ID

VAR-200502-0025


CVE

CVE-2004-0975


TITLE

OpenSSL DER_CHOP Insecure Temporary File Creation Vulnerability

Trust: 0.9

sources: BID: 11293 // CNNVD: CNNVD-200502-020

DESCRIPTION

The der_chop script in the openssl package in Trustix Secure Linux 1.5 through 2.1 and other operating systems allows local users to overwrite files via a symlink attack on temporary files. A flaw in the OpenSSL library could allow a remote attacker to cause a denial of service on an affected application. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. OpenSSL include der_chop The script contains a flaw that creates a temporary file in an inappropriate way for security reasons, so there is a vulnerability that is subject to symbolic link attacks.der_chop An arbitrary file may be created or overwritten with the privileges of the user executing the script. OpenSSL is affected by an insecure temporary file creation vulnerability. This issue is likely due to a design error that causes the application to fail to verify the existence of a file before writing to it. An attacker may leverage this issue to overwrite arbitrary files with the privileges of an unsuspecting user that activates the vulnerable application. Reportedly this issue is unlikely to facilitate privilege escalation. OpenSSL is an open source SSL suite. ---------------------------------------------------------------------- Want to work within IT-Security? Secunia is expanding its team of highly skilled security experts. We will help with relocation and obtaining a work permit. Currently the following type of positions are available: http://secunia.com/quality_assurance_analyst/ http://secunia.com/web_application_security_specialist/ http://secunia.com/hardcore_disassembler_and_reverse_engineer/ ---------------------------------------------------------------------- TITLE: gzip Multiple Vulnerabilities SECUNIA ADVISORY ID: SA21996 VERIFY ADVISORY: http://secunia.com/advisories/21996/ CRITICAL: Moderately critical IMPACT: DoS, System access WHERE: >From remote SOFTWARE: gzip 1.x http://secunia.com/product/4220/ DESCRIPTION: Tavis Ormandy has reported some vulnerabilities in gzip, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. 1) A boundary error within the "make_table()" function in unlzh.c can be used to modify certain stack data. tricking a user or automated system into unpacking a specially crafted archive file. tricking a user or automated system into unpacking a specially crafted "pack" archive file. 3) A buffer overflow within the "make_table()" function of gzip's LZH support can be exploited to cause a DoS and potentially to compromise a vulnerable system by e.g. tricking a user or automated system into unpacking an archive containing a specially crafted decoding table. 4) A NULL pointer dereference within the "huft_build()" function and an infinite loop within the LZH handling can be exploited to cause a DoS by e.g. tricking a user or automated system into unpacking a specially crafted archive file. The vulnerabilities have been reported in version 1.3.5. Other versions may also be affected. SOLUTION: Do not unpack untrusted archive files. PROVIDED AND/OR DISCOVERED BY: Tavis Ormandy, Google Security Team ORIGINAL ADVISORY: http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=204676 OTHER REFERENCES: US-CERT VU#554780: http://www.kb.cert.org/vuls/id/554780 US-CERT VU#381508: http://www.kb.cert.org/vuls/id/381508 US-CERT VU#773548: http://www.kb.cert.org/vuls/id/773548 US-CERT VU#933712: http://www.kb.cert.org/vuls/id/933712 US-CERT VU#596848 http://www.kb.cert.org/vuls/id/596848 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA06-333A Apple Releases Security Update to Address Multiple Vulnerabilities Original release date: November 29, 2006 Last revised: -- Source: US-CERT Systems Affected * Apple Mac OS X version 10.3.x and 10.4.x * Apple Mac OS X Server version 10.3.x and 10.4.x * Apple Safari web browser These vulnerabilities affect both Intel-based and PowerPC-based Apple systems. Overview Apple has released Security Update 2006-007 to correct multiple vulnerabilities affecting Mac OS X, Mac OS X Server, Safari web browser. Vulnerabilities in OpenSSL, gzip, and other products are also addressed. I. Description Apple Security Update 2006-007 addresses a number of vulnerabilities affecting Mac OS X, OS X Server, Safari web browser, and other products. Further details are available in the related vulnerability notes. This security update also addresses previously known vulnerabilities in PHP, Perl, OpenSSL, and gzip, which are shipped with Mac OS X. The OpenSSL vulnerabilities are documented in multiple vulnerability notes. Information is also available through the OpenSSL vulnerabilities page. Information about the vulnerabilities in gzip is available in a series of vulnerability notes. II. Impact The impacts of these vulnerabilities vary. For specific details, see the appropriate vulnerability notes. Potential consequences include remote execution of arbitrary code or commands, bypass of security restrictions, and denial of service. III. Solution Install updates Install Apple Security Update 2006-007. This and other updates are available via Apple Update or via Apple Downloads. IV. References * Vulnerability Notes for Apple Security Update 2006-007 - <http://www.kb.cert.org/vuls/byid?searchview&query=apple-2006-007> * Vulnerability Notes for OpenSSL Security Advisory [28th September 2006] - <http://www.kb.cert.org/vuls/byid?searchview&query=openssl_secadv_20060928> * Vulnerability Note VU#845620 - <http://www.kb.cert.org/vuls/id/845620> * Vulnerability Note VU#933712 - <http://www.kb.cert.org/vuls/id/933712> * Vulnerability Note VU#381508 - <http://www.kb.cert.org/vuls/id/381508> * Vulnerability Note VU#554780 - <http://www.kb.cert.org/vuls/id/554780> * Vulnerability Note VU#596848 - <http://www.kb.cert.org/vuls/id/596848> * Vulnerability Note VU#773548 - <http://www.kb.cert.org/vuls/id/773548> * About the security content of Security Update 2006-007 - <http://docs.info.apple.com/article.html?artnum=304829> * Mac OS X: Updating your software - <http://docs.info.apple.com/article.html?artnum=106704> * Apple Downloads - <http://www.apple.com/support/downloads/> * OpenSSL: OpenSSL vulnerabilities - <http://www.openssl.org/news/vulnerabilities.html> * Securing Your Web Browser - <http://www.us-cert.gov/reading_room/securing_browser/#Safari> _________________________________________________________________ The most recent version of this document can be found at: <http://www.us-cert.gov/cas/techalerts/TA06-333A.html> _________________________________________________________________ Feedback can be directed to US-CERT Technical Staff. Please send email to <cert@cert.org> with "TA06-333A Feedback VU#191336" in the subject. _________________________________________________________________ Produced 2006 by US-CERT, a government organization. Terms of use: <http://www.us-cert.gov/legal.html> _________________________________________________________________ Revision History November 29, 2006: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iQEVAwUBRW33NuxOF3G+ig+rAQJtiggApJKRh7x+z8vp0xb26sE16RUOD3epcrk6 lJZ4rXnqVqoFacAt0Ucb8T43/Uc4N85UMa695YbFspYZum3hcGZo+WnNPolGUeRz iN/4bfKgzekfpbHxf6T3YvQYp+PVMRfHPUcxfaZDYXhu2813N4SSQpM59KRL5BD7 xr+5VvB09biVKlzpEdgtk2EHcqc+sMF5+o3cCgDJCnJNL+NG4J6d/hsyNP15ekTf 8m0W4rJonUe2gR2Bp7F1Y47KgRr3BT1aH2gxUSim9qEJpPdP/CkmGoFp+BfrFP9q A580LOrqFK8HIly1fbPKb26p2theUUESnQqM9Ob8xolkCDLy6h7ssg== =f7N+ -----END PGP SIGNATURE-----

Trust: 5.04

sources: NVD: CVE-2004-0975 // CERT/CC: VU#386964 // CERT/CC: VU#773548 // CERT/CC: VU#845620 // CERT/CC: VU#547300 // JVNDB: JVNDB-2004-000374 // BID: 11293 // VULHUB: VHN-9405 // PACKETSTORM: 50178 // PACKETSTORM: 52708

AFFECTED PRODUCTS

vendor:debian gnu linuxmodel: - scope: - version: -

Trust: 3.2

vendor:freebsdmodel: - scope: - version: -

Trust: 3.2

vendor:red hatmodel: - scope: - version: -

Trust: 3.2

vendor:slackware linuxmodel: - scope: - version: -

Trust: 3.2

vendor:ubuntumodel: - scope: - version: -

Trust: 3.2

vendor:f5model: - scope: - version: -

Trust: 2.4

vendor:openpkgmodel: - scope: - version: -

Trust: 2.4

vendor:opensslmodel: - scope: - version: -

Trust: 2.4

vendor:oraclemodel: - scope: - version: -

Trust: 2.4

vendor:suse linuxmodel: - scope: - version: -

Trust: 2.4

vendor:rpathmodel: - scope: - version: -

Trust: 2.4

vendor:trustix secure linuxmodel: - scope: - version: -

Trust: 1.6

vendor:apple computermodel: - scope: - version: -

Trust: 1.6

vendor:openwall gnu linuxmodel: - scope: - version: -

Trust: 1.6

vendor:mandrakesoftmodel:mandrake linux corporate serverscope:eqversion:2.1

Trust: 1.6

vendor:mandrakesoftmodel:mandrake linuxscope:eqversion:10.1

Trust: 1.6

vendor:opensslmodel:opensslscope:eqversion:0.9.6k

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.6i

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.6h

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.6b

Trust: 1.0

vendor:mandrakesoftmodel:mandrake linuxscope:eqversion:9.2

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.6e

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.6d

Trust: 1.0

vendor:mandrakesoftmodel:mandrake multi network firewallscope:eqversion:8.2

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.7c

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.6l

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.6f

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.6m

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.6j

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.6c

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.6g

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.7d

Trust: 1.0

vendor:gentoomodel:linuxscope:eqversion:*

Trust: 1.0

vendor:mandrakesoftmodel:mandrake linuxscope:eqversion:10.0

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.6

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.6a

Trust: 1.0

vendor:appgate network securitymodel: - scope: - version: -

Trust: 0.8

vendor:attachmatewrqmodel: - scope: - version: -

Trust: 0.8

vendor:avayamodel: - scope: - version: -

Trust: 0.8

vendor:blue coatmodel: - scope: - version: -

Trust: 0.8

vendor:ciscomodel: - scope: - version: -

Trust: 0.8

vendor:gentoo linuxmodel: - scope: - version: -

Trust: 0.8

vendor:gnutlsmodel: - scope: - version: -

Trust: 0.8

vendor:hewlett packardmodel: - scope: - version: -

Trust: 0.8

vendor:iaik java groupmodel: - scope: - version: -

Trust: 0.8

vendor:ibmmodel: - scope: - version: -

Trust: 0.8

vendor:internet consortiummodel: - scope: - version: -

Trust: 0.8

vendor:intotomodel: - scope: - version: -

Trust: 0.8

vendor:junipermodel: - scope: - version: -

Trust: 0.8

vendor:mandrivamodel: - scope: - version: -

Trust: 0.8

vendor:mozillamodel: - scope: - version: -

Trust: 0.8

vendor:operamodel: - scope: - version: -

Trust: 0.8

vendor:rsa securitymodel: - scope: - version: -

Trust: 0.8

vendor:ssh security corpmodel: - scope: - version: -

Trust: 0.8

vendor:sun microsystemsmodel: - scope: - version: -

Trust: 0.8

vendor:sybasemodel: - scope: - version: -

Trust: 0.8

vendor:vmwaremodel: - scope: - version: -

Trust: 0.8

vendor:vandykemodel: - scope: - version: -

Trust: 0.8

vendor:stonesoftmodel: - scope: - version: -

Trust: 0.8

vendor:opensslmodel:opensslscope:lteversion:0.9.6m

Trust: 0.8

vendor:opensslmodel:opensslscope:lteversion:0.9.7e

Trust: 0.8

vendor:cybertrustmodel:asianux serverscope:eqversion:2.1

Trust: 0.8

vendor:cybertrustmodel:asianux serverscope:eqversion:3.0

Trust: 0.8

vendor:turbo linuxmodel:turbolinux serverscope:eqversion:10

Trust: 0.8

vendor:turbo linuxmodel:turbolinux serverscope:eqversion:7

Trust: 0.8

vendor:turbo linuxmodel:turbolinux serverscope:eqversion:8

Trust: 0.8

vendor:red hatmodel:enterprise linuxscope:eqversion:2.1 (as)

Trust: 0.8

vendor:red hatmodel:enterprise linuxscope:eqversion:2.1 (es)

Trust: 0.8

vendor:red hatmodel:enterprise linuxscope:eqversion:2.1 (ws)

Trust: 0.8

vendor:red hatmodel:enterprise linuxscope:eqversion:3 (as)

Trust: 0.8

vendor:red hatmodel:enterprise linuxscope:eqversion:3 (es)

Trust: 0.8

vendor:red hatmodel:enterprise linuxscope:eqversion:3 (ws)

Trust: 0.8

vendor:red hatmodel:enterprise linuxscope:eqversion:4 (as)

Trust: 0.8

vendor:red hatmodel:enterprise linuxscope:eqversion:4 (es)

Trust: 0.8

vendor:red hatmodel:enterprise linuxscope:eqversion:4 (ws)

Trust: 0.8

vendor:turbolinuxmodel:workstationscope:eqversion:8.0

Trust: 0.3

vendor:turbolinuxmodel:workstationscope:eqversion:7.0

Trust: 0.3

vendor:turbolinuxmodel:serverscope:eqversion:10.0

Trust: 0.3

vendor:turbolinuxmodel:serverscope:eqversion:8.0

Trust: 0.3

vendor:turbolinuxmodel:serverscope:eqversion:7.0

Trust: 0.3

vendor:turbolinuxmodel:desktopscope:eqversion:10.0

Trust: 0.3

vendor:turbolinuxmodel:homescope: - version: -

Trust: 0.3

vendor:turbolinuxmodel:appliance server workgroup editionscope:eqversion:1.0

Trust: 0.3

vendor:turbolinuxmodel:appliance server hosting editionscope:eqversion:1.0

Trust: 0.3

vendor:sgimodel:propackscope:eqversion:3.0

Trust: 0.3

vendor:sgimodel:advanced linux environmentscope:eqversion:3.0

Trust: 0.3

vendor:redhatmodel:fedora core3scope: - version: -

Trust: 0.3

vendor:redhatmodel:enterprise linux wsscope:eqversion:4

Trust: 0.3

vendor:redhatmodel:enterprise linux wsscope:eqversion:3

Trust: 0.3

vendor:redhatmodel:enterprise linux ws ia64scope:eqversion:2.1

Trust: 0.3

vendor:redhatmodel:enterprise linux wsscope:eqversion:2.1

Trust: 0.3

vendor:redhatmodel:enterprise linux esscope:eqversion:4

Trust: 0.3

vendor:redhatmodel:enterprise linux esscope:eqversion:3

Trust: 0.3

vendor:redhatmodel:enterprise linux es ia64scope:eqversion:2.1

Trust: 0.3

vendor:redhatmodel:enterprise linux esscope:eqversion:2.1

Trust: 0.3

vendor:redhatmodel:enterprise linux asscope:eqversion:4

Trust: 0.3

vendor:redhatmodel:enterprise linux asscope:eqversion:3

Trust: 0.3

vendor:redhatmodel:enterprise linux as ia64scope:eqversion:2.1

Trust: 0.3

vendor:redhatmodel:enterprise linux asscope:eqversion:2.1

Trust: 0.3

vendor:redhatmodel:desktopscope:eqversion:4.0

Trust: 0.3

vendor:redhatmodel:desktopscope:eqversion:3.0

Trust: 0.3

vendor:opensslmodel:project openssl dscope:eqversion:0.9.7

Trust: 0.3

vendor:opensslmodel:project openssl cscope:eqversion:0.9.7

Trust: 0.3

vendor:opensslmodel:project openssl mscope:eqversion:0.9.6

Trust: 0.3

vendor:opensslmodel:project openssl lscope:eqversion:0.9.6

Trust: 0.3

vendor:opensslmodel:project openssl kscope:eqversion:0.9.6

Trust: 0.3

vendor:opensslmodel:project openssl jscope:eqversion:0.9.6

Trust: 0.3

vendor:opensslmodel:project openssl iscope:eqversion:0.9.6

Trust: 0.3

vendor:opensslmodel:project openssl hscope:eqversion:0.9.6

Trust: 0.3

vendor:opensslmodel:project openssl gscope:eqversion:0.9.6

Trust: 0.3

vendor:opensslmodel:project openssl fscope:eqversion:0.9.6

Trust: 0.3

vendor:opensslmodel:project openssl escope:eqversion:0.9.6

Trust: 0.3

vendor:opensslmodel:project openssl dscope:eqversion:0.9.6

Trust: 0.3

vendor:opensslmodel:project openssl cscope:eqversion:0.9.6

Trust: 0.3

vendor:opensslmodel:project openssl bscope:eqversion:0.9.6

Trust: 0.3

vendor:opensslmodel:project openssl ascope:eqversion:0.9.6

Trust: 0.3

vendor:opensslmodel:project opensslscope:eqversion:0.9.6

Trust: 0.3

vendor:mandrivamodel:linux mandrake x86 64scope:eqversion:10.1

Trust: 0.3

vendor:mandrivamodel:linux mandrakescope:eqversion:10.1

Trust: 0.3

vendor:mandrivamodel:linux mandrake amd64scope:eqversion:10.0

Trust: 0.3

vendor:mandrivamodel:linux mandrakescope:eqversion:10.0

Trust: 0.3

vendor:mandrivamodel:linux mandrake amd64scope:eqversion:9.2

Trust: 0.3

vendor:mandrivamodel:linux mandrakescope:eqversion:9.2

Trust: 0.3

vendor:mandrakesoftmodel:multi network firewallscope:eqversion:2.0

Trust: 0.3

vendor:mandrakesoftmodel:corporate server x86 64scope:eqversion:2.1

Trust: 0.3

vendor:mandrakesoftmodel:corporate serverscope:eqversion:2.1

Trust: 0.3

vendor:gentoomodel:linuxscope: - version: -

Trust: 0.3

vendor:avayamodel:s8710 r2.0.1scope: - version: -

Trust: 0.3

vendor:avayamodel:s8710 r2.0.0scope: - version: -

Trust: 0.3

vendor:avayamodel:s8700 r2.0.1scope: - version: -

Trust: 0.3

vendor:avayamodel:s8700 r2.0.0scope: - version: -

Trust: 0.3

vendor:avayamodel:s8500 r2.0.1scope: - version: -

Trust: 0.3

vendor:avayamodel:s8500 r2.0.0scope: - version: -

Trust: 0.3

vendor:avayamodel:s8300 r2.0.1scope: - version: -

Trust: 0.3

vendor:avayamodel:s8300 r2.0.0scope: - version: -

Trust: 0.3

vendor:avayamodel:modular messagingscope:eqversion:2.0

Trust: 0.3

vendor:avayamodel:modular messagingscope:eqversion:1.1

Trust: 0.3

vendor:avayamodel:mn100scope: - version: -

Trust: 0.3

vendor:avayamodel:intuity lxscope: - version: -

Trust: 0.3

vendor:avayamodel:integrated managementscope:eqversion:2.1

Trust: 0.3

vendor:avayamodel:integrated managementscope: - version: -

Trust: 0.3

vendor:avayamodel:cvlanscope: - version: -

Trust: 0.3

vendor:avayamodel:converged communications serverscope:eqversion:2.0

Trust: 0.3

sources: CERT/CC: VU#386964 // CERT/CC: VU#773548 // CERT/CC: VU#845620 // CERT/CC: VU#547300 // BID: 11293 // JVNDB: JVNDB-2004-000374 // CNNVD: CNNVD-200502-020 // NVD: CVE-2004-0975

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2004-0975
value: LOW

Trust: 1.0

CARNEGIE MELLON: VU#386964
value: 0.32

Trust: 0.8

CARNEGIE MELLON: VU#773548
value: 1.57

Trust: 0.8

CARNEGIE MELLON: VU#845620
value: 7.56

Trust: 0.8

CARNEGIE MELLON: VU#547300
value: 2.53

Trust: 0.8

NVD: CVE-2004-0975
value: LOW

Trust: 0.8

CNNVD: CNNVD-200502-020
value: LOW

Trust: 0.6

VULHUB: VHN-9405
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2004-0975
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-9405
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CERT/CC: VU#386964 // CERT/CC: VU#773548 // CERT/CC: VU#845620 // CERT/CC: VU#547300 // VULHUB: VHN-9405 // JVNDB: JVNDB-2004-000374 // CNNVD: CNNVD-200502-020 // NVD: CVE-2004-0975

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2004-0975

THREAT TYPE

local

Trust: 0.9

sources: BID: 11293 // CNNVD: CNNVD-200502-020

TYPE

Design Error

Trust: 0.9

sources: BID: 11293 // CNNVD: CNNVD-200502-020

CONFIGURATIONS

sources: JVNDB: JVNDB-2004-000374

PATCH

title:opensslurl:http://www.miraclelinux.com/support/update/data/openssl.html

Trust: 0.8

title:Top Pageurl:http://www.openssl.org/

Trust: 0.8

title:RHSA-2005:476url:https://rhn.redhat.com/errata/RHSA-2005-476.html

Trust: 0.8

title:TLSA-2005-14url:http://www.turbolinux.com/security/2005/TLSA-2005-14.txt

Trust: 0.8

title:RHSA-2005:476url:http://www.jp.redhat.com/support/errata/RHSA/RHSA-2005-476J.html

Trust: 0.8

title:TLSA-2005-14url:http://www.turbolinux.co.jp/security/2005/TLSA-2005-14j.txt

Trust: 0.8

sources: JVNDB: JVNDB-2004-000374

EXTERNAL IDS

db:BIDid:11293

Trust: 2.8

db:NVDid:CVE-2004-0975

Trust: 2.8

db:SECUNIAid:12973

Trust: 2.5

db:BIDid:22083

Trust: 2.4

db:SECUNIAid:23280

Trust: 1.6

db:SECUNIAid:23309

Trust: 1.6

db:XFid:17583

Trust: 1.4

db:CERT/CCid:VU#773548

Trust: 1.0

db:CERT/CCid:VU#845620

Trust: 0.9

db:BIDid:20246

Trust: 0.8

db:CERT/CCid:VU#386964

Trust: 0.8

db:AUSCERTid:ESB-2007.0014

Trust: 0.8

db:SECUNIAid:21709

Trust: 0.8

db:SECUNIAid:22207

Trust: 0.8

db:SECUNIAid:22212

Trust: 0.8

db:SECUNIAid:22116

Trust: 0.8

db:SECUNIAid:22216

Trust: 0.8

db:SECUNIAid:22220

Trust: 0.8

db:SECUNIAid:22330

Trust: 0.8

db:SECUNIAid:22130

Trust: 0.8

db:SECUNIAid:22240

Trust: 0.8

db:SECUNIAid:22259

Trust: 0.8

db:SECUNIAid:22260

Trust: 0.8

db:SECUNIAid:22165

Trust: 0.8

db:SECUNIAid:22166

Trust: 0.8

db:SECUNIAid:22172

Trust: 0.8

db:SECUNIAid:22284

Trust: 0.8

db:SECUNIAid:22186

Trust: 0.8

db:SECUNIAid:22193

Trust: 0.8

db:SECUNIAid:22094

Trust: 0.8

db:BIDid:20249

Trust: 0.8

db:SECTRACKid:1016943

Trust: 0.8

db:XFid:29237

Trust: 0.8

db:CERT/CCid:VU#547300

Trust: 0.8

db:JVNDBid:JVNDB-2004-000374

Trust: 0.8

db:GENTOOid:GLSA-200411-15

Trust: 0.6

db:OVALid:OVAL:ORG.MITRE.OVAL:DEF:164

Trust: 0.6

db:DEBIANid:DSA-603

Trust: 0.6

db:REDHATid:RHSA-2005:476

Trust: 0.6

db:TRUSTIXid:2004-0050

Trust: 0.6

db:CNNVDid:CNNVD-200502-020

Trust: 0.6

db:CERT/CCid:VU#554780

Trust: 0.2

db:CERT/CCid:VU#933712

Trust: 0.2

db:CERT/CCid:VU#596848

Trust: 0.2

db:CERT/CCid:VU#381508

Trust: 0.2

db:SECUNIAid:21996

Trust: 0.2

db:VULHUBid:VHN-9405

Trust: 0.1

db:PACKETSTORMid:50178

Trust: 0.1

db:USCERTid:TA06-333A

Trust: 0.1

db:PACKETSTORMid:52708

Trust: 0.1

sources: CERT/CC: VU#386964 // CERT/CC: VU#773548 // CERT/CC: VU#845620 // CERT/CC: VU#547300 // VULHUB: VHN-9405 // BID: 11293 // JVNDB: JVNDB-2004-000374 // PACKETSTORM: 50178 // PACKETSTORM: 52708 // CNNVD: CNNVD-200502-020 // NVD: CVE-2004-0975

REFERENCES

url:http://www.securityfocus.com/bid/11293

Trust: 2.5

url:http://www.securityfocus.com/bid/22083

Trust: 2.4

url:http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=136302

Trust: 1.7

url:http://www.debian.org/security/2004/dsa-603

Trust: 1.7

url:http://www.gentoo.org/security/en/glsa/glsa-200411-15.xml

Trust: 1.7

url:http://www.redhat.com/support/errata/rhsa-2005-476.html

Trust: 1.7

url:http://secunia.com/advisories/12973

Trust: 1.7

url:http://www.trustix.org/errata/2004/0050

Trust: 1.7

url:http://www.openssl.org/news/secadv_20060928.txt

Trust: 1.6

url:http://secunia.com/advisories/23280/

Trust: 1.6

url:http://secunia.com/advisories/23309/

Trust: 1.6

url:http://xforce.iss.net/xforce/xfdb/17583

Trust: 1.4

url:https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a10621

Trust: 1.1

url:https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a164

Trust: 1.1

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/17583

Trust: 1.1

url:http://jvn.jp/cert/jvnvu%23386964/index.html

Trust: 0.8

url:http://www.securityfocus.com/bid/20246

Trust: 0.8

url:http://www.gzip.org/

Trust: 0.8

url:http://www.auscert.org.au/7179

Trust: 0.8

url:http://www.imc.org/ietf-openpgp/mail-archive/msg14307.html

Trust: 0.8

url:http://www.matasano.com/log/469/many-rsa-signatures-may-be-forgeable-in-openssl-and-elsewhere/

Trust: 0.8

url:http://www.openssl.org/news/secadv_20060905.txt

Trust: 0.8

url:http://secunia.com/advisories/21709/

Trust: 0.8

url:http://www.rsasecurity.com/rsalabs/node.asp?id=2125

Trust: 0.8

url:http://www.ietf.org/rfc/rfc3447.txt

Trust: 0.8

url:http://jvn.jp/cert/jvnvu%23547300/index.html

Trust: 0.8

url:http://lists.grok.org.uk/pipermail/full-disclosure/2006-september/049715.html

Trust: 0.8

url:https://issues.rpath.com/browse/rpl-613

Trust: 0.8

url:http://www.openssl.org/news/secadv_20060928.txt

Trust: 0.8

url:http://kolab.org/security/kolab-vendor-notice-11.txt

Trust: 0.8

url:http://openvpn.net/changelog.html

Trust: 0.8

url:http://www.serv-u.com/releasenotes/

Trust: 0.8

url:http://openbsd.org/errata.html#openssl2

Trust: 0.8

url:http://www.securityfocus.com/bid/20249

Trust: 0.8

url:http://securitytracker.com/id?1016943

Trust: 0.8

url:http://secunia.com/advisories/22130

Trust: 0.8

url:http://secunia.com/advisories/22094

Trust: 0.8

url:http://secunia.com/advisories/22165

Trust: 0.8

url:http://secunia.com/advisories/22186

Trust: 0.8

url:http://secunia.com/advisories/22193

Trust: 0.8

url:http://secunia.com/advisories/22207

Trust: 0.8

url:http://secunia.com/advisories/22259

Trust: 0.8

url:http://secunia.com/advisories/22260

Trust: 0.8

url:http://secunia.com/advisories/22166

Trust: 0.8

url:http://secunia.com/advisories/22172

Trust: 0.8

url:http://secunia.com/advisories/22212

Trust: 0.8

url:http://secunia.com/advisories/22240

Trust: 0.8

url:http://secunia.com/advisories/22216

Trust: 0.8

url:http://secunia.com/advisories/22116

Trust: 0.8

url:http://secunia.com/advisories/22220

Trust: 0.8

url:http://secunia.com/advisories/22284

Trust: 0.8

url:http://secunia.com/advisories/22330

Trust: 0.8

url:http://xforce.iss.net/xforce/xfdb/29237

Trust: 0.8

url:http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1

Trust: 0.8

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2004-0975

Trust: 0.8

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2004-0975

Trust: 0.8

url:http://secunia.com/advisories/12973/

Trust: 0.8

url:http://oval.mitre.org/repository/data/getdef?id=oval:org.mitre.oval:def:164

Trust: 0.6

url:http://support.avaya.com/elmodocs2/security/asa-2005-170.pdf

Trust: 0.3

url:http://rhn.redhat.com/errata/rhsa-2005-476.html

Trust: 0.3

url:http://www.kb.cert.org/vuls/id/554780

Trust: 0.1

url:http://secunia.com/secunia_security_advisories/

Trust: 0.1

url:http://www.kb.cert.org/vuls/id/381508

Trust: 0.1

url:http://secunia.com/quality_assurance_analyst/

Trust: 0.1

url:http://secunia.com/product/4220/

Trust: 0.1

url:http://www.kb.cert.org/vuls/id/773548

Trust: 0.1

url:http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=204676

Trust: 0.1

url:http://secunia.com/hardcore_disassembler_and_reverse_engineer/

Trust: 0.1

url:http://www.kb.cert.org/vuls/id/933712

Trust: 0.1

url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Trust: 0.1

url:http://www.kb.cert.org/vuls/id/596848

Trust: 0.1

url:http://secunia.com/advisories/21996/

Trust: 0.1

url:http://secunia.com/web_application_security_specialist/

Trust: 0.1

url:http://secunia.com/about_secunia_advisories/

Trust: 0.1

url:http://www.kb.cert.org/vuls/id/845620>

Trust: 0.1

url:http://www.kb.cert.org/vuls/id/773548>

Trust: 0.1

url:http://www.kb.cert.org/vuls/id/933712>

Trust: 0.1

url:http://www.us-cert.gov/cas/techalerts/ta06-333a.html>

Trust: 0.1

url:http://www.kb.cert.org/vuls/id/596848>

Trust: 0.1

url:http://www.openssl.org/news/vulnerabilities.html>

Trust: 0.1

url:http://docs.info.apple.com/article.html?artnum=304829>

Trust: 0.1

url:http://www.us-cert.gov/reading_room/securing_browser/#safari>

Trust: 0.1

url:http://www.kb.cert.org/vuls/byid?searchview&query=apple-2006-007>

Trust: 0.1

url:http://www.kb.cert.org/vuls/id/381508>

Trust: 0.1

url:http://www.apple.com/support/downloads/>

Trust: 0.1

url:http://www.kb.cert.org/vuls/byid?searchview&query=openssl_secadv_20060928>

Trust: 0.1

url:http://docs.info.apple.com/article.html?artnum=106704>

Trust: 0.1

url:http://www.us-cert.gov/legal.html>

Trust: 0.1

url:http://www.kb.cert.org/vuls/id/554780>

Trust: 0.1

sources: CERT/CC: VU#386964 // CERT/CC: VU#773548 // CERT/CC: VU#845620 // CERT/CC: VU#547300 // VULHUB: VHN-9405 // BID: 11293 // JVNDB: JVNDB-2004-000374 // PACKETSTORM: 50178 // PACKETSTORM: 52708 // CNNVD: CNNVD-200502-020 // NVD: CVE-2004-0975

CREDITS

The individual or individuals responsible for the discovery of this issue is currently unknown; Trustix security engineers are credited with these discoveries.

Trust: 0.9

sources: BID: 11293 // CNNVD: CNNVD-200502-020

SOURCES

db:CERT/CCid:VU#386964
db:CERT/CCid:VU#773548
db:CERT/CCid:VU#845620
db:CERT/CCid:VU#547300
db:VULHUBid:VHN-9405
db:BIDid:11293
db:JVNDBid:JVNDB-2004-000374
db:PACKETSTORMid:50178
db:PACKETSTORMid:52708
db:CNNVDid:CNNVD-200502-020
db:NVDid:CVE-2004-0975

LAST UPDATE DATE

2024-11-20T20:21:03.014000+00:00


SOURCES UPDATE DATE

db:CERT/CCid:VU#386964date:2011-07-22T00:00:00
db:CERT/CCid:VU#773548date:2011-07-22T00:00:00
db:CERT/CCid:VU#845620date:2007-02-08T00:00:00
db:CERT/CCid:VU#547300date:2011-07-22T00:00:00
db:VULHUBid:VHN-9405date:2017-10-11T00:00:00
db:BIDid:11293date:2009-07-12T07:06:00
db:JVNDBid:JVNDB-2004-000374date:2007-04-01T00:00:00
db:CNNVDid:CNNVD-200502-020date:2005-10-20T00:00:00
db:NVDid:CVE-2004-0975date:2017-10-11T01:29:39.230

SOURCES RELEASE DATE

db:CERT/CCid:VU#386964date:2006-09-28T00:00:00
db:CERT/CCid:VU#773548date:2006-09-19T00:00:00
db:CERT/CCid:VU#845620date:2006-09-11T00:00:00
db:CERT/CCid:VU#547300date:2006-09-28T00:00:00
db:VULHUBid:VHN-9405date:2005-02-09T00:00:00
db:BIDid:11293date:2004-09-30T00:00:00
db:JVNDBid:JVNDB-2004-000374date:2007-04-01T00:00:00
db:PACKETSTORMid:50178date:2006-09-21T23:56:25
db:PACKETSTORMid:52708date:2006-12-06T02:47:36
db:CNNVDid:CNNVD-200502-020date:2005-02-09T00:00:00
db:NVDid:CVE-2004-0975date:2005-02-09T05:00:00