SecurityFocus News
SecurityFocus Newsletter #491 Feb 19 2009 11:40PM
sfa securityfocus com
SecurityFocus Newsletter #491
----------------------------------------

This issue is sponsored by Purewire

NEW! White Paper: "Hackers Announce Open Season on Web 2.0 Users and Browsers"

Learn how hackers are exploiting your employees Web surfing to gain entry into your network. Drive-by Downloads, Click Jacking, AJAX, XSS and Browser vulns are just some of the nasty attack methods hackers are coming up with and it's no longer good enough to block known bad URL's. Download this white paper now to mitigate your online security risks.

http://www.purewire.com/lp/sec/

SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1. Free Market Filtering
2. Don't Blame the Browser
II. BUGTRAQ SUMMARY
1. Gnumeric 'PySys_SetArgv' Remote Command Execution Vulnerability
2. Libpng Library Uninitialized Pointer Arrays Memory Corruption Vulnerabilities
3. Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability
4. Apache Tomcat JSP Example Web Applications Cross Site Scripting Vulnerability
5. Apache Tomcat Manager and Host Manager Upload Script Cross-Site Scripting Vulnerability
6. Apache Tomcat WebDav Remote Information Disclosure Vulnerability
7. Apache Tomcat Multiple Remote Information Disclosure Vulnerabilities
8. Scriptsez Easy Image Downloader 'main.php' Local File Include Vulnerability
9. Scriptsez Mini Hosting Panel 'members.php' Local File Include Vulnerability
10. Apache Tomcat JULI Logging Component Default Security Policy Vulnerability
11. Apache Tomcat Host Manager Cross Site Scripting Vulnerability
12. Apache Tomcat Parameter Processing Remote Information Disclosure Vulnerability
13. BlackBerry Application Web Loader ActiveX Control Remote Buffer Overflow Vulnerability
14. IPsec-Tools Multiple Remote Denial Of Service Vulnerabilities
15. Oracle January 2009 Critical Patch Update Multiple Vulnerabilities
16. IBM WebSphere Message Broker Information Disclosure Vulnerability
17. RETIRED: Drupal 'install.php' Local File Include Vulnerability
18. RETIRED: Microsoft February 2009 Advance Notification Multiple Vulnerabilities
19. RETIRED: Apple Mac OS X 2009-001 Multiple Security Vulnerabilities
20. Apple Mac OS X 'FSEvents' Local Information Disclosure Vulnerability
21. Apple Mac OS X Remote Apple Events Uninitialized Buffer Information Disclosure Vulnerability
22. Apple Mac OS X 'dscl' Local Information Disclosure Vulnerability
23. TXTshop 'header.php' Local File Include Vulnerability
24. Apple Mac OS X Remote Apple Events Out of Bounds Memory Access Security Vulnerability
25. Apple Mac OS X AFP Server Remote Denial of Service Vulnerability
26. Apple Mac OS X 'csregprinter' Local Privilege Escalation Vulnerability
27. GoAhead WebServer Authentication Bypass and Multiple Denial of Service Vulnerabilities
28. GoAhead Webserver ASP Script File Source Code Disclosure Vulnerability
29. OpenSSL 'EVP_VerifyFinal' Function Signature Verification Vulnerability
30. Mozilla Firefox International Domain Name Subdomain URI Spoofing Vulnerability
31. University of Washington IMAP 'tmail' and 'dmail' Local Buffer Overflow Vulnerabilities
32. OpenBSD bgpd Remote Denial of Service Vulnerability
33. CUPS Multiple Heap Based Buffer Overflow Vulnerabilities
34. Microsoft Internet Explorer Uninitialized Memory Remote Code Execution Vulnerability
35. Bugzilla HTML Injection and Cross Site Request Forgery Vulnerabilities
36. Online Grades Login Parameters SQL Injection Vulnerabilities
37. Bugzilla Pseudo-Random Number Generator Shared Seed Vulnerability
38. Bugzilla Quip Manipulation Security Bypass Vulnerability
39. Samba Registry Share Name Unauthorized Access Vulnerability
40. Fujitsu Enhanced Support Facility Information Disclosure Vulnerability
41. Fujitsu Jasmine2000 Enterprise Edition WebLink HTTP Response Splitting Vulnerability
42. SAS Hotel Management System Admin.ASP Multiple SQL Injection Vulnerabilities
43. plxWebDev plx Autoreminder 'members.php' SQL Injection Vulnerability
44. SAS Hotel Management System Arbitrary File Upload Vulnerability
45. Yaws Multiple Header Request Denial of Service Vulnerability
46. TangoCMS 'listeners.php' Cross Site Scripting Vulnerability
47. Got All Media URI Handling Remote Denial of Service Vulnerability
48. SBLIM-SFCB Unspecified Vulnerability
49. libvirt Local Security Bypass Vulnerability
50. MediaWiki Cross Site Scripting And Multiple HTML Injection Vulnerabilities
51. Netatalk Printing Request Arbitrary Command Injection Vulnerability
52. Audacity 'lib-src/allegro/strparse.cpp' Buffer Overflow Vulnerability
53. Jetty Dump Servlet Cross Site Scripting Vulnerability
54. WikkaWiki 'backlinks' Handler Information Disclosure Vulnerability
55. OpenSC CardOS M4 Smart Cards Insecure Permissions Vulnerability
56. Futomi's CGI Cafe Search CGI Password Reset Security Bypass Vulnerability
57. sblim-sfcb 'genSslCert.sh' Insecure Temporary File Creation Vulnerability
58. Perl 'rmdir()' Local Race Condition Privilege Escalation Vulnerability
59. winetricks 'x_showmenu.txt' Insecure Temporary File Creation Vulnerability
60. phpPgAdmin '_language' Parameter Local File Include Vulnerability
61. VirtualBox 'ipcdUnix.cpp' Insecure Temporary File Creation Vulnerability
62. Grestul Multiple SQL Injection Vulnerabilities
63. libvirt 'libvirt_proxy.c' Local Privilege Escalation Vulnerability
64. PyCrypto ARC2 Module Buffer Overflow Vulnerability
65. Profense Cross Site Request Forgery and Cross Site Scripting Vulnerabilities
66. FFmpeg 'libavformat/4xm.c' Remote Code Execution Vulnerability
67. Dovecot ACL Plugin Multiple Security Bypass Vulnerabilities
68. pam-krb5 'KRB5CCNAME' Environment Variable Local Privilege Escalation Vulnerability
69. pam-krb5 Local Privilege Escalation Vulnerability
70. University of Washington IMAP c-client Remote Format String Vulnerability
71. Vivvo 404 Error Page Cross Site Scripting Vulnerability
72. GraphicsMagick Multiple Remote Vulnerabilities
73. Git Snapshot Generation and Pickaxe Search Arbitrary Command Injection Vulnerability
74. Git gitweb 'diff.external' Local Privilege Escalation Vulnerability
75. Git gitweb Unspecified Remote Command Execution Vulnerability
76. Git Pathname Multiple Buffer Overflow Vulnerabilities
77. Elecard MPEG Player '.m3u' File Remote Stack Buffer Overflow Vulnerability
78. Adobe Flash Player 'asfunction' Cross Site Scripting Vulnerability
79. Ubuntu xorg-driver-fglrx 'LD_LIBRARY_PATH' Remote Command Execution Vulnerability
80. OpenNMS 'surveillanceView.htm' Cross-Site Scripting Vulnerability
81. SUSE blinux Buffer Overflow Vulnerability
82. jhead 'DoCommand()' Arbitrary File Deletion Vulnerability
83. jhead 'DoCommand()' Arbitrary Command Execution Vulnerability
84. jhead Versions Prior to 2.84 Multiple Vulnerabilities
85. Multiple Vendor OpenSSL 'DSA_verify' Function Signature Verification Vulnerability
86. Camtasia Studio 'csPreloader' Remote Code Execution Vulnerability
87. InfoSoft FusionCharts SWF Flash File Remote Code Execution Vulnerability
88. Windows Live Messenger Charset Data Remote Denial Of Service Vulnerability
89. Linux Kernel 64 Bit ABI System Call Parameter Privilege Escalation Vulnerability
90. xine-lib OGG Processing Remote Denial of Service Vulnerability
91. xine-lib 1.1.14 Multiple Remote Buffer Overflow Vulnerabilities
92. xine-lib MP3 Processing Remote Denial of Service Vulnerability
93. xine-lib 1.1.15 and Prior Multiple Remote Vulnerabilities
94. Apache 'mod_proxy_ftp' Wildcard Characters Cross-Site Scripting Vulnerability
95. Apache 'mod_proxy_http' Interim Response Denial of Service Vulnerability
96. Apache Tomcat 'HttpServletResponse.sendError()' Cross Site Scripting Vulnerability
97. Apache Tomcat Cookie Quote Handling Remote Information Disclosure Vulnerability
98. Joomla! and Mambo JoomRadio Component 'id' Parameter SQL Injection Vulnerability
99. Apache Tomcat Information Disclosure Vulnerability
100. Apache Tomcat Host Manager Servlet Cross Site Scripting Vulnerability
III. SECURITYFOCUS NEWS
1. Advisor: U.S. needs policy to defend cyberspace
2. Cabal forms to fight Conficker, offers bounty
3. Group releases list to kill most-dangerous bugs
4. Group attacks flaw in browser crypto security
IV. SECURITY JOBS LIST SUMMARY
V. INCIDENTS LIST SUMMARY
VI. VULN-DEV RESEARCH LIST SUMMARY
VII. MICROSOFT FOCUS LIST SUMMARY
VIII. SUN FOCUS LIST SUMMARY
IX. LINUX FOCUS LIST SUMMARY
1. CanSecWest 2009 Speakers and Dojo courses (Mar 14-20)
2. DEFCON 17 CFP now open
X. UNSUBSCRIBE INSTRUCTIONS
XI. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1.Free Market Filtering
By Mark Rasch
The Australian government is considering requiring that Internet service providers in that country install filters which would prevent citizens from accessing tens of thousands of sites that contain "objectionable" material.
http://www.securityfocus.com/columnists/493

2.Don't Blame the Browser
Melih Abdulhayoglu
There was a time when most diseases were fatal for humans. Intense study and research helped doctors manage diseases better, and subsequently even prevent them altogether.
http://www.securityfocus.com/columnists/492

II. BUGTRAQ SUMMARY
--------------------
1. Gnumeric 'PySys_SetArgv' Remote Command Execution Vulnerability
BugTraq ID: 33438
Remote: Yes
Last Updated: 2009-02-19
Relevant URL: http://www.securityfocus.com/bid/33438
Summary:
Gnumeric is prone to a remote command-execution vulnerability.

An attacker could exploit this issue by enticing an unsuspecting victim to execute the vulnerable application in a directory containing a malicious Python file. A successful exploit will allow arbitrary Python commands to run with the privileges of the currently logged-in user.

2. Libpng Library Uninitialized Pointer Arrays Memory Corruption Vulnerabilities
BugTraq ID: 33827
Remote: Yes
Last Updated: 2009-02-19
Relevant URL: http://www.securityfocus.com/bid/33827
Summary:
The 'libpng' library is prone to multiple memory-corruption vulnerabilities because it fails to properly initialize data structures.

Successful exploits may allow remote attackers to cause denial-of-service conditions or potentially execute arbitrary code on computers running the affected library.

These issues affect versions prior to 'libpng' 1.0.43 and 1.2.35.

3. Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability
BugTraq ID: 30494
Remote: Yes
Last Updated: 2009-02-18
Relevant URL: http://www.securityfocus.com/bid/30494
Summary:
Apache Tomcat is prone to a remote information-disclosure vulnerability.

Remote attackers can exploit this issue to obtain the contents of sensitive files stored on the server. Information obtained may lead to further attacks.

The following versions are affected:

Apache Tomcat 4.1.0 to 4.1.37
Apache Tomcat 5.5.0 to 5.5.26
Apache Tomcat 6.0.0 to 6.0.16

Apache Tomcat 3.x, 4.0.x, and 5.0.x may also be affected.

4. Apache Tomcat JSP Example Web Applications Cross Site Scripting Vulnerability
BugTraq ID: 24476
Remote: Yes
Last Updated: 2009-02-18
Relevant URL: http://www.securityfocus.com/bid/24476
Summary:
Apache Tomcat is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.

Exploiting this vulnerability may allow an attacker to perform cross-site scripting attacks on unsuspecting users in the context of the affected website. As a result, the attacker may be able to steal cookie-based authentication credentials and to launch other attacks.

5. Apache Tomcat Manager and Host Manager Upload Script Cross-Site Scripting Vulnerability
BugTraq ID: 24475
Remote: Yes
Last Updated: 2009-02-18
Relevant URL: http://www.securityfocus.com/bid/24475
Summary:
Apache Tomcat Manager and Host Manager are prone to a cross-site scripting vulnerability because the applications fail to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

6. Apache Tomcat WebDav Remote Information Disclosure Vulnerability
BugTraq ID: 26070
Remote: Yes
Last Updated: 2009-02-18
Relevant URL: http://www.securityfocus.com/bid/26070
Summary:
Apache Tomcat is prone to a remote information-disclosure vulnerability

Remote attackers can exploit this issue to obtain the contents of sensitive files stored on the server.

7. Apache Tomcat Multiple Remote Information Disclosure Vulnerabilities
BugTraq ID: 25316
Remote: Yes
Last Updated: 2009-02-18
Relevant URL: http://www.securityfocus.com/bid/25316
Summary:
Apache Tomcat is prone to multiple information-disclosure vulnerabilities because it fails to adequately sanitize user-supplied data.

Attackers can exploit these issues to access potentially sensitive data that may aid in further attacks.

Versions prior to Apache Tomcat 6.0.14 are vulnerable.

8. Scriptsez Easy Image Downloader 'main.php' Local File Include Vulnerability
BugTraq ID: 31695
Remote: Yes
Last Updated: 2009-02-18
Relevant URL: http://www.securityfocus.com/bid/31695
Summary:
Scriptsez Easy Image Downloader is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.

An attacker can exploit this vulnerability using directory-traversal strings to view local files within the context of the webserver process. Information harvested may aid in further attacks.

9. Scriptsez Mini Hosting Panel 'members.php' Local File Include Vulnerability
BugTraq ID: 31701
Remote: Yes
Last Updated: 2009-02-18
Relevant URL: http://www.securityfocus.com/bid/31701
Summary:
Scriptsez Mini Hosting Panel is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.

An attacker can exploit this vulnerability using directory-traversal strings to view local files within the context of the webserver process. Information harvested may aid in further attacks.

10. Apache Tomcat JULI Logging Component Default Security Policy Vulnerability
BugTraq ID: 27006
Remote: No
Last Updated: 2009-02-18
Relevant URL: http://www.securityfocus.com/bid/27006
Summary:
Apache Tomcat is prone to a vulnerability that can allow third-party web applications to write files to arbitrary locations with the privileges of Tomcat.

This issue stems from an inadequate default security policy.

Attackers can leverage this issue to write or overwrite arbitrary log file data in unauthorized locations.

Tomcat 5.5.9 through 5.5.25 and 6.0.0 through 6.0.15 are vulnerable.

11. Apache Tomcat Host Manager Cross Site Scripting Vulnerability
BugTraq ID: 29502
Remote: Yes
Last Updated: 2009-02-18
Relevant URL: http://www.securityfocus.com/bid/29502
Summary:
Apache Tomcat is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. The issue affects the Host Manager web application.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

The issue affects the following versions:

Tomcat 5.5.9 to 5.5.26
Tomcat 6.0.0 to 6.0.16

12. Apache Tomcat Parameter Processing Remote Information Disclosure Vulnerability
BugTraq ID: 27703
Remote: Yes
Last Updated: 2009-02-18
Relevant URL: http://www.securityfocus.com/bid/27703
Summary:
Apache Tomcat is prone to a remote information-disclosure vulnerability because the application fails to properly handle exceptions.

Remote attackers can exploit this issue to obtain potentially sensitive information.

The issue affects Tomcat 6.0.5 to 6.0.15.

13. BlackBerry Application Web Loader ActiveX Control Remote Buffer Overflow Vulnerability
BugTraq ID: 33663
Remote: Yes
Last Updated: 2009-02-18
Relevant URL: http://www.securityfocus.com/bid/33663
Summary:
Research in Motion BlackBerry Application Web Loader ActiveX control is prone to a remote stack-based buffer-overflow vulnerability.

An attacker can exploit this issue to execute arbitrary code in the context of an application using the ActiveX control (typically Internet Explorer). Failed attacks will likely cause denial-of-service conditions.

BlackBerry Application Web Loader 1.0 is vulnerable.

14. IPsec-Tools Multiple Remote Denial Of Service Vulnerabilities
BugTraq ID: 30657
Remote: Yes
Last Updated: 2009-02-18
Relevant URL: http://www.securityfocus.com/bid/30657
Summary:
IPsec-Tools is affected by multiple remote denial-of-service vulnerabilities because the software fails to properly handle certain network packets.

A successful attack allows a remote attacker to crash the software, denying further service to legitimate users.

Versions prior to IPsec-Tools 0.7.1 are vulnerable.

15. Oracle January 2009 Critical Patch Update Multiple Vulnerabilities
BugTraq ID: 33177
Remote: Yes
Last Updated: 2009-02-18
Relevant URL: http://www.securityfocus.com/bid/33177
Summary:
Oracle has released the January 2009 critical patch update. The update addresses 41 vulnerabilities affecting the following software:

Oracle Database
Oracle Secure Backup
Oracle TimesTen In-Memory Database
Oracle Application Server
Oracle Collaboration Suite
Oracle E-Business Suite Release
Oracle Enterprise Manager Grid Control
PeopleSoft Enterprise HRMS
JD Edwards Tools
Oracle WebLogic Server (formerly BEA WebLogic Server)
Oracle WebLogic Portal (formerly BEA WebLogic Portal)

16. IBM WebSphere Message Broker Information Disclosure Vulnerability
BugTraq ID: 33819
Remote: No
Last Updated: 2009-02-18
Relevant URL: http://www.securityfocus.com/bid/33819
Summary:
IBM WebSphere Message Broker is prone to a local information-disclosure vulnerability caused by a design error.

Exploiting this issue may allow a local attacker to access sensitive information about database connections such as unencrypted passwords, potentially allowing them to gain unauthorized access. This may aid in further attacks.

This issue affects IBM WebSphere Message Broker 6.1.

17. RETIRED: Drupal 'install.php' Local File Include Vulnerability
BugTraq ID: 33685
Remote: Yes
Last Updated: 2009-02-18
Relevant URL: http://www.securityfocus.com/bid/33685
Summary:
Drupal is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.

An attacker can exploit this vulnerability to view files and execute local scripts in the context of the webserver process. This may aid in further attacks.

Drupal 6.9 is vulnerable; other versions may also be affected.

UPDATE (February 12, 2009): The vendor indicates that they cannot reproduce this issue. We will update this BID further as more information emerges.

UPDATE (February 18, 2009): The vendor indicates that the issue is not exploitable as described. This BID is retired.

18. RETIRED: Microsoft February 2009 Advance Notification Multiple Vulnerabilities
BugTraq ID: 33639
Remote: Yes
Last Updated: 2009-02-18
Relevant URL: http://www.securityfocus.com/bid/33639
Summary:
Microsoft has released advance notification that the vendor will be releasing four security bulletins on February 10, 2009. The highest severity rating for these issues is 'Critical'.

These issues affect:

- Internet Explorer
- Exchange
- SQL Server
- Office

Successfully exploiting these issues may allow remote or local attackers to compromise affected computers.

NOTE: The following individual records have been created to document these issues:

33627 Microsoft Internet Explorer Uninitialized Memory Remote Code Execution Vulnerability
33628 Microsoft Internet Explorer CSS Memory Corruption Remote Code Execution Vulnerability
33134 Microsoft Exchange Server TNEF Decoding Remote Command Execution Vulnerability
33136 Microsoft Exchange Server EMSMDB2 MAPI Command Remote Denial of Service Vulnerability
32710 Microsoft SQL Server 'sp_replwritetovarbin' Remote Memory Corruption Vulnerability
33659 Microsoft Visio Object Validation Remote Code Execution Vulnerability
33660 Microsoft Visio Object Copy Memory Corruption Remote Code Execution Vulnerability
33661 Microsoft Visio Memory Corruption Remote Code Execution Vulnerability

19. RETIRED: Apple Mac OS X 2009-001 Multiple Security Vulnerabilities
BugTraq ID: 33759
Remote: Yes
Last Updated: 2009-02-18
Relevant URL: http://www.securityfocus.com/bid/33759
Summary:
Apple Mac OS X is prone to multiple security vulnerabilities that have been addressed in Security Update 2009-001.

The security update addresses new vulnerabilities that affect the AFP server, movie playing, Resource Manager, Certificate Assistant, CoreText, 'dscl', Folder Manager, FSEvents, csregprinter, Remote Apple Event Viewer, Safari, Xterm, and SMB components of Mac OS X. The advisory also contains security updates for 32 previously reported issues.

NOTE: The new issues have been covered in the following BIDs to better document them:

33806 Apple Mac OS X Pixlet Video Handling Remote Code Execution Vulnerability
33820 Apple Mac OS X Insecure Downloads Folder Permissions Information Disclosure Vulnerability
33815 Apple Mac OS X 'dscl' Local Information Disclosure Vulnerability
33816 Apple Mac OS X Remote Apple Events Uninitialized Buffer Information Disclosure Vulnerability
33814 Apple Mac OS X Remote Apple Events Out of Bounds Memory Access Security Vulnerability
33813 Apple Mac OS X Server Manager Authentication Bypass Security Vulnerability
33812 Apple Mac OS X AFP Server Remote Denial of Service Vulnerability
33810 Apple Mac OS X Certificate Assistant Insecure Temporary File Creation Vulnerability
33811 Apple Mac OS X 'csregprinter' Local Privilege Escalation Vulnerability
33808 Apple Mac OS X Resource Manager Remote Code Execution Vulnerability
33809 Apple Mac OS X CoreText Unicode String Handling Heap Based Buffer Overflow Vulnerability
33800 Apple Mac OS X SMB Component Unspecified Buffer Overflow Vulnerability
33798 Apple Mac OS X Xterm Local Privilege Escalation Vulnerability
33796 Apple Mac OS X SMB File System Remote Denial Of Service Vulnerability
33234 Apple Safari 'feed:' URI Multiple Input Validation Vulnerabilities
33821 Apple Mac OS X 'FSEvents' Local Information Disclosure Vulnerabilit

20. Apple Mac OS X 'FSEvents' Local Information Disclosure Vulnerability
BugTraq ID: 33821
Remote: No
Last Updated: 2009-02-18
Relevant URL: http://www.securityfocus.com/bid/33821
Summary:
The FSEvents system included with Apple Mac OS X is prone to a local information-disclosure vulnerability.

A local attacker may exploit this issue to gain potentially sensitive information that may aid in further attacks.

This issue affects Mac OS X 10.5.6 (both client and server).

NOTE: This issue was previously covered in BID 33759 (Apple Mac OS X 2009-001 Multiple Security Vulnerabilities), but has been assigned its own record to better document it.

21. Apple Mac OS X Remote Apple Events Uninitialized Buffer Information Disclosure Vulnerability
BugTraq ID: 33816
Remote: Yes
Last Updated: 2009-02-18
Relevant URL: http://www.securityfocus.com/bid/33816
Summary:
Apple Mac OS X is prone to an information-disclosure vulnerability that affects the Remote Apple Events component.

A remote attacker may exploit this issue to gain access to memory contents, which may aid in further attacks.

The issue affects Mac OS X v10.4.11 and v10.5.6 (client and server).

NOTE: This issue was previously covered in BID 33759 (Apple Mac OS X 2009-001 Multiple Security Vulnerabilities), but has been assigned its own record to better document it.

22. Apple Mac OS X 'dscl' Local Information Disclosure Vulnerability
BugTraq ID: 33815
Remote: No
Last Updated: 2009-02-18
Relevant URL: http://www.securityfocus.com/bid/33815
Summary:
The 'dscl' application included with Apple Mac OS X is prone to a local information-disclosure vulnerability that may reveal user passwords to attackers.

A local attacker may exploit this issue to gain information about user passwords. This may aid in further attacks.

This issue affects Mac OS X 10.4.11 and 10.5.6 (both client and server).

NOTE: This issue was previously covered in BID 33759 (Apple Mac OS X 2009-001 Multiple Security Vulnerabilities), but has been assigned its own record to better document it.

23. TXTshop 'header.php' Local File Include Vulnerability
BugTraq ID: 31885
Remote: Yes
Last Updated: 2009-02-18
Relevant URL: http://www.securityfocus.com/bid/31885
Summary:
TXTshop is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.

An attacker can exploit this vulnerability to access potentially sensitive information and execute arbitrary local scripts in the context of the webserver process. This may allow the attacker to compromise the application and the underlying computer; other attacks are also possible.

TXTshop 1.0b is vulnerable; other versions may also be affected.

24. Apple Mac OS X Remote Apple Events Out of Bounds Memory Access Security Vulnerability
BugTraq ID: 33814
Remote: Yes
Last Updated: 2009-02-18
Relevant URL: http://www.securityfocus.com/bid/33814
Summary:
Apple Mac OS X is prone to an out-of-bounds memory-access vulnerability that affects the Remote Apple Events component.

A remote attacker may exploit this issue to gain access to memory contents or to crash the affected process, causing a denial-of-service condition.

The issue affects Mac OS X v10.4.11 and v10.5.6 (client and server).

NOTE: This issue was previously covered in BID 33759 (Apple Mac OS X 2009-001 Multiple Security Vulnerabilities), but has been assigned its own record to better document it.

25. Apple Mac OS X AFP Server Remote Denial of Service Vulnerability
BugTraq ID: 33812
Remote: Yes
Last Updated: 2009-02-18
Relevant URL: http://www.securityfocus.com/bid/33812
Summary:
Apple Mac OS X AFP Server is prone to a remote denial-of-service vulnerability that can allow an attacker to cause the service to crash.

This issue affects Mac OS X 10.5.6 (both client and server).

NOTE: This issue was previously covered in BID 33759 (Apple Mac OS X 2009-001 Multiple Security Vulnerabilities), but has been assigned its own record to better document it.

26. Apple Mac OS X 'csregprinter' Local Privilege Escalation Vulnerability
BugTraq ID: 33811
Remote: No
Last Updated: 2009-02-18
Relevant URL: http://www.securityfocus.com/bid/33811
Summary:
Apple Mac OS X is prone to a local privilege-escalation vulnerability that affects the 'csregprinter' component.

Local attackers can exploit this issue to execute arbitrary code with SYSTEM-level privileges, which may facilitate a complete compromise of the affected computer.

This issue affects Mac OS X v10.4.11 and v10.5.6 (client and server).

NOTE: This issue was previously covered in BID 33759 (Apple Mac OS X 2009-001 Multiple Security Vulnerabilities), but has been assigned its own record to better document it.

27. GoAhead WebServer Authentication Bypass and Multiple Denial of Service Vulnerabilities
BugTraq ID: 33838
Remote: Yes
Last Updated: 2009-02-19
Relevant URL: http://www.securityfocus.com/bid/33838
Summary:
GoAhead WebServer is prone to an authentication-bypass vulnerability and multiple denial-of-service vulnerabilities.

A remote attacker may exploit these issues to gain access to protected documents or to create a denial-of-service condition.

Versions prior to GoAhead WebServer 2.1.6 are vulnerable.

28. GoAhead Webserver ASP Script File Source Code Disclosure Vulnerability
BugTraq ID: 9239
Remote: Yes
Last Updated: 2009-02-19
Relevant URL: http://www.securityfocus.com/bid/9239
Summary:
A vulnerability in GoAhead webserver may result in the disclosure of the source code of ASP script files. The vulnerability occurs because the application fails to sanitize HTTP requests.

An attacker can append certain characters to the end of an HTTP request for a specific ASP file. As a result, GoAhead webserver will disclose the contents of the requested ASP script file to the attacker.

This issue affects GoAhead 2.1.7 and earlier.

29. OpenSSL 'EVP_VerifyFinal' Function Signature Verification Vulnerability
BugTraq ID: 33150
Remote: Yes
Last Updated: 2009-02-19
Relevant URL: http://www.securityfocus.com/bid/33150
Summary:
OpenSSL is prone to a signature-verification vulnerability.

An attacker would likely leverage this issue by first carrying out a man-in-the-middle attack. The attacker would most likely exploit this issue to conduct phishing attacks or to impersonate legitimate sites. Other attacks are likely possible.

Releases prior to OpenSSL 0.9.8j are affected.

30. Mozilla Firefox International Domain Name Subdomain URI Spoofing Vulnerability
BugTraq ID: 33837
Remote: Yes
Last Updated: 2009-02-19
Relevant URL: http://www.securityfocus.com/bid/33837
Summary:
Mozilla Firefox is affected by a URI-spoofing vulnerability because it fails to adequately handle specific characters in international domain name (IDN) subdomains.

An attacker may leverage this issue to spoof the source URI of a site presented to an unsuspecting user. This may lead to a false sense of trust because the user may be presented with a source URI of a trusted site while interacting with the attacker's malicious site.

Firefox 3.0.6 is vulnerable; other versions may also be affected.

31. University of Washington IMAP 'tmail' and 'dmail' Local Buffer Overflow Vulnerabilities
BugTraq ID: 32072
Remote: No
Last Updated: 2009-02-19
Relevant URL: http://www.securityfocus.com/bid/32072
Summary:
University of Washington IMAP 'tmail' and 'dmail' are prone to local buffer-overflow vulnerabilities because they fail to perform adequate boundary checks on user-supplied data.

The attacker can exploit this issue to execute arbitrary code within the context of the vulnerable application, possibly resulting in elevated privileges. Since 'tmail' is installed setuid root by default, this may result in a complete compromise of the vulnerable computer.

The following applications are vulnerable:

University of Washington imap-2007c and earlier
University of Washington Alpine 2.00
Panda Programming imap

32. OpenBSD bgpd Remote Denial of Service Vulnerability
BugTraq ID: 33828
Remote: Yes
Last Updated: 2009-02-19
Relevant URL: http://www.securityfocus.com/bid/33828
Summary:
OpenBSD Border Gateway Protocol daemon ('bgpd') is prone to a remote denial-of-service vulnerability when processing long Autonomous System (AS) paths.

Exploiting this issue allows remote attackers to potentially cause denial-of-service conditions.

OpenBSD 4.4 and 4.3 are vulnerable.

33. CUPS Multiple Heap Based Buffer Overflow Vulnerabilities
BugTraq ID: 31690
Remote: Yes
Last Updated: 2009-02-19
Relevant URL: http://www.securityfocus.com/bid/31690
Summary:
CUPS is prone to multiple heap-based buffer-overflow vulnerabilities because it fails to perform adequate boundary checks on user-supplied data before using it to allocate memory buffers.

Remote attackers can exploit these issues to execute arbitrary code within the context of the affected application. Failed exploit attempts will likely cause a denial-of-service condition. Note that local attackers may also exploit these vulnerabilities to elevate privileges.

Successful remote exploits may require printer sharing to be enabled on the vulnerable system.

These issues affect versions prior to CUPS 1.3.9.

34. Microsoft Internet Explorer Uninitialized Memory Remote Code Execution Vulnerability
BugTraq ID: 33627
Remote: Yes
Last Updated: 2009-02-19
Relevant URL: http://www.securityfocus.com/bid/33627
Summary:
Microsoft Internet Explorer is prone to a remote code-execution vulnerability.

Attackers can exploit this issue to execute arbitrary code in the context of the user running the application. Successful exploits will compromise the application and possibly the underlying computer. Failed attacks will cause denial-of-service conditions.

35. Bugzilla HTML Injection and Cross Site Request Forgery Vulnerabilities
BugTraq ID: 33580
Remote: Yes
Last Updated: 2009-02-19
Relevant URL: http://www.securityfocus.com/bid/33580
Summary:
Bugzilla is prone to multiple remote vulnerabilities, including an HTML-injection issue and cross-site request-forgery issues.

An attacker can exploit these issues to execute arbitrary script code in a user's browser in the context of the application, steal cookie-based authentication credentials, obtain sensitive information, and perform arbitrary actions in the context of the logged-in user.

These issues affect versions prior to Bugzilla 2.22.7, 3.0.7, 3.2.1, and 3.3.2.

36. Online Grades Login Parameters SQL Injection Vulnerabilities
BugTraq ID: 33576
Remote: Yes
Last Updated: 2009-02-19
Relevant URL: http://www.securityfocus.com/bid/33576
Summary:
Online Grades is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Online Grades 3.2.4 is vulnerable; other versions may also be affected.

37. Bugzilla Pseudo-Random Number Generator Shared Seed Vulnerability
BugTraq ID: 33581
Remote: Yes
Last Updated: 2009-02-19
Relevant URL: http://www.securityfocus.com/bid/33581
Summary:
Bugzilla is prone to a vulnerability caused by the use of a shared random seed. This issue occurs when Bugzilla is running under mod_perl.

An attacker may exploit this issue to predict random values generated by Bugzilla. This may reveal sensitive information such as attachment files or may allow the attacker to bypass cross-site request-forgery protection by predicting random token values. Other attacks may also be possible.

This issue affects Bugzilla 3.0.7, 3.2.1, and 3.3.2 when run under mod_perl.

38. Bugzilla Quip Manipulation Security Bypass Vulnerability
BugTraq ID: 32178
Remote: Yes
Last Updated: 2009-02-19
Relevant URL: http://www.securityfocus.com/bid/32178
Summary:
Bugzilla is prone to a security-bypass vulnerability.

An attacker may leverage this issue to modify quip status, despite the attacker's insufficient privileges.

This issue affects Bugzilla 2.17.6 through 3.2rc1, 3.0.5, 2.22.5, and 2.20.6.

39. Samba Registry Share Name Unauthorized Access Vulnerability
BugTraq ID: 33118
Remote: Yes
Last Updated: 2009-02-19
Relevant URL: http://www.securityfocus.com/bid/33118
Summary:
Samba is prone to an unauthorized-access vulnerability that occurs when registry shares are enabled.

An attacker who has authenticated access to the affected application can exploit this issue to gain access to the root filesystem.

40. Fujitsu Enhanced Support Facility Information Disclosure Vulnerability
BugTraq ID: 33831
Remote: Yes
Last Updated: 2009-02-19
Relevant URL: http://www.securityfocus.com/bid/33831
Summary:
Fujitsu Enhanced Support Facility is prone to an information-disclosure vulnerability.

Exploiting this issue allows remote attackers to obtain potentially sensitive information about the hardware and software configuration on affected computers. This may aid them in further attacks.

The issue affects Enhanced Support Facility 3.0 and 3.0.1.

41. Fujitsu Jasmine2000 Enterprise Edition WebLink HTTP Response Splitting Vulnerability
BugTraq ID: 33832
Remote: Yes
Last Updated: 2009-02-19
Relevant URL: http://www.securityfocus.com/bid/33832
Summary:
Fujitsu Jasmine2000 Enterprise Edition is prone to an HTTP response-splitting vulnerability because it fails to sufficiently sanitize user-supplied data.

Attackers can leverage this issue to influence or misrepresent how web content is served, cached, or interpreted. This could aid in various attacks that try to entice client users into a false sense of trust.

42. SAS Hotel Management System Admin.ASP Multiple SQL Injection Vulnerabilities
BugTraq ID: 25246
Remote: Yes
Last Updated: 2009-02-19
Relevant URL: http://www.securityfocus.com/bid/25246
Summary:
SAS Hotel Management System is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

43. plxWebDev plx Autoreminder 'members.php' SQL Injection Vulnerability
BugTraq ID: 33106
Remote: Yes
Last Updated: 2009-02-19
Relevant URL: http://www.securityfocus.com/bid/33106
Summary:
plxWebDev plx Autoreminder is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

This issue affects plx Autoreminder 3.7; other versions may also be affected.

Update (19th February, 2009): The vendor reports that the application is not vulnerable. Symantec has not been able to confirm this information.

44. SAS Hotel Management System Arbitrary File Upload Vulnerability
BugTraq ID: 33817
Remote: Yes
Last Updated: 2009-02-19
Relevant URL: http://www.securityfocus.com/bid/33817
Summary:
SAS Hotel Management System is prone to a vulnerability that lets attackers upload arbitrary files. The issue occurs because the software fails to adequately sanitize user-supplied input.

An attacker can exploit this vulnerability to upload arbitrary code and execute it in the context of the webserver process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible.

45. Yaws Multiple Header Request Denial of Service Vulnerability
BugTraq ID: 33834
Remote: Yes
Last Updated: 2009-02-19
Relevant URL: http://www.securityfocus.com/bid/33834
Summary:
Yaws is prone to a remote denial-of-service vulnerability because it fails to handle infinite header requests.

Successfully exploiting this issue will allow attackers to cause the affected application to consume memory, eventually denying service to legitimate users.

Versions prior to Yaws 1.80 are vulnerable.

46. TangoCMS 'listeners.php' Cross Site Scripting Vulnerability
BugTraq ID: 33833
Remote: Yes
Last Updated: 2009-02-19
Relevant URL: http://www.securityfocus.com/bid/33833
Summary:
TangoCMS is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

Versions prior to TangoCMS 2.2.4 are vulnerable.

47. Got All Media URI Handling Remote Denial of Service Vulnerability
BugTraq ID: 33830
Remote: Yes
Last Updated: 2009-02-19
Relevant URL: http://www.securityfocus.com/bid/33830
Summary:
Got All Media is prone to a remote denial-of-service vulnerability when processing URI requests.

Exploiting this issue allows remote attackers to cause denial-of-service conditions by crashing the application.

Got All Media 7.0.0.3 is vulnerable; other versions may be affected as well.

48. SBLIM-SFCB Unspecified Vulnerability
BugTraq ID: 33829
Remote: Yes
Last Updated: 2009-02-19
Relevant URL: http://www.securityfocus.com/bid/33829
Summary:
SBLIM-SFCB (Small Footprint CIM Broker) is prone to an unspecified vulnerability.

Currently, very little is known about this issue. We will update this BID as more information emerges.

This issue affects Small Footprint CIM Broker versions prior to 1.3.3.

49. libvirt Local Security Bypass Vulnerability
BugTraq ID: 32905
Remote: No
Last Updated: 2009-02-18
Relevant URL: http://www.securityfocus.com/bid/32905
Summary:
The 'libvirt' library is prone to a local security-bypass vulnerability.

Successful exploits may give attackers access to privileged operations.

This issue affects libvirt 0.3.2 through 0.5.1.

50. MediaWiki Cross Site Scripting And Multiple HTML Injection Vulnerabilities
BugTraq ID: 32844
Remote: Yes
Last Updated: 2009-02-18
Relevant URL: http://www.securityfocus.com/bid/32844
Summary:
MediaWiki is prone to a cross-site scripting vulnerability and multiple HTML-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data.

Attacker-supplied HTML or JavaScript code could run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials and to control how the site is rendered to the user; other attacks are also possible.

Versions prior to MediaWiki 1.13.3, 1.12.1, and 1.6.11 are vulnerable to these issues.

51. Netatalk Printing Request Arbitrary Command Injection Vulnerability
BugTraq ID: 32925
Remote: Yes
Last Updated: 2009-02-18
Relevant URL: http://www.securityfocus.com/bid/32925
Summary:
Netatalk is prone to a vulnerability that lets attackers inject arbitrary commands. The issue occurs because the software fails to sufficiently sanitize user-supplied input.

An attacker can exploit this issue to execute arbitrary commands in the context of the user running the application.

Versions prior to Netatalk 2.0.4-beta2 are vulnerable

52. Audacity 'lib-src/allegro/strparse.cpp' Buffer Overflow Vulnerability
BugTraq ID: 33090
Remote: Yes
Last Updated: 2009-02-18
Relevant URL: http://www.securityfocus.com/bid/33090
Summary:
Audacity is prone a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data.

Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the application. Failed exploit attempts likely result in denial-of-service conditions.

Audacity 1.6.2 is vulnerable; other versions may also be affected.

53. Jetty Dump Servlet Cross Site Scripting Vulnerability
BugTraq ID: 26697
Remote: Yes
Last Updated: 2009-02-18
Relevant URL: http://www.securityfocus.com/bid/26697
Summary:
Jetty is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.

Exploiting this issue allows an attacker to execute arbitrary HTML or script code in a user's browser session in the context of an affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.

Versions prior to Jetty 6.1.6 are vulnerable.

54. WikkaWiki 'backlinks' Handler Information Disclosure Vulnerability
BugTraq ID: 33793
Remote: Yes
Last Updated: 2009-02-18
Relevant URL: http://www.securityfocus.com/bid/33793
Summary:
WikkaWiki is prone to an information-disclosure vulnerability because it fails to restrict access to certain webpages.

An attacker can exploit this vulnerability to obtain information about restricted pages (such as page titles).

The issue affects versions prior to WikkaWiki 1.1.6.6.

55. OpenSC CardOS M4 Smart Cards Insecure Permissions Vulnerability
BugTraq ID: 30473
Remote: No
Last Updated: 2009-02-18
Relevant URL: http://www.securityfocus.com/bid/30473
Summary:
OpenSC insecurely initializes smart cards and USB crypto tokens based on Seimens CardOS M4.

Attackers can leverage this issue to change the PIN number on a card without having knowledge of the existing PIN or PUK number. Successfully exploiting this issue allows attackers to use the card in further attacks.

NOTE: This issue cannot be leveraged to access an existing PIN number.

This issue occurs in versions prior to OpenSC 0.11.6.

56. Futomi's CGI Cafe Search CGI Password Reset Security Bypass Vulnerability
BugTraq ID: 33409
Remote: Yes
Last Updated: 2009-02-18
Relevant URL: http://www.securityfocus.com/bid/33409
Summary:
Futomi's CGI Cafe Search CGI is prone to a security-bypass vulnerability because it fails to adequately restrict access to the password-reset feature.

An attacker can exploit this issue to gain administrative access to the application, which may allow the attacker to compromise the application; other attacks are also possible.

Versions up to and including Futomi's CGI Cafe Search CGI 1.1.2 are vulnerable.

57. sblim-sfcb 'genSslCert.sh' Insecure Temporary File Creation Vulnerability
BugTraq ID: 33583
Remote: No
Last Updated: 2009-02-18
Relevant URL: http://www.securityfocus.com/bid/33583
Summary:
The 'sblim-sfcb' package creates temporary files in an insecure manner.

An attacker with local access could potentially exploit this issue to perform symbolic-link attacks, overwriting arbitrary files in the context of the affected application.

Successfully mounting a symlink attack may allow the attacker to delete or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.

This issue affects sblim-sfcb 1.3.2; other versions may also be affected.

58. Perl 'rmdir()' Local Race Condition Privilege Escalation Vulnerability
BugTraq ID: 12767
Remote: No
Last Updated: 2009-02-18
Relevant URL: http://www.securityfocus.com/bid/12767
Summary:
Perl is reported prone to a local race-condition vulnerability. The issue resides in the 'rmtree()' function provided by the 'File::Path.pm' module.

A successful attack may allow an attacker to gain elevated privileges on a vulnerable computer.

UPDATE (December 2, 2008): This issue has been reported in Perl 5.8.8 and 5.10.

59. winetricks 'x_showmenu.txt' Insecure Temporary File Creation Vulnerability
BugTraq ID: 33474
Remote: No
Last Updated: 2009-02-18
Relevant URL: http://www.securityfocus.com/bid/33474
Summary:
The 'winetricks' script creates a temporary file in an insecure manner.

An attacker with local access could perform symbolic-link attacks, overwriting arbitrary files in the context of the affected application.

Successfully mounting a symlink attack may allow the attacker to delete or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.

Versions prior to winetricks 20081223 are vulnerable.

60. phpPgAdmin '_language' Parameter Local File Include Vulnerability
BugTraq ID: 32670
Remote: Yes
Last Updated: 2009-02-18
Relevant URL: http://www.securityfocus.com/bid/32670
Summary:
phpPgAdmin is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.

An attacker can exploit this vulnerability to view files and execute local scripts in the context of the webserver process. This may aid in further attacks.

The issue affects phpPgAdmin 4.2.1 and prior versions.

61. VirtualBox 'ipcdUnix.cpp' Insecure Temporary File Creation Vulnerability
BugTraq ID: 32444
Remote: No
Last Updated: 2009-02-18
Relevant URL: http://www.securityfocus.com/bid/32444
Summary:
VirtualBox creates temporary files in an insecure manner.

An attacker with local access could perform symbolic-link attacks, overwriting arbitrary files in the context of the affected application.

Successfully mounting a symlink attack may allow the attacker to delete or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.

Versions prior to VirtualBox 2.0.6 are vulnerable.

62. Grestul Multiple SQL Injection Vulnerabilities
BugTraq ID: 33792
Remote: Yes
Last Updated: 2009-02-18
Relevant URL: http://www.securityfocus.com/bid/33792
Summary:
Grestul is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Grestul 1.0.6 is vulnerable; other versions may also be affected.

63. libvirt 'libvirt_proxy.c' Local Privilege Escalation Vulnerability
BugTraq ID: 33724
Remote: No
Last Updated: 2009-02-18
Relevant URL: http://www.securityfocus.com/bid/33724
Summary:
The 'libvirt' library is prone to a local privilege-escalation vulnerability because it fails perform adequate boundary checks on user-supplied data.

Local attackers can exploit this issue to execute arbitrary code with superuser privileges. Successfully exploiting this issue will result in the complete compromise of affected computers. Failed exploit attempts will result in a denial-of-service condition.

The issue affects libvirt 0.5.1; other versions may also be affected.

64. PyCrypto ARC2 Module Buffer Overflow Vulnerability
BugTraq ID: 33674
Remote: Yes
Last Updated: 2009-02-18
Relevant URL: http://www.securityfocus.com/bid/33674
Summary:
PyCrypto (Python Cryptography Toolkit) is prone to a buffer-overflow vulnerability because it fails to adequately verify user-supplied input.

Successful exploits may allow attackers to execute arbitrary code in the context of applications using the vulnerable module. Failed attempts may lead to a denial-of-service condition.

65. Profense Cross Site Request Forgery and Cross Site Scripting Vulnerabilities
BugTraq ID: 33523
Remote: Yes
Last Updated: 2009-02-18
Relevant URL: http://www.securityfocus.com/bid/33523
Summary:
Profense is prone to a cross-site scripting vulnerability and a cross-site request-forgery vulnerability.

An attacker can exploit the cross-site request forgery issue to alter the settings on affected devices. This may lead to further network-based attacks.

The attacker can exploit the cross-site scripting issue to execute arbitrary script code in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials. Other attacks are also possible.

Profense 2.6.2 is vulnerable; other versions may also be affected.

66. FFmpeg 'libavformat/4xm.c' Remote Code Execution Vulnerability
BugTraq ID: 33502
Remote: Yes
Last Updated: 2009-02-18
Relevant URL: http://www.securityfocus.com/bid/33502
Summary:
FFmpeg is prone to a remote code-execution vulnerability because it fails to adequately validate user-supplied input.

An attacker can exploit this issue to execute arbitrary code in the context of the application. Failed exploit attempts will result in a denial-of-service condition.

Versions prior to FFmpeg trunk revision 16846 are vulnerable.

67. Dovecot ACL Plugin Multiple Security Bypass Vulnerabilities
BugTraq ID: 31587
Remote: Yes
Last Updated: 2009-02-18
Relevant URL: http://www.securityfocus.com/bid/31587
Summary:
Dovecot is prone to multiple security-bypass vulnerabilities affecting the ACL plugin.

Attackers can exploit these issues to bypass certain mailbox restrictions and obtain potentially sensitive data; other attacks are also possible.

These issues affect versions prior to Dovecot 1.1.4.

68. pam-krb5 'KRB5CCNAME' Environment Variable Local Privilege Escalation Vulnerability
BugTraq ID: 33741
Remote: No
Last Updated: 2009-02-18
Relevant URL: http://www.securityfocus.com/bid/33741
Summary:
The 'pam-krb5' library is prone to a local privilege-escalation vulnerability because it fails to properly handle setuid processes.

A local attacker may exploit this to corrupt the credential cache. This may allow the attacker to gain elevated privileges or to create a denial-of-service condition.

Versions prior to pam-krb5 3.13 are vulnerable.

69. pam-krb5 Local Privilege Escalation Vulnerability
BugTraq ID: 33740
Remote: No
Last Updated: 2009-02-18
Relevant URL: http://www.securityfocus.com/bid/33740
Summary:
The 'pam-krb5' library is prone to a local privilege-escalation vulnerability because it fails to properly handle setuid processes.

Local attackers may exploit this issue to gain elevated privileges, which may lead to a complete compromise of the system.

This issue affects pam-krb5 as shipped with Debian, Ubuntu, and Gentoo Linux releases; other versions may also be vulnerable.

70. University of Washington IMAP c-client Remote Format String Vulnerability
BugTraq ID: 33795
Remote: Yes
Last Updated: 2009-02-18
Relevant URL: http://www.securityfocus.com/bid/33795
Summary:
University of Washington IMAP 'c-client' is prone to a remote format-string vulnerability because the software fails to adequately sanitize user-supplied input before passing it as the format-specifier to a formatted-printing function.

Attackers can leverage this issue to execute arbitrary code in the context of applications built with the vulnerable library. Failed attacks will likely cause denial-of-service conditions.

IMAP 2007d is vulnerable; other versions may also be affected.

71. Vivvo 404 Error Page Cross Site Scripting Vulnerability
BugTraq ID: 33582
Remote: Yes
Last Updated: 2009-02-18
Relevant URL: http://www.securityfocus.com/bid/33582
Summary:
Vivvo is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

Versions prior to Vivvo 4.1.1 are vulnerable.

72. GraphicsMagick Multiple Remote Vulnerabilities
BugTraq ID: 29583
Remote: Yes
Last Updated: 2009-02-18
Relevant URL: http://www.securityfocus.com/bid/29583
Summary:
GraphicsMagick is prone to multiple vulnerabilities, including multiple heap-based buffer-overflow issues and denial-of-service issues.

Successfully exploiting these issues will allow an attacker to execute arbitrary code in the context of the affected application and to crash the application.

The vulnerabilities affect versions prior to GraphicsMagick 1.1.14 and 1.2.3.

73. Git Snapshot Generation and Pickaxe Search Arbitrary Command Injection Vulnerability
BugTraq ID: 33355
Remote: Yes
Last Updated: 2009-02-18
Relevant URL: http://www.securityfocus.com/bid/33355
Summary:
Git is prone to a vulnerability that lets attackers inject arbitrary commands. The issue occurs because the software fails to sufficiently sanitize user-supplied input.

An attacker can exploit this issue to execute arbitrary commands in the context of the user running the application.

74. Git gitweb 'diff.external' Local Privilege Escalation Vulnerability
BugTraq ID: 32967
Remote: No
Last Updated: 2009-02-18
Relevant URL: http://www.securityfocus.com/bid/32967
Summary:
Git gitweb is prone to a local privilege-escalation vulnerability.

A local attacker may exploit this issue to gain elevated privileges.

Versions prior to Git 1.5.4.7, 1.5.5.6, 1.5.6.6, and 1.6.0.6 are vulnerable.

75. Git gitweb Unspecified Remote Command Execution Vulnerability
BugTraq ID: 33215
Remote: Yes
Last Updated: 2009-02-18
Relevant URL: http://www.securityfocus.com/bid/33215
Summary:
Git gitweb is prone to a remote command-execution vulnerability.

An attacker may exploit this issue to execute arbitrary commands within the context of the affected application; this may aid in further attacks.

Git 1.5.2.4 and 1.5.6.6 are vulnerable; other versions may also be affected

76. Git Pathname Multiple Buffer Overflow Vulnerabilities
BugTraq ID: 30549
Remote: Yes
Last Updated: 2009-02-18
Relevant URL: http://www.securityfocus.com/bid/30549
Summary:
Git is prone to multiple buffer-overflow vulnerabilities because it fails to perform adequate boundary checks on user-supplied input.

Successfully exploiting these issues may allow remote attackers to execute arbitrary code in the context of the application. Failed exploit attempts will cause denial-of-service conditions.

Git 1.5.6.3 is vulnerable; prior versions may also be affected.

77. Elecard MPEG Player '.m3u' File Remote Stack Buffer Overflow Vulnerability
BugTraq ID: 33089
Remote: Yes
Last Updated: 2009-02-18
Relevant URL: http://www.securityfocus.com/bid/33089
Summary:
Elecard MPEG Player is prone to a remote stack-based buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied input.

Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.

Elecard MPEG Player 5.5 and Elecard AVC HD Player are vulnerable; other versions and applications may also be affected.

78. Adobe Flash Player 'asfunction' Cross Site Scripting Vulnerability
BugTraq ID: 26949
Remote: Yes
Last Updated: 2009-02-18
Relevant URL: http://www.securityfocus.com/bid/26949
Summary:
Adobe Flash Player is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

79. Ubuntu xorg-driver-fglrx 'LD_LIBRARY_PATH' Remote Command Execution Vulnerability
BugTraq ID: 33801
Remote: Yes
Last Updated: 2009-02-18
Relevant URL: http://www.securityfocus.com/bid/33801
Summary:
Ubuntu 'xorg-driver-fglrx' is prone to a remote command-execution vulnerability.

An attacker could exploit this issue by enticing an unsuspecting victim to run an application in a directory containing a malicious library file with a specific name. A successful exploit will allow arbitrary code to run within the privileges of the currently logged-in user.

Ubuntu 8.10 is vulnerable.

80. OpenNMS 'surveillanceView.htm' Cross-Site Scripting Vulnerability
BugTraq ID: 31539
Remote: Yes
Last Updated: 2009-02-18
Relevant URL: http://www.securityfocus.com/bid/31539
Summary:
OpenNMS is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input data.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

OpenNMS 1.5.94 is vulnerable; prior versions may also be affected.

81. SUSE blinux Buffer Overflow Vulnerability
BugTraq ID: 33794
Remote: No
Last Updated: 2009-02-18
Relevant URL: http://www.securityfocus.com/bid/33794
Summary:
The SUSE 'blinux' (sbl) package is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data.

A local attacker can exploit this issue to execute arbitrary code as the affected process, possibly resulting in elevated privileges. Failed exploit attempts are likely to result in denial-of-service conditions.

82. jhead 'DoCommand()' Arbitrary File Deletion Vulnerability
BugTraq ID: 32506
Remote: Yes
Last Updated: 2009-02-18
Relevant URL: http://www.securityfocus.com/bid/32506
Summary:
The 'jhead' tool is prone to a vulnerability that lets attackers delete arbitrary files in the context of the vulnerable application. This may lead to a loss of data or a denial-of-service condition.

This issue affects jhead 2.84 and prior versions.

83. jhead 'DoCommand()' Arbitrary Command Execution Vulnerability
BugTraq ID: 31921
Remote: Yes
Last Updated: 2009-02-18
Relevant URL: http://www.securityfocus.com/bid/31921
Summary:
The 'jhead' tool is prone to a vulnerability that lets attackers execute arbitrary commands in the context of the vulnerable application.

This issue affects jhead 2.84 and prior versions.

84. jhead Versions Prior to 2.84 Multiple Vulnerabilities
BugTraq ID: 31770
Remote: No
Last Updated: 2009-02-18
Relevant URL: http://www.securityfocus.com/bid/31770
Summary:
The 'jhead' tool is prone to multiple vulnerabilities:

- Multiple buffer-overflow vulnerabilities
- An insecure-temporary-file-creation vulnerability
- Multiple unspecified vulnerabilities

Attackers can exploit these issues to execute arbitrary code within the context of the affected application, crash the affected application, perform symbolic-link attacks, and overwrite arbitrary files on the affected computer. Other attacks are also possible.

Versions prior to jhead 2.84 are vulnerable.

85. Multiple Vendor OpenSSL 'DSA_verify' Function Signature Verification Vulnerability
BugTraq ID: 33151
Remote: Yes
Last Updated: 2009-02-18
Relevant URL: http://www.securityfocus.com/bid/33151
Summary:
Multiple vendors' products using OpenSSL are prone to a signature-verification vulnerability.

An attacker would likely leverage this issue by first carrying out a man-in-the-middle attack. The attacker would most likely exploit this issue to conduct phishing attacks or to impersonate legitimate sites. Other attacks are likely possible.

86. Camtasia Studio 'csPreloader' Remote Code Execution Vulnerability
BugTraq ID: 27107
Remote: Yes
Last Updated: 2009-02-18
Relevant URL: http://www.securityfocus.com/bid/27107
Summary:
Camtasia Studio is prone to a remote code-execution vulnerability because the application fails to properly sanitize user-supplied input.

A successful exploit will allow an attacker to compromise the application and the underlying system; other attacks are also possible.

NOTE: This vulnerability was initially considered a cross-site scripting issue, but further analysis reveals that this is a remote code-execution vulnerability.

87. InfoSoft FusionCharts SWF Flash File Remote Code Execution Vulnerability
BugTraq ID: 27109
Remote: Yes
Last Updated: 2009-02-18
Relevant URL: http://www.securityfocus.com/bid/27109
Summary:
InfoSoft FusionCharts is prone to a remote code-execution vulnerability because the application fails to properly sanitize user-supplied input.

An attacker can exploit this issue to execute malicious script code in the context of the webserver process. This may allow the attacker to compromise the application and the underlying system; other attacks are also possible.

88. Windows Live Messenger Charset Data Remote Denial Of Service Vulnerability
BugTraq ID: 33825
Remote: Yes
Last Updated: 2009-02-18
Relevant URL: http://www.securityfocus.com/bid/33825
Summary:
Windows Live Messenger is prone to a remote denial-of-service vulnerability.

An attacker can exploit this issue to crash the affected application, denying service to legitimate users.

Windows Live Messenger 2009 14.0.8064.206 is vulnerable; other versions may also be affected.

89. Linux Kernel 64 Bit ABI System Call Parameter Privilege Escalation Vulnerability
BugTraq ID: 33275
Remote: No
Last Updated: 2009-02-18
Relevant URL: http://www.securityfocus.com/bid/33275
Summary:
The Linux Kernel is prone to a local privilege-escalation vulnerability.

A local attacker may be able to exploit this issue to read or write to unintended address spaces. This may result in denial-of-service conditions, the disclosure of sensitive information, or privilege escalation.

This issue affects versions prior to Linux 2.6.28.6 on some 64-bit architectures, including s390, PowerPC, SPARC64, and MIPS. Additional architectures may also be affected.

90. xine-lib OGG Processing Remote Denial of Service Vulnerability
BugTraq ID: 30699
Remote: Yes
Last Updated: 2009-02-18
Relevant URL: http://www.securityfocus.com/bid/30699
Summary:
The 'xine-lib' library is prone to a remote denial-of-service vulnerability.

An attacker can exploit this issue to crash the affected application, denying service to legitimate users.

Versions prior to 'xine-lib' 1.1.15 are affected.

91. xine-lib 1.1.14 Multiple Remote Buffer Overflow Vulnerabilities
BugTraq ID: 30698
Remote: Yes
Last Updated: 2009-02-18
Relevant URL: http://www.securityfocus.com/bid/30698
Summary:
The 'xine-lib' library is prone to multiple remote buffer-overflow vulnerabilities because it fails to perform adequate boundary checks on user-supplied input.

Attackers can exploit these issues to execute arbitrary code in the context of applications that use the library. Failed attacks will cause denial-of-service conditions.

Versions prior to 'xine-lib' 1.1.15 are affected.

92. xine-lib MP3 Processing Remote Denial of Service Vulnerability
BugTraq ID: 32505
Remote: Yes
Last Updated: 2009-02-18
Relevant URL: http://www.securityfocus.com/bid/32505
Summary:
The 'xine-lib' library is prone to a remote denial-of-service vulnerability.

An attacker can exploit this issue to crash the affected application, denying service to legitimate users.

Versions prior to 'xine-lib' 1.1.15 are affected.

93. xine-lib 1.1.15 and Prior Multiple Remote Vulnerabilities
BugTraq ID: 30797
Remote: Yes
Last Updated: 2009-02-18
Relevant URL: http://www.securityfocus.com/bid/30797
Summary:
The 'xine-lib' library is prone to multiple remote vulnerabilities:

1. Eight heap-based buffer-overflow vulnerabilities
2. Seven denial-of-service vulnerabilities

Attackers can exploit these issues to execute arbitrary code in the context of applications that use the library or cause a denial-of-service condition.

These issues affect xine-lib 1.1.15 and prior versions.

94. Apache 'mod_proxy_ftp' Wildcard Characters Cross-Site Scripting Vulnerability
BugTraq ID: 30560
Remote: Yes
Last Updated: 2009-02-18
Relevant URL: http://www.securityfocus.com/bid/30560
Summary:
The Apache 'mod_proxy_ftp' module is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

This issue is reported to affect Apache 2.0.63 and 2.2.9; other versions may also be affected.

95. Apache 'mod_proxy_http' Interim Response Denial of Service Vulnerability
BugTraq ID: 29653
Remote: Yes
Last Updated: 2009-02-18
Relevant URL: http://www.securityfocus.com/bid/29653
Summary:
The Apache 'mod_proxy_http' module is prone to a denial-of-service vulnerability that affects the processing of interim responses.

Attackers may exploit this issue to cause denial-of-service conditions.

Reportedly, the issue affects Apache 2.2.8 and 2.0.63; other versions may also be affected.

96. Apache Tomcat 'HttpServletResponse.sendError()' Cross Site Scripting Vulnerability
BugTraq ID: 30496
Remote: Yes
Last Updated: 2009-02-18
Relevant URL: http://www.securityfocus.com/bid/30496
Summary:
Apache Tomcat is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

The issue affects the following versions:

Tomcat 4.1.0 to 4.1.37
Tomcat 5.5.0 to 5.5.26
Tomcat 6.0.0 to 6.0.16

97. Apache Tomcat Cookie Quote Handling Remote Information Disclosure Vulnerability
BugTraq ID: 27706
Remote: Yes
Last Updated: 2009-02-18
Relevant URL: http://www.securityfocus.com/bid/27706
Summary:
Apache Tomcat is prone to an information-disclosure vulnerability because it fails to adequately sanitize user-supplied data.

Attackers can exploit this issue to access potentially sensitive data that may aid in further attacks.

Versions prior to Apache Tomcat 6.0.16 and 5.5.26 are vulnerable.

NOTE: This vulnerability is caused by an incomplete fix for BID 25316 - Apache Tomcat Multiple Remote Information Disclosure Vulnerabilities (CVE-2007-3385).

98. Joomla! and Mambo JoomRadio Component 'id' Parameter SQL Injection Vulnerability
BugTraq ID: 29504
Remote: Yes
Last Updated: 2009-02-18
Relevant URL: http://www.securityfocus.com/bid/29504
Summary:
The JoomRadio component for Joomla! and Mambo is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

99. Apache Tomcat Information Disclosure Vulnerability
BugTraq ID: 19106
Remote: Yes
Last Updated: 2009-02-18
Relevant URL: http://www.securityfocus.com/bid/19106
Summary:
Apache Tomcat is prone to an information-disclosure vulnerability because it fails to properly sanitize user-supplied input.

An attacker can exploit this issue to reveal a complete directory listing from any directory. Information obtained may aid in further attacks. Reports indicate that this issue may also allow attackers to obtain the source code of script files.

Apache Tomcat 5.028, 5.5.23, 5.5.9, and 5.5.7 are vulnerable to this issue; other versions may also be affected.

Novell GroupWise Mobile Server 1.0 or other versions bundled with Nokia Intellisync Mobile Suite 6.4.31.2, 6.6.0.107, and 6.6.2.2 ship with an affected version of Tomcat and are vulnerable as well.

100. Apache Tomcat Host Manager Servlet Cross Site Scripting Vulnerability
BugTraq ID: 25314
Remote: Yes
Last Updated: 2009-02-18
Relevant URL: http://www.securityfocus.com/bid/25314
Summary:
Apache Tomcat Host Manager Servlet is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

An attacker can exploit this vulnerability to inject HTML and script code into the browser of an unsuspecting victim. The attacker may then steal cookie-based authentication credentials and launch other attacks.

Apache Tomcat 5.5.0 through 5.5.24 and 6.0.0 through 6.0.13 are affected.

III. SECURITYFOCUS NEWS ARTICLES
--------------------------------
1. Advisor: U.S. needs policy to defend cyberspace
By: Robert Lemos
An Obama transition-team member argues that any future cyber policy needs to deal with the role of the intelligence community, the militarization of cyberspace and designating a lead disaster agency.
http://www.securityfocus.com/news/11547

2. Cabal forms to fight Conficker, offers bounty
By: Robert Lemos
Microsoft offers $250,000 for information leading to the arrest of the author and, along with security firms and Internet service providers, pledges to work to prevent the prolific worm from spreading further.
http://www.securityfocus.com/news/11546

3. Group releases list to kill most-dangerous bugs
By: Robert Lemos
Software makers, security vendors, and government agencies team up to create a list of the 25 most severe software issues, aiming to get developers to stop making mistakes.
http://www.securityfocus.com/news/11542

4. Group attacks flaw in browser crypto security
By: Robert Lemos
A group of researchers warns browser makers and certificate authorities to drop support for MD5 digital signatures, after successfully creating a fake, but valid, certificate.
http://www.securityfocus.com/news/11541

IV. SECURITY JOBS LIST SUMMARY
-------------------------------
V. INCIDENTS LIST SUMMARY
---------------------------
VI. VULN-DEV RESEARCH LIST SUMMARY
-----------------------------------
VII. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
VIII. SUN FOCUS LIST SUMMARY
----------------------------
IX. LINUX FOCUS LIST SUMMARY
----------------------------
1. CanSecWest 2009 Speakers and Dojo courses (Mar 14-20)
http://www.securityfocus.com/archive/91/500979

2. DEFCON 17 CFP now open
http://www.securityfocus.com/archive/91/500978

X. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to sf-news-unsubscribe (at) securityfocus (dot) com [email concealed] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin (at) securityfocus (dot) com [email concealed] and ask to be manually removed.

XI. SPONSOR INFORMATION
------------------------
This issue is sponsored by Purewire

NEW! White Paper: "Hackers Announce Open Season on Web 2.0 Users and Browsers"

Learn how hackers are exploiting your employees Web surfing to gain entry into your network. Drive-by Downloads, Click Jacking, AJAX, XSS and Browser vulns are just some of the nasty attack methods hackers are coming up with and it's no longer good enough to block known bad URL's. Download this white paper now to mitigate your online security risks.

http://www.purewire.com/lp/sec/

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus