CVE-2004-0883
https://notcve.org/view.php?id=CVE-2004-0883
Multiple vulnerabilities in the samba filesystem (smbfs) in Linux kernel 2.4 and 2.6 allow remote samba servers to cause a denial of service (crash) or gain sensitive information from kernel memory via a samba server (1) returning more data than requested to the smb_proc_read function, (2) returning a data offset from outside the samba packet to the smb_proc_readX function, (3) sending a certain TRANS2 fragmented packet to the smb_receive_trans2 function, (4) sending a samba packet with a certain header size to the smb_proc_readX_data function, or (5) sending a certain packet based offset for the data in a packet to the smb_receive_trans2 function. Múltiples vulnerabilidades en el sistema de ficheros de samba (smbfs) en los kernel de Linux 2.4 y 2.6 permite a servidores samba remotos causar una denegación de servicio (caída) u obtener información sensible de la memoria del kernel mediante un servidor samba que devuelva más datos de los solicitados a la función smb_proc_read que devuelva un desplazamiento de datos de fuera del paquete samba a la función smb_proc_readX, que envíe una cierto paquete fragmentado TRANS2 a la función smb_receive_trans2, que envíe un paquete samba con un cierto tamaño de cabecera a la función smb_proc_readX, o que envíe un cierto desplazamiento basado en el paquete para los datos en un paquete a la función smb_receive_trans2 • http://marc.info/?l=bugtraq&m=110072140811965&w=2 http://marc.info/?l=bugtraq&m=110082989725345&w=2 http://secunia.com/advisories/13232 http://secunia.com/advisories/20162 http://secunia.com/advisories/20163 http://secunia.com/advisories/20202 http://secunia.com/advisories/20338 http://security.e-matters.de/advisories/142004.html http://www.debian.org/security/2006/dsa-1067 http://www.debian.org/security/2006/dsa-1069 http://www.debian.org/security/2006/dsa-1 •
CVE-2004-0949
https://notcve.org/view.php?id=CVE-2004-0949
The smb_recv_trans2 function call in the samba filesystem (smbfs) in Linux kernel 2.4 and 2.6 does not properly handle the re-assembly of fragmented packets correctly, which could allow remote samba servers to (1) read arbitrary kernel information or (2) raise a counter value to an arbitrary number by sending the first part of the fragmented packet multiple times. La función smb_recv_trans2 en el sistema de ficheros samba (smbfs) en los kernel de Linux 2.4 y 2.6 no maneja adecuadamente el reensamblaje de paquetes fragmentados, lo que podría permitir a servidores samba remotos: leer información del kernel de su elección aumentar un valor de un contador en un número arbitrario enviando la primera parte del paquete fragmentado varias veces. • http://marc.info/?l=bugtraq&m=110072140811965&w=2 http://secunia.com/advisories/13232 http://secunia.com/advisories/20162 http://secunia.com/advisories/20163 http://secunia.com/advisories/20202 http://secunia.com/advisories/20338 http://security.e-matters.de/advisories/142004.html http://www.debian.org/security/2006/dsa-1067 http://www.debian.org/security/2006/dsa-1069 http://www.debian.org/security/2006/dsa-1070 http://www.debian.org/security/2006/dsa-1082 htt •
CVE-2004-0981
https://notcve.org/view.php?id=CVE-2004-0981
Buffer overflow in the EXIF parsing routine in ImageMagick before 6.1.0 allows remote attackers to execute arbitrary code via a certain image file. • http://secunia.com/advisories/12995 http://security.gentoo.org/glsa/glsa-200411-11.xml http://www.imagemagick.org/www/Changelog.html http://www.securityfocus.org/bid/11548 https://exchange.xforce.ibmcloud.com/vulnerabilities/17903 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10472 https://www.ubuntu.com/usn/usn-7-1 https://access.redhat.com/security/cve/CVE-2004-0981 https://bugzilla.redhat.com/show_bug.cgi?id=1617341 •
CVE-2004-0990 – GD Graphics Library - Local Heap Overflow
https://notcve.org/view.php?id=CVE-2004-0990
Integer overflow in GD Graphics Library libgd 2.0.28 (libgd2), and possibly other versions, allows remote attackers to cause a denial of service and possibly execute arbitrary code via PNG image files with large image rows values that lead to a heap-based buffer overflow in the gdImageCreateFromPngCtx function, a different set of vulnerabilities than CVE-2004-0941. • https://www.exploit-db.com/exploits/600 http://lists.suse.com/archive/suse-security-announce/2006-Feb/0001.html http://marc.info/?l=bugtraq&m=109882489302099&w=2 http://secunia.com/advisories/18717 http://secunia.com/advisories/20824 http://secunia.com/advisories/20866 http://secunia.com/advisories/21050 http://secunia.com/advisories/23783 http://www.ciac.org/ciac/bulletins/p-071.shtml http://www.debian.org/security/2004/dsa-589 http://www.debian.org/security •
CVE-2004-0940 – Apache 1.3.31 mod_include - Local Buffer Overflow
https://notcve.org/view.php?id=CVE-2004-0940
Buffer overflow in the get_tag function in mod_include for Apache 1.3.x to 1.3.32 allows local users who can create SSI documents to execute arbitrary code as the apache user via SSI (XSSI) documents that trigger a length calculation error. • https://www.exploit-db.com/exploits/587 https://www.exploit-db.com/exploits/24694 http://marc.info/?l=bugtraq&m=109906660225051&w=2 http://secunia.com/advisories/12898 http://secunia.com/advisories/19073 http://securitytracker.com/id?1011783 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102197-1 http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm http://www.apacheweek.com/features/security-13 http://www.debian.org/security/2004/dsa-594 http:/& • CWE-131: Incorrect Calculation of Buffer Size •