CVE-2005-3624
https://notcve.org/view.php?id=CVE-2005-3624
The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others allows attackers to corrupt the heap via negative or large integers in a CCITTFaxDecode stream, which lead to integer overflows and integer underflows. • ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.15/SCOSA-2006.15.txt ftp://patches.sgi.com/support/free/security/advisories/20051201-01-U ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U ftp://patches.sgi.com/support/free/security/advisories/20060201-01-U http://lists.suse.com/archive/suse-security-announce/2006-Jan/0001.html http://rhn.redhat.com/errata/RHSA-2006-0177.html http://scary.beasts.org/security/CESA-2005-003.txt http://secunia.com/ • CWE-189: Numeric Errors •
CVE-2005-1267 – Tcpdump - bgp_update_print Remote Denial of Service
https://notcve.org/view.php?id=CVE-2005-1267
The bgp_update_print function in tcpdump 3.x does not properly handle a -1 return value from the decode_prefix4 function, which allows remote attackers to cause a denial of service (infinite loop) via a crafted BGP packet. • https://www.exploit-db.com/exploits/1037 http://secunia.com/advisories/15634 http://secunia.com/advisories/17118 http://www.debian.org/security/2005/dsa-854 http://www.redhat.com/archives/fedora-announce-list/2005-June/msg00007.html http://www.redhat.com/support/errata/RHSA-2005-505.html http://www.securityfocus.com/archive/1/430292/100/0/threaded http://www.securityfocus.com/bid/13906 http://www.trustix.org/errata/2005/0028 https://bugzilla.redhat.com/bugzilla/show& •
CVE-2005-0750 – Linux Kernel 2.4.x/2.6.x - BlueTooth Signed Buffer Index (PoC)
https://notcve.org/view.php?id=CVE-2005-0750
The bluez_sock_create function in the Bluetooth stack for Linux kernel 2.4.6 through 2.4.30-rc1 and 2.6 through 2.6.11.5 allows local users to gain privileges via (1) socket or (2) socketpair call with a negative protocol value. • https://www.exploit-db.com/exploits/25287 https://www.exploit-db.com/exploits/25288 https://www.exploit-db.com/exploits/25289 https://www.exploit-db.com/exploits/926 http://lists.grok.org.uk/pipermail/full-disclosure/2005-March/032913.html http://marc.info/?l=bugtraq&m=111204562102633&w=2 http://www.redhat.com/support/errata/RHSA-2005-283.html http://www.redhat.com/support/errata/RHSA-2005-284.html http://www.redhat.com/support/errata/RHSA-2005-293.html http:& •
CVE-2005-0736 – Linux Kernel 2.6.9 < 2.6.11 (RHEL 4) - 'SYS_EPoll_Wait' Local Integer Overflow / Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2005-0736
Integer overflow in sys_epoll_wait in eventpoll.c for Linux kernel 2.6 to 2.6.11 allows local users to overwrite kernel memory via a large number of events. • https://www.exploit-db.com/exploits/1397 https://www.exploit-db.com/exploits/25202 http://linux.bkbits.net:8080/linux-2.6/cset%40422dd06a1p5PsyFhoGAJseinjEq3ew?nav=index.html%7CChangeSet%40-1d http://lists.grok.org.uk/pipermail/full-disclosure/2005-March/032314.html http://www.novell.com/linux/security/advisories/2005_18_kernel.html http://www.redhat.com/support/errata/RHSA-2005-293.html http://www.redhat.com/support/errata/RHSA-2005-366.html http://www.securityfocus.com/bid/12763& •
CVE-2005-0109
https://notcve.org/view.php?id=CVE-2005-0109
Hyper-Threading technology, as used in FreeBSD and other operating systems that are run on Intel Pentium and other processors, allows local users to use a malicious thread to create covert channels, monitor the execution of other threads, and obtain sensitive information such as cryptographic keys, via a timing attack on memory cache misses. • ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.24/SCOSA-2005.24.txt http://marc.info/?l=freebsd-hackers&m=110994026421858&w=2 http://marc.info/?l=freebsd-security&m=110994370429609&w=2 http://marc.info/?l=openbsd-misc&m=110995101417256&w=2 http://secunia.com/advisories/15348 http://secunia.com/advisories/18165 http://securitytracker.com/id?1013967 http://sunsolve.sun.com/search/document.do? •