TUCoPS :: BSD :: bsdvuln.txt

TUCoPS :: BSD :: bsdvuln.txt
A list of all known NetBSD vulnerabilities

# $NetBSD: pkg-vulnerabilities,v 1.352 2003/10/13 23:40:31 salo Exp $
#
# Note: NEVER remove entries from this file; this should document *all*
# known package vulnerabilities so it is entirely appropriate to have
# multiple entries in this file for a single package.
#
# Run "make upload" after the commit, so that ftp.NetBSD.org
# can have the latest copy of the file.
#
# If you have comments/additions/corrections, contact security-alert@NetBSD.org
# and/or packages@NetBSD.org.
#
# package		type of exploit		URL

cfengine<1.5.3nb3	remote-root-shell	ftp://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2000-013.txt.asc
navigator<4.75		remote-user-access	http://www.cert.org/advisories/CA-2000-15.html
navigator<4.74		remote-user-shell	ftp://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2000-011.txt.asc
communicator<4.75	remote-user-access	http://www.cert.org/advisories/CA-2000-15.html
communicator<4.74	remote-user-shell	ftp://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2000-011.txt.asc
pine<4.30		remote-user-shell	http://www.securityfocus.com/bid/1709
pine<4.21nb1		denial-of-service	http://www.securityfocus.com/advisories/2646
imap-uw<4.7c6		denial-of-service	http://www.securityfocus.com/advisories/2646
screen<3.9.5nb1		local-root-shell	http://www.securityfocus.com/advisories/2634
ntop<1.1		remote-root-shell	http://www.securityfocus.com/advisories/2520
wu-ftpd<2.6.1		remote-root-shell	ftp://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2000-010.txt.asc
wu-ftpd<2.4.2b18.2	remote-root-shell	ftp://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA1999-003.txt.asc
xlockmore<4.17		local-root-file-view	ftp://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2000-003.txt.asc
lsof<4.41		local-root-shell	ftp://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA1999-005.txt.asc
wu-ftpd<2.6.0		remote-root-shell	ftp://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA1999-003.txt.asc
racoon<20001004a	local-root-file-view	http://mail-index.NetBSD.org/tech-net/2000/09/24/0000.html
global<3.56		remote-user-access	http://www.NetBSD.org/cgi-bin/query-pr-single.pl?number=11165
apache<1.3.14		remote-user-access	http://httpd.apache.org/dist/httpd/CHANGES_1.3
apache6<1.3.14		remote-user-access	http://httpd.apache.org/dist/httpd/CHANGES_1.3
thttpd<2.20		remote-user-access	http://www.dopesquad.net/security/advisories/20001002-thttpd-ssi.txt
bind<8.2.2.7		denial-of-service	http://www.isc.org/products/BIND/bind-security.html
gnupg<1.0.4		weak-authentication	http://www.gnupg.org/whatsnew.html#rn20001017
pine<=4.21		remote-root-shell	ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:59.pine.asc
navigator<4.76		remote-root-shell	ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00%3A66.netscape.asc
navigator3<4.76		remote-root-shell	ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00%3A66.netscape.asc
openssh<2.3.0		weak-authentication	http://www.openbsd.org/errata27.html#sshforwarding
ethereal<=0.8.13	remote-root-shell	http://www.securityfocus.com/frames/?content=/templates/archive.pike%3Ffromthread%3D1%26end%3D2000-11-25%26mid%3D145761%26start%3D2000-11-19%26list%3D1%26threads%3D0%26
php<3.0.17		remote-user-shell	http://www.php.net/ChangeLog.php3
php-gd<3.0.17		remote-user-shell	http://www.php.net/ChangeLog.php3
php-ldap<3.0.17		remote-user-shell	http://www.php.net/ChangeLog.php3
php-mysql<3.0.17	remote-user-shell	http://www.php.net/ChangeLog.php3
php-pgsql<3.0.17	remote-user-shell	http://www.php.net/ChangeLog.php3
php-snmp<3.0.17	remote-user-shell	http://www.php.net/ChangeLog.php3
racoon<20001211a	denial-of-service	http://www.kame.net/
LPRng<3.6.25		remote-root-shell	http://www.cert.org/advisories/CA-2000-22.html
jakarta-tomcat<3.1.1	remote-server-admin	http://jakarta.apache.org/site/news.html
jakarta-tomcat<3.2.3  	cross-site-html		http://www.securityfocus.com/bid/2982
fsh<1.1			local-root-file-view	http://lists.debian.org/debian-security-announce-00/msg00091.html
bitchx<1.0.3.17nb1	remote-user-shell	http://www.securityfocus.com/bid/2087
namazu<1.3.0.11		remote-file-creation	http://openlab.ring.gr.jp/namazu/
zope<2.2.5		weak-authentication	http://www.zope.org/Products/Zope/
bind<8.2.3		remote-root-shell	http://www.cert.org/advisories/CA-2001-02.html
suse_base<6.4nb2	local-root-shell	http://www.suse.com/de/support/security/2001_001_glibc_txt.txt
ja-micq<0.4.6.1		remote-user-shell	http://www.freebsd.org/security/#adv
micq<0.4.6.1		remote-user-shell	http://www.freebsd.org/security/#adv
ssh<1.2.27nb1		remote-root-shell	http://razor.bindview.com/publish/advisories/adv_ssh1crc.html
ssh6<=1.2.31		remote-root-shell	http://razor.bindview.com/publish/advisories/adv_ssh1crc.html
openssh<2.3.0		remote-root-shell	http://razor.bindview.com/publish/advisories/adv_ssh1crc.html
camediaplay<20010211	local-user-shell	ftp://ftp.itojun.org/pub/digi-cam/C-400/unix/README
analog<4.16		remote-user-shell	http://www.analog.cx/security2.html
gnupg<1.0.4nb3		weak-authentication	http://www.gnupg.org/whatsnew.html#rn20001130
xemacs<21.1.14		remote-user-shell	http://list-archive.xemacs.org/xemacs-announce/200102/msg00000.html
sudo<1.6.3p6		local-root-shell	http://www.openbsd.org/errata.html#sudo
Mesa-glx<=20000813	local-root-shell	http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-029.php3?dis=7.2
apache<1.3.19		remote-user-access	http://httpd.apache.org/dist/httpd/Announcement.html
apache6<1.3.19		remote-user-access	http://httpd.apache.org/dist/httpd/Announcement.html
exmh<2.3		local-symlink-race	http://www.beedub.com/exmh/symlink.html
samba<2.0.8		local-symlink-race	http://www.securityfocus.com/templates/archive.pike?list=1&mid=177370
hylafax<4.1b3		local-root-shell	http://www.securityfocus.com/archive/1/176716
squirrelmail<1.0.5	remote-user-access	http://www.geocrawler.com/lists/3/SourceForge/599/500/5567091/
kdelibs-2.1		local-root-shell	http://dot.kde.org/988663144/	
icecast<1.3.10		remote-user-access	http://www.securityfocus.com/bid/2264
joe<2.8nb1		local-file-write	http://www.securityfocus.com/bid/1959
joe<2.8nb1		local-user-shell	http://www.securityfocus.com/bid/2437
openssh<2.9.2		remote-file-write	http://www.openbsd.org/errata.html#sshcookie
w3m<0.2.1.0.19nb1	remote-user-shell	http://mi.med.tohoku.ac.jp/~satodai/w3m-dev-en/200106.month/537.html
samba<2.0.10		local-root-shell	http://www.samba.org/samba/whatsnew/macroexploit.html
samba=2.2.0		local-root-shell	http://www.samba.org/samba/whatsnew/macroexploit.html
samba=2.2.0nb1		local-root-shell	http://www.samba.org/samba/whatsnew/macroexploit.html
fetchmail<5.8.8		remote-user-access	http://www.securityfocus.com/vdb/?id=2877
openldap<1.2.12		denial-of-service	http://www.cert.org/advisories/CA-2001-18.html
horde<1.2.6		remote-user-shell	http://www.securityfocus.com/frames/?content=/templates/archive.pike%3Flist%3D1%26mid%3D198495
imp<1.2.6		remote-user-shell	http://www.securityfocus.com/frames/?content=/templates/archive.pike%3Flist%3D1%26mid%3D198495
fetchmail<5.8.17	remote-user-shell	http://www.securityfocus.com/frames/?content=/templates/archive.pike%3Flist%3D1%26mid%3D203165
windowmaker<0.65.1	remote-user-shell	http://www.debian.org/security/2001/dsa-074
sendmail<8.11.6		local-root-shell	ftp://ftp.sendmail.org/pub/sendmail/RELEASE_NOTES
gnut<0.4.27		remote-script-inject	http://www.gnutelliums.com/linux_unix/gnut/
screen<3.9.10		local-root-shell	http://freshports.org/files.php3?id=31131
openssh<2.9.9.2		remote-user-access	http://www.securityfocus.com/cgi-bin/archive.pl?id=1&mid=216702&start=2001-09-23&end=2001-09-29
w3m<0.2.1.0.19nb2	weak-authentication	http://mi.med.tohoku.ac.jp/~satodai/w3m-dev/200109.month/2226.html
procmail<3.20		local-root-shell	http://www.somelist.com/mail.php/282/view/1200950
slrn<0.9.7.2nb1		remote-script-inject	http://slrn.sourceforge.net/patches/index.html#subsect_decode
nvi-m17n<1.79.19991117	local-user-shell	http://www.securityfocus.com/archive/1/221880
mgetty<1.1.22		denial-of-service	ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00%3A71.mgetty.asc
kdeutils=2.2.1		local-root-shell	http://lists.kde.org/?l=kde-announce&m=100535642201983&w=2
imp<2.2.7		remote-file-view	http://www.securityfocus.com/archive/1/225686
libgtop<1.0.12nb1	remote-user-shell	http://www.intexxia.com/
wu-ftpd<=2.6.1		remote-root-shell	http://msgs.securepoint.com/cgi-bin/get/bugtraq0111/199.html
radius-3.6B		remote-user-shell	http://xforce.iss.net/alerts/advise87.php
exim<3.34		remote-user-shell	http://www.exim.org/pipermail/exim-announce/2001q4/000048.html
stunnel<3.22		remote-user-shell	http://www.stunnel.org/patches/desc/formatbug_ml.html
mutt<1.2.5.1		remote-user-shell	http://www.mutt.org/announce/mutt-1.2.5.1-1.3.25.html
mutt-1.3.1*		remote-user-shell	http://www.mutt.org/announce/mutt-1.2.5.1-1.3.25.html
mutt-1.3.2[0-4]*	remote-user-shell	http://www.mutt.org/announce/mutt-1.2.5.1-1.3.25.html
cyrus-sasl<1.5.27	remote-code-execution	http://www.securityfocus.com/bid/3498
openldap<2.0.20		denial-of-service	http://www.openldap.org/lists/openldap-announce/200201/msg00002.html
xchat<1.8.7		remote-command-inject	http://xchat.org/
enscript<1.6.1nb1	local-file-write	http://www.securityfocus.com/bid/3920
rsync<2.5.2		remote-code-execution	http://lists.samba.org/pipermail/rsync-announce/2002-January/000005.html
squirrelmail-1.2.[0-3]	remote-code-execution	http://www.securityfocus.com/bid/3952
gnuchess<5.03		remote-user-shell	http://linux.oreillynet.com/pub/a/linux/2002/01/28/insecurities.html
ucd-snmp<4.2.3		weak-authentication	http://www.cert.org/advisories/CA-2002-03.html
ucd-snmp<4.2.3		denial-of-service	http://www.cert.org/advisories/CA-2002-03.html
ucd-snmp<4.2.3nb1	remote-user-shell	http://www.securityfocus.com/archive/1/248141
squid<2.4.4		remote-user-shell	http://www.squid-cache.org/Advisories/SQUID-2002_1.txt
ap-php<3.0.18nb1	remote-code-execution	http://security.e-matters.de/advisories/012002.html
php<3.0.18nb1		remote-code-execution	http://security.e-matters.de/advisories/012002.html
ap-php-4.0.1pl2		remote-code-execution	http://security.e-matters.de/advisories/012002.html
ap-php-4.0.3pl1		remote-code-execution	http://security.e-matters.de/advisories/012002.html
ap-php-4.0.3pl1nb1	remote-code-execution	http://security.e-matters.de/advisories/012002.html
ap-php-4.0.4		remote-code-execution	http://security.e-matters.de/advisories/012002.html
ap-php-4.0.4.1		remote-code-execution	http://security.e-matters.de/advisories/012002.html
ap-php-4.0.4.1nb1	remote-code-execution	http://security.e-matters.de/advisories/012002.html
ap-php-4.0.5		remote-code-execution	http://security.e-matters.de/advisories/012002.html
ap-php-4.0.6		remote-code-execution	http://security.e-matters.de/advisories/012002.html
ap-php-4.1.0		remote-code-execution	http://security.e-matters.de/advisories/012002.html
ap-php-4.1.1		remote-code-execution	http://security.e-matters.de/advisories/012002.html
php-4.0.3pl1		remote-code-execution	http://security.e-matters.de/advisories/012002.html
php-4.0.4		remote-code-execution	http://security.e-matters.de/advisories/012002.html
php-4.0.4.1		remote-code-execution	http://security.e-matters.de/advisories/012002.html
php-4.0.4.1nb1		remote-code-execution	http://security.e-matters.de/advisories/012002.html
php-4.0.5		remote-code-execution	http://security.e-matters.de/advisories/012002.html
php-4.0.6		remote-code-execution	http://security.e-matters.de/advisories/012002.html
php-4.1.0		remote-code-execution	http://security.e-matters.de/advisories/012002.html
php-4.1.1		remote-code-execution	http://security.e-matters.de/advisories/012002.html
php-4.3.0		remote-code-execution	http://www.php.net/release_4_3_1.php
radiusd-cistron<1.6.6	denial-of-service	http://www.kb.cert.org/vuls/id/936683
radiusd-cistron<1.6.6	remote-code-execution	http://www.kb.cert.org/vuls/id/589523
openssh<3.0.2.1nb2	local-root-shell	http://www.pine.nl/advisories/pine-cert-20020301.txt
htdig<3.1.6		denial-of-service	http://online.securityfocus.com/bid/3410
htdig<3.1.6		local-user-file-view	http://online.securityfocus.com/bid/3410
fileutils<4.1.7		local-file-removal	http://mail.gnu.org/pipermail/bug-fileutils/2002-March/002433.html
zlib<1.1.4		denial-of-service	http://www.zlib.org/advisory-2002-03-11.txt
rsync<2.5.3		remote-user-file-view	http://lists.samba.org/pipermail/rsync-announce/2002-March/000006.html
suse_base<6.4nb5	denial-of-service	http://www.zlib.org/advisory-2002-03-11.txt
icecast<1.3.11		remote-root-shell	http://www.debian.org/security/2001/dsa-089
sun-jre<1.3.1.0.2	remote-code-execution	http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/218&type=0&nav=sec.sba
sun-jdk<1.3.1.0.2	remote-code-execution	http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/218&type=0&nav=sec.sba
analog<5.22		remote-script-inject	http://www.analog.cx/docs/whatsnew.html
jakarta-tomcat<3.2.3nb1	cross-site-scripting	http://httpd.apache.org/info/css-security/
sudo<1.6.6		local-root-shell	http://www.globalintersec.com/adv/sudo-2002041701.txt
squirrelmail<1.2.6	remote-code-execution	http://cert.uni-stuttgart.de/archive/bugtraq/2002/03/msg00414.html
analog<5.23		denial-of-service	http://www.analog.cx/security5.html
icecast<1.3.12		denial-of-service	http://online.securityfocus.com/bid/4415
qpopper<4.0.4		denial-of-service	http://online.securityfocus.com/bid/4295
qpopper<4.0.4nb1	local-root-shell	http://online.securityfocus.com/bid/4614
imap-uw<2001.1		local-root-shell	http://online.securityfocus.com/bid/4713
fetchmail<5.9.10	remote-user-access	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0146
gaim<0.58		local-user-file-view	http://online.securityfocus.com/archive/1/272180
mozilla<1.0rc3  	remote-user-file-view   http://groups.google.com/groups?as_umsgid=3CD095D4.9050003%40mozilla.org&hl=en
ethereal<0.9.4		remote-user-access	http://www.ethereal.com/appnotes/enpa-sa-00004.html
bind-9.[01].*		denial-of-service	http://www.cert.org/advisories/CA-2002-15.html
bind-9.2.0*		denial-of-service	http://www.cert.org/advisories/CA-2002-15.html
bind-9.2.1rc*		denial-of-service	http://www.cert.org/advisories/CA-2002-15.html
bind-8.3.0		denial-of-service	http://www.isc.org/products/BIND/bind8.html
xchat<1.8.9		remote-user-shell	http://www.linuxsecurity.com/advisories/redhat_advisory-2107.html
apache<1.3.26		remote-root-shell	http://httpd.apache.org/info/security_bulletin_20020617.txt
apache6<1.3.26		remote-root-shell	http://httpd.apache.org/info/security_bulletin_20020617.txt
apache-2.0.1?		remote-root-shell	http://httpd.apache.org/info/security_bulletin_20020617.txt
apache-2.0.2?		remote-root-shell	http://httpd.apache.org/info/security_bulletin_20020617.txt
apache-2.0.3[0-8]*	remote-root-shell	http://httpd.apache.org/info/security_bulletin_20020617.txt
irssi<0.8.5		denial-of-service	http://online.securityfocus.com/archive/1
#ap-ssl<2.8.10		remote-root-shell	http://www.apache-ssl.org/advisory-20020620.txt
ap-ssl<2.8.10		remote-root-shell	http://www.modssl.org/news/changelog.html
apache<1.3.26nb1	remote-root-shell	http://www.apache-ssl.org/advisory-20020620.txt
bind<4.9.7nb1		remote-root-shell	http://www.pine.nl/advisories/pine-cert-20020601.html
#compat12<=1.2.1	remote-root-shell	http://www.pine.nl/advisories/pine-cert-20020601.html
#compat13<=1.3.3nb1	remote-root-shell	http://www.pine.nl/advisories/pine-cert-20020601.html
compat14<=1.4.3		remote-root-shell	http://www.pine.nl/advisories/pine-cert-20020601.html
openssh<3.4		remote-root-shell	http://online.securityfocus.com/bid/5093
#bind<=9.2.1		remote-root-shell	http://www.pine.nl/advisories/pine-cert-20020601.html
bind<8.3.3		remote-root-shell	http://www.pine.nl/advisories/pine-cert-20020601.html
socks5<1.0.2nb2	remote-root-shell	http://online.securityfocus.com/archive/1/9842
socks5-1.0.[3-9]*	remote-root-shell	http://online.securityfocus.com/archive/2/9842
socks5-1.0.1[0-1]*	remote-root-shell	http://online.securityfocus.com/archive/2/9842
ipa<1.2.7		local-access		http://www.NetBSD.org/cgi-bin/query-pr-single.pl?number=17434
ethereal<0.9.5		remote-root-shell	http://www.ethereal.com/appnotes/enpa-sa-00005.html
squid<2.4.7		remote-user-shell	http://www.squid-cache.org/Advisories/SQUID-2002_3.txt
nn<6.6.4		remote-user-shell	http://online.securityfocus.com/bid/5160
inn<2.3.0		remote-user-shell	http://online.securityfocus.com/bid/2620
cvsup-gui<=16.1.d	remote-root-shell	http://www.pine.nl/advisories/pine-cert-20020601.html
cvsup<=16.1.d		remote-root-shell	http://www.pine.nl/advisories/pine-cert-20020601.html
xpilot<4.5.1		remote-user-shell	http://online.securityfocus.com/bid/4534
gnut<0.4.28		remote-user-shell	http://online.securityfocus.com/bid/3267/
wwwoffle<2.7c		denial-of-service	http://bespin.org/~qitest1/adv/wwwoffle-2.7b.asc
png<1.2.4		remote-user-shell	ftp://swrinde.nde.swri.edu/pub/png-group/archives/png-list.200207
php-4.2.[01]		remote-user-shell	http://security.e-matters.de/advisories/022002.html
ap-php-4.2.[01]		remote-user-shell	http://security.e-matters.de/advisories/022002.html
srp_client<1.7.5	unknown			http://www-cs-students.stanford.edu/~tjw/srp/download.html
hylafax<4.1.3		remote-root-shell	http://www.securityfocus.com/bid/3357
openssl<0.9.6e		remote-root-shell	http://www.openssl.org/news/secadv_20020730.txt
libmm<1.2.1		local-root-shell	http://online.securityfocus.com/bid/5352
openssl<0.9.6f		denial-of-service	http://www.openssl.org/news/secadv_20020730.txt
png<=1.0.12		remote-user-shell	http://online.securityfocus.com/bid/5409
kdelibs-2.1.*		weak-ssl-authentication	http://online.securityfocus.com/archive/1/286290/2002-08-08/2002-08-14/2
kdelibs-2.2.1*		weak-ssl-authentication	http://online.securityfocus.com/archive/1/286290/2002-08-08/2002-08-14/2
kdelibs-2.2.2{,nb1}	weak-ssl-authentication	http://online.securityfocus.com/archive/1/286290/2002-08-08/2002-08-14/2
kdelibs-3.0.[12]	weak-ssl-authentication	http://online.securityfocus.com/archive/1/286290/2002-08-08/2002-08-14/2
arla<=0.35.8		denial-of-service	http://www.stacken.kth.se/lists/arla-drinkers/2002-08/msg00019.html
arla<=0.35.8		remote-root-shell	http://www.stacken.kth.se/lists/arla-drinkers/2002-08/msg00019.html
ethereal<0.9.6		remote-root-shell	http://www.ethereal.com/appnotes/enpa-sa-00006.html
bind<4.9.10		remote-root-shell	http://www.kb.cert.org/vuls/id/738331
compat14<1.4.3.2	remote-root-shell	http://www.kb.cert.org/vuls/id/738331
compat14-crypto<1.4.3.2	remote-root-shell	http://www.kb.cert.org/vuls/id/738331
netbsd32_compat14<1.4.3.2	remote-root-shell	http://www.kb.cert.org/vuls/id/738331
compat15<1.5.3.1	remote-root-shell	http://www.kb.cert.org/vuls/id/738331
netbsd32_compat15<1.5.3.1	remote-root-shell	http://www.kb.cert.org/vuls/id/738331
postgresql-server<7.2.2	remote-code-execution	http://online.securityfocus.com/archive/1/288998
gaim<0.59.1		remote-code-execution	http://sourceforge.net/tracker/index.php?func=detail&aid=584252&group_id=235&atid=100235
gaim-gnome<0.59.1	remote-code-execution	http://sourceforge.net/tracker/index.php?func=detail&aid=584252&group_id=235&atid=100235
mozilla<1.1		remote-file-read	http://archives.neohapsis.com/archives/bugtraq/2002-07/0259.html
mozilla<1.1		remote-file-read	http://www.geocities.co.jp/SiliconValley/1667/advisory03e.html
freebsd_lib<=2.2.7	remote-root-shell	http://www.pine.nl/advisories/pine-cert-20020601.html
opera<6.03		remote-user-shell	http://www.opera.com/linux/changelog/log603.html
wmnet<1.06nb3		local-root-shell	http://www.securiteam.com/unixfocus/5HP0F1P8AM.html
apache-2.0.3[0-9]*	denial-of-service	http://www.apacheweek.com/issues/02-09-27#apache2042
apache-2.0.4[0-1]*	denial-of-service	http://www.apacheweek.com/issues/02-09-27#apache2042
fetchmail<=6.0.0	remote-code-execution	http://security.e-matters.de/advisories/032002.html
unzip<=5.42		local-file-write	http://online.securityfocus.com/archive/1/196445
apache-2.0.3[0-9]*	remote-root-shell	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0840
apache-2.0.4[0-2]*	remote-file-read	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0840
net-snmp<5.0.5		denial-of-service	http://sourceforge.net/forum/forum.php?forum_id=215540
sendmail<8.12.6nb1	local-user-shell	http://www.sendmail.org/smrsh.adv.txt
apache<1.3.27		local-user-shell	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0843
apache<1.3.27		denial-of-service	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0839
apache<1.3.27		local-file-read		http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0840
apache6<1.3.27		local-user-shell	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0843
apache6<1.3.27		denial-of-service	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0839
apache6<1.3.27		local-file-read		http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0840
gv<3.5.8nb2		local-user-shell	http://www.epita.fr/~bevand_m/asa/asa-0000
logsurfer<1.5.2		local-user-shell	http://www.cert.dfn.de/eng/team/wl/logsurf/
suse_base<7.3nb1	remote-code-execution	http://www.suse.com/de/security/2002_031_glibc.html
suse_devel<7.3nb1	remote-code-execution	http://www.suse.com/de/security/2002_031_glibc.html
kdegraphics<2.2.2nb2	remote-code-execution	http://www.kde.org/info/security/advisory-20021008-1.txt
kdegraphics-3.0.[123]*	remote-code-execution	http://www.kde.org/info/security/advisory-20021008-1.txt
kdenetwork-3.0.[123]*	remote-file-read	http://www.kde.org/info/security/advisory-20021008-2.txt
gtar-base<1.13.25	local-file-write	http://online.securityfocus.com/archive/1/196445
kth-krb4<1.2.1		remote-code-execution	http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2002-002-kadm4.txt
inn<2.3.3		local-user-shell	http://online.securityfocus.com/bid/6049
inn<2.3.3		local-user-shell	http://online.securityfocus.com/bid/4501
fetchmail<6.1.0		remote-user-shell	http://online.securityfocus.com/bid/5825
fetchmail<6.1.0		denial-of-service	http://online.securityfocus.com/bid/5826
fetchmail<6.1.0		remote-user-shell	http://online.securityfocus.com/bid/5827
squirrelmail<1.2.8	remote-script-inject	http://online.securityfocus.com/bid/5763
bind<4.9.10nb1		remote-root-shell	http://www.isc.org/products/BIND/bind-security.html
bind<8.3.3nb1		remote-root-shell	http://www.isc.org/products/BIND/bind-security.html
samba-2.2.[2-6]*	remote-root-shell	http://www.samba.org/samba/whatsnew/samba-2.2.7.html
windowmaker<0.80.2	remote-user-shell	http://www.windowmaker.org/
ssh<3.2.2		local-root-shell	http://www.kb.cert.org/vuls/id/740619
w3m<0.3.2.1		remote-file-write	http://mi.med.tohoku.ac.jp/%7Esatodai/w3m-dev/200211.month/3492.html
w3m-img<0.3.2.1		remote-file-write	http://mi.med.tohoku.ac.jp/%7Esatodai/w3m-dev/200211.month/3492.html
Canna-server-bin<3.5.2nb3	remote-root-shell	http://canna.sourceforge.jp/sec/Canna-2002-01.txt
windowmaker<0.80.2	local-user-shell	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1277
kdelibs-2.1.*		remote-user-shell	http://www.kde.org/info/security/advisory-20021111-1.txt
kdelibs-2.2.1*		remote-user-shell	http://www.kde.org/info/security/advisory-20021111-1.txt
kdelibs-2.2.2{,nb[123]}	remote-user-shell	http://www.kde.org/info/security/advisory-20021111-1.txt
kdelibs-3.0.[123]*	remote-user-shell	http://www.kde.org/info/security/advisory-20021111-1.txt
kdelibs-3.0.4		remote-user-shell	http://www.kde.org/info/security/advisory-20021111-1.txt
kdenetwork-2.[12]*	remote-root-shell	http://www.kde.org/info/security/advisory-20021111-2.txt
kdenetwork-3.0.[123]*	remote-root-shell	http://www.kde.org/info/security/advisory-20021111-2.txt
kdenetwork-3.0.4{,nb1}	remote-root-shell	http://www.kde.org/info/security/advisory-20021111-2.txt
cyrus-imapd<2.0.17	remote-code-execution	http://www.securityfocus.com/bid/6298
cyrus-imapd-2.1.9{,nb1}	remote-code-execution	http://www.securityfocus.com/bid/6298
imap-uw<2002.1rc1	remote-code-execution	http://www.kb.cert.org/vuls/id/961489
cyrus-sasl-2.1.9{,nb[12]}	remote-code-execution	http://online.securityfocus.com/archive/1/302603
fetchmail<6.2.0		remote-code-execution	http://security.e-matters.de/advisories/052002.html
mysql-client<3.23.49nb2	remote-code-execution	http://security.e-matters.de/advisories/042002.html
mysql-server<3.23.49nb1	remote-code-execution	http://security.e-matters.de/advisories/042002.html
pine<4.50		remote-code-execution	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1320
w3m{,-img}<0.3.2.2	remote-file-read	http://sourceforge.net/project/shownotes.php?group_id=39518&release_id=126233
ethereal<0.9.8		remote-code-execution	http://www.ethereal.com/appnotes/enpa-sa-00007.html
wget<1.8.2		local-file-write	http://online.securityfocus.com/archive/1/302956
ssh<=3.2.2		denial-of-service	http://www.rapid7.com/advisories/R7-0009.txt
cups<1.1.18		remote-root-shell	http://www.idefense.com/advisory/12.19.02.txt
png<1.2.5nb2		unknown			ftp://swrinde.nde.swri.edu/pub/png-group/archives/png-implement.200212
leafnode<1.9.30		denial-of-service	http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0123.html
cups<=1.1.17		local-code-execution	http://online.securityfocus.com/bid/6475
xpdf<=2.01		local-code-execution	http://online.securityfocus.com/bid/6475
mhonarc<2.5.14		cross-site-scripting	http://www.mhonarc.org/archive/cgi-bin/mesg.cgi?a=mhonarc-users&i=200212220120.gBM1K8502180@mcguire.earlhood.com
libmcrypt<2.5.5		remote-user-shell	http://online.securityfocus.com/archive/1/305162/2003-01-01/2003-01-07/0
kdebase<3.0.5.1		remote-code-execution	http://www.kde.org/info/security/advisory-20021220-1.txt
kdegames<3.0.5.1	remote-code-execution	http://www.kde.org/info/security/advisory-20021220-1.txt
kdegraphics<3.0.5.1	remote-code-execution	http://www.kde.org/info/security/advisory-20021220-1.txt
kdelibs<3.0.5.1		remote-code-execution	http://www.kde.org/info/security/advisory-20021220-1.txt
kdemultimedia<3.0.5.1	remote-code-execution	http://www.kde.org/info/security/advisory-20021220-1.txt
kdenetwork<3.0.5.1	remote-code-execution	http://www.kde.org/info/security/advisory-20021220-1.txt
kdepim<3.0.5.1		remote-code-execution	http://www.kde.org/info/security/advisory-20021220-1.txt
kdesdk<3.0.5.1		remote-code-execution	http://www.kde.org/info/security/advisory-20021220-1.txt
kdeutils<3.0.5.1	remote-code-execution	http://www.kde.org/info/security/advisory-20021220-1.txt
cvs<1.11.4nb1		remote-file-write	http://ccvs.cvshome.org/servlets/NewsItemView?newsID=51&JServSessionIdservlets=zhfxqmwq71
gabber<0.8.7nb4		privacy-leak		http://online.securityfocus.com/archive/1/307430
spamassassin<=2.43nb1	remote-code-execution	http://cert.uni-stuttgart.de/archive/bugtraq/2003/01/msg00254.html
p5-Mail-SpamAssassin<=2.43nb1	remote-code-execution	http://cert.uni-stuttgart.de/archive/bugtraq/2003/01/msg00254.html
squirrelmail<1.2.11	cross-site-scripting	http://www.squirrelmail.org/
openssl<0.9.6gnb1	weak-encryption		http://www.openssl.org/news/secadv_20030219.txt
php-4.1.[3-9]*		remote-code-execution	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1396
php-4.2.[0-2]*		remote-code-execution	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1396
php-4.2.3{,nb1}		remote-code-execution	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1396
sendmail<8.11.6nb3	remote-code-execution	http://www.cert.org/advisories/CA-2003-07.html
sendmail-8.12.[0-7]	remote-code-execution	http://www.cert.org/advisories/CA-2003-07.html
sendmail-8.12.[0-7]nb*	remote-code-execution	http://www.cert.org/advisories/CA-2003-07.html
snort<1.9.1		remote-code-execution	http://www.kb.cert.org/vuls/id/916785
snort-pgsql<1.9.1	remote-code-execution	http://www.kb.cert.org/vuls/id/916785
snort-mysql<1.9.1	remote-code-execution	http://www.kb.cert.org/vuls/id/916785
hypermail<2.1.7		remote-code-execution	http://www.hypermail.org/mail-archive/2003/Feb/0025.html
zlib<1.1.4nb1		remote-code-execution	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0107
ethereal-0.8.[7-9]	remote-code-execution	http://www.ethereal.com/appnotes/enpa-sa-00008.html
ethereal-0.9.[0-9]	remote-code-execution	http://www.ethereal.com/appnotes/enpa-sa-00008.html
qpopper<4.0.5		remote-user-shell	http://archives.neohapsis.com/archives/bugtraq/2003-03/0152.html
ircII<20030313		remote-code-execution	http://eterna.com.au/ircii/
samba<2.2.8		remote-code-execution	http://us1.samba.org/samba/whatsnew/samba-2.2.8.html
openssl<0.9.6gnb2	remote-key-theft	http://www.openssl.org/news/secadv_20030317.txt
openssl<0.9.6gnb2	remote-use-of-secret	http://www.openssl.org/news/secadv_20030319.txt
mutt<1.4.1		remote-code-execution	http://www.securityfocus.com/archive/1/315771/2003-03-19/2003-03-25/0
rxvt<2.7.10		remote-code-execution	http://marc.theaimsgroup.com/?l=bugtraq&m=104612710031920&w=2
eterm<0.9.2		remote-code-execution	http://marc.theaimsgroup.com/?l=bugtraq&m=104612710031920&w=2
apcupsd<3.8.6		remote-user-shell	http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0098
apcupsd-3.10.[0-4]	remote-user-shell	http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0098
ap-php-4.1.[3-9]*	remote-code-execution	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1396
ap-php-4.2.[0-2]*	remote-code-execution	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1396
ap-php-4.2.3		remote-code-execution	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1396
ja-samba<2.2.7.1.1.1	remote-code-execution	http://www.samba.gr.jp/news-release/2003/20030317-2.html
bitchx<1.0.3.19nb1	remote-code-execution	http://www.securityfocus.com/archive/1/315057
apache-2.0.[0-3][0-9]	denial-of-service	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0132
apache-2.0.4[0-4]	denial-of-service	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0132
apcupsd<3.10.6		denial-of-service	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0099
apcupsd-3.10.[0-4]	denial-of-service	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0099
setiathome<3.08		remote-code-execution	http://spoor12.edup.tudelft.nl/SkyLined%20v4.2/?Advisories/Seti@home
samba<=2.2.8		remote-root-access	http://lists.samba.org/pipermail/samba-announce/2003-April/000065.html
mgetty+sendfax<1.1.29	file-permissions	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1392
mgetty+sendfax<1.1.29	denial-of-service	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1391
ja-samba<2.2.7.2.1.0	remote-code-execution	http://www.samba.gr.jp/news-release/2003/20030409-2.html
kde<3.1.1nb1		remote-code-execution	http://www.kde.org/info/security/advisory-20030409-1.txt
kdelibs<3.1.1nb1	remote-code-execution	http://www.kde.org/info/security/advisory-20030409-1.txt
kdebase<3.1.1nb1	remote-code-execution	http://www.kde.org/info/security/advisory-20030409-1.txt
kdegraphics<3.1.1nb2	remote-code-execution	http://www.kde.org/info/security/advisory-20030409-1.txt
snort<2.0.0		remote-code-execution	http://www.securityfocus.com/archive/1/318669
snort-pgsql<2.0.0	remote-code-execution	http://www.securityfocus.com/archive/1/318669
snort-mysql<2.0.0	remote-code-execution	http://www.securityfocus.com/archive/1/318669
poppassd<4.0.5nb1	local-root-shell	http://www.securityfocus.com/archive/1/319811/2003-04-26/2003-05-02/0
ethereal<0.9.12		remote-code-execution	http://www.ethereal.com/appnotes/enpa-sa-00009.html
gnupg<1.2.2		weak-authentication	http://www.securityfocus.com/archive/1/320444
lv<4.49.5		local-code-execution	http://bugs.debian.org/cgi-bin/bugreport.cgi?archive=no&bug=190941
bitchx<1.0.3.19nb2	denial-of-service	http://www.securityfocus.com/archive/1/321093
suse_libpng<7.3nb1	remote-user-shell	http://www.suse.com/de/security/2003_004_libpng.html
apache-2.0.3[7-9]	denial-of-service	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0245
apache-2.0.4[0-5]	denial-of-service	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0245
suse_base<7.3nb4	remote-code-execution	http://www.suse.com/de/security/2003_027_glibc.html
suse_devel<7.3nb2	remote-code-execution	http://www.suse.com/de/security/2003_027_glibc.html
cups<1.1.19		denial-of-service	http://www.cups.org/str.php?L75
speakfreely<=7.5	remote-code-execution	http://www.securityfocus.com/archive/1/324257/2003-06-06/2003-06-12/0
ethereal<0.9.13		remote-code-execution	http://www.ethereal.com/appnotes/enpa-sa-00010.html
xpdf<2.02pl1		remote-code-execution	http://lists.netsys.com/pipermail/full-disclosure/2003-June/010397.html
acroread5<5.07		remote-code-execution	http://lists.netsys.com/pipermail/full-disclosure/2003-June/010397.html
acroread5<5.08		remote-user-shell	http://lists.netsys.com/pipermail/full-disclosure/2003-July/006342.html
ImageMagick<5.5.7.1	local-symlink-race	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0455
apache-2.0.3[7-9]	denial-of-service	http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0253
apache-2.0.4[0-6]	denial-of-service	http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0253
falcons-eye<1.9.3nb3	local-user-shell	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0358
xconq<7.4.1nb1		local-code-execution	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0607
mhonarc<2.6.4		cross-site-scripting	http://savannah.nongnu.org/bugs/?func=detailbug&bug_id=3128&group_id=1968
wu-ftpd<=2.6.2		remote-root-shell	http://isec.pl/vulnerabilities/isec-0011-wu-ftpd.txt
lftp<2.5.3		remote-user-shell	http://freshmeat.net/releases/87364/
postfix<=1.1.11		denial-of-service	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0468
postfix<=1.1.12		denial-of-service	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0540
xfstt<1.5		denial-of-service	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0581
xfstt<1.5.1		privacy-leak		http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0625
stunnel<4.04		denial-of-service	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1563
ssh2<3.2.5		weak-authentication	http://www.ssh.com/company/newsroom/article/454/
horde<2.2.4rc1		privacy-leak		http://www.securityfocus.com/archive/1/333114/2003-08-13/2003-08-19/0
imp<3.2.2rc1		privacy-leak		http://www.securityfocus.com/archive/1/333114/2003-08-13/2003-08-19/0
gopher<3.0.6		remote-root-shell	http://www.securityfocus.com/archive/1/328843/2003-08-18/2003-08-24/2
unzip<5.50nb2		weak-path-validation	http://www.securityfocus.com/archive/1/334070/2003-08-18/2003-08-24/2
xmule<=1.4.3		remote-user-shell	http://lists.netsys.com/pipermail/full-disclosure/2003-August/008449.html
sendmail-8.12.[0-8]nb*	denial-of-service	http://www.sendmail.org/dnsmap1.html
exim<4.21		remote-code-execution	http://www.exim.org/pipermail/exim-announce/2003q3/000094.html
leafnode<1.9.42		denial-of-service	http://www.securityfocus.com/archive/1/336186
p5-Apache-Gallery<0.7	local-user-shell	http://www.securityfocus.com/archive/1/336583/2003-09-06/2003-09-12/0
pine<4.58		remote-code-execution	http://www.idefense.com/advisory/09.10.03.txt
net-snmp<5.0.9		privacy-leak		http://sourceforge.net/forum/forum.php?forum_id=308015
gtkhtml<1.1.10		denial-of-service	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0541
sane-backends<1.0.11	weak-authentication	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0773
sane-backends<1.0.11	denial-of-service	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0774
sane-backends<1.0.11	denial-of-service	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0775
sane-backends<1.0.11	unknown			http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0776
sane-backends<1.0.11	denial-of-service	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0777
sane-backends<1.0.11	denial-of-service	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0778
apache<1.3.28		denial-of-service	http://www.kb.cert.org/vuls/id/379828
apache6<1.3.28		denial-of-service	http://www.kb.cert.org/vuls/id/379828
mysql-server<3.23.49nb5	remote-code-execution	http://lists.netsys.com/pipermail/full-disclosure/2003-September/009819.html
openssh<3.7.1		denial-of-service	http://www.openssh.org/txt/buffer.adv
openssh+gssapi<3.6.1.2.20030430nb2	denial-of-service	http://www.openssh.org/txt/buffer.adv
sendmail<8.12.10	unknown			http://www.sendmail.org/8.12.10.html
thttpd<2.23.0.1nb1	remote-code-execution	http://marc.theaimsgroup.com/?l=thttpd&m=106402145912879&w=2
openssh<3.7.1.2		remote-code-execution	http://www.openssh.com/txt/sshpam.adv
proftpd<1.2.8nb2	remote-root-shell	http://xforce.iss.net/xforce/alerts/id/154
cfengine-2.0.[0-7]*	remote-code-execution	http://www.securityfocus.com/archive/1/339083/2003-09-22/2003-09-28/0
mplayer<1.0rc1nb1	remote-code-execution	http://www.mplayerhq.hu/homepage/news.html#vuln01
gmplayer<1.0rc1nb1	remote-code-execution	http://www.mplayerhq.hu/homepage/news.html#vuln01
marbles<1.0.2nb3	local-user-shell	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0830
ncftp3<3.1.6		remote-file-write	http://www.kb.cert.org/vuls/id/210409
openssl<0.9.6k		remote-root-shell	http://www.openssl.org/news/secadv_20030930.txt
vmware3<3.2.1pl1	local-root-shell	http://marc.theaimsgroup.com/?l=gentoo-announce&m=106181867621048&w=2
fetchmail<6.2.4nb2	denial-of-service	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0790