Search criteria
12 vulnerabilities by astaro
CVE-2012-3238 (GCVE-0-2012-3238)
Vulnerability from cvelistv5 – Published: 2012-07-09 22:00 – Updated: 2024-09-17 02:12
VLAI
Summary
Cross-site scripting (XSS) vulnerability in the Backup/Restore component in WebAdmin in Astaro Security Gateway before 8.305 allows remote attackers to inject arbitrary web script or HTML via the "Comment (optional)" field.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://archives.neohapsis.com/archives/fulldisclo… | mailing-listx_refsource_FULLDISC |
| http://security.inshell.net/advisory/27 | x_refsource_MISC |
| http://www.astaro.com/en-uk/blog/up2date/8305 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:57:50.365Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20120610 [CVE-2012-3238] Astaro Security Gateway \u003c= v8.304 Persistent Cross-Site Scripting Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2012-06/0206.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://security.inshell.net/advisory/27"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.astaro.com/en-uk/blog/up2date/8305"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Backup/Restore component in WebAdmin in Astaro Security Gateway before 8.305 allows remote attackers to inject arbitrary web script or HTML via the \"Comment (optional)\" field."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-07-09T22:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20120610 [CVE-2012-3238] Astaro Security Gateway \u003c= v8.304 Persistent Cross-Site Scripting Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2012-06/0206.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://security.inshell.net/advisory/27"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.astaro.com/en-uk/blog/up2date/8305"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-3238",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Backup/Restore component in WebAdmin in Astaro Security Gateway before 8.305 allows remote attackers to inject arbitrary web script or HTML via the \"Comment (optional)\" field."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20120610 [CVE-2012-3238] Astaro Security Gateway \u003c= v8.304 Persistent Cross-Site Scripting Vulnerability",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2012-06/0206.html"
},
{
"name": "http://security.inshell.net/advisory/27",
"refsource": "MISC",
"url": "http://security.inshell.net/advisory/27"
},
{
"name": "http://www.astaro.com/en-uk/blog/up2date/8305",
"refsource": "CONFIRM",
"url": "http://www.astaro.com/en-uk/blog/up2date/8305"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-3238",
"datePublished": "2012-07-09T22:00:00.000Z",
"dateReserved": "2012-06-06T00:00:00.000Z",
"dateUpdated": "2024-09-17T02:12:02.137Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-4243 (GCVE-0-2007-4243)
Vulnerability from cvelistv5 – Published: 2007-08-08 22:00 – Updated: 2024-08-07 14:46
VLAI
Summary
Unspecified vulnerability in pfilter-reporter.pl in Astaro Security Gateway (ASG) 7 allows remote attackers to cause a denial of service (CPU consumption) via certain network traffic, as demonstrated by P2P and iTunes applications that download large amounts of data.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
14 references
| URL | Tags |
|---|---|
| http://securityreason.com/securityalert/2981 | third-party-advisoryx_refsource_SREASON |
| http://astaro.org/showthread.php?p=77667 | x_refsource_MISC |
| http://www.securityfocus.com/archive/1/477120/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.securityfocus.com/archive/1/475642/100… | mailing-listx_refsource_BUGTRAQ |
| http://astaro.org/showthread.php?t=17782 | x_refsource_MISC |
| http://astaro.org/showthread.php?t=18307 | x_refsource_MISC |
| http://astaro.org/showthread.php?t=18551 | x_refsource_MISC |
| http://astaro.org/showthread.php?p=78258 | x_refsource_MISC |
| http://www.securitytracker.com/id?1018543 | vdb-entryx_refsource_SECTRACK |
| http://www.hescominsoon.com/archives/773 | x_refsource_MISC |
| http://astaro.org/showthread.php?t=17930 | x_refsource_MISC |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://astaro.org/showthread.php?t=18280 | x_refsource_MISC |
| http://astaro.org/showthread.php?p=77694 | x_refsource_MISC |
Date Public
2007-08-05 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:46:39.564Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "2981",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/2981"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://astaro.org/showthread.php?p=77667"
},
{
"name": "20070819 Astaro DOS and POP3 bypass issues partially resolved",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/477120/100/0/threaded"
},
{
"name": "20070805 DOS issue in Astaro Version 7 packet filter reporting, POSSIBLE security issue in POP3 proxy",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/475642/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://astaro.org/showthread.php?t=17782"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://astaro.org/showthread.php?t=18307"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://astaro.org/showthread.php?t=18551"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://astaro.org/showthread.php?p=78258"
},
{
"name": "1018543",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018543"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.hescominsoon.com/archives/773"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://astaro.org/showthread.php?t=17930"
},
{
"name": "astaro-packetfilter-dos(35823)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35823"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://astaro.org/showthread.php?t=18280"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://astaro.org/showthread.php?p=77694"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-08-05T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in pfilter-reporter.pl in Astaro Security Gateway (ASG) 7 allows remote attackers to cause a denial of service (CPU consumption) via certain network traffic, as demonstrated by P2P and iTunes applications that download large amounts of data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "2981",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/2981"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://astaro.org/showthread.php?p=77667"
},
{
"name": "20070819 Astaro DOS and POP3 bypass issues partially resolved",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/477120/100/0/threaded"
},
{
"name": "20070805 DOS issue in Astaro Version 7 packet filter reporting, POSSIBLE security issue in POP3 proxy",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/475642/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://astaro.org/showthread.php?t=17782"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://astaro.org/showthread.php?t=18307"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://astaro.org/showthread.php?t=18551"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://astaro.org/showthread.php?p=78258"
},
{
"name": "1018543",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018543"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.hescominsoon.com/archives/773"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://astaro.org/showthread.php?t=17930"
},
{
"name": "astaro-packetfilter-dos(35823)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35823"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://astaro.org/showthread.php?t=18280"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://astaro.org/showthread.php?p=77694"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4243",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in pfilter-reporter.pl in Astaro Security Gateway (ASG) 7 allows remote attackers to cause a denial of service (CPU consumption) via certain network traffic, as demonstrated by P2P and iTunes applications that download large amounts of data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "2981",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2981"
},
{
"name": "http://astaro.org/showthread.php?p=77667",
"refsource": "MISC",
"url": "http://astaro.org/showthread.php?p=77667"
},
{
"name": "20070819 Astaro DOS and POP3 bypass issues partially resolved",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/477120/100/0/threaded"
},
{
"name": "20070805 DOS issue in Astaro Version 7 packet filter reporting, POSSIBLE security issue in POP3 proxy",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/475642/100/0/threaded"
},
{
"name": "http://astaro.org/showthread.php?t=17782",
"refsource": "MISC",
"url": "http://astaro.org/showthread.php?t=17782"
},
{
"name": "http://astaro.org/showthread.php?t=18307",
"refsource": "MISC",
"url": "http://astaro.org/showthread.php?t=18307"
},
{
"name": "http://astaro.org/showthread.php?t=18551",
"refsource": "MISC",
"url": "http://astaro.org/showthread.php?t=18551"
},
{
"name": "http://astaro.org/showthread.php?p=78258",
"refsource": "MISC",
"url": "http://astaro.org/showthread.php?p=78258"
},
{
"name": "1018543",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018543"
},
{
"name": "http://www.hescominsoon.com/archives/773",
"refsource": "MISC",
"url": "http://www.hescominsoon.com/archives/773"
},
{
"name": "http://astaro.org/showthread.php?t=17930",
"refsource": "MISC",
"url": "http://astaro.org/showthread.php?t=17930"
},
{
"name": "astaro-packetfilter-dos(35823)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35823"
},
{
"name": "http://astaro.org/showthread.php?t=18280",
"refsource": "MISC",
"url": "http://astaro.org/showthread.php?t=18280"
},
{
"name": "http://astaro.org/showthread.php?p=77694",
"refsource": "MISC",
"url": "http://astaro.org/showthread.php?p=77694"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4243",
"datePublished": "2007-08-08T22:00:00.000Z",
"dateReserved": "2007-08-08T00:00:00.000Z",
"dateUpdated": "2024-08-07T14:46:39.564Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-4242 (GCVE-0-2007-4242)
Vulnerability from cvelistv5 – Published: 2007-08-08 22:00 – Updated: 2024-08-07 14:46
VLAI
Summary
The pop3 Proxy in Astaro Security Gateway (ASG) 7 does not perform virus scanning of attachments that exceed the maximum attachment size, and passes these attachments, which allows remote attackers to bypass this scanning via a large attachment.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://securityreason.com/securityalert/2981 | third-party-advisoryx_refsource_SREASON |
| http://www.securityfocus.com/archive/1/477120/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.securityfocus.com/archive/1/475642/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.securitytracker.com/id?1018543 | vdb-entryx_refsource_SECTRACK |
| http://www.hescominsoon.com/archives/773 | x_refsource_MISC |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2007-08-05 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:46:39.417Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "2981",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/2981"
},
{
"name": "20070819 Astaro DOS and POP3 bypass issues partially resolved",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/477120/100/0/threaded"
},
{
"name": "20070805 DOS issue in Astaro Version 7 packet filter reporting, POSSIBLE security issue in POP3 proxy",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/475642/100/0/threaded"
},
{
"name": "1018543",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018543"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.hescominsoon.com/archives/773"
},
{
"name": "astaro-pop3-security-bypass(35827)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35827"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-08-05T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The pop3 Proxy in Astaro Security Gateway (ASG) 7 does not perform virus scanning of attachments that exceed the maximum attachment size, and passes these attachments, which allows remote attackers to bypass this scanning via a large attachment."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "2981",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/2981"
},
{
"name": "20070819 Astaro DOS and POP3 bypass issues partially resolved",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/477120/100/0/threaded"
},
{
"name": "20070805 DOS issue in Astaro Version 7 packet filter reporting, POSSIBLE security issue in POP3 proxy",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/475642/100/0/threaded"
},
{
"name": "1018543",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018543"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.hescominsoon.com/archives/773"
},
{
"name": "astaro-pop3-security-bypass(35827)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35827"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4242",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The pop3 Proxy in Astaro Security Gateway (ASG) 7 does not perform virus scanning of attachments that exceed the maximum attachment size, and passes these attachments, which allows remote attackers to bypass this scanning via a large attachment."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "2981",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2981"
},
{
"name": "20070819 Astaro DOS and POP3 bypass issues partially resolved",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/477120/100/0/threaded"
},
{
"name": "20070805 DOS issue in Astaro Version 7 packet filter reporting, POSSIBLE security issue in POP3 proxy",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/475642/100/0/threaded"
},
{
"name": "1018543",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018543"
},
{
"name": "http://www.hescominsoon.com/archives/773",
"refsource": "MISC",
"url": "http://www.hescominsoon.com/archives/773"
},
{
"name": "astaro-pop3-security-bypass(35827)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35827"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4242",
"datePublished": "2007-08-08T22:00:00.000Z",
"dateReserved": "2007-08-08T00:00:00.000Z",
"dateUpdated": "2024-08-07T14:46:39.417Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-3253 (GCVE-0-2007-3253)
Vulnerability from cvelistv5 – Published: 2007-06-18 10:00 – Updated: 2024-08-07 14:14
VLAI
Summary
Multiple unspecified vulnerabilities in Astaro Security Gateway (ASG) before 7.005 allow remote attackers to cause a denial of service via (1) certain email, which stops the SMTP Proxy during scanning; (2) certain HTTP traffic, which stops or slows down the HTTP proxy during HTTP responses containing virus scanned web pages; and (3) a disconnection during a streaming session.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| http://up2date.astaro.com/2007/06/up2date_7005_re… | x_refsource_CONFIRM |
| http://osvdb.org/37346 | vdb-entryx_refsource_OSVDB |
| http://secunia.com/advisories/25694 | third-party-advisoryx_refsource_SECUNIA |
| http://osvdb.org/37345 | vdb-entryx_refsource_OSVDB |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/bid/24492 | vdb-entryx_refsource_BID |
| http://www.vupen.com/english/advisories/2007/2220 | vdb-entryx_refsource_VUPEN |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2007-06-15 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:14:11.473Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://up2date.astaro.com/2007/06/up2date_7005_released_middle.html"
},
{
"name": "37346",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/37346"
},
{
"name": "25694",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25694"
},
{
"name": "37345",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/37345"
},
{
"name": "astaro-http-proxy-dos(34884)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34884"
},
{
"name": "24492",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24492"
},
{
"name": "ADV-2007-2220",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2220"
},
{
"name": "astaro-smtp-proxy-dos(34882)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34882"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-06-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple unspecified vulnerabilities in Astaro Security Gateway (ASG) before 7.005 allow remote attackers to cause a denial of service via (1) certain email, which stops the SMTP Proxy during scanning; (2) certain HTTP traffic, which stops or slows down the HTTP proxy during HTTP responses containing virus scanned web pages; and (3) a disconnection during a streaming session."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://up2date.astaro.com/2007/06/up2date_7005_released_middle.html"
},
{
"name": "37346",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/37346"
},
{
"name": "25694",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25694"
},
{
"name": "37345",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/37345"
},
{
"name": "astaro-http-proxy-dos(34884)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34884"
},
{
"name": "24492",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24492"
},
{
"name": "ADV-2007-2220",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2220"
},
{
"name": "astaro-smtp-proxy-dos(34882)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34882"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3253",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple unspecified vulnerabilities in Astaro Security Gateway (ASG) before 7.005 allow remote attackers to cause a denial of service via (1) certain email, which stops the SMTP Proxy during scanning; (2) certain HTTP traffic, which stops or slows down the HTTP proxy during HTTP responses containing virus scanned web pages; and (3) a disconnection during a streaming session."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://up2date.astaro.com/2007/06/up2date_7005_released_middle.html",
"refsource": "CONFIRM",
"url": "http://up2date.astaro.com/2007/06/up2date_7005_released_middle.html"
},
{
"name": "37346",
"refsource": "OSVDB",
"url": "http://osvdb.org/37346"
},
{
"name": "25694",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25694"
},
{
"name": "37345",
"refsource": "OSVDB",
"url": "http://osvdb.org/37345"
},
{
"name": "astaro-http-proxy-dos(34884)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34884"
},
{
"name": "24492",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24492"
},
{
"name": "ADV-2007-2220",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2220"
},
{
"name": "astaro-smtp-proxy-dos(34882)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34882"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-3253",
"datePublished": "2007-06-18T10:00:00.000Z",
"dateReserved": "2007-06-18T00:00:00.000Z",
"dateUpdated": "2024-08-07T14:14:11.473Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-3985 (GCVE-0-2005-3985)
Vulnerability from cvelistv5 – Published: 2005-12-04 22:00 – Updated: 2024-08-07 23:31
VLAI
Summary
The Internet Key Exchange version 1 (IKEv1) implementation in Astaro Security Linux before 6.102 allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. NOTE: due to the lack of details in the advisory, it is unclear which of CVE-2005-3666, CVE-2005-3667, and/or CVE-2005-3668 this issue applies to.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.astaro.org/showflat.php?Cat=&Number=63… | x_refsource_CONFIRM |
| http://secunia.com/advisories/17838 | third-party-advisoryx_refsource_SECUNIA |
| http://www.vupen.com/english/advisories/2005/2678 | vdb-entryx_refsource_VUPEN |
| http://www.securityfocus.com/bid/15666 | vdb-entryx_refsource_BID |
Date Public
2005-12-01 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:31:48.965Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.astaro.org/showflat.php?Cat=\u0026Number=63958\u0026page=0\u0026view=collapsed\u0026sb=5\u0026o=\u0026fpart=1#63958"
},
{
"name": "17838",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17838"
},
{
"name": "ADV-2005-2678",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/2678"
},
{
"name": "15666",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15666"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-12-01T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The Internet Key Exchange version 1 (IKEv1) implementation in Astaro Security Linux before 6.102 allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. NOTE: due to the lack of details in the advisory, it is unclear which of CVE-2005-3666, CVE-2005-3667, and/or CVE-2005-3668 this issue applies to."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-02-26T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.astaro.org/showflat.php?Cat=\u0026Number=63958\u0026page=0\u0026view=collapsed\u0026sb=5\u0026o=\u0026fpart=1#63958"
},
{
"name": "17838",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17838"
},
{
"name": "ADV-2005-2678",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/2678"
},
{
"name": "15666",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15666"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3985",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Internet Key Exchange version 1 (IKEv1) implementation in Astaro Security Linux before 6.102 allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. NOTE: due to the lack of details in the advisory, it is unclear which of CVE-2005-3666, CVE-2005-3667, and/or CVE-2005-3668 this issue applies to."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.astaro.org/showflat.php?Cat=\u0026Number=63958\u0026page=0\u0026view=collapsed\u0026sb=5\u0026o=\u0026fpart=1#63958",
"refsource": "CONFIRM",
"url": "http://www.astaro.org/showflat.php?Cat=\u0026Number=63958\u0026page=0\u0026view=collapsed\u0026sb=5\u0026o=\u0026fpart=1#63958"
},
{
"name": "17838",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17838"
},
{
"name": "ADV-2005-2678",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2678"
},
{
"name": "15666",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15666"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3985",
"datePublished": "2005-12-04T22:00:00.000Z",
"dateReserved": "2005-12-04T00:00:00.000Z",
"dateUpdated": "2024-08-07T23:31:48.965Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-3100 (GCVE-0-2005-3100)
Vulnerability from cvelistv5 – Published: 2005-09-28 04:00 – Updated: 2024-08-07 23:01
VLAI
Summary
Unspecified "PPTP Remote DoS Vulnerability" in Astaro Security Linux 4.027 allows attackers to cause a denial of service.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/14950 | vdb-entryx_refsource_BID |
| http://www.osvdb.org/20971 | vdb-entryx_refsource_OSVDB |
| http://secunia.com/advisories/16967 | third-party-advisoryx_refsource_SECUNIA |
| http://www.astaro.org/showflat.php?Cat=&Number=62… | x_refsource_CONFIRM |
Date Public
2005-09-27 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:01:57.959Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "14950",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/14950"
},
{
"name": "20971",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/20971"
},
{
"name": "16967",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/16967"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.astaro.org/showflat.php?Cat=\u0026Number=62289\u0026Main=62289"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-09-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Unspecified \"PPTP Remote DoS Vulnerability\" in Astaro Security Linux 4.027 allows attackers to cause a denial of service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2006-04-04T09:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "14950",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/14950"
},
{
"name": "20971",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/20971"
},
{
"name": "16967",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/16967"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.astaro.org/showflat.php?Cat=\u0026Number=62289\u0026Main=62289"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3100",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified \"PPTP Remote DoS Vulnerability\" in Astaro Security Linux 4.027 allows attackers to cause a denial of service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "14950",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/14950"
},
{
"name": "20971",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/20971"
},
{
"name": "16967",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16967"
},
{
"name": "http://www.astaro.org/showflat.php?Cat=\u0026Number=62289\u0026Main=62289",
"refsource": "CONFIRM",
"url": "http://www.astaro.org/showflat.php?Cat=\u0026Number=62289\u0026Main=62289"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3100",
"datePublished": "2005-09-28T04:00:00.000Z",
"dateReserved": "2005-09-28T00:00:00.000Z",
"dateUpdated": "2024-08-07T23:01:57.959Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-2731 (GCVE-0-2005-2731)
Vulnerability from cvelistv5 – Published: 2005-08-29 04:00 – Updated: 2024-08-07 22:45
VLAI
Summary
Directory traversal vulnerability in Astaro Security Linux 6.0, when using Webmin, allows remote authenticated webmin users to read arbitrary files via a .. (dot dot) in the wfe_download parameter to index.fpl.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| http://marc.info/?l=bugtraq&m=112501186602731&w=2 | mailing-listx_refsource_BUGTRAQ |
Date Public
2005-08-25 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:45:02.040Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20050825 Astaro Security Linux 6.0 - HTTP CONNECT Access Localhost Weakness",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112501186602731\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-08-25T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in Astaro Security Linux 6.0, when using Webmin, allows remote authenticated webmin users to read arbitrary files via a .. (dot dot) in the wfe_download parameter to index.fpl."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20050825 Astaro Security Linux 6.0 - HTTP CONNECT Access Localhost Weakness",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112501186602731\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-2731",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in Astaro Security Linux 6.0, when using Webmin, allows remote authenticated webmin users to read arbitrary files via a .. (dot dot) in the wfe_download parameter to index.fpl."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20050825 Astaro Security Linux 6.0 - HTTP CONNECT Access Localhost Weakness",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=112501186602731\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-2731",
"datePublished": "2005-08-29T04:00:00.000Z",
"dateReserved": "2005-08-29T00:00:00.000Z",
"dateUpdated": "2024-08-07T22:45:02.040Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-2729 (GCVE-0-2005-2729)
Vulnerability from cvelistv5 – Published: 2005-08-29 04:00 – Updated: 2024-08-07 22:45
VLAI
Summary
The HTTP proxy in Astaro Security Linux 6.0 does not properly filter HTTP CONNECT requests to localhost, which allows remote attackers to bypass firewall rules and connect to local services.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/16578/ | third-party-advisoryx_refsource_SECUNIA |
| http://marc.info/?l=bugtraq&m=112501186602731&w=2 | mailing-listx_refsource_BUGTRAQ |
| http://www.securityfocus.com/bid/14665 | vdb-entryx_refsource_BID |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2005-08-25 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:45:02.072Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "16578",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/16578/"
},
{
"name": "20050825 Astaro Security Linux 6.0 - HTTP CONNECT Access Localhost Weakness",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112501186602731\u0026w=2"
},
{
"name": "14665",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/14665"
},
{
"name": "astaro-http-proxy-tcp-connect(22021)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22021"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-08-25T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The HTTP proxy in Astaro Security Linux 6.0 does not properly filter HTTP CONNECT requests to localhost, which allows remote attackers to bypass firewall rules and connect to local services."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "16578",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/16578/"
},
{
"name": "20050825 Astaro Security Linux 6.0 - HTTP CONNECT Access Localhost Weakness",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112501186602731\u0026w=2"
},
{
"name": "14665",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/14665"
},
{
"name": "astaro-http-proxy-tcp-connect(22021)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22021"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-2729",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The HTTP proxy in Astaro Security Linux 6.0 does not properly filter HTTP CONNECT requests to localhost, which allows remote attackers to bypass firewall rules and connect to local services."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "16578",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16578/"
},
{
"name": "20050825 Astaro Security Linux 6.0 - HTTP CONNECT Access Localhost Weakness",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=112501186602731\u0026w=2"
},
{
"name": "14665",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/14665"
},
{
"name": "astaro-http-proxy-tcp-connect(22021)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22021"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-2729",
"datePublished": "2005-08-29T04:00:00.000Z",
"dateReserved": "2005-08-29T00:00:00.000Z",
"dateUpdated": "2024-08-07T22:45:02.072Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-2730 (GCVE-0-2005-2730)
Vulnerability from cvelistv5 – Published: 2005-08-29 04:00 – Updated: 2024-08-07 22:45
VLAI
Summary
The HTTP proxy in Astaro Security Linux 6.0 allows remote attackers to obtain sensitive information via an invalid request, which reveals a Proxy-authorization string in an error message.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://marc.info/?l=bugtraq&m=112501186602731&w=2 | mailing-listx_refsource_BUGTRAQ |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2005-08-25 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:45:02.073Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20050825 Astaro Security Linux 6.0 - HTTP CONNECT Access Localhost Weakness",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112501186602731\u0026w=2"
},
{
"name": "astaro-proxy-information-disclosure(22024)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22024"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-08-25T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The HTTP proxy in Astaro Security Linux 6.0 allows remote attackers to obtain sensitive information via an invalid request, which reveals a Proxy-authorization string in an error message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20050825 Astaro Security Linux 6.0 - HTTP CONNECT Access Localhost Weakness",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112501186602731\u0026w=2"
},
{
"name": "astaro-proxy-information-disclosure(22024)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22024"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-2730",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The HTTP proxy in Astaro Security Linux 6.0 allows remote attackers to obtain sensitive information via an invalid request, which reveals a Proxy-authorization string in an error message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20050825 Astaro Security Linux 6.0 - HTTP CONNECT Access Localhost Weakness",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=112501186602731\u0026w=2"
},
{
"name": "astaro-proxy-information-disclosure(22024)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22024"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-2730",
"datePublished": "2005-08-29T04:00:00.000Z",
"dateReserved": "2005-08-29T00:00:00.000Z",
"dateUpdated": "2024-08-07T22:45:02.073Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-2251 (GCVE-0-2004-2251)
Vulnerability from cvelistv5 – Published: 2005-07-17 04:00 – Updated: 2024-08-08 01:22
VLAI
Summary
The PPTP server in Astaro Security Linux before 4.024 provides information about its version, which makes it easier for remote attackers to construct specialized attacks.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://www.osvdb.org/11406 | vdb-entryx_refsource_OSVDB |
| http://www.astaro.org/showflat.php?Cat=&Number=51… | x_refsource_CONFIRM |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://secunia.com/advisories/13089 | third-party-advisoryx_refsource_SECUNIA |
| http://securitytracker.com/id?1012065 | vdb-entryx_refsource_SECTRACK |
Date Public
2004-11-02 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:22:13.229Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "11406",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/11406"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.astaro.org/showflat.php?Cat=\u0026Number=51459\u0026page=0\u0026view=collapsed\u0026sb=5\u0026o=\u0026fpart=1#51459"
},
{
"name": "astaro-pptp-info-disclosure(17959)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17959"
},
{
"name": "13089",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/13089"
},
{
"name": "1012065",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1012065"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-11-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The PPTP server in Astaro Security Linux before 4.024 provides information about its version, which makes it easier for remote attackers to construct specialized attacks."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "11406",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/11406"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.astaro.org/showflat.php?Cat=\u0026Number=51459\u0026page=0\u0026view=collapsed\u0026sb=5\u0026o=\u0026fpart=1#51459"
},
{
"name": "astaro-pptp-info-disclosure(17959)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17959"
},
{
"name": "13089",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/13089"
},
{
"name": "1012065",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1012065"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2251",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The PPTP server in Astaro Security Linux before 4.024 provides information about its version, which makes it easier for remote attackers to construct specialized attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "11406",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/11406"
},
{
"name": "http://www.astaro.org/showflat.php?Cat=\u0026Number=51459\u0026page=0\u0026view=collapsed\u0026sb=5\u0026o=\u0026fpart=1#51459",
"refsource": "CONFIRM",
"url": "http://www.astaro.org/showflat.php?Cat=\u0026Number=51459\u0026page=0\u0026view=collapsed\u0026sb=5\u0026o=\u0026fpart=1#51459"
},
{
"name": "astaro-pptp-info-disclosure(17959)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17959"
},
{
"name": "13089",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/13089"
},
{
"name": "1012065",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1012065"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-2251",
"datePublished": "2005-07-17T04:00:00.000Z",
"dateReserved": "2005-07-17T00:00:00.000Z",
"dateUpdated": "2024-08-08T01:22:13.229Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2002-1737 (GCVE-0-2002-1737)
Vulnerability from cvelistv5 – Published: 2005-06-21 04:00 – Updated: 2024-08-08 03:34
VLAI
Summary
Astaro Security Linux 2.016 creates world-writable files and directories, which allows local users to overwrite arbitrary files.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://online.securityfocus.com/archive/1/256124 | mailing-listx_refsource_BUGTRAQ |
| http://www.securityfocus.com/bid/4103 | vdb-entryx_refsource_BID |
| http://online.securityfocus.com/archive/1/256127 | mailing-listx_refsource_BUGTRAQ |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2002-02-12 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:34:56.062Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20020212 Astaro Security Linux Improper File Permissions Flaw",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://online.securityfocus.com/archive/1/256124"
},
{
"name": "4103",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/4103"
},
{
"name": "20020212 RE: Astaro Security Linux Improper File Permissions Flaw",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://online.securityfocus.com/archive/1/256127"
},
{
"name": "astaro-insecure-file-permissions(8190)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8190"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-02-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Astaro Security Linux 2.016 creates world-writable files and directories, which allows local users to overwrite arbitrary files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20020212 Astaro Security Linux Improper File Permissions Flaw",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://online.securityfocus.com/archive/1/256124"
},
{
"name": "4103",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/4103"
},
{
"name": "20020212 RE: Astaro Security Linux Improper File Permissions Flaw",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://online.securityfocus.com/archive/1/256127"
},
{
"name": "astaro-insecure-file-permissions(8190)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8190"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1737",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Astaro Security Linux 2.016 creates world-writable files and directories, which allows local users to overwrite arbitrary files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20020212 Astaro Security Linux Improper File Permissions Flaw",
"refsource": "BUGTRAQ",
"url": "http://online.securityfocus.com/archive/1/256124"
},
{
"name": "4103",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4103"
},
{
"name": "20020212 RE: Astaro Security Linux Improper File Permissions Flaw",
"refsource": "BUGTRAQ",
"url": "http://online.securityfocus.com/archive/1/256127"
},
{
"name": "astaro-insecure-file-permissions(8190)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8190"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-1737",
"datePublished": "2005-06-21T04:00:00.000Z",
"dateReserved": "2005-06-21T00:00:00.000Z",
"dateUpdated": "2024-08-08T03:34:56.062Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2002-0029 (GCVE-0-2002-0029)
Vulnerability from cvelistv5 – Published: 2002-11-21 05:00 – Updated: 2024-08-08 02:35
VLAI
Summary
Buffer overflows in the DNS stub resolver library in ISC BIND 4.9.2 through 4.9.10, and other derived libraries such as BSD libc and GNU glibc, allow remote attackers to execute arbitrary code via DNS server responses that trigger the overflow in the (1) getnetbyname, or (2) getnetbyaddr functions, aka "LIBRESOLV: buffer overrun" and a different vulnerability than CVE-2002-0684.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| http://www.iss.net/security_center/static/10624.php | vdb-entryx_refsource_XF |
| ftp://ftp.netbsd.org/pub/NetBSD/security/advisori… | vendor-advisoryx_refsource_NETBSD |
| http://www.cert.org/advisories/CA-2002-31.html | third-party-advisoryx_refsource_CERT |
| http://www.securityfocus.com/bid/6186 | vdb-entryx_refsource_BID |
| http://www.kb.cert.org/vuls/id/844360 | third-party-advisoryx_refsource_CERT-VN |
| http://www.isc.org/products/BIND/bind-security.html | x_refsource_CONFIRM |
| http://lists.apple.com/archives/Security-announce… | vendor-advisoryx_refsource_APPLE |
| ftp://patches.sgi.com/support/free/security/advis… | vendor-advisoryx_refsource_SGI |
Date Public
2002-11-12 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:35:17.387Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "bind-dns-libresolv-bo(10624)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/10624.php"
},
{
"name": "NetBSD-SA2002-028",
"tags": [
"vendor-advisory",
"x_refsource_NETBSD",
"x_transferred"
],
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-028.txt.asc"
},
{
"name": "CA-2002-31",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.cert.org/advisories/CA-2002-31.html"
},
{
"name": "6186",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/6186"
},
{
"name": "VU#844360",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/844360"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.isc.org/products/BIND/bind-security.html"
},
{
"name": "2002-11-21",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/Security-announce/2002/Nov/msg00000.html"
},
{
"name": "20021201-01-P",
"tags": [
"vendor-advisory",
"x_refsource_SGI",
"x_transferred"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20021201-01-P"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-11-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflows in the DNS stub resolver library in ISC BIND 4.9.2 through 4.9.10, and other derived libraries such as BSD libc and GNU glibc, allow remote attackers to execute arbitrary code via DNS server responses that trigger the overflow in the (1) getnetbyname, or (2) getnetbyaddr functions, aka \"LIBRESOLV: buffer overrun\" and a different vulnerability than CVE-2002-0684."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2003-02-26T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "bind-dns-libresolv-bo(10624)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/10624.php"
},
{
"name": "NetBSD-SA2002-028",
"tags": [
"vendor-advisory",
"x_refsource_NETBSD"
],
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-028.txt.asc"
},
{
"name": "CA-2002-31",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.cert.org/advisories/CA-2002-31.html"
},
{
"name": "6186",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/6186"
},
{
"name": "VU#844360",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/844360"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.isc.org/products/BIND/bind-security.html"
},
{
"name": "2002-11-21",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/Security-announce/2002/Nov/msg00000.html"
},
{
"name": "20021201-01-P",
"tags": [
"vendor-advisory",
"x_refsource_SGI"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20021201-01-P"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0029",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflows in the DNS stub resolver library in ISC BIND 4.9.2 through 4.9.10, and other derived libraries such as BSD libc and GNU glibc, allow remote attackers to execute arbitrary code via DNS server responses that trigger the overflow in the (1) getnetbyname, or (2) getnetbyaddr functions, aka \"LIBRESOLV: buffer overrun\" and a different vulnerability than CVE-2002-0684."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "bind-dns-libresolv-bo(10624)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/10624.php"
},
{
"name": "NetBSD-SA2002-028",
"refsource": "NETBSD",
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-028.txt.asc"
},
{
"name": "CA-2002-31",
"refsource": "CERT",
"url": "http://www.cert.org/advisories/CA-2002-31.html"
},
{
"name": "6186",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6186"
},
{
"name": "VU#844360",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/844360"
},
{
"name": "http://www.isc.org/products/BIND/bind-security.html",
"refsource": "CONFIRM",
"url": "http://www.isc.org/products/BIND/bind-security.html"
},
{
"name": "2002-11-21",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/Security-announce/2002/Nov/msg00000.html"
},
{
"name": "20021201-01-P",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20021201-01-P"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-0029",
"datePublished": "2002-11-21T05:00:00.000Z",
"dateReserved": "2002-01-16T00:00:00.000Z",
"dateUpdated": "2024-08-08T02:35:17.387Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}