CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Astaro » Security Linux : Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2005-3985 DoS Exec Code 2005-12-04 2008-09-05
7.8
None Remote Low Not required None None Complete
The Internet Key Exchange version 1 (IKEv1) implementation in Astaro Security Linux before 6.102 allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. NOTE: due to the lack of details in the advisory, it is unclear which of CVE-2005-3666, CVE-2005-3667, and/or CVE-2005-3668 this issue applies to.
2 CVE-2005-3100 DoS 2005-09-28 2008-09-05
5.0
None Remote Low Not required None None Partial
Unspecified "PPTP Remote DoS Vulnerability" in Astaro Security Linux 4.027 allows attackers to cause a denial of service.
3 CVE-2005-2731 Dir. Trav. 2005-08-30 2008-09-05
2.1
None Local Low Not required Partial None None
Directory traversal vulnerability in Astaro Security Linux 6.0, when using Webmin, allows remote authenticated webmin users to read arbitrary files via a .. (dot dot) in the wfe_download parameter to index.fpl.
4 CVE-2005-2730 +Info 2005-08-30 2008-09-05
5.0
None Remote Low Not required Partial None None
The HTTP proxy in Astaro Security Linux 6.0 allows remote attackers to obtain sensitive information via an invalid request, which reveals a Proxy-authorization string in an error message.
5 CVE-2005-2729 Bypass 2005-08-30 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
The HTTP proxy in Astaro Security Linux 6.0 does not properly filter HTTP CONNECT requests to localhost, which allows remote attackers to bypass firewall rules and connect to local services.
6 CVE-2004-2252 +Info 2004-12-31 2008-09-05
5.0
None Remote Low Not required None Partial None
The firewall in Astaro Security Linux before 4.024 sends responses to SYN-FIN packets, which makes it easier for remote attackers to obtain information about the system and construct specialized attacks.
7 CVE-2004-2251 2004-12-31 2008-09-05
5.0
None Remote Low Not required Partial None None
The PPTP server in Astaro Security Linux before 4.024 provides information about its version, which makes it easier for remote attackers to construct specialized attacks.
8 CVE-2002-1737 2002-12-31 2008-09-05
2.1
None Local Low Not required None Partial None
Astaro Security Linux 2.016 creates world-writable files and directories, which allows local users to overwrite arbitrary files.
9 CVE-2002-0029 Exec Code Overflow 2002-11-29 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflows in the DNS stub resolver library in ISC BIND 4.9.2 through 4.9.10, and other derived libraries such as BSD libc and GNU glibc, allow remote attackers to execute arbitrary code via DNS server responses that trigger the overflow in the (1) getnetbyname, or (2) getnetbyaddr functions, aka "LIBRESOLV: buffer overrun" and a different vulnerability than CVE-2002-0684.
Total number of vulnerabilities : 9   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.