79ccb\r\n ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/src/k_athlon-2.4.20-115.src.rpm\r\n 0e2f2cf20e7d7a20f3e50b245105df61\r\n ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/src/k_smp-2.4.20-115.src.rpm\r\n 6cfac2914d3827ec562ff9d6be29c566\r\n ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/src/k_psmp-2.4.20-115.src.rpm\r\n afd29843aa69d805ef5f25d39ecd0e7f\r\n ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/src/kernel-source-2.4.20.SuSE-115.src.rpm\r\n 098a1400a48404931acb8b3eb2e821fb\r\n\r\n SUSE Linux 8.1:\r\n ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/k_deflt-2.4.21-231.i586.rpm\r\n 3bdaa593d09a7cbff632a2c4446d5603\r\n ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/k_athlon-2.4.21-231.i586.rpm\r\n ba60d0b2b6d3bc9c38b4e8b3859e1586\r\n ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/k_smp-2.4.21-231.i586.rpm\r\n ffa8983669004826a0cbedbe34dced76\r\n ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/k_psmp-2.4.21-231.i586.rpm\r\n 25174fd007f5a39ee0342dd6f18f2eaa\r\n ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/kernel-source-2.4.21-231.i586.rpm\r\n 10837fa561cd5104e55d48e46c837764\r\n source rpm(s):\r\n ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/src/k_deflt-2.4.21-231.src.rpm\r\n c37e8b87819602e77b14206affef00fa\r\n ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/src/k_athlon-2.4.21-231.src.rpm\r\n 7be68a677db5a65be1a46ec194b35497\r\n ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/src/k_smp-2.4.21-231.src.rpm\r\n 8e4b7d5a6bb81da5a00971cdcc4ec641\r\n ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/src/k_psmp-2.4.21-231.src.rpm\r\n d8ba1db81a9b517f867c970e4fc443a7\r\n ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/src/kernel-source-2.4.21-231.src.rpm\r\n 96a0a9242d066083c7bff8e0f70b7bbe\r\n\r\n SUSE Linux 8.0:\r\n ftp://ftp.suse.com/pub/suse/i386/update/8.0/images/k_deflt-2.4.18-303.i386.rpm\r\n ec1e53b3812c0c0bd3681435d69fb134\r\n ftp://ftp.suse.com/pub/suse/i386/update/8.0/images/k_smp-2.4.18-303.i386.rpm\r\n 583164e52019ae090fd47e425c2a933e\r\n ftp://ftp.suse.com/pub/suse/i386/update/8.0/images/k_psmp-2.4.18-303.i386.rpm\r\n 9ac8983abef05697d75f3117e37e5f18\r\n ftp://ftp.suse.com/pub/suse/i386/update/8.0/images/k_i386-2.4.18-303.i386.rpm\r\n 4932c4d6a42fc9be02013f398ab5bb96\r\n ftp://ftp.suse.com/pub/suse/i386/update/8.0/d3/kernel-source-2.4.18.SuSE-303.i386.rpm\r\n b9de0731f9bbc4b016455a6d52cd8296\r\n source rpm(s):\r\n ftp://ftp.suse.com/pub/suse/i386/update/8.0/zq1/k_deflt-2.4.18-303.src.rpm\r\n a73bacad80432c26e856c41338b154bd\r\n ftp://ftp.suse.com/pub/suse/i386/update/8.0/zq1/k_smp-2.4.18-303.src.rpm\r\n 782902cd14e7776db66bd61a12beee03\r\n ftp://ftp.suse.com/pub/suse/i386/update/8.0/zq1/k_psmp-2.4.18-303.src.rpm\r\n d71fa5cda488ae18f8d023cd8f28bb73\r\n ftp://ftp.suse.com/pub/suse/i386/update/8.0/zq1/k_i386-2.4.18-303.src.rpm\r\n a360a9e6ed2db54f69e17db36f02614f\r\n ftp://ftp.suse.com/pub/suse/i386/update/8.0/zq1/kernel-source-2.4.18.SuSE-303.nosrc.rpm\r\n 8017fd6ff8a6fc1a0660ab35ad174388\r\n\r\n\r\n\r\n x86-64 Platform:\r\n\r\n SUSE Linux 9.1:\r\n ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/kernel-default-2.6.5-7.95.x86_64.rpm\r\n e2c53fd24991f739fd754c07f7aa8293\r\n ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/kernel-smp-2.6.5-7.95.x86_64.rpm\r\n f4a69622b7628cdd662a4e39aa59b60e\r\n ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/kernel-source-2.6.5-7.95.x86_64.rpm\r\n e71adfb1fc662600eb11d3acf67c3dc3\r\n source rpm(s):\r\n ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/src/kernel-default-2.6.5-7.95.nosrc.rpm\r\n f6a364879d1f2ae2cf854810d61be3ac\r\n ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/src/kernel-smp-2.6.5-7.95.nosrc.rpm\r\n a0096d1fc067d89c9200ea3904713d59\r\n ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/src/kernel-source-2.6.5-7.95.src.rpm\r\n bf6d0439cfc37b50b4f6822c3403a74f\r\n\r\n SUSE Linux 9.0:\r\n ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/k_deflt-2.4.21-231.x86_64.rpm\r\n 17e008a737e5e95e71335e34fa7f86cf\r\n ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/k_smp-2.4.21-231.x86_64.rpm\r\n ca742b550b1a503595b02cbfc9e0e481\r\n ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/kernel-source-2.4.21-231.x86_64.rpm\r\n 8e0c16c42d1a89aa6a09be1dd575de47\r\n source rpm(s):\r\n ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/src/k_deflt-2.4.21-231.src.rpm\r\n 58b1bf42b5661119d06a04888144707a\r\n ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/src/k_smp-2.4.21-231.src.rpm\r\n 5103001136e39fca5a59f4cbde82822b\r\n ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/src/kernel-source-2.4.21-231.src.rpm\r\n 231c9e5e00f17df8cfd72d6c8a68d9cf\r\n\r\n\r\n______________________________________________________________________________\r\n\r\n2) Pending vulnerabilities in SUSE Distributions and Workarounds:\r\n\r\n - icecast\r\n The icecast service is vulnerable to a remote denial-of-service\r\n attack. Update packages will be available soon.\r\n\r\n - sitecopy\r\n The sitecopy package includes a vulnerable version of the\r\n neon library (CAN-2004-0179, CAN-2004-0398). Update packages will be\r\n available soon.\r\n\r\n - cadaver\r\n The cadaver package includes a vulnerable version of the\r\n neon library (CAN-2004-0179, CAN-2004-0398). Update packages will be\r\n available soon.\r\n\r\n - OpenOffice_org\r\n The OpenOffice_org package includes a vulnerable version\r\n of the neon library (CAN-2004-0179, CAN-2004-0398). Update packages\r\n will be available soon.\r\n\r\n - tripwire\r\n A format string bug in tripwire can be exploited locally\r\n to gain root permissions.\r\n New packages are available.\r\n\r\n - postgresql\r\n A buffer overflow in psqlODBC could be exploited to crash the\r\n application using it. E.g. a PHP script that uses ODBC to access a\r\n PostgreSQL database can be utilized to crash the surrounding Apache\r\n web-server. Other parts of PostgreSQL are not affected.\r\n New packages are available.\r\n\r\n - XDM/XFree86\r\n This update resolves random listening to ports by XDM\r\n that allows to connect via the XDMCP. SUSE LINUX 9.1\r\n is affected only.\r\n New packages are available.\r\n\r\n - mod_proxy\r\n A buffer overflow can be triggered by malicious remote\r\n servers that return a negative Content-Length value.\r\n This vulnerability can be used to execute commands remotely\r\n New packages are available.\r\n\r\n - freeswan\r\n A bug in the certificate chain authentication code could allow an\r\n attacker to authenticate any host against a FreeS/WAN server by\r\n presenting specially crafted certificates wrapped in a PKCS#7 file.\r\n The packages are currently being tested and will be available soon.\r\n\r\n - ipsec-tools\r\n The racoon daemon which is responsible for handling IKE messages\r\n fails to reject invalid or self-signed X.509 certificates which\r\n allows for man-in-the-middle attacks on IPsec tunnels established\r\n via racoon.\r\n The packages are currently being tested and will be available soon.\r\n\r\n - less\r\n This update fixes a possible symlink attack in lessopen.sh. The\r\n attack can be executed by local users to overwrite arbitrary files\r\n with the privileges of the user running less.\r\n New packages are available.\r\n\r\n - libpng\r\n This update adds a missing fix for CAN-2002-1363.\r\n New packages are available.\r\n\r\n - pavuk\r\n This update fixes a remotely exploitable buffer overflow in pavuk.\r\n Thanks to Ulf Harnhammar for reporting this to us.\r\n New packages are available.\r\n\r\n - kdebase3\r\n This update fixes a possible attack on tmp files created at the\r\n first login of a user using KDE or at the first time running a\r\n KDE application. This bug can be exploited locally to overwrite\r\n arbitrary files with the privilege of the victim user.\r\n Just affects SUSE LINUX 9.1\r\n New packages are available.\r\n\r\n______________________________________________________________________________\r\n\r\n3) standard appendix: authenticity verification, additional information\r\n\r\n - Package authenticity verification:\r\n\r\n SUSE update packages are available on many mirror ftp servers around\r\n the world. While this service is considered valuable and important\r\n to the free and open source software community, many users wish to be\r\n certain as to be the origin of the package and its content before\r\n installing the package. There are two independent verification methods\r\n that can be used to prove the authenticity of a downloaded file or\r\n rpm package:\r\n 1) md5sums as provided in the (cryptographically signed) announcement.\r\n 2) using the internal gpg signatures of the rpm package.\r\n\r\n 1) execute the command\r\n md5sum <name-of-the-file.rpm>\r\n after you have downloaded the file from a SUSE ftp server or its\r\n mirrors. Then, compare the resulting md5sum with the one that is\r\n listed in the announcement. Since the announcement containing the\r\n checksums is cryptographically signed (usually using the key\r\n security@suse.de), the checksums offer proof of the authenticity\r\n of the package.\r\n We recommend against subscribing to security lists which cause the\r\n email message containing the announcement to be modified so that\r\n the signature does not match after transport through the mailing\r\n list software.\r\n Downsides: You must be able to verify the authenticity of the\r\n announcement in the first place. If RPM packages are being rebuilt\r\n and a new version of a package is published on the ftp server, all\r\n md5 sums for the files are useless.\r\n\r\n 2) rpm package signatures provide an easy way to verify the authenticity\r\n of an rpm package. Use the command\r\n rpm -v --checksig <file.rpm>\r\n to verify the signature of the package, where <file.rpm> is the\r\n filename of the rpm package that you have downloaded. Of course,\r\n package authenticity verification can only target an un-installed rpm\r\n package file.\r\n Prerequisites:\r\n a) gpg is installed\r\n b) The package is signed using a certain key. The public part of this\r\n key must be installed by the gpg program in the directory\r\n ~/.gnupg/ under the user's home directory who performs the\r\n signature verification (usually root). You can import the key\r\n that is used by SUSE in rpm packages for SUSE Linux by saving\r\n this announcement to a file ("announcement.txt") and\r\n running the command (do "su -" to be root):\r\n gpg --batch; gpg < announcement.txt | gpg --import\r\n SUSE Linux distributions version 7.1 and thereafter install the\r\n key "build@suse.de" upon installation or upgrade, provided that\r\n the package gpg is installed. The file containing the public key\r\n is placed at the top-level directory of the first CD (pubring.gpg)\r\n and at ftp://ftp.suse.com/pub/suse/pubring.gpg-build.suse.de .\r\n\r\n\r\n - SUSE runs two security mailing lists to which any interested party may\r\n subscribe:\r\n\r\n suse-security@suse.com\r\n - general/linux/SUSE security discussion.\r\n All SUSE security announcements are sent to this list.\r\n To subscribe, send an email to\r\n <suse-security-subscribe@suse.com>.\r\n\r\n suse-security-announce@suse.com\r\n - SUSE's announce-only mailing list.\r\n Only SUSE's security announcements are sent to this list.\r\n To subscribe, send an email to\r\n <suse-security-announce-subscribe@suse.com>.\r\n\r\n For general information or the frequently asked questions (faq)\r\n send mail to:\r\n <suse-security-info@suse.com> or\r\n <suse-security-faq@suse.com> respectively.\r\n\r\n =====================================================================\r\n SUSE's security contact is <security@suse.com> or <security@suse.de>.\r\n The <security@suse.de> public key is listed below.\r\n =====================================================================\r\n______________________________________________________________________________\r\n\r\n The information in this advisory may be distributed or reproduced,\r\n provided that the advisory is not modified in any way. In particular,\r\n it is desired that the clear-text signature must show proof of the\r\n authenticity of the text.\r\n SUSE Linux AG makes no warranties of any kind whatsoever with respect\r\n to the information contained in this security advisory.\r\n\r\nType Bits/KeyID Date User ID\r\npub 2048R/3D25D3D9 1999-03-06 SuSE Security Team <security@suse.de>\r\npub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <build@suse.de>\r\n\r\n#####-----BEGIN PGP PUBLIC KEY BLOCK-----\r\nVersion: GnuPG v1.0.6 (GNU/Linux)\r\nComment: For info see http://www.gnupg.org\r\n\r\nmQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCkYS3yEKeueNWc+z/0Kvff\r\n4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP+Y0PFPboMvKx0FXl/A0d\r\nM+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR8xocQSVCFxcwvwCglVcO\r\nQliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U8c/yE/vdvpN6lF0tmFrK\r\nXBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0ScZqITuZC4CWxJa9GynBE\r\nD3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEhELBeGaPdNCcmfZ66rKUd\r\nG5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtBUVKn4zLUOf6aeBAoV6NM\r\nCC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOoAqajLfvkURHAeSsxXIoE\r\nmyW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1nKFvF+rQoU3VTRSBQYWNr\r\nYWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohcBBMRAgAcBQI57vSBBQkD\r\nwmcABAsKAwQDFQMCAxYCAQIXgAAKCRCoTtronIAKyl8sAJ98BgD40zw0GHJHIf6d\r\nNfnwI2PAsgCgjH1+PnYEl7TFjtZsqhezX7vZvYCIRgQQEQIABgUCOnBeUgAKCRCe\r\nQOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lxyoAejACeOO1HIbActAevk5MUBhNe\r\nLZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWnB/9An5vfiUUE1VQnt+T/EYklES3t\r\nXXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDVwM2OgSEISZxbzdXGnqIlcT08TzBU\r\nD9i579uifklLsnr35SJDZ6ram51/CWOnnaVhUzneOA9gTPSr+/fT3WeVnwJiQCQ3\r\n0kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF5Yryk23pQUPAgJENDEqeU6iIO9Ot\r\n1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3D3EN8C1yPqZd5CvvznYvB6bWBIpW\r\ncRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGuzgpJt9IXSzyohEJB6XG5+D0BiF0E\r\nExECAB0FAjxqqTQFCQoAgrMFCwcKAwQDFQMCAxYCAQIXgAAKCRCoTtronIAKyp1f\r\nAJ9dR7saz2KPNwD3U+fy/0BDKXrYGACfbJ8fQcJqCBQxeHvt9yMPDVq0B0W5Ag0E\r\nOe70khAIAISR0E3ozF/la+oNaRwxHLrCet30NgnxRROYhPaJB/Tu1FQokn2/Qld/\r\nHZnh3TwhBIw1FqrhWBJ7491iAjLR9uPbdWJrn+A7t8kSkPaF3Z/6kyc5a8fas44h\r\nt5h+6HMBzoFCMAq2aBHQRFRNp9Mz1ZvoXXcI1lk1l8OqcUM/ovXbDfPcXsUVeTPT\r\ntGzcAi2jVl9hl3iwJKkyv/RLmcusdsi8YunbvWGFAF5GaagYQo7YlF6UaBQnYJTM\r\n523AMgpPQtsKm9o/w9WdgXkgWhgkhZEeqUS3m5xNey1nLu9iMvq9M/iXnGz4sg6Q\r\n2Y+GqZ+yAvNWjRRou3zSE7Bzg28MI4sAAwYH/2D71Xc5HPDgu87WnBFgmp8MpSr8\r\nQnSs0wwPg3xEullGEocolSb2c0ctuSyeVnCttJMzkukL9TqyF4s/6XRstWirSWaw\r\nJxRLKH6Zjo/FaKsshYKf8gBkAaddvpl3pO0gmUYbqmpQ3xDEYlhCeieXS5MkockQ\r\n1sj2xYdB1xO0ExzfiCiscUKjUFy+mdzUsUutafuZ+gbHog1CN/ccZCkxcBa5IFCH\r\nORrNjq9pYWlrxsEn6ApsG7JJbM2besW1PkdEoxak74z1senh36m5jQvVjA3U4xq1\r\nwwylxadmmJaJHzeiLfb7G1ZRjZTsB7fyYxqDzMVul6o9BSwO/1XsIAnV1uuITAQY\r\nEQIADAUCOe70kgUJA8JnAAAKCRCoTtronIAKyksiAJsFB3/77SkH3JlYOGrEe1Ol\r\n0JdGwACeKTttgeVPFB+iGJdiwQlxasOfuXyITAQYEQIADAUCPGqpWQUJCgCCxwAK\r\nCRCoTtronIAKyofBAKCSZM2UFyta/fe9WgITK9I5hbxxtQCfX+0ar2CZmSknn3co\r\nSPihn1+OBNyZAQ0DNuEtBAAAAQgAoCRcd7SVZEFcumffyEwfLTcXQjhKzOahzxpo\r\nomuF+HIyU4AGq+SU8sTZ/1SsjhdzzrSAfv1lETACA+3SmLr5KV40Us1w0UC64cwt\r\nA46xowVq1vMlH2Lib+V/qr3b1hE67nMHjysECVx9Ob4gFuKNoR2eqnAaJvjnAT8J\r\n/LoUC20EdCHUqn6v+M9t/WZgC+WNR8cq69uDy3YQhDP/nIan6fm2uf2kSV9A7ZxE\r\nGrwsWl/WX5Q/sQqMWaU6r4az98X3z90/cN+eJJ3vwtA+rm+nxEvyev+jaLuOQBDf\r\nebh/XA4FZ35xmi+spdiVeJH4F/ubaGlmj7+wDOF3suYAPSXT2QAFEbQlU3VTRSBT\r\nZWN1cml0eSBUZWFtIDxzZWN1cml0eUBzdXNlLmRlPokBFQMFEDbhLUfkWLKHsco8\r\nRQEBVw4H/1vIdiOLX/7hdzYaG9crQVIk3QwaB5eBbjvLEMvuCZHiY2COUg5QdmPQ\r\n8SlWNZ6k4nu1BLcv2g/pymPUWP9fG4tuSnlUJDrWGm3nhyhAC9iudP2u1YQY37Gb\r\nB6NPVaZiYMnEb4QYFcqv5c/r2ghSXUTYk7etd6SW6WCOpEqizhx1cqDKNZnsI/1X\r\n11pFcO2N7rc6byDBJ1T+cK+F1Ehan9XBt/shryJmv04nli5CXQMEbiqYYMOu8iaA\r\n8AWRgXPCWqhyGhcVD3LRhUJXjUOdH4ZiHCXaoF3zVPxpeGKEQY8iBrDeDyB3wHmj\r\nqY9WCX6cmogGQRgYG6yJqDalLqrDOdmJARUDBRA24S0Ed7LmAD0l09kBAW04B/4p\r\nWH3f1vQn3i6/+SmDjGzUu2GWGq6Fsdwo2hVM2ym6CILeow/K9JfhdwGvY8LRxWRL\r\nhn09j2IJ9P7H1Yz3qDf10AX6V7YILHtchKT1dcngCkTLmDgC4rs1iAAl3f089sRG\r\nBafGPGKv2DQjHfR1LfRtbf0P7c09Tkej1MP8HtQMW9hPkBYeXcwbCjdrVGFOzqx+\r\nAvvJDdT6a+oyRMTFlvmZ83UV5pgoyimgjhWnM1V4bFBYjPrtWMkdXJSUXbR6Q7Pi\r\nRZWCzGRzwbaxqpl3rK/YTCphOLwEMB27B4/fcqtBzgoMOiaZA0M5fFoo54KgRIh0\r\nzinsSx2OrWgvSiLEXXYKiEYEEBECAAYFAjseYcMACgkQnkDjEAAKq6ROVACgjhDM\r\n/3KM+iFjs5QXsnd4oFPOnbkAnjYGa1J3em+bmV2aiCdYXdOuGn4ZiQCVAwUQN7c7\r\nwhaQN/7O/JIVAQEB+QP/cYblSAmPXxSFiaHWB+MiUNw8B6ozBLK0QcMQ2YcL6+Vl\r\nD+nSZP20+Ja2nfiKjnibCv5ss83yXoHkYk2Rsa8foz6Y7tHwuPiccvqnIC/c9Cvz\r\ndbIsdxpfsi0qWPfvX/jLMpXqqnPjdIZErgxpwujas1n9016PuXA8K3MJwVjCqSKI\r\nRgQQEQIABgUCOhpCpAAKCRDHUqoysN/3gCt7AJ9adNQMbmA1iSYcbhtgvx9ByLPI\r\nDgCfZ5Wj+f7cnYpFZI6GkAyyczG09sE=\r\n=LRKC\r\n- -----END PGP PUBLIC KEY BLOCK-----\r\n\r\n- -- \r\n - -\r\n| Roman Drahtmüller <draht@suse.de> // "You don't need eyes to see, |\r\n SUSE Linux AG - Security Phone: // you need vision!"\r\n| Nürnberg, Germany +49-911-740530 // Maxi Jazz, Faithless |\r\n - -\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.0.7 (GNU/Linux)\r\n\r\niQEVAwUBQOWPL3ey5gA9JdPZAQFFzQf+Mo5WmO40BDHakn4qD5rAcfU6H/0rhMpy\r\nBi8r+g6GoSp/m2Zy+1O0Qn3jVb/iirVlnHH3DND1r/GunM3c5CTaMYt2Bt7PTOdt\r\nOsjD41lbiFlHDmmmaodROQvcrz7T67YU0gCtSKJdDfs2ATiiUOcyUQZNfi/PiEqD\r\njwmKpP5c1NXSXPSwZ2f430itJA5iUqqVBeB1WHn63kOnIKtHBJ9c6uw3rZ99t1OA\r\niud3L+VQSycb8xQSlOsuiaYW1S236VsogKWRbqY76eo7E2AnVQlMpcZkyW91/vfT\r\nWntQlZJAaGFX1q/IyGy+PGFPUoJjNc7H6jy5ZqJqXR5Sb0KrHfadCQ==\r\n=24bz\r\n-----END PGP SIGNATURE-----", "edition": 1, "cvss3": {}, "published": "2004-07-03T00:00:00", "title": "SUSE Security Announcement: kernel (SUSE-SA:2004:020)", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2004-0497", "CVE-2004-0535", "CVE-2002-1363", "CVE-2004-0398", "CVE-2004-0179", "CVE-2004-0496", "CVE-2004-0495", "CVE-2004-0626"], "modified": "2004-07-03T00:00:00", "id": "SECURITYVULNS:DOC:6436", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:6436", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "suse": [{"lastseen": "2021-06-08T18:42:49", "description": "The Linux kernel is vulnerable to a local denial-of-service attack. By using a C program it is possible to trigger a floating point exception that puts the kernel into an unusable state. To execute this attack a malicious user needs shell access to the victim's machine. The severity of this bug is considered low because local denial-of- service attacks are hard to prevent in general. Additionally the bug is limited to x86 and x86_64 architecture.", "cvss3": {}, "published": "2004-06-16T14:13:55", "type": "suse", "title": "local denial-of-service attack in kernel", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2004-0398", "CVE-2004-0179", "CVE-2004-0554"], "modified": "2004-06-16T14:13:55", "id": "SUSE-SA:2004:017", "href": "http://lists.opensuse.org/opensuse-security-announce/2004-06/msg00008.html", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-04T12:29:26", "description": "Subversion is a version control system like the well known CVS. The subversion code is vulnerable to a remotely exploitable buffer overflow on the heap. The bug appears before any authentication took place. An attacker is able to execute arbitray code by abusing this vulnerability.", "cvss3": {}, "published": "2004-06-17T09:42:39", "type": "suse", "title": "remote system compromise in subversion", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2004-0413", "CVE-2004-0398", "CVE-2004-0179"], "modified": "2004-06-17T09:42:39", "id": "SUSE-SA:2004:018", "href": "http://lists.opensuse.org/opensuse-security-announce/2004-06/msg00010.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:44:54", "description": "Squid is a feature-rich web-proxy with support for various web-related protocols. The NTLM authentication helper application of Squid is vulnerable to a buffer overflow that can be exploited remotely by using a long password to execute arbitrary code. NTLM authentication is enabled by default in the Squid package that is shipped by SUSE LINUX.", "cvss3": {}, "published": "2004-06-09T14:47:16", "type": "suse", "title": "remote system compromise in squid", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2004-0398", "CVE-2004-0179", "CVE-2004-0541"], "modified": "2004-06-09T14:47:16", "id": "SUSE-SA:2004:016", "href": "http://lists.opensuse.org/opensuse-security-announce/2004-06/msg00007.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:05:42", "description": "The Dynamic Host Configuration Protocol (DHCP) server is used to configure clients that dynamically connect to a network (WLAN hotspots, customer networks, ...). The CERT informed us about a buffer overflow in the logging code of the server that can be triggered by a malicious client by supplying multiple hostnames. The hostname strings are concatenated and copied in a fixed size buffer without checking the buffer bounds. Other possible buffer overflow conditions exist in using vsprintf() instead of vsnprintf(). This behavior can be configured during compile- time. The dhcp/dhcp-server package coming with SUSE LINUX used the vulnerable vsprintf() function.", "cvss3": {}, "published": "2004-06-23T07:29:17", "type": "suse", "title": "remote system compromise in dhcp/dhcp-server", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2004-0461", "CVE-2004-0398", "CVE-2004-0460", "CVE-2004-0179"], "modified": "2004-06-23T07:29:17", "id": "SUSE-SA:2004:019", "href": "http://lists.opensuse.org/opensuse-security-announce/2004-06/msg00011.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:13:32", "description": "The Samba Web Administration Tool (SWAT) was found vulnerable to a buffer overflow in its base64 code. This buffer overflow can possibly be exploited remotely before any authentication took place to execute arbitrary code. The same piece of vulnerable code was also used in ldapsam passdb and in the ntlm_auth tool. This vulnerability only exists on Samba 3.0.2 to 3.0.4.", "cvss3": {}, "published": "2004-07-23T11:20:42", "type": "suse", "title": "remote root compromise in samba", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2004-0686", "CVE-2004-0398", "CVE-2004-0179", "CVE-2004-0600"], "modified": "2004-07-23T11:20:42", "id": "SUSE-SA:2004:022", "href": "http://lists.opensuse.org/opensuse-security-announce/2004-07/msg00005.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:22:50", "description": "PHP is a well known, widely-used scripting language often used within web server setups. Stefan Esser found a problem with the \"memory_limit\" handling of PHP which allows remote attackers to execute arbitrary code as the user running the PHP interpreter. This problem has been fixed. Additionally a problem within the \"strip_tags\" function has been found and fixed which allowed remote attackers to inject arbitrary tags into certain web browsers, issuing XSS related attacks. Since there is no easy workaround except disabling PHP, we recommend an update for users running the PHP interpreter within the apache web server.", "cvss3": {}, "published": "2004-07-16T12:43:18", "type": "suse", "title": "remote code execution in php4/mod_php4", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2004-0493", "CVE-2004-0398", "CVE-2004-0595", "CVE-2004-0179", "CVE-2004-0594"], "modified": "2004-07-16T12:43:18", "id": "SUSE-SA:2004:021", "href": "http://lists.opensuse.org/opensuse-security-announce/2004-07/msg00004.html", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-04T12:02:17", "description": "The Concurrent Versions System (CVS) offers tools which allow developers to share and maintain large software projects. During the analyzation of the CVS protocol and their implementation, the SuSE Security Team discovered a flaw within the handling of pathnames. Evil CVS servers could specify absolute pathnames during checkouts and updates, which allows to create arbitrary files with the permissions of the user invoking the CVS client. This could lead to a compromise of the system. Please download the update package for your distribution and verify its integrity by the methods listed in section 3) of this announcement. Then, install the package using the command \"rpm -Fhv file.rpm\" to apply the update. Our maintenance customers are being notified individually. The packages are being offered to install from the maintenance web.", "cvss3": {}, "published": "2004-04-14T15:54:44", "type": "suse", "title": "remote code execution in cvs", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2004-0180", "CVE-2003-0991", "CVE-2004-0113", "CVE-2004-0179", "CVE-2004-0174", "CVE-2004-0153", "CVE-2003-0020", "CVE-2004-0152"], "modified": "2004-04-14T15:54:44", "id": "SUSE-SA:2004:008", "href": "http://lists.opensuse.org/opensuse-security-announce/2004-04/msg00005.html", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2021-06-08T18:42:49", "description": "Multiple security vulnerabilities are being addressed with this security update of the Linux kernel.", "cvss3": {}, "published": "2004-07-02T16:38:51", "type": "suse", "title": "local privilege escalation in kernel", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2004-0497", "CVE-2004-0535", "CVE-2002-1363", "CVE-2004-0398", "CVE-2004-0179", "CVE-2004-0496", "CVE-2004-0495", "CVE-2004-0626", "CVE-2004-0592"], "modified": "2004-07-02T16:38:51", "id": "SUSE-SA:2004:020", "href": "http://lists.opensuse.org/opensuse-security-announce/2004-07/msg00003.html", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2021-06-08T18:42:49", "description": "iDEFENSE Inc. informed us about a buffer overflow in the linux 2.4 kernel code which handles ISO9660 filesystems. The original code is not able to handle very long symlink names. The vulnerability can be triggered locally by mounting removable media that contains a malformed filesystem or by using the loopback device. Exploiting this buffer overflow results in kernel-level access to the system.", "cvss3": {}, "published": "2004-04-14T15:46:44", "type": "suse", "title": "local privilege escalation in Linux Kernel", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2003-0991", "CVE-2004-0113", "CVE-2004-0179", "CVE-2004-0174", "CVE-2004-0153", "CVE-2004-0175", "CVE-2003-0020", "CVE-2004-0152", "CVE-2004-0181", "CVE-2004-0109"], "modified": "2004-04-14T15:46:44", "id": "SUSE-SA:2004:009", "href": "http://lists.opensuse.org/opensuse-security-announce/2004-04/msg00004.html", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-04T12:39:27", "description": "The Concurrent Versions System (CVS) offers tools which allow developers to share and maintain large software projects. Various remotely exploitable conditions have been found during a source code review of CVS done by Stefan Esser and Sebastian Krahmer (SuSE Security-Team). These bugs allow remote attackers to execute arbitrary code as the user the CVS server runs as. Since there is no easy workaround we strongly recommend to update the cvs package. The update packages fix vulnerabilities which have been assigned the CAN numbers CAN-2004-0416, CAN-2004-0417 and CAN-2004-0418. The cvs packages shipped by SUSE (as well as our recent updates for CVS) are not vulnerable to CAN-2004-0414.", "cvss3": {}, "published": "2004-06-09T13:52:11", "type": "suse", "title": "remote command execution in cvs", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2004-0416", "CVE-2003-0987", "CVE-2004-0398", "CVE-2004-0418", "CVE-2004-0179", "CVE-2003-0993", "CVE-2004-0174", "CVE-2003-0020", "CVE-2004-0414", "CVE-2004-0417"], "modified": "2004-06-09T13:52:11", "id": "SUSE-SA:2004:015", "href": "http://lists.opensuse.org/opensuse-security-announce/2004-06/msg00006.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "cert": [{"lastseen": "2021-09-28T17:53:05", "description": "### Overview\n\nThe Linux kernel contains a denial-of-service vulnerability that allows local users to disable affected hosts.\n\n### Description\n\nSeveral versions of the Linux kernel contain a defect in their use of the Intel processor instruction set. The \"fsave\" and \"frstor\" instructions are used to store and restore the state of the processor's floating point unit (FPU), respectively. Typically, manipulation of the FPU is handled by the compiler of a high-level programming language, but some languages allow programmers to invoke assembly instructions directly.\n\nBy using a combination of calls to fsave and frstor, it is possible to write a simple program that will force the Linux kernel into an infinite signal handling loop. When this occurs, the kernel will fail to operate properly or respond to input, causing a denial-of-service condition. Such a program does not require specialized tools or privileged system access, so it is possible for any local user to exploit this vulnerability. \n \n--- \n \n### Impact\n\nThis vulnerability allows local users to disable the Linux kernel on affected hosts, resulting in a denial-of-service condition. \n \n--- \n \n### Solution\n\n**Apply a patch from your vendor** \n \nThe Systems Affected section of this document contains a list of vendors that have been notified of this issue, as well as their responses. \n \n--- \n \n### Vendor Information\n\n973654\n\nFilter by status: All Affected Not Affected Unknown\n\nFilter by content: __ Additional information available\n\n__ Sort by: Status Alphabetical\n\nExpand all\n\n**Javascript is disabled. Click here to view vendors.**\n\n### Conectiva __ Affected\n\nNotified: June 15, 2004 Updated: August 18, 2004 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\n`-----BEGIN PGP SIGNED MESSAGE----- \nHash: SHA1 \n \n- -------------------------------------------------------------------------- \nCONECTIVA LINUX SECURITY ANNOUNCEMENT \n- -------------------------------------------------------------------------- \n \nPACKAGE : kernel \nSUMMARY : Fixes for kernel vulnerabilities \nDATE : 2004-06-22 10:12:00 \nID : CLA-2004:845 \nRELEVANT \nRELEASES : 8, 9 \n \n- ------------------------------------------------------------------------- \n \nDESCRIPTION \nThe Linux kernel is responsible for handling the basic functions of \nthe GNU/Linux operating system. \n \nThis announcement fixes the following vulnerabilities: \n \n1. Local denial of service vulnerability (CAN-2004-0554[1]) \n \nStian Skjelstad found[2] a vulnerability[1] in the fpu controller \ncode that can be used by local attackers to cause a denial of service \n(DoS) on the system. \n \n2. Local memory disclosure vulnerability (CAN-2004-0535[3]) \n \nChris Wright found a vulnerability[3] in the Intel(R) PRO/1000 \nethernet card driver that could allow a local attacker to read some \nbytes of kernel memory. \n \n3. Sparse vulnerabilities (CAN-2004-0495[4]) \n \nAl Viro, by using Sparse[5] (a code inspection tool), found several \nvulnerabilities which, in the worst case, might allow local attackers \nto obtain root privileges. \n \n \nSOLUTION \nIt is recommended that all Conectiva Linux users upgrade the kernel \npackage. \n \nIMPORTANT: exercise caution and preparation when upgrading the \nkernel, since it will require a reboot after the new packages are \ninstalled. In particular, Conectiva Linux 9 will most likely require \nan initrd file (which is automatically created in the /boot directory \nafter the new packages are installed). Generic kernel update \ninstructions can be obtained in the manuals and in our updates \npage[6]. More detailed instructions are also available in Portuguese \nat our Moin[7] page. \n \n \nREFERENCES: \n1.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0554 \n2.http://marc.theaimsgroup.com/?l=linux-kernel&m=108681568931323&w=2 \n3.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0535 \n4.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0495 \n5.http://sparse.bkbits.net:8080/sparse/ \n6.https://moin.conectiva.com.br/UpdatingKernelPackages \n7.http://www.conectiva.com.br/suporte/pr/sistema.kernel.atualizar.html \n \n \n \nUPDATED PACKAGES \n<ftp://atualizacoes.conectiva.com.br/8/SRPMS/kernel-2.4.19-1U80_22cl.src.rpm> \n<ftp://atualizacoes.conectiva.com.br/8/RPMS/devfsd-2.4.19-1U80_22cl.i386.rpm> \n<ftp://atualizacoes.conectiva.com.br/8/RPMS/kernel-2.4.19-1U80_22cl.i386.rpm> \n<ftp://atualizacoes.conectiva.com.br/8/RPMS/kernel-2.4.19-1U80_22cl.i586.rpm> \n<ftp://atualizacoes.conectiva.com.br/8/RPMS/kernel-2.4.19-1U80_22cl.i686.rpm> \n<ftp://atualizacoes.conectiva.com.br/8/RPMS/kernel-BOOT-2.4.19-1U80_22cl.i386.rpm> \n<ftp://atualizacoes.conectiva.com.br/8/RPMS/kernel-doc-2.4.19-1U80_22cl.i386.rpm> \n<ftp://atualizacoes.conectiva.com.br/8/RPMS/kernel-enterprise-2.4.19-1U80_22cl.i686.rpm> \n<ftp://atualizacoes.conectiva.com.br/8/RPMS/kernel-headers-2.4.19-1U80_22cl.i386.rpm> \n<ftp://atualizacoes.conectiva.com.br/8/RPMS/kernel-rbc-2.4.19-1U80_22cl.i386.rpm> \n<ftp://atualizacoes.conectiva.com.br/8/RPMS/kernel-smp-2.4.19-1U80_22cl.i386.rpm> \n<ftp://atualizacoes.conectiva.com.br/8/RPMS/kernel-smp-2.4.19-1U80_22cl.i586.rpm> \n<ftp://atualizacoes.conectiva.com.br/8/RPMS/kernel-smp-2.4.19-1U80_22cl.i686.rpm> \n<ftp://atualizacoes.conectiva.com.br/8/RPMS/kernel-source-2.4.19-1U80_22cl.i386.rpm> \n<ftp://atualizacoes.conectiva.com.br/9/SRPMS/kernel24-2.4.21-31301U90_16cl.src.rpm> \n<ftp://atualizacoes.conectiva.com.br/9/RPMS/devfsd-2.4.21-31301U90_16cl.i386.rpm> \n<ftp://atualizacoes.conectiva.com.br/9/RPMS/kernel24-2.4.21-31301U90_16cl.athlon.rpm> \n<ftp://atualizacoes.conectiva.com.br/9/RPMS/kernel24-2.4.21-31301U90_16cl.i386.rpm> \n<ftp://atualizacoes.conectiva.com.br/9/RPMS/kernel24-2.4.21-31301U90_16cl.i586.rpm> \n<ftp://atualizacoes.conectiva.com.br/9/RPMS/kernel24-2.4.21-31301U90_16cl.i686.rpm> \n<ftp://atualizacoes.conectiva.com.br/9/RPMS/kernel24-2.4.21-31301U90_16cl.pentium4.rpm> \n<ftp://atualizacoes.conectiva.com.br/9/RPMS/kernel24-BOOT-2.4.21-31301U90_16cl.i386.rpm> \n<ftp://atualizacoes.conectiva.com.br/9/RPMS/kernel24-doc-2.4.21-31301U90_16cl.i386.rpm> \n<ftp://atualizacoes.conectiva.com.br/9/RPMS/kernel24-enterprise-2.4.21-31301U90_16cl.athlon.rpm> \n<ftp://atualizacoes.conectiva.com.br/9/RPMS/kernel24-enterprise-2.4.21-31301U90_16cl.i686.rpm> \n<ftp://atualizacoes.conectiva.com.br/9/RPMS/kernel24-enterprise-2.4.21-31301U90_16cl.pentium4.rpm> \n<ftp://atualizacoes.conectiva.com.br/9/RPMS/kernel24-headers-2.4.21-31301U90_16cl.i386.rpm> \n<ftp://atualizacoes.conectiva.com.br/9/RPMS/kernel24-rbc-2.4.21-31301U90_16cl.i386.rpm> \n<ftp://atualizacoes.conectiva.com.br/9/RPMS/kernel24-smp-2.4.21-31301U90_16cl.athlon.rpm> \n<ftp://atualizacoes.conectiva.com.br/9/RPMS/kernel24-smp-2.4.21-31301U90_16cl.i386.rpm> \n<ftp://atualizacoes.conectiva.com.br/9/RPMS/kernel24-smp-2.4.21-31301U90_16cl.i586.rpm> \n<ftp://atualizacoes.conectiva.com.br/9/RPMS/kernel24-smp-2.4.21-31301U90_16cl.i686.rpm> \n<ftp://atualizacoes.conectiva.com.br/9/RPMS/kernel24-smp-2.4.21-31301U90_16cl.pentium4.rpm> \n<ftp://atualizacoes.conectiva.com.br/9/RPMS/kernel24-source-2.4.21-31301U90_16cl.i386.rpm> \n \n \nADDITIONAL INSTRUCTIONS \nThe apt tool can be used to perform RPM packages upgrades: \n \n- run: apt-get update \n- after that, execute: apt-get upgrade \n \nDetailed instructions regarding the use of apt and upgrade examples \ncan be found at <http://distro.conectiva.com.br/atualizacoes/#apt?idioma=en> \n \n- ------------------------------------------------------------------------- \nAll packages are signed with Conectiva's GPG key. The key and instructions \non how to import it can be found at \n<http://distro.conectiva.com.br/seguranca/chave/?idioma=en> \nInstructions on how to check the signatures of the RPM packages can be \nfound at <http://distro.conectiva.com.br/seguranca/politica/?idioma=en> \n \n- ------------------------------------------------------------------------- \nAll our advisories and generic update instructions can be viewed at \n<http://distro.conectiva.com.br/atualizacoes/?idioma=en> \n \n- ------------------------------------------------------------------------- \nCopyright (c) 2004 Conectiva Inc. \n<http://www.conectiva.com> \n \n- ------------------------------------------------------------------------- \nsubscribe: conectiva-updates-subscribe@papaleguas.conectiva.com.br \nunsubscribe: conectiva-updates-unsubscribe@papaleguas.conectiva.com.br \n-----BEGIN PGP SIGNATURE----- \nVersion: GnuPG v1.0.6 (GNU/Linux) \nComment: For info see <http://www.gnupg.org> \n \niD8DBQFA2DCq42jd0JmAcZARAg49AJ9sqVjI/FsSEeWfws1iPyJ0szUIPgCfZ9kw \ny6YY+kD2FTucN7+WNLkZZKg= \n=NSse \n-----END PGP SIGNATURE-----`\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23973654 Feedback>).\n\n### Guardian Digital Inc. __ Affected\n\nNotified: June 15, 2004 Updated: August 18, 2004 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\n`-----BEGIN PGP SIGNED MESSAGE----- \nHash: SHA1 \n \n \n+------------------------------------------------------------------------+ \n| Guardian Digital Security Advisory June 21, 2004 | \n| <http://www.guardiandigital.com> ESA-20040621-005 | \n| | \n| Package: kernel | \n| Summary: Several vulnerabilities. | \n+------------------------------------------------------------------------+ \n \nEnGarde Secure Linux is an enterprise class Linux platform engineered \nto enable corporations to quickly and cost-effectively build a complete \nand secure Internet presence while preventing Internet threats. \n \nOVERVIEW \n- -------- \nThis update fixes several security vulnerabilities in the Linux Kernel \nshipped with EnGarde Secure Linux, most notably the \"fsave/frstor\" \nvulnerability (CAN-2004-0554) and an information leak in the e1000 \ndriver (CAN-2004-0535). \n \nGuardian Digital products affected by this issue include: \n \nEnGarde Secure Community 2 \nEnGarde Secure Professional v1.5 \n \nIt is recommended that all users apply this update as soon as possible. \n \nSOLUTION \n- -------- \nGuardian Digital Secure Network subscribers may automatically update \naffected systems by accessing their account from within the Guardian \nDigital WebTool. \n \nTo modify your GDSN account and contact preferences, please go to: \n \n<https://www.guardiandigital.com/account/> \n \nREFERENCES \n- ---------- \nGuardian Digital's public key: \n<http://ftp.engardelinux.org/pub/engarde/ENGARDE-GPG-KEY> \n \nOfficial Web Site of the Linux Kernel: \n<http://www.kernel.org/> \n \nGuardian Digital Advisories: \n<http://infocenter.guardiandigital.com/advisories/> \n \nSecurity Contact: security@guardiandigital.com \n \n- -------------------------------------------------------------------------- \nAuthor: Ryan W. Maple <ryan@guardiandigital.com> \nCopyright 2004, Guardian Digital, Inc. \n \n-----BEGIN PGP SIGNATURE----- \nVersion: GnuPG v1.2.2 (GNU/Linux) \n \niD8DBQFA1xEMHD5cqd57fu0RAimkAJ91QQbdq0KTPMApdbuBk0W4VaHQUQCfXTgV \nCEwu6/nwrjKh4msuRNWV4g0= \n=plmV \n-----END PGP SIGNATURE-----`\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23973654 Feedback>).\n\n### MandrakeSoft __ Affected\n\nNotified: June 15, 2004 Updated: August 18, 2004 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\n`-----BEGIN PGP SIGNED MESSAGE----- \nHash: SHA1 \n \n_______________________________________________________________________ \n \nMandrakelinux Security Update Advisory \n_______________________________________________________________________ \n \nPackage name: kernel \nAdvisory ID: MDKSA-2004:062 \nDate: June 23rd, 2004 \n \nAffected versions: 10.0, 9.1, 9.2, Corporate Server 2.1, \nMulti Network Firewall 8.2 \n______________________________________________________________________ \n \nProblem Description: \n \nA vulnerability in the e1000 driver for the Linux kernel 2.4.26 and \nearlier was discovered by Chris Wright. The e1000 driver does not \nproperly reset memory or restrict the maximum length of a data \nstructure, which can allow a local user to read portions of kernel \nmemory (CAN-2004-0535). \n \nA vulnerability was also discovered in the kernel were a certain C \nprogram would trigger a floating point exception that would crash the \nkernel. This vulnerability can only be triggered locally by users with \nshell access (CAN-2004-0554). \n_______________________________________________________________________ \n \nReferences: \n \n<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0535> \n<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0554> \n<http://www.kb.cert.org/vuls/id/973654> \n______________________________________________________________________ \n \nUpdated Packages: \n \nMandrakelinux 10.0: \n4d206822c79940210133a7480d21e3df 10.0/RPMS/kernel-2.4.25.6mdk-1-1mdk.i586.rpm \n68bcd25169105b157075c49ae1afc652 10.0/RPMS/kernel-2.6.3.14mdk-1-1mdk.i586.rpm \nabf8ad1259bf4f92a49e36dfcf3c9c39 10.0/RPMS/kernel-enterprise-2.4.25.6mdk-1-1mdk.i586.rpm \n312e78a0c775dbb7b9cbef0d99a04fcd 10.0/RPMS/kernel-enterprise-2.6.3.14mdk-1-1mdk.i586.rpm \ne488a38369863ce174eedaf556cb3b89 10.0/RPMS/kernel-i686-up-4GB-2.4.25.6mdk-1-1mdk.i586.rpm \n4793fe40b2af0fdd5864f72db0615e50 10.0/RPMS/kernel-i686-up-4GB-2.6.3.14mdk-1-1mdk.i586.rpm \n762657bdede72b9a35acb17b395ee1ff 10.0/RPMS/kernel-p3-smp-64GB-2.4.25.6mdk-1-1mdk.i586.rpm \n20aef99ab5994559227cbd7010d24e3a 10.0/RPMS/kernel-p3-smp-64GB-2.6.3.14mdk-1-1mdk.i586.rpm \n08196ea86336c42d850916038a6b40ba 10.0/RPMS/kernel-secure-2.6.3.14mdk-1-1mdk.i586.rpm \n98edb621bf6194742b9f4acf41ac798a 10.0/RPMS/kernel-smp-2.4.25.6mdk-1-1mdk.i586.rpm \n97b43a5beecc427cec5339f7b230937b 10.0/RPMS/kernel-smp-2.6.3.14mdk-1-1mdk.i586.rpm \nc61995bd80f09c18d644b63574830564 10.0/RPMS/kernel-source-2.4.25-6mdk.i586.rpm \na595b55173adb08a6ee525aba7a11bcf 10.0/RPMS/kernel-source-2.6.3-14mdk.i586.rpm \n356ca3809548835c8d1543b1c5bd2c78 10.0/RPMS/kernel-source-stripped-2.6.3-14mdk.i586.rpm \n84c88cb9db5910bf541d69d041d146a2 10.0/SRPMS/kernel-2.4.25.6mdk-1-1mdk.src.rpm \n7dd3f9640e29fd2365338e6350d38ef8 10.0/SRPMS/kernel-2.6.3.14mdk-1-1mdk.src.rpm \n \nMandrakelinux 10.0/AMD64: \n0bbe2751bf80eb4cd0b62d577e580c44 amd64/10.0/RPMS/kernel-2.4.25.6mdk-1-1mdk.amd64.rpm \n2ed3cdb8d1d5a9da83e068c4be01f91f amd64/10.0/RPMS/kernel-2.6.3.14mdk-1-1mdk.amd64.rpm \naa4eee1b7d2e75100e9fac4f60484c2d amd64/10.0/RPMS/kernel-secure-2.6.3.14mdk-1-1mdk.amd64.rpm \n6c68464ee6a8f8e6abfd4aec1bc01c2a amd64/10.0/RPMS/kernel-smp-2.4.25.6mdk-1-1mdk.amd64.rpm \nacc109c127a3c52cf1d2e0f86834a62a amd64/10.0/RPMS/kernel-smp-2.6.3.14mdk-1-1mdk.amd64.rpm \nfdd0f9614d7fe27508319c021e83a41e amd64/10.0/RPMS/kernel-source-2.4.25-6mdk.amd64.rpm \ndfc6b8544787e556a30d1165cce8bfbc amd64/10.0/RPMS/kernel-source-2.6.3-14mdk.amd64.rpm \n23f827e67259b79381a9e8dd454880fa amd64/10.0/RPMS/kernel-source-stripped-2.6.3-14mdk.amd64.rpm \n84c88cb9db5910bf541d69d041d146a2 amd64/10.0/SRPMS/kernel-2.4.25.6mdk-1-1mdk.src.rpm \n7dd3f9640e29fd2365338e6350d38ef8 amd64/10.0/SRPMS/kernel-2.6.3.14mdk-1-1mdk.src.rpm \n \nCorporate Server 2.1: \n46927be757f70a59c86cdf11b3e43c92 corporate/2.1/RPMS/kernel-2.4.19.41mdk-1-1mdk.i586.rpm \nd08b40244502502acadf9ba1b0e9762b corporate/2.1/RPMS/kernel-enterprise-2.4.19.41mdk-1-1mdk.i586.rpm \n66749baa06773ce3942e2f770140502c corporate/2.1/RPMS/kernel-secure-2.4.19.41mdk-1-1mdk.i586.rpm \n32a44dfa574bbbc50d316a5c8a4ef6ba corporate/2.1/RPMS/kernel-smp-2.4.19.41mdk-1-1mdk.i586.rpm \n40213434e41fefe88d20f4231a1f9734 corporate/2.1/RPMS/kernel-source-2.4.19-41mdk.i586.rpm \n60c9941aba0d698ad72f9d2308433b1c corporate/2.1/SRPMS/kernel-2.4.19.41mdk-1-1mdk.src.rpm \n \nCorporate Server 2.1/x86_64: \ndb88d345b01e85d2c6cfb01f1e28c3f1 x86_64/corporate/2.1/RPMS/kernel-2.4.19.42mdk-1-1mdk.x86_64.rpm \neaa43fee45b287b47e59a17206040308 x86_64/corporate/2.1/RPMS/kernel-secure-2.4.19.42mdk-1-1mdk.x86_64.rpm \n88db1fa53a907a7ae59b561501053963 x86_64/corporate/2.1/RPMS/kernel-smp-2.4.19.42mdk-1-1mdk.x86_64.rpm \na63ab72190d8214f8e242fe298c49a41 x86_64/corporate/2.1/RPMS/kernel-source-2.4.19-42mdk.x86_64.rpm \nb175ee4e191ff0f4098793413dd63c71 x86_64/corporate/2.1/SRPMS/kernel-2.4.19.42mdk-1-1mdk.src.rpm \n \nMandrakelinux 9.1: \n71a8d1ae72fb050e3f4a07fcecf2f6f6 9.1/RPMS/kernel-2.4.21.0.31mdk-1-1mdk.i586.rpm \n30998cdc47a6005198d7bff758c15fa8 9.1/RPMS/kernel-enterprise-2.4.21.0.31mdk-1-1mdk.i586.rpm \n2d50a264c7578cb525ffef5b9c6c256c 9.1/RPMS/kernel-secure-2.4.21.0.31mdk-1-1mdk.i586.rpm \nd380dafaea573b0f8d135f442ac84085 9.1/RPMS/kernel-smp-2.4.21.0.31mdk-1-1mdk.i586.rpm \nfef500ffec1c0ec7e63daa040cea2d3e 9.1/RPMS/kernel-source-2.4.21-0.31mdk.i586.rpm \nf3c09dcecb57b158e7e064b58be290fc 9.1/SRPMS/kernel-2.4.21.0.31mdk-1-1mdk.src.rpm \n \nMandrakelinux 9.1/PPC: \n0ae9dba70be3135ed2d58b18744d5c88 ppc/9.1/RPMS/kernel-2.4.21.0.31mdk-1-1mdk.ppc.rpm \n32c60b01cdc16a585ddd75c00f0f1b99 ppc/9.1/RPMS/kernel-enterprise-2.4.21.0.31mdk-1-1mdk.ppc.rpm \n444be2eb864edc3e71de2a80ff1707c5 ppc/9.1/RPMS/kernel-smp-2.4.21.0.31mdk-1-1mdk.ppc.rpm \n0defa0d78d83de206b45d3e0f6f8c6b2 ppc/9.1/RPMS/kernel-source-2.4.21-0.31mdk.ppc.rpm \nf3c09dcecb57b158e7e064b58be290fc ppc/9.1/SRPMS/kernel-2.4.21.0.31mdk-1-1mdk.src.rpm \n \nMandrakelinux 9.2: \nf8d407d6b8c33d23e1869b192d86c581 9.2/RPMS/kernel-2.4.22.35mdk-1-1mdk.i586.rpm \neb13e94eb20684ac0a28d61f06f7d55b 9.2/RPMS/kernel-enterprise-2.4.22.35mdk-1-1mdk.i586.rpm \ned513e7698ee869227bb178239e4fd6b 9.2/RPMS/kernel-i686-up-4GB-2.4.22.35mdk-1-1mdk.i586.rpm \n19382a345801c54d057569d4cd238457 9.2/RPMS/kernel-p3-smp-64GB-2.4.22.35mdk-1-1mdk.i586.rpm \n1eff108d820b8eaaf4aa30dc57037e38 9.2/RPMS/kernel-secure-2.4.22.35mdk-1-1mdk.i586.rpm \n554f24dd143cef8e46db249210ee6698 9.2/RPMS/kernel-smp-2.4.22.35mdk-1-1mdk.i586.rpm \n0e4a8b55bfc63b9c69bd3ffcbf36deb3 9.2/RPMS/kernel-source-2.4.22-35mdk.i586.rpm \n9aada28aa2b9f835d3dc4cc30f856ca6 9.2/SRPMS/kernel-2.4.22.35mdk-1-1mdk.src.rpm \n \nMandrakelinux 9.2/AMD64: \n445f0184ca8c02e0a3f915408c6e8f2c amd64/9.2/RPMS/kernel-2.4.22.35mdk-1-1mdk.amd64.rpm \ndc7be7702ba82ca3e5e1c5c07ec5a7a7 amd64/9.2/RPMS/kernel-secure-2.4.22.35mdk-1-1mdk.amd64.rpm \n7249a64585c3fdb4e0c819274ffa5d6b amd64/9.2/RPMS/kernel-smp-2.4.22.35mdk-1-1mdk.amd64.rpm \n36684fff4f1d13784af9d539df01ba67 amd64/9.2/RPMS/kernel-source-2.4.22-35mdk.amd64.rpm \n9aada28aa2b9f835d3dc4cc30f856ca6 amd64/9.2/SRPMS/kernel-2.4.22.35mdk-1-1mdk.src.rpm \n \nMulti Network Firewall 8.2: \nfdd6ea13be5777eb4ac69ae4a15149eb mnf8.2/RPMS/kernel-secure-2.4.19.41mdk-1-1mdk.i586.rpm \n60c9941aba0d698ad72f9d2308433b1c mnf8.2/SRPMS/kernel-2.4.19.41mdk-1-1mdk.src.rpm \n_______________________________________________________________________ \n \nTo upgrade automatically use MandrakeUpdate or urpmi. The verification \nof md5 checksums and GPG signatures is performed automatically for you. \n \nAll packages are signed by Mandrakesoft for security. You can obtain \nthe GPG public key of the Mandrakelinux Security Team by executing: \n \ngpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 \n \nYou can view other update advisories for Mandrakelinux at: \n \n<http://www.mandrakesoft.com/security/advisories> \n \nIf you want to report vulnerabilities, please contact \n \nsecurity_linux-mandrake.com \n \nType Bits/KeyID Date User ID \npub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team \n<security linux-mandrake.com> \n-----BEGIN PGP SIGNATURE----- \nVersion: GnuPG v1.0.7 (GNU/Linux) \n \niD8DBQFA2dQumqjQ0CJFipgRAvsvAJwKYoGaMGxqb9ZWhapI96NYwd9+uQCghmDy \nOB/7YIx91p7173icwYh3Ito= \n=FVyW \n-----END PGP SIGNATURE-----`\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23973654 Feedback>).\n\n### Red Hat Inc. __ Affected\n\nNotified: June 15, 2004 Updated: August 18, 2004 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\n\\-----BEGIN PGP SIGNED MESSAGE----- \nHash: SHA1 \n \n\\- --------------------------------------------------------------------- \nRed Hat Security Advisory \n \nSynopsis: Updated kernel packages fix security vulnerabilities \nAdvisory ID: RHSA-2004:255-01 \nIssue date: 2004-06-17 \nUpdated on: 2004-06-17 \nProduct: Red Hat Enterprise Linux \nKeywords: \nCross references: \nObsoletes: RHSA-2004:188 \nCVE Names: CAN-2004-0427 CAN-2004-0495 CAN-2004-0554 \n\\- --------------------------------------------------------------------- \n \n1\\. Topic: \n \nUpdated kernel packages for Red Hat Enterprise Linux 3 that fix security \nvulnerabilities are now available. \n \n2\\. Relevant releases/architectures: \n \nRed Hat Enterprise Linux AS version 3 - athlon, i386, i686, ia32e, ia64, ppc64, ppc64iseries, ppc64pseries, s390, s390x, x86_64 \nRed Hat Desktop version 3 - athlon, i386, i686, ia32e, x86_64 \nRed Hat Enterprise Linux ES version 3 - athlon, i386, i686, ia32e, ia64, x86_64 \nRed Hat Enterprise Linux WS version 3 - athlon, i386, i686, ia32e, ia64, x86_64 \n \n3\\. Problem description: \n \nThe Linux kernel handles the basic functions of the operating system. \n \nA flaw was found in Linux kernel versions 2.4 and 2.6 for x86 and x86_64 \nthat allowed local users to cause a denial of service (system crash) by \ntriggering a signal handler with a certain sequence of fsave and frstor \ninstructions. The Common Vulnerabilities and Exposures project \n(cve.mitre.org) has assigned the name CAN-2004-0554 to this issue. \n \nAnother flaw was discovered in an error path supporting the clone() \nsystem call that allowed local users to cause a denial of service \n(memory leak) by passing invalid arguments to clone() running in an \ninfinite loop of a user's program. The Common Vulnerabilities and \nExposures project (cve.mitre.org) has assigned the name CAN-2004-0427 \nto this issue. \n \nEnhancements were committed to the 2.6 kernel by Al Viro which enabled the \nSparse source code checking tool to check for a certain class of kernel \nbugs. A subset of these fixes also applies to various drivers in the 2.4 \nkernel. Although the majority of these resides in drivers unsupported in \nRed Hat Enterprise Linux 3, the flaws could lead to privilege escalation or \naccess to kernel memory. The Common Vulnerabilities and Exposures project \n(cve.mitre.org) has assigned the name CAN-2004-0495 to these issues. \n \nAll Red Hat Enterprise Linux 3 users are advised to upgrade their kernels \nto the packages associated with their machine architectures and \nconfigurations as listed in this erratum. These packages contain \nbackported patches to correct these issues. \n \n4\\. Solution: \n \nBefore applying this update, make sure all previously released errata \nrelevant to your system have been applied. \n \nTo update all RPMs for your particular architecture, run: \n \nrpm -Fvh [filenames] \n \nwhere [filenames] is a list of the RPMs you wish to upgrade. Only those \nRPMs which are currently installed will be updated. Those RPMs which are \nnot installed but included in the list will not be updated. Note that you \ncan also use wildcards (*.rpm) if your current directory *only* contains the \ndesired RPMs. \n \nPlease note that this update is also available via Red Hat Network. Many \npeople find this an easier way to apply updates. To use Red Hat Network, \nlaunch the Red Hat Update Agent with the following command: \n \nup2date \n \nThis will start an interactive process that will result in the appropriate \nRPMs being upgraded on your system. \n \nIf up2date fails to connect to Red Hat Network due to SSL \nCertificate Errors, you need to install a version of the \nup2date client with an updated certificate. The latest version of \nup2date is available from the Red Hat FTP site and may also be \ndownloaded directly from the RHN website: \n \n<https://rhn.redhat.com/help/latest-up2date.pxt> \n \n5\\. Bug IDs fixed (<http://bugzilla.redhat.com/bugzilla> for more info): \n \n125794 - CAN-2004-0554 local user can get the kernel to hang \n125901 - [PATCH] CAN-2004-0554: FPU exception handling local DoS \n125968 - last RH kernel affected bug \n126121 - CAN-2004-0495 Sparse security fixes backported for 2.4 kernel \n \n6\\. RPMs required: \n \nRed Hat Enterprise Linux AS version 3: \n \nSRPMS: \n<ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/kernel-2.4.21-15.0.2.EL.src.rpm> \n\n\nathlon: \nAvailable from Red Hat Network: kernel-2.4.21-15.0.2.EL.athlon.rpm \nAvailable from Red Hat Network: kernel-smp-2.4.21-15.0.2.EL.athlon.rpm \nAvailable from Red Hat Network: kernel-smp-unsupported-2.4.21-15.0.2.EL.athlon.rpm \nAvailable from Red Hat Network: kernel-unsupported-2.4.21-15.0.2.EL.athlon.rpm \n \ni386: \nAvailable from Red Hat Network: kernel-BOOT-2.4.21-15.0.2.EL.i386.rpm \nAvailable from Red Hat Network: kernel-doc-2.4.21-15.0.2.EL.i386.rpm \nAvailable from Red Hat Network: kernel-source-2.4.21-15.0.2.EL.i386.rpm \n \ni686: \nAvailable from Red Hat Network: kernel-2.4.21-15.0.2.EL.i686.rpm \nAvailable from Red Hat Network: kernel-hugemem-2.4.21-15.0.2.EL.i686.rpm \nAvailable from Red Hat Network: kernel-hugemem-unsupported-2.4.21-15.0.2.EL.i686.rpm \nAvailable from Red Hat Network: kernel-smp-2.4.21-15.0.2.EL.i686.rpm \nAvailable from Red Hat Network: kernel-smp-unsupported-2.4.21-15.0.2.EL.i686.rpm \nAvailable from Red Hat Network: kernel-unsupported-2.4.21-15.0.2.EL.i686.rpm \n \nia32e: \nAvailable from Red Hat Network: kernel-2.4.21-15.0.2.EL.ia32e.rpm \nAvailable from Red Hat Network: kernel-unsupported-2.4.21-15.0.2.EL.ia32e.rpm \n \nia64: \nAvailable from Red Hat Network: kernel-2.4.21-15.0.2.EL.ia64.rpm \nAvailable from Red Hat Network: kernel-doc-2.4.21-15.0.2.EL.ia64.rpm \nAvailable from Red Hat Network: kernel-source-2.4.21-15.0.2.EL.ia64.rpm \nAvailable from Red Hat Network: kernel-unsupported-2.4.21-15.0.2.EL.ia64.rpm \n \nppc64: \nAvailable from Red Hat Network: kernel-doc-2.4.21-15.0.2.EL.ppc64.rpm \nAvailable from Red Hat Network: kernel-source-2.4.21-15.0.2.EL.ppc64.rpm \n \nppc64iseries: \nAvailable from Red Hat Network: kernel-2.4.21-15.0.2.EL.ppc64iseries.rpm \nAvailable from Red Hat Network: kernel-unsupported-2.4.21-15.0.2.EL.ppc64iseries.rpm \n \nppc64pseries: \nAvailable from Red Hat Network: kernel-2.4.21-15.0.2.EL.ppc64pseries.rpm \nAvailable from Red Hat Network: kernel-unsupported-2.4.21-15.0.2.EL.ppc64pseries.rpm \n \ns390: \nAvailable from Red Hat Network: kernel-2.4.21-15.0.2.EL.s390.rpm \nAvailable from Red Hat Network: kernel-doc-2.4.21-15.0.2.EL.s390.rpm \nAvailable from Red Hat Network: kernel-source-2.4.21-15.0.2.EL.s390.rpm \nAvailable from Red Hat Network: kernel-unsupported-2.4.21-15.0.2.EL.s390.rpm \n \ns390x: \nAvailable from Red Hat Network: kernel-2.4.21-15.0.2.EL.s390x.rpm \nAvailable from Red Hat Network: kernel-doc-2.4.21-15.0.2.EL.s390x.rpm \nAvailable from Red Hat Network: kernel-source-2.4.21-15.0.2.EL.s390x.rpm \nAvailable from Red Hat Network: kernel-unsupported-2.4.21-15.0.2.EL.s390x.rpm \n \nx86_64: \nAvailable from Red Hat Network: kernel-2.4.21-15.0.2.EL.x86_64.rpm \nAvailable from Red Hat Network: kernel-doc-2.4.21-15.0.2.EL.x86_64.rpm \nAvailable from Red Hat Network: kernel-smp-2.4.21-15.0.2.EL.x86_64.rpm \nAvailable from Red Hat Network: kernel-smp-unsupported-2.4.21-15.0.2.EL.x86_64.rpm \nAvailable from Red Hat Network: kernel-source-2.4.21-15.0.2.EL.x86_64.rpm \nAvailable from Red Hat Network: kernel-unsupported-2.4.21-15.0.2.EL.x86_64.rpm \n \nRed Hat Desktop version 3: \n \nSRPMS: \n<ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/kernel-2.4.21-15.0.2.EL.src.rpm> \n \nathlon: \nAvailable from Red Hat Network: kernel-2.4.21-15.0.2.EL.athlon.rpm \nAvailable from Red Hat Network: kernel-smp-2.4.21-15.0.2.EL.athlon.rpm \nAvailable from Red Hat Network: kernel-smp-unsupported-2.4.21-15.0.2.EL.athlon.rpm \nAvailable from Red Hat Network: kernel-unsupported-2.4.21-15.0.2.EL.athlon.rpm \n \ni386: \nAvailable from Red Hat Network: kernel-BOOT-2.4.21-15.0.2.EL.i386.rpm \nAvailable from Red Hat Network: kernel-doc-2.4.21-15.0.2.EL.i386.rpm \nAvailable from Red Hat Network: kernel-source-2.4.21-15.0.2.EL.i386.rpm \n \ni686: \nAvailable from Red Hat Network: kernel-2.4.21-15.0.2.EL.i686.rpm \nAvailable from Red Hat Network: kernel-hugemem-2.4.21-15.0.2.EL.i686.rpm \nAvailable from Red Hat Network: kernel-hugemem-unsupported-2.4.21-15.0.2.EL.i686.rpm \nAvailable from Red Hat Network: kernel-smp-2.4.21-15.0.2.EL.i686.rpm \nAvailable from Red Hat Network: kernel-smp-unsupported-2.4.21-15.0.2.EL.i686.rpm \nAvailable from Red Hat Network: kernel-unsupported-2.4.21-15.0.2.EL.i686.rpm \n \nia32e: \nAvailable from Red Hat Network: kernel-2.4.21-15.0.2.EL.ia32e.rpm \nAvailable from Red Hat Network: kernel-unsupported-2.4.21-15.0.2.EL.ia32e.rpm \n \nx86_64: \nAvailable from Red Hat Network: kernel-2.4.21-15.0.2.EL.x86_64.rpm \nAvailable from Red Hat Network: kernel-doc-2.4.21-15.0.2.EL.x86_64.rpm \nAvailable from Red Hat Network: kernel-smp-2.4.21-15.0.2.EL.x86_64.rpm \nAvailable from Red Hat Network: kernel-smp-unsupported-2.4.21-15.0.2.EL.x86_64.rpm \nAvailable from Red Hat Network: kernel-source-2.4.21-15.0.2.EL.x86_64.rpm \nAvailable from Red Hat Network: kernel-unsupported-2.4.21-15.0.2.EL.x86_64.rpm \n \nRed Hat Enterprise Linux ES version 3: \n \nSRPMS: \n<ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/kernel-2.4.21-15.0.2.EL.src.rpm> \n \nathlon: \nAvailable from Red Hat Network: kernel-2.4.21-15.0.2.EL.athlon.rpm \nAvailable from Red Hat Network: kernel-smp-2.4.21-15.0.2.EL.athlon.rpm \nAvailable from Red Hat Network: kernel-smp-unsupported-2.4.21-15.0.2.EL.athlon.rpm \nAvailable from Red Hat Network: kernel-unsupported-2.4.21-15.0.2.EL.athlon.rpm \n \ni386: \nAvailable from Red Hat Network: kernel-BOOT-2.4.21-15.0.2.EL.i386.rpm \nAvailable from Red Hat Network: kernel-doc-2.4.21-15.0.2.EL.i386.rpm \nAvailable from Red Hat Network: kernel-source-2.4.21-15.0.2.EL.i386.rpm \n \ni686: \nAvailable from Red Hat Network: kernel-2.4.21-15.0.2.EL.i686.rpm \nAvailable from Red Hat Network: kernel-hugemem-2.4.21-15.0.2.EL.i686.rpm \nAvailable from Red Hat Network: kernel-hugemem-unsupported-2.4.21-15.0.2.EL.i686.rpm \nAvailable from Red Hat Network: kernel-smp-2.4.21-15.0.2.EL.i686.rpm \nAvailable from Red Hat Network: kernel-smp-unsupported-2.4.21-15.0.2.EL.i686.rpm \nAvailable from Red Hat Network: kernel-unsupported-2.4.21-15.0.2.EL.i686.rpm \n \nia32e: \nAvailable from Red Hat Network: kernel-2.4.21-15.0.2.EL.ia32e.rpm \nAvailable from Red Hat Network: kernel-unsupported-2.4.21-15.0.2.EL.ia32e.rpm \n \nia64: \nAvailable from Red Hat Network: kernel-2.4.21-15.0.2.EL.ia64.rpm \nAvailable from Red Hat Network: kernel-doc-2.4.21-15.0.2.EL.ia64.rpm \nAvailable from Red Hat Network: kernel-source-2.4.21-15.0.2.EL.ia64.rpm \nAvailable from Red Hat Network: kernel-unsupported-2.4.21-15.0.2.EL.ia64.rpm \n \nx86_64: \nAvailable from Red Hat Network: kernel-2.4.21-15.0.2.EL.x86_64.rpm \nAvailable from Red Hat Network: kernel-doc-2.4.21-15.0.2.EL.x86_64.rpm \nAvailable from Red Hat Network: kernel-smp-2.4.21-15.0.2.EL.x86_64.rpm \nAvailable from Red Hat Network: kernel-smp-unsupported-2.4.21-15.0.2.EL.x86_64.rpm \nAvailable from Red Hat Network: kernel-source-2.4.21-15.0.2.EL.x86_64.rpm \nAvailable from Red Hat Network: kernel-unsupported-2.4.21-15.0.2.EL.x86_64.rpm \n \nRed Hat Enterprise Linux WS version 3: \n \nSRPMS: \n<ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/kernel-2.4.21-15.0.2.EL.src.rpm> \n \nathlon: \nAvailable from Red Hat Network: kernel-2.4.21-15.0.2.EL.athlon.rpm \nAvailable from Red Hat Network: kernel-smp-2.4.21-15.0.2.EL.athlon.rpm \nAvailable from Red Hat Network: kernel-smp-unsupported-2.4.21-15.0.2.EL.athlon.rpm \nAvailable from Red Hat Network: kernel-unsupported-2.4.21-15.0.2.EL.athlon.rpm \n \ni386: \nAvailable from Red Hat Network: kernel-BOOT-2.4.21-15.0.2.EL.i386.rpm \nAvailable from Red Hat Network: kernel-doc-2.4.21-15.0.2.EL.i386.rpm \nAvailable from Red Hat Network: kernel-source-2.4.21-15.0.2.EL.i386.rpm \n \ni686: \nAvailable from Red Hat Network: kernel-2.4.21-15.0.2.EL.i686.rpm \nAvailable from Red Hat Network: kernel-hugemem-2.4.21-15.0.2.EL.i686.rpm \nAvailable from Red Hat Network: kernel-hugemem-unsupported-2.4.21-15.0.2.EL.i686.rpm \nAvailable from Red Hat Network: kernel-smp-2.4.21-15.0.2.EL.i686.rpm \nAvailable from Red Hat Network: kernel-smp-unsupported-2.4.21-15.0.2.EL.i686.rpm \nAvailable from Red Hat Network: kernel-unsupported-2.4.21-15.0.2.EL.i686.rpm \n \nia32e: \nAvailable from Red Hat Network: kernel-2.4.21-15.0.2.EL.ia32e.rpm \nAvailable from Red Hat Network: kernel-unsupported-2.4.21-15.0.2.EL.ia32e.rpm \n \nia64: \nAvailable from Red Hat Network: kernel-2.4.21-15.0.2.EL.ia64.rpm \nAvailable from Red Hat Network: kernel-doc-2.4.21-15.0.2.EL.ia64.rpm \nAvailable from Red Hat Network: kernel-source-2.4.21-15.0.2.EL.ia64.rpm \nAvailable from Red Hat Network: kernel-unsupported-2.4.21-15.0.2.EL.ia64.rpm \n \nx86_64: \nAvailable from Red Hat Network: kernel-2.4.21-15.0.2.EL.x86_64.rpm \nAvailable from Red Hat Network: kernel-doc-2.4.21-15.0.2.EL.x86_64.rpm \nAvailable from Red Hat Network: kernel-smp-2.4.21-15.0.2.EL.x86_64.rpm \nAvailable from Red Hat Network: kernel-smp-unsupported-2.4.21-15.0.2.EL.x86_64.rpm \nAvailable from Red Hat Network: kernel-source-2.4.21-15.0.2.EL.x86_64.rpm \nAvailable from Red Hat Network: kernel-unsupported-2.4.21-15.0.2.EL.x86_64.rpm \n \n \n \n7\\. Verification: \n \nMD5 sum Package Name \n\\- -------------------------------------------------------------------------- \n05b0bcb454ac5454479481d0288fbf20 kernel-2.4.21-15.0.2.EL.athlon.rpm \na3073219b60cbb7ce447a22e5103e097 kernel-2.4.21-15.0.2.EL.i686.rpm \n90dabcf0bb591756e5f04f397cf8a156 kernel-2.4.21-15.0.2.EL.ia32e.rpm \n24ddfb9f957028d3bbc5cfff2b25bc67 kernel-2.4.21-15.0.2.EL.ia64.rpm \n495a1c8f85e0e237643fd2e3f89ddaed kernel-2.4.21-15.0.2.EL.ppc64iseries.rpm \n6ad188ae0c61a077dede364c59448f61 kernel-2.4.21-15.0.2.EL.ppc64pseries.rpm \n1b9d329e2b074616239a91fd967871c8 kernel-2.4.21-15.0.2.EL.s390.rpm \na8bab06e561ac8b6ab473b4e722a570b kernel-2.4.21-15.0.2.EL.s390x.rpm \n669d77609b1c47ff49c939c1ea7bbc45 kernel-2.4.21-15.0.2.EL.src.rpm \n13aabc1c96dfee65f73246051a955ba8 kernel-2.4.21-15.0.2.EL.x86_64.rpm \n4635f8c6555f3b3e52feb9444b2e230d kernel-BOOT-2.4.21-15.0.2.EL.i386.rpm \n6cf6c39a83dfe7cca9c9a79f02dc3fa8 kernel-doc-2.4.21-15.0.2.EL.i386.rpm \ncc60f06bdd3ad6a05040df8ba40d41a1 kernel-doc-2.4.21-15.0.2.EL.ia64.rpm \n3f21dd578af78ed576c7cbf6e17a3f16 kernel-doc-2.4.21-15.0.2.EL.ppc64.rpm \n5e27cc65020dbb1c92368e79c3edcbe6 kernel-doc-2.4.21-15.0.2.EL.s390.rpm \n860944b6a4e8384a0b344dc96ea48b6d kernel-doc-2.4.21-15.0.2.EL.s390x.rpm \n608d072210521af17c455f7754a6e352 kernel-doc-2.4.21-15.0.2.EL.x86_64.rpm \n6c8dad84abc4dd1892c9dc862c329273 kernel-hugemem-2.4.21-15.0.2.EL.i686.rpm \n426c517d35a53546138b0d72a0515909 kernel-hugemem-unsupported-2.4.21-15.0.2.EL.i686.rpm \n96eb477ac938da01b729b5ac5ed36e3b kernel-smp-2.4.21-15.0.2.EL.athlon.rpm \nbece09ba4a651196758380372dc4c593 kernel-smp-2.4.21-15.0.2.EL.i686.rpm \n82154d7551d6e4947af70b3044c9d4d2 kernel-smp-2.4.21-15.0.2.EL.x86_64.rpm \n9d24273cc70bb6be810984cb3f3d0a36 kernel-smp-unsupported-2.4.21-15.0.2.EL.athlon.rpm \n775338e099c3bdf36a586d29e55dbd3e kernel-smp-unsupported-2.4.21-15.0.2.EL.i686.rpm \n8fde60be45154b7722893feb65506f42 kernel-smp-unsupported-2.4.21-15.0.2.EL.x86_64.rpm \n3c690c54909996d3bba3da7c8d8f894a kernel-source-2.4.21-15.0.2.EL.i386.rpm \na8fc2a1042ee3e580881b50c97a3241d kernel-source-2.4.21-15.0.2.EL.ia64.rpm \n937a05a7666f14f95d20be19fc461f05 kernel-source-2.4.21-15.0.2.EL.ppc64.rpm \n282bb4f0e5bfbec228a742ab6666665d kernel-source-2.4.21-15.0.2.EL.s390.rpm \n6e9628389fa69aafc9c910e4b37a425a kernel-source-2.4.21-15.0.2.EL.s390x.rpm \n44be30f820be806621b47786ebff1844 kernel-source-2.4.21-15.0.2.EL.x86_64.rpm \n17f10f04cffc9751afb1499aaff00fdc kernel-unsupported-2.4.21-15.0.2.EL.athlon.rpm \n89ee51cb60f7a1f34e66cbb16abcba07 kernel-unsupported-2.4.21-15.0.2.EL.i686.rpm \n144943d76b23470572326c84b57c0dd9 kernel-unsupported-2.4.21-15.0.2.EL.ia32e.rpm \n60e5c1f1efa438a658b12e16543214cd kernel-unsupported-2.4.21-15.0.2.EL.ia64.rpm \n57f0111e6443fd5a39099731cc0856e8 kernel-unsupported-2.4.21-15.0.2.EL.ppc64iseries.rpm \n22f38c0c1abee45e0ac24caa19e06311 kernel-unsupported-2.4.21-15.0.2.EL.ppc64pseries.rpm \n8f67e244ba867a103e6b211d3d0d1fba kernel-unsupported-2.4.21-15.0.2.EL.s390.rpm \n3522c33c18eb876b5033ef12398707fe kernel-unsupported-2.4.21-15.0.2.EL.s390x.rpm \naa060423c3136a26ca31a7aafa337380 kernel-unsupported-2.4.21-15.0.2.EL.x86_64.rpm \n \n \nThese packages are GPG signed by Red Hat for security. Our key is \navailable from <https://www.redhat.com/security/team/key.html> \n \nYou can verify each package with the following command: \n \nrpm --checksig -v <filename> \n \nIf you only wish to verify that each package has not been corrupted or \ntampered with, examine only the md5sum with the following command: \n \nmd5sum <filename> \n \n \n8\\. References: \n \n<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0427> \n<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0495> \n<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0554> \n \n9\\. Contact: \n \nThe Red Hat security contact is <secalert@redhat.com>. More contact \ndetails at <https://www.redhat.com/security/team/contact.html> \n \nCopyright 2004 Red Hat, Inc. \n\\-----BEGIN PGP SIGNATURE----- \nVersion: GnuPG v1.0.7 (GNU/Linux) \n \niD8DBQFA0pQzXlSAg2UNWIIRAnebAJ92x5UDw32uwjVFVe9Eat4cQQqXAwCgkRtl \nOG3QYv33e4XJlyE9npuygvs= \n=Joca \n\\-----END PGP SIGNATURE-----\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23973654 Feedback>).\n\n### Slackware __ Affected\n\nNotified: June 15, 2004 Updated: June 16, 2004 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\n`-----BEGIN PGP SIGNED MESSAGE----- \nHash: SHA1 \n \n[slackware-security] kernel DoS (SSA:2004-167-01) \n \nNew kernel packages are available for Slackware 8.1, 9.0, 9.1, \nand -current to fix a denial of service security issue. Without \na patch to asm-i386/i387.h, a local user can crash the machine. \n \nMore details about this issue may be found in the Common \nVulnerabilities and Exposures (CVE) database: \n \n<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0554> \n \nHere are the details from the Slackware 9.1 ChangeLog: \n+--------------------------+ \nTue Jun 15 02:11:41 PDT 2004 \npatches/packages/kernel-ide-2.4.26-i486-3.tgz: Patched local DoS \n(CAN-2004-0554). Without this patch to asm-i386/i387.h a local user \ncan crash the kernel. \n(* Security fix *) \npatches/packages/kernel-source-2.4.26-noarch-2.tgz: Patched local DoS \n(CAN-2004-0554). The new patch can be found here, too: \npatches/source/kernel-source/CAN-2004-0554.i387.fnclex.diff.gz \n(* Security fix *) \npatches/kernels/*: Patched local DoS (CAN-2004-0554). \n(* Security fix *) \n+--------------------------+ \n \n \nWhere to find the new packages: \n+-----------------------------+ \n \nUpdated packages for Slackware 8.1: \n<ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/kernel-ide-2.4.18-i386-6.tgz> \n<ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/kernel-source-2.4.18-noarch-7.tgz> \n<ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/kernels/> \n \nUpdated packages for Slackware 9.0: \n<ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/kernel-ide-2.4.21-i486-4.tgz> \n<ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/kernel-source-2.4.21-noarch-4.tgz> \n<ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/kernels/> \n \nUpdated packages for Slackware 9.1: \n<ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/kernel-ide-2.4.26-i486-3.tgz> \n<ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/kernel-source-2.4.26-noarch-2.tgz> \n<ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/kernels/> \n \nUpdated packages for Slackware -current: \n<ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/kernel-ide-2.4.26-i486-4.tgz> \n<ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/d/kernel-headers-2.4.26-i386-3.tgz> \n<ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/k/kernel-source-2.4.26-noarch-4.tgz> \n<ftp://ftp.slackware.com/pub/slackware/slackware-current/kernels/> \n<ftp://ftp.slackware.com/pub/slackware/slackware-current/testing/packages/linux-2.6.6/kernel-generic-2.6.6-i486-5.tgz> \n<ftp://ftp.slackware.com/pub/slackware/slackware-current/testing/packages/linux-2.6.6/kernel-headers-2.6.6-i386-3.tgz> \n<ftp://ftp.slackware.com/pub/slackware/slackware-current/testing/packages/linux-2.6.6/kernel-source-2.6.6-noarch-3.tgz> \n \nJust the patch for 2.4.x kernels: \n<ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/source/kernel-source/CAN-2004-0554.i387.fnclex.diff.gz> \n77d9eb0640f07df4167aaa53e0b42e2e CAN-2004-0554.i387.fnclex.diff.gz \n \nJust the patch for 2.6.x kernels: \n<ftp://ftp.slackware.com/pub/slackware/slackware-current/testing/source/linux-2.6.x/CAN-2004-0554.i387.fnclex.diff.gz> \ne453d64187eac2216bebf85d72449fcb CAN-2004-0554.i387.fnclex.diff.gz \n \n \nMD5 signatures: \n+-------------+ \n \nSlackware 8.1 packages: \n8bbced2d1f09d033de89ae5957427a25 kernel-ide-2.4.18-i386-6.tgz \n050aa2dd8d38f0ba3de2fca621eb13c9 kernel-source-2.4.18-noarch-7.tgz \n \nSlackware 9.0 packages: \n21dbafdcf32d84c22daddc349a719420 kernel-ide-2.4.21-i486-4.tgz \n56ca0fbf5778283a1d9a76a278cb7cf5 kernel-source-2.4.21-noarch-4.tgz \n \nSlackware 9.1 packages: \n614b79763721126939569f235d4524d6 kernel-ide-2.4.26-i486-3.tgz \n43681f735928641a2b5fc786604bca77 kernel-source-2.4.26-noarch-2.tgz \n \nSlackware -current packages: \n7a19720356937bcc0f360b8b158a1419 kernel-ide-2.4.26-i486-4.tgz \nc0d2d8b2977d5c86d100fe02a8c2681b kernel-headers-2.4.26-i386-3.tgz \n8fbb66feb2d108baa6af6a895fc7f49a kernel-source-2.4.26-noarch-4.tgz \n91ccc5ff7a5be15afdee86a60c6b408d kernel-generic-2.6.6-i486-5.tgz \nbdcb17009e79bb375dad7fecdd7e60ae kernel-headers-2.6.6-i386-3.tgz \ned7c1e42f537414db8cd4dda8e2e9077 kernel-source-2.6.6-noarch-3.tgz \n \n \nInstallation instructions: \n+------------------------+ \n \nUse upgradepkg to install the new packages. \nAfter installing the kernel-ide package you will need to run lilo ('lilo' \nat a command prompt) or create a new system boot disk ('makebootdisk'), and \nreboot. \n \nIf desired, a kernel from the kernels/ directory may be used instead. For \nexample, to use the kernel in kernels/scsi.s/, you would copy it to the \nboot directory like this: \n \ncd kernels/scsi.s \ncp bzImage /boot/vmlinuz-scsi.s-2.4.26 \n \nCreate a symbolic link: \nln -sf /boot/vmlinuz-scsi.s-2.4.26 /boot/vmlinuz \n \nThen, run 'lilo' or create a new system boot disk and reboot. \n \n \n+-----+ \n \nSlackware Linux Security Team \n<http://slackware.com/gpg-key> \nsecurity@slackware.com \n \n+------------------------------------------------------------------------+ \n| To leave the slackware-security mailing list: | \n+------------------------------------------------------------------------+ \n| Send an email to majordomo@slackware.com with this text in the body of | \n| the email message: | \n| | \n| unsubscribe slackware-security | \n| | \n| You will get a confirmation message back containing instructions to | \n| complete the process. Please do not reply to this email address. | \n+------------------------------------------------------------------------+ \n \n-----BEGIN PGP SIGNATURE----- \nVersion: GnuPG v1.2.4 (GNU/Linux) \n \niD8DBQFAzzc6akRjwEAQIjMRAmNLAJ9cY5eDhdmZJBDc4IoJD+owJ2PlkACcCOWh \nDyVVz1pzzG06SBnUbpC/iHg= \n=luGU \n-----END PGP SIGNATURE-----`\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23973654 Feedback>).\n\n### SuSE Inc. __ Affected\n\nNotified: June 15, 2004 Updated: June 16, 2004 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe will release a new kernel package as soon as possible. Our customers can update their systems by using the YaST Online Update (YOU) tool or installing the RPM file directly from <http://www.suse.de/en/private/download/updates/index.html>.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\n`-----BEGIN PGP SIGNED MESSAGE----- \n \n______________________________________________________________________________ \n \nSUSE Security Announcement \n \nPackage: kernel \nAnnouncement-ID: SuSE-SA:2004:017 \nDate: Wednesday, Jun 16th 2004 15:20 MEST \nAffected products: 8.0, 8.1, 8.2, 9.0, 9.1 \nSuSE Linux Database Server, \nSuSE eMail Server III, 3.1 \nSuSE Linux Enterprise Server 7, 8 \nSuSE Linux Firewall on CD/Admin host \nSuSE Linux Connectivity Server \nSuSE Linux Office Server \nVulnerability Type: local denial-of-service attack \nSeverity (1-10): 4 \nSUSE default package: no \nCross References: CAN-2004-0554 \n \nContent of this advisory: \n1) security vulnerability resolved: \n- floating point exception causes system crash \nproblem description, discussion, solution and upgrade information \n2) pending vulnerabilities, solutions, workarounds: \n- icecast \n- sitecopy \n- cadaver \n- OpenOffice_org \n- tripwire \n- postgresql \n- lha \n- XDM \n- mod_proxy \n3) standard appendix (further information) \n \n______________________________________________________________________________ \n \n1) problem description, brief discussion, solution, upgrade information \n \nThe Linux kernel is vulnerable to a local denial-of-service attack. \nBy using a C program it is possible to trigger a floating point \nexception that puts the kernel into an unusable state. \nTo execute this attack a malicious user needs shell access to the \nvictim's machine. \nThe severity of this bug is considered low because local denial-of- \nservice attacks are hard to prevent in general. \nAdditionally the bug is limited to x86 and x86_64 architecture. \n \n \n \nSPECIAL INSTALL INSTRUCTIONS: \n============================== \nThe following paragraphs will guide you through the installation \nprocess in a step-by-step fashion. The character sequence \"****\" \nmarks the beginning of a new paragraph. In some cases, the steps \noutlined in a particular paragraph may or may not be applicable \nto your situation. \nTherefore, please make sure to read through all of the steps below \nbefore attempting any of these procedures. \nAll of the commands that need to be executed are required to be \nrun as the superuser (root). Each step relies on the steps before \nit to complete successfully. \nNote: The update packages for the SuSE Linux Enterprise Server 7 \n(SLES7) are being tested at the moment and will be published as soon \nas possible. \n \n \n**** Step 1: Determine the needed kernel type \n \nPlease use the following command to find the kernel type that is \ninstalled on your system: \n \nrpm -qf /boot/vmlinuz \n \nFollowing are the possible kernel types (disregard the version and \nbuild number following the name separated by the \"-\" character) \n \nk_deflt # default kernel, good for most systems. \nk_i386 # kernel for older processors and chipsets \nk_athlon # kernel made specifically for AMD Athlon(tm) family processors \nk_psmp # kernel for Pentium-I dual processor systems \nk_smp # kernel for SMP systems (Pentium-II and above) \nk_smp4G # kernel for SMP systems which supports a maximum of 4G of RAM \nkernel-64k-pagesize \nkernel-bigsmp \nkernel-default \nkernel-smp \n \n**** Step 2: Download the package for your system \n \nPlease download the kernel RPM package for your distribution with the \nname as indicated by Step 1. The list of all kernel rpm packages is \nappended below. Note: The kernel-source package does not \ncontain a binary kernel in bootable form. Instead, it contains the \nsources that the binary kernel rpm packages are created from. It can be \nused by administrators who have decided to build their own kernel. \nSince the kernel-source.rpm is an installable (compiled) package that \ncontains sources for the linux kernel, it is not the source RPM for \nthe kernel RPM binary packages. \n \nThe kernel RPM binary packages for the distributions can be found at the \nlocations below <ftp://ftp.suse.com/pub/suse/i386/update/>. \n \n8.0/images/ \n8.1/rpm/i586 \n8.2/rpm/i586 \n9.0/rpm/i586 \n9.1/rpm/i586 \n \nAfter downloading the kernel RPM package for your system, you should \nverify the authenticity of the kernel rpm package using the methods as \nlisted in section 3) of each SUSE Security Announcement. \n \n \n**** Step 3: Installing your kernel rpm package \n \nInstall the rpm package that you have downloaded in Steps 3 or 4 with \nthe command \nrpm -Uhv --nodeps --force <K_FILE.RPM> \nwhere <K_FILE.RPM> is the name of the rpm package that you downloaded. \n \nWarning: After performing this step, your system will likely not be \nable to boot if the following steps have not been fully \nfollowed. \n \n \nIf you run SUSE LINUX 8.1 and haven't applied the kernel update \n(SUSE-SA:2003:034), AND you are using the freeswan package, you also \nneed to update the freeswan rpm as a dependency as offered \nby YOU (YaST Online Update). The package can be downloaded from \n<ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/> \n \n**** Step 4: configuring and creating the initrd \n \nThe initrd is a ramdisk that is loaded into the memory of your \nsystem together with the kernel boot image by the bootloader. The \nkernel uses the content of this ramdisk to execute commands that must \nbe run before the kernel can mount its actual root filesystem. It is \nusually used to initialize SCSI drivers or NIC drivers for diskless \noperation. \n \nThe variable INITRD_MODULES in /etc/sysconfig/kernel determines \nwhich kernel modules will be loaded in the initrd before the kernel \nhas mounted its actual root filesystem. The variable should contain \nyour SCSI adapter (if any) or filesystem driver modules. \n \nWith the installation of the new kernel, the initrd has to be \nre-packed with the update kernel modules. Please run the command \n \nmk_initrd \n \nas root to create a new init ramdisk (initrd) for your system. \nOn SuSE Linux 8.1 and later, this is done automatically when the \nRPM is installed. \n \n \n**** Step 5: bootloader \n \nIf you run a SUSE LINUX 8.x, SLES8, or SUSE LINUX 9.x system, there \nare two options: \nDepending on your software configuration, you have either the lilo \nbootloader or the grub bootloader installed and initialized on your \nsystem. \nThe grub bootloader does not require any further actions to be \nperformed after the new kernel images have been moved in place by the \nrpm Update command. \nIf you have a lilo bootloader installed and initialized, then the lilo \nprogram must be run as root. Use the command \n \ngrep LOADER_TYPE /etc/sysconfig/bootloader \n \nto find out which boot loader is configured. If it is lilo, then you \nmust run the lilo command as root. If grub is listed, then your system \ndoes not require any bootloader initialization. \n \nWarning: An improperly installed bootloader may render your system \nunbootable. \n \n**** Step 6: reboot \n \nIf all of the steps above have been successfully completed on your \nsystem, then the new kernel including the kernel modules and the \ninitrd should be ready to boot. The system needs to be rebooted for \nthe changes to become active. Please make sure that all steps have \ncompleted, then reboot using the command \nshutdown -r now \nor \ninit 6 \n \nYour system should now shut down and reboot with the new kernel. \n \n \nThere is no workaround known. \n \n \nPlease download the update package for your distribution and verify its \nintegrity by the methods listed in section 3) of this announcement. \nThen, install the package using the command \"rpm -Fhv file.rpm\" to apply \nthe update. \nOur maintenance customers are being notified individually. The packages \nare being offered to install from the maintenance web. \n \n \nIntel i386 Platform: \n \nSuSE-9.1: \n<ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/kernel-source-2.6.5-7.75.i586.rpm> \n8d11469e1815c5b2fa143fce62c17b95`\n\n` <ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/kernel-default-2.6.5-7.75.i586.rpm> \n75222182ad4c766b6482e5b83658819d \n<ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/kernel-smp-2.6.5-7.75.i586.rpm> \n45f1244f153ab1387a9dc67e7bcf20bb \n<ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/kernel-bigsmp-2.6.5-7.75.i586.rpm> \n517647d955770503fe61ae2549c453dd \nsource rpm(s): \n<ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/src/kernel-source-2.6.5-7.75.src.rpm> \n9103503f430b9d854630ecb8855a2fb3 \n<ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/src/kernel-default-2.6.5-7.75.nosrc.rpm> \n9381c56f1f64835c5379dde278ac768d \n<ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/src/kernel-smp-2.6.5-7.75.nosrc.rpm> \n4f47dc2be58f5315cf596c051c2892b5 \n<ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/src/kernel-bigsmp-2.6.5-7.75.nosrc.rpm> \n732c1e7d2a9e41780464eccdc0d54505 \n \nSuSE-9.0: \n<ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/kernel-source-2.4.21-226.i586.rpm> \n7b6022e2f80325b42fa7dc3188360530 \n<ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/k_athlon-2.4.21-226.i586.rpm> \n594efe04ccc233e890bfb277e8296c2d \n<ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/k_deflt-2.4.21-226.i586.rpm> \nf41d088cf20bfe583e57f95a6b46d625 \n<ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/k_smp-2.4.21-226.i586.rpm> \n39e2c09ece3f22b50eb777b85a7218ef \n<ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/k_smp4G-2.4.21-226.i586.rpm> \n83398954810403b9dfb65bcf1af25352 \n<ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/k_um-2.4.21-226.i586.rpm> \n18dde4a8af68dd1f78a0177c3214457a \nsource rpm(s): \n<ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/src/kernel-source-2.4.21-226.src.rpm> \nd5b037aaf122b1b05917e3f0b475baae \n<ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/src/k_athlon-2.4.21-226.src.rpm> \ne10aea97785eb12716ad7d5e20cbd723 \n<ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/src/k_deflt-2.4.21-226.src.rpm> \n54b8bbd368998abc1a63224caa880473 \n<ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/src/k_smp-2.4.21-226.src.rpm> \nf944b14978ecd211c26f8169238292bf \n<ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/src/k_smp4G-2.4.21-226.src.rpm> \n66a116aeb9757c538a0643e8322095a7 \n<ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/src/k_um-2.4.21-226.src.rpm> \n5e3694ba088fd39891a5979380679d20 \n \nSuSE-8.2: \n<ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/kernel-source-2.4.20.SuSE-113.i586.rpm> \na5843cb4e2b16515d70574d83113ac48 \n<ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/k_athlon-2.4.20-113.i586.rpm> \n724529485d3a304f0479f9216fc361af \n<ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/k_deflt-2.4.20-113.i586.rpm> \nb0e687c208053d546b7057257beb7d32 \n<ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/k_psmp-2.4.20-113.i586.rpm> \n749b101e7fc4aa5c62e2a5b650002803 \n<ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/k_smp-2.4.20-113.i586.rpm> \n3377544a5f6d9c73fdfe05140fce0813 \nsource rpm(s): \n<ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/src/kernel-source-2.4.20.SuSE-113.src.rpm> \n0a41c750b8cd3953d47e27ea15c58697 \n<ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/src/k_athlon-2.4.20-113.src.rpm> \na5e5790e5f7fe62905d29750543c9e20 \n<ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/src/k_deflt-2.4.20-113.src.rpm> \n9defa7cb706e924f8336dd03fafbcfd5 \n<ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/src/k_psmp-2.4.20-113.src.rpm> \n8469dbc8810dd292100d085e00bb6081 \n<ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/src/k_smp-2.4.20-113.src.rpm> \nd990fcbace1f21ff383abdf7608a17ef \n \nSuSE-8.1: \n<ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/kernel-source-2.4.21-226.i586.rpm> \n43ee5eae102f0258a414dd15e3fd9433 \n<ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/k_athlon-2.4.21-226.i586.rpm> \n0c6289e168307d615bfe6cef9ebcf879 \n<ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/k_deflt-2.4.21-226.i586.rpm> \n003a38c53fe91070eeae85983930c70e \n<ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/k_psmp-2.4.21-226.i586.rpm> \n657d08fa4b5a2ba7de2a314a7d1622e1 \n<ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/k_smp-2.4.21-226.i586.rpm> \ne19239b4ca52ebd21f775b5e6195f144 \nsource rpm(s): \n<ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/src/kernel-source-2.4.21-226.src.rpm> \nee67f5db0ea2f1431f46b7dd27815a56 \n<ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/src/k_athlon-2.4.21-226.src.rpm> \nb29021156d6582e315666b16231b2a60 \n<ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/src/k_deflt-2.4.21-226.src.rpm> \nce5e47d527cee6968cd95bb8430d3e18 \n<ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/src/k_psmp-2.4.21-226.src.rpm> \na081a0f1e31f5491cdeba1fea5ea6411 \n<ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/src/k_smp-2.4.21-226.src.rpm> \n1dbfd3b5f272fc75342ae55bbe7ab45c \n \nSuSE-8.0: \n<ftp://ftp.suse.com/pub/suse/i386/update/8.0/d3/kernel-source-2.4.18.SuSE-299.i386.rpm> \n7de319a4e6c667fba359686b814d4a73 \n<ftp://ftp.suse.com/pub/suse/i386/update/8.0/images/k_deflt-2.4.18-299.i386.rpm> \ndf5aad7c423625a19af151bbba0f2ca8 \n<ftp://ftp.suse.com/pub/suse/i386/update/8.0/images/k_psmp-2.4.18-299.i386.rpm> \ncb02c8381962eda997ebb115ef68ae4c \n<ftp://ftp.suse.com/pub/suse/i386/update/8.0/images/k_smp-2.4.18-299.i386.rpm> \n903c6e61927803c2d592ac50fe9da6ce \n<ftp://ftp.suse.com/pub/suse/i386/update/8.0/images/k_i386-2.4.18-299.i386.rpm> \ne2abf9ccdc8191e7d2ace58e8a1b5b5a \nsource rpm(s): \n<ftp://ftp.suse.com/pub/suse/i386/update/8.0/zq1/kernel-source-2.4.18.SuSE-299.nosrc.rpm> \n622c85342dd84abd0400103902d05eed \n<ftp://ftp.suse.com/pub/suse/i386/update/8.0/zq1/k_deflt-2.4.18-299.src.rpm> \n37916ea39febc4dd43fabfccce9322db \n<ftp://ftp.suse.com/pub/suse/i386/update/8.0/zq1/k_psmp-2.4.18-299.src.rpm> \n0dde0e6758e42de5479e8776475ae76f \n<ftp://ftp.suse.com/pub/suse/i386/update/8.0/zq1/k_smp-2.4.18-299.src.rpm> \n523bef4e31fa67f078d5fcbdc426a4c0 \n<ftp://ftp.suse.com/pub/suse/i386/update/8.0/zq1/k_i386-2.4.18-299.src.rpm> \n06a2a062a54764a30adae0b8ea40cb29 \n \n \n \nOpteron x86_64 Platform: \n \nSuSE-9.1: \n<ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/kernel-source-2.6.5-7.75.x86_64.rpm> \n1c878b1e29a9bea40547637b6a307b2d \n<ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/kernel-default-2.6.5-7.75.x86_64.rpm> \n16de3ee2390bb2b92f9fe50451d4f082 \n<ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/kernel-smp-2.6.5-7.75.x86_64.rpm> \nc310268daa83f18fcfd4cf19434f06e0 \nsource rpm(s): \n<ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/src/kernel-source-2.6.5-7.75.src.rpm> \n2fed0a8f3936027261add7d1cbfa5341 \n<ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/src/kernel-default-2.6.5-7.75.nosrc.rpm> \n9ad26d15566337c83273121390ea4e32 \n<ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/src/kernel-smp-2.6.5-7.75.nosrc.rpm> \n352951be42b3093efb0148320a6f4c27 \n \nSuSE-9.0: \n<ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/kernel-source-2.4.21-226.x86_64.rpm> \nced9c66ffa28bf7e7c795781f92083fe \n<ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/k_deflt-2.4.21-226.x86_64.rpm> \n60539bc47e8cac0664ac5ca824d311e0 \n<ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/k_smp-2.4.21-226.x86_64.rpm> \n083aeedd2a88ccc2e00c8f66cd61b81c \nsource rpm(s): \n<ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/src/kernel-source-2.4.21-226.src.rpm> \n58c40a206f6f615daa3486fc6d6ade38 \n<ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/src/k_deflt-2.4.21-226.src.rpm> \n1c234f6c0475680b41c644c575ff8ef6 \n<ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/src/k_smp-2.4.21-226.src.rpm> \ne9b90824615859405b1979793662bc0d \n \n______________________________________________________________________________ \n \n2) Pending vulnerabilities in SUSE Distributions and Workarounds: \n \n- icecast \nThe icecast service is vulnerable to a remote denial-of-service \nattack. Update packages will be available soon. \n \n- sitecopy \nThe sitecopy package includes a vulnerable version of the \nneon library (CAN-2004-0179, CAN-2004-0398). Update packages will be \navailable soon. \n \n- cadaver \nThe cadaver package includes a vulnerable version of the \nneon library (CAN-2004-0179, CAN-2004-0398). Update packages will be \navailable soon. \n \n- OpenOffice_org \nThe OpenOffice_org package includes a vulnerable version \nof the neon library (CAN-2004-0179, CAN-2004-0398). Update packages \nwill be available soon. \n \n- tripwire \nA format string bug in tripwire can be exploited locally \nto gain root permissions. Update packages will be available soon. \n` \n` - postgresql \nA buffer overflow in psqlODBC could be exploited to crash the \napplication using it. E.g. a PHP script that uses ODBC to access a \nPostgreSQL database can be utilized to crash the surrounding Apache \nweb-server. Other parts of PostgreSQL are not affected. \nUpdate packages will be available soon. \n \n- lha \nMinor security fix for a buffer overflow while handling command \nline options. This buffer overflow could be exploited in conjunction \nwith other mechanisms to gain higher privileges or access the system \nremotely. \n \n- XDM/XFree86 \nThis update resolves random listening to ports by XDM \nthat allows to connect via the XDMCP. SUSE LINUX 9.1 \nis affected only. \nNew packages are currently being tested and will be \navailable soon. \n \n- mod_proxy \nA buffer overflow can be triggered by malicious remote \nservers that return a negative Content-Length value. \nThis vulnerability can be used to execute commands remotely \nNew packages are currently being tested and will be \navailable soon. \n \n______________________________________________________________________________ \n \n3) standard appendix: authenticity verification, additional information \n \n- Package authenticity verification: \n \nSUSE update packages are available on many mirror ftp servers around \nthe world. While this service is considered valuable and important \nto the free and open source software community, many users wish to be \ncertain as to be the origin of the package and its content before \ninstalling the package. There are two independent verification methods \nthat can be used to prove the authenticity of a downloaded file or \nrpm package: \n1) md5sums as provided in the (cryptographically signed) announcement. \n2) using the internal gpg signatures of the rpm package. \n \n1) execute the command \nmd5sum <name-of-the-file.rpm> \nafter you have downloaded the file from a SUSE ftp server or its \nmirrors. Then, compare the resulting md5sum with the one that is \nlisted in the announcement. Since the announcement containing the \nchecksums is cryptographically signed (usually using the key \nsecurity@suse.de), the checksums offer proof of the authenticity \nof the package. \nWe recommend against subscribing to security lists which cause the \nemail message containing the announcement to be modified so that \nthe signature does not match after transport through the mailing \nlist software. \nDownsides: You must be able to verify the authenticity of the \nannouncement in the first place. If RPM packages are being rebuilt \nand a new version of a package is published on the ftp server, all \nmd5 sums for the files are useless. \n \n2) rpm package signatures provide an easy way to verify the authenticity \nof an rpm package. Use the command \nrpm -v --checksig <file.rpm> \nto verify the signature of the package, where <file.rpm> is the \nfilename of the rpm package that you have downloaded. Of course, \npackage authenticity verification can only target an un-installed rpm \npackage file. \nPrerequisites: \na) gpg is installed \nb) The package is signed using a certain key. The public part of this \nkey must be installed by the gpg program in the directory \n~/.gnupg/ under the user's home directory who performs the \nsignature verification (usually root). You can import the key \nthat is used by SUSE in rpm packages for SUSE Linux by saving \nthis announcement to a file (\"announcement.txt\") and \nrunning the command (do \"su -\" to be root): \ngpg --batch; gpg < announcement.txt | gpg --import \nSUSE Linux distributions version 7.1 and thereafter install the \nkey \"build@suse.de\" upon installation or upgrade, provided that \nthe package gpg is installed. The file containing the public key \nis placed at the top-level directory of the first CD (pubring.gpg) \nand at <ftp://ftp.suse.com/pub/suse/pubring.gpg-build.suse.de> . \n \n \n- SUSE runs two security mailing lists to which any interested party may \nsubscribe: \n \nsuse-security@suse.com \n- general/linux/SUSE security discussion. \nAll SUSE security announcements are sent to this list. \nTo subscribe, send an email to \n<suse-security-subscribe@suse.com>. \n \nsuse-security-announce@suse.com \n- SUSE's announce-only mailing list. \nOnly SUSE's security announcements are sent to this list. \nTo subscribe, send an email to \n<suse-security-announce-subscribe@suse.com>. \n \nFor general information or the frequently asked questions (faq) \nsend mail to: \n<suse-security-info@suse.com> or \n<suse-security-faq@suse.com> respectively. \n \n===================================================================== \nSUSE's security contact is <security@suse.com> or <security@suse.de>. \nThe <security@suse.de> public key is listed below. \n===================================================================== \n______________________________________________________________________________ \n \nThe information in this advisory may be distributed or reproduced, \nprovided that the advisory is not modified in any way. In particular, \nit is desired that the clear-text signature must show proof of the \nauthenticity of the text. \nSUSE Linux AG makes no warranties of any kind whatsoever with respect \nto the information contained in this security advisory. \n \nType Bits/KeyID Date User ID \npub 2048R/3D25D3D9 1999-03-06 SuSE Security Team <security@suse.de> \npub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <build@suse.de> \n \n- -----BEGIN PGP PUBLIC KEY BLOCK----- \nVersion: GnuPG v1.0.6 (GNU/Linux) \nComment: For info see <http://www.gnupg.org> \n \nmQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCkYS3yEKeueNWc+z/0Kvff \n4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP+Y0PFPboMvKx0FXl/A0d \nM+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR8xocQSVCFxcwvwCglVcO \nQliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U8c/yE/vdvpN6lF0tmFrK \nXBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0ScZqITuZC4CWxJa9GynBE \nD3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEhELBeGaPdNCcmfZ66rKUd \nG5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtBUVKn4zLUOf6aeBAoV6NM \nCC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOoAqajLfvkURHAeSsxXIoE \nmyW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1nKFvF+rQoU3VTRSBQYWNr \nYWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohcBBMRAgAcBQI57vSBBQkD \nwmcABAsKAwQDFQMCAxYCAQIXgAAKCRCoTtronIAKyl8sAJ98BgD40zw0GHJHIf6d \nNfnwI2PAsgCgjH1+PnYEl7TFjtZsqhezX7vZvYCIRgQQEQIABgUCOnBeUgAKCRCe \nQOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lxyoAejACeOO1HIbActAevk5MUBhNe \nLZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWnB/9An5vfiUUE1VQnt+T/EYklES3t \nXXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDVwM2OgSEISZxbzdXGnqIlcT08TzBU \nD9i579uifklLsnr35SJDZ6ram51/CWOnnaVhUzneOA9gTPSr+/fT3WeVnwJiQCQ3 \n0kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF5Yryk23pQUPAgJENDEqeU6iIO9Ot \n1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3D3EN8C1yPqZd5CvvznYvB6bWBIpW \ncRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGuzgpJt9IXSzyohEJB6XG5+D0BiF0E \nExECAB0FAjxqqTQFCQoAgrMFCwcKAwQDFQMCAxYCAQIXgAAKCRCoTtronIAKyp1f \nAJ9dR7saz2KPNwD3U+fy/0BDKXrYGACfbJ8fQcJqCBQxeHvt9yMPDVq0B0W5Ag0E \nOe70khAIAISR0E3ozF/la+oNaRwxHLrCet30NgnxRROYhPaJB/Tu1FQokn2/Qld/ \nHZnh3TwhBIw1FqrhWBJ7491iAjLR9uPbdWJrn+A7t8kSkPaF3Z/6kyc5a8fas44h \nt5h+6HMBzoFCMAq2aBHQRFRNp9Mz1ZvoXXcI1lk1l8OqcUM/ovXbDfPcXsUVeTPT \ntGzcAi2jVl9hl3iwJKkyv/RLmcusdsi8YunbvWGFAF5GaagYQo7YlF6UaBQnYJTM \n523AMgpPQtsKm9o/w9WdgXkgWhgkhZEeqUS3m5xNey1nLu9iMvq9M/iXnGz4sg6Q \n2Y+GqZ+yAvNWjRRou3zSE7Bzg28MI4sAAwYH/2D71Xc5HPDgu87WnBFgmp8MpSr8 \nQnSs0wwPg3xEullGEocolSb2c0ctuSyeVnCttJMzkukL9TqyF4s/6XRstWirSWaw \nJxRLKH6Zjo/FaKsshYKf8gBkAaddvpl3pO0gmUYbqmpQ3xDEYlhCeieXS5MkockQ \n1sj2xYdB1xO0ExzfiCiscUKjUFy+mdzUsUutafuZ+gbHog1CN/ccZCkxcBa5IFCH \nORrNjq9pYWlrxsEn6ApsG7JJbM2besW1PkdEoxak74z1senh36m5jQvVjA3U4xq1 \nwwylxadmmJaJHzeiLfb7G1ZRjZTsB7fyYxqDzMVul6o9BSwO/1XsIAnV1uuITAQY \nEQIADAUCOe70kgUJA8JnAAAKCRCoTtronIAKyksiAJsFB3/77SkH3JlYOGrEe1Ol \n0JdGwACeKTttgeVPFB+iGJdiwQlxasOfuXyITAQYEQIADAUCPGqpWQUJCgCCxwAK \nCRCoTtronIAKyofBAKCSZM2UFyta/fe9WgITK9I5hbxxtQCfX+0ar2CZmSknn3co \nSPihn1+OBNyZAQ0DNuEtBAAAAQgAoCRcd7SVZEFcumffyEwfLTcXQjhKzOahzxpo \nomuF+HIyU4AGq+SU8sTZ/1SsjhdzzrSAfv1lETACA+3SmLr5KV40Us1w0UC64cwt \nA46xowVq1vMlH2Lib+V/qr3b1hE67nMHjysECVx9Ob4gFuKNoR2eqnAaJvjnAT8J \n/LoUC20EdCHUqn6v+M9t/WZgC+WNR8cq69uDy3YQhDP/nIan6fm2uf2kSV9A7ZxE \nGrwsWl/WX5Q/sQqMWaU6r4az98X3z90/cN+eJJ3vwtA+rm+nxEvyev+jaLuOQBDf \nebh/XA4FZ35xmi+spdiVeJH4F/ubaGlmj7+wDOF3suYAPSXT2QAFEbQlU3VTRSBT \nZWN1cml0eSBUZWFtIDxzZWN1cml0eUBzdXNlLmRlPokBFQMFEDbhLUfkWLKHsco8 \nRQEBVw4H/1vIdiOLX/7hdzYaG9crQVIk3QwaB5eBbjvLEMvuCZHiY2COUg5QdmPQ \n8SlWNZ6k4nu1BLcv2g/pymPUWP9fG4tuSnlUJDrWGm3nhyhAC9iudP2u1YQY37Gb \nB6NPVaZiYMnEb4QYFcqv5c/r2ghSXUTYk7etd6SW6WCOpEqizhx1cqDKNZnsI/1X` \n`11pFcO2N7rc6byDBJ1T+cK+F1Ehan9XBt/shryJmv04nli5CXQMEbiqYYMOu8iaA \n8AWRgXPCWqhyGhcVD3LRhUJXjUOdH4ZiHCXaoF3zVPxpeGKEQY8iBrDeDyB3wHmj \nqY9WCX6cmogGQRgYG6yJqDalLqrDOdmJARUDBRA24S0Ed7LmAD0l09kBAW04B/4p \nWH3f1vQn3i6/+SmDjGzUu2GWGq6Fsdwo2hVM2ym6CILeow/K9JfhdwGvY8LRxWRL \nhn09j2IJ9P7H1Yz3qDf10AX6V7YILHtchKT1dcngCkTLmDgC4rs1iAAl3f089sRG \nBafGPGKv2DQjHfR1LfRtbf0P7c09Tkej1MP8HtQMW9hPkBYeXcwbCjdrVGFOzqx+ \nAvvJDdT6a+oyRMTFlvmZ83UV5pgoyimgjhWnM1V4bFBYjPrtWMkdXJSUXbR6Q7Pi \nRZWCzGRzwbaxqpl3rK/YTCphOLwEMB27B4/fcqtBzgoMOiaZA0M5fFoo54KgRIh0 \nzinsSx2OrWgvSiLEXXYKiEYEEBECAAYFAjseYcMACgkQnkDjEAAKq6ROVACgjhDM \n/3KM+iFjs5QXsnd4oFPOnbkAnjYGa1J3em+bmV2aiCdYXdOuGn4ZiQCVAwUQN7c7 \nwhaQN/7O/JIVAQEB+QP/cYblSAmPXxSFiaHWB+MiUNw8B6ozBLK0QcMQ2YcL6+Vl \nD+nSZP20+Ja2nfiKjnibCv5ss83yXoHkYk2Rsa8foz6Y7tHwuPiccvqnIC/c9Cvz \ndbIsdxpfsi0qWPfvX/jLMpXqqnPjdIZErgxpwujas1n9016PuXA8K3MJwVjCqSKI \nRgQQEQIABgUCOhpCpAAKCRDHUqoysN/3gCt7AJ9adNQMbmA1iSYcbhtgvx9ByLPI \nDgCfZ5Wj+f7cnYpFZI6GkAyyczG09sE= \n=LRKC \n- -----END PGP PUBLIC KEY BLOCK----- \n \n-----BEGIN PGP SIGNATURE----- \nVersion: GnuPG v1.2.2 (GNU/Linux) \n \niQEVAwUBQNBTgney5gA9JdPZAQHB7Af/XRy01sYB1rDi0L+TwlQtW4nr4vwrJTOt \n6pA/M+oNsW0SUPK3kCcN+v7mvuIrA69c1VZeYgfI4/dy0bdMntcVkOliikn0+m0i \ne2SvKYY+/KC8wZaUIrKFbH4PA0Gdf40GmNVj4uq5KdwohJLGQDTa8eguiYocMjXv \nE8QAdGTaPXEBGz8Ode6YMYAbauHbWXip9x6TyQ7NgiQ4mylabmmw8AUebVyM4oWS \na28uoT8nWPu+BwYNW0zt26clPhLvmHWFpIpqyaWERaWMuCrFHwlc753B2PCOVdnm \nYj/ugqlkkGRysclITz3WFbUGUKtd91AdZAEK6l+MxkuqRDZmNUYgHw== \n=q9W1 \n-----END PGP SIGNATURE-----`\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23973654 Feedback>).\n\n### Trustix Secure Linux __ Affected\n\nNotified: June 16, 2004 Updated: June 16, 2004 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\n`-----BEGIN PGP SIGNED MESSAGE----- \nHash: SHA1 \n \n- -------------------------------------------------------------------------- \nTrustix Secure Linux Bugfix Advisory #2004-0034 \n \nPackage name: kernel \nSummary: Local DoS \nDate: 2004-06-16 \nAffected versions: Trustix Secure Linux 2.0 \nTrustix Secure Linux 2.1 \nTrustix Operating System - Enterprise Server 2 \n \n- -------------------------------------------------------------------------- \nPackage description: \nThe kernel package contains the Linux kernel (vmlinuz), the core of your \nTrustix Secure Linux operating system. The kernel handles the basic \nfunctions of the operating system: memory allocation, process allocation, \ndevice input and output, etc. \n \nProblem description: \nA flaw was by accident discovered by Stian Skjelstad when he was doing \nsome code tests during vacation. He was quite surprised when I discovered \nthat the code he was trying froze his machine. He reported it to the \nLinux-kernel mailing list and the gcc bugzilla 2004-06-09. \n \nSee CAN-2004-0554 at <http://cve.mitre.org/> for more information. \n \n \nAction: \nWe recommend that all systems with this package installed be upgraded. \nPlease note that if you do not need the functionality provided by this \npackage, you may want to remove it from your system. \n \n \nLocation: \nAll Trustix Secure Linux updates are available from \n<URI:<http://http.trustix.org/pub/trustix/updates/>> \n<URI:<ftp://ftp.trustix.org/pub/trustix/updates/>> \n \n \nAbout Trustix Secure Linux: \nTrustix Secure Linux is a small Linux distribution for servers. With focus \non security and stability, the system is painlessly kept safe and up to \ndate from day one using swup, the automated software updater. \n \n \nAutomatic updates: \nUsers of the SWUP tool can enjoy having updates automatically \ninstalled using 'swup --upgrade'. \n \n \nPublic testing: \nMost updates for Trustix Secure Linux are made available for public \ntesting some time before release. \nIf you want to contribute by testing the various packages in the \ntesting tree, please feel free to share your findings on the \ntsl-discuss mailinglist. \nThe testing tree is located at \n<URI:<http://tsldev.trustix.org/horizon/>> \n \nYou may also use swup for public testing of updates: \n \nsite { \nclass = 0 \nlocation = \"<http://tsldev.trustix.org/horizon/rdfs/latest.rdf>\" \nregexp = \".*\" \n} \n \n \nQuestions? \nCheck out our mailing lists: \n<URI:<http://www.trustix.org/support/>> \n \n \nVerification: \nThis advisory along with all Trustix packages are signed with the \nTSL sign key. \nThis key is available from: \n<URI:<http://www.trustix.org/TSL-SIGN-KEY>> \n \nThe advisory itself is available from the errata pages at \n<URI:<http://www.trustix.org/errata/trustix-2.0/>> and \n<URI:<http://www.trustix.org/errata/trustix-2.1/>> \nor directly at \n<URI:<http://www.trustix.org/errata/2004/0034>> \n \n \nMD5sums of the packages: \n- -------------------------------------------------------------------------- \n4eeda04ede3e7538c560d78db0087abf 2.1/rpms/kernel-2.4.26-2tr.i586.rpm \nf116f17ce723574940cf5653e24b189b 2.1/rpms/kernel-BOOT-2.4.26-2tr.i586.rpm \nbeb2d9638544bbe1e3d3d4c4f3bc0841 2.1/rpms/kernel-doc-2.4.26-2tr.i586.rpm \n1da3f4c3c5489ad6441c1deb77ade460 2.1/rpms/kernel-firewall-2.4.26-2tr.i586.rpm \n33a3d2cc288d8feca38bf723a532d5fc 2.1/rpms/kernel-firewallsmp-2.4.26-2tr.i586.rpm \n2eca74fa29f9ab94400c3b660f1cb7d4 2.1/rpms/kernel-smp-2.4.26-2tr.i586.rpm \n87d8729ae10b644fd4293028064b4449 2.1/rpms/kernel-source-2.4.26-2tr.i586.rpm \n5e79ec0c2f39096258f277b6c9742010 2.1/rpms/kernel-utils-2.4.26-2tr.i586.rpm \n19085e9447cf6c6e442dc7b5cce2741d 2.0/rpms/kernel-2.4.26-2tr.i586.rpm \n65a65ef1e6387ff9d1c00f4775baf824 2.0/rpms/kernel-BOOT-2.4.26-2tr.i586.rpm \ncfe247f0b22f9f9964ad192610030429 2.0/rpms/kernel-doc-2.4.26-2tr.i586.rpm \nbe9eaf3ea57f93f12732927230014e5d 2.0/rpms/kernel-firewall-2.4.26-2tr.i586.rpm \n7ac9ad8333acd85d59337ab963021c95 2.0/rpms/kernel-firewallsmp-2.4.26-2tr.i586.rpm \nff07e3390ca40209e1a3e8cd4b5b6d3a 2.0/rpms/kernel-smp-2.4.26-2tr.i586.rpm \n5216d7c88b49b6f4588ff68ca15a9bc5 2.0/rpms/kernel-source-2.4.26-2tr.i586.rpm \n5881e9c49f504248ccdb983430f3d3cf 2.0/rpms/kernel-utils-2.4.26-2tr.i586.rpm \n24ea881f70d85501dde7b0bd280db86b e2/kernel-2.4.26-2tr.i586.rpm \nb19ab411d3ecb4033b828a1dbd8b7d6e e2/kernel-BOOT-2.4.26-2tr.i586.rpm \n86bf9bee49f8aca7220c1be1fa085bc6 e2/kernel-doc-2.4.26-2tr.i586.rpm \n2ae2ddcca0440e2a7995208500b05b88 e2/kernel-firewall-2.4.26-2tr.i586.rpm \n53b6077acf13c8c1ae2358ad078b1710 e2/kernel-firewallsmp-2.4.26-2tr.i586.rpm \n7ad7e859f539438ca7ada4ed0b12ea76 e2/kernel-smp-2.4.26-2tr.i586.rpm \n2719c667ccbeabd5e40eadc747663ad3 e2/kernel-source-2.4.26-2tr.i586.rpm \nc340c5b408699be1d6d44a2d9b9211c8 e2/kernel-utils-2.4.26-2tr.i586.rpm \n- -------------------------------------------------------------------------- \n \n \nTrustix Security Team \n \n-----BEGIN PGP SIGNATURE----- \nVersion: GnuPG v1.2.2 (GNU/Linux) \n \niD8DBQFA0DFii8CEzsK9IksRAteIAJ97XC+eJOVpi/AVkvkk9W9O2byoGgCfYxMo \nK4oBAeXOexvaNTo652IzAnA= \n=7CnB \n-----END PGP SIGNATURE-----`\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23973654 Feedback>).\n\n### Apple Computer Inc. __ Not Affected\n\nNotified: June 15, 2004 Updated: June 16, 2004 \n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\nApple products are not affected by the issue reported in Vulnerability Note VU#973654.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23973654 Feedback>).\n\n### BSDI Unknown\n\nUpdated: June 16, 2004 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23973654 Feedback>).\n\n### Cray Inc. Unknown\n\nUpdated: June 16, 2004 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23973654 Feedback>).\n\n### Debian Unknown\n\nUpdated: June 16, 2004 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23973654 Feedback>).\n\n### EMC Corporation Unknown\n\nUpdated: June 16, 2004 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23973654 Feedback>).\n\n### FreeBSD Unknown\n\nUpdated: June 16, 2004 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23973654 Feedback>).\n\n### Fujitsu Unknown\n\nUpdated: June 16, 2004 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23973654 Feedback>).\n\n### Hewlett-Packard Company Unknown\n\nUpdated: June 16, 2004 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23973654 Feedback>).\n\n### Hitachi Unknown\n\nUpdated: June 16, 2004 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23973654 Feedback>).\n\n### IBM Unknown\n\nUpdated: June 16, 2004 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23973654 Feedback>).\n\n### IBM eServer Unknown\n\nUpdated: June 16, 2004 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23973654 Feedback>).\n\n### Ingrian Networks Unknown\n\nUpdated: June 16, 2004 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23973654 Feedback>).\n\n### Juniper Networks Unknown\n\nUpdated: June 16, 2004 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23973654 Feedback>).\n\n### MontaVista Software Unknown\n\nUpdated: June 16, 2004 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23973654 Feedback>).\n\n### NEC Corporation Unknown\n\nUpdated: June 16, 2004 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23973654 Feedback>).\n\n### NetBSD Unknown\n\nUpdated: June 16, 2004 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23973654 Feedback>).\n\n### Nokia Unknown\n\nUpdated: June 16, 2004 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23973654 Feedback>).\n\n### Novell Unknown\n\nUpdated: June 16, 2004 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23973654 Feedback>).\n\n### OpenBSD Unknown\n\nUpdated: June 16, 2004 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23973654 Feedback>).\n\n### Openwall GNU/*/Linux Unknown\n\nUpdated: June 16, 2004 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23973654 Feedback>).\n\n### SGI Unknown\n\nUpdated: June 16, 2004 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23973654 Feedback>).\n\n### Sequent Unknown\n\nUpdated: June 16, 2004 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23973654 Feedback>).\n\n### Sony Corporation Unknown\n\nUpdated: June 16, 2004 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23973654 Feedback>).\n\n### Sun Microsystems Inc. Unknown\n\nUpdated: June 16, 2004 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23973654 Feedback>).\n\n### The SCO Group (SCO Linux) Unknown\n\nUpdated: June 16, 2004 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23973654 Feedback>).\n\n### The SCO Group (SCO UnixWare) Unknown\n\nUpdated: June 16, 2004 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23973654 Feedback>).\n\n### TurboLinux Unknown\n\nNotified: June 15, 2004 Updated: June 16, 2004 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23973654 Feedback>).\n\n### Unisys Unknown\n\nNotified: June 15, 2004 Updated: June 16, 2004 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23973654 Feedback>).\n\n### Wind River Systems Inc. Unknown\n\nNotified: June 15, 2004 Updated: June 16, 2004 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23973654 Feedback>).\n\nView all 36 vendors __View less vendors __\n\n \n\n\n### CVSS Metrics\n\nGroup | Score | Vector \n---|---|--- \nBase | | \nTemporal | | \nEnvironmental | | \n \n \n\n\n### References\n\n * <http://linuxreviews.org/news/2004-06-11_kernel_crash/index.html>\n * <http://secunia.com/advisories/11861/>\n * <http://xforce.iss.net/xforce/xfdb/16412>\n\n### Acknowledgements\n\nThis vulnerability was discovered by Stian Skjelstad.\n\nThis document was written by Jeffrey P. Lanza.\n\n### Other Information\n\n**CVE IDs:** | [CVE-2004-0554](<http://web.nvd.nist.gov/vuln/detail/CVE-2004-0554>) \n---|--- \n**Severity Metric:** | 11.81 \n**Date Public:** | 2004-06-14 \n**Date First Published:** | 2004-06-15 \n**Date Last Updated: ** | 2004-08-23 17:54 UTC \n**Document Revision: ** | 23 \n", "cvss3": {}, "published": "2004-06-15T00:00:00", "type": "cert", "title": "Linux kernel fails to properly handle floating point signals generated by \"fsave\" and \"frstor\"", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": true}, "cvelist": ["CVE-2004-0179", "CVE-2004-0398", "CVE-2004-0427", "CVE-2004-0495", "CVE-2004-0535", "CVE-2004-0554"], "modified": "2004-08-23T17:54:00", "id": "VU:973654", "href": "https://www.kb.cert.org/vuls/id/973654", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}]}
