The OVAL Repository5.32015-09-03T06:11:59.287-04:00HP-UX PMTUD Remote DoS (B.11.23)HP-UX 11Unknown vulnerability in HP-UX B.11.00, B.11.04, B.11.11, B.11.22, and B.11.23, when running TCP/IP on IPv4, allows remote attackers to cause a denial of service via certain packets, related to the PMTU, a different vulnerability than CVE-2004-1060.Robert L. HollisDRAFTINTERIMACCEPTEDTodd DolinskyINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDHP-UX 11.04 Path MTU Discovery Attack VulnerabilityHP-UX 11Multiple TCP/IP and ICMP implementations, when using Path MTU (PMTU) discovery (PMTUD), allow remote attackers to cause a denial of service (network throughput reduction for TCP connections) via forged ICMP ("Fragmentation Needed and Don't Fragment was Set") packets with a low next-hop MTU value, aka the "Path MTU discovery attack." NOTE: CVE-2004-0790, CVE-2004-0791, and CVE-2004-1060 have been SPLIT based on different attacks; CVE-2005-0065, CVE-2005-0066, CVE-2005-0067, and CVE-2005-0068 are related identifiers that are SPLIT based on the underlying vulnerability. While CVE normally SPLITs based on vulnerability, the attack-based identifiers exist due to the variety and number of affected implementations and solutions that address the attacks instead of the underlying vulnerabilities.Robert L. HollisDRAFTINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDTodd DolinskyINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDApache HTTP Request SmugglingHP-UX 11ApacheThe Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDHP-UX Usermod Local Unauthorized Access Vulnerability instead of usermod Recursive Ownership Error.HP-UX 11ApacheUnspecified vulnerability in usermod in HP-UX B.11.00, B.11.11, and B.11.23, when run with certain options that involve a new home directory, might cause usermod to change the ownership of all directories and files under the new directory, which might result in less secure permissions than intended.Robert L. HollisDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMNabil OuchnACCEPTEDACCEPTEDApache HTTP Byte-range DoS VulnerabilityHP-UX 11ApacheThe byte-range filter in Apache 2.0 before 2.0.54 allows remote attackers to cause a denial of service (memory consumption) via an HTTP header with a large Range field.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDApache Integer Overflow in pcre_compile.cHP-UX 11ApacheInteger overflow in pcre_compile.c in Perl Compatible Regular Expressions (PCRE) before 6.2, as used in multiple products such as Python, Ethereal, and PHP, allows attackers to execute arbitrary code via quantifier values in regular expressions, which leads to a heap-based buffer overflow.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDHP-UX 11.00 ICMP Source Quench Attack VulnerabilityHP-UX 11Multiple TCP/IP and ICMP implementations allow remote attackers to cause a denial of service (network throughput reduction for TCP connections) via a blind throughput-reduction attack using spoofed Source Quench packets, aka the "ICMP Source Quench attack." NOTE: CVE-2004-0790, CVE-2004-0791, and CVE-2004-1060 have been SPLIT based on different attacks; CVE-2005-0065, CVE-2005-0066, CVE-2005-0067, and CVE-2005-0068 are related identifiers that are SPLIT based on the underlying vulnerability. While CVE normally SPLITs based on vulnerability, the attack-based identifiers exist due to the variety and number of affected implementations and solutions that address the attacks instead of the underlying vulnerabilities.Robert L. HollisDRAFTINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDTodd DolinskyINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDHP-UX 11.23 ICMP Source Quench Attack VulnerabilityHP-UX 11Multiple TCP/IP and ICMP implementations allow remote attackers to cause a denial of service (network throughput reduction for TCP connections) via a blind throughput-reduction attack using spoofed Source Quench packets, aka the "ICMP Source Quench attack." NOTE: CVE-2004-0790, CVE-2004-0791, and CVE-2004-1060 have been SPLIT based on different attacks; CVE-2005-0065, CVE-2005-0066, CVE-2005-0067, and CVE-2005-0068 are related identifiers that are SPLIT based on the underlying vulnerability. While CVE normally SPLITs based on vulnerability, the attack-based identifiers exist due to the variety and number of affected implementations and solutions that address the attacks instead of the underlying vulnerabilities.Robert L. HollisDRAFTINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDTodd DolinskyINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDSushant Kumar SinghINTERIMACCEPTEDACCEPTEDHP-UX 11.11 or 11.23 Path MTU Discovery Attack VulnerabilityHP-UX 11Multiple TCP/IP and ICMP implementations, when using Path MTU (PMTU) discovery (PMTUD), allow remote attackers to cause a denial of service (network throughput reduction for TCP connections) via forged ICMP ("Fragmentation Needed and Don't Fragment was Set") packets with a low next-hop MTU value, aka the "Path MTU discovery attack." NOTE: CVE-2004-0790, CVE-2004-0791, and CVE-2004-1060 have been SPLIT based on different attacks; CVE-2005-0065, CVE-2005-0066, CVE-2005-0067, and CVE-2005-0068 are related identifiers that are SPLIT based on the underlying vulnerability. While CVE normally SPLITs based on vulnerability, the attack-based identifiers exist due to the variety and number of affected implementations and solutions that address the attacks instead of the underlying vulnerabilities.Robert L. HollisDRAFTINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDACCEPTEDHP-UX ftpd Remote Unauthorized Data Access (B.11.11)HP-UX 11ftpdThe FTP server in HP-UX 10.20, B.11.00, and B.11.11, allows remote attackers to list arbitrary directories as root by running the LIST command before logging in.Robert L. HollisDRAFTINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDSushant Kumar SinghINTERIMACCEPTEDACCEPTEDHP-UX 11.11 or 11.23 ICMP Source Quench Attack VulnerabilityHP-UX 11Multiple TCP/IP and ICMP implementations allow remote attackers to cause a denial of service (network throughput reduction for TCP connections) via a blind throughput-reduction attack using spoofed Source Quench packets, aka the "ICMP Source Quench attack." NOTE: CVE-2004-0790, CVE-2004-0791, and CVE-2004-1060 have been SPLIT based on different attacks; CVE-2005-0065, CVE-2005-0066, CVE-2005-0067, and CVE-2005-0068 are related identifiers that are SPLIT based on the underlying vulnerability. While CVE normally SPLITs based on vulnerability, the attack-based identifiers exist due to the variety and number of affected implementations and solutions that address the attacks instead of the underlying vulnerabilities.Robert L. HollisDRAFTINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDACCEPTEDHP-UX 11.11, 11.23 Blind Connection Reset Attack VulnerabilityHP-UX 11Multiple TCP/IP and ICMP implementations allow remote attackers to cause a denial of service (reset TCP connections) via spoofed ICMP error messages, aka the "blind connection-reset attack." NOTE: CVE-2004-0790, CVE-2004-0791, and CVE-2004-1060 have been SPLIT based on different attacks; CVE-2005-0065, CVE-2005-0066, CVE-2005-0067, and CVE-2005-0068 are related identifiers that are SPLIT based on the underlying vulnerability. While CVE normally SPLITs based on vulnerability, the attack-based identifiers exist due to the variety and number of affected implementations and solutions that address the attacks instead of the underlying vulnerabilities.Robert L. HollisDRAFTINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDSushant Kumar SinghINTERIMSushant Kumar SinghACCEPTEDACCEPTEDHP-UX ftpd Remote Unauthorized Data Access (B.11.00)HP-UX 11ftpdThe FTP server in HP-UX 10.20, B.11.00, and B.11.11, allows remote attackers to list arbitrary directories as root by running the LIST command before logging in.Robert L. HollisDRAFTINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDACCEPTEDHP-UX 11.04 Blind Connection Reset Attack VulnerabilityHP-UX 11Multiple TCP/IP and ICMP implementations allow remote attackers to cause a denial of service (reset TCP connections) via spoofed ICMP error messages, aka the "blind connection-reset attack." NOTE: CVE-2004-0790, CVE-2004-0791, and CVE-2004-1060 have been SPLIT based on different attacks; CVE-2005-0065, CVE-2005-0066, CVE-2005-0067, and CVE-2005-0068 are related identifiers that are SPLIT based on the underlying vulnerability. While CVE normally SPLITs based on vulnerability, the attack-based identifiers exist due to the variety and number of affected implementations and solutions that address the attacks instead of the underlying vulnerabilities.Robert L. HollisDRAFTINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDTodd DolinskyINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDHP-UX 11.23 Path MTU Discovery Attack VulnerabilityHP-UX 11Multiple TCP/IP and ICMP implementations, when using Path MTU (PMTU) discovery (PMTUD), allow remote attackers to cause a denial of service (network throughput reduction for TCP connections) via forged ICMP ("Fragmentation Needed and Don't Fragment was Set") packets with a low next-hop MTU value, aka the "Path MTU discovery attack." NOTE: CVE-2004-0790, CVE-2004-0791, and CVE-2004-1060 have been SPLIT based on different attacks; CVE-2005-0065, CVE-2005-0066, CVE-2005-0067, and CVE-2005-0068 are related identifiers that are SPLIT based on the underlying vulnerability. While CVE normally SPLITs based on vulnerability, the attack-based identifiers exist due to the variety and number of affected implementations and solutions that address the attacks instead of the underlying vulnerabilities.Robert L. HollisDRAFTINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDTodd DolinskyINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDSushant Kumar SinghINTERIMACCEPTEDACCEPTEDHP-UX 11.23 Blind Connection Reset Attack VulnerabilityHP-UX 11Multiple TCP/IP and ICMP implementations allow remote attackers to cause a denial of service (reset TCP connections) via spoofed ICMP error messages, aka the "blind connection-reset attack." NOTE: CVE-2004-0790, CVE-2004-0791, and CVE-2004-1060 have been SPLIT based on different attacks; CVE-2005-0065, CVE-2005-0066, CVE-2005-0067, and CVE-2005-0068 are related identifiers that are SPLIT based on the underlying vulnerability. While CVE normally SPLITs based on vulnerability, the attack-based identifiers exist due to the variety and number of affected implementations and solutions that address the attacks instead of the underlying vulnerabilities.Robert L. HollisDRAFTINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDTodd DolinskyINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDSushant Kumar SinghINTERIMACCEPTEDACCEPTEDHP-UX 11.11 Path MTU Discovery Attack VulnerabilityHP-UX 11Multiple TCP/IP and ICMP implementations, when using Path MTU (PMTU) discovery (PMTUD), allow remote attackers to cause a denial of service (network throughput reduction for TCP connections) via forged ICMP ("Fragmentation Needed and Don't Fragment was Set") packets with a low next-hop MTU value, aka the "Path MTU discovery attack." NOTE: CVE-2004-0790, CVE-2004-0791, and CVE-2004-1060 have been SPLIT based on different attacks; CVE-2005-0065, CVE-2005-0066, CVE-2005-0067, and CVE-2005-0068 are related identifiers that are SPLIT based on the underlying vulnerability. While CVE normally SPLITs based on vulnerability, the attack-based identifiers exist due to the variety and number of affected implementations and solutions that address the attacks instead of the underlying vulnerabilities.Robert L. HollisDRAFTINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDTodd DolinskyINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDSushant Kumar SinghINTERIMACCEPTEDACCEPTEDHP-UX 11.11 ICMP Source Quench Attack VulnerabilityHP-UX 11Multiple TCP/IP and ICMP implementations allow remote attackers to cause a denial of service (network throughput reduction for TCP connections) via a blind throughput-reduction attack using spoofed Source Quench packets, aka the "ICMP Source Quench attack." NOTE: CVE-2004-0790, CVE-2004-0791, and CVE-2004-1060 have been SPLIT based on different attacks; CVE-2005-0065, CVE-2005-0066, CVE-2005-0067, and CVE-2005-0068 are related identifiers that are SPLIT based on the underlying vulnerability. While CVE normally SPLITs based on vulnerability, the attack-based identifiers exist due to the variety and number of affected implementations and solutions that address the attacks instead of the underlying vulnerabilities.Robert L. HollisDRAFTINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDTodd DolinskyINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDSushant Kumar SinghINTERIMACCEPTEDACCEPTEDHP-UX 11.00 Path MTU Discovery Attack VulnerabilityHP-UX 11Multiple TCP/IP and ICMP implementations, when using Path MTU (PMTU) discovery (PMTUD), allow remote attackers to cause a denial of service (network throughput reduction for TCP connections) via forged ICMP ("Fragmentation Needed and Don't Fragment was Set") packets with a low next-hop MTU value, aka the "Path MTU discovery attack." NOTE: CVE-2004-0790, CVE-2004-0791, and CVE-2004-1060 have been SPLIT based on different attacks; CVE-2005-0065, CVE-2005-0066, CVE-2005-0067, and CVE-2005-0068 are related identifiers that are SPLIT based on the underlying vulnerability. While CVE normally SPLITs based on vulnerability, the attack-based identifiers exist due to the variety and number of affected implementations and solutions that address the attacks instead of the underlying vulnerabilities.Robert L. HollisDRAFTINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDTodd DolinskyINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDWU-FTPD "glob-*" Remote DoS Vulnerability (B.11.11)HP-UX 11ftpdThe wu_fnmatch function in wu_fnmatch.c in wu-ftpd 2.6.1 and 2.6.2 allows remote attackers to cause a denial of service (CPU exhaustion by recursion) via a glob pattern with a large number of * (wildcard) characters, as demonstrated using the dir command.Robert L. HollisDRAFTINTERIMACCEPTEDTodd DolinskyINTERIMACCEPTEDACCEPTEDHP-UX 11.00 Blind Connection Reset Attack VulnerabilityHP-UX 11Multiple TCP/IP and ICMP implementations allow remote attackers to cause a denial of service (reset TCP connections) via spoofed ICMP error messages, aka the "blind connection-reset attack." NOTE: CVE-2004-0790, CVE-2004-0791, and CVE-2004-1060 have been SPLIT based on different attacks; CVE-2005-0065, CVE-2005-0066, CVE-2005-0067, and CVE-2005-0068 are related identifiers that are SPLIT based on the underlying vulnerability. While CVE normally SPLITs based on vulnerability, the attack-based identifiers exist due to the variety and number of affected implementations and solutions that address the attacks instead of the underlying vulnerabilities.Robert L. HollisDRAFTINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDTodd DolinskyINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDWebproxy Off-by-One Error in mod_ssl CRLHP-UX 11ApacheOff-by-one error in the mod_ssl Certificate Revocation List (CRL) verification callback in Apache, when configured to use a CRL, allows remote attackers to cause a denial of service (child process crash) via a CRL that causes a buffer overflow of one null byte.Robert L. HollisDRAFTINTERIMACCEPTEDTodd DolinskyINTERIMACCEPTEDACCEPTEDWebproxy CGI Byterange Request DoSHP-UX 11ApacheThe byte-range filter in Apache 2.0 before 2.0.54 allows remote attackers to cause a denial of service (memory consumption) via an HTTP header with a large Range field.Robert L. HollisDRAFTINTERIMACCEPTEDTodd DolinskyINTERIMACCEPTEDACCEPTEDVirusVault Off-by-One Error in mod_ssl CRLHP-UX 11ApacheOff-by-one error in the mod_ssl Certificate Revocation List (CRL) verification callback in Apache, when configured to use a CRL, allows remote attackers to cause a denial of service (child process crash) via a CRL that causes a buffer overflow of one null byte.Robert L. HollisDRAFTINTERIMACCEPTEDTodd DolinskyINTERIMACCEPTEDACCEPTEDVirusVault Integer Overflow in pcre_compileHP-UX 11ApacheInteger overflow in pcre_compile.c in Perl Compatible Regular Expressions (PCRE) before 6.2, as used in multiple products such as Python, Ethereal, and PHP, allows attackers to execute arbitrary code via quantifier values in regular expressions, which leads to a heap-based buffer overflow.Robert L. HollisDRAFTINTERIMACCEPTEDTodd DolinskyINTERIMACCEPTEDACCEPTEDHP-UX wuftpd Privilege Escalation Vulnerability (B.11.00)HP-UX 11ftpdwu-ftpd 2.6.2 and earlier, with the restricted-gid option enabled, allows local users to bypass access restrictions by changing the permissions to prevent access to their home directory, which causes wu-ftpd to use the root directory instead.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDWebproxy HTTP Request SmugglingHP-UX 11ApacheThe Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."Robert L. HollisDRAFTINTERIMACCEPTEDTodd DolinskyINTERIMACCEPTEDACCEPTEDHP-UX PMTUD Remote DoS (B.11.11)HP-UX 11Unknown vulnerability in HP-UX B.11.00, B.11.04, B.11.11, B.11.22, and B.11.23, when running TCP/IP on IPv4, allows remote attackers to cause a denial of service via certain packets, related to the PMTU, a different vulnerability than CVE-2004-1060.Robert L. HollisDRAFTINTERIMACCEPTEDTodd DolinskyINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDHP-UX Shared Library Privilege Escalation Vulnerability (B.11.00)HP-UX 11Unspecified vulnerability in HP HP-UX B.11.00, B.11.04, and B.11.11 allows local users to gain privileges via unknown attack vectors.Robert L. HollisDRAFTINTERIMACCEPTEDTodd DolinskyINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDLeaking GSSAPI Credentials Vulnerability (B.11.00/B.11.11)HP-UX 11SecureShellsshd in OpenSSH before 4.2, when GSSAPIDelegateCredentials is enabled, allows GSSAPI credentials to be delegated to clients who log in using non-GSSAPI methods, which could cause those credentials to be exposed to untrusted users or hosts.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDHP-UX PMTUD Remote DoS (B.11.22)HP-UX 11Unknown vulnerability in HP-UX B.11.00, B.11.04, B.11.11, B.11.22, and B.11.23, when running TCP/IP on IPv4, allows remote attackers to cause a denial of service via certain packets, related to the PMTU, a different vulnerability than CVE-2004-1060.Robert L. HollisDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDzlib Compression Remote DoS Vulnerability (B.11.00/B.11.11)HP-UX 11SecureShellzlib 1.2 and later versions allows remote attackers to cause a denial of service (crash) via a crafted compressed stream with an incomplete code description of a length greater than 1, which leads to a buffer overflow, as demonstrated using a crafted PNG file.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDHP-UX PMTUD Remote DoS (B.11.11-IPSEC)HP-UX 11Unknown vulnerability in HP-UX B.11.00, B.11.04, B.11.11, B.11.22, and B.11.23, when running TCP/IP on IPv4, allows remote attackers to cause a denial of service via certain packets, related to the PMTU, a different vulnerability than CVE-2004-1060.Robert L. HollisDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDVirusVault HTTP Request SmugglingHP-UX 11ApacheThe Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."Robert L. HollisDRAFTINTERIMACCEPTEDTodd DolinskyINTERIMACCEPTEDACCEPTEDWebproxy Integer Overflow in pcre_compileHP-UX 11ApacheInteger overflow in pcre_compile.c in Perl Compatible Regular Expressions (PCRE) before 6.2, as used in multiple products such as Python, Ethereal, and PHP, allows attackers to execute arbitrary code via quantifier values in regular expressions, which leads to a heap-based buffer overflow.Robert L. HollisDRAFTINTERIMACCEPTEDTodd DolinskyINTERIMACCEPTEDACCEPTEDHP-UX xterm Privilege Escalation Vulnerability (B.11.11)HP-UX 11Unspecified vulnerability in xterm for HP-UX 11.00, 11.11, and 11.23 allows local users to gain privileges via unknown vectors.Robert L. HollisDRAFTMatthew WojcikINTERIMACCEPTEDTodd DolinskyINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDHP-Samba DACL Remote Integer Overflow Vulnerability (CIFS A.01)HP-UX 11SambaInteger overflow in the Samba daemon (smbd) in Samba 2.x and 3.0.x through 3.0.9 allows remote authenticated users to cause a denial of service (application crash) and possibly execute arbitrary code via a Samba request with a large number of security descriptors that triggers a heap-based buffer overflow.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDHP-UX Shared Library Privilege Escalation Vulnerability (B.11.11)HP-UX 11Unspecified vulnerability in HP HP-UX B.11.00, B.11.04, and B.11.11 allows local users to gain privileges via unknown attack vectors.Robert L. HollisDRAFTINTERIMACCEPTEDTodd DolinskyINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDHP-UX PMTUD Remote DoS (B.11.23-IPSEC)HP-UX 11Unknown vulnerability in HP-UX B.11.00, B.11.04, B.11.11, B.11.22, and B.11.23, when running TCP/IP on IPv4, allows remote attackers to cause a denial of service via certain packets, related to the PMTU, a different vulnerability than CVE-2004-1060.Robert L. HollisDRAFTINTERIMACCEPTEDTodd DolinskyINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDApache mod_ssl CRL off-by-one DoSHP-UX 11ApacheOff-by-one error in the mod_ssl Certificate Revocation List (CRL) verification callback in Apache, when configured to use a CRL, allows remote attackers to cause a denial of service (child process crash) via a CRL that causes a buffer overflow of one null byte.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDLeaking GSSAPI Credentials Vulnerability (B.11.23)HP-UX 11SecureShellsshd in OpenSSH before 4.2, when GSSAPIDelegateCredentials is enabled, allows GSSAPI credentials to be delegated to clients who log in using non-GSSAPI methods, which could cause those credentials to be exposed to untrusted users or hosts.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDWU-FTPD "glob-*" Remote DoS Vulnerability (B.11.00)HP-UX 11ftpdThe wu_fnmatch function in wu_fnmatch.c in wu-ftpd 2.6.1 and 2.6.2 allows remote attackers to cause a denial of service (CPU exhaustion by recursion) via a glob pattern with a large number of * (wildcard) characters, as demonstrated using the dir command.Robert L. HollisDRAFTINTERIMACCEPTEDTodd DolinskyINTERIMACCEPTEDACCEPTEDMozilla IDN heap overrun using soft-hyphensHP-UX 11mozillaBuffer overflow in the International Domain Name (IDN) support in Mozilla Firefox 1.0.6 and earlier, and Netscape 8.0.3.3 and 7.2, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a hostname with all "soft" hyphens (character 0xAD), which is not properly handled by the NormalizeIDN call in nsStandardURL::BuildNormalizedSpec.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDWU-FTPD "glob-*" Remote DoS Vulnerability (B.11.23)HP-UX 11ftpdThe wu_fnmatch function in wu_fnmatch.c in wu-ftpd 2.6.1 and 2.6.2 allows remote attackers to cause a denial of service (CPU exhaustion by recursion) via a glob pattern with a large number of * (wildcard) characters, as demonstrated using the dir command.Robert L. HollisDRAFTINTERIMACCEPTEDTodd DolinskyINTERIMACCEPTEDACCEPTEDzlib Compression Remote DoS Vulnerability (B.11.23)HP-UX 11SecureShellzlib 1.2 and later versions allows remote attackers to cause a denial of service (crash) via a crafted compressed stream with an incomplete code description of a length greater than 1, which leads to a buffer overflow, as demonstrated using a crafted PNG file.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDVirusVault CGI Byterange Request DoSHP-UX 11ApacheThe byte-range filter in Apache 2.0 before 2.0.54 allows remote attackers to cause a denial of service (memory consumption) via an HTTP header with a large Range field.Robert L. HollisDRAFTINTERIMACCEPTEDTodd DolinskyINTERIMACCEPTEDACCEPTEDHP-UX ftpd Remote Unauthorized Data Access (B.10.24)HP-UX 11ftpdThe FTP server in HP-UX 10.20, B.11.00, and B.11.11, allows remote attackers to list arbitrary directories as root by running the LIST command before logging in.Robert L. HollisDRAFTINTERIMACCEPTEDTodd DolinskyINTERIMACCEPTEDACCEPTEDHP-UX 11.11 Blind Connection Reset Attack VulnerabilityHP-UX 11Multiple TCP/IP and ICMP implementations allow remote attackers to cause a denial of service (reset TCP connections) via spoofed ICMP error messages, aka the "blind connection-reset attack." NOTE: CVE-2004-0790, CVE-2004-0791, and CVE-2004-1060 have been SPLIT based on different attacks; CVE-2005-0065, CVE-2005-0066, CVE-2005-0067, and CVE-2005-0068 are related identifiers that are SPLIT based on the underlying vulnerability. While CVE normally SPLITs based on vulnerability, the attack-based identifiers exist due to the variety and number of affected implementations and solutions that address the attacks instead of the underlying vulnerabilities.Robert L. HollisDRAFTINTERIMACCEPTEDNabil OuchnINTERIMMatthew WojcikACCEPTEDTodd DolinskyINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDSushant Kumar SinghINTERIMACCEPTEDACCEPTEDHP-UX wuftpd Privilege Escalation Vulnerability (B.11.11)HP-UX 11ftpdwu-ftpd 2.6.2 and earlier, with the restricted-gid option enabled, allows local users to bypass access restrictions by changing the permissions to prevent access to their home directory, which causes wu-ftpd to use the root directory instead.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDHP-UX 11.04 ICMP Source Quench Attack VulnerabilityHP-UX 11Multiple TCP/IP and ICMP implementations allow remote attackers to cause a denial of service (network throughput reduction for TCP connections) via a blind throughput-reduction attack using spoofed Source Quench packets, aka the "ICMP Source Quench attack." NOTE: CVE-2004-0790, CVE-2004-0791, and CVE-2004-1060 have been SPLIT based on different attacks; CVE-2005-0065, CVE-2005-0066, CVE-2005-0067, and CVE-2005-0068 are related identifiers that are SPLIT based on the underlying vulnerability. While CVE normally SPLITs based on vulnerability, the attack-based identifiers exist due to the variety and number of affected implementations and solutions that address the attacks instead of the underlying vulnerabilities.Robert L. HollisDRAFTINTERIMACCEPTEDNabil OuchnINTERIMMatthew WojcikACCEPTEDTodd DolinskyINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDusermod Recursive Ownership Error (B.11.23)HP-UX 11Unspecified vulnerability in usermod in HP-UX B.11.00, B.11.11, and B.11.23, when run with certain options that involve a new home directory, might cause usermod to change the ownership of all directories and files under the new directory, which might result in less secure permissions than intended.Robert L. HollisDRAFTINTERIMACCEPTEDNabil OuchnINTERIMACCEPTEDACCEPTEDWUFTP-26.INETSVCS-FTPTOUR_PRODUCT.T-NET2-KRNWUFTP-26.INETSVCS-FTPPHNE_32606PHNE_34544WUFTP-26.INETSVCS-FTPPHNE_33395PHNE_33159PHCO_29249Networking.NET2-KRNSecure_Shell.SECURE_SHELLHP_Webproxy.HPWEB-PX-COREPHSS_34163PHSS_34102CIFS-Server.CIFS-RUNCIFS-Server.CIFS-UTILCIFS-Server.CIFS-ADMINCIFS-Server.CIFS-LIBPHCO_30402IPSec.IPSEC2-KRNIPSec.IPSEC2-KRNTOUR_PRODUCT.T-NET2-KRNPHNE_32606hpuxwsAPACHEhpuxwsAPACHEInternetSrvcs.INETSVCS-RUNPHNE_34543WUFTP-26.INETSVCS-FTPMozilla.MOZ-COMMozilla.MOZ-COMPHNE_34306Secure_Shell.SECURE_SHELLSecure_Shell.SECURE_SHELLVaultWS.WS-COREPHSS_34123PHNE_24395PHNE_33159WUFTP-26.INETSVCS-FTPPHNE_33427B\.11\.11\.(00.*|01\.00[0-5])A\.0[12]\..*B\.11\.00\.(00.*|01\.00[0-4])B.11.23B\.11\.11\.(00.*|01\.00[0-7])B.11.00A(\.0[0-3]\..*|\.04\.[0-1].*|\.04\.20\.00[0-3])A\.01\.(0.*|10.*|11[^\.]|11\.0[0-3])A\.01\.(0.*|10.*|11[^\.]|11\.0[0-3])A\.01\.(0.*|10.*|11[^\.]|11\.0[0-3])A\.01\.(0.*|10.*|11[^\.]|11\.0[0-3])A\.([01].*|2\.00\.00)A\.0[12]\..*(((A|B)\.2\.0\.55\.\d+)|((A|B)\.[3-9]\..*)|((A|B)\.[1-9]\d+\..*)|((A|B)\.2\.[1-9]\d*\..*)|((A|B)\.2\.\d+\.[6-9]\d+\..*)|((A|B)\.2\.\d+\.5[6-9]\d*\..*)|((A|B)\.2\.\d+\.\d{3,}\..*))B\.11\.11\.(00.*|01\.00[0-5])B.11.00B.11.22((1\.7\.12\..*)|(1\.(([8-9])|(\d{2,}))\..*)|(1\.7\.((1[3-9])|([2-9]\d+))\..*))A(\.0[0-3]\..*|\.04\.[0-1].*|\.04\.20\.00[0-4])B.11.04B.10.24B.11.11B.11.11B\.11\.00\.(00.*|01\.00[0-3])\d+/8\d+\d+/7\d+B.11.04\d+/7\d+\d+/8\d+B.11.23