CVE-2005-3631
https://notcve.org/view.php?id=CVE-2005-3631
udev does not properly set permissions on certain files in /dev/input, which allows local users to obtain sensitive data that is entered at the console, such as user passwords. • http://secunia.com/advisories/18193 http://securitytracker.com/id?1015386 http://www.redhat.com/support/errata/RHSA-2005-864.html http://www.securityfocus.com/bid/15994 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10854 https://access.redhat.com/security/cve/CVE-2005-3631 https://bugzilla.redhat.com/show_bug.cgi?id=1617832 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2005-2100
https://notcve.org/view.php?id=CVE-2005-2100
The rw_vm function in usercopy.c in the 4GB split patch for the Linux kernel in Red Hat Enterprise Linux 4 does not perform proper bounds checking, which allows local users to cause a denial of service (crash). • http://secunia.com/advisories/17073 http://www.redhat.com/support/errata/RHSA-2005-514.html https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=165547 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11556 https://access.redhat.com/security/cve/CVE-2005-2100 https://bugzilla.redhat.com/show_bug.cgi?id=1617687 •
CVE-2005-2970
https://notcve.org/view.php?id=CVE-2005-2970
Memory leak in the worker MPM (worker.c) for Apache 2, in certain circumstances, allows remote attackers to cause a denial of service (memory consumption) via aborted connections, which prevents the memory for the transaction pool from being reused for other connections. • http://mail-archives.apache.org/mod_mbox/httpd-cvs/200509.mbox/%3C20051001110218.40692.qmail%40minotaur.apache.org%3E http://rhn.redhat.com/errata/RHSA-2006-0159.html http://secunia.com/advisories/16559 http://secunia.com/advisories/17923 http://secunia.com/advisories/18161 http://secunia.com/advisories/18333 http://secunia.com/advisories/18585 http://securitytracker.com/id?1015093 http://svn.apache.org/viewcvs?rev=292949&view=rev http://www.mandriva.com/security/advisories?name= • CWE-770: Allocation of Resources Without Limits or Throttling •
CVE-2005-1268
https://notcve.org/view.php?id=CVE-2005-1268
Off-by-one error in the mod_ssl Certificate Revocation List (CRL) verification callback in Apache, when configured to use a CRL, allows remote attackers to cause a denial of service (child process crash) via a CRL that causes a buffer overflow of one null byte. Error de fuera-por-uno en la retrollamda de verificación de Lista de Revocación de Certificados (CRL) de mod_ssl para Apache, cuando se configura para usar un CRL, permite a atacantes remotos causar una denegación de servicio (caída de proceso hijo) mediante una CRL que causa un desbordamiento de búfer de un byte nule. • http://lists.trustix.org/pipermail/tsl-announce/2005-October/000354.html http://rhn.redhat.com/errata/RHSA-2005-582.html http://secunia.com/advisories/19072 http://secunia.com/advisories/19185 http://securityreason.com/securityalert/604 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102198-1 http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm http://www.debian.org/security/2005/dsa-805 http://www.mandriva.com/security/advisories?name=MDKSA-2005:129 http:/& • CWE-193: Off-by-one Error •
CVE-2005-1760
https://notcve.org/view.php?id=CVE-2005-1760
sysreport 1.3.15 and earlier includes contents of the up2date file in a report, which leaks the password for a proxy server in plaintext and allows local users to gain privileges. • http://secunia.com/advisories/15675 http://securitytracker.com/id?1014181 http://www.redhat.com/support/errata/RHSA-2005-502.html http://www.securityfocus.com/bid/13936 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A623 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9522 https://access.redhat.com/security/cve/CVE-2005-1760 https://bugzilla.redhat.com/show_bug.cgi?id=1617664 •