US-CERT Publishes List of Security Vulnerabilities

Includes vulnerabilities for all platforms

by / January 26, 2005
The United States Computer Emergency Response Team (US-CERT) has published a list of security vulnerabilities affecting a variety of platforms reported from around the Web. Vulnerabilities include

Microsoft Internet Explorer Remote Information Disclosure
Microsoft Internet Explorer 5.0, 5.0.1, SP1-SP4, 5.5, preview, SP1&SP2, 6.0 SP1&SP2
A vulnerability exists due to a failure to secure scripts residing on a local computer, which could let a remote malicious user obtain sensitive information. No workaround or patch was available at time of publishing. No exploit is required to take advantage of this vulnerability.
Threat level: Medium

Microsoft Windows Indexing Service Buffer Overflow
Microsoft Windows XP SP1 & prior service packs, 2003
A buffer overflow vulnerability exists in the Indexing Service due to the way query validation is handled, which could let a remote malicious user cause a denial of service or execute arbitrary code. Updates are available at http://www.microsoft.com/technet/ There are no known exploits for this vulnerability.
Threat level: Low. High if arbitrary code can be executed.

Apache 2.0.35-2.0.52
A vulnerability exists when the 'SSLCipherSuite' directive is used in a directory or location context to require a restricted set of cipher suites, which could let a remote malicious user bypass security policies and obtain sensitive information. No exploit code is required to take advantage of this vulnerability. Patches are available.
Threat level: Medium

OpenPKG:
>ftp://ftp.openpkg.org/release/

Gentoo:
glsa/glsa-200410-21.xml>http://security.gentoo.org/
glsa/glsa-200410-21.xml


Slackware:
ftp://ftp.slackware.com/pub/slackware/

Conectiva:
ftp://atualizacoes.conectiva.com.br/

Mandrake:
http://www.mandrakesoft.com/security/advisories

Fedora:
/linux/core/updates/2/>http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/

RedHat:
http://rhn.redhat.com/errata/RHSA-2004-562.html

SuSE:
In the process of releasing packages.

RedHat:
http://rhn.redhat.com/errata/RHSA-2004-600.html

Avaya:
ASA-2005-010_RHSA-2004-600.pdf>http://support.avaya.com/elmodocs2/security/
ASA-2005-010_RHSA-2004-600.pdf


VMware:
http://www.vmware.com/download/esx/

A complete list of vulnerabilties and other information can be found here.