CVE names Description
CVE-2005-0022 An exploit for a buffer overflow in the Exim mail server. A remote attacker could trigger this vulnerability and execute arbitrary code as the 'exim' unprivileged user. In order to exploit this vulnerability the not-default Exim mail server needs to be installed and SPA authentication specifically enabled, which is not a usual configuration. Attempts to remotely exploit this flaw should also be caught by Exec-Shield.
CVE-2005-1921, CVE-2005-2498 Two exploits for flaws in the PHP PEAR XML-RPC code. These exploits require a server to be running a third party PHP application that exports an XML-RPC interface. A sucessful exploit will cause arbitrary PHP commands to be executed as the 'apache' user. The default SELinux targetted policy for Apache will restrict what a sucessful exploit is able to do.
CVE-2005-0710, CVE-2005-0709 Two exploits for flaws in the MySQL server. A remote authenticated user with privileges to insert or delete from a database table could execute arbitrary code on the MySQL server as the unprivileged 'mysql' user. The default SELinux targeted policy for MySQL will also restrict what a sucessful exploit is able to do.

Table 7. Exploits for flaws in servers and services

Close Window