The remote host is affected by the vulnerability described in GLSA-200403-13 (Remote buffer overflow in MPlayer)

    A vulnerability exists in the MPlayer HTTP parser which may allow an     attacker to craft a special HTTP header ('Location:') which will trick     MPlayer into executing arbitrary code on the user's computer.
  Impact :

    An attacker without privileges may exploit this vulnerability remotely,     allowing arbitrary code to be executed in order to gain unauthorized     access.
  Workaround :

    A workaround is not currently known for this issue. All users are     advised to upgrade to the latest version of the affected package.

The remote host is affected by the vulnerability described in GLSA-200403-12 (OpenLDAP DoS Vulnerability)

    A password extended operation (password EXOP) which fails will cause     the slapd server to free() an uninitialized pointer, possibly resulting     in a segfault. This only affects servers using the back-ldbm backend.
    Such a crash is not guaranteed with every failed operation, however, it     is possible.
  Impact :

    An attacker (or indeed, a normal user) may crash the OpenLDAP server,     creating a Denial of Service condition.
  Workaround :

    A workaround is not currently known for this issue. All users are     advised to upgrade to the latest version of the affected package.

The remote host is affected by the vulnerability described in GLSA-200403-11 (Squid ACL [url_regex] bypass vulnerability)

    A bug in Squid allows users to bypass certain access controls by passing a     URL containing '%00' which exploits the Squid decoding function.
    This may insert a NUL character into decoded URLs, which may allow users to     bypass url_regex access control lists that are enforced upon them.
    In such a scenario, Squid will insert a NUL character after     the'%00' and it will make a comparison between the URL to the end     of the NUL character rather than the contents after it: the comparison does     not result in a match, and the user's request is not denied.
  Impact :

    Restricted users may be able to bypass url_regex access control lists that     are enforced upon them which may cause unwanted network traffic as well as     a route for other possible exploits. Users of Squid 2.5STABLE4 and below     who require the url_regex features are recommended to upgrade to 2.5STABLE5     to maintain the security of their infrastructure.
  Workaround :

    A workaround is not currently known for this issue. All users are advised     to upgrade to the latest version of Squid.

The remote host is affected by the vulnerability described in GLSA-200403-10 (Fetchmail 6.2.5 fixes a remote DoS)

    Fetchmail versions 6.2.4 and earlier can be crashed by sending a     specially crafted email to a Fetchmail user. This problem occurs because     Fetchmail does not properly allocate memory for long lines in an incoming     email.
  Impact :

    Fetchmail users who receive a malicious email may have their Fetchmail program crash.
  Workaround :

    While a workaround is not currently known for this issue, all users are advised to upgrade to the latest version of Fetchmail.

The remote host is affected by the vulnerability described in GLSA-200403-09 (Buffer overflow in Midnight Commander)

    A stack-based buffer overflow has been found in Midnight Commander's     virtual filesystem.
  Impact :

    This overflow allows an attacker to run arbitrary code on the user's     computer during the symlink conversion process.
  Workaround :

    While a workaround is not currently known for this issue, all users are     advised to upgrade to the latest version of the affected package.

The remote host is affected by the vulnerability described in GLSA-200403-08 (oftpd DoS vulnerability)

    Issuing a port command with a number higher than 255 causes the server     to crash. The port command may be issued before any authentication     takes place, meaning the attacker does not need to know a valid     username and password in order to exploit this vulnerability.
  Impact :

    This exploit causes a denial of service.
  Workaround :

    While a workaround is not currently known for this issue, all users are     advised to upgrade to the latest version of the affected package.

The remote host is affected by the vulnerability described in GLSA-200403-07 (Multiple remote overflows and vulnerabilities in Ethereal)

    There are multiple vulnerabilities in versions of Ethereal earlier than 0.10.3, including:
	Thirteen buffer overflows in the following protocol dissectors: NetFlow, IGAP, EIGRP, PGM, IrDA, BGP, ISUP, and TCAP.
      	A zero-length Presentation protocol selector could make Ethereal crash.
     	A vulnerability in the RADIUS packet dissector which may crash ethereal.
      	A corrupt color filter file could cause a segmentation fault.
  Impact :

    These vulnerabilities may cause Ethereal to crash or may allow an attacker     to run arbitrary code on the user's computer.
  Workaround :

    While a workaround is not currently known for this issue, all users are     advised to upgrade to the latest version of the affected package.

The remote host is affected by the vulnerability described in GLSA-200403-06 (Multiple remote buffer overflow vulnerabilities in Courier)

    The vulnerabilities have been found in the 'SHIFT_JIS' converter in     'shiftjis.c' and 'ISO2022JP' converter in 'so2022jp.c'. An attacker may     supply Unicode characters that exceed BMP (Basic Multilingual Plane) range,     causing an overflow.
  Impact :

    An attacker without privileges may exploit this vulnerability remotely, allowing arbitrary code to be executed in order to gain unauthorized access.
  Workaround :

    While a workaround is not currently known for this issue, all users are     advised to upgrade to the latest version of the affected packages.

The remote host is affected by the vulnerability described in GLSA-200403-05 (UUDeview MIME Buffer Overflow)

    By decoding a MIME archive with excessively long strings for various     parameters, it is possible to crash UUDeview, or cause it to execute     arbitrary code.
    This vulnerability was originally reported by iDEFENSE as part of a WinZip     advisory [ Reference: 1 ].
  Impact :

    An attacker could create a specially crafted MIME file and send it via     email. When recipient decodes the file, UUDeview may execute arbitrary code     which is embedded in the MIME file, thus granting the attacker access to     the recipient's account.
  Workaround :

    There is no known workaround at this time. As a result, a software upgrade     is required and users should upgrade to uudeview 0.5.20.

The remote host is affected by the vulnerability described in GLSA-200403-04 (Multiple security vulnerabilities in Apache 2)

    Three vulnerabilities were found:
    A memory leak in ssl_engine_io.c for mod_ssl in Apache 2.0.48 and below     allows remote attackers to cause a denial of service attack via plain     HTTP requests to the SSL port of an SSL-enabled server.
    Apache fails to filter terminal escape sequences from error logs that     begin with the ASCII (0x1B) sequence and are followed by a  series of     arguments. If a remote attacker could inject escape sequences into an     Apache error log, the attacker could take advantages of weaknesses in     various terminal emulators, launching attacks against remote users     including further denial of service attacks, file modification, and the     execution of arbitrary commands.
    The Apache mod_disk_cache has been found to be vulnerable to a weakness     that allows attackers to gain access to authentication credentials     through the issue of caching HTTP hop-by-hop headers which would     contain plaintext user passwords. There is no available resolution for     this issue yet.
  Impact :

    No special privileges are required for these vulnerabilities. As a     result, all users are recommended to upgrade their Apache     installations.
  Workaround :

    There is no immediate workaround; a software upgrade is required. There     is no workaround for the mod_disk_cache issue; users are recommended to     disable the feature on their servers until a patched version is     released.

The remote host is affected by the vulnerability described in GLSA-200403-03 (Multiple OpenSSL Vulnerabilities)

    Testing performed by the OpenSSL group using the Codenomicon TLS Test     Tool uncovered a NULL pointer assignment in the do_change_cipher_spec()     function. A remote attacker could perform a carefully crafted SSL/TLS     handshake against a server that used the OpenSSL library in such a way     as to cause OpenSSL to crash. Depending on the application this could     lead to a denial of service. All versions of OpenSSL from 0.9.6c to     0.9.6l inclusive and from 0.9.7a to 0.9.7c inclusive are affected by     this issue.
    A flaw has been discovered in SSL/TLS handshaking code when using     Kerberos ciphersuites. A remote attacker could perform a carefully     crafted SSL/TLS handshake against a server configured to use Kerberos     ciphersuites in such a way as to cause OpenSSL to crash. Most     applications have no ability to use Kerberos cipher suites and will     therefore be unaffected. Versions 0.9.7a, 0.9.7b, and 0.9.7c of OpenSSL     are affected by this issue.
    Testing performed by the OpenSSL group using the Codenomicon TLS Test     Tool uncovered a bug in older versions of OpenSSL 0.9.6 that can lead     to a Denial of Service attack (infinite loop). This issue was traced to     a fix that was added to OpenSSL 0.9.6d some time ago. This issue will     affect vendors that ship older versions of OpenSSL with backported     security patches.
  Impact :

    Although there are no public exploits known for bug, users are     recommended to upgrade to ensure the security of their infrastructure.
  Workaround :

    There is no immediate workaround; a software upgrade is required. The     vulnerable function in the code has been rewritten.

The remote host is affected by the vulnerability described in GLSA-200403-02 (Linux kernel do_mremap local privilege escalation vulnerability)

    The memory subsystem allows for shrinking, growing, and moving of     chunks of memory along any of the allocated memory areas which the     kernel possesses.
    To accomplish this, the do_mremap code calls the do_munmap() kernel     function to remove any old memory mappings in the new location - but,     the code doesn't check the return value of the do_munmap() function     which may fail if the maximum number of available virtual memory area     descriptors has been exceeded.
    Due to the missing return value check after trying to unmap the middle     of the first memory area, the corresponding page table entries from the     second new area are inserted into the page table locations described by     the first old one, thus they are subject to page protection flags of     the first area. As a result, arbitrary code can be executed.
  Impact :

    Arbitrary code with normal non-super-user privileges may be able to     exploit this vulnerability and may disrupt the operation of other parts     of the kernel memory management subroutines finally leading to     unexpected behavior.
    Since no special privileges are required to use the mremap() and     munmap() system calls any process may misuse this unexpected behavior     to disrupt the kernel memory management subsystem. Proper exploitation     of this vulnerability may lead to local privilege escalation allowing     for the execution of arbitrary code with kernel level root access.
    Proof-of-concept exploit code has been created and successfully tested,     permitting root escalation on vulnerable systems. As a result, all     users should upgrade their kernels to new or patched versions.
  Workaround :

    Users who are unable to upgrade their kernels may attempt to use     'sysctl -w vm.max_map_count=1000000', however, this is a temporary fix     which only solves the problem by increasing the number of memory areas     that can be created by each process. Because of the static nature of     this workaround, it is not recommended and users are urged to upgrade     their systems to the latest available patched sources.

The remote host is affected by the vulnerability described in GLSA-200403-01 (Libxml2 URI Parsing Buffer Overflow Vulnerabilities)

    Yuuichi Teranishi discovered a flaw in libxml2 versions prior to 2.6.6.
    When the libxml2 library fetches a remote resource via FTP or HTTP, libxml2     uses parsing routines that can overflow a buffer caused by improper bounds     checking if they are passed a URL longer than 4096 bytes.
  Impact :

    If an attacker is able to exploit an application using libxml2 that parses     remote resources, then this flaw could be used to execute arbitrary code.
  Workaround :

    No workaround is available; users are urged to upgrade libxml2 to 2.6.6.

The remote host is affected by the vulnerability described in GLSA-200402-07 (Clam Antivirus DoS vulnerability)

    Oliver Eikemeier of Fillmore Labs discovered the overflow in Clam AV 0.65     when it handled malformed UUEncoded messages, causing the daemon to shut     down.
    The problem originated in libclamav which calculates the line length of an     uuencoded message by taking the ASCII value of the first character minus 64     while doing an assertion if the length is not in the allowed range,     effectively terminating the calling program as clamav would not be     available.
  Impact :

    A malformed message would cause a denial of service,     and depending on the server configuration this may impact other daemons     relying on Clam AV in a fatal manner.
  Workaround :

    There is no immediate workaround, a software upgrade is required.

The remote host is affected by the vulnerability described in GLSA-200402-06 (Updated kernel packages fix the AMD64 ptrace vulnerability)

    A vulnerability has been discovered by Andi Kleen in the ptrace emulation     code for AMD64 platforms when eflags are processed, allowing a local user     to obtain elevated privileges.  The Common Vulnerabilities and Exposures     project, http://cve.mitre.org, has assigned CAN-2004-0001 to this issue.
  Impact :

    Only users of the AMD64 platform are affected: in this scenario, a user may     be able to obtain elevated privileges, including root access. However, no     public exploit is known for the vulnerability at this time.
  Workaround :

    There is no temporary workaround - a kernel upgrade is required. A list of     unaffected kernels is provided along with this announcement.

The remote host is affected by the vulnerability described in GLSA-200402-05 (phpMyAdmin < 2.5.6-rc1: possible attack against export.php)

    One component of the phpMyAdmin software package (export.php) does not     properly verify input that is passed to it from a remote user.  Since the     input is used to include other files, it is possible to launch a directory     traversal attack.
  Impact :

    Private information could be gleaned from the remote server if an attacker     uses a malformed URL such as http://phpmyadmin.example.com/export.php?what=../../../[existing_file]     In this scenario, the script does not sanitize the 'what' argument passed     to it, allowing directory traversal attacks to take place, disclosing     the contents of files if the file is readable as the web-server user.
  Workaround :

    The workaround is to either patch the export.php file using the     referenced CVS patch or upgrade the software via Portage.

The remote host is affected by the vulnerability described in GLSA-200402-04 (Gallery 1.4.1 and below remote exploit vulnerability)

    Starting in the 1.3.1 release, Gallery includes code to simulate the behaviour     of the PHP 'register_globals' variable in environments where that setting     is disabled.  It is simulated by extracting the values of the various     $HTTP_ global variables into the global namespace.
  Impact :

    A crafted URL such as     http://example.com/gallery/init.php?HTTP_POST_VARS=xxx  causes the     'register_globals' simulation code to overwrite the $HTTP_POST_VARS which,     when it is extracted, will deliver the given payload. If the     payload compromises $GALLERY_BASEDIR then the malicious user can perform a     PHP injection exploit and gain remote access to the webserver with PHP     user UID access rights.
  Workaround :

    The workaround for the vulnerability is to replace init.php and     setup/init.php with the files in the following ZIP file:
    http://prdownloads.sourceforge.net/gallery/patch_1.4.1-to-1.4.1-pl1.zip?download

The remote host is affected by the vulnerability described in GLSA-200402-03 (Monkeyd Denial of Service vulnerability)

    A bug in the URI processing of incoming requests allows for a Denial of     Service to be launched against the webserver, which may cause the server     to crash or behave sporadically.
  Impact :

    Although there are no public exploits known for bug, users are recommended     to upgrade to ensure the security of their infrastructure.
  Workaround :

    There is no immediate workaround; a software upgrade is     required. The vulnerable function in the code has been rewritten.

The remote host is affected by the vulnerability described in GLSA-200402-02 (XFree86 Font Information File Buffer Overflow)

    Exploitation of a buffer overflow in The XFree86 Window System     discovered by iDefence allows local attackers to gain root     privileges.
    The problem exists in the parsing of the 'font.alias' file. The X     server (running as root) fails to check the length of the user     provided input, so a malicious user may craft a malformed     'font.alias' file causing a buffer overflow upon parsing,     eventually leading to the execution of arbitrary code.
    To reproduce the overflow on the command line one can run:
    # cat > fonts.dir <<EOF     1     word.bdf -misc-fixed-medium-r-semicondensed--13-120-75-75-c-60-iso8859-1     EOF     # perl -e 'print '0' x 1024 . 'A' x 96 . '\\n'' > fonts.alias     # X :0 -fp $PWD     {Some output removed}... Server aborting... Segmentation fault (core dumped)   Impact :

    Successful exploitation can lead to a root compromise provided     that the attacker is able to execute commands in the X11     subsystem. This can be done either by having console access to the     target or through a remote exploit against any X client program     such as a web-browser, mail-reader or game.
  Workaround :

    No immediate workaround is available; a software upgrade is required.
    Gentoo has released XFree 4.2.1-r3, 4.3.0-r4 and 4.3.99.902-r1 and     encourages all users to upgrade their XFree86     installations. Vulnerable versions are no longer available in     Portage.

The remote host is affected by the vulnerability described in GLSA-200402-01 (PHP setting leaks from .htaccess files on virtual hosts)

    If the server configuration 'php.ini' file has     'register_globals = on' and a request is made to one virtual host     (which has 'php_admin_flag register_globals off') and the next     request is sent to the another virtual host (which does not have the     setting) through the same apache child, the setting will persist.
  Impact :

    Depending on the server and site, an attacker may be able to exploit     global variables to gain access to reserved areas, such as MySQL passwords,     or this vulnerability may simply cause a lack of functionality. As a     result, users are urged to upgrade their PHP installations.
    Gentoo ships PHP with 'register_globals' set to 'off'     by default.
    This issue affects both servers running Apache 1.x and servers running     Apache 2.x.
  Workaround :

    No immediate workaround is available; a software upgrade is required.

The remote host is affected by the vulnerability described in GLSA-200401-04 (GAIM 0.75 Remote overflows)

    Yahoo changed the authentication methods to their IM servers,     rendering GAIM useless. The GAIM team released a rushed release     solving this issue, however, at the same time a code audit     revealed 12 new vulnerabilities.
  Impact :

    Due to the nature of instant messaging many of these bugs require     man-in-the-middle attacks between the client and the server. But     the underlying protocols are easy to implement and attacking     ordinary TCP sessions is a fairly simple task. As a result, all     users are advised to upgrade their GAIM installation.
        Users of GAIM 0.74 or below are affected by 7 of the         vulnerabilities and are encouraged to upgrade.
        Users of GAIM 0.75 are affected by 11 of the vulnerabilities         and are encouraged to upgrade to the patched version of GAIM         offered by Gentoo.
        Users of GAIM 0.75-r6 are only affected by         4 of the vulnerabilities, but are still urged to upgrade to         maintain security.
  Workaround :

    There is no immediate workaround; a software upgrade is required.

The remote host is affected by the vulnerability described in GLSA-200401-03 (Apache mod_python Denial of Service vulnerability)

    The Apache Foundation has reported that mod_python may be prone to     Denial of Service attacks when handling a malformed     query. Mod_python 2.7.9 was released to fix the vulnerability,     however, because the vulnerability has not been fully fixed,     version 2.7.10 has been released.
    Users of mod_python 3.0.4 are not affected by this vulnerability.
  Impact :

    Although there are no known public exploits known for this     exploit, users are recommended to upgrade mod_python to ensure the     security of their infrastructure.
  Workaround :

    Mod_python 2.7.10 has been released to solve this issue; there is     no immediate workaround.

The remote host is affected by the vulnerability described in GLSA-200401-02 (Honeyd remote detection vulnerability via a probe packet)

    A bug in handling NMAP fingerprints caused Honeyd to reply to TCP     packets with both the SYN and RST flags set.  Watching for replies, it is     possible to detect IP addresses simulated by Honeyd.
  Impact :

    Although there are no public exploits known for Honeyd, the detection     of Honeyd IP addresses may in some cases be undesirable.
  Workaround :

    Honeyd 0.8 has been released along with an advisory to address this     issue. In addition, Honeyd 0.8 drops privileges if permitted by the     configuration file and contains command line flags to force dropping     of privileges.

The remote host is affected by the vulnerability described in GLSA-200401-01 (Linux kernel do_mremap() local privilege escalation vulnerability)

    The memory subsystem allows for shrinking, growing, and moving of     chunks of memory along any of the allocated memory areas which the kernel     possesses.
    A typical virtual memory area covers at least one memory page. An incorrect     bound check discovered inside the do_mremap() kernel code performing     remapping of a virtual memory area may lead to creation of a virtual memory     area of 0 bytes length.
    The problem is based on the general mremap flaw that remapping 2 pages from     inside a VMA creates a memory hole of only one page in length but an     additional VMA of two pages. In the case of a zero sized remapping request     no VMA hole is created but an additional VMA descriptor of 0     bytes in length is created.
    This advisory also addresses an information leak in the Linux RTC system.
  Impact :

    Arbitrary code may be able to exploit this vulnerability and may     disrupt the operation of other     parts of the kernel memory management subroutines finally leading to     unexpected behavior.
    Since no special privileges are required to use the mremap(2) system call     any process may misuse its unexpected behavior to disrupt the kernel memory     management subsystem. Proper exploitation of this vulnerability may lead to     local privilege escalation including execution of arbitrary code     with kernel level access.
    Proof-of-concept exploit code has been created and successfully tested,     permitting root escalation on vulnerable systems. As a result, all users     should upgrade their kernels to new or patched versions.
  Workaround :

    There is no temporary workaround - a kernel upgrade is required. A list     of unaffected kernels is provided along with this announcement.

ID	Name	Severity
14464	GLSA-200403-13 : Remote buffer overflow in MPlayer	critical
14463	GLSA-200403-12 : OpenLDAP DoS Vulnerability	medium
14462	GLSA-200403-11 : Squid ACL [url_regex] bypass vulnerability	high
14461	GLSA-200403-10 : Fetchmail 6.2.5 fixes a remote DoS	medium
14460	GLSA-200403-09 : Buffer overflow in Midnight Commander	high
14459	GLSA-200403-08 : oftpd DoS vulnerability	medium
14458	GLSA-200403-07 : Multiple remote overflows and vulnerabilities in Ethereal	medium
14457	GLSA-200403-06 : Multiple remote buffer overflow vulnerabilities in Courier	high
14456	GLSA-200403-05 : UUDeview MIME Buffer Overflow	critical
14455	GLSA-200403-04 : Multiple security vulnerabilities in Apache 2	medium
14454	GLSA-200403-03 : Multiple OpenSSL Vulnerabilities	medium
14453	GLSA-200403-02 : Linux kernel do_mremap local privilege escalation vulnerability	high
14452	GLSA-200403-01 : Libxml2 URI Parsing Buffer Overflow Vulnerabilities	high
14451	GLSA-200402-07 : Clam Antivirus DoS vulnerability	medium
14450	GLSA-200402-06 : Updated kernel packages fix the AMD64 ptrace vulnerability	medium
14449	GLSA-200402-05 : phpMyAdmin < 2.5.6-rc1: possible attack against export.php	medium
14448	GLSA-200402-04 : Gallery 1.4.1 and below remote exploit vulnerability	medium
14447	GLSA-200402-03 : Monkeyd Denial of Service vulnerability	medium
14446	GLSA-200402-02 : XFree86 Font Information File Buffer Overflow	critical
14445	GLSA-200402-01 : PHP setting leaks from .htaccess files on virtual hosts	medium
14444	GLSA-200401-04 : GAIM 0.75 Remote overflows	medium
14443	GLSA-200401-03 : Apache mod_python Denial of Service vulnerability	low
14442	GLSA-200401-02 : Honeyd remote detection vulnerability via a probe packet	low
14441	GLSA-200401-01 : Linux kernel do_mremap() local privilege escalation vulnerability	high

Detections

Analytics

Gentoo Local Security Checks Family for Nessus

critical

medium

high

medium

high

medium

medium

high

critical

medium

medium

high

high

medium

medium

medium

medium

medium

critical

medium

medium

low

low

high