Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2003-0774 (GCVE-0-2003-0774)
Vulnerability from cvelistv5
Published
2003-09-12 04:00
Modified
2024-08-08 02:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
saned in sane-backends 1.0.7 and earlier does not quickly handle connection drops, which allows remote attackers to cause a denial of service (segmentation fault) when invalid memory is accessed.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:05:12.545Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2003:278",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-278.html"
},
{
"name": "CSSA-2004-005.0",
"tags": [
"vendor-advisory",
"x_refsource_SCO",
"x_transferred"
],
"url": "ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2004-005.0/CSSA-2004-005.0.txt"
},
{
"name": "SuSE-SA:2003:046",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2003_046_sane.html"
},
{
"name": "RHSA-2003:285",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-285.html"
},
{
"name": "8593",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/8593"
},
{
"name": "DSA-379",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2003/dsa-379"
},
{
"name": "MDKSA-2003:099",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:099"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-09-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "saned in sane-backends 1.0.7 and earlier does not quickly handle connection drops, which allows remote attackers to cause a denial of service (segmentation fault) when invalid memory is accessed."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2003-10-09T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "RHSA-2003:278",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-278.html"
},
{
"name": "CSSA-2004-005.0",
"tags": [
"vendor-advisory",
"x_refsource_SCO"
],
"url": "ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2004-005.0/CSSA-2004-005.0.txt"
},
{
"name": "SuSE-SA:2003:046",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2003_046_sane.html"
},
{
"name": "RHSA-2003:285",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-285.html"
},
{
"name": "8593",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/8593"
},
{
"name": "DSA-379",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2003/dsa-379"
},
{
"name": "MDKSA-2003:099",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:099"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0774",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "saned in sane-backends 1.0.7 and earlier does not quickly handle connection drops, which allows remote attackers to cause a denial of service (segmentation fault) when invalid memory is accessed."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2003:278",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-278.html"
},
{
"name": "CSSA-2004-005.0",
"refsource": "SCO",
"url": "ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2004-005.0/CSSA-2004-005.0.txt"
},
{
"name": "SuSE-SA:2003:046",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2003_046_sane.html"
},
{
"name": "RHSA-2003:285",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-285.html"
},
{
"name": "8593",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/8593"
},
{
"name": "DSA-379",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2003/dsa-379"
},
{
"name": "MDKSA-2003:099",
"refsource": "MANDRAKE",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:099"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-0774",
"datePublished": "2003-09-12T04:00:00",
"dateReserved": "2003-09-10T00:00:00",
"dateUpdated": "2024-08-08T02:05:12.545Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2003-0774\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2003-09-22T04:00:00.000\",\"lastModified\":\"2025-04-03T01:03:51.193\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"saned in sane-backends 1.0.7 and earlier does not quickly handle connection drops, which allows remote attackers to cause a denial of service (segmentation fault) when invalid memory is accessed.\"},{\"lang\":\"es\",\"value\":\"saned en sane-backends 1.07 u anteriores no maneja con rapidez caidas de conexiones, lo que permite a atacantes remotos causar una denegaci\u00f3n de servicio (fallo de segmentaci\u00f3n) cuando se accede memoria no v\u00e1lida.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":true,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sane:sane:1.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"49B2EFC6-08BE-45A6-81A9-1592C18FC41E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sane:sane:1.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C653F5D7-8F19-4EA6-A3E1-CBE493D45E86\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sane:sane:1.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"67D729AD-29EB-4352-811C-CF4BE2A78699\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sane:sane:1.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5081C505-7F02-450F-AFC0-75BBF21C0BED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sane:sane:1.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"75940BFB-561E-4F68-9301-BB4ACC667E08\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sane:sane:1.0.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F6688485-2120-4660-B9C2-3DFA1BE970AD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sane:sane:1.0.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4A638B1D-4542-4195-990C-43F451B4A6BA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sane:sane:1.0.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F806EB9D-A188-4580-B01E-3EFC5791A771\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sane:sane:1.0.7_beta1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8AB22C87-F2E6-493F-AE53-B9549A786372\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sane:sane:1.0.7_beta2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EB0E5793-44DB-48F4-B07C-740E45F87A0D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sane:sane:1.0.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FFE0F785-1D8C-4B58-B437-EA5E71645A04\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sane:sane:1.0.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4D360EAE-7D1D-463F-B9F2-CC1C8D0A2819\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sane:sane-backend:1.0.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1E7DF79C-DB91-4625-8F47-E18E828D5F81\"}]}]}],\"references\":[{\"url\":\"ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2004-005.0/CSSA-2004-005.0.txt\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.debian.org/security/2003/dsa-379\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDKSA-2003:099\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.novell.com/linux/security/advisories/2003_046_sane.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2003-278.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2003-285.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/8593\",\"source\":\"cve@mitre.org\"},{\"url\":\"ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2004-005.0/CSSA-2004-005.0.txt\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.debian.org/security/2003/dsa-379\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDKSA-2003:099\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.novell.com/linux/security/advisories/2003_046_sane.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2003-278.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2003-285.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/8593\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
rhsa-2003_278
Vulnerability from csaf_redhat
Published
2003-10-07 19:10
Modified
2024-11-21 22:51
Summary
Red Hat Security Advisory: : Updated SANE packages fix remote vulnerabilities
Notes
Topic
Updated SANE packages that resolve a number of vulnerabilities with the
saned daemon are now available.
Details
SANE is a package for using document scanners.
Sane includes a daemon program (called saned) that enables a single machine
connected to a scanner to be used remotely. This program contains several
vulnerabilities.
NOTE: Although the SANE packages include this program, it is not used by
default under Red Hat Linux.
The IP address of the remote host is only checked after the first
communication occurs, causing saned.conf restrictions to be ineffective for
the first communication. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2003-0773 to this issue.
A connection that is dropped early causes one of several problems. The
Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned
the names CAN-2003-0774, CAN-2003-0775, and CAN-2003-0777 to these issues.
Lack of error checking can cause various other unfavorable consequences.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the names CAN-2003-0776 and CAN-2003-0778 to these issues.
Additionally, the updated packages for Red Hat Linux 8.0 include a fix for
a bug that could cause hardware damage to Epson 1260 scanners. Releases
prior to Red Hat Linux 8.0 are unaffected by this issue. Red Hat Linux 9
is affected by this, but will be covered by a separate advisory.
Users of SANE (particularly those that use saned for remote scanner access)
should upgrade to these errata packages, which resolve these issues.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated SANE packages that resolve a number of vulnerabilities with the\nsaned daemon are now available.",
"title": "Topic"
},
{
"category": "general",
"text": "SANE is a package for using document scanners.\n\nSane includes a daemon program (called saned) that enables a single machine\nconnected to a scanner to be used remotely. This program contains several\nvulnerabilities.\n\nNOTE: Although the SANE packages include this program, it is not used by\ndefault under Red Hat Linux.\n\nThe IP address of the remote host is only checked after the first\ncommunication occurs, causing saned.conf restrictions to be ineffective for\nthe first communication. The Common Vulnerabilities and Exposures project\n(cve.mitre.org) has assigned the name CAN-2003-0773 to this issue.\n\nA connection that is dropped early causes one of several problems. The\nCommon Vulnerabilities and Exposures project (cve.mitre.org) has assigned\nthe names CAN-2003-0774, CAN-2003-0775, and CAN-2003-0777 to these issues.\n\nLack of error checking can cause various other unfavorable consequences. \nThe Common Vulnerabilities and Exposures project (cve.mitre.org) has\nassigned the names CAN-2003-0776 and CAN-2003-0778 to these issues.\n\nAdditionally, the updated packages for Red Hat Linux 8.0 include a fix for\na bug that could cause hardware damage to Epson 1260 scanners. Releases\nprior to Red Hat Linux 8.0 are unaffected by this issue. Red Hat Linux 9\nis affected by this, but will be covered by a separate advisory.\n\nUsers of SANE (particularly those that use saned for remote scanner access)\nshould upgrade to these errata packages, which resolve these issues.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2003:278",
"url": "https://access.redhat.com/errata/RHSA-2003:278"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2003/rhsa-2003_278.json"
}
],
"title": "Red Hat Security Advisory: : Updated SANE packages fix remote vulnerabilities",
"tracking": {
"current_release_date": "2024-11-21T22:51:03+00:00",
"generator": {
"date": "2024-11-21T22:51:03+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2003:278",
"initial_release_date": "2003-10-07T19:10:00+00:00",
"revision_history": [
{
"date": "2003-10-07T19:10:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2003-10-07T00:00:00+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-21T22:51:03+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Linux 7.1",
"product": {
"name": "Red Hat Linux 7.1",
"product_id": "Red Hat Linux 7.1",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:linux:7.1"
}
}
},
{
"category": "product_name",
"name": "Red Hat Linux 7.2",
"product": {
"name": "Red Hat Linux 7.2",
"product_id": "Red Hat Linux 7.2",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:linux:7.2"
}
}
},
{
"category": "product_name",
"name": "Red Hat Linux 7.3",
"product": {
"name": "Red Hat Linux 7.3",
"product_id": "Red Hat Linux 7.3",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:linux:7.3"
}
}
},
{
"category": "product_name",
"name": "Red Hat Linux 8.0",
"product": {
"name": "Red Hat Linux 8.0",
"product_id": "Red Hat Linux 8.0",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:linux:8.0"
}
}
}
],
"category": "product_family",
"name": "Red Hat Linux"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2003-0773",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1617078"
}
],
"notes": [
{
"category": "description",
"text": "saned in sane-backends 1.0.7 and earlier does not check the IP address of the connecting host during the SANE_NET_INIT RPC call, which allows remote attackers to use that call even if they are restricted in saned.conf.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"Red Hat Linux 7.1",
"Red Hat Linux 7.2",
"Red Hat Linux 7.3",
"Red Hat Linux 8.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2003-0773"
},
{
"category": "external",
"summary": "RHBZ#1617078",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617078"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2003-0773",
"url": "https://www.cve.org/CVERecord?id=CVE-2003-0773"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2003-0773",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2003-0773"
}
],
"release_date": "2003-02-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2003-10-07T19:10:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade. Only those\nRPMs which are currently installed will be updated. Those RPMs which are\nnot installed but included in the list will not be updated. Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains the\ndesired RPMs.\n\nPlease note that this update is also available via Red Hat Network. Many\npeople find this an easier way to apply updates. To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.\n\nIf up2date fails to connect to Red Hat Network due to SSL Certificate \nErrors, you need to install a version of the up2date client with an updated \ncertificate. The latest version of up2date is available from the Red Hat \nFTP site and may also be downloaded directly from the RHN website:\n\nhttps://rhn.redhat.com/help/latest-up2date.pxt",
"product_ids": [
"Red Hat Linux 7.1",
"Red Hat Linux 7.2",
"Red Hat Linux 7.3",
"Red Hat Linux 8.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2003:278"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "security flaw"
},
{
"cve": "CVE-2003-0774",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1617079"
}
],
"notes": [
{
"category": "description",
"text": "saned in sane-backends 1.0.7 and earlier does not quickly handle connection drops, which allows remote attackers to cause a denial of service (segmentation fault) when invalid memory is accessed.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"Red Hat Linux 7.1",
"Red Hat Linux 7.2",
"Red Hat Linux 7.3",
"Red Hat Linux 8.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2003-0774"
},
{
"category": "external",
"summary": "RHBZ#1617079",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617079"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2003-0774",
"url": "https://www.cve.org/CVERecord?id=CVE-2003-0774"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2003-0774",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2003-0774"
}
],
"release_date": "2003-02-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2003-10-07T19:10:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade. Only those\nRPMs which are currently installed will be updated. Those RPMs which are\nnot installed but included in the list will not be updated. Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains the\ndesired RPMs.\n\nPlease note that this update is also available via Red Hat Network. Many\npeople find this an easier way to apply updates. To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.\n\nIf up2date fails to connect to Red Hat Network due to SSL Certificate \nErrors, you need to install a version of the up2date client with an updated \ncertificate. The latest version of up2date is available from the Red Hat \nFTP site and may also be downloaded directly from the RHN website:\n\nhttps://rhn.redhat.com/help/latest-up2date.pxt",
"product_ids": [
"Red Hat Linux 7.1",
"Red Hat Linux 7.2",
"Red Hat Linux 7.3",
"Red Hat Linux 8.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2003:278"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "security flaw"
},
{
"cve": "CVE-2003-0775",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1617080"
}
],
"notes": [
{
"category": "description",
"text": "saned in sane-backends 1.0.7 and earlier calls malloc with an arbitrary size value if a connection is dropped before the size value has been sent, which allows remote attackers to cause a denial of service (memory consumption or crash).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"Red Hat Linux 7.1",
"Red Hat Linux 7.2",
"Red Hat Linux 7.3",
"Red Hat Linux 8.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2003-0775"
},
{
"category": "external",
"summary": "RHBZ#1617080",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617080"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2003-0775",
"url": "https://www.cve.org/CVERecord?id=CVE-2003-0775"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2003-0775",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2003-0775"
}
],
"release_date": "2003-02-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2003-10-07T19:10:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade. Only those\nRPMs which are currently installed will be updated. Those RPMs which are\nnot installed but included in the list will not be updated. Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains the\ndesired RPMs.\n\nPlease note that this update is also available via Red Hat Network. Many\npeople find this an easier way to apply updates. To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.\n\nIf up2date fails to connect to Red Hat Network due to SSL Certificate \nErrors, you need to install a version of the up2date client with an updated \ncertificate. The latest version of up2date is available from the Red Hat \nFTP site and may also be downloaded directly from the RHN website:\n\nhttps://rhn.redhat.com/help/latest-up2date.pxt",
"product_ids": [
"Red Hat Linux 7.1",
"Red Hat Linux 7.2",
"Red Hat Linux 7.3",
"Red Hat Linux 8.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2003:278"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "security flaw"
},
{
"cve": "CVE-2003-0776",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1617081"
}
],
"notes": [
{
"category": "description",
"text": "saned in sane-backends 1.0.7 and earlier does not properly \"check the validity of the RPC numbers it gets before getting the parameters,\" with unknown consequences.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"Red Hat Linux 7.1",
"Red Hat Linux 7.2",
"Red Hat Linux 7.3",
"Red Hat Linux 8.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2003-0776"
},
{
"category": "external",
"summary": "RHBZ#1617081",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617081"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2003-0776",
"url": "https://www.cve.org/CVERecord?id=CVE-2003-0776"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2003-0776",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2003-0776"
}
],
"release_date": "2003-02-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2003-10-07T19:10:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade. Only those\nRPMs which are currently installed will be updated. Those RPMs which are\nnot installed but included in the list will not be updated. Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains the\ndesired RPMs.\n\nPlease note that this update is also available via Red Hat Network. Many\npeople find this an easier way to apply updates. To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.\n\nIf up2date fails to connect to Red Hat Network due to SSL Certificate \nErrors, you need to install a version of the up2date client with an updated \ncertificate. The latest version of up2date is available from the Red Hat \nFTP site and may also be downloaded directly from the RHN website:\n\nhttps://rhn.redhat.com/help/latest-up2date.pxt",
"product_ids": [
"Red Hat Linux 7.1",
"Red Hat Linux 7.2",
"Red Hat Linux 7.3",
"Red Hat Linux 8.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2003:278"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "security flaw"
},
{
"cve": "CVE-2003-0777",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1617082"
}
],
"notes": [
{
"category": "description",
"text": "saned in sane-backends 1.0.7 and earlier, when debug messages are enabled, does not properly handle dropped connections, which can prevent strings from being null terminated and cause a denial of service (segmentation fault).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"Red Hat Linux 7.1",
"Red Hat Linux 7.2",
"Red Hat Linux 7.3",
"Red Hat Linux 8.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2003-0777"
},
{
"category": "external",
"summary": "RHBZ#1617082",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617082"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2003-0777",
"url": "https://www.cve.org/CVERecord?id=CVE-2003-0777"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2003-0777",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2003-0777"
}
],
"release_date": "2003-02-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2003-10-07T19:10:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade. Only those\nRPMs which are currently installed will be updated. Those RPMs which are\nnot installed but included in the list will not be updated. Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains the\ndesired RPMs.\n\nPlease note that this update is also available via Red Hat Network. Many\npeople find this an easier way to apply updates. To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.\n\nIf up2date fails to connect to Red Hat Network due to SSL Certificate \nErrors, you need to install a version of the up2date client with an updated \ncertificate. The latest version of up2date is available from the Red Hat \nFTP site and may also be downloaded directly from the RHN website:\n\nhttps://rhn.redhat.com/help/latest-up2date.pxt",
"product_ids": [
"Red Hat Linux 7.1",
"Red Hat Linux 7.2",
"Red Hat Linux 7.3",
"Red Hat Linux 8.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2003:278"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "security flaw"
},
{
"cve": "CVE-2003-0778",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1617083"
}
],
"notes": [
{
"category": "description",
"text": "saned in sane-backends 1.0.7 and earlier, and possibly later versions, does not properly allocate memory in certain cases, which could allow attackers to cause a denial of service (memory consumption).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"Red Hat Linux 7.1",
"Red Hat Linux 7.2",
"Red Hat Linux 7.3",
"Red Hat Linux 8.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2003-0778"
},
{
"category": "external",
"summary": "RHBZ#1617083",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617083"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2003-0778",
"url": "https://www.cve.org/CVERecord?id=CVE-2003-0778"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2003-0778",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2003-0778"
}
],
"release_date": "2003-02-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2003-10-07T19:10:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade. Only those\nRPMs which are currently installed will be updated. Those RPMs which are\nnot installed but included in the list will not be updated. Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains the\ndesired RPMs.\n\nPlease note that this update is also available via Red Hat Network. Many\npeople find this an easier way to apply updates. To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.\n\nIf up2date fails to connect to Red Hat Network due to SSL Certificate \nErrors, you need to install a version of the up2date client with an updated \ncertificate. The latest version of up2date is available from the Red Hat \nFTP site and may also be downloaded directly from the RHN website:\n\nhttps://rhn.redhat.com/help/latest-up2date.pxt",
"product_ids": [
"Red Hat Linux 7.1",
"Red Hat Linux 7.2",
"Red Hat Linux 7.3",
"Red Hat Linux 8.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2003:278"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "security flaw"
}
]
}
RHSA-2003:278
Vulnerability from csaf_redhat
Published
2003-10-07 19:10
Modified
2025-11-21 17:26
Summary
Red Hat Security Advisory: : Updated SANE packages fix remote vulnerabilities
Notes
Topic
Updated SANE packages that resolve a number of vulnerabilities with the
saned daemon are now available.
Details
SANE is a package for using document scanners.
Sane includes a daemon program (called saned) that enables a single machine
connected to a scanner to be used remotely. This program contains several
vulnerabilities.
NOTE: Although the SANE packages include this program, it is not used by
default under Red Hat Linux.
The IP address of the remote host is only checked after the first
communication occurs, causing saned.conf restrictions to be ineffective for
the first communication. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2003-0773 to this issue.
A connection that is dropped early causes one of several problems. The
Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned
the names CAN-2003-0774, CAN-2003-0775, and CAN-2003-0777 to these issues.
Lack of error checking can cause various other unfavorable consequences.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the names CAN-2003-0776 and CAN-2003-0778 to these issues.
Additionally, the updated packages for Red Hat Linux 8.0 include a fix for
a bug that could cause hardware damage to Epson 1260 scanners. Releases
prior to Red Hat Linux 8.0 are unaffected by this issue. Red Hat Linux 9
is affected by this, but will be covered by a separate advisory.
Users of SANE (particularly those that use saned for remote scanner access)
should upgrade to these errata packages, which resolve these issues.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated SANE packages that resolve a number of vulnerabilities with the\nsaned daemon are now available.",
"title": "Topic"
},
{
"category": "general",
"text": "SANE is a package for using document scanners.\n\nSane includes a daemon program (called saned) that enables a single machine\nconnected to a scanner to be used remotely. This program contains several\nvulnerabilities.\n\nNOTE: Although the SANE packages include this program, it is not used by\ndefault under Red Hat Linux.\n\nThe IP address of the remote host is only checked after the first\ncommunication occurs, causing saned.conf restrictions to be ineffective for\nthe first communication. The Common Vulnerabilities and Exposures project\n(cve.mitre.org) has assigned the name CAN-2003-0773 to this issue.\n\nA connection that is dropped early causes one of several problems. The\nCommon Vulnerabilities and Exposures project (cve.mitre.org) has assigned\nthe names CAN-2003-0774, CAN-2003-0775, and CAN-2003-0777 to these issues.\n\nLack of error checking can cause various other unfavorable consequences. \nThe Common Vulnerabilities and Exposures project (cve.mitre.org) has\nassigned the names CAN-2003-0776 and CAN-2003-0778 to these issues.\n\nAdditionally, the updated packages for Red Hat Linux 8.0 include a fix for\na bug that could cause hardware damage to Epson 1260 scanners. Releases\nprior to Red Hat Linux 8.0 are unaffected by this issue. Red Hat Linux 9\nis affected by this, but will be covered by a separate advisory.\n\nUsers of SANE (particularly those that use saned for remote scanner access)\nshould upgrade to these errata packages, which resolve these issues.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2003:278",
"url": "https://access.redhat.com/errata/RHSA-2003:278"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2003/rhsa-2003_278.json"
}
],
"title": "Red Hat Security Advisory: : Updated SANE packages fix remote vulnerabilities",
"tracking": {
"current_release_date": "2025-11-21T17:26:29+00:00",
"generator": {
"date": "2025-11-21T17:26:29+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2003:278",
"initial_release_date": "2003-10-07T19:10:00+00:00",
"revision_history": [
{
"date": "2003-10-07T19:10:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2003-10-07T00:00:00+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T17:26:29+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Linux 7.1",
"product": {
"name": "Red Hat Linux 7.1",
"product_id": "Red Hat Linux 7.1",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:linux:7.1"
}
}
},
{
"category": "product_name",
"name": "Red Hat Linux 7.2",
"product": {
"name": "Red Hat Linux 7.2",
"product_id": "Red Hat Linux 7.2",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:linux:7.2"
}
}
},
{
"category": "product_name",
"name": "Red Hat Linux 7.3",
"product": {
"name": "Red Hat Linux 7.3",
"product_id": "Red Hat Linux 7.3",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:linux:7.3"
}
}
},
{
"category": "product_name",
"name": "Red Hat Linux 8.0",
"product": {
"name": "Red Hat Linux 8.0",
"product_id": "Red Hat Linux 8.0",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:linux:8.0"
}
}
}
],
"category": "product_family",
"name": "Red Hat Linux"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2003-0773",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1617078"
}
],
"notes": [
{
"category": "description",
"text": "saned in sane-backends 1.0.7 and earlier does not check the IP address of the connecting host during the SANE_NET_INIT RPC call, which allows remote attackers to use that call even if they are restricted in saned.conf.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"Red Hat Linux 7.1",
"Red Hat Linux 7.2",
"Red Hat Linux 7.3",
"Red Hat Linux 8.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2003-0773"
},
{
"category": "external",
"summary": "RHBZ#1617078",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617078"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2003-0773",
"url": "https://www.cve.org/CVERecord?id=CVE-2003-0773"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2003-0773",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2003-0773"
}
],
"release_date": "2003-02-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2003-10-07T19:10:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade. Only those\nRPMs which are currently installed will be updated. Those RPMs which are\nnot installed but included in the list will not be updated. Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains the\ndesired RPMs.\n\nPlease note that this update is also available via Red Hat Network. Many\npeople find this an easier way to apply updates. To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.\n\nIf up2date fails to connect to Red Hat Network due to SSL Certificate \nErrors, you need to install a version of the up2date client with an updated \ncertificate. The latest version of up2date is available from the Red Hat \nFTP site and may also be downloaded directly from the RHN website:\n\nhttps://rhn.redhat.com/help/latest-up2date.pxt",
"product_ids": [
"Red Hat Linux 7.1",
"Red Hat Linux 7.2",
"Red Hat Linux 7.3",
"Red Hat Linux 8.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2003:278"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "security flaw"
},
{
"cve": "CVE-2003-0774",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1617079"
}
],
"notes": [
{
"category": "description",
"text": "saned in sane-backends 1.0.7 and earlier does not quickly handle connection drops, which allows remote attackers to cause a denial of service (segmentation fault) when invalid memory is accessed.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"Red Hat Linux 7.1",
"Red Hat Linux 7.2",
"Red Hat Linux 7.3",
"Red Hat Linux 8.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2003-0774"
},
{
"category": "external",
"summary": "RHBZ#1617079",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617079"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2003-0774",
"url": "https://www.cve.org/CVERecord?id=CVE-2003-0774"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2003-0774",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2003-0774"
}
],
"release_date": "2003-02-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2003-10-07T19:10:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade. Only those\nRPMs which are currently installed will be updated. Those RPMs which are\nnot installed but included in the list will not be updated. Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains the\ndesired RPMs.\n\nPlease note that this update is also available via Red Hat Network. Many\npeople find this an easier way to apply updates. To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.\n\nIf up2date fails to connect to Red Hat Network due to SSL Certificate \nErrors, you need to install a version of the up2date client with an updated \ncertificate. The latest version of up2date is available from the Red Hat \nFTP site and may also be downloaded directly from the RHN website:\n\nhttps://rhn.redhat.com/help/latest-up2date.pxt",
"product_ids": [
"Red Hat Linux 7.1",
"Red Hat Linux 7.2",
"Red Hat Linux 7.3",
"Red Hat Linux 8.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2003:278"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "security flaw"
},
{
"cve": "CVE-2003-0775",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1617080"
}
],
"notes": [
{
"category": "description",
"text": "saned in sane-backends 1.0.7 and earlier calls malloc with an arbitrary size value if a connection is dropped before the size value has been sent, which allows remote attackers to cause a denial of service (memory consumption or crash).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"Red Hat Linux 7.1",
"Red Hat Linux 7.2",
"Red Hat Linux 7.3",
"Red Hat Linux 8.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2003-0775"
},
{
"category": "external",
"summary": "RHBZ#1617080",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617080"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2003-0775",
"url": "https://www.cve.org/CVERecord?id=CVE-2003-0775"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2003-0775",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2003-0775"
}
],
"release_date": "2003-02-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2003-10-07T19:10:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade. Only those\nRPMs which are currently installed will be updated. Those RPMs which are\nnot installed but included in the list will not be updated. Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains the\ndesired RPMs.\n\nPlease note that this update is also available via Red Hat Network. Many\npeople find this an easier way to apply updates. To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.\n\nIf up2date fails to connect to Red Hat Network due to SSL Certificate \nErrors, you need to install a version of the up2date client with an updated \ncertificate. The latest version of up2date is available from the Red Hat \nFTP site and may also be downloaded directly from the RHN website:\n\nhttps://rhn.redhat.com/help/latest-up2date.pxt",
"product_ids": [
"Red Hat Linux 7.1",
"Red Hat Linux 7.2",
"Red Hat Linux 7.3",
"Red Hat Linux 8.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2003:278"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "security flaw"
},
{
"cve": "CVE-2003-0776",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1617081"
}
],
"notes": [
{
"category": "description",
"text": "saned in sane-backends 1.0.7 and earlier does not properly \"check the validity of the RPC numbers it gets before getting the parameters,\" with unknown consequences.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"Red Hat Linux 7.1",
"Red Hat Linux 7.2",
"Red Hat Linux 7.3",
"Red Hat Linux 8.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2003-0776"
},
{
"category": "external",
"summary": "RHBZ#1617081",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617081"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2003-0776",
"url": "https://www.cve.org/CVERecord?id=CVE-2003-0776"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2003-0776",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2003-0776"
}
],
"release_date": "2003-02-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2003-10-07T19:10:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade. Only those\nRPMs which are currently installed will be updated. Those RPMs which are\nnot installed but included in the list will not be updated. Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains the\ndesired RPMs.\n\nPlease note that this update is also available via Red Hat Network. Many\npeople find this an easier way to apply updates. To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.\n\nIf up2date fails to connect to Red Hat Network due to SSL Certificate \nErrors, you need to install a version of the up2date client with an updated \ncertificate. The latest version of up2date is available from the Red Hat \nFTP site and may also be downloaded directly from the RHN website:\n\nhttps://rhn.redhat.com/help/latest-up2date.pxt",
"product_ids": [
"Red Hat Linux 7.1",
"Red Hat Linux 7.2",
"Red Hat Linux 7.3",
"Red Hat Linux 8.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2003:278"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "security flaw"
},
{
"cve": "CVE-2003-0777",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1617082"
}
],
"notes": [
{
"category": "description",
"text": "saned in sane-backends 1.0.7 and earlier, when debug messages are enabled, does not properly handle dropped connections, which can prevent strings from being null terminated and cause a denial of service (segmentation fault).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"Red Hat Linux 7.1",
"Red Hat Linux 7.2",
"Red Hat Linux 7.3",
"Red Hat Linux 8.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2003-0777"
},
{
"category": "external",
"summary": "RHBZ#1617082",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617082"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2003-0777",
"url": "https://www.cve.org/CVERecord?id=CVE-2003-0777"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2003-0777",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2003-0777"
}
],
"release_date": "2003-02-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2003-10-07T19:10:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade. Only those\nRPMs which are currently installed will be updated. Those RPMs which are\nnot installed but included in the list will not be updated. Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains the\ndesired RPMs.\n\nPlease note that this update is also available via Red Hat Network. Many\npeople find this an easier way to apply updates. To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.\n\nIf up2date fails to connect to Red Hat Network due to SSL Certificate \nErrors, you need to install a version of the up2date client with an updated \ncertificate. The latest version of up2date is available from the Red Hat \nFTP site and may also be downloaded directly from the RHN website:\n\nhttps://rhn.redhat.com/help/latest-up2date.pxt",
"product_ids": [
"Red Hat Linux 7.1",
"Red Hat Linux 7.2",
"Red Hat Linux 7.3",
"Red Hat Linux 8.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2003:278"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "security flaw"
},
{
"cve": "CVE-2003-0778",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1617083"
}
],
"notes": [
{
"category": "description",
"text": "saned in sane-backends 1.0.7 and earlier, and possibly later versions, does not properly allocate memory in certain cases, which could allow attackers to cause a denial of service (memory consumption).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"Red Hat Linux 7.1",
"Red Hat Linux 7.2",
"Red Hat Linux 7.3",
"Red Hat Linux 8.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2003-0778"
},
{
"category": "external",
"summary": "RHBZ#1617083",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617083"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2003-0778",
"url": "https://www.cve.org/CVERecord?id=CVE-2003-0778"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2003-0778",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2003-0778"
}
],
"release_date": "2003-02-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2003-10-07T19:10:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade. Only those\nRPMs which are currently installed will be updated. Those RPMs which are\nnot installed but included in the list will not be updated. Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains the\ndesired RPMs.\n\nPlease note that this update is also available via Red Hat Network. Many\npeople find this an easier way to apply updates. To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.\n\nIf up2date fails to connect to Red Hat Network due to SSL Certificate \nErrors, you need to install a version of the up2date client with an updated \ncertificate. The latest version of up2date is available from the Red Hat \nFTP site and may also be downloaded directly from the RHN website:\n\nhttps://rhn.redhat.com/help/latest-up2date.pxt",
"product_ids": [
"Red Hat Linux 7.1",
"Red Hat Linux 7.2",
"Red Hat Linux 7.3",
"Red Hat Linux 8.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2003:278"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "security flaw"
}
]
}
rhsa-2003:278
Vulnerability from csaf_redhat
Published
2003-10-07 19:10
Modified
2025-11-21 17:26
Summary
Red Hat Security Advisory: : Updated SANE packages fix remote vulnerabilities
Notes
Topic
Updated SANE packages that resolve a number of vulnerabilities with the
saned daemon are now available.
Details
SANE is a package for using document scanners.
Sane includes a daemon program (called saned) that enables a single machine
connected to a scanner to be used remotely. This program contains several
vulnerabilities.
NOTE: Although the SANE packages include this program, it is not used by
default under Red Hat Linux.
The IP address of the remote host is only checked after the first
communication occurs, causing saned.conf restrictions to be ineffective for
the first communication. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2003-0773 to this issue.
A connection that is dropped early causes one of several problems. The
Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned
the names CAN-2003-0774, CAN-2003-0775, and CAN-2003-0777 to these issues.
Lack of error checking can cause various other unfavorable consequences.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the names CAN-2003-0776 and CAN-2003-0778 to these issues.
Additionally, the updated packages for Red Hat Linux 8.0 include a fix for
a bug that could cause hardware damage to Epson 1260 scanners. Releases
prior to Red Hat Linux 8.0 are unaffected by this issue. Red Hat Linux 9
is affected by this, but will be covered by a separate advisory.
Users of SANE (particularly those that use saned for remote scanner access)
should upgrade to these errata packages, which resolve these issues.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated SANE packages that resolve a number of vulnerabilities with the\nsaned daemon are now available.",
"title": "Topic"
},
{
"category": "general",
"text": "SANE is a package for using document scanners.\n\nSane includes a daemon program (called saned) that enables a single machine\nconnected to a scanner to be used remotely. This program contains several\nvulnerabilities.\n\nNOTE: Although the SANE packages include this program, it is not used by\ndefault under Red Hat Linux.\n\nThe IP address of the remote host is only checked after the first\ncommunication occurs, causing saned.conf restrictions to be ineffective for\nthe first communication. The Common Vulnerabilities and Exposures project\n(cve.mitre.org) has assigned the name CAN-2003-0773 to this issue.\n\nA connection that is dropped early causes one of several problems. The\nCommon Vulnerabilities and Exposures project (cve.mitre.org) has assigned\nthe names CAN-2003-0774, CAN-2003-0775, and CAN-2003-0777 to these issues.\n\nLack of error checking can cause various other unfavorable consequences. \nThe Common Vulnerabilities and Exposures project (cve.mitre.org) has\nassigned the names CAN-2003-0776 and CAN-2003-0778 to these issues.\n\nAdditionally, the updated packages for Red Hat Linux 8.0 include a fix for\na bug that could cause hardware damage to Epson 1260 scanners. Releases\nprior to Red Hat Linux 8.0 are unaffected by this issue. Red Hat Linux 9\nis affected by this, but will be covered by a separate advisory.\n\nUsers of SANE (particularly those that use saned for remote scanner access)\nshould upgrade to these errata packages, which resolve these issues.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2003:278",
"url": "https://access.redhat.com/errata/RHSA-2003:278"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2003/rhsa-2003_278.json"
}
],
"title": "Red Hat Security Advisory: : Updated SANE packages fix remote vulnerabilities",
"tracking": {
"current_release_date": "2025-11-21T17:26:29+00:00",
"generator": {
"date": "2025-11-21T17:26:29+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2003:278",
"initial_release_date": "2003-10-07T19:10:00+00:00",
"revision_history": [
{
"date": "2003-10-07T19:10:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2003-10-07T00:00:00+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T17:26:29+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Linux 7.1",
"product": {
"name": "Red Hat Linux 7.1",
"product_id": "Red Hat Linux 7.1",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:linux:7.1"
}
}
},
{
"category": "product_name",
"name": "Red Hat Linux 7.2",
"product": {
"name": "Red Hat Linux 7.2",
"product_id": "Red Hat Linux 7.2",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:linux:7.2"
}
}
},
{
"category": "product_name",
"name": "Red Hat Linux 7.3",
"product": {
"name": "Red Hat Linux 7.3",
"product_id": "Red Hat Linux 7.3",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:linux:7.3"
}
}
},
{
"category": "product_name",
"name": "Red Hat Linux 8.0",
"product": {
"name": "Red Hat Linux 8.0",
"product_id": "Red Hat Linux 8.0",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:linux:8.0"
}
}
}
],
"category": "product_family",
"name": "Red Hat Linux"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2003-0773",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1617078"
}
],
"notes": [
{
"category": "description",
"text": "saned in sane-backends 1.0.7 and earlier does not check the IP address of the connecting host during the SANE_NET_INIT RPC call, which allows remote attackers to use that call even if they are restricted in saned.conf.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"Red Hat Linux 7.1",
"Red Hat Linux 7.2",
"Red Hat Linux 7.3",
"Red Hat Linux 8.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2003-0773"
},
{
"category": "external",
"summary": "RHBZ#1617078",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617078"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2003-0773",
"url": "https://www.cve.org/CVERecord?id=CVE-2003-0773"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2003-0773",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2003-0773"
}
],
"release_date": "2003-02-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2003-10-07T19:10:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade. Only those\nRPMs which are currently installed will be updated. Those RPMs which are\nnot installed but included in the list will not be updated. Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains the\ndesired RPMs.\n\nPlease note that this update is also available via Red Hat Network. Many\npeople find this an easier way to apply updates. To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.\n\nIf up2date fails to connect to Red Hat Network due to SSL Certificate \nErrors, you need to install a version of the up2date client with an updated \ncertificate. The latest version of up2date is available from the Red Hat \nFTP site and may also be downloaded directly from the RHN website:\n\nhttps://rhn.redhat.com/help/latest-up2date.pxt",
"product_ids": [
"Red Hat Linux 7.1",
"Red Hat Linux 7.2",
"Red Hat Linux 7.3",
"Red Hat Linux 8.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2003:278"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "security flaw"
},
{
"cve": "CVE-2003-0774",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1617079"
}
],
"notes": [
{
"category": "description",
"text": "saned in sane-backends 1.0.7 and earlier does not quickly handle connection drops, which allows remote attackers to cause a denial of service (segmentation fault) when invalid memory is accessed.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"Red Hat Linux 7.1",
"Red Hat Linux 7.2",
"Red Hat Linux 7.3",
"Red Hat Linux 8.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2003-0774"
},
{
"category": "external",
"summary": "RHBZ#1617079",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617079"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2003-0774",
"url": "https://www.cve.org/CVERecord?id=CVE-2003-0774"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2003-0774",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2003-0774"
}
],
"release_date": "2003-02-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2003-10-07T19:10:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade. Only those\nRPMs which are currently installed will be updated. Those RPMs which are\nnot installed but included in the list will not be updated. Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains the\ndesired RPMs.\n\nPlease note that this update is also available via Red Hat Network. Many\npeople find this an easier way to apply updates. To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.\n\nIf up2date fails to connect to Red Hat Network due to SSL Certificate \nErrors, you need to install a version of the up2date client with an updated \ncertificate. The latest version of up2date is available from the Red Hat \nFTP site and may also be downloaded directly from the RHN website:\n\nhttps://rhn.redhat.com/help/latest-up2date.pxt",
"product_ids": [
"Red Hat Linux 7.1",
"Red Hat Linux 7.2",
"Red Hat Linux 7.3",
"Red Hat Linux 8.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2003:278"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "security flaw"
},
{
"cve": "CVE-2003-0775",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1617080"
}
],
"notes": [
{
"category": "description",
"text": "saned in sane-backends 1.0.7 and earlier calls malloc with an arbitrary size value if a connection is dropped before the size value has been sent, which allows remote attackers to cause a denial of service (memory consumption or crash).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"Red Hat Linux 7.1",
"Red Hat Linux 7.2",
"Red Hat Linux 7.3",
"Red Hat Linux 8.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2003-0775"
},
{
"category": "external",
"summary": "RHBZ#1617080",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617080"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2003-0775",
"url": "https://www.cve.org/CVERecord?id=CVE-2003-0775"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2003-0775",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2003-0775"
}
],
"release_date": "2003-02-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2003-10-07T19:10:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade. Only those\nRPMs which are currently installed will be updated. Those RPMs which are\nnot installed but included in the list will not be updated. Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains the\ndesired RPMs.\n\nPlease note that this update is also available via Red Hat Network. Many\npeople find this an easier way to apply updates. To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.\n\nIf up2date fails to connect to Red Hat Network due to SSL Certificate \nErrors, you need to install a version of the up2date client with an updated \ncertificate. The latest version of up2date is available from the Red Hat \nFTP site and may also be downloaded directly from the RHN website:\n\nhttps://rhn.redhat.com/help/latest-up2date.pxt",
"product_ids": [
"Red Hat Linux 7.1",
"Red Hat Linux 7.2",
"Red Hat Linux 7.3",
"Red Hat Linux 8.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2003:278"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "security flaw"
},
{
"cve": "CVE-2003-0776",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1617081"
}
],
"notes": [
{
"category": "description",
"text": "saned in sane-backends 1.0.7 and earlier does not properly \"check the validity of the RPC numbers it gets before getting the parameters,\" with unknown consequences.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"Red Hat Linux 7.1",
"Red Hat Linux 7.2",
"Red Hat Linux 7.3",
"Red Hat Linux 8.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2003-0776"
},
{
"category": "external",
"summary": "RHBZ#1617081",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617081"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2003-0776",
"url": "https://www.cve.org/CVERecord?id=CVE-2003-0776"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2003-0776",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2003-0776"
}
],
"release_date": "2003-02-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2003-10-07T19:10:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade. Only those\nRPMs which are currently installed will be updated. Those RPMs which are\nnot installed but included in the list will not be updated. Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains the\ndesired RPMs.\n\nPlease note that this update is also available via Red Hat Network. Many\npeople find this an easier way to apply updates. To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.\n\nIf up2date fails to connect to Red Hat Network due to SSL Certificate \nErrors, you need to install a version of the up2date client with an updated \ncertificate. The latest version of up2date is available from the Red Hat \nFTP site and may also be downloaded directly from the RHN website:\n\nhttps://rhn.redhat.com/help/latest-up2date.pxt",
"product_ids": [
"Red Hat Linux 7.1",
"Red Hat Linux 7.2",
"Red Hat Linux 7.3",
"Red Hat Linux 8.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2003:278"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "security flaw"
},
{
"cve": "CVE-2003-0777",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1617082"
}
],
"notes": [
{
"category": "description",
"text": "saned in sane-backends 1.0.7 and earlier, when debug messages are enabled, does not properly handle dropped connections, which can prevent strings from being null terminated and cause a denial of service (segmentation fault).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"Red Hat Linux 7.1",
"Red Hat Linux 7.2",
"Red Hat Linux 7.3",
"Red Hat Linux 8.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2003-0777"
},
{
"category": "external",
"summary": "RHBZ#1617082",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617082"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2003-0777",
"url": "https://www.cve.org/CVERecord?id=CVE-2003-0777"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2003-0777",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2003-0777"
}
],
"release_date": "2003-02-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2003-10-07T19:10:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade. Only those\nRPMs which are currently installed will be updated. Those RPMs which are\nnot installed but included in the list will not be updated. Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains the\ndesired RPMs.\n\nPlease note that this update is also available via Red Hat Network. Many\npeople find this an easier way to apply updates. To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.\n\nIf up2date fails to connect to Red Hat Network due to SSL Certificate \nErrors, you need to install a version of the up2date client with an updated \ncertificate. The latest version of up2date is available from the Red Hat \nFTP site and may also be downloaded directly from the RHN website:\n\nhttps://rhn.redhat.com/help/latest-up2date.pxt",
"product_ids": [
"Red Hat Linux 7.1",
"Red Hat Linux 7.2",
"Red Hat Linux 7.3",
"Red Hat Linux 8.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2003:278"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "security flaw"
},
{
"cve": "CVE-2003-0778",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1617083"
}
],
"notes": [
{
"category": "description",
"text": "saned in sane-backends 1.0.7 and earlier, and possibly later versions, does not properly allocate memory in certain cases, which could allow attackers to cause a denial of service (memory consumption).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"Red Hat Linux 7.1",
"Red Hat Linux 7.2",
"Red Hat Linux 7.3",
"Red Hat Linux 8.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2003-0778"
},
{
"category": "external",
"summary": "RHBZ#1617083",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617083"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2003-0778",
"url": "https://www.cve.org/CVERecord?id=CVE-2003-0778"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2003-0778",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2003-0778"
}
],
"release_date": "2003-02-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2003-10-07T19:10:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade. Only those\nRPMs which are currently installed will be updated. Those RPMs which are\nnot installed but included in the list will not be updated. Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains the\ndesired RPMs.\n\nPlease note that this update is also available via Red Hat Network. Many\npeople find this an easier way to apply updates. To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.\n\nIf up2date fails to connect to Red Hat Network due to SSL Certificate \nErrors, you need to install a version of the up2date client with an updated \ncertificate. The latest version of up2date is available from the Red Hat \nFTP site and may also be downloaded directly from the RHN website:\n\nhttps://rhn.redhat.com/help/latest-up2date.pxt",
"product_ids": [
"Red Hat Linux 7.1",
"Red Hat Linux 7.2",
"Red Hat Linux 7.3",
"Red Hat Linux 8.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2003:278"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "security flaw"
}
]
}
RHSA-2003:285
Vulnerability from csaf_redhat
Published
2003-10-07 15:52
Modified
2025-11-21 17:26
Summary
Red Hat Security Advisory: sane-backends security update
Notes
Topic
Updated SANE packages that resolve a number of vulnerabilities with the
saned daemon are now available.
Details
SANE is a package for using document scanners.
Sane includes a daemon program (called saned) that enables a single machine
connected to a scanner to be used remotely. This program contains several
vulnerabilities.
NOTE: Although the SANE packages include this program, it is not used by
default under Red Hat Enterprise Linux.
The IP address of the remote host is only checked after the first
communication occurs, causing saned.conf restrictions to be ineffective for
the first communication. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2003-0773 to this issue.
A connection that is dropped early causes one of several problems. The
Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned
the names CAN-2003-0774, CAN-2003-0775, and CAN-2003-0777 to these issues.
Lack of error checking can cause various other unfavorable consequences.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the names CAN-2003-0776 and CAN-2003-0778 to these issues.
Users of SANE (particularly those that use saned for remote scanner access)
should upgrade to these errata packages, which contain a backported
security patch to resolve these issues.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated SANE packages that resolve a number of vulnerabilities with the\nsaned daemon are now available.",
"title": "Topic"
},
{
"category": "general",
"text": "SANE is a package for using document scanners.\n\nSane includes a daemon program (called saned) that enables a single machine\nconnected to a scanner to be used remotely. This program contains several\nvulnerabilities.\n\nNOTE: Although the SANE packages include this program, it is not used by\ndefault under Red Hat Enterprise Linux.\n\nThe IP address of the remote host is only checked after the first\ncommunication occurs, causing saned.conf restrictions to be ineffective for\nthe first communication. The Common Vulnerabilities and Exposures project\n(cve.mitre.org) has assigned the name CAN-2003-0773 to this issue.\n\nA connection that is dropped early causes one of several problems. The\nCommon Vulnerabilities and Exposures project (cve.mitre.org) has assigned\nthe names CAN-2003-0774, CAN-2003-0775, and CAN-2003-0777 to these issues.\n\nLack of error checking can cause various other unfavorable consequences. \nThe Common Vulnerabilities and Exposures project (cve.mitre.org) has\nassigned the names CAN-2003-0776 and CAN-2003-0778 to these issues.\n\nUsers of SANE (particularly those that use saned for remote scanner access)\nshould upgrade to these errata packages, which contain a backported\nsecurity patch to resolve these issues.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2003:285",
"url": "https://access.redhat.com/errata/RHSA-2003:285"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "104656",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=104656"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2003/rhsa-2003_285.json"
}
],
"title": "Red Hat Security Advisory: sane-backends security update",
"tracking": {
"current_release_date": "2025-11-21T17:26:32+00:00",
"generator": {
"date": "2025-11-21T17:26:32+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2003:285",
"initial_release_date": "2003-10-07T15:52:00+00:00",
"revision_history": [
{
"date": "2003-10-07T15:52:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2003-10-07T00:00:00+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T17:26:32+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
"product": {
"name": "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
"product_id": "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:2.1::as"
}
}
},
{
"category": "product_name",
"name": "Red Hat Linux Advanced Workstation 2.1",
"product": {
"name": "Red Hat Linux Advanced Workstation 2.1",
"product_id": "Red Hat Linux Advanced Workstation 2.1",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:2.1::aw"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux ES version 2.1",
"product": {
"name": "Red Hat Enterprise Linux ES version 2.1",
"product_id": "Red Hat Enterprise Linux ES version 2.1",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:2.1::es"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux WS version 2.1",
"product": {
"name": "Red Hat Enterprise Linux WS version 2.1",
"product_id": "Red Hat Enterprise Linux WS version 2.1",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:2.1::ws"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2003-0773",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1617078"
}
],
"notes": [
{
"category": "description",
"text": "saned in sane-backends 1.0.7 and earlier does not check the IP address of the connecting host during the SANE_NET_INIT RPC call, which allows remote attackers to use that call even if they are restricted in saned.conf.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
"Red Hat Enterprise Linux ES version 2.1",
"Red Hat Enterprise Linux WS version 2.1",
"Red Hat Linux Advanced Workstation 2.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2003-0773"
},
{
"category": "external",
"summary": "RHBZ#1617078",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617078"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2003-0773",
"url": "https://www.cve.org/CVERecord?id=CVE-2003-0773"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2003-0773",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2003-0773"
}
],
"release_date": "2003-02-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2003-10-07T15:52:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade. Only those\nRPMs which are currently installed will be updated. Those RPMs which are\nnot installed but included in the list will not be updated. Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains the\ndesired RPMs.\n\nPlease note that this update is also available via Red Hat Network. Many\npeople find this an easier way to apply updates. To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.\n\nIf up2date fails to connect to Red Hat Network due to SSL Certificate \nErrors, you need to install a version of the up2date client with an updated \ncertificate. The latest version of up2date is available from the Red Hat \nFTP site and may also be downloaded directly from the RHN website:\n\nhttps://rhn.redhat.com/help/latest-up2date.pxt",
"product_ids": [
"Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
"Red Hat Enterprise Linux ES version 2.1",
"Red Hat Enterprise Linux WS version 2.1",
"Red Hat Linux Advanced Workstation 2.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2003:285"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "security flaw"
},
{
"cve": "CVE-2003-0774",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1617079"
}
],
"notes": [
{
"category": "description",
"text": "saned in sane-backends 1.0.7 and earlier does not quickly handle connection drops, which allows remote attackers to cause a denial of service (segmentation fault) when invalid memory is accessed.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
"Red Hat Enterprise Linux ES version 2.1",
"Red Hat Enterprise Linux WS version 2.1",
"Red Hat Linux Advanced Workstation 2.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2003-0774"
},
{
"category": "external",
"summary": "RHBZ#1617079",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617079"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2003-0774",
"url": "https://www.cve.org/CVERecord?id=CVE-2003-0774"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2003-0774",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2003-0774"
}
],
"release_date": "2003-02-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2003-10-07T15:52:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade. Only those\nRPMs which are currently installed will be updated. Those RPMs which are\nnot installed but included in the list will not be updated. Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains the\ndesired RPMs.\n\nPlease note that this update is also available via Red Hat Network. Many\npeople find this an easier way to apply updates. To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.\n\nIf up2date fails to connect to Red Hat Network due to SSL Certificate \nErrors, you need to install a version of the up2date client with an updated \ncertificate. The latest version of up2date is available from the Red Hat \nFTP site and may also be downloaded directly from the RHN website:\n\nhttps://rhn.redhat.com/help/latest-up2date.pxt",
"product_ids": [
"Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
"Red Hat Enterprise Linux ES version 2.1",
"Red Hat Enterprise Linux WS version 2.1",
"Red Hat Linux Advanced Workstation 2.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2003:285"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "security flaw"
},
{
"cve": "CVE-2003-0775",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1617080"
}
],
"notes": [
{
"category": "description",
"text": "saned in sane-backends 1.0.7 and earlier calls malloc with an arbitrary size value if a connection is dropped before the size value has been sent, which allows remote attackers to cause a denial of service (memory consumption or crash).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
"Red Hat Enterprise Linux ES version 2.1",
"Red Hat Enterprise Linux WS version 2.1",
"Red Hat Linux Advanced Workstation 2.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2003-0775"
},
{
"category": "external",
"summary": "RHBZ#1617080",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617080"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2003-0775",
"url": "https://www.cve.org/CVERecord?id=CVE-2003-0775"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2003-0775",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2003-0775"
}
],
"release_date": "2003-02-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2003-10-07T15:52:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade. Only those\nRPMs which are currently installed will be updated. Those RPMs which are\nnot installed but included in the list will not be updated. Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains the\ndesired RPMs.\n\nPlease note that this update is also available via Red Hat Network. Many\npeople find this an easier way to apply updates. To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.\n\nIf up2date fails to connect to Red Hat Network due to SSL Certificate \nErrors, you need to install a version of the up2date client with an updated \ncertificate. The latest version of up2date is available from the Red Hat \nFTP site and may also be downloaded directly from the RHN website:\n\nhttps://rhn.redhat.com/help/latest-up2date.pxt",
"product_ids": [
"Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
"Red Hat Enterprise Linux ES version 2.1",
"Red Hat Enterprise Linux WS version 2.1",
"Red Hat Linux Advanced Workstation 2.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2003:285"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "security flaw"
},
{
"cve": "CVE-2003-0776",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1617081"
}
],
"notes": [
{
"category": "description",
"text": "saned in sane-backends 1.0.7 and earlier does not properly \"check the validity of the RPC numbers it gets before getting the parameters,\" with unknown consequences.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
"Red Hat Enterprise Linux ES version 2.1",
"Red Hat Enterprise Linux WS version 2.1",
"Red Hat Linux Advanced Workstation 2.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2003-0776"
},
{
"category": "external",
"summary": "RHBZ#1617081",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617081"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2003-0776",
"url": "https://www.cve.org/CVERecord?id=CVE-2003-0776"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2003-0776",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2003-0776"
}
],
"release_date": "2003-02-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2003-10-07T15:52:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade. Only those\nRPMs which are currently installed will be updated. Those RPMs which are\nnot installed but included in the list will not be updated. Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains the\ndesired RPMs.\n\nPlease note that this update is also available via Red Hat Network. Many\npeople find this an easier way to apply updates. To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.\n\nIf up2date fails to connect to Red Hat Network due to SSL Certificate \nErrors, you need to install a version of the up2date client with an updated \ncertificate. The latest version of up2date is available from the Red Hat \nFTP site and may also be downloaded directly from the RHN website:\n\nhttps://rhn.redhat.com/help/latest-up2date.pxt",
"product_ids": [
"Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
"Red Hat Enterprise Linux ES version 2.1",
"Red Hat Enterprise Linux WS version 2.1",
"Red Hat Linux Advanced Workstation 2.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2003:285"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "security flaw"
},
{
"cve": "CVE-2003-0777",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1617082"
}
],
"notes": [
{
"category": "description",
"text": "saned in sane-backends 1.0.7 and earlier, when debug messages are enabled, does not properly handle dropped connections, which can prevent strings from being null terminated and cause a denial of service (segmentation fault).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
"Red Hat Enterprise Linux ES version 2.1",
"Red Hat Enterprise Linux WS version 2.1",
"Red Hat Linux Advanced Workstation 2.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2003-0777"
},
{
"category": "external",
"summary": "RHBZ#1617082",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617082"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2003-0777",
"url": "https://www.cve.org/CVERecord?id=CVE-2003-0777"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2003-0777",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2003-0777"
}
],
"release_date": "2003-02-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2003-10-07T15:52:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade. Only those\nRPMs which are currently installed will be updated. Those RPMs which are\nnot installed but included in the list will not be updated. Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains the\ndesired RPMs.\n\nPlease note that this update is also available via Red Hat Network. Many\npeople find this an easier way to apply updates. To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.\n\nIf up2date fails to connect to Red Hat Network due to SSL Certificate \nErrors, you need to install a version of the up2date client with an updated \ncertificate. The latest version of up2date is available from the Red Hat \nFTP site and may also be downloaded directly from the RHN website:\n\nhttps://rhn.redhat.com/help/latest-up2date.pxt",
"product_ids": [
"Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
"Red Hat Enterprise Linux ES version 2.1",
"Red Hat Enterprise Linux WS version 2.1",
"Red Hat Linux Advanced Workstation 2.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2003:285"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "security flaw"
},
{
"cve": "CVE-2003-0778",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1617083"
}
],
"notes": [
{
"category": "description",
"text": "saned in sane-backends 1.0.7 and earlier, and possibly later versions, does not properly allocate memory in certain cases, which could allow attackers to cause a denial of service (memory consumption).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
"Red Hat Enterprise Linux ES version 2.1",
"Red Hat Enterprise Linux WS version 2.1",
"Red Hat Linux Advanced Workstation 2.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2003-0778"
},
{
"category": "external",
"summary": "RHBZ#1617083",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617083"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2003-0778",
"url": "https://www.cve.org/CVERecord?id=CVE-2003-0778"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2003-0778",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2003-0778"
}
],
"release_date": "2003-02-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2003-10-07T15:52:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade. Only those\nRPMs which are currently installed will be updated. Those RPMs which are\nnot installed but included in the list will not be updated. Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains the\ndesired RPMs.\n\nPlease note that this update is also available via Red Hat Network. Many\npeople find this an easier way to apply updates. To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.\n\nIf up2date fails to connect to Red Hat Network due to SSL Certificate \nErrors, you need to install a version of the up2date client with an updated \ncertificate. The latest version of up2date is available from the Red Hat \nFTP site and may also be downloaded directly from the RHN website:\n\nhttps://rhn.redhat.com/help/latest-up2date.pxt",
"product_ids": [
"Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
"Red Hat Enterprise Linux ES version 2.1",
"Red Hat Enterprise Linux WS version 2.1",
"Red Hat Linux Advanced Workstation 2.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2003:285"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "security flaw"
}
]
}
rhsa-2003_285
Vulnerability from csaf_redhat
Published
2003-10-07 15:52
Modified
2024-11-21 22:51
Summary
Red Hat Security Advisory: sane-backends security update
Notes
Topic
Updated SANE packages that resolve a number of vulnerabilities with the
saned daemon are now available.
Details
SANE is a package for using document scanners.
Sane includes a daemon program (called saned) that enables a single machine
connected to a scanner to be used remotely. This program contains several
vulnerabilities.
NOTE: Although the SANE packages include this program, it is not used by
default under Red Hat Enterprise Linux.
The IP address of the remote host is only checked after the first
communication occurs, causing saned.conf restrictions to be ineffective for
the first communication. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2003-0773 to this issue.
A connection that is dropped early causes one of several problems. The
Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned
the names CAN-2003-0774, CAN-2003-0775, and CAN-2003-0777 to these issues.
Lack of error checking can cause various other unfavorable consequences.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the names CAN-2003-0776 and CAN-2003-0778 to these issues.
Users of SANE (particularly those that use saned for remote scanner access)
should upgrade to these errata packages, which contain a backported
security patch to resolve these issues.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated SANE packages that resolve a number of vulnerabilities with the\nsaned daemon are now available.",
"title": "Topic"
},
{
"category": "general",
"text": "SANE is a package for using document scanners.\n\nSane includes a daemon program (called saned) that enables a single machine\nconnected to a scanner to be used remotely. This program contains several\nvulnerabilities.\n\nNOTE: Although the SANE packages include this program, it is not used by\ndefault under Red Hat Enterprise Linux.\n\nThe IP address of the remote host is only checked after the first\ncommunication occurs, causing saned.conf restrictions to be ineffective for\nthe first communication. The Common Vulnerabilities and Exposures project\n(cve.mitre.org) has assigned the name CAN-2003-0773 to this issue.\n\nA connection that is dropped early causes one of several problems. The\nCommon Vulnerabilities and Exposures project (cve.mitre.org) has assigned\nthe names CAN-2003-0774, CAN-2003-0775, and CAN-2003-0777 to these issues.\n\nLack of error checking can cause various other unfavorable consequences. \nThe Common Vulnerabilities and Exposures project (cve.mitre.org) has\nassigned the names CAN-2003-0776 and CAN-2003-0778 to these issues.\n\nUsers of SANE (particularly those that use saned for remote scanner access)\nshould upgrade to these errata packages, which contain a backported\nsecurity patch to resolve these issues.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2003:285",
"url": "https://access.redhat.com/errata/RHSA-2003:285"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "104656",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=104656"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2003/rhsa-2003_285.json"
}
],
"title": "Red Hat Security Advisory: sane-backends security update",
"tracking": {
"current_release_date": "2024-11-21T22:51:06+00:00",
"generator": {
"date": "2024-11-21T22:51:06+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2003:285",
"initial_release_date": "2003-10-07T15:52:00+00:00",
"revision_history": [
{
"date": "2003-10-07T15:52:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2003-10-07T00:00:00+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-21T22:51:06+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
"product": {
"name": "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
"product_id": "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:2.1::as"
}
}
},
{
"category": "product_name",
"name": "Red Hat Linux Advanced Workstation 2.1",
"product": {
"name": "Red Hat Linux Advanced Workstation 2.1",
"product_id": "Red Hat Linux Advanced Workstation 2.1",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:2.1::aw"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux ES version 2.1",
"product": {
"name": "Red Hat Enterprise Linux ES version 2.1",
"product_id": "Red Hat Enterprise Linux ES version 2.1",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:2.1::es"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux WS version 2.1",
"product": {
"name": "Red Hat Enterprise Linux WS version 2.1",
"product_id": "Red Hat Enterprise Linux WS version 2.1",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:2.1::ws"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2003-0773",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1617078"
}
],
"notes": [
{
"category": "description",
"text": "saned in sane-backends 1.0.7 and earlier does not check the IP address of the connecting host during the SANE_NET_INIT RPC call, which allows remote attackers to use that call even if they are restricted in saned.conf.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
"Red Hat Enterprise Linux ES version 2.1",
"Red Hat Enterprise Linux WS version 2.1",
"Red Hat Linux Advanced Workstation 2.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2003-0773"
},
{
"category": "external",
"summary": "RHBZ#1617078",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617078"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2003-0773",
"url": "https://www.cve.org/CVERecord?id=CVE-2003-0773"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2003-0773",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2003-0773"
}
],
"release_date": "2003-02-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2003-10-07T15:52:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade. Only those\nRPMs which are currently installed will be updated. Those RPMs which are\nnot installed but included in the list will not be updated. Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains the\ndesired RPMs.\n\nPlease note that this update is also available via Red Hat Network. Many\npeople find this an easier way to apply updates. To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.\n\nIf up2date fails to connect to Red Hat Network due to SSL Certificate \nErrors, you need to install a version of the up2date client with an updated \ncertificate. The latest version of up2date is available from the Red Hat \nFTP site and may also be downloaded directly from the RHN website:\n\nhttps://rhn.redhat.com/help/latest-up2date.pxt",
"product_ids": [
"Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
"Red Hat Enterprise Linux ES version 2.1",
"Red Hat Enterprise Linux WS version 2.1",
"Red Hat Linux Advanced Workstation 2.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2003:285"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "security flaw"
},
{
"cve": "CVE-2003-0774",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1617079"
}
],
"notes": [
{
"category": "description",
"text": "saned in sane-backends 1.0.7 and earlier does not quickly handle connection drops, which allows remote attackers to cause a denial of service (segmentation fault) when invalid memory is accessed.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
"Red Hat Enterprise Linux ES version 2.1",
"Red Hat Enterprise Linux WS version 2.1",
"Red Hat Linux Advanced Workstation 2.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2003-0774"
},
{
"category": "external",
"summary": "RHBZ#1617079",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617079"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2003-0774",
"url": "https://www.cve.org/CVERecord?id=CVE-2003-0774"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2003-0774",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2003-0774"
}
],
"release_date": "2003-02-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2003-10-07T15:52:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade. Only those\nRPMs which are currently installed will be updated. Those RPMs which are\nnot installed but included in the list will not be updated. Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains the\ndesired RPMs.\n\nPlease note that this update is also available via Red Hat Network. Many\npeople find this an easier way to apply updates. To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.\n\nIf up2date fails to connect to Red Hat Network due to SSL Certificate \nErrors, you need to install a version of the up2date client with an updated \ncertificate. The latest version of up2date is available from the Red Hat \nFTP site and may also be downloaded directly from the RHN website:\n\nhttps://rhn.redhat.com/help/latest-up2date.pxt",
"product_ids": [
"Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
"Red Hat Enterprise Linux ES version 2.1",
"Red Hat Enterprise Linux WS version 2.1",
"Red Hat Linux Advanced Workstation 2.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2003:285"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "security flaw"
},
{
"cve": "CVE-2003-0775",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1617080"
}
],
"notes": [
{
"category": "description",
"text": "saned in sane-backends 1.0.7 and earlier calls malloc with an arbitrary size value if a connection is dropped before the size value has been sent, which allows remote attackers to cause a denial of service (memory consumption or crash).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
"Red Hat Enterprise Linux ES version 2.1",
"Red Hat Enterprise Linux WS version 2.1",
"Red Hat Linux Advanced Workstation 2.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2003-0775"
},
{
"category": "external",
"summary": "RHBZ#1617080",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617080"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2003-0775",
"url": "https://www.cve.org/CVERecord?id=CVE-2003-0775"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2003-0775",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2003-0775"
}
],
"release_date": "2003-02-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2003-10-07T15:52:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade. Only those\nRPMs which are currently installed will be updated. Those RPMs which are\nnot installed but included in the list will not be updated. Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains the\ndesired RPMs.\n\nPlease note that this update is also available via Red Hat Network. Many\npeople find this an easier way to apply updates. To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.\n\nIf up2date fails to connect to Red Hat Network due to SSL Certificate \nErrors, you need to install a version of the up2date client with an updated \ncertificate. The latest version of up2date is available from the Red Hat \nFTP site and may also be downloaded directly from the RHN website:\n\nhttps://rhn.redhat.com/help/latest-up2date.pxt",
"product_ids": [
"Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
"Red Hat Enterprise Linux ES version 2.1",
"Red Hat Enterprise Linux WS version 2.1",
"Red Hat Linux Advanced Workstation 2.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2003:285"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "security flaw"
},
{
"cve": "CVE-2003-0776",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1617081"
}
],
"notes": [
{
"category": "description",
"text": "saned in sane-backends 1.0.7 and earlier does not properly \"check the validity of the RPC numbers it gets before getting the parameters,\" with unknown consequences.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
"Red Hat Enterprise Linux ES version 2.1",
"Red Hat Enterprise Linux WS version 2.1",
"Red Hat Linux Advanced Workstation 2.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2003-0776"
},
{
"category": "external",
"summary": "RHBZ#1617081",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617081"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2003-0776",
"url": "https://www.cve.org/CVERecord?id=CVE-2003-0776"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2003-0776",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2003-0776"
}
],
"release_date": "2003-02-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2003-10-07T15:52:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade. Only those\nRPMs which are currently installed will be updated. Those RPMs which are\nnot installed but included in the list will not be updated. Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains the\ndesired RPMs.\n\nPlease note that this update is also available via Red Hat Network. Many\npeople find this an easier way to apply updates. To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.\n\nIf up2date fails to connect to Red Hat Network due to SSL Certificate \nErrors, you need to install a version of the up2date client with an updated \ncertificate. The latest version of up2date is available from the Red Hat \nFTP site and may also be downloaded directly from the RHN website:\n\nhttps://rhn.redhat.com/help/latest-up2date.pxt",
"product_ids": [
"Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
"Red Hat Enterprise Linux ES version 2.1",
"Red Hat Enterprise Linux WS version 2.1",
"Red Hat Linux Advanced Workstation 2.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2003:285"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "security flaw"
},
{
"cve": "CVE-2003-0777",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1617082"
}
],
"notes": [
{
"category": "description",
"text": "saned in sane-backends 1.0.7 and earlier, when debug messages are enabled, does not properly handle dropped connections, which can prevent strings from being null terminated and cause a denial of service (segmentation fault).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
"Red Hat Enterprise Linux ES version 2.1",
"Red Hat Enterprise Linux WS version 2.1",
"Red Hat Linux Advanced Workstation 2.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2003-0777"
},
{
"category": "external",
"summary": "RHBZ#1617082",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617082"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2003-0777",
"url": "https://www.cve.org/CVERecord?id=CVE-2003-0777"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2003-0777",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2003-0777"
}
],
"release_date": "2003-02-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2003-10-07T15:52:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade. Only those\nRPMs which are currently installed will be updated. Those RPMs which are\nnot installed but included in the list will not be updated. Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains the\ndesired RPMs.\n\nPlease note that this update is also available via Red Hat Network. Many\npeople find this an easier way to apply updates. To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.\n\nIf up2date fails to connect to Red Hat Network due to SSL Certificate \nErrors, you need to install a version of the up2date client with an updated \ncertificate. The latest version of up2date is available from the Red Hat \nFTP site and may also be downloaded directly from the RHN website:\n\nhttps://rhn.redhat.com/help/latest-up2date.pxt",
"product_ids": [
"Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
"Red Hat Enterprise Linux ES version 2.1",
"Red Hat Enterprise Linux WS version 2.1",
"Red Hat Linux Advanced Workstation 2.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2003:285"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "security flaw"
},
{
"cve": "CVE-2003-0778",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1617083"
}
],
"notes": [
{
"category": "description",
"text": "saned in sane-backends 1.0.7 and earlier, and possibly later versions, does not properly allocate memory in certain cases, which could allow attackers to cause a denial of service (memory consumption).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
"Red Hat Enterprise Linux ES version 2.1",
"Red Hat Enterprise Linux WS version 2.1",
"Red Hat Linux Advanced Workstation 2.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2003-0778"
},
{
"category": "external",
"summary": "RHBZ#1617083",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617083"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2003-0778",
"url": "https://www.cve.org/CVERecord?id=CVE-2003-0778"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2003-0778",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2003-0778"
}
],
"release_date": "2003-02-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2003-10-07T15:52:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade. Only those\nRPMs which are currently installed will be updated. Those RPMs which are\nnot installed but included in the list will not be updated. Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains the\ndesired RPMs.\n\nPlease note that this update is also available via Red Hat Network. Many\npeople find this an easier way to apply updates. To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.\n\nIf up2date fails to connect to Red Hat Network due to SSL Certificate \nErrors, you need to install a version of the up2date client with an updated \ncertificate. The latest version of up2date is available from the Red Hat \nFTP site and may also be downloaded directly from the RHN website:\n\nhttps://rhn.redhat.com/help/latest-up2date.pxt",
"product_ids": [
"Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
"Red Hat Enterprise Linux ES version 2.1",
"Red Hat Enterprise Linux WS version 2.1",
"Red Hat Linux Advanced Workstation 2.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2003:285"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "security flaw"
}
]
}
rhsa-2003:285
Vulnerability from csaf_redhat
Published
2003-10-07 15:52
Modified
2025-11-21 17:26
Summary
Red Hat Security Advisory: sane-backends security update
Notes
Topic
Updated SANE packages that resolve a number of vulnerabilities with the
saned daemon are now available.
Details
SANE is a package for using document scanners.
Sane includes a daemon program (called saned) that enables a single machine
connected to a scanner to be used remotely. This program contains several
vulnerabilities.
NOTE: Although the SANE packages include this program, it is not used by
default under Red Hat Enterprise Linux.
The IP address of the remote host is only checked after the first
communication occurs, causing saned.conf restrictions to be ineffective for
the first communication. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2003-0773 to this issue.
A connection that is dropped early causes one of several problems. The
Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned
the names CAN-2003-0774, CAN-2003-0775, and CAN-2003-0777 to these issues.
Lack of error checking can cause various other unfavorable consequences.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the names CAN-2003-0776 and CAN-2003-0778 to these issues.
Users of SANE (particularly those that use saned for remote scanner access)
should upgrade to these errata packages, which contain a backported
security patch to resolve these issues.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated SANE packages that resolve a number of vulnerabilities with the\nsaned daemon are now available.",
"title": "Topic"
},
{
"category": "general",
"text": "SANE is a package for using document scanners.\n\nSane includes a daemon program (called saned) that enables a single machine\nconnected to a scanner to be used remotely. This program contains several\nvulnerabilities.\n\nNOTE: Although the SANE packages include this program, it is not used by\ndefault under Red Hat Enterprise Linux.\n\nThe IP address of the remote host is only checked after the first\ncommunication occurs, causing saned.conf restrictions to be ineffective for\nthe first communication. The Common Vulnerabilities and Exposures project\n(cve.mitre.org) has assigned the name CAN-2003-0773 to this issue.\n\nA connection that is dropped early causes one of several problems. The\nCommon Vulnerabilities and Exposures project (cve.mitre.org) has assigned\nthe names CAN-2003-0774, CAN-2003-0775, and CAN-2003-0777 to these issues.\n\nLack of error checking can cause various other unfavorable consequences. \nThe Common Vulnerabilities and Exposures project (cve.mitre.org) has\nassigned the names CAN-2003-0776 and CAN-2003-0778 to these issues.\n\nUsers of SANE (particularly those that use saned for remote scanner access)\nshould upgrade to these errata packages, which contain a backported\nsecurity patch to resolve these issues.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2003:285",
"url": "https://access.redhat.com/errata/RHSA-2003:285"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "104656",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=104656"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2003/rhsa-2003_285.json"
}
],
"title": "Red Hat Security Advisory: sane-backends security update",
"tracking": {
"current_release_date": "2025-11-21T17:26:32+00:00",
"generator": {
"date": "2025-11-21T17:26:32+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2003:285",
"initial_release_date": "2003-10-07T15:52:00+00:00",
"revision_history": [
{
"date": "2003-10-07T15:52:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2003-10-07T00:00:00+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T17:26:32+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
"product": {
"name": "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
"product_id": "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:2.1::as"
}
}
},
{
"category": "product_name",
"name": "Red Hat Linux Advanced Workstation 2.1",
"product": {
"name": "Red Hat Linux Advanced Workstation 2.1",
"product_id": "Red Hat Linux Advanced Workstation 2.1",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:2.1::aw"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux ES version 2.1",
"product": {
"name": "Red Hat Enterprise Linux ES version 2.1",
"product_id": "Red Hat Enterprise Linux ES version 2.1",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:2.1::es"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux WS version 2.1",
"product": {
"name": "Red Hat Enterprise Linux WS version 2.1",
"product_id": "Red Hat Enterprise Linux WS version 2.1",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:2.1::ws"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2003-0773",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1617078"
}
],
"notes": [
{
"category": "description",
"text": "saned in sane-backends 1.0.7 and earlier does not check the IP address of the connecting host during the SANE_NET_INIT RPC call, which allows remote attackers to use that call even if they are restricted in saned.conf.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
"Red Hat Enterprise Linux ES version 2.1",
"Red Hat Enterprise Linux WS version 2.1",
"Red Hat Linux Advanced Workstation 2.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2003-0773"
},
{
"category": "external",
"summary": "RHBZ#1617078",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617078"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2003-0773",
"url": "https://www.cve.org/CVERecord?id=CVE-2003-0773"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2003-0773",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2003-0773"
}
],
"release_date": "2003-02-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2003-10-07T15:52:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade. Only those\nRPMs which are currently installed will be updated. Those RPMs which are\nnot installed but included in the list will not be updated. Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains the\ndesired RPMs.\n\nPlease note that this update is also available via Red Hat Network. Many\npeople find this an easier way to apply updates. To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.\n\nIf up2date fails to connect to Red Hat Network due to SSL Certificate \nErrors, you need to install a version of the up2date client with an updated \ncertificate. The latest version of up2date is available from the Red Hat \nFTP site and may also be downloaded directly from the RHN website:\n\nhttps://rhn.redhat.com/help/latest-up2date.pxt",
"product_ids": [
"Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
"Red Hat Enterprise Linux ES version 2.1",
"Red Hat Enterprise Linux WS version 2.1",
"Red Hat Linux Advanced Workstation 2.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2003:285"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "security flaw"
},
{
"cve": "CVE-2003-0774",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1617079"
}
],
"notes": [
{
"category": "description",
"text": "saned in sane-backends 1.0.7 and earlier does not quickly handle connection drops, which allows remote attackers to cause a denial of service (segmentation fault) when invalid memory is accessed.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
"Red Hat Enterprise Linux ES version 2.1",
"Red Hat Enterprise Linux WS version 2.1",
"Red Hat Linux Advanced Workstation 2.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2003-0774"
},
{
"category": "external",
"summary": "RHBZ#1617079",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617079"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2003-0774",
"url": "https://www.cve.org/CVERecord?id=CVE-2003-0774"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2003-0774",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2003-0774"
}
],
"release_date": "2003-02-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2003-10-07T15:52:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade. Only those\nRPMs which are currently installed will be updated. Those RPMs which are\nnot installed but included in the list will not be updated. Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains the\ndesired RPMs.\n\nPlease note that this update is also available via Red Hat Network. Many\npeople find this an easier way to apply updates. To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.\n\nIf up2date fails to connect to Red Hat Network due to SSL Certificate \nErrors, you need to install a version of the up2date client with an updated \ncertificate. The latest version of up2date is available from the Red Hat \nFTP site and may also be downloaded directly from the RHN website:\n\nhttps://rhn.redhat.com/help/latest-up2date.pxt",
"product_ids": [
"Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
"Red Hat Enterprise Linux ES version 2.1",
"Red Hat Enterprise Linux WS version 2.1",
"Red Hat Linux Advanced Workstation 2.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2003:285"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "security flaw"
},
{
"cve": "CVE-2003-0775",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1617080"
}
],
"notes": [
{
"category": "description",
"text": "saned in sane-backends 1.0.7 and earlier calls malloc with an arbitrary size value if a connection is dropped before the size value has been sent, which allows remote attackers to cause a denial of service (memory consumption or crash).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
"Red Hat Enterprise Linux ES version 2.1",
"Red Hat Enterprise Linux WS version 2.1",
"Red Hat Linux Advanced Workstation 2.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2003-0775"
},
{
"category": "external",
"summary": "RHBZ#1617080",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617080"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2003-0775",
"url": "https://www.cve.org/CVERecord?id=CVE-2003-0775"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2003-0775",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2003-0775"
}
],
"release_date": "2003-02-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2003-10-07T15:52:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade. Only those\nRPMs which are currently installed will be updated. Those RPMs which are\nnot installed but included in the list will not be updated. Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains the\ndesired RPMs.\n\nPlease note that this update is also available via Red Hat Network. Many\npeople find this an easier way to apply updates. To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.\n\nIf up2date fails to connect to Red Hat Network due to SSL Certificate \nErrors, you need to install a version of the up2date client with an updated \ncertificate. The latest version of up2date is available from the Red Hat \nFTP site and may also be downloaded directly from the RHN website:\n\nhttps://rhn.redhat.com/help/latest-up2date.pxt",
"product_ids": [
"Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
"Red Hat Enterprise Linux ES version 2.1",
"Red Hat Enterprise Linux WS version 2.1",
"Red Hat Linux Advanced Workstation 2.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2003:285"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "security flaw"
},
{
"cve": "CVE-2003-0776",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1617081"
}
],
"notes": [
{
"category": "description",
"text": "saned in sane-backends 1.0.7 and earlier does not properly \"check the validity of the RPC numbers it gets before getting the parameters,\" with unknown consequences.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
"Red Hat Enterprise Linux ES version 2.1",
"Red Hat Enterprise Linux WS version 2.1",
"Red Hat Linux Advanced Workstation 2.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2003-0776"
},
{
"category": "external",
"summary": "RHBZ#1617081",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617081"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2003-0776",
"url": "https://www.cve.org/CVERecord?id=CVE-2003-0776"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2003-0776",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2003-0776"
}
],
"release_date": "2003-02-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2003-10-07T15:52:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade. Only those\nRPMs which are currently installed will be updated. Those RPMs which are\nnot installed but included in the list will not be updated. Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains the\ndesired RPMs.\n\nPlease note that this update is also available via Red Hat Network. Many\npeople find this an easier way to apply updates. To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.\n\nIf up2date fails to connect to Red Hat Network due to SSL Certificate \nErrors, you need to install a version of the up2date client with an updated \ncertificate. The latest version of up2date is available from the Red Hat \nFTP site and may also be downloaded directly from the RHN website:\n\nhttps://rhn.redhat.com/help/latest-up2date.pxt",
"product_ids": [
"Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
"Red Hat Enterprise Linux ES version 2.1",
"Red Hat Enterprise Linux WS version 2.1",
"Red Hat Linux Advanced Workstation 2.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2003:285"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "security flaw"
},
{
"cve": "CVE-2003-0777",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1617082"
}
],
"notes": [
{
"category": "description",
"text": "saned in sane-backends 1.0.7 and earlier, when debug messages are enabled, does not properly handle dropped connections, which can prevent strings from being null terminated and cause a denial of service (segmentation fault).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
"Red Hat Enterprise Linux ES version 2.1",
"Red Hat Enterprise Linux WS version 2.1",
"Red Hat Linux Advanced Workstation 2.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2003-0777"
},
{
"category": "external",
"summary": "RHBZ#1617082",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617082"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2003-0777",
"url": "https://www.cve.org/CVERecord?id=CVE-2003-0777"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2003-0777",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2003-0777"
}
],
"release_date": "2003-02-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2003-10-07T15:52:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade. Only those\nRPMs which are currently installed will be updated. Those RPMs which are\nnot installed but included in the list will not be updated. Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains the\ndesired RPMs.\n\nPlease note that this update is also available via Red Hat Network. Many\npeople find this an easier way to apply updates. To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.\n\nIf up2date fails to connect to Red Hat Network due to SSL Certificate \nErrors, you need to install a version of the up2date client with an updated \ncertificate. The latest version of up2date is available from the Red Hat \nFTP site and may also be downloaded directly from the RHN website:\n\nhttps://rhn.redhat.com/help/latest-up2date.pxt",
"product_ids": [
"Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
"Red Hat Enterprise Linux ES version 2.1",
"Red Hat Enterprise Linux WS version 2.1",
"Red Hat Linux Advanced Workstation 2.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2003:285"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "security flaw"
},
{
"cve": "CVE-2003-0778",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1617083"
}
],
"notes": [
{
"category": "description",
"text": "saned in sane-backends 1.0.7 and earlier, and possibly later versions, does not properly allocate memory in certain cases, which could allow attackers to cause a denial of service (memory consumption).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
"Red Hat Enterprise Linux ES version 2.1",
"Red Hat Enterprise Linux WS version 2.1",
"Red Hat Linux Advanced Workstation 2.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2003-0778"
},
{
"category": "external",
"summary": "RHBZ#1617083",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617083"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2003-0778",
"url": "https://www.cve.org/CVERecord?id=CVE-2003-0778"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2003-0778",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2003-0778"
}
],
"release_date": "2003-02-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2003-10-07T15:52:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade. Only those\nRPMs which are currently installed will be updated. Those RPMs which are\nnot installed but included in the list will not be updated. Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains the\ndesired RPMs.\n\nPlease note that this update is also available via Red Hat Network. Many\npeople find this an easier way to apply updates. To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.\n\nIf up2date fails to connect to Red Hat Network due to SSL Certificate \nErrors, you need to install a version of the up2date client with an updated \ncertificate. The latest version of up2date is available from the Red Hat \nFTP site and may also be downloaded directly from the RHN website:\n\nhttps://rhn.redhat.com/help/latest-up2date.pxt",
"product_ids": [
"Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
"Red Hat Enterprise Linux ES version 2.1",
"Red Hat Enterprise Linux WS version 2.1",
"Red Hat Linux Advanced Workstation 2.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2003:285"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "security flaw"
}
]
}
ghsa-jw8m-xprv-3rh7
Vulnerability from github
Published
2022-05-03 03:09
Modified
2022-05-03 03:09
VLAI Severity ?
Details
saned in sane-backends 1.0.7 and earlier does not quickly handle connection drops, which allows remote attackers to cause a denial of service (segmentation fault) when invalid memory is accessed.
{
"affected": [],
"aliases": [
"CVE-2003-0774"
],
"database_specific": {
"cwe_ids": [],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2003-09-22T04:00:00Z",
"severity": "HIGH"
},
"details": "saned in sane-backends 1.0.7 and earlier does not quickly handle connection drops, which allows remote attackers to cause a denial of service (segmentation fault) when invalid memory is accessed.",
"id": "GHSA-jw8m-xprv-3rh7",
"modified": "2022-05-03T03:09:46Z",
"published": "2022-05-03T03:09:46Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2003-0774"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2003/dsa-379"
},
{
"type": "WEB",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:099"
},
{
"type": "WEB",
"url": "http://www.novell.com/linux/security/advisories/2003_046_sane.html"
},
{
"type": "WEB",
"url": "http://www.redhat.com/support/errata/RHSA-2003-278.html"
},
{
"type": "WEB",
"url": "http://www.redhat.com/support/errata/RHSA-2003-285.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/8593"
}
],
"schema_version": "1.4.0",
"severity": []
}
gsd-2003-0774
Vulnerability from gsd
Modified
2023-12-13 01:22
Details
saned in sane-backends 1.0.7 and earlier does not quickly handle connection drops, which allows remote attackers to cause a denial of service (segmentation fault) when invalid memory is accessed.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2003-0774",
"description": "saned in sane-backends 1.0.7 and earlier does not quickly handle connection drops, which allows remote attackers to cause a denial of service (segmentation fault) when invalid memory is accessed.",
"id": "GSD-2003-0774",
"references": [
"https://www.debian.org/security/2003/dsa-379",
"https://access.redhat.com/errata/RHSA-2003:285",
"https://access.redhat.com/errata/RHSA-2003:278"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2003-0774"
],
"details": "saned in sane-backends 1.0.7 and earlier does not quickly handle connection drops, which allows remote attackers to cause a denial of service (segmentation fault) when invalid memory is accessed.",
"id": "GSD-2003-0774",
"modified": "2023-12-13T01:22:13.097148Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0774",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "saned in sane-backends 1.0.7 and earlier does not quickly handle connection drops, which allows remote attackers to cause a denial of service (segmentation fault) when invalid memory is accessed."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2003:278",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-278.html"
},
{
"name": "CSSA-2004-005.0",
"refsource": "SCO",
"url": "ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2004-005.0/CSSA-2004-005.0.txt"
},
{
"name": "SuSE-SA:2003:046",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2003_046_sane.html"
},
{
"name": "RHSA-2003:285",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-285.html"
},
{
"name": "8593",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/8593"
},
{
"name": "DSA-379",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2003/dsa-379"
},
{
"name": "MDKSA-2003:099",
"refsource": "MANDRAKE",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:099"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:sane:sane:1.0.7_beta1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sane:sane:1.0.7_beta2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sane:sane:1.0.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sane:sane:1.0.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sane:sane-backend:1.0.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sane:sane:1.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sane:sane:1.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sane:sane:1.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sane:sane:1.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sane:sane:1.0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sane:sane:1.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sane:sane:1.0.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sane:sane:1.0.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0774"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "saned in sane-backends 1.0.7 and earlier does not quickly handle connection drops, which allows remote attackers to cause a denial of service (segmentation fault) when invalid memory is accessed."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-379",
"refsource": "DEBIAN",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2003/dsa-379"
},
{
"name": "RHSA-2003:278",
"refsource": "REDHAT",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-278.html"
},
{
"name": "RHSA-2003:285",
"refsource": "REDHAT",
"tags": [],
"url": "http://www.redhat.com/support/errata/RHSA-2003-285.html"
},
{
"name": "SuSE-SA:2003:046",
"refsource": "SUSE",
"tags": [],
"url": "http://www.novell.com/linux/security/advisories/2003_046_sane.html"
},
{
"name": "CSSA-2004-005.0",
"refsource": "SCO",
"tags": [],
"url": "ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2004-005.0/CSSA-2004-005.0.txt"
},
{
"name": "MDKSA-2003:099",
"refsource": "MANDRAKE",
"tags": [],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:099"
},
{
"name": "8593",
"refsource": "BID",
"tags": [],
"url": "http://www.securityfocus.com/bid/8593"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"severity": "HIGH",
"userInteractionRequired": false
}
},
"lastModifiedDate": "2008-09-10T19:20Z",
"publishedDate": "2003-09-22T04:00Z"
}
}
}
fkie_cve-2003-0774
Vulnerability from fkie_nvd
Published
2003-09-22 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
saned in sane-backends 1.0.7 and earlier does not quickly handle connection drops, which allows remote attackers to cause a denial of service (segmentation fault) when invalid memory is accessed.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2004-005.0/CSSA-2004-005.0.txt | ||
| cve@mitre.org | http://www.debian.org/security/2003/dsa-379 | Exploit, Patch, Vendor Advisory | |
| cve@mitre.org | http://www.mandriva.com/security/advisories?name=MDKSA-2003:099 | ||
| cve@mitre.org | http://www.novell.com/linux/security/advisories/2003_046_sane.html | ||
| cve@mitre.org | http://www.redhat.com/support/errata/RHSA-2003-278.html | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.redhat.com/support/errata/RHSA-2003-285.html | ||
| cve@mitre.org | http://www.securityfocus.com/bid/8593 | ||
| af854a3a-2127-422b-91ae-364da2661108 | ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2004-005.0/CSSA-2004-005.0.txt | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2003/dsa-379 | Exploit, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDKSA-2003:099 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.novell.com/linux/security/advisories/2003_046_sane.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2003-278.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2003-285.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/8593 |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sane:sane:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "49B2EFC6-08BE-45A6-81A9-1592C18FC41E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sane:sane:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C653F5D7-8F19-4EA6-A3E1-CBE493D45E86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sane:sane:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "67D729AD-29EB-4352-811C-CF4BE2A78699",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sane:sane:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5081C505-7F02-450F-AFC0-75BBF21C0BED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sane:sane:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "75940BFB-561E-4F68-9301-BB4ACC667E08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sane:sane:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F6688485-2120-4660-B9C2-3DFA1BE970AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sane:sane:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "4A638B1D-4542-4195-990C-43F451B4A6BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sane:sane:1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F806EB9D-A188-4580-B01E-3EFC5791A771",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sane:sane:1.0.7_beta1:*:*:*:*:*:*:*",
"matchCriteriaId": "8AB22C87-F2E6-493F-AE53-B9549A786372",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sane:sane:1.0.7_beta2:*:*:*:*:*:*:*",
"matchCriteriaId": "EB0E5793-44DB-48F4-B07C-740E45F87A0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sane:sane:1.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "FFE0F785-1D8C-4B58-B437-EA5E71645A04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sane:sane:1.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "4D360EAE-7D1D-463F-B9F2-CC1C8D0A2819",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sane:sane-backend:1.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "1E7DF79C-DB91-4625-8F47-E18E828D5F81",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "saned in sane-backends 1.0.7 and earlier does not quickly handle connection drops, which allows remote attackers to cause a denial of service (segmentation fault) when invalid memory is accessed."
},
{
"lang": "es",
"value": "saned en sane-backends 1.07 u anteriores no maneja con rapidez caidas de conexiones, lo que permite a atacantes remotos causar una denegaci\u00f3n de servicio (fallo de segmentaci\u00f3n) cuando se accede memoria no v\u00e1lida."
}
],
"id": "CVE-2003-0774",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2003-09-22T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2004-005.0/CSSA-2004-005.0.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2003/dsa-379"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:099"
},
{
"source": "cve@mitre.org",
"url": "http://www.novell.com/linux/security/advisories/2003_046_sane.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-278.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2003-285.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/8593"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2004-005.0/CSSA-2004-005.0.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2003/dsa-379"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:099"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2003_046_sane.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-278.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2003-285.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/8593"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…