Jon Oberheide

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 2.6.31-rc6 **Description** The issue allows remote attackers to cause a denial of service (crash) via a sequence of beacon frames. This is achieved by sending one frame that omits an SSID Information Element (IE) and a subsequent frame that contains an SSID IE, which triggers a NULL pointer dereference in the `cmp ies` function. **Recommendations** For Linux kernel versions prior to 2.6.31-rc6, update to version 2.6.31-rc6 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** OpenSSL versions prior to 0.9.8i **Description** The issue allows remote attackers to cause a denial of service, resulting in a NULL pointer dereference and daemon crash. This can be achieved via a DTLS ChangeCipherSpec packet that occurs before the ClientHello packet. **Recommendations** For versions prior to 0.9.8i, update to version 0.9.8i or later to resolve the issue. As a temporary workaround, consider restricting DTLS connections to prevent the exploitation of this issue until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** OpenSSL versions 0.9.8k and earlier 0.9.8 versions **Description** The issue is related to multiple memory leaks in the dtls1 process out of seq message function in ssl/d1 both.c. Remote attackers can cause a denial of service (memory consumption) via DTLS records that are duplicates or have sequence numbers much greater than current sequence numbers. **Recommendations** For OpenSSL versions 0.9.8k and earlier 0.9.8 versions, update to a version later than 0.9.8k to resolve the issue. As a temporary workaround, consider restricting the handling of DTLS records to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Quagga versions 0.99.11 and earlier Description: The issue allows remote attackers to cause a denial of service, resulting in a crash, by sending an AS path with ASN elements whose string representation exceeds the expected length, triggering an assert error. Recommendations: For Quagga versions 0.99.11 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Avahi versions prior to 0.6.24 **Description** The issue allows remote attackers to cause a denial of service, potentially disrupting the availability of protected information. This can be achieved by sending a crafted mDNS packet with a source port of 0, which triggers an assertion failure in the `originates from local legacy unicast socket` function. The estimated number of potentially affected devices worldwide is not specified. **Recommendations** For Avahi versions prior to 0.6.24, update to version 0.6.24 or later to resolve the issue. As a temporary workaround, consider restricting access to the `originates from local legacy unicast socket` function in the avahi-daemon to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** CUPS version 1.3.8 **Description** The issue allows local users to overwrite arbitrary files via a symlink attack on the /tmp/pstopdf.log temporary file. **Recommendations** For CUPS version 1.3.8, consider updating to a newer version that addresses this issue, as no specific workaround is provided for this version.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 1.5.0.7 Thunderbird versions prior to 1.5.0.7 **Description** The issue makes it easy for users to accept self-signed certificates for the auto-update mechanism. This might allow remote user-assisted attackers to use DNS spoofing to trick users into visiting a malicious site and accepting a malicious certificate for the Mozilla update site. The malicious certificate can then be used to install arbitrary code on the next update. **Recommendations** For Mozilla Firefox versions prior to 1.5.0.7, update to version 1.5.0.7 or later to resolve the issue. For Thunderbird versions prior to 1.5.0.7, update to version 1.5.0.7 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Phorum versions prior to 5.0.14a **Description** The issue allows remote attackers to inject arbitrary web script or HTML via the filename of an attached file, which can lead to cross-site scripting (XSS) attacks. **Recommendations** For versions prior to 5.0.14a, update to version 5.0.14a or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Phorum versions prior to 5.0.15 **Description** The issue allows remote attackers to inject arbitrary web script or HTML. This can be achieved via the subject line to `follow.php` or the subject line in the user's personal control panel. **Recommendations** For versions prior to 5.0.15, update to version 5.0.15 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** udev versions prior to 1.4.1 libudev0-128 libudev-devel-128 libvolume-id0 libvolume id-095-14.20.el5 3 libvolume id-devel-095 libvolume id1-128 libvolume-id-dev udev-095 udev-128 udev-debuginfo-128 udev-debuginfo-085 udev-debugsource-128 udev-udeb **Description** The issue concerns multiple vulnerabilities in the udev package and related libraries, which can lead to disruption of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited locally, allowing local users to gain privileges by sending a NETLINK message from user space. The estimated number of potentially affected devices worldwide is not specified. **Recommendations** For udev versions prior to 1.4.1, update to version 1.4.1 or later. For libudev0-128, libudev-devel-128, libvolume-id0, libvolume id-095-14.20.el5 3, libvolume id-devel-095, libvolume id1-128, libvolume-id-dev, udev-095, udev-128, udev-debuginfo-128, udev-debuginfo-085, udev-debugsource-128, and udev-udeb, at the moment, there is no information about a newer version that contains a fix for this vulnerability.