As web applications become increasingly complex, tremendous amounts of sensitive data - personal, medical and financial - are exchanged, and stored. Consumers expect and demand security for this information. This whitepaper examines a few vulnerability detection methods - specifically comparing and contrasting manual penetration testing with automated scanning tools. Download "Automated Scanning or Manual Penetration Testing?" today!
------------------------------------------------------------------
I. FRONT AND CENTER
1. Zero Day Patches
2. Building Secure Applications: Consistent Logging
II. BUGTRAQ SUMMARY
1. Microsoft Windows Server Service Remote Buffer Overflow Vulnerability
2. uTorrent Torrent File Handling Remote Buffer Overflow Vulnerability
3. PHP Session.Save_Path() Safe_Mode and Open_Basedir Restriction Bypass Vulnerability
4. Oracle October 2006 Security Update Multiple Vulnerabilities
5. Mozilla Firefox Popup Blocker Cross Zone Security Bypass Weakness
6. Mozilla Firefox 2 Password Manager Cross-Site Information Disclosure Weakness
7. Apple QuickTime Multiple Unspecified Code Execution Vulnerabilities
8. Snort Backtracking Denial of Service Vulnerability
9. Oracle January 2007 Security Update Multiple Vulnerabilities
10. PHPPeanuts Inspect.PHP Remote File Include Vulnerability
11. Linux Kernel NFSACL Denial of Service Vulnerability
12. CPIO Filename Directory Traversal Vulnerability
13. Apple QuickTime MOV File Heap Overflow Vulnerability
14. Macromedia Shockwave 10 SWDIR.DLL Multiple ActiveX Control Remote Denial of Service Vulnerabilities
15. PHPMyAdmin PMA_ArrayWalkRecursive Function Remote Denial of Service Vulnerability
16. Xoops Multiple Unspecified SQL Injection Vulnerabilities
17. Asterisk Chan_Sip.c Unspecified Remote Denial of Service Vulnerability
18. SnapGear Unspecified Denial Of Service Vulnerability
19. WebCalendar Certain Variable Overwrite Vulnerability
20. PHP4 Ovrimos Extension Code Execution Vulnerability
21. PHP MSSQL_Connect Local Buffer Overflow Vulnerability
22. Mod_Security ASCIIZ Byte POST Bypass Vulnerability
23. Vipul Razor-agents Multiple Unspecified Denial Of Service Vulnerabilities
24. PPCal Shopping Cart Cross-Site Scripting Vulnerability
25. EPortfolio Client Side Input Validation Vulnerability
26. SQL-Ledger/LedgerSMB Remote Code Execution Vulnerability
27. MPlayer DMO File Parsing Buffer Overflow Vulnerability
28. TCPDump IEEE802.11 printer Remote Buffer Overflow Vulnerability
29. GraphicsMagick PALM DCM Buffer Overflow Vulnerabilities
30. Mozilla Thunderbird/SeaMonkey/Firefox Multiple Remote Vulnerabilities
31. Mozilla Firefox OnUnload Memory Corruption Vulnerability
32. Mozilla Firefox Javascript URI Remote Code Execution Vulnerability
33. Mozilla Firefox Location.Hostname Dom Property Cookie Theft Vulnerability
34. Mozilla Thunderbird/Seamonkey Rich Text Integer Overflow Vulnerability
35. GnuPG Signed Message Arbitrary Content Injection Weakness
36. PHP Version 5.2.0 and Prior Multiple Vulnerabilities
37. PHP Shared Memory Functions Resource Verification Arbitrary Code Execution Vulnerability
38. PostGuestbook Header.PHP Remote File Include Vulnerability
39. Sun Ipmitool Interface Remote Unauthorized Access Vulnerability
40. Apache mod_python Output Filter Mode Information Disclosure Vulnerability
41. KDE Konqueror KHTML Library Title Cross Site Scripting Vulnerability
42. XML-RPC for PHP Remote Code Injection Vulnerability
43. Novell NetMail Multiple Buffer Overflow Vulnerabilities
44. Clam Anti-Virus ClamAV Unspecified Quantum Decompressor Denial Of Service Vulnerability
45. GDB Multiple Vulnerabilities
46. Microsoft Windows OLE32.DLL Word Document Handling Denial Of Service Vulnerability
47. ImageMagick And GraphicsMagick XWD Decoder Denial Of Service Vulnerability
48. PSWD.JS Insecure Password Hash Weakness
49. CGI Rescue Shopping Cart Professional Remote Command Execution Vulnerability
50. Call-Center-Software Add_Call.PHP HTML Injection Vulnerability
51. PHP Invoice Home.PHP Cross-Site Scripting Vulnerability
52. Kayako SupportSuite Index.PHP Multiple HTML Injection Vulnerabilities
53. Drupal User.Module Cross-Site Scripting Vulnerability
54. Rocks Clusters Local Privilege Escalation Vulnerabilities
55. NeoEngine Format String And Denial Of Service Vulnerabilities
56. Apple Xsan Filesystem Path Name Buffer Overflow Vulnerability
57. Libmikmod XCOM Handler Remote Heap Buffer Overflow Vulnerability
58. CPanel DNSlook.HTML Cross-Site Scripting Vulnerability
59. Adobe Reader AcroPDF.DLL Resource Consumption Denial of Service Vulnerability
60. Cpanel Select.HTML Cross-Site Scripting Vulnerability
61. Jetbox CMS Config.PHP Remote File Include Vulnerability
62. ImageMagick PNM Image Decoding Remote Buffer Overflow Vulnerability
63. Ipswitch IMail Server/Collaboration Suite Multiple Buffer Overflow Vulnerabilities
64. SpamAssassin Malformed Email Header Remote Denial Of Service Vulnerability
65. Invision Power Board Profile.PHP Input Validation Vulnerability
66. Dreameesoft Password Master Local Authentication Bypass Vulnerability
67. SUSE Linux Multiple Local Privilege Escalation Vulnerabilities
68. Radscan Conquest Multiple Remote Vulnerabilities
69. Util-Linux Umount Filesystem NULL Pointer Dereference Vulnerability
70. Clam Anti-Virus ClamAV Mac OS X Command Execution Vulnerability
71. Computer Associates Virus Definition Downgrade Vulnerability
72. WinZip ActiveX Control Remote Code Execution Vulnerability
73. Todd Miller Sudo Local Race Condition Vulnerability
74. Lazarus Guestbook Multiple Unspecified Cross-Site Scripting Vulnerabilities
75. Flat Chat Startsession.PHP Remote PHP Code Execution Vulnerability
76. RETIRED: VBulletin Event Admincp/Index.PHP RSS HTML Injection Vulnerability
77. Nullsoft Winamp Malformed Playlist File Handling Remote Buffer Overflow Vulnerability
78. LibTIFF TIFFOpen Buffer Overflow Vulnerability
79. GNU GZip Archive Handling Multiple Remote Vulnerabilities
80. Drupal Nodefamily Module Security Bypass Vulnerability
81. GNU Fileutils Directory Removal Race Condition Vulnerability
82. Microsoft Excel NULL Pointer Dereference Denial Of Service Vulnerability
83. PHP 5 Substr_Compare Integer Overflow Vulnerability
84. Apple Quicktime UDTA ATOM Integer Overflow Vulnerability
85. Squid Proxy Unspecified DNS Spoofing Vulnerability
86. Squid Proxy Set-Cookie Headers Information Disclosure Vulnerability
87. Squid Proxy Oversize HTTP Headers Unspecified Remote Vulnerability
88. ClamAV CAB File Remote Denial of Service Vulnerability
89. ClamAV MIME Header ID Parameter String Directory Traversal Vulnerability
90. Squid Proxy NTLM Fakeauth_Auth Memory Leak Remote Denial Of Service Vulnerability
91. STLPort Library Multiple Unspecified Buffer Overflow Vulnerabilities
92. Linux Kernel ListXATTR Local Denial of Service Vulnerability
93. Linux Kernel Key_Alloc_Serial() Local Denial of Service Vulnerability
94. Silc Server New Channel Remote Denial Of Service Vulnerability
95. Linux Kernel ELF Core Dump Local Buffer Overflow Vulnerability
96. Mercury Mail Transport System Concatenated Data Buffer Overflow Vulnerability
97. Smarty Smarty.Class.PHP Remote File Include Vulnerability
98. Avaya Communications Manager Javascript Remote Code Execution Vulnerability
99. RealNetworks RealPlayer RealText Parsing Heap Overflow Vulnerability
100. D-BUS Session Bus Local Privilege Escalation Vulnerability
III. SECURITYFOCUS NEWS
1. Stormy weather for malware defenses
2. Maynor reveals missing Apple flaws
3. Legal threats scuttle RFID flaw demo
4. Google Desktop flaw allows data theft
IV. SECURITY JOBS LIST SUMMARY
1. [SJ-JOB] Sr. Security Analyst, Westlake Village
2. [SJ-JOB] Sr. Security Analyst, Long Island
3. [SJ-JOB] VP, Information Security, London
4. [SJ-JOB] Security Consultant, London
5. [SJ-JOB] Forensics Engineer, Cupertino
6. [SJ-JOB] Manager, Information Security, Bangalore
7. [SJ-JOB] Security System Administrator, St. Louis Park
8. [SJ-JOB] Penetration Engineer, Dubai
9. [SJ-JOB] Security Architect, Prague
10. [SJ-JOB] Security Consultant, Buckinghamshire
11. [SJ-JOB] Sales Representative, Atlanta
12. [SJ-JOB] Security Consultant, Mons
13. [SJ-JOB] Security Consultant, Tallahassee
14. [SJ-JOB] Security Engineer, Woking
15. [SJ-JOB] Information Assurance Analyst, Mumbai
16. [SJ-JOB] Management, London
17. [SJ-JOB] Security Consultant, Winnipeg
18. [SJ-JOB] Sr. Security Engineer, Montvale
19. [SJ-JOB] Security Engineer, Frankfurt
20. [SJ-JOB] VP, Information Security, Warren
21. [SJ-JOB] VP, Information Security, Warren
22. [SJ-JOB] Security Architect, Sydney
23. [SJ-JOB] Security Consultant, Dallas
V. INCIDENTS LIST SUMMARY
VI. VULN-DEV RESEARCH LIST SUMMARY
1. HITBSecConf2007 - Malaysia: Call for Papers now Open
2. Woltlab Burning Board (wbb) 2.3.6 CSRF/XSS - 0day
3. Black And White Ball (Con) - March Press Release
VII. MICROSOFT FOCUS LIST SUMMARY
1. MBSA alternative?
VIII. SUN FOCUS LIST SUMMARY
IX. LINUX FOCUS LIST SUMMARY
X. UNSUBSCRIBE INSTRUCTIONS
XI. SPONSOR INFORMATION
I. FRONT AND CENTER
---------------------
1. Zero Day Patches
By Federico Biancuzzi
Zero day exploits were once the realm of just underground and elite hackers, but their increased prevalence is bringing a positive new trend: unofficial patches from members of the community, offered for protection before official vendor patches appear. Federico Biancuzzi interviewed Landon Fuller, who wrote Mac OS X patches for recent Month of Apple Bugs vulnerabilities, and the ZERT team, which has offered patches for critical Microsoft Windows zero-days that were actively exploited.
http://www.securityfocus.com/columnists/437
2. Building Secure Applications: Consistent Logging
By Rohit Sethi and Nish Bhalla
This article focuses on developers and discusses how to use consistent application-layer logging along with Log4J or Log4net for the real-time detection of attacks.
http://www.securityfocus.com/infocus/1888
II. BUGTRAQ SUMMARY
--------------------
1. Microsoft Windows Server Service Remote Buffer Overflow Vulnerability
BugTraq ID: 19409
Remote: Yes
Last Updated: 2007-03-08
Relevant URL: http://www.securityfocus.com/bid/19409
Summary:
Microsoft Windows Server Service is prone to a remote buffer-overflow vulnerability.
This vulnerability arises when the service processes a malicious message in RPC communications.
A successful attack may result in arbitrary code execution with SYSTEM privileges leading to a full compromise. Attack attempts may result in denial-of-service conditions as well.
Microsoft has reported that this issue is being exploited in the wild.
Update (August 14, 2006): A worm named 'W32.Wargbot' that exploits this issue to spread is currently in the wild.
2. uTorrent Torrent File Handling Remote Buffer Overflow Vulnerability
BugTraq ID: 22530
Remote: Yes
Last Updated: 2007-03-08
Relevant URL: http://www.securityfocus.com/bid/22530
Summary:
uTorrent is prone to a remote stack-based buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer.
Exploiting this issue allows attackers to execute arbitrary machine code in the context of the application.
This issue affects version 1.6; other versions may also be affected.
3. PHP Session.Save_Path() Safe_Mode and Open_Basedir Restriction Bypass Vulnerability
BugTraq ID: 21508
Remote: No
Last Updated: 2007-03-06
Relevant URL: http://www.securityfocus.com/bid/21508
Summary:
PHP is prone to a 'safe_mode' and 'open_basedir' restriction-bypass vulnerability. Successful exploits could allow an attacker to access sensitive information or to write files in unauthorized locations.
This vulnerability would be an issue in shared-hosting configurations where multiple users can create and execute arbitrary PHP script code; in such cases, the 'safe_mode' and 'open_basedir' restrictions are expected to isolate users from each other.
PHP version 5.2.0 is vulnerable to this issue.
4. Oracle October 2006 Security Update Multiple Vulnerabilities
BugTraq ID: 20588
Remote: Yes
Last Updated: 2007-03-06
Relevant URL: http://www.securityfocus.com/bid/20588
Summary:
Multiple vulnerabilities affect various Oracle applications, including:
Oracle Database
Oracle Application Server
Oracle Application Express
Oracle Collaboration Suite
Oracle E-Business Suite
Oracle Pharmaceutical Applications
Oracle PeopleSoft Enterprise PeopleTools and Portal Solutions
JD Edwards EnterpriseOne
JD Edwards OneWorld Tools
Oracle has released a Critical Patch Update advisory for October 2006 to address these vulnerabilities for supported releases. Earlier unsupported releases are likely to be affected by these issues as well.
The Oracle advisory details 101 vulnerabilities in all. This BID will be updated as further analysis of the individual issues reveals more detailed information.
5. Mozilla Firefox Popup Blocker Cross Zone Security Bypass Weakness
BugTraq ID: 22396
Remote: Yes
Last Updated: 2007-03-06
Relevant URL: http://www.securityfocus.com/bid/22396
Summary:
Mozilla Firefox is prone to a cross-zone security-bypass weakness. This issue allows attackers to open 'file://' URIs from remote websites.
By exploiting this issue in conjunction with other weaknesses or vulnerabilities, attackers may be able to execute arbitrary script code with the elevated privileges that are granted to scripts when they are executed from local sources.
Mozilla Firefox 1.5.0.9 is affected by this issue; other versions may be affected as well.
6. Mozilla Firefox 2 Password Manager Cross-Site Information Disclosure Weakness
BugTraq ID: 21240
Remote: Yes
Last Updated: 2007-03-06
Relevant URL: http://www.securityfocus.com/bid/21240
Summary:
Mozilla Firefox is reportedly prone to an information-disclosure weakness because it fails to properly notify users of the automatic population of form fields in disparate URLs deriving from the same domain.
Exploiting this issue may allow attackers to obtain user credentials that have been saved in forms deriving from the same website where attack code resides. The most common manifestation of this condition would typically be in blogs or forums. This may allow attackers to access potentially sensitive information that would facilitate the success of phishing attacks.
Initial reports and preliminary testing indicate that this issue affects only Firefox 2.
7. Apple QuickTime Multiple Unspecified Code Execution Vulnerabilities
BugTraq ID: 22827
Remote: Yes
Last Updated: 2007-03-06
Relevant URL: http://www.securityfocus.com/bid/22827
Summary:
Apple QuickTime is prone to multiple unspecified remote code-execution vulnerabilities including mulitple heap and stack-based buffer-overflow and integer-overflow issues.
These issues arise when the application handles specially crafted 3GP, MIDI, MOV, PICT, and QTIF files.
An attacker can exploit these issues to execute arbitrary code in the context of the user running the applicaiton. Successful attacks can result in the compromise of the applicaiton or can cause denial-of-service conditions.
Few details regarding these issues are currently available. Separate BIDs for each issue will be created as new information becomes available.
QuickTime versions prior to 7.1.5 are vulnerable.
8. Snort Backtracking Denial of Service Vulnerability
BugTraq ID: 21991
Remote: Yes
Last Updated: 2007-03-06
Relevant URL: http://www.securityfocus.com/bid/21991
Summary:
Snort is prone to a denial-of-service vulnerability because the network intrusion detection (NID) system fails to handle specially crafted network packets.
An attacker can exploit this issue to cause the affected NID system to consume 100% CPU resources, allowing malicious network traffic to avoid detection.
This issue affects versions prior to 2.6.1.
9. Oracle January 2007 Security Update Multiple Vulnerabilities
BugTraq ID: 22083
Remote: Yes
Last Updated: 2007-03-06
Relevant URL: http://www.securityfocus.com/bid/22083
Summary:
Oracle has released a Critical Patch Update advisory for January 2007 to address these vulnerabilities for supported releases. Earlier unsupported releases are likely to be affected by these issues as well.
The issues identified by the vendor affect all security properties of the Oracle products and present local and remote threats. Various levels of authorization are needed to leverage some of the issues, but other issues do not require any authorization. The most severe of the vulnerabilities could possibly expose affected computers to complete compromise.
10. PHPPeanuts Inspect.PHP Remote File Include Vulnerability
BugTraq ID: 21057
Remote: Yes
Last Updated: 2007-03-06
Relevant URL: http://www.securityfocus.com/bid/21057
Summary:
PHPPeanuts is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data.
Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible.
11. Linux Kernel NFSACL Denial of Service Vulnerability
BugTraq ID: 22625
Remote: No
Last Updated: 2007-03-06
Relevant URL: http://www.securityfocus.com/bid/22625
Summary:
The Linux kernel is prone to a local denial-of-service vulnerability.
An attacker can exploit this issue to crash the affected computer, denying service to legitimate users.
This issue affects the Linux kernel 2.6 series up to 2.6.20.
12. CPIO Filename Directory Traversal Vulnerability
BugTraq ID: 13291
Remote: Yes
Last Updated: 2007-03-06
Relevant URL: http://www.securityfocus.com/bid/13291
Summary:
The cpio utility is prone to a directory-traversal vulnerability. The issue occurs when cpio is invoked on a malicious archive.
An archive containing an absolute path for a filename that contains '/' characters results in the file getting written using the absolute path contained in the filename.
A remote attacker may leverage this issue using a malicious archive to corrupt arbitrary files with the privileges of the user that is running the vulnerable software.
13. Apple QuickTime MOV File Heap Overflow Vulnerability
BugTraq ID: 22843
Remote: Yes
Last Updated: 2007-03-06
Relevant URL: http://www.securityfocus.com/bid/22843
Summary:
Apple QuickTime is prone to a heap buffer-overflow issue because it fails to properly check boundaries on user-supplied data.
Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the user running the application. Failed exploit attempts likely result in denial-of-service conditions.
QuickTime 7.1 is vulnerable; other versions may also be affected.
This issue was previously discussed in BID 22827 (Apple QuickTime Multiple Unspecified Code Execution Vulnerabilities), but has been assigned its own record because of new information.
14. Macromedia Shockwave 10 SWDIR.DLL Multiple ActiveX Control Remote Denial of Service Vulnerabilities
BugTraq ID: 22842
Remote: Yes
Last Updated: 2007-03-06
Relevant URL: http://www.securityfocus.com/bid/22842
Summary:
Macromedia Shockwave is prone to multiple denial-of-service vulnerabilities.
An attacker can exploit these issues to trigger denial-of-service conditions in Internet Explorer or other applications that use the vulnerable ActiveX control. Due to the nature of these issues, code-execution may also be possible, but this has not been confirmed.
Macromedia Shockwave 10.1.4.20 is vulnerable to these issues; other versions may also be affected.
15. PHPMyAdmin PMA_ArrayWalkRecursive Function Remote Denial of Service Vulnerability
BugTraq ID: 22841
Remote: Yes
Last Updated: 2007-03-06
Relevant URL: http://www.securityfocus.com/bid/22841
Summary:
phpMyAdmin is prone to a remote denial-of-service vulnerability.
Exploiting this issue allows remote, unauthenticated attackers to cause the application to crash, effectively denying service to legitimate users.
phpMyAdmin 2.10.0.1 and prior versions are vulnerable to this issue.
16. Xoops Multiple Unspecified SQL Injection Vulnerabilities
BugTraq ID: 22399
Remote: Yes
Last Updated: 2007-03-06
Relevant URL: http://www.securityfocus.com/bid/22399
Summary:
Xoops is prone to multiple SQL-injection vulnerabilities because it fails to properly sanitize user-supplied input before using it in an SQL query.
An attacker may be able to exploit these issues to modify the logic of SQL queries. Successful exploits may allow the attacker to compromise the software, retrieve information, or modify data; other consequences are possible as well.
Xoops 2.0.16 is vulnerable.
17. Asterisk Chan_Sip.c Unspecified Remote Denial of Service Vulnerability
BugTraq ID: 20835
Remote: Yes
Last Updated: 2007-03-06
Relevant URL: http://www.securityfocus.com/bid/20835
Summary:
Asterisk is prone to a remote denial-of-service vulnerability.
Exploiting this issue allows remote attackers to consume excessive system resources until the software becomes unresponsive to further calls, effectively denying service to legitimate users.
Asterisk versions prior to 1.2.13 and to 1.4.0-beta3 are vulnerable to this issue.
18. SnapGear Unspecified Denial Of Service Vulnerability
BugTraq ID: 22835
Remote: Yes
Last Updated: 2007-03-06
Relevant URL: http://www.securityfocus.com/bid/22835
Summary:
SnapGear is prone to a denial-of-service vulnerability because the device fails to handle exceptional conditions.
An attacker can exploit this issue to cause the affected device to stop processing packets, denying service to legitimate users.
This issue affects the 560, 585, 580, 640, 710, and 720 models.
19. WebCalendar Certain Variable Overwrite Vulnerability
BugTraq ID: 22834
Remote: Yes
Last Updated: 2007-03-06
Relevant URL: http://www.securityfocus.com/bid/22834
Summary:
WebCalendar is prone to a variable-overwrite vulnerability because the application fails to sanitize user-supplied input.
By overwriting system variables with arbitrary input, the attacker may be able perform cross-site scripting, SQL-injection, and other attacks.
Version 1.0.4 is vulnerable to this issue; prior versions may also be affected.
20. PHP4 Ovrimos Extension Code Execution Vulnerability
BugTraq ID: 22833
Remote: No
Last Updated: 2007-03-06
Relevant URL: http://www.securityfocus.com/bid/22833
Summary:
PHP4 is prone to a code-execution vulnerability due to a design error in a vulnerable extension.
For this vulnerability to occur, the non-maintained 'Ovrimos SQL Server Extension' must have been compiled into the targetted PHP implementation.
Successful exploits may allow an attacker to execute arbitrary code in the context of the affected application. Failed exploits would likely crash PHP.
PHP versions prior to 4.4.5 with a compiled 'Ovrimos SQL Server Extension' are vulnerable to this issue.
21. PHP MSSQL_Connect Local Buffer Overflow Vulnerability
BugTraq ID: 22832
Remote: No
Last Updated: 2007-03-06
Relevant URL: http://www.securityfocus.com/bid/22832
Summary:
PHP is prone to a local buffer-overflow vulnerability.
An attacker can exploit this issue to execute arbitrary machine code in the context of the affected webserver. Failed exploit attempts will likely crash the webserver, denying service to legitimate users.
PHP for Microsoft Windows versions prior to 4.4.6 are vulnerable; other versions may also be affected.
22. Mod_Security ASCIIZ Byte POST Bypass Vulnerability
BugTraq ID: 22831
Remote: Yes
Last Updated: 2007-03-06
Relevant URL: http://www.securityfocus.com/bid/22831
Summary:
Mod_Security is prone to a POST-parsing-bypass vulnerability. Successful attacks could allow an attacker to bypass mod_security restrictions and successfully submit malicious input to mod_security-protected sites.
The issue derives from a difference in the way the mod_security HTTP request parser and protected backend web-scripting languages process incoming data following ASCIIZ bytes.
This issue is reported to affect all iterations of mod_security below 2.1.0.
23. Vipul Razor-agents Multiple Unspecified Denial Of Service Vulnerabilities
BugTraq ID: 13984
Remote: Yes
Last Updated: 2007-03-06
Relevant URL: http://www.securityfocus.com/bid/13984
Summary:
Vipul Razor-agents is prone to multiple unspecified denial-of-service vulnerabilities:
- An issue resides in the discovery logic of Razor-agents.
- Another issue resides in the preprocessing code of Razor-agents.
Attackers may exploit both issues to cause a denial of service for the vulnerable application.
24. PPCal Shopping Cart Cross-Site Scripting Vulnerability
BugTraq ID: 15892
Remote: Yes
Last Updated: 2007-03-06
Relevant URL: http://www.securityfocus.com/bid/15892
Summary:
PPCal Shopping Cart is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
25. EPortfolio Client Side Input Validation Vulnerability
BugTraq ID: 22829
Remote: Yes
Last Updated: 2007-03-06
Relevant URL: http://www.securityfocus.com/bid/22829
Summary:
ePortfolio is prone to a client-side input-validation vulnerability because the application fails to sufficiently sanitize user-supplied data.
An attacker can exploit this issue to perform various attacks that are caused by input-validation vulnerabilities. These may include cross-site scripting attacks, SQL-injection attacks, and possibly others.
26. SQL-Ledger/LedgerSMB Remote Code Execution Vulnerability
BugTraq ID: 22828
Remote: Yes
Last Updated: 2007-03-06
Relevant URL: http://www.securityfocus.com/bid/22828
Summary:
SQL-Ledger/LedgerSMB products are prone to vulnerability that lets remote attackers execute arbitrary code.
Remote attackers could exploit this issue to execute arbitrary code in the context of the affected application. This could lead to the compromise of a vulnerable system.
SQL-Ledger versions prior to 2.6.25 and LedgerSMB versions prior to 1.1.5 are vulnerable.
27. MPlayer DMO File Parsing Buffer Overflow Vulnerability
BugTraq ID: 22771
Remote: Yes
Last Updated: 2007-03-08
Relevant URL: http://www.securityfocus.com/bid/22771
Summary:
MPlayer is susceptible to a buffer-overflow vulnerability when it attempts to process malformed video files. This issue occurs because the application fails to perform proper bounds-checking on user-supplied data before copying it to an insufficiently sized memory buffer.
An attacker may exploit this issue to execute arbitrary code with the privileges of the user that activated the vulnerable application. This may facilitate unauthorized access or privilege escalation.
MPlayer version 1.0rc1 is vulnerable to this issue; previous versions may also be affected.
28. TCPDump IEEE802.11 printer Remote Buffer Overflow Vulnerability
BugTraq ID: 22772
Remote: Yes
Last Updated: 2007-03-08
Relevant URL: http://www.securityfocus.com/bid/22772
Summary:
The 'tcpdump' utility is prone to a heap-based buffer-overflow vulnerability because it fails to bounds-check user-supplied input before copying it into an insufficiently sized memory buffer.
An attacker can exploit this issue to execute arbitrary malicious code in the context of the user running the affected application. Failed exploit attempts will likely crash the affected application.
This issue affects tcpdump 3.9.5 and prior versions.
29. GraphicsMagick PALM DCM Buffer Overflow Vulnerabilities
BugTraq ID: 20707
Remote: No
Last Updated: 2007-03-08
Relevant URL: http://www.securityfocus.com/bid/20707
Summary:
GraphicsMagick is prone to multiple buffer-overflow vulnerabilities because it fails to perform adequate boundary checks on user-supplied data before copying it to insufficiently sized buffers.
Successful exploits may allow an attacker to execute arbitrary machine code to compromise an affected computer or to cause denial-of-service conditions.
GraphicsMagick 1.1.7 and prior versions are vulnerable.
30. Mozilla Thunderbird/SeaMonkey/Firefox Multiple Remote Vulnerabilities
BugTraq ID: 22694
Remote: Yes
Last Updated: 2007-03-08
Relevant URL: http://www.securityfocus.com/bid/22694
Summary:
The Mozilla Foundation has released six security advisories specifying vulnerabilities in Firefox, SeaMonkey, and Thunderbird.
31. Mozilla Firefox OnUnload Memory Corruption Vulnerability
BugTraq ID: 22679
Remote: Yes
Last Updated: 2007-03-08
Relevant URL: http://www.securityfocus.com/bid/22679
Summary:
Mozilla Firefox is prone to a remote memory-corruption vulnerability.
Successfully exploiting this issue may allow remote attackers to execute arbitrary machine code in the context of the affected application. This could facilitate the remote compromise of affected computers.
Mozilla Firefox version 2.0.0.1 is vulnerable to this issue; other versions are also likely affected.
32. Mozilla Firefox Javascript URI Remote Code Execution Vulnerability
BugTraq ID: 22826
Remote: Yes
Last Updated: 2007-03-08
Relevant URL: http://www.securityfocus.com/bid/22826
Summary:
Mozilla Firefox is prone to a remote code-execution vulnerability due to a design error.
Attackers may exploit this issue by enticing victims into visiting a malicious site.
Successful exploits may allow an attacker to crash the application or execute arbitrary code in the context of the affected application.
33. Mozilla Firefox Location.Hostname Dom Property Cookie Theft Vulnerability
BugTraq ID: 22566
Remote: Yes
Last Updated: 2007-03-08
Relevant URL: http://www.securityfocus.com/bid/22566
Summary:
Mozilla Firefox is prone to a vulnerability that allows attackers to steal cookies. This issue occurs because the application fails to sufficiently sanitize user-supplied input.
An attacker can exploit this issue to manipulate cookie-based authentication credentials for third-party web pages or to control how the site is rendered to the user. Exploiting this issue may allow the attacker to bypass the same-origin policy for cross-window/cross-frame data access; other attacks are also possible.
This issue affects version 2.0.0.1; prior versions may also be affected.
34. Mozilla Thunderbird/Seamonkey Rich Text Integer Overflow Vulnerability
BugTraq ID: 22845
Remote: Yes
Last Updated: 2007-03-08
Relevant URL: http://www.securityfocus.com/bid/22845
Summary:
Thunderbird and Seamonkey are prone to an integer-overflow vulnerability because they fail to handle excessively large specially formatted email messages.
A remote attacker can exploit this issue to execute arbitrary code; failed exploit attempts will likely result in denial-of-service conditions.
This issue affects Thunderbird versions prior to 1.5.0.10 and Seamonkey versions prior to 1.0.8.
35. GnuPG Signed Message Arbitrary Content Injection Weakness
BugTraq ID: 22757
Remote: Yes
Last Updated: 2007-03-08
Relevant URL: http://www.securityfocus.com/bid/22757
Summary:
GnuPG is prone to a weakness that may allow an attacker to add arbitrary content into a message without the end user knowing.
An attacker may be able to exploit this issue in applications using GnuPG to add arbitrary content into a signed and/or encrypted message.
Exploiting this issue depends on the individual application's use of GnuPG. Individual records will be created detailing this issue in affected applications.
36. PHP Version 5.2.0 and Prior Multiple Vulnerabilities
BugTraq ID: 22496
Remote: Yes
Last Updated: 2007-03-08
Relevant URL: http://www.securityfocus.com/bid/22496
Summary:
PHP version 5.2.0 and prior is prone to multiple security vulnerabilities. Successful exploits could allow an attacker to write files in unauthorized locations, cause a denial-of-service condition, and potentially execute code.
These issues are reported to affect PHP 4.4.4 and prior versions in the 4 branch, and 5.2.0 and prior versions in the 5 branch; other versions may also be vulnerable.
37. PHP Shared Memory Functions Resource Verification Arbitrary Code Execution Vulnerability
BugTraq ID: 22862
Remote: No
Last Updated: 2007-03-08
Relevant URL: http://www.securityfocus.com/bid/22862
Summary:
PHP shared memory functions (shmop) are prone to an arbitrary-code-execution vulnerability.
An attacker may exploit this issue to execute arbitrary code within the context of the affected webserver. The attacker may also gain access to RSA keys of the SSL certificate.
This issue affects PHP 4 versions prior to 4.4.5 and PHP 5 versions prior to 5.2.1.
38. PostGuestbook Header.PHP Remote File Include Vulnerability
BugTraq ID: 22858
Remote: Yes
Last Updated: 2007-03-08
Relevant URL: http://www.securityfocus.com/bid/22858
Summary:
PostGuestbook is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input.
An attacker can exploit this issue to include an arbitrary remote file containing malicious PHP code and execute it in the context of the webserver process. This may allow the attacker to compromise the application and the underlying system; other attacks are also possible.
This issue affects version 0.6.1; prior versions may also be affected.
39. Sun Ipmitool Interface Remote Unauthorized Access Vulnerability
BugTraq ID: 22859
Remote: Yes
Last Updated: 2007-03-08
Relevant URL: http://www.securityfocus.com/bid/22859
Summary:
Sun Ipmitool is prone to a remote unauthorized-access vulnerability.
Successful exploits will grant attackers access to administrative functionality that may be used to cause denial-of-service conditions on local or remote Sun Fire servers using the affected application.
This issue affects only the Sun Fire X2100M2 and Sun Fire X2200M2 without BMC/SP Firmware 2.9.
40. Apache mod_python Output Filter Mode Information Disclosure Vulnerability
BugTraq ID: 22849
Remote: Yes
Last Updated: 2007-03-08
Relevant URL: http://www.securityfocus.com/bid/22849
Summary:
The Apache mod_python module is prone to an information-disclosure vulnerability because of a design error in the affected application.
An attacker can exploit this issue to gain access to sensitive information that may lead to further attacks.
41. KDE Konqueror KHTML Library Title Cross Site Scripting Vulnerability
BugTraq ID: 22428
Remote: Yes
Last Updated: 2007-03-08
Relevant URL: http://www.securityfocus.com/bid/22428
Summary:
Konquerer is prone to a cross-site scripting vulnerability because the application fails to sufficiently sanitize user-supplied data.
Exploiting this issue may help the attacker steal cookie-based authentication credentials and launch other attacks.
All versions of KDE up to and including KDE 3.5.6 are vulnerable to this issue. Apple Safari web browser is also vulnerable to this issue.
42. XML-RPC for PHP Remote Code Injection Vulnerability
BugTraq ID: 14088
Remote: Yes
Last Updated: 2007-03-08
Relevant URL: http://www.securityfocus.com/bid/14088
Summary:
XML-RPC for PHP is affected by a remote code-injection vulnerability.
An attacker may exploit this issue to execute arbitrary commands or code in the context of the webserver. This may facilitate various attacks, including unauthorized remote access.
XML-RPC for PHP 1.1 and prior versions are affected by this issue. Other applications using this library are also affected.
43. Novell NetMail Multiple Buffer Overflow Vulnerabilities
BugTraq ID: 22857
Remote: Yes
Last Updated: 2007-03-08
Relevant URL: http://www.securityfocus.com/bid/22857
Summary:
Novell NetMail is prone to multiple remotely exploitable buffer-overflow vulnerabilities because it fails to do proper bounds checking on user-supplied input.
A successful exploit could let a remote attacker execute arbitrary code in the context of the affected application.
44. Clam Anti-Virus ClamAV Unspecified Quantum Decompressor Denial Of Service Vulnerability
BugTraq ID: 14058
Remote: Yes
Last Updated: 2007-03-08
Relevant URL: http://www.securityfocus.com/bid/14058
Summary:
ClamAV is prone to a denial-of-service vulnerability. The issue resides in the Quantum decompressor; the exact cause is not known.
Presumably, a remote attacker may exploit this condition using a malicious file to crash a target ClamAV server.
45. GDB Multiple Vulnerabilities
BugTraq ID: 13697
Remote: Yes
Last Updated: 2007-03-08
Relevant URL: http://www.securityfocus.com/bid/13697
Summary:
GDB is reportedly affected by multiple vulnerabilities. These issues can allow an attacker to execute arbitrary code and commands on an affected computer. A successful attack may allow the attacker to gain elevated privileges or unauthorized access.
The following specific issues were identified:
- a remote heap-overflow vulnerability when loading malformed object files.
- a local privilege-escalation vulnerability.
GDB 6.3 is reportedly affected by these issues; other versions are likely vulnerable as well. GNU binutils 2.14 and 2.15 are affected by the heap-overflow issue as well.
46. Microsoft Windows OLE32.DLL Word Document Handling Denial Of Service Vulnerability
BugTraq ID: 22847
Remote: Yes
Last Updated: 2007-03-08
Relevant URL: http://www.securityfocus.com/bid/22847
Summary:
The Microsoft 'ole32.dll' library is prone to a denial-of-service vulnerability. The issue occurs when the library handles document ('.doc') files containing large size values. It is conjectured that the execution of arbitrary code may be possible.
Software that is linked to the ole32.dll versions that reside on Microsoft Windows 2000 SP4 FR and XP SP2 FR platforms are vulnerable; other versions might alsso be affected.
47. ImageMagick And GraphicsMagick XWD Decoder Denial Of Service Vulnerability
BugTraq ID: 13705
Remote: Yes
Last Updated: 2007-03-08
Relevant URL: http://www.securityfocus.com/bid/13705
Summary:
A remote, client-side denial-of-service vulnerability affects ImageMagick and GraphicsMagick because the applications fail to handle malformed XWD image files.
A remote attacker may leverage this issue to cause the affected software to enter into an infinite loop, consuming CPU resources on the affected computer and denying service to legitimate users.
48. PSWD.JS Insecure Password Hash Weakness
BugTraq ID: 19333
Remote: Yes
Last Updated: 2007-03-08
Relevant URL: http://www.securityfocus.com/bid/19333
Summary:
Applications running pswd.js are prone to an insecure password-hash weakness. This issue is due to a design flaw that results in password hashes being created in an insecure manner.
This issue allows attackers to use precomputed password hashes in brute-force attacks and authenticate themselves against the vulnerable application running the script. A successful exploit of this issue may lead to other attacks.
49. CGI Rescue Shopping Cart Professional Remote Command Execution Vulnerability
BugTraq ID: 22245
Remote: Yes
Last Updated: 2007-03-08
Relevant URL: http://www.securityfocus.com/bid/22245
Summary:
Shopping Cart Professional is prone to a remote command-execution vulnerability because the application fails to properly sanitize user-supplied input.
Exploiting this issue allows attackers to execute arbitrary commands in the context of the server.
A successful exploit could facilitate the compromise of an affected computer; other attacks are also possible.
This issue affects versions 7.50; other versions may also be affected.
50. Call-Center-Software Add_Call.PHP HTML Injection Vulnerability
BugTraq ID: 22654
Remote: Yes
Last Updated: 2007-03-08
Relevant URL: http://www.securityfocus.com/bid/22654
Summary:
Call-Center-Software is prone to an HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied input data.
Exploiting this issue may allow an attacker to execute HTML and script code in the context of the affected site, to steal cookie-based authentication credentials, or to control how the site is rendered to the user; other attacks are also possible.
Version 0.93 is vulnerable; other versions may also be affected.
51. PHP Invoice Home.PHP Cross-Site Scripting Vulnerability
BugTraq ID: 20221
Remote: Yes
Last Updated: 2007-03-08
Relevant URL: http://www.securityfocus.com/bid/20221
Summary:
PHP Invoice is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.
An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
Version 2.2 is reported vulnerable; other versions may also be affected.
52. Kayako SupportSuite Index.PHP Multiple HTML Injection Vulnerabilities
BugTraq ID: 22631
Remote: Yes
Last Updated: 2007-03-08
Relevant URL: http://www.securityfocus.com/bid/22631
Summary:
SupportSuite is prone to multiple HTML-injection vulnerabilities because it fails to sufficiently sanitize user-supplied input data.
Exploiting these issues may allow an attacker to execute HTML and script code in the context of the affected site, to steal cookie-based authentication credentials, or to control how the site is rendered to the user; other attacks are also possible.
SupportSuite versions 3.00.13 and 3.04.10 are vulnerable; other versions may also be affected.
Unspecified versions of Kayako eSupport are also vulnerable.
53. Drupal User.Module Cross-Site Scripting Vulnerability
BugTraq ID: 19325
Remote: Yes
Last Updated: 2007-03-08
Relevant URL: http://www.securityfocus.com/bid/19325
Summary:
Drupal is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
Drupal 4.6x and 4.7x are affected by this issue.
54. Rocks Clusters Local Privilege Escalation Vulnerabilities
BugTraq ID: 19003
Remote: No
Last Updated: 2007-03-08
Relevant URL: http://www.securityfocus.com/bid/19003
Summary:
Rocks Clusters is prone to multiple local privilege-escalation vulnerabilities. These issues are due to a lack of proper sanitization of user-supplied input..
These issues allow local attackers to gain superuser privileges, facilitating the complete compromise of affected computers.
Rocks Clusters versions 4.1 and prior are vulnerable to these issues.
55. NeoEngine Format String And Denial Of Service Vulnerabilities
BugTraq ID: 18696
Remote: No
Last Updated: 2007-03-08
Relevant URL: http://www.securityfocus.com/bid/18696
Summary:
Multiple vulnerabilities exist in NeoEngine. As a result of a design error, the application fails to properly sanitize user-supplied input.
A successful attack may crash the application or lead to arbitrary code execution. This may help attackers deny service to legitimate users of the application, gain unauthorized access, or escalate privileges.
56. Apple Xsan Filesystem Path Name Buffer Overflow Vulnerability
BugTraq ID: 19579
Remote: Yes
Last Updated: 2007-03-08
Relevant URL: http://www.securityfocus.com/bid/19579
Summary:
Apple Xsan filesystem is prone to a buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied input before copying it into an insufficiently sized buffer.
This issue may allow remote attackers to execute arbitrary machine code with system privileges on computers directly attached to the vulnerable filesystem. Failed exploit attempts will likely crash the system, denying service to legitimate users.
57. Libmikmod XCOM Handler Remote Heap Buffer Overflow Vulnerability
BugTraq ID: 19134
Remote: Yes
Last Updated: 2007-03-08
Relevant URL: http://www.securityfocus.com/bid/19134
Summary:
A buffer-overflow vulnerability occurs in the libmikmod library. This issue is due to the software's failure to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer.
This issue may allow attackers to execute arbitrary machine code in the context of the affected application, which may facilitate the remote compromise of affected computers.
Versions 3.2.2 and prior are vulnerable; versions 2.x (which do not support the GT2 file format) are not vulnerable.
58. CPanel DNSlook.HTML Cross-Site Scripting Vulnerability
BugTraq ID: 21142
Remote: Yes
Last Updated: 2007-03-08
Relevant URL: http://www.securityfocus.com/bid/21142
Summary:
Cpanel is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.
An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
This issue affects version 10; other versions may also be vulnerable.
59. Adobe Reader AcroPDF.DLL Resource Consumption Denial of Service Vulnerability
BugTraq ID: 22856
Remote: Yes
Last Updated: 2007-03-08
Relevant URL: http://www.securityfocus.com/bid/22856
Summary:
Acrobat Reader is prone to a denial-of-service vulnerability.
Acrobat Reader version 8.0 is vulnerable to this issue; other versions may also be affected.
60. Cpanel Select.HTML Cross-Site Scripting Vulnerability
BugTraq ID: 18655
Remote: Yes
Last Updated: 2007-03-08
Relevant URL: http://www.securityfocus.com/bid/18655
Summary:
Cpanel is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.
An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
This issue affects version 10; other versions may also be vulnerable.
61. Jetbox CMS Config.PHP Remote File Include Vulnerability
BugTraq ID: 17861
Remote: Yes
Last Updated: 2007-03-08
Relevant URL: http://www.securityfocus.com/bid/17861
Summary:
Jetbox CMS is prone to a remote file-include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.
An attacker can exploit this issue to include an arbitrary remote file containing malicious PHP code and execute it in the context of the webserver process. This may allow the attacker to compromise the application and the underlying system; other attacks are also possible.
This issue appears to affect code that is shared by PhpDig, but the discoverer of the vulnerability has stated that the issue has been fixed in PhpDig. It is not known which versions of PhpDig are affected. After further analysis, this issue may be determined to be a PhpDig vulnerability.
62. ImageMagick PNM Image Decoding Remote Buffer Overflow Vulnerability
BugTraq ID: 13351
Remote: Yes
Last Updated: 2007-03-08
Relevant URL: http://www.securityfocus.com/bid/13351
Summary:
A remotely exploitable client-side buffer-overflow vulnerability affects ImageMagick. This issue occurs because the application fails to properly validate the length of user-supplied strings before copying them into static process buffers.
An attacker may exploit this issue to cause the affected application to crash, potentially destroying unsaved data, ultimately denying service to legitimate users.
63. Ipswitch IMail Server/Collaboration Suite Multiple Buffer Overflow Vulnerabilities
BugTraq ID: 22852
Remote: Yes
Last Updated: 2007-03-08
Relevant URL: http://www.securityfocus.com/bid/22852
Summary:
Ipswitch IMail Server/Collaboration Suite is prone to multiple buffer-overflow vulnerabilities because the software fails to properly check boundaries on user-supplied data before copying it to an insufficiently sized buffer.
Successful attacks allow arbitrary code to run, facilitating the remote compromise of affected computers. Failed exploit attempts likely cause the application to crash.
Ipswitch Collaboration 2006 Suite Premium, IMail, and IMail Plus are vulnerable to these issues.
64. SpamAssassin Malformed Email Header Remote Denial Of Service Vulnerability
BugTraq ID: 13978
Remote: Yes
Last Updated: 2007-03-08
Relevant URL: http://www.securityfocus.com/bid/13978
Summary:
SpamAssassin is prone to a remote denial-of-service vulnerability because the application fails to properly handle overly long email headers.
Further details regarding this vulnerability are currently not available. This BID will be updated as more information is disclosed.
An attacker may cause SpamAssassin to take inordinate amounts of time to check a specially crafted email message. By sending many malicious messages, the attacker may be able to cause extremely large delays in email delivery, denying service to legitimate users.
65. Invision Power Board Profile.PHP Input Validation Vulnerability
BugTraq ID: 16518
Remote: Yes
Last Updated: 2007-03-08
Relevant URL: http://www.securityfocus.com/bid/16518
Summary:
Invision Power Board is prone to an unspecified input-validation vulnerability.
Very little is known about this vulnerability; this BID will be updated when more details become available.
Versions 2.0.0 through 2.1.4 are vulnerable; other versions may also be affected.
Conflicting reports indicate that this issue may not be exploitable.
The vendor refutes that this issue is not exploitable after performing further analysis on the vulnerable application.
66. Dreameesoft Password Master Local Authentication Bypass Vulnerability
BugTraq ID: 19983
Remote: No
Last Updated: 2007-03-08
Relevant URL: http://www.securityfocus.com/bid/19983
Summary:
Dreameesoft Password Master is prone to an authentication-bypass vulnerability due to a design error.
Setting a master password may lead to a false sense of security, since users may expect that this results in an encrypted database. This vulnerability implies that this is not the case, because an attacker may be able to remove the master password.
Successful exploits may allow an attacker with local access to a mobile device running the vulnerable software to bypass the application's authentication methods and retrieve sensitive information.
Version 1.0 is vulnerable to this issue; other versions may also be affected.
67. SUSE Linux Multiple Local Privilege Escalation Vulnerabilities
BugTraq ID: 15040
Remote: No
Last Updated: 2007-03-08
Relevant URL: http://www.securityfocus.com/bid/15040
Summary:
Multiple SUSE Linux applications are prone to a local privilege-escalation vulnerability because affected binaries handle the 'LD_LIBRARY_PATH' variable in an unsafe manner.
A local attacker may exploit this vulnerability to execute arbitrary code in shared libraries in the context of a user that runs the affected application.
Other unspecified packages are affected; if these other packages contain setuid-superuser privileges, then local escalation of privileges may be possible.
68. Radscan Conquest Multiple Remote Vulnerabilities
BugTraq ID: 22855
Remote: Yes
Last Updated: 2007-03-08
Relevant URL: http://www.securityfocus.com/bid/22855
Summary:
Conquest is prone to multiple remotely exploitable vulnerabilities, including a stack-based buffer-overflow vulnerability and a memory-corruption vulnerability.
An attacker can exploit these issues to execute arbitrary code within the context of the affected application or cause the affected application to crash, denying service to legitimate users.
These issues affect version 8.2a; prior versions may also be affected.
69. Util-Linux Umount Filesystem NULL Pointer Dereference Vulnerability
BugTraq ID: 22850
Remote: No
Last Updated: 2007-03-08
Relevant URL: http://www.securityfocus.com/bid/22850
Summary:
Util-Linux 'umount' is prone to a NULL-pointer dereference vulnerability.
A local attacker can exploit this issue to crash the affected application, denying service to legitimate users. The attacker may also be able to obtain sensitive information, including the contents of core files.
Util-Linux Umount implemented on Linux kernel 2.6.15 is reported vulnerable to this issue.
70. Clam Anti-Virus ClamAV Mac OS X Command Execution Vulnerability
BugTraq ID: 13795
Remote: Yes
Last Updated: 2007-03-08
Relevant URL: http://www.securityfocus.com/bid/13795
Summary:
Clam Anti-Virus ClamAV running on Mac OS X is affected by a command-execution vulnerability.
Reportedly, when the application handles a suspected infected file, it cannot be removed. The application may attempt to copy the file to another location using the Mac OS X 'ditto' utility. Since the 'ditto' utility is called in an insecure manner and since the responsible function fails to sanitize the filename, an attacker can include arbitrary commands in the filename that will be executed in the context of ClamAV.
An attacker can exploit this issue to gain unauthorized access to an affected computer. Note that exploitation is possible only when a malicious file is copied.
ClamAV versions 0.80rc4 to 0.84rc2 are affected by this issue.
71. Computer Associates Virus Definition Downgrade Vulnerability
BugTraq ID: 19399
Remote: Yes
Last Updated: 2007-03-08
Relevant URL: http://www.securityfocus.com/bid/19399
Summary:
A flaw in the Computer Associates WebScan product reportedly could cause the application's virus definitions to be downgraded to a previous version.
This presents a security risk because the virus definitions in question may be out of date and may not effectively detect newer variants of malicious code.
72. WinZip ActiveX Control Remote Code Execution Vulnerability
BugTraq ID: 21060
Remote: Yes
Last Updated: 2007-03-08
Relevant URL: http://www.securityfocus.com/bid/21060
Summary:
WinZip is prone to a remote code-execution vulnerability in an ActiveX control that is installed with the package.
Exploiting this issue allows remote attackers to execute arbitrary machine code in the context of applications using the affected ActiveX control and possibly to compromise affected computers.
WinZip versions in the 10.0 series prior to build 7245 are vulnerable to this issue.
73. Todd Miller Sudo Local Race Condition Vulnerability
BugTraq ID: 13993
Remote: No
Last Updated: 2007-03-08
Relevant URL: http://www.securityfocus.com/bid/13993
Summary:
Sudo is prone to a local race-condition vulnerability. The issue manifests itself only under certain conditions, specifically, when the 'sudoers' configuration file contains a pseudo-command 'ALL' that directly follows a user's 'sudoers' entry.
When such a configuration exists, local attackers may leverage this issue to execute arbitrary executables with escalated privileges. Attackers may achieve this by creating symbolic links to target files.
74. Lazarus Guestbook Multiple Unspecified Cross-Site Scripting Vulnerabilities
BugTraq ID: 22868
Remote: Yes
Last Updated: 2007-03-08
Relevant URL: http://www.securityfocus.com/bid/22868
Summary:
Lazarus Guestbook is prone to multiple unspecified cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
An attacker may leverage these issues to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
Versions prior to 1.7.3 are vulnerable.
75. Flat Chat Startsession.PHP Remote PHP Code Execution Vulnerability
BugTraq ID: 22865
Remote: Yes
Last Updated: 2007-03-08
Relevant URL: http://www.securityfocus.com/bid/22865
Summary:
Flat Chat is prone to an arbitrary PHP code-execution vulnerability because the application fails to properly sanitize user-supplied input.
An attacker can exploit this issue to execute arbitrary malicious PHP code in the context of the webserver process. This may help the attacker compromise the application and the underlying system; other attacks are also possible.
Version 2.0 is vulnerable to this issue.
76. RETIRED: VBulletin Event Admincp/Index.PHP RSS HTML Injection Vulnerability
BugTraq ID: 22790
Remote: Yes
Last Updated: 2007-03-07
Relevant URL: http://www.securityfocus.com/bid/22790
Summary:
vBulletin is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content.
Attacker-supplied HTML and script code would run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials and to control how the site is rendered to the user; other attacks are also possible.
This issue is reported to affect vBulletin 3.6.5 and prior versions.
UPDATE: This BID is being retired because further information shows that the application isn't vulnerable to this issue.
77. Nullsoft Winamp Malformed Playlist File Handling Remote Buffer Overflow Vulnerability
BugTraq ID: 16410
Remote: Yes
Last Updated: 2007-03-07
Relevant URL: http://www.securityfocus.com/bid/16410
Summary:
Winamp is susceptible to a buffer-overflow vulnerability when handling specially crafted playlist files.
An attacker may exploit this issue to gain unauthorized access to a computer with the privileges of the user that activated the vulnerable application.
Winamp 5.11 and 5.12 are reportedly affected by this issue.
78. LibTIFF TIFFOpen Buffer Overflow Vulnerability
BugTraq ID: 13585
Remote: Yes
Last Updated: 2007-03-07
Relevant URL: http://www.securityfocus.com/bid/13585
Summary:
LibTIFF is prone to a buffer-overflow vulnerability. The issue occurs in the 'TIFFOpen()' function when malformed TIFF files are opened. Successful exploitation could lead to arbitrary code execution.
79. GNU GZip Archive Handling Multiple Remote Vulnerabilities
BugTraq ID: 20101
Remote: Yes
Last Updated: 2007-03-07
Relevant URL: http://www.securityfocus.com/bid/20101
Summary:
The gzip utility is prone to multiple remote buffer-overflow and denial-of-service vulnerabilities when handling malicious archive files.
Successful exploits may allow a remote attacker to corrupt process memory by triggering an overflow condition. This may lead to arbitrary code execution in the context of an affected user and may facilitate a remote compromise. Attackers may also trigger denial-of-service conditions by crashing or hanging the application.
Specific information regarding affected versions of gzip is currently unavailable. This BID will be updated as more information is released.
80. Drupal Nodefamily Module Security Bypass Vulnerability
BugTraq ID: 22853
Remote: Yes
Last Updated: 2007-03-07
Relevant URL: http://www.securityfocus.com/bid/22853
Summary:
Drupal Nodefamily is prone to a security-bypass vulnerability.
A remote attacker can exploit this issue to gain unauthorized access to the profiles of other users. This may lead to other attacks.
Nodefamily versions before Drupal 5.x-1.0 are affected by this issue.
81. GNU Fileutils Directory Removal Race Condition Vulnerability
BugTraq ID: 4266
Remote: No
Last Updated: 2007-03-07
Relevant URL: http://www.securityfocus.com/bid/4266
Summary:
GNU fileutils is a freely available, open-source file manager. It is designed for use on Linux and other UNIX-like operating systems.
Under some circumstances, a local user may be able to remove the root directory of the system. Due to inadequate file locking and an insecure 'chdir' call, an attacker could move files from the '/tmp' directory into the root directory. The problem occurs with a directory tree that has several single subdirectories in '/tmp' when the root user tries to remove the directories recursively. If the root user tries to recursively remove the directory tree from '/tmp' and if the directory tree is writable by another user, then the user could move a high-level directory into '/tmp' after the 'rm' program has descended the tree. The 'rm' program would then ascend from the '/tmp' directory to the root directory, recursively removing the contents of the root directory.
82. Microsoft Excel NULL Pointer Dereference Denial Of Service Vulnerability
BugTraq ID: 22717
Remote: Yes
Last Updated: 2007-03-07
Relevant URL: http://www.securityfocus.com/bid/22717
Summary:
Microsoft Excel is reportedly prone to a denial-of-service vulnerability. This issue occurs when the application handles a specially crafted file. This issue stems from a NULL-pointer dereference.
Initial reports indicate that this issue is distinct from that outlined in BID 22555 Microsoft Excel Remote Denial Of Service Vulnerability.
Exploitation could cause the application to crash, resulting in a denial of service.
83. PHP 5 Substr_Compare Integer Overflow Vulnerability
BugTraq ID: 22851
Remote: No
Last Updated: 2007-03-07
Relevant URL: http://www.securityfocus.com/bid/22851
Summary:
PHP 5 'substr_compare()' function is prone to an integer-overflow vulnerability because it fails to ensure that integer values aren't overrun.
A local attacker can exploit this vulnerability to obtain sensitive information (such as stack offsets, variables, and canaries) that may aid in other attacks.
PHP 5 version 5.2.1 and earlier are reported vulnerable to this issue.
84. Apple Quicktime UDTA ATOM Integer Overflow Vulnerability
BugTraq ID: 22844
Remote: Yes
Last Updated: 2007-03-07
Relevant URL: http://www.securityfocus.com/bid/22844
Summary:
Apple QuickTime is prone to an integer-overflow vulnerability when processing specially crafted MOV files.
An attacker can exploit this issue to execute arbitrary code in the context of a user running the application. Failed attempts can cause denial-of-service conditions.
Versions prior to 7.1.5 are vulnerable.
This issue was previously discussed in BID 22827 (Apple QuickTime Multiple Unspecified Code Execution Vulnerabilities), but has been assigned its own record because of new information.
85. Squid Proxy Unspecified DNS Spoofing Vulnerability
BugTraq ID: 13592
Remote: Yes
Last Updated: 2007-03-07
Relevant URL: http://www.securityfocus.com/bid/13592
Summary:
Squid Proxy is prone to an unspecified DNS-spoofing vulnerability. This could allow malicious users to perform DNS-spoofing attacks on Squid Proxy clients on unprotected networks.
This issue affects Squid Proxy versions 2.5 and earlier.
86. Squid Proxy Set-Cookie Headers Information Disclosure Vulnerability
BugTraq ID: 12716
Remote: Yes
Last Updated: 2007-03-07
Relevant URL: http://www.securityfocus.com/bid/12716
Summary:
Squid Proxy is prone to an information-disclosure vulnerability.
Reportedly, remote attackers may gain access to Set-Cookie headers related to another user. Information gathered through exploiting this issue may aid in further attacks against services related to the cookie, potentially allowing for session hijacking.
Squid Proxy 2.5 STABLE7 to 2.5 STABLE9 are vulnerable to this issue.
87. Squid Proxy Oversize HTTP Headers Unspecified Remote Vulnerability
BugTraq ID: 12412
Remote: Yes
Last Updated: 2007-03-07
Relevant URL: http://www.securityfocus.com/bid/12412
Summary:
A remote unspecified vulnerability reportedly affects Squid Proxy. This issue is due to the application's failure to properly handle malformed HTTP headers.
The impact of this issue is currently unknown. This BID will be updated when more information becomes available.
88. ClamAV CAB File Remote Denial of Service Vulnerability
BugTraq ID: 22580
Remote: Yes
Last Updated: 2007-03-07
Relevant URL: http://www.securityfocus.com/bid/22580
Summary:
ClamAV is prone to a denial-of-service vulnerability.
An attacker can exploit this vulnerability to prevent the software from scanning certain types of data. When it encounters the data, the application will reject it. This can result in denial-of-service conditions.
Versions prior to 0.90 stable are vulnerable.
89. ClamAV MIME Header ID Parameter String Directory Traversal Vulnerability
BugTraq ID: 22581
Remote: Yes
Last Updated: 2007-03-07
Relevant URL: http://www.securityfocus.com/bid/22581
Summary:
ClamAV is prone to a directory-traversal vulnerability because it fails to properly sanitize user-supplied input.
An attacker can exploit this vulnerability to create or overwrite arbitrary files on vulnerable computers in the context of the affected application. This may aid in further attacks.
This issue affects ClamAV versions prior to the 0.90 stable release.
90. Squid Proxy NTLM Fakeauth_Auth Memory Leak Remote Denial Of Service Vulnerability
BugTraq ID: 12324
Remote: Yes
Last Updated: 2007-03-07
Relevant URL: http://www.securityfocus.com/bid/12324
Summary:
Squid is reported to be susceptible to a denial-of-service vulnerability in its NTLM authentication module.
This vulnerability presents itself when an attacker sends unspecified NTLM data to Squid. The issue is caused by a memory leak -- memory allocated to store a base64-decoded string is not freed.
Presumably, this issue allows an attacker to cause the NTLM helper application to run out of memory and fail.
91. STLPort Library Multiple Unspecified Buffer Overflow Vulnerabilities
BugTraq ID: 22423
Remote: Yes
Last Updated: 2007-03-07
Relevant URL: http://www.securityfocus.com/bid/22423
Summary:
The STLport library is prone to multiple unspecified buffer-overflow vulnerabilities because the library fails to properly bounds-check user-supplied input before copying it to insufficiently sized memory buffers.
Exploiting these issues may allow attackers to execute arbitrary machine code in the context of applications that use the library. Depending on the nature of the applications using the library, these issues may be locally or remotely exploited. Failed exploit attempts may crash the affected applications.
STLport versions prior to 5.0.3 are affected by these issues.
92. Linux Kernel ListXATTR Local Denial of Service Vulnerability
BugTraq ID: 22316
Remote: No
Last Updated: 2007-03-07
Relevant URL: http://www.securityfocus.com/bid/22316
Summary:
The Linux Kernel is prone to a denial-of-service vulnerability.
Successful exploits will result in denial-of-service conditions or potentially privilege escalation.
93. Linux Kernel Key_Alloc_Serial() Local Denial of Service Vulnerability
BugTraq ID: 22539
Remote: No
Last Updated: 2007-03-07
Relevant URL: http://www.securityfocus.com/bid/22539
Summary:
The Linux Kernel is prone to a denial-of-service vulnerability.
A successful attack can allow local attackers to trigger a crash and deny service to legitimate users.
Kernel versions 2.6.x are vulnerable.
94. Silc Server New Channel Remote Denial Of Service Vulnerability
BugTraq ID: 22846
Remote: Yes
Last Updated: 2007-03-07
Relevant URL: http://www.securityfocus.com/bid/22846
Summary:
SILC Server is prone to a denial-of-service vulnerability because the application fails to handle exceptional conditions.
An attacker can exploit this issue to crash the affected server, effectively denying service to legitimate users.
This issue affects version 1.0.2; other versions may also be affected.
95. Linux Kernel ELF Core Dump Local Buffer Overflow Vulnerability
BugTraq ID: 13589
Remote: No
Last Updated: 2007-03-07
Relevant URL: http://www.securityfocus.com/bid/13589
Summary:
The Linux kernel is susceptible to a local buffer-overflow vulnerability when attempting to create ELF coredumps. This issue is due to an integer-overflow flaw that results in a kernel buffer overflow during a 'copy_from_user()' call.
To exploit this vulnerability, a malicious user creates a malicious ELF executable designed to create a negative 'len' variable in 'elf_core_dump()'.
Local users may exploit this vulnerability to execute arbitrary machine code in the context of the kernel, facilitating privilege escalation.
**Update: This vulnerability does not exist in the 2.6 kernel tree.
96. Mercury Mail Transport System Concatenated Data Buffer Overflow Vulnerability
BugTraq ID: 21110
Remote: Yes
Last Updated: 2007-03-07
Relevant URL: http://www.securityfocus.com/bid/21110
Summary:
Mercury Mail Transport System is prone to a remote buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data before copying it to an insufficiently sized memory buffer.
An attacker may exploit this issue to execute arbitrary machine code in the context of the user running the application. Failed exploit attempts will likely result in denial-of-service conditions.
Version 4.01b is vulnerable; other versions may also be affected.
97. Smarty Smarty.Class.PHP Remote File Include Vulnerability
BugTraq ID: 20557
Remote: Yes
Last Updated: 2007-03-07
Relevant URL: http://www.securityfocus.com/bid/20557
Summary:
Smarty is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input.
An attacker can exploit this issue to include an arbitrary remote file containing malicious PHP code and execute it in the context of the webserver process. This may allow the attacker to compromise the application and the underlying system; other attacks are also possible.
Version 2.6.9 is affected.
98. Avaya Communications Manager Javascript Remote Code Execution Vulnerability
BugTraq ID: 22866
Remote: Yes
Last Updated: 2007-03-07
Relevant URL: http://www.securityfocus.com/bid/22866
Summary:
Avaya Communications Manager is prone to a remote Javascript code-execution vulnerability due to a design error.
Successful exploits may allow an attacker to execute arbitrary Javascript code in the context of the affected application.
All versions of Avaya S8700, S8500, S8300 products prior to CM 3.1.3 are confirmed vulnerable to these issues.
99. RealNetworks RealPlayer RealText Parsing Heap Overflow Vulnerability
BugTraq ID: 14048
Remote: Yes
Last Updated: 2007-03-06
Relevant URL: http://www.securityfocus.com/bid/14048
Summary:
RealPlayer is prone to a remote heap-overflow vulnerability because the application fails to properly bounds-check user-supplied data before copying it to an insufficiently sized memory buffer.
Specifically, the application fails to bounds-check user-supplied data contained in RealText files, resulting in the possibility of overflowing a heap buffer. Attackers can control the contents of critical memory control structures and write arbitrary data to arbitrary memory locations.
Exploiting this issue allows attackers to execute arbitrary machine code in the context of the user running the affected application.
100. D-BUS Session Bus Local Privilege Escalation Vulnerability
BugTraq ID: 12435
Remote: No
Last Updated: 2007-03-06
Relevant URL: http://www.securityfocus.com/bid/12435
Summary:
A local privilege-escalation vulnerability affects D-BUS because it fails to properly secure message-bus sessions.
An attacker may leverage this issue to send messages to the message bus of an unsuspecting user. This may facilitate command execution with the privileges of the unsuspecting user, ultimately leading to privilege escalation.
III. SECURITYFOCUS NEWS ARTICLES
--------------------------------
1. Stormy weather for malware defenses
By: Robert Lemos
The misnamed Storm Worm, actually a Trojan horse, underscores the difficulties that evolving tactics pose for defenders. <em>The second article in a two-part series.</em>
http://www.securityfocus.com/news/11446
2. Maynor reveals missing Apple flaws
By: Robert Lemos
Security researcher David Maynor shows off the code for exploiting a vulnerability in the native Mac OS X wireless drivers revealed last summer as well as e-mails showing he notified Apple.
http://www.securityfocus.com/news/11445
3. Legal threats scuttle RFID flaw demo
By: Robert Lemos
Security technology giant HID uses patent claims to silence a security researcher scheduled to detail issues in radio-frequency identification (RFID) technology at a conference this week.
http://www.securityfocus.com/news/11444
4. Google Desktop flaw allows data theft
By: Robert Lemos
A security firm warns Google Desktop users to update after the search giant fixes a vulnerability in the program that could allow an attacker to use JavaScript to search for and steal specific data on a user's system.
http://www.securityfocus.com/news/11443
IV. SECURITY JOBS LIST SUMMARY
-------------------------------
1. [SJ-JOB] Sr. Security Analyst, Westlake Village
http://www.securityfocus.com/archive/77/462155
2. [SJ-JOB] Sr. Security Analyst, Long Island
http://www.securityfocus.com/archive/77/462156
3. [SJ-JOB] VP, Information Security, London
http://www.securityfocus.com/archive/77/462120
4. [SJ-JOB] Security Consultant, London
http://www.securityfocus.com/archive/77/462121
V. INCIDENTS LIST SUMMARY
---------------------------
VI. VULN-DEV RESEARCH LIST SUMMARY
-----------------------------------
1. HITBSecConf2007 - Malaysia: Call for Papers now Open
http://www.securityfocus.com/archive/82/461901
3. Black And White Ball (Con) - March Press Release
http://www.securityfocus.com/archive/82/461728
VII. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. MBSA alternative?
http://www.securityfocus.com/archive/88/461690
VIII. SUN FOCUS LIST SUMMARY
----------------------------
IX. LINUX FOCUS LIST SUMMARY
----------------------------
X. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to sf-news-unsubscribe (at) securityfocus (dot) com [email concealed] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.
If your email address has changed email listadmin (at) securityfocus (dot) com [email concealed] and ask to be manually removed.
XI. SPONSOR INFORMATION
------------------------
This Issue is Sponsored by: Watchfire
As web applications become increasingly complex, tremendous amounts of sensitive data - personal, medical and financial - are exchanged, and stored. Consumers expect and demand security for this information. This whitepaper examines a few vulnerability detection methods - specifically comparing and contrasting manual penetration testing with automated scanning tools. Download "Automated Scanning or Manual Penetration Testing?" today!
----------------------------------------
This Issue is Sponsored by: Watchfire
As web applications become increasingly complex, tremendous amounts of sensitive data - personal, medical and financial - are exchanged, and stored. Consumers expect and demand security for this information. This whitepaper examines a few vulnerability detection methods - specifically comparing and contrasting manual penetration testing with automated scanning tools. Download "Automated Scanning or Manual Penetration Testing?" today!
https://www.watchfire.com/securearea/whitepapers.aspx?id=701500000008fGD
------------------------------------------------------------------
I. FRONT AND CENTER
1. Zero Day Patches
2. Building Secure Applications: Consistent Logging
II. BUGTRAQ SUMMARY
1. Microsoft Windows Server Service Remote Buffer Overflow Vulnerability
2. uTorrent Torrent File Handling Remote Buffer Overflow Vulnerability
3. PHP Session.Save_Path() Safe_Mode and Open_Basedir Restriction Bypass Vulnerability
4. Oracle October 2006 Security Update Multiple Vulnerabilities
5. Mozilla Firefox Popup Blocker Cross Zone Security Bypass Weakness
6. Mozilla Firefox 2 Password Manager Cross-Site Information Disclosure Weakness
7. Apple QuickTime Multiple Unspecified Code Execution Vulnerabilities
8. Snort Backtracking Denial of Service Vulnerability
9. Oracle January 2007 Security Update Multiple Vulnerabilities
10. PHPPeanuts Inspect.PHP Remote File Include Vulnerability
11. Linux Kernel NFSACL Denial of Service Vulnerability
12. CPIO Filename Directory Traversal Vulnerability
13. Apple QuickTime MOV File Heap Overflow Vulnerability
14. Macromedia Shockwave 10 SWDIR.DLL Multiple ActiveX Control Remote Denial of Service Vulnerabilities
15. PHPMyAdmin PMA_ArrayWalkRecursive Function Remote Denial of Service Vulnerability
16. Xoops Multiple Unspecified SQL Injection Vulnerabilities
17. Asterisk Chan_Sip.c Unspecified Remote Denial of Service Vulnerability
18. SnapGear Unspecified Denial Of Service Vulnerability
19. WebCalendar Certain Variable Overwrite Vulnerability
20. PHP4 Ovrimos Extension Code Execution Vulnerability
21. PHP MSSQL_Connect Local Buffer Overflow Vulnerability
22. Mod_Security ASCIIZ Byte POST Bypass Vulnerability
23. Vipul Razor-agents Multiple Unspecified Denial Of Service Vulnerabilities
24. PPCal Shopping Cart Cross-Site Scripting Vulnerability
25. EPortfolio Client Side Input Validation Vulnerability
26. SQL-Ledger/LedgerSMB Remote Code Execution Vulnerability
27. MPlayer DMO File Parsing Buffer Overflow Vulnerability
28. TCPDump IEEE802.11 printer Remote Buffer Overflow Vulnerability
29. GraphicsMagick PALM DCM Buffer Overflow Vulnerabilities
30. Mozilla Thunderbird/SeaMonkey/Firefox Multiple Remote Vulnerabilities
31. Mozilla Firefox OnUnload Memory Corruption Vulnerability
32. Mozilla Firefox Javascript URI Remote Code Execution Vulnerability
33. Mozilla Firefox Location.Hostname Dom Property Cookie Theft Vulnerability
34. Mozilla Thunderbird/Seamonkey Rich Text Integer Overflow Vulnerability
35. GnuPG Signed Message Arbitrary Content Injection Weakness
36. PHP Version 5.2.0 and Prior Multiple Vulnerabilities
37. PHP Shared Memory Functions Resource Verification Arbitrary Code Execution Vulnerability
38. PostGuestbook Header.PHP Remote File Include Vulnerability
39. Sun Ipmitool Interface Remote Unauthorized Access Vulnerability
40. Apache mod_python Output Filter Mode Information Disclosure Vulnerability
41. KDE Konqueror KHTML Library Title Cross Site Scripting Vulnerability
42. XML-RPC for PHP Remote Code Injection Vulnerability
43. Novell NetMail Multiple Buffer Overflow Vulnerabilities
44. Clam Anti-Virus ClamAV Unspecified Quantum Decompressor Denial Of Service Vulnerability
45. GDB Multiple Vulnerabilities
46. Microsoft Windows OLE32.DLL Word Document Handling Denial Of Service Vulnerability
47. ImageMagick And GraphicsMagick XWD Decoder Denial Of Service Vulnerability
48. PSWD.JS Insecure Password Hash Weakness
49. CGI Rescue Shopping Cart Professional Remote Command Execution Vulnerability
50. Call-Center-Software Add_Call.PHP HTML Injection Vulnerability
51. PHP Invoice Home.PHP Cross-Site Scripting Vulnerability
52. Kayako SupportSuite Index.PHP Multiple HTML Injection Vulnerabilities
53. Drupal User.Module Cross-Site Scripting Vulnerability
54. Rocks Clusters Local Privilege Escalation Vulnerabilities
55. NeoEngine Format String And Denial Of Service Vulnerabilities
56. Apple Xsan Filesystem Path Name Buffer Overflow Vulnerability
57. Libmikmod XCOM Handler Remote Heap Buffer Overflow Vulnerability
58. CPanel DNSlook.HTML Cross-Site Scripting Vulnerability
59. Adobe Reader AcroPDF.DLL Resource Consumption Denial of Service Vulnerability
60. Cpanel Select.HTML Cross-Site Scripting Vulnerability
61. Jetbox CMS Config.PHP Remote File Include Vulnerability
62. ImageMagick PNM Image Decoding Remote Buffer Overflow Vulnerability
63. Ipswitch IMail Server/Collaboration Suite Multiple Buffer Overflow Vulnerabilities
64. SpamAssassin Malformed Email Header Remote Denial Of Service Vulnerability
65. Invision Power Board Profile.PHP Input Validation Vulnerability
66. Dreameesoft Password Master Local Authentication Bypass Vulnerability
67. SUSE Linux Multiple Local Privilege Escalation Vulnerabilities
68. Radscan Conquest Multiple Remote Vulnerabilities
69. Util-Linux Umount Filesystem NULL Pointer Dereference Vulnerability
70. Clam Anti-Virus ClamAV Mac OS X Command Execution Vulnerability
71. Computer Associates Virus Definition Downgrade Vulnerability
72. WinZip ActiveX Control Remote Code Execution Vulnerability
73. Todd Miller Sudo Local Race Condition Vulnerability
74. Lazarus Guestbook Multiple Unspecified Cross-Site Scripting Vulnerabilities
75. Flat Chat Startsession.PHP Remote PHP Code Execution Vulnerability
76. RETIRED: VBulletin Event Admincp/Index.PHP RSS HTML Injection Vulnerability
77. Nullsoft Winamp Malformed Playlist File Handling Remote Buffer Overflow Vulnerability
78. LibTIFF TIFFOpen Buffer Overflow Vulnerability
79. GNU GZip Archive Handling Multiple Remote Vulnerabilities
80. Drupal Nodefamily Module Security Bypass Vulnerability
81. GNU Fileutils Directory Removal Race Condition Vulnerability
82. Microsoft Excel NULL Pointer Dereference Denial Of Service Vulnerability
83. PHP 5 Substr_Compare Integer Overflow Vulnerability
84. Apple Quicktime UDTA ATOM Integer Overflow Vulnerability
85. Squid Proxy Unspecified DNS Spoofing Vulnerability
86. Squid Proxy Set-Cookie Headers Information Disclosure Vulnerability
87. Squid Proxy Oversize HTTP Headers Unspecified Remote Vulnerability
88. ClamAV CAB File Remote Denial of Service Vulnerability
89. ClamAV MIME Header ID Parameter String Directory Traversal Vulnerability
90. Squid Proxy NTLM Fakeauth_Auth Memory Leak Remote Denial Of Service Vulnerability
91. STLPort Library Multiple Unspecified Buffer Overflow Vulnerabilities
92. Linux Kernel ListXATTR Local Denial of Service Vulnerability
93. Linux Kernel Key_Alloc_Serial() Local Denial of Service Vulnerability
94. Silc Server New Channel Remote Denial Of Service Vulnerability
95. Linux Kernel ELF Core Dump Local Buffer Overflow Vulnerability
96. Mercury Mail Transport System Concatenated Data Buffer Overflow Vulnerability
97. Smarty Smarty.Class.PHP Remote File Include Vulnerability
98. Avaya Communications Manager Javascript Remote Code Execution Vulnerability
99. RealNetworks RealPlayer RealText Parsing Heap Overflow Vulnerability
100. D-BUS Session Bus Local Privilege Escalation Vulnerability
III. SECURITYFOCUS NEWS
1. Stormy weather for malware defenses
2. Maynor reveals missing Apple flaws
3. Legal threats scuttle RFID flaw demo
4. Google Desktop flaw allows data theft
IV. SECURITY JOBS LIST SUMMARY
1. [SJ-JOB] Sr. Security Analyst, Westlake Village
2. [SJ-JOB] Sr. Security Analyst, Long Island
3. [SJ-JOB] VP, Information Security, London
4. [SJ-JOB] Security Consultant, London
5. [SJ-JOB] Forensics Engineer, Cupertino
6. [SJ-JOB] Manager, Information Security, Bangalore
7. [SJ-JOB] Security System Administrator, St. Louis Park
8. [SJ-JOB] Penetration Engineer, Dubai
9. [SJ-JOB] Security Architect, Prague
10. [SJ-JOB] Security Consultant, Buckinghamshire
11. [SJ-JOB] Sales Representative, Atlanta
12. [SJ-JOB] Security Consultant, Mons
13. [SJ-JOB] Security Consultant, Tallahassee
14. [SJ-JOB] Security Engineer, Woking
15. [SJ-JOB] Information Assurance Analyst, Mumbai
16. [SJ-JOB] Management, London
17. [SJ-JOB] Security Consultant, Winnipeg
18. [SJ-JOB] Sr. Security Engineer, Montvale
19. [SJ-JOB] Security Engineer, Frankfurt
20. [SJ-JOB] VP, Information Security, Warren
21. [SJ-JOB] VP, Information Security, Warren
22. [SJ-JOB] Security Architect, Sydney
23. [SJ-JOB] Security Consultant, Dallas
V. INCIDENTS LIST SUMMARY
VI. VULN-DEV RESEARCH LIST SUMMARY
1. HITBSecConf2007 - Malaysia: Call for Papers now Open
2. Woltlab Burning Board (wbb) 2.3.6 CSRF/XSS - 0day
3. Black And White Ball (Con) - March Press Release
VII. MICROSOFT FOCUS LIST SUMMARY
1. MBSA alternative?
VIII. SUN FOCUS LIST SUMMARY
IX. LINUX FOCUS LIST SUMMARY
X. UNSUBSCRIBE INSTRUCTIONS
XI. SPONSOR INFORMATION
I. FRONT AND CENTER
---------------------
1. Zero Day Patches
By Federico Biancuzzi
Zero day exploits were once the realm of just underground and elite hackers, but their increased prevalence is bringing a positive new trend: unofficial patches from members of the community, offered for protection before official vendor patches appear. Federico Biancuzzi interviewed Landon Fuller, who wrote Mac OS X patches for recent Month of Apple Bugs vulnerabilities, and the ZERT team, which has offered patches for critical Microsoft Windows zero-days that were actively exploited.
http://www.securityfocus.com/columnists/437
2. Building Secure Applications: Consistent Logging
By Rohit Sethi and Nish Bhalla
This article focuses on developers and discusses how to use consistent application-layer logging along with Log4J or Log4net for the real-time detection of attacks.
http://www.securityfocus.com/infocus/1888
II. BUGTRAQ SUMMARY
--------------------
1. Microsoft Windows Server Service Remote Buffer Overflow Vulnerability
BugTraq ID: 19409
Remote: Yes
Last Updated: 2007-03-08
Relevant URL: http://www.securityfocus.com/bid/19409
Summary:
Microsoft Windows Server Service is prone to a remote buffer-overflow vulnerability.
This vulnerability arises when the service processes a malicious message in RPC communications.
A successful attack may result in arbitrary code execution with SYSTEM privileges leading to a full compromise. Attack attempts may result in denial-of-service conditions as well.
Microsoft has reported that this issue is being exploited in the wild.
Update (August 14, 2006): A worm named 'W32.Wargbot' that exploits this issue to spread is currently in the wild.
2. uTorrent Torrent File Handling Remote Buffer Overflow Vulnerability
BugTraq ID: 22530
Remote: Yes
Last Updated: 2007-03-08
Relevant URL: http://www.securityfocus.com/bid/22530
Summary:
uTorrent is prone to a remote stack-based buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer.
Exploiting this issue allows attackers to execute arbitrary machine code in the context of the application.
This issue affects version 1.6; other versions may also be affected.
3. PHP Session.Save_Path() Safe_Mode and Open_Basedir Restriction Bypass Vulnerability
BugTraq ID: 21508
Remote: No
Last Updated: 2007-03-06
Relevant URL: http://www.securityfocus.com/bid/21508
Summary:
PHP is prone to a 'safe_mode' and 'open_basedir' restriction-bypass vulnerability. Successful exploits could allow an attacker to access sensitive information or to write files in unauthorized locations.
This vulnerability would be an issue in shared-hosting configurations where multiple users can create and execute arbitrary PHP script code; in such cases, the 'safe_mode' and 'open_basedir' restrictions are expected to isolate users from each other.
PHP version 5.2.0 is vulnerable to this issue.
4. Oracle October 2006 Security Update Multiple Vulnerabilities
BugTraq ID: 20588
Remote: Yes
Last Updated: 2007-03-06
Relevant URL: http://www.securityfocus.com/bid/20588
Summary:
Multiple vulnerabilities affect various Oracle applications, including:
Oracle Database
Oracle Application Server
Oracle Application Express
Oracle Collaboration Suite
Oracle E-Business Suite
Oracle Pharmaceutical Applications
Oracle PeopleSoft Enterprise PeopleTools and Portal Solutions
JD Edwards EnterpriseOne
JD Edwards OneWorld Tools
Oracle has released a Critical Patch Update advisory for October 2006 to address these vulnerabilities for supported releases. Earlier unsupported releases are likely to be affected by these issues as well.
The Oracle advisory details 101 vulnerabilities in all. This BID will be updated as further analysis of the individual issues reveals more detailed information.
5. Mozilla Firefox Popup Blocker Cross Zone Security Bypass Weakness
BugTraq ID: 22396
Remote: Yes
Last Updated: 2007-03-06
Relevant URL: http://www.securityfocus.com/bid/22396
Summary:
Mozilla Firefox is prone to a cross-zone security-bypass weakness. This issue allows attackers to open 'file://' URIs from remote websites.
By exploiting this issue in conjunction with other weaknesses or vulnerabilities, attackers may be able to execute arbitrary script code with the elevated privileges that are granted to scripts when they are executed from local sources.
Mozilla Firefox 1.5.0.9 is affected by this issue; other versions may be affected as well.
6. Mozilla Firefox 2 Password Manager Cross-Site Information Disclosure Weakness
BugTraq ID: 21240
Remote: Yes
Last Updated: 2007-03-06
Relevant URL: http://www.securityfocus.com/bid/21240
Summary:
Mozilla Firefox is reportedly prone to an information-disclosure weakness because it fails to properly notify users of the automatic population of form fields in disparate URLs deriving from the same domain.
Exploiting this issue may allow attackers to obtain user credentials that have been saved in forms deriving from the same website where attack code resides. The most common manifestation of this condition would typically be in blogs or forums. This may allow attackers to access potentially sensitive information that would facilitate the success of phishing attacks.
Initial reports and preliminary testing indicate that this issue affects only Firefox 2.
7. Apple QuickTime Multiple Unspecified Code Execution Vulnerabilities
BugTraq ID: 22827
Remote: Yes
Last Updated: 2007-03-06
Relevant URL: http://www.securityfocus.com/bid/22827
Summary:
Apple QuickTime is prone to multiple unspecified remote code-execution vulnerabilities including mulitple heap and stack-based buffer-overflow and integer-overflow issues.
These issues arise when the application handles specially crafted 3GP, MIDI, MOV, PICT, and QTIF files.
An attacker can exploit these issues to execute arbitrary code in the context of the user running the applicaiton. Successful attacks can result in the compromise of the applicaiton or can cause denial-of-service conditions.
Few details regarding these issues are currently available. Separate BIDs for each issue will be created as new information becomes available.
QuickTime versions prior to 7.1.5 are vulnerable.
8. Snort Backtracking Denial of Service Vulnerability
BugTraq ID: 21991
Remote: Yes
Last Updated: 2007-03-06
Relevant URL: http://www.securityfocus.com/bid/21991
Summary:
Snort is prone to a denial-of-service vulnerability because the network intrusion detection (NID) system fails to handle specially crafted network packets.
An attacker can exploit this issue to cause the affected NID system to consume 100% CPU resources, allowing malicious network traffic to avoid detection.
This issue affects versions prior to 2.6.1.
9. Oracle January 2007 Security Update Multiple Vulnerabilities
BugTraq ID: 22083
Remote: Yes
Last Updated: 2007-03-06
Relevant URL: http://www.securityfocus.com/bid/22083
Summary:
Oracle has released a Critical Patch Update advisory for January 2007 to address these vulnerabilities for supported releases. Earlier unsupported releases are likely to be affected by these issues as well.
The issues identified by the vendor affect all security properties of the Oracle products and present local and remote threats. Various levels of authorization are needed to leverage some of the issues, but other issues do not require any authorization. The most severe of the vulnerabilities could possibly expose affected computers to complete compromise.
10. PHPPeanuts Inspect.PHP Remote File Include Vulnerability
BugTraq ID: 21057
Remote: Yes
Last Updated: 2007-03-06
Relevant URL: http://www.securityfocus.com/bid/21057
Summary:
PHPPeanuts is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data.
Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible.
11. Linux Kernel NFSACL Denial of Service Vulnerability
BugTraq ID: 22625
Remote: No
Last Updated: 2007-03-06
Relevant URL: http://www.securityfocus.com/bid/22625
Summary:
The Linux kernel is prone to a local denial-of-service vulnerability.
An attacker can exploit this issue to crash the affected computer, denying service to legitimate users.
This issue affects the Linux kernel 2.6 series up to 2.6.20.
12. CPIO Filename Directory Traversal Vulnerability
BugTraq ID: 13291
Remote: Yes
Last Updated: 2007-03-06
Relevant URL: http://www.securityfocus.com/bid/13291
Summary:
The cpio utility is prone to a directory-traversal vulnerability. The issue occurs when cpio is invoked on a malicious archive.
An archive containing an absolute path for a filename that contains '/' characters results in the file getting written using the absolute path contained in the filename.
A remote attacker may leverage this issue using a malicious archive to corrupt arbitrary files with the privileges of the user that is running the vulnerable software.
13. Apple QuickTime MOV File Heap Overflow Vulnerability
BugTraq ID: 22843
Remote: Yes
Last Updated: 2007-03-06
Relevant URL: http://www.securityfocus.com/bid/22843
Summary:
Apple QuickTime is prone to a heap buffer-overflow issue because it fails to properly check boundaries on user-supplied data.
Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the user running the application. Failed exploit attempts likely result in denial-of-service conditions.
QuickTime 7.1 is vulnerable; other versions may also be affected.
This issue was previously discussed in BID 22827 (Apple QuickTime Multiple Unspecified Code Execution Vulnerabilities), but has been assigned its own record because of new information.
14. Macromedia Shockwave 10 SWDIR.DLL Multiple ActiveX Control Remote Denial of Service Vulnerabilities
BugTraq ID: 22842
Remote: Yes
Last Updated: 2007-03-06
Relevant URL: http://www.securityfocus.com/bid/22842
Summary:
Macromedia Shockwave is prone to multiple denial-of-service vulnerabilities.
An attacker can exploit these issues to trigger denial-of-service conditions in Internet Explorer or other applications that use the vulnerable ActiveX control. Due to the nature of these issues, code-execution may also be possible, but this has not been confirmed.
Macromedia Shockwave 10.1.4.20 is vulnerable to these issues; other versions may also be affected.
15. PHPMyAdmin PMA_ArrayWalkRecursive Function Remote Denial of Service Vulnerability
BugTraq ID: 22841
Remote: Yes
Last Updated: 2007-03-06
Relevant URL: http://www.securityfocus.com/bid/22841
Summary:
phpMyAdmin is prone to a remote denial-of-service vulnerability.
Exploiting this issue allows remote, unauthenticated attackers to cause the application to crash, effectively denying service to legitimate users.
phpMyAdmin 2.10.0.1 and prior versions are vulnerable to this issue.
16. Xoops Multiple Unspecified SQL Injection Vulnerabilities
BugTraq ID: 22399
Remote: Yes
Last Updated: 2007-03-06
Relevant URL: http://www.securityfocus.com/bid/22399
Summary:
Xoops is prone to multiple SQL-injection vulnerabilities because it fails to properly sanitize user-supplied input before using it in an SQL query.
An attacker may be able to exploit these issues to modify the logic of SQL queries. Successful exploits may allow the attacker to compromise the software, retrieve information, or modify data; other consequences are possible as well.
Xoops 2.0.16 is vulnerable.
17. Asterisk Chan_Sip.c Unspecified Remote Denial of Service Vulnerability
BugTraq ID: 20835
Remote: Yes
Last Updated: 2007-03-06
Relevant URL: http://www.securityfocus.com/bid/20835
Summary:
Asterisk is prone to a remote denial-of-service vulnerability.
Exploiting this issue allows remote attackers to consume excessive system resources until the software becomes unresponsive to further calls, effectively denying service to legitimate users.
Asterisk versions prior to 1.2.13 and to 1.4.0-beta3 are vulnerable to this issue.
18. SnapGear Unspecified Denial Of Service Vulnerability
BugTraq ID: 22835
Remote: Yes
Last Updated: 2007-03-06
Relevant URL: http://www.securityfocus.com/bid/22835
Summary:
SnapGear is prone to a denial-of-service vulnerability because the device fails to handle exceptional conditions.
An attacker can exploit this issue to cause the affected device to stop processing packets, denying service to legitimate users.
This issue affects the 560, 585, 580, 640, 710, and 720 models.
19. WebCalendar Certain Variable Overwrite Vulnerability
BugTraq ID: 22834
Remote: Yes
Last Updated: 2007-03-06
Relevant URL: http://www.securityfocus.com/bid/22834
Summary:
WebCalendar is prone to a variable-overwrite vulnerability because the application fails to sanitize user-supplied input.
By overwriting system variables with arbitrary input, the attacker may be able perform cross-site scripting, SQL-injection, and other attacks.
Version 1.0.4 is vulnerable to this issue; prior versions may also be affected.
20. PHP4 Ovrimos Extension Code Execution Vulnerability
BugTraq ID: 22833
Remote: No
Last Updated: 2007-03-06
Relevant URL: http://www.securityfocus.com/bid/22833
Summary:
PHP4 is prone to a code-execution vulnerability due to a design error in a vulnerable extension.
For this vulnerability to occur, the non-maintained 'Ovrimos SQL Server Extension' must have been compiled into the targetted PHP implementation.
Successful exploits may allow an attacker to execute arbitrary code in the context of the affected application. Failed exploits would likely crash PHP.
PHP versions prior to 4.4.5 with a compiled 'Ovrimos SQL Server Extension' are vulnerable to this issue.
21. PHP MSSQL_Connect Local Buffer Overflow Vulnerability
BugTraq ID: 22832
Remote: No
Last Updated: 2007-03-06
Relevant URL: http://www.securityfocus.com/bid/22832
Summary:
PHP is prone to a local buffer-overflow vulnerability.
An attacker can exploit this issue to execute arbitrary machine code in the context of the affected webserver. Failed exploit attempts will likely crash the webserver, denying service to legitimate users.
PHP for Microsoft Windows versions prior to 4.4.6 are vulnerable; other versions may also be affected.
22. Mod_Security ASCIIZ Byte POST Bypass Vulnerability
BugTraq ID: 22831
Remote: Yes
Last Updated: 2007-03-06
Relevant URL: http://www.securityfocus.com/bid/22831
Summary:
Mod_Security is prone to a POST-parsing-bypass vulnerability. Successful attacks could allow an attacker to bypass mod_security restrictions and successfully submit malicious input to mod_security-protected sites.
The issue derives from a difference in the way the mod_security HTTP request parser and protected backend web-scripting languages process incoming data following ASCIIZ bytes.
This issue is reported to affect all iterations of mod_security below 2.1.0.
23. Vipul Razor-agents Multiple Unspecified Denial Of Service Vulnerabilities
BugTraq ID: 13984
Remote: Yes
Last Updated: 2007-03-06
Relevant URL: http://www.securityfocus.com/bid/13984
Summary:
Vipul Razor-agents is prone to multiple unspecified denial-of-service vulnerabilities:
- An issue resides in the discovery logic of Razor-agents.
- Another issue resides in the preprocessing code of Razor-agents.
Attackers may exploit both issues to cause a denial of service for the vulnerable application.
24. PPCal Shopping Cart Cross-Site Scripting Vulnerability
BugTraq ID: 15892
Remote: Yes
Last Updated: 2007-03-06
Relevant URL: http://www.securityfocus.com/bid/15892
Summary:
PPCal Shopping Cart is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
25. EPortfolio Client Side Input Validation Vulnerability
BugTraq ID: 22829
Remote: Yes
Last Updated: 2007-03-06
Relevant URL: http://www.securityfocus.com/bid/22829
Summary:
ePortfolio is prone to a client-side input-validation vulnerability because the application fails to sufficiently sanitize user-supplied data.
An attacker can exploit this issue to perform various attacks that are caused by input-validation vulnerabilities. These may include cross-site scripting attacks, SQL-injection attacks, and possibly others.
26. SQL-Ledger/LedgerSMB Remote Code Execution Vulnerability
BugTraq ID: 22828
Remote: Yes
Last Updated: 2007-03-06
Relevant URL: http://www.securityfocus.com/bid/22828
Summary:
SQL-Ledger/LedgerSMB products are prone to vulnerability that lets remote attackers execute arbitrary code.
Remote attackers could exploit this issue to execute arbitrary code in the context of the affected application. This could lead to the compromise of a vulnerable system.
SQL-Ledger versions prior to 2.6.25 and LedgerSMB versions prior to 1.1.5 are vulnerable.
27. MPlayer DMO File Parsing Buffer Overflow Vulnerability
BugTraq ID: 22771
Remote: Yes
Last Updated: 2007-03-08
Relevant URL: http://www.securityfocus.com/bid/22771
Summary:
MPlayer is susceptible to a buffer-overflow vulnerability when it attempts to process malformed video files. This issue occurs because the application fails to perform proper bounds-checking on user-supplied data before copying it to an insufficiently sized memory buffer.
An attacker may exploit this issue to execute arbitrary code with the privileges of the user that activated the vulnerable application. This may facilitate unauthorized access or privilege escalation.
MPlayer version 1.0rc1 is vulnerable to this issue; previous versions may also be affected.
28. TCPDump IEEE802.11 printer Remote Buffer Overflow Vulnerability
BugTraq ID: 22772
Remote: Yes
Last Updated: 2007-03-08
Relevant URL: http://www.securityfocus.com/bid/22772
Summary:
The 'tcpdump' utility is prone to a heap-based buffer-overflow vulnerability because it fails to bounds-check user-supplied input before copying it into an insufficiently sized memory buffer.
An attacker can exploit this issue to execute arbitrary malicious code in the context of the user running the affected application. Failed exploit attempts will likely crash the affected application.
This issue affects tcpdump 3.9.5 and prior versions.
29. GraphicsMagick PALM DCM Buffer Overflow Vulnerabilities
BugTraq ID: 20707
Remote: No
Last Updated: 2007-03-08
Relevant URL: http://www.securityfocus.com/bid/20707
Summary:
GraphicsMagick is prone to multiple buffer-overflow vulnerabilities because it fails to perform adequate boundary checks on user-supplied data before copying it to insufficiently sized buffers.
Successful exploits may allow an attacker to execute arbitrary machine code to compromise an affected computer or to cause denial-of-service conditions.
GraphicsMagick 1.1.7 and prior versions are vulnerable.
30. Mozilla Thunderbird/SeaMonkey/Firefox Multiple Remote Vulnerabilities
BugTraq ID: 22694
Remote: Yes
Last Updated: 2007-03-08
Relevant URL: http://www.securityfocus.com/bid/22694
Summary:
The Mozilla Foundation has released six security advisories specifying vulnerabilities in Firefox, SeaMonkey, and Thunderbird.
These vulnerabilities allow attackers to:
- Execute arbitrary code
- Cause denial-of-service conditions
- Perform cross-site scripting attacks
- Obtain potentially sensitive information
- Spoof legitimate content
Other attacks may also be possible.
31. Mozilla Firefox OnUnload Memory Corruption Vulnerability
BugTraq ID: 22679
Remote: Yes
Last Updated: 2007-03-08
Relevant URL: http://www.securityfocus.com/bid/22679
Summary:
Mozilla Firefox is prone to a remote memory-corruption vulnerability.
Successfully exploiting this issue may allow remote attackers to execute arbitrary machine code in the context of the affected application. This could facilitate the remote compromise of affected computers.
Mozilla Firefox version 2.0.0.1 is vulnerable to this issue; other versions are also likely affected.
32. Mozilla Firefox Javascript URI Remote Code Execution Vulnerability
BugTraq ID: 22826
Remote: Yes
Last Updated: 2007-03-08
Relevant URL: http://www.securityfocus.com/bid/22826
Summary:
Mozilla Firefox is prone to a remote code-execution vulnerability due to a design error.
Attackers may exploit this issue by enticing victims into visiting a malicious site.
Successful exploits may allow an attacker to crash the application or execute arbitrary code in the context of the affected application.
33. Mozilla Firefox Location.Hostname Dom Property Cookie Theft Vulnerability
BugTraq ID: 22566
Remote: Yes
Last Updated: 2007-03-08
Relevant URL: http://www.securityfocus.com/bid/22566
Summary:
Mozilla Firefox is prone to a vulnerability that allows attackers to steal cookies. This issue occurs because the application fails to sufficiently sanitize user-supplied input.
An attacker can exploit this issue to manipulate cookie-based authentication credentials for third-party web pages or to control how the site is rendered to the user. Exploiting this issue may allow the attacker to bypass the same-origin policy for cross-window/cross-frame data access; other attacks are also possible.
This issue affects version 2.0.0.1; prior versions may also be affected.
34. Mozilla Thunderbird/Seamonkey Rich Text Integer Overflow Vulnerability
BugTraq ID: 22845
Remote: Yes
Last Updated: 2007-03-08
Relevant URL: http://www.securityfocus.com/bid/22845
Summary:
Thunderbird and Seamonkey are prone to an integer-overflow vulnerability because they fail to handle excessively large specially formatted email messages.
A remote attacker can exploit this issue to execute arbitrary code; failed exploit attempts will likely result in denial-of-service conditions.
This issue affects Thunderbird versions prior to 1.5.0.10 and Seamonkey versions prior to 1.0.8.
35. GnuPG Signed Message Arbitrary Content Injection Weakness
BugTraq ID: 22757
Remote: Yes
Last Updated: 2007-03-08
Relevant URL: http://www.securityfocus.com/bid/22757
Summary:
GnuPG is prone to a weakness that may allow an attacker to add arbitrary content into a message without the end user knowing.
An attacker may be able to exploit this issue in applications using GnuPG to add arbitrary content into a signed and/or encrypted message.
Exploiting this issue depends on the individual application's use of GnuPG. Individual records will be created detailing this issue in affected applications.
36. PHP Version 5.2.0 and Prior Multiple Vulnerabilities
BugTraq ID: 22496
Remote: Yes
Last Updated: 2007-03-08
Relevant URL: http://www.securityfocus.com/bid/22496
Summary:
PHP version 5.2.0 and prior is prone to multiple security vulnerabilities. Successful exploits could allow an attacker to write files in unauthorized locations, cause a denial-of-service condition, and potentially execute code.
These issues are reported to affect PHP 4.4.4 and prior versions in the 4 branch, and 5.2.0 and prior versions in the 5 branch; other versions may also be vulnerable.
37. PHP Shared Memory Functions Resource Verification Arbitrary Code Execution Vulnerability
BugTraq ID: 22862
Remote: No
Last Updated: 2007-03-08
Relevant URL: http://www.securityfocus.com/bid/22862
Summary:
PHP shared memory functions (shmop) are prone to an arbitrary-code-execution vulnerability.
An attacker may exploit this issue to execute arbitrary code within the context of the affected webserver. The attacker may also gain access to RSA keys of the SSL certificate.
This issue affects PHP 4 versions prior to 4.4.5 and PHP 5 versions prior to 5.2.1.
38. PostGuestbook Header.PHP Remote File Include Vulnerability
BugTraq ID: 22858
Remote: Yes
Last Updated: 2007-03-08
Relevant URL: http://www.securityfocus.com/bid/22858
Summary:
PostGuestbook is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input.
An attacker can exploit this issue to include an arbitrary remote file containing malicious PHP code and execute it in the context of the webserver process. This may allow the attacker to compromise the application and the underlying system; other attacks are also possible.
This issue affects version 0.6.1; prior versions may also be affected.
39. Sun Ipmitool Interface Remote Unauthorized Access Vulnerability
BugTraq ID: 22859
Remote: Yes
Last Updated: 2007-03-08
Relevant URL: http://www.securityfocus.com/bid/22859
Summary:
Sun Ipmitool is prone to a remote unauthorized-access vulnerability.
Successful exploits will grant attackers access to administrative functionality that may be used to cause denial-of-service conditions on local or remote Sun Fire servers using the affected application.
This issue affects only the Sun Fire X2100M2 and Sun Fire X2200M2 without BMC/SP Firmware 2.9.
40. Apache mod_python Output Filter Mode Information Disclosure Vulnerability
BugTraq ID: 22849
Remote: Yes
Last Updated: 2007-03-08
Relevant URL: http://www.securityfocus.com/bid/22849
Summary:
The Apache mod_python module is prone to an information-disclosure vulnerability because of a design error in the affected application.
An attacker can exploit this issue to gain access to sensitive information that may lead to further attacks.
41. KDE Konqueror KHTML Library Title Cross Site Scripting Vulnerability
BugTraq ID: 22428
Remote: Yes
Last Updated: 2007-03-08
Relevant URL: http://www.securityfocus.com/bid/22428
Summary:
Konquerer is prone to a cross-site scripting vulnerability because the application fails to sufficiently sanitize user-supplied data.
Exploiting this issue may help the attacker steal cookie-based authentication credentials and launch other attacks.
All versions of KDE up to and including KDE 3.5.6 are vulnerable to this issue. Apple Safari web browser is also vulnerable to this issue.
42. XML-RPC for PHP Remote Code Injection Vulnerability
BugTraq ID: 14088
Remote: Yes
Last Updated: 2007-03-08
Relevant URL: http://www.securityfocus.com/bid/14088
Summary:
XML-RPC for PHP is affected by a remote code-injection vulnerability.
An attacker may exploit this issue to execute arbitrary commands or code in the context of the webserver. This may facilitate various attacks, including unauthorized remote access.
XML-RPC for PHP 1.1 and prior versions are affected by this issue. Other applications using this library are also affected.
43. Novell NetMail Multiple Buffer Overflow Vulnerabilities
BugTraq ID: 22857
Remote: Yes
Last Updated: 2007-03-08
Relevant URL: http://www.securityfocus.com/bid/22857
Summary:
Novell NetMail is prone to multiple remotely exploitable buffer-overflow vulnerabilities because it fails to do proper bounds checking on user-supplied input.
A successful exploit could let a remote attacker execute arbitrary code in the context of the affected application.
44. Clam Anti-Virus ClamAV Unspecified Quantum Decompressor Denial Of Service Vulnerability
BugTraq ID: 14058
Remote: Yes
Last Updated: 2007-03-08
Relevant URL: http://www.securityfocus.com/bid/14058
Summary:
ClamAV is prone to a denial-of-service vulnerability. The issue resides in the Quantum decompressor; the exact cause is not known.
Presumably, a remote attacker may exploit this condition using a malicious file to crash a target ClamAV server.
45. GDB Multiple Vulnerabilities
BugTraq ID: 13697
Remote: Yes
Last Updated: 2007-03-08
Relevant URL: http://www.securityfocus.com/bid/13697
Summary:
GDB is reportedly affected by multiple vulnerabilities. These issues can allow an attacker to execute arbitrary code and commands on an affected computer. A successful attack may allow the attacker to gain elevated privileges or unauthorized access.
The following specific issues were identified:
- a remote heap-overflow vulnerability when loading malformed object files.
- a local privilege-escalation vulnerability.
GDB 6.3 is reportedly affected by these issues; other versions are likely vulnerable as well. GNU binutils 2.14 and 2.15 are affected by the heap-overflow issue as well.
46. Microsoft Windows OLE32.DLL Word Document Handling Denial Of Service Vulnerability
BugTraq ID: 22847
Remote: Yes
Last Updated: 2007-03-08
Relevant URL: http://www.securityfocus.com/bid/22847
Summary:
The Microsoft 'ole32.dll' library is prone to a denial-of-service vulnerability. The issue occurs when the library handles document ('.doc') files containing large size values. It is conjectured that the execution of arbitrary code may be possible.
Software that is linked to the ole32.dll versions that reside on Microsoft Windows 2000 SP4 FR and XP SP2 FR platforms are vulnerable; other versions might alsso be affected.
47. ImageMagick And GraphicsMagick XWD Decoder Denial Of Service Vulnerability
BugTraq ID: 13705
Remote: Yes
Last Updated: 2007-03-08
Relevant URL: http://www.securityfocus.com/bid/13705
Summary:
A remote, client-side denial-of-service vulnerability affects ImageMagick and GraphicsMagick because the applications fail to handle malformed XWD image files.
A remote attacker may leverage this issue to cause the affected software to enter into an infinite loop, consuming CPU resources on the affected computer and denying service to legitimate users.
48. PSWD.JS Insecure Password Hash Weakness
BugTraq ID: 19333
Remote: Yes
Last Updated: 2007-03-08
Relevant URL: http://www.securityfocus.com/bid/19333
Summary:
Applications running pswd.js are prone to an insecure password-hash weakness. This issue is due to a design flaw that results in password hashes being created in an insecure manner.
This issue allows attackers to use precomputed password hashes in brute-force attacks and authenticate themselves against the vulnerable application running the script. A successful exploit of this issue may lead to other attacks.
49. CGI Rescue Shopping Cart Professional Remote Command Execution Vulnerability
BugTraq ID: 22245
Remote: Yes
Last Updated: 2007-03-08
Relevant URL: http://www.securityfocus.com/bid/22245
Summary:
Shopping Cart Professional is prone to a remote command-execution vulnerability because the application fails to properly sanitize user-supplied input.
Exploiting this issue allows attackers to execute arbitrary commands in the context of the server.
A successful exploit could facilitate the compromise of an affected computer; other attacks are also possible.
This issue affects versions 7.50; other versions may also be affected.
50. Call-Center-Software Add_Call.PHP HTML Injection Vulnerability
BugTraq ID: 22654
Remote: Yes
Last Updated: 2007-03-08
Relevant URL: http://www.securityfocus.com/bid/22654
Summary:
Call-Center-Software is prone to an HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied input data.
Exploiting this issue may allow an attacker to execute HTML and script code in the context of the affected site, to steal cookie-based authentication credentials, or to control how the site is rendered to the user; other attacks are also possible.
Version 0.93 is vulnerable; other versions may also be affected.
51. PHP Invoice Home.PHP Cross-Site Scripting Vulnerability
BugTraq ID: 20221
Remote: Yes
Last Updated: 2007-03-08
Relevant URL: http://www.securityfocus.com/bid/20221
Summary:
PHP Invoice is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.
An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
Version 2.2 is reported vulnerable; other versions may also be affected.
52. Kayako SupportSuite Index.PHP Multiple HTML Injection Vulnerabilities
BugTraq ID: 22631
Remote: Yes
Last Updated: 2007-03-08
Relevant URL: http://www.securityfocus.com/bid/22631
Summary:
SupportSuite is prone to multiple HTML-injection vulnerabilities because it fails to sufficiently sanitize user-supplied input data.
Exploiting these issues may allow an attacker to execute HTML and script code in the context of the affected site, to steal cookie-based authentication credentials, or to control how the site is rendered to the user; other attacks are also possible.
SupportSuite versions 3.00.13 and 3.04.10 are vulnerable; other versions may also be affected.
Unspecified versions of Kayako eSupport are also vulnerable.
53. Drupal User.Module Cross-Site Scripting Vulnerability
BugTraq ID: 19325
Remote: Yes
Last Updated: 2007-03-08
Relevant URL: http://www.securityfocus.com/bid/19325
Summary:
Drupal is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
Drupal 4.6x and 4.7x are affected by this issue.
54. Rocks Clusters Local Privilege Escalation Vulnerabilities
BugTraq ID: 19003
Remote: No
Last Updated: 2007-03-08
Relevant URL: http://www.securityfocus.com/bid/19003
Summary:
Rocks Clusters is prone to multiple local privilege-escalation vulnerabilities. These issues are due to a lack of proper sanitization of user-supplied input..
These issues allow local attackers to gain superuser privileges, facilitating the complete compromise of affected computers.
Rocks Clusters versions 4.1 and prior are vulnerable to these issues.
55. NeoEngine Format String And Denial Of Service Vulnerabilities
BugTraq ID: 18696
Remote: No
Last Updated: 2007-03-08
Relevant URL: http://www.securityfocus.com/bid/18696
Summary:
Multiple vulnerabilities exist in NeoEngine. As a result of a design error, the application fails to properly sanitize user-supplied input.
A successful attack may crash the application or lead to arbitrary code execution. This may help attackers deny service to legitimate users of the application, gain unauthorized access, or escalate privileges.
56. Apple Xsan Filesystem Path Name Buffer Overflow Vulnerability
BugTraq ID: 19579
Remote: Yes
Last Updated: 2007-03-08
Relevant URL: http://www.securityfocus.com/bid/19579
Summary:
Apple Xsan filesystem is prone to a buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied input before copying it into an insufficiently sized buffer.
This issue may allow remote attackers to execute arbitrary machine code with system privileges on computers directly attached to the vulnerable filesystem. Failed exploit attempts will likely crash the system, denying service to legitimate users.
57. Libmikmod XCOM Handler Remote Heap Buffer Overflow Vulnerability
BugTraq ID: 19134
Remote: Yes
Last Updated: 2007-03-08
Relevant URL: http://www.securityfocus.com/bid/19134
Summary:
A buffer-overflow vulnerability occurs in the libmikmod library. This issue is due to the software's failure to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer.
This issue may allow attackers to execute arbitrary machine code in the context of the affected application, which may facilitate the remote compromise of affected computers.
Versions 3.2.2 and prior are vulnerable; versions 2.x (which do not support the GT2 file format) are not vulnerable.
58. CPanel DNSlook.HTML Cross-Site Scripting Vulnerability
BugTraq ID: 21142
Remote: Yes
Last Updated: 2007-03-08
Relevant URL: http://www.securityfocus.com/bid/21142
Summary:
Cpanel is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.
An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
This issue affects version 10; other versions may also be vulnerable.
59. Adobe Reader AcroPDF.DLL Resource Consumption Denial of Service Vulnerability
BugTraq ID: 22856
Remote: Yes
Last Updated: 2007-03-08
Relevant URL: http://www.securityfocus.com/bid/22856
Summary:
Acrobat Reader is prone to a denial-of-service vulnerability.
Acrobat Reader version 8.0 is vulnerable to this issue; other versions may also be affected.
60. Cpanel Select.HTML Cross-Site Scripting Vulnerability
BugTraq ID: 18655
Remote: Yes
Last Updated: 2007-03-08
Relevant URL: http://www.securityfocus.com/bid/18655
Summary:
Cpanel is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.
An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
This issue affects version 10; other versions may also be vulnerable.
61. Jetbox CMS Config.PHP Remote File Include Vulnerability
BugTraq ID: 17861
Remote: Yes
Last Updated: 2007-03-08
Relevant URL: http://www.securityfocus.com/bid/17861
Summary:
Jetbox CMS is prone to a remote file-include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.
An attacker can exploit this issue to include an arbitrary remote file containing malicious PHP code and execute it in the context of the webserver process. This may allow the attacker to compromise the application and the underlying system; other attacks are also possible.
This issue appears to affect code that is shared by PhpDig, but the discoverer of the vulnerability has stated that the issue has been fixed in PhpDig. It is not known which versions of PhpDig are affected. After further analysis, this issue may be determined to be a PhpDig vulnerability.
62. ImageMagick PNM Image Decoding Remote Buffer Overflow Vulnerability
BugTraq ID: 13351
Remote: Yes
Last Updated: 2007-03-08
Relevant URL: http://www.securityfocus.com/bid/13351
Summary:
A remotely exploitable client-side buffer-overflow vulnerability affects ImageMagick. This issue occurs because the application fails to properly validate the length of user-supplied strings before copying them into static process buffers.
An attacker may exploit this issue to cause the affected application to crash, potentially destroying unsaved data, ultimately denying service to legitimate users.
63. Ipswitch IMail Server/Collaboration Suite Multiple Buffer Overflow Vulnerabilities
BugTraq ID: 22852
Remote: Yes
Last Updated: 2007-03-08
Relevant URL: http://www.securityfocus.com/bid/22852
Summary:
Ipswitch IMail Server/Collaboration Suite is prone to multiple buffer-overflow vulnerabilities because the software fails to properly check boundaries on user-supplied data before copying it to an insufficiently sized buffer.
Successful attacks allow arbitrary code to run, facilitating the remote compromise of affected computers. Failed exploit attempts likely cause the application to crash.
Ipswitch Collaboration 2006 Suite Premium, IMail, and IMail Plus are vulnerable to these issues.
64. SpamAssassin Malformed Email Header Remote Denial Of Service Vulnerability
BugTraq ID: 13978
Remote: Yes
Last Updated: 2007-03-08
Relevant URL: http://www.securityfocus.com/bid/13978
Summary:
SpamAssassin is prone to a remote denial-of-service vulnerability because the application fails to properly handle overly long email headers.
Further details regarding this vulnerability are currently not available. This BID will be updated as more information is disclosed.
An attacker may cause SpamAssassin to take inordinate amounts of time to check a specially crafted email message. By sending many malicious messages, the attacker may be able to cause extremely large delays in email delivery, denying service to legitimate users.
65. Invision Power Board Profile.PHP Input Validation Vulnerability
BugTraq ID: 16518
Remote: Yes
Last Updated: 2007-03-08
Relevant URL: http://www.securityfocus.com/bid/16518
Summary:
Invision Power Board is prone to an unspecified input-validation vulnerability.
Very little is known about this vulnerability; this BID will be updated when more details become available.
Versions 2.0.0 through 2.1.4 are vulnerable; other versions may also be affected.
Conflicting reports indicate that this issue may not be exploitable.
The vendor refutes that this issue is not exploitable after performing further analysis on the vulnerable application.
66. Dreameesoft Password Master Local Authentication Bypass Vulnerability
BugTraq ID: 19983
Remote: No
Last Updated: 2007-03-08
Relevant URL: http://www.securityfocus.com/bid/19983
Summary:
Dreameesoft Password Master is prone to an authentication-bypass vulnerability due to a design error.
Setting a master password may lead to a false sense of security, since users may expect that this results in an encrypted database. This vulnerability implies that this is not the case, because an attacker may be able to remove the master password.
Successful exploits may allow an attacker with local access to a mobile device running the vulnerable software to bypass the application's authentication methods and retrieve sensitive information.
Version 1.0 is vulnerable to this issue; other versions may also be affected.
67. SUSE Linux Multiple Local Privilege Escalation Vulnerabilities
BugTraq ID: 15040
Remote: No
Last Updated: 2007-03-08
Relevant URL: http://www.securityfocus.com/bid/15040
Summary:
Multiple SUSE Linux applications are prone to a local privilege-escalation vulnerability because affected binaries handle the 'LD_LIBRARY_PATH' variable in an unsafe manner.
A local attacker may exploit this vulnerability to execute arbitrary code in shared libraries in the context of a user that runs the affected application.
Other unspecified packages are affected; if these other packages contain setuid-superuser privileges, then local escalation of privileges may be possible.
68. Radscan Conquest Multiple Remote Vulnerabilities
BugTraq ID: 22855
Remote: Yes
Last Updated: 2007-03-08
Relevant URL: http://www.securityfocus.com/bid/22855
Summary:
Conquest is prone to multiple remotely exploitable vulnerabilities, including a stack-based buffer-overflow vulnerability and a memory-corruption vulnerability.
An attacker can exploit these issues to execute arbitrary code within the context of the affected application or cause the affected application to crash, denying service to legitimate users.
These issues affect version 8.2a; prior versions may also be affected.
69. Util-Linux Umount Filesystem NULL Pointer Dereference Vulnerability
BugTraq ID: 22850
Remote: No
Last Updated: 2007-03-08
Relevant URL: http://www.securityfocus.com/bid/22850
Summary:
Util-Linux 'umount' is prone to a NULL-pointer dereference vulnerability.
A local attacker can exploit this issue to crash the affected application, denying service to legitimate users. The attacker may also be able to obtain sensitive information, including the contents of core files.
Util-Linux Umount implemented on Linux kernel 2.6.15 is reported vulnerable to this issue.
70. Clam Anti-Virus ClamAV Mac OS X Command Execution Vulnerability
BugTraq ID: 13795
Remote: Yes
Last Updated: 2007-03-08
Relevant URL: http://www.securityfocus.com/bid/13795
Summary:
Clam Anti-Virus ClamAV running on Mac OS X is affected by a command-execution vulnerability.
Reportedly, when the application handles a suspected infected file, it cannot be removed. The application may attempt to copy the file to another location using the Mac OS X 'ditto' utility. Since the 'ditto' utility is called in an insecure manner and since the responsible function fails to sanitize the filename, an attacker can include arbitrary commands in the filename that will be executed in the context of ClamAV.
An attacker can exploit this issue to gain unauthorized access to an affected computer. Note that exploitation is possible only when a malicious file is copied.
ClamAV versions 0.80rc4 to 0.84rc2 are affected by this issue.
71. Computer Associates Virus Definition Downgrade Vulnerability
BugTraq ID: 19399
Remote: Yes
Last Updated: 2007-03-08
Relevant URL: http://www.securityfocus.com/bid/19399
Summary:
A flaw in the Computer Associates WebScan product reportedly could cause the application's virus definitions to be downgraded to a previous version.
This presents a security risk because the virus definitions in question may be out of date and may not effectively detect newer variants of malicious code.
72. WinZip ActiveX Control Remote Code Execution Vulnerability
BugTraq ID: 21060
Remote: Yes
Last Updated: 2007-03-08
Relevant URL: http://www.securityfocus.com/bid/21060
Summary:
WinZip is prone to a remote code-execution vulnerability in an ActiveX control that is installed with the package.
Exploiting this issue allows remote attackers to execute arbitrary machine code in the context of applications using the affected ActiveX control and possibly to compromise affected computers.
WinZip versions in the 10.0 series prior to build 7245 are vulnerable to this issue.
73. Todd Miller Sudo Local Race Condition Vulnerability
BugTraq ID: 13993
Remote: No
Last Updated: 2007-03-08
Relevant URL: http://www.securityfocus.com/bid/13993
Summary:
Sudo is prone to a local race-condition vulnerability. The issue manifests itself only under certain conditions, specifically, when the 'sudoers' configuration file contains a pseudo-command 'ALL' that directly follows a user's 'sudoers' entry.
When such a configuration exists, local attackers may leverage this issue to execute arbitrary executables with escalated privileges. Attackers may achieve this by creating symbolic links to target files.
74. Lazarus Guestbook Multiple Unspecified Cross-Site Scripting Vulnerabilities
BugTraq ID: 22868
Remote: Yes
Last Updated: 2007-03-08
Relevant URL: http://www.securityfocus.com/bid/22868
Summary:
Lazarus Guestbook is prone to multiple unspecified cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
An attacker may leverage these issues to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
Versions prior to 1.7.3 are vulnerable.
75. Flat Chat Startsession.PHP Remote PHP Code Execution Vulnerability
BugTraq ID: 22865
Remote: Yes
Last Updated: 2007-03-08
Relevant URL: http://www.securityfocus.com/bid/22865
Summary:
Flat Chat is prone to an arbitrary PHP code-execution vulnerability because the application fails to properly sanitize user-supplied input.
An attacker can exploit this issue to execute arbitrary malicious PHP code in the context of the webserver process. This may help the attacker compromise the application and the underlying system; other attacks are also possible.
Version 2.0 is vulnerable to this issue.
76. RETIRED: VBulletin Event Admincp/Index.PHP RSS HTML Injection Vulnerability
BugTraq ID: 22790
Remote: Yes
Last Updated: 2007-03-07
Relevant URL: http://www.securityfocus.com/bid/22790
Summary:
vBulletin is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content.
Attacker-supplied HTML and script code would run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials and to control how the site is rendered to the user; other attacks are also possible.
This issue is reported to affect vBulletin 3.6.5 and prior versions.
UPDATE: This BID is being retired because further information shows that the application isn't vulnerable to this issue.
77. Nullsoft Winamp Malformed Playlist File Handling Remote Buffer Overflow Vulnerability
BugTraq ID: 16410
Remote: Yes
Last Updated: 2007-03-07
Relevant URL: http://www.securityfocus.com/bid/16410
Summary:
Winamp is susceptible to a buffer-overflow vulnerability when handling specially crafted playlist files.
An attacker may exploit this issue to gain unauthorized access to a computer with the privileges of the user that activated the vulnerable application.
Winamp 5.11 and 5.12 are reportedly affected by this issue.
78. LibTIFF TIFFOpen Buffer Overflow Vulnerability
BugTraq ID: 13585
Remote: Yes
Last Updated: 2007-03-07
Relevant URL: http://www.securityfocus.com/bid/13585
Summary:
LibTIFF is prone to a buffer-overflow vulnerability. The issue occurs in the 'TIFFOpen()' function when malformed TIFF files are opened. Successful exploitation could lead to arbitrary code execution.
79. GNU GZip Archive Handling Multiple Remote Vulnerabilities
BugTraq ID: 20101
Remote: Yes
Last Updated: 2007-03-07
Relevant URL: http://www.securityfocus.com/bid/20101
Summary:
The gzip utility is prone to multiple remote buffer-overflow and denial-of-service vulnerabilities when handling malicious archive files.
Successful exploits may allow a remote attacker to corrupt process memory by triggering an overflow condition. This may lead to arbitrary code execution in the context of an affected user and may facilitate a remote compromise. Attackers may also trigger denial-of-service conditions by crashing or hanging the application.
Specific information regarding affected versions of gzip is currently unavailable. This BID will be updated as more information is released.
80. Drupal Nodefamily Module Security Bypass Vulnerability
BugTraq ID: 22853
Remote: Yes
Last Updated: 2007-03-07
Relevant URL: http://www.securityfocus.com/bid/22853
Summary:
Drupal Nodefamily is prone to a security-bypass vulnerability.
A remote attacker can exploit this issue to gain unauthorized access to the profiles of other users. This may lead to other attacks.
Nodefamily versions before Drupal 5.x-1.0 are affected by this issue.
81. GNU Fileutils Directory Removal Race Condition Vulnerability
BugTraq ID: 4266
Remote: No
Last Updated: 2007-03-07
Relevant URL: http://www.securityfocus.com/bid/4266
Summary:
GNU fileutils is a freely available, open-source file manager. It is designed for use on Linux and other UNIX-like operating systems.
Under some circumstances, a local user may be able to remove the root directory of the system. Due to inadequate file locking and an insecure 'chdir' call, an attacker could move files from the '/tmp' directory into the root directory. The problem occurs with a directory tree that has several single subdirectories in '/tmp' when the root user tries to remove the directories recursively. If the root user tries to recursively remove the directory tree from '/tmp' and if the directory tree is writable by another user, then the user could move a high-level directory into '/tmp' after the 'rm' program has descended the tree. The 'rm' program would then ascend from the '/tmp' directory to the root directory, recursively removing the contents of the root directory.
82. Microsoft Excel NULL Pointer Dereference Denial Of Service Vulnerability
BugTraq ID: 22717
Remote: Yes
Last Updated: 2007-03-07
Relevant URL: http://www.securityfocus.com/bid/22717
Summary:
Microsoft Excel is reportedly prone to a denial-of-service vulnerability. This issue occurs when the application handles a specially crafted file. This issue stems from a NULL-pointer dereference.
Initial reports indicate that this issue is distinct from that outlined in BID 22555 Microsoft Excel Remote Denial Of Service Vulnerability.
Exploitation could cause the application to crash, resulting in a denial of service.
83. PHP 5 Substr_Compare Integer Overflow Vulnerability
BugTraq ID: 22851
Remote: No
Last Updated: 2007-03-07
Relevant URL: http://www.securityfocus.com/bid/22851
Summary:
PHP 5 'substr_compare()' function is prone to an integer-overflow vulnerability because it fails to ensure that integer values aren't overrun.
A local attacker can exploit this vulnerability to obtain sensitive information (such as stack offsets, variables, and canaries) that may aid in other attacks.
PHP 5 version 5.2.1 and earlier are reported vulnerable to this issue.
84. Apple Quicktime UDTA ATOM Integer Overflow Vulnerability
BugTraq ID: 22844
Remote: Yes
Last Updated: 2007-03-07
Relevant URL: http://www.securityfocus.com/bid/22844
Summary:
Apple QuickTime is prone to an integer-overflow vulnerability when processing specially crafted MOV files.
An attacker can exploit this issue to execute arbitrary code in the context of a user running the application. Failed attempts can cause denial-of-service conditions.
Versions prior to 7.1.5 are vulnerable.
This issue was previously discussed in BID 22827 (Apple QuickTime Multiple Unspecified Code Execution Vulnerabilities), but has been assigned its own record because of new information.
85. Squid Proxy Unspecified DNS Spoofing Vulnerability
BugTraq ID: 13592
Remote: Yes
Last Updated: 2007-03-07
Relevant URL: http://www.securityfocus.com/bid/13592
Summary:
Squid Proxy is prone to an unspecified DNS-spoofing vulnerability. This could allow malicious users to perform DNS-spoofing attacks on Squid Proxy clients on unprotected networks.
This issue affects Squid Proxy versions 2.5 and earlier.
86. Squid Proxy Set-Cookie Headers Information Disclosure Vulnerability
BugTraq ID: 12716
Remote: Yes
Last Updated: 2007-03-07
Relevant URL: http://www.securityfocus.com/bid/12716
Summary:
Squid Proxy is prone to an information-disclosure vulnerability.
Reportedly, remote attackers may gain access to Set-Cookie headers related to another user. Information gathered through exploiting this issue may aid in further attacks against services related to the cookie, potentially allowing for session hijacking.
Squid Proxy 2.5 STABLE7 to 2.5 STABLE9 are vulnerable to this issue.
87. Squid Proxy Oversize HTTP Headers Unspecified Remote Vulnerability
BugTraq ID: 12412
Remote: Yes
Last Updated: 2007-03-07
Relevant URL: http://www.securityfocus.com/bid/12412
Summary:
A remote unspecified vulnerability reportedly affects Squid Proxy. This issue is due to the application's failure to properly handle malformed HTTP headers.
The impact of this issue is currently unknown. This BID will be updated when more information becomes available.
88. ClamAV CAB File Remote Denial of Service Vulnerability
BugTraq ID: 22580
Remote: Yes
Last Updated: 2007-03-07
Relevant URL: http://www.securityfocus.com/bid/22580
Summary:
ClamAV is prone to a denial-of-service vulnerability.
An attacker can exploit this vulnerability to prevent the software from scanning certain types of data. When it encounters the data, the application will reject it. This can result in denial-of-service conditions.
Versions prior to 0.90 stable are vulnerable.
89. ClamAV MIME Header ID Parameter String Directory Traversal Vulnerability
BugTraq ID: 22581
Remote: Yes
Last Updated: 2007-03-07
Relevant URL: http://www.securityfocus.com/bid/22581
Summary:
ClamAV is prone to a directory-traversal vulnerability because it fails to properly sanitize user-supplied input.
An attacker can exploit this vulnerability to create or overwrite arbitrary files on vulnerable computers in the context of the affected application. This may aid in further attacks.
This issue affects ClamAV versions prior to the 0.90 stable release.
90. Squid Proxy NTLM Fakeauth_Auth Memory Leak Remote Denial Of Service Vulnerability
BugTraq ID: 12324
Remote: Yes
Last Updated: 2007-03-07
Relevant URL: http://www.securityfocus.com/bid/12324
Summary:
Squid is reported to be susceptible to a denial-of-service vulnerability in its NTLM authentication module.
This vulnerability presents itself when an attacker sends unspecified NTLM data to Squid. The issue is caused by a memory leak -- memory allocated to store a base64-decoded string is not freed.
Presumably, this issue allows an attacker to cause the NTLM helper application to run out of memory and fail.
91. STLPort Library Multiple Unspecified Buffer Overflow Vulnerabilities
BugTraq ID: 22423
Remote: Yes
Last Updated: 2007-03-07
Relevant URL: http://www.securityfocus.com/bid/22423
Summary:
The STLport library is prone to multiple unspecified buffer-overflow vulnerabilities because the library fails to properly bounds-check user-supplied input before copying it to insufficiently sized memory buffers.
Exploiting these issues may allow attackers to execute arbitrary machine code in the context of applications that use the library. Depending on the nature of the applications using the library, these issues may be locally or remotely exploited. Failed exploit attempts may crash the affected applications.
STLport versions prior to 5.0.3 are affected by these issues.
92. Linux Kernel ListXATTR Local Denial of Service Vulnerability
BugTraq ID: 22316
Remote: No
Last Updated: 2007-03-07
Relevant URL: http://www.securityfocus.com/bid/22316
Summary:
The Linux Kernel is prone to a denial-of-service vulnerability.
Successful exploits will result in denial-of-service conditions or potentially privilege escalation.
93. Linux Kernel Key_Alloc_Serial() Local Denial of Service Vulnerability
BugTraq ID: 22539
Remote: No
Last Updated: 2007-03-07
Relevant URL: http://www.securityfocus.com/bid/22539
Summary:
The Linux Kernel is prone to a denial-of-service vulnerability.
A successful attack can allow local attackers to trigger a crash and deny service to legitimate users.
Kernel versions 2.6.x are vulnerable.
94. Silc Server New Channel Remote Denial Of Service Vulnerability
BugTraq ID: 22846
Remote: Yes
Last Updated: 2007-03-07
Relevant URL: http://www.securityfocus.com/bid/22846
Summary:
SILC Server is prone to a denial-of-service vulnerability because the application fails to handle exceptional conditions.
An attacker can exploit this issue to crash the affected server, effectively denying service to legitimate users.
This issue affects version 1.0.2; other versions may also be affected.
95. Linux Kernel ELF Core Dump Local Buffer Overflow Vulnerability
BugTraq ID: 13589
Remote: No
Last Updated: 2007-03-07
Relevant URL: http://www.securityfocus.com/bid/13589
Summary:
The Linux kernel is susceptible to a local buffer-overflow vulnerability when attempting to create ELF coredumps. This issue is due to an integer-overflow flaw that results in a kernel buffer overflow during a 'copy_from_user()' call.
To exploit this vulnerability, a malicious user creates a malicious ELF executable designed to create a negative 'len' variable in 'elf_core_dump()'.
Local users may exploit this vulnerability to execute arbitrary machine code in the context of the kernel, facilitating privilege escalation.
**Update: This vulnerability does not exist in the 2.6 kernel tree.
96. Mercury Mail Transport System Concatenated Data Buffer Overflow Vulnerability
BugTraq ID: 21110
Remote: Yes
Last Updated: 2007-03-07
Relevant URL: http://www.securityfocus.com/bid/21110
Summary:
Mercury Mail Transport System is prone to a remote buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data before copying it to an insufficiently sized memory buffer.
An attacker may exploit this issue to execute arbitrary machine code in the context of the user running the application. Failed exploit attempts will likely result in denial-of-service conditions.
Version 4.01b is vulnerable; other versions may also be affected.
97. Smarty Smarty.Class.PHP Remote File Include Vulnerability
BugTraq ID: 20557
Remote: Yes
Last Updated: 2007-03-07
Relevant URL: http://www.securityfocus.com/bid/20557
Summary:
Smarty is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input.
An attacker can exploit this issue to include an arbitrary remote file containing malicious PHP code and execute it in the context of the webserver process. This may allow the attacker to compromise the application and the underlying system; other attacks are also possible.
Version 2.6.9 is affected.
98. Avaya Communications Manager Javascript Remote Code Execution Vulnerability
BugTraq ID: 22866
Remote: Yes
Last Updated: 2007-03-07
Relevant URL: http://www.securityfocus.com/bid/22866
Summary:
Avaya Communications Manager is prone to a remote Javascript code-execution vulnerability due to a design error.
Successful exploits may allow an attacker to execute arbitrary Javascript code in the context of the affected application.
All versions of Avaya S8700, S8500, S8300 products prior to CM 3.1.3 are confirmed vulnerable to these issues.
99. RealNetworks RealPlayer RealText Parsing Heap Overflow Vulnerability
BugTraq ID: 14048
Remote: Yes
Last Updated: 2007-03-06
Relevant URL: http://www.securityfocus.com/bid/14048
Summary:
RealPlayer is prone to a remote heap-overflow vulnerability because the application fails to properly bounds-check user-supplied data before copying it to an insufficiently sized memory buffer.
Specifically, the application fails to bounds-check user-supplied data contained in RealText files, resulting in the possibility of overflowing a heap buffer. Attackers can control the contents of critical memory control structures and write arbitrary data to arbitrary memory locations.
Exploiting this issue allows attackers to execute arbitrary machine code in the context of the user running the affected application.
100. D-BUS Session Bus Local Privilege Escalation Vulnerability
BugTraq ID: 12435
Remote: No
Last Updated: 2007-03-06
Relevant URL: http://www.securityfocus.com/bid/12435
Summary:
A local privilege-escalation vulnerability affects D-BUS because it fails to properly secure message-bus sessions.
An attacker may leverage this issue to send messages to the message bus of an unsuspecting user. This may facilitate command execution with the privileges of the unsuspecting user, ultimately leading to privilege escalation.
III. SECURITYFOCUS NEWS ARTICLES
--------------------------------
1. Stormy weather for malware defenses
By: Robert Lemos
The misnamed Storm Worm, actually a Trojan horse, underscores the difficulties that evolving tactics pose for defenders. <em>The second article in a two-part series.</em>
http://www.securityfocus.com/news/11446
2. Maynor reveals missing Apple flaws
By: Robert Lemos
Security researcher David Maynor shows off the code for exploiting a vulnerability in the native Mac OS X wireless drivers revealed last summer as well as e-mails showing he notified Apple.
http://www.securityfocus.com/news/11445
3. Legal threats scuttle RFID flaw demo
By: Robert Lemos
Security technology giant HID uses patent claims to silence a security researcher scheduled to detail issues in radio-frequency identification (RFID) technology at a conference this week.
http://www.securityfocus.com/news/11444
4. Google Desktop flaw allows data theft
By: Robert Lemos
A security firm warns Google Desktop users to update after the search giant fixes a vulnerability in the program that could allow an attacker to use JavaScript to search for and steal specific data on a user's system.
http://www.securityfocus.com/news/11443
IV. SECURITY JOBS LIST SUMMARY
-------------------------------
1. [SJ-JOB] Sr. Security Analyst, Westlake Village
http://www.securityfocus.com/archive/77/462155
2. [SJ-JOB] Sr. Security Analyst, Long Island
http://www.securityfocus.com/archive/77/462156
3. [SJ-JOB] VP, Information Security, London
http://www.securityfocus.com/archive/77/462120
4. [SJ-JOB] Security Consultant, London
http://www.securityfocus.com/archive/77/462121
5. [SJ-JOB] Forensics Engineer, Cupertino
http://www.securityfocus.com/archive/77/462055
6. [SJ-JOB] Manager, Information Security, Bangalore
http://www.securityfocus.com/archive/77/461997
7. [SJ-JOB] Security System Administrator, St. Louis Park
http://www.securityfocus.com/archive/77/461900
8. [SJ-JOB] Penetration Engineer, Dubai
http://www.securityfocus.com/archive/77/461898
9. [SJ-JOB] Security Architect, Prague
http://www.securityfocus.com/archive/77/461899
10. [SJ-JOB] Security Consultant, Buckinghamshire
http://www.securityfocus.com/archive/77/461903
11. [SJ-JOB] Sales Representative, Atlanta
http://www.securityfocus.com/archive/77/461765
12. [SJ-JOB] Security Consultant, Mons
http://www.securityfocus.com/archive/77/461766
13. [SJ-JOB] Security Consultant, Tallahassee
http://www.securityfocus.com/archive/77/461767
14. [SJ-JOB] Security Engineer, Woking
http://www.securityfocus.com/archive/77/461713
15. [SJ-JOB] Information Assurance Analyst, Mumbai
http://www.securityfocus.com/archive/77/461714
16. [SJ-JOB] Management, London
http://www.securityfocus.com/archive/77/461715
17. [SJ-JOB] Security Consultant, Winnipeg
http://www.securityfocus.com/archive/77/461667
18. [SJ-JOB] Sr. Security Engineer, Montvale
http://www.securityfocus.com/archive/77/461668
19. [SJ-JOB] Security Engineer, Frankfurt
http://www.securityfocus.com/archive/77/461631
20. [SJ-JOB] VP, Information Security, Warren
http://www.securityfocus.com/archive/77/461626
21. [SJ-JOB] VP, Information Security, Warren
http://www.securityfocus.com/archive/77/461627
22. [SJ-JOB] Security Architect, Sydney
http://www.securityfocus.com/archive/77/461625
23. [SJ-JOB] Security Consultant, Dallas
http://www.securityfocus.com/archive/77/461629
V. INCIDENTS LIST SUMMARY
---------------------------
VI. VULN-DEV RESEARCH LIST SUMMARY
-----------------------------------
1. HITBSecConf2007 - Malaysia: Call for Papers now Open
http://www.securityfocus.com/archive/82/461901
2. Woltlab Burning Board (wbb) 2.3.6 CSRF/XSS - 0day
http://www.securityfocus.com/archive/82/461740
3. Black And White Ball (Con) - March Press Release
http://www.securityfocus.com/archive/82/461728
VII. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. MBSA alternative?
http://www.securityfocus.com/archive/88/461690
VIII. SUN FOCUS LIST SUMMARY
----------------------------
IX. LINUX FOCUS LIST SUMMARY
----------------------------
X. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to sf-news-unsubscribe (at) securityfocus (dot) com [email concealed] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.
If your email address has changed email listadmin (at) securityfocus (dot) com [email concealed] and ask to be manually removed.
XI. SPONSOR INFORMATION
------------------------
This Issue is Sponsored by: Watchfire
As web applications become increasingly complex, tremendous amounts of sensitive data - personal, medical and financial - are exchanged, and stored. Consumers expect and demand security for this information. This whitepaper examines a few vulnerability detection methods - specifically comparing and contrasting manual penetration testing with automated scanning tools. Download "Automated Scanning or Manual Penetration Testing?" today!
https://www.watchfire.com/securearea/whitepapers.aspx?id=701500000008fGD
[ reply ]