SecurityFocus News
SecurityFocus Newsletter #502 May 07 2009 11:01PM
sfa securityfocus com
SecurityFocus Newsletter #502
----------------------------------------

This issue is sponsored by Thawte

Extended Validation SSL Certificates: Inspire Trust, Improve Confidence and Increase Sales

Extended Validation SSL delivers the acknowledged industry standard for the highest level of online identity assurance processes for SSL certificate issuance. Find out how the EV standard increases the visibility of authentication status through the use of a green address bar in the latest high security web browsers.

http://www.dinclinx.com/Redirect.aspx?36;5004;25;1371;0;3;946;54442f0f21
4c470a

SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1. A Botnet by Any Other Name
2. Projecting Borders into Cyberspace
II. BUGTRAQ SUMMARY
1. Linux Kernel Cloned Process 'CLONE_PARENT' Local Origin Validation Weakness
2. Linux Kernel 'keyctl_join_session_keyring()' Denial of Service Vulnerability
3. Bmxplay 'BMX' File Remote Buffer Overflow Vulnerability
4. Million Dollar Text Links Administrative Interface Authentication Bypass Vulnerability
5. EW-MusicPlayer '.m3u' File Remote Stack Buffer Overflow Vulnerability
6. Openfire jabber:iq:auth 'passwd_change' Remote Password Change Vulnerability
7. Cscope Multiple Stack Based Buffer Overflow Vulnerabilities
8. pecio cms 'index.php' Local File Include Vulnerability
9. Memcached and MemcacheDB ASLR Information Disclosure Weakness
10. iPassConnect Local Privilege Escalation Vulnerability
11. Jetty Cross Site Scripting and Information Disclosure Vulnerabilities
12. pam_ssh Existing/Non-Existing Username Enumeration Weakness
13. Mercury Audio Player 'm3u/b4s/pls' File Multiple Remote Stack Buffer Overflow Vulnerabilities
14. BaoFeng Storm ActiveX Control 'OnBeforeVideoDownload()' Buffer Overflow Vulnerability
15. Linux Kernel 'ecryptfs_write_metadata_to_contents()' Information Disclosure Vulnerability
16. LibTIFF Multiple Buffer Overflow Vulnerabilities
17. LibTIFF Heap Corruption Integer Overflow Vulnerabilities
18. ClamAV 'clamav-milter' Initscript File Permission Vulnerability
19. IPsec-Tools Prior to 0.7.2 Multiple Remote Denial Of Service Vulnerabilities
20. PHP 'mbstring.func_overload' Webserver Denial Of Service Vulnerability
21. PHP 5.2.8 and Prior Versions Multiple Vulnerabilities
22. PHP 'mbstring' Extension Buffer Overflow Vulnerability
23. PHP SAPI 'php_getuid()' Safe Mode Restriction-Bypass Vulnerability
24. PHP ZipArchive::extractTo() '.zip' Files Directory Traversal Vulnerability
25. PHP 5.2.5 and Prior Versions Multiple Vulnerabilities
26. eLitius Arbitrary File Upload and Authentication Bypass Vulnerabilities
27. Linux Kernel 'parisc_show_stack()' Local Denial of Service Vulnerability
28. Linux Kernel Frame Size Integer Overflow Remote Information Disclosure Vulnerability
29. Linux Kernel 'NFS filename' Local Denial of Service Vulnerability
30. Linux Kernel 'FWD-TSN' Chunk Remote Buffer Overflow Vulnerability
31. Linux Kernel 'ib700wdt.c' Buffer Underflow Vulnerability
32. Linux Kernel 'locks_remove_flock()' Local Race Condition Vulnerability
33. Linux Kernel '/ipc/shm.c' Local Denial of Service Vulnerability
34. Linux Kernel Audit System 'audit_syscall_entry()' System Call Security Bypass Vulnerability
35. Linux Kernel MIPS Untrusted User Application Local Denial of Service Vulnerability
36. Linux Kernel CIFS Remote Buffer Overflow Vulnerability
37. Linux Kernel 'exit_notify()' CAP_KILL Verification Local Privilege Escalation Vulnerability
38. Linux Kernel 64 Bit ABI System Call Parameter Privilege Escalation Vulnerability
39. Linux Kernel 'qdisc_run()' Local Denial of Service Vulnerability
40. Linux Kernel 'drivers/char/agp/generic.c' Local Information Disclosure Vulnerability
41. ldns 'rr.c' Remote Buffer Overflow Vulnerability
42. acpid Local Denial of Service Vulnerability
43. Mozilla Firefox/Thunderbird/SeaMonkey MFSA 2009 -14 through -22 Multiple Remote Vulnerabilities
44. Mozilla Firefox 'nsTextFrame::ClearTextRun()' Remote Memory Corruption Vulnerability
45. FreePBX Multiple Cross Site Scripting and Information Disclosure Vulnerabilities
46. Cscope 'find.c' Stack Based Buffer Overflow Vulnerability
47. SilverStripe 'AjaxUniqueTextField' Parameter SQL Injection Vulnerability
48. ReVou 'adminlogin/password.php' Remote Password Change Vulnerability
49. Multiple F-Secure Products RAR/ZIP Files Scan Evasion Vulnerability
50. FunGamez Local File Include and SQL Injection Vulnerabilities
51. Flatchat 'pmscript.php' Local File Include Vulnerability
52. Sun Solaris DTrace Handler IOCTL Request Multiple Local Denial of Service Vulnerabilities
53. Coccinelle Insecure Temporary File Creation Vulnerability
54. SMA-DB Cross Site Scripting and Remote File Include Vulnerabilities
55. FreeType Multiple Integer Overflow Vulnerabilities
56. libwmf WMF Image File Remote Code Execution Vulnerability
57. Drupal HTML Injection and Information Disclosure Vulnerabilities
58. CUPS and Xpdf JBIG2 Symbol Dictionary Processing Heap Buffer Overflow Vulnerability
59. CUPS Insufficient 'Host' Header Validation Weakness
60. SunGard Banner Student 'twbkwbis.P_SecurityQuestion' HTML Injection Vulnerability
61. MIT Kerberos 'asn1_decode_generaltime()' Uninitialized Pointer Memory Corruption Vulnerability
62. Google Chrome 'chromehtml:' Protocol Handler Same Origin Policy Bypass Vulnerability
63. Nucleus Kernel Recovery for Mac and Novell Multiple Buffer Overflow Vulnerabilities
64. VerliAdmin 'index.php' Multiple Cross-Site Scripting Vulnerabilities
65. LinkBase Users Menu HTML Injection Vulnerability
66. 32bit FTP 'CWD' Response Remote Buffer Overflow Vulnerability
67. Cisco Subscriber Edge Services Manager Cross Site Scripting And HTML Injection Vulnerabilities
68. Almond Classifieds for Joomla! 'id' Parameter SQL Injection Vulnerability
69. TemaTres SQL Injection and Cross Site Scripting Vulnerabilities
70. Xpdf JBIG2 Processing Multiple Security Vulnerabilities
71. CUPS '_cupsImageReadTIFF()' Integer Overflow Vulnerability
72. xvfb-run Insecure Magic Cookie Local Information Disclosure Vulnerability
73. Woodstock 404 Error Page Cross Site Scripting Vulnerability
74. 32bit FTP 'banner' Remote Buffer Overflow Vulnerability
75. GlassFish Enterprise Server Multiple Cross Site Scripting Vulnerabilities
76. Grabit 'NZB' File Remote Stack Buffer Overflow Vulnerability
77. IceWarp Merak Mail Server 'item.php' Cross-Site Scripting Vulnerability
78. IceWarp Merak Mail Server 'Forgot Password' Input Validation Vulnerability
79. IceWarp Merak Mail Server 'cleanHTML()' Function Cross-Site Scripting Vulnerability
80. IceWarp Merak Mail Server Groupware Component Multiple SQL Injection Vulnerabilities
81. Mitel NuPoint Messenger Authentication Credentials Information Disclosure Vulnerability
82. MoinMoin 'AttachFile.py' Multiple Cross Site Scripting Vulnerabilities
83. Nagios External Commands and Adaptive Commands Unspecified Vulnerability
84. Nagios Web Interface Privilege Escalation Vulnerability
85. Adobe Flash Player Unspecified Remote Denial of Service Vulnerability
86. Adobe Flash Player Invalid Object Reference Remote Code Execution Vulnerability
87. Verlihub Control Panel Multiple Cross-Site Scripting Vulnerabilities
88. Kayako SupportSuite Ticket Notes HTML Injection Vulnerability
89. Sorinara Streaming Audio Player '.m3u' File Remote Stack Buffer Overflow Vulnerability
90. Sun Glassfish 'name' Parameter Cross Site Scripting Vulnerability
91. schroot '/tmp/shm' Local Denial of Service Vulnerability
92. MyBB 1.4.5 Multiple Security Vulnerabilities
93. ProjectCMS Multiple Input Validation Vulnerabilities
94. Quagga Autonomous System Number Remote Denial Of Service Vulnerability
95. aMule 'wxExecute()' Arbitrary Command Execution Vulnerability
96. CoolPlayer M3U File Buffer Overflow Vulnerability
97. CoolPlayer Skin File Buffer Overflow Vulnerability
98. Quick 'n Easy Mail Server SMTP Request Remote Denial Of Service Vulnerability
99. AGTC MyShop Insecure Cookie Authentication Bypass Vulnerability
100. BluSky CMS 'index.php' SQL Injection Vulnerability
III. SECURITYFOCUS NEWS
1. Browsers bashed first in hacking contest
2. Experts: U.S. needs to defend its "cyber turf"
3. Advisor: U.S. needs policy to defend cyberspace
4. Cabal forms to fight Conficker, offers bounty
IV. SECURITY JOBS LIST SUMMARY
V. INCIDENTS LIST SUMMARY
1. EUSecWest 2009 (May27/28) London Agenda and PacSec 2009 (Nov 4/5) Tokyo CFP deadline: June 1 2009
VI. VULN-DEV RESEARCH LIST SUMMARY
VII. MICROSOFT FOCUS LIST SUMMARY
1. SecurityFocus Microsoft Newsletter #442
VIII. SUN FOCUS LIST SUMMARY
IX. LINUX FOCUS LIST SUMMARY
1. EUSecWest 2009 (May27/28) London Agenda and PacSec 2009 (Nov 4/5) Tokyo CFP deadline: June 1 2009
X. UNSUBSCRIBE INSTRUCTIONS
XI. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1. A Botnet by Any Other Name
By Gubter Ollmann
The news has been awash the last few weeks with fears over globe-spanning botnets and their criminal intent: Conficker managed to hog the limelight for well over a month, and then came Finjan's disclosure of a previously unknown - and currently unnamed - botnet consisting of some 1.9 million malicious agents.
http://www.securityfocus.com/columnists/501

2. Projecting Borders into Cyberspace
By Jeffrey Carr
Two recent stories of significant cyber attacks come close to blaming the Chinese for the intrusions but stop short.
http://www.securityfocus.com/columnists/500

II. BUGTRAQ SUMMARY
--------------------
1. Linux Kernel Cloned Process 'CLONE_PARENT' Local Origin Validation Weakness
BugTraq ID: 33906
Remote: No
Last Updated: 2009-05-07
Relevant URL: http://www.securityfocus.com/bid/33906
Summary:
The Linux kernel is prone to an origin-validation weakness when dealing with signal handling.

This weakness occurs when a privileged process calls attacker-supplied processes as children. Attackers may exploit this to send arbitrary signals to the privileged parent process.

A local attacker may exploit this issue to kill vulnerable processes, resulting in a denial-of-service condition. In some cases, other attacks may also be possible.

Linux kernel 2.6.28 is vulnerable; other versions may also be affected.

2. Linux Kernel 'keyctl_join_session_keyring()' Denial of Service Vulnerability
BugTraq ID: 33339
Remote: No
Last Updated: 2009-05-07
Relevant URL: http://www.securityfocus.com/bid/33339
Summary:
The Linux kernel is prone to a denial-of-service vulnerability because it fails to manage memory in a proper manner.

Attackers can exploit this issue to cause a crash by exhausting memory resources.

This issue affects Linux kernel 2.6.x.

3. Bmxplay 'BMX' File Remote Buffer Overflow Vulnerability
BugTraq ID: 34810
Remote: Yes
Last Updated: 2009-05-05
Relevant URL: http://www.securityfocus.com/bid/34810
Summary:
Bmxplay is prone to a remote buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied input.

Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.

Bmxplay 0.4 is vulnerable; other versions may also be affected.

4. Million Dollar Text Links Administrative Interface Authentication Bypass Vulnerability
BugTraq ID: 34809
Remote: Yes
Last Updated: 2009-05-05
Relevant URL: http://www.securityfocus.com/bid/34809
Summary:
Million Dollar Text Links is prone to an authentication-bypass vulnerability.

Attackers can exploit this issue to obtain sensitive information or to gain administrative access to the affected application. Other attacks are possible.

Million Dollar Text Links 1.0 is vulnerable; other versions may also be affected.

5. EW-MusicPlayer '.m3u' File Remote Stack Buffer Overflow Vulnerability
BugTraq ID: 34806
Remote: Yes
Last Updated: 2009-05-05
Relevant URL: http://www.securityfocus.com/bid/34806
Summary:
EW-MusicPlayer is prone to a remote stack-based buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied input.

Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.

EW-MusicPlayer 0.8 is vulnerable; other versions may also be affected.

6. Openfire jabber:iq:auth 'passwd_change' Remote Password Change Vulnerability
BugTraq ID: 34804
Remote: Yes
Last Updated: 2009-05-05
Relevant URL: http://www.securityfocus.com/bid/34804
Summary:
Openfire is prone to a vulnerability that can permit an attacker to change the password of arbitrary users.

Exploiting this issue can allow the attacker to gain unauthorized access to the affected application and to completely compromise victims' accounts.

Versions prior to Openfire 3.6.4 are vulnerable.

7. Cscope Multiple Stack Based Buffer Overflow Vulnerabilities
BugTraq ID: 34805
Remote: Yes
Last Updated: 2009-05-05
Relevant URL: http://www.securityfocus.com/bid/34805
Summary:
Cscope is prone to multiple stack-based buffer-overflow vulnerabilities because the application fails to perform adequate boundary checks on user-supplied input.

Attackers may leverage these issues to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.

Versions prior to Cscope 15.7a are vulnerable.

8. pecio cms 'index.php' Local File Include Vulnerability
BugTraq ID: 34802
Remote: Yes
Last Updated: 2009-05-05
Relevant URL: http://www.securityfocus.com/bid/34802
Summary:
The 'pecio cms' program is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.

An attacker can exploit this vulnerability to view files and execute local scripts in the context of the webserver process. This may aid in further attacks.

This issue affects pecio cms 1.1.5; other versions may also be affected.

9. Memcached and MemcacheDB ASLR Information Disclosure Weakness
BugTraq ID: 34756
Remote: Yes
Last Updated: 2009-05-05
Relevant URL: http://www.securityfocus.com/bid/34756
Summary:
Memcached and MemcacheDB are prone to an information-disclosure weakness that may aid attackers in bypassing Address Space Layout Randomization (ASLR) protections.

Attackers can exploit this weakness to gain access to sensitive information such as stack, heap, and shared-library memory locations. Information obtained may aid in other attacks.

memcached v1.2.7 and MemcacheDB v1.2.0 are vulnerable.

10. iPassConnect Local Privilege Escalation Vulnerability
BugTraq ID: 34801
Remote: No
Last Updated: 2009-05-05
Relevant URL: http://www.securityfocus.com/bid/34801
Summary:
iPassConnect is prone to a local privilege-escalation vulnerability.

Attackers can exploit this issue to execute arbitrary programs with the privileges of another user.

iPassConnect 3.51, 3.60, and 3.66 are vulnerable. Other versions may also be affected.

11. Jetty Cross Site Scripting and Information Disclosure Vulnerabilities
BugTraq ID: 34800
Remote: Yes
Last Updated: 2009-05-05
Relevant URL: http://www.securityfocus.com/bid/34800
Summary:
Jetty is prone to a cross-site scripting vulnerability and an information-disclosure vulnerability.

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, and obtain sensitive information.

Jetty 6.1.16 and prior versions are affected.

12. pam_ssh Existing/Non-Existing Username Enumeration Weakness
BugTraq ID: 34333
Remote: Yes
Last Updated: 2009-05-05
Relevant URL: http://www.securityfocus.com/bid/34333
Summary:
The 'pam_ssh' module is prone to a username-enumeration weakness because it displays different responses to login attempts, depending on whether or not the username exists.

Attackers may exploit this weakness to discern valid usernames. This may aid them in brute-force password cracking or other attacks.

This issue affects pam_ssh 1.92; other versions may also be affected.

13. Mercury Audio Player 'm3u/b4s/pls' File Multiple Remote Stack Buffer Overflow Vulnerabilities
BugTraq ID: 34788
Remote: Yes
Last Updated: 2009-05-05
Relevant URL: http://www.securityfocus.com/bid/34788
Summary:
Mercury Audio Player is prone to multiple remote stack-based buffer-overflow vulnerabilities because the application fails to perform adequate boundary checks on user-supplied input.

Attackers may leverage these issues to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.

Mercury Audio Player 1.21 is vulnerable; other versions may also be affected.

14. BaoFeng Storm ActiveX Control 'OnBeforeVideoDownload()' Buffer Overflow Vulnerability
BugTraq ID: 34789
Remote: Yes
Last Updated: 2009-05-05
Relevant URL: http://www.securityfocus.com/bid/34789
Summary:
BaoFeng Storm ActiveX control is prone to a buffer-overflow vulnerability because the application fails to adequately check boundaries on user-supplied input.

An attacker can exploit this issue to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed attacks will likely cause denial-of-service conditions.

15. Linux Kernel 'ecryptfs_write_metadata_to_contents()' Information Disclosure Vulnerability
BugTraq ID: 34216
Remote: No
Last Updated: 2009-05-05
Relevant URL: http://www.securityfocus.com/bid/34216
Summary:
The Linux Kernel is prone to an information-disclosure vulnerability because it fails to properly initialize certain memory before using it in a user-accessible operation.

Successful exploits will allow attackers to view portions of kernel memory. Information harvested may be used in further attacks.

The Linux Kernel 2.6.28 through 2.6.28.8 are vulnerable.

16. LibTIFF Multiple Buffer Overflow Vulnerabilities
BugTraq ID: 11406
Remote: Yes
Last Updated: 2009-05-05
Relevant URL: http://www.securityfocus.com/bid/11406
Summary:
LibTIFF is affected by multiple buffer-overflow vulnerabilities because the software fails to properly perform boundary checks before copying user-supplied strings into finite process buffers.

An attacker may leverage these issues to execute arbitrary code on a vulnerable computer with the privileges of the user running a vulnerable application, facilitating unauthorized access. The attacker may also leverage these issues to crash the affected application.

17. LibTIFF Heap Corruption Integer Overflow Vulnerabilities
BugTraq ID: 12075
Remote: Yes
Last Updated: 2009-05-05
Relevant URL: http://www.securityfocus.com/bid/12075
Summary:
LibTIFF is affected by two heap-corruption vulnerabilities caused by integer-overflow errors that can be triggered when handling malicious or malformed image files. An attacker could exploit the vulnerabilities to execute arbitrary code when TIFF image data is processed (i.e. displayed). The code would run in the context of an application linked to the library. Since image data is often external in origin, these vulnerabilities are remotely exploitable.

18. ClamAV 'clamav-milter' Initscript File Permission Vulnerability
BugTraq ID: 34818
Remote: No
Last Updated: 2009-05-05
Relevant URL: http://www.securityfocus.com/bid/34818
Summary:
ClamAV is prone to a file-permission security issue.

An attacker can exploit this issue to modify files in certain directories, which could affect system integrity and lead to other attacks.

ClamAV 0.95.1 is vulnerable; other versions may also be affected.

19. IPsec-Tools Prior to 0.7.2 Multiple Remote Denial Of Service Vulnerabilities
BugTraq ID: 34765
Remote: Yes
Last Updated: 2009-05-05
Relevant URL: http://www.securityfocus.com/bid/34765
Summary:
IPsec-Tools is affected by multiple remote denial-of-service vulnerabilities because the software fails to properly handle certain network packets.

A successful attack allows a remote attacker to cause the application to crash or to consume excessive memory, denying further service to legitimate users.

Versions prior to IPsec-Tools 0.7.2 are vulnerable.

20. PHP 'mbstring.func_overload' Webserver Denial Of Service Vulnerability
BugTraq ID: 33542
Remote: Yes
Last Updated: 2009-05-05
Relevant URL: http://www.securityfocus.com/bid/33542
Summary:
PHP is prone to a denial-of-service vulnerability because it fails to limit global scope for certain settings relating to Unicode text operations.

Attackers can exploit this issue to crash the affected webserver, denying service to legitimate users.

21. PHP 5.2.8 and Prior Versions Multiple Vulnerabilities
BugTraq ID: 33927
Remote: Yes
Last Updated: 2009-05-05
Relevant URL: http://www.securityfocus.com/bid/33927
Summary:
PHP is prone to multiple security vulnerabilities. Successful exploits could allow an attacker to cause a denial-of-service condition. An unspecified issue with an unknown impact was also reported.

These issues affect PHP 5.2.8 and prior versions.

22. PHP 'mbstring' Extension Buffer Overflow Vulnerability
BugTraq ID: 32948
Remote: Yes
Last Updated: 2009-05-05
Relevant URL: http://www.securityfocus.com/bid/32948
Summary:
PHP is prone to a buffer-overflow vulnerability because it fails to perform boundary checks before copying user-supplied data to insufficiently sized memory buffers. The issue affects the 'mbstring' extension included in the standard distribution.

An attacker can exploit this issue to execute arbitrary machine code in the context of the affected webserver. Failed exploit attempts will likely crash the webserver, denying service to legitimate users.

PHP 4.3.0 through 5.2.6 are vulnerable.

23. PHP SAPI 'php_getuid()' Safe Mode Restriction-Bypass Vulnerability
BugTraq ID: 32688
Remote: No
Last Updated: 2009-05-05
Relevant URL: http://www.securityfocus.com/bid/32688
Summary:
PHP is prone to a 'safe_mode' restriction-bypass vulnerability. Successful exploits could allow an attacker to bypass some safe-mode restrictions.

This vulnerability would be an issue in shared-hosting configurations where multiple users can create and execute arbitrary PHP script code, with the 'safe_mode' restrictions assumed to isolate the users from each other.

Versions prior to PHP 5.2.8 are vulnerable.

24. PHP ZipArchive::extractTo() '.zip' Files Directory Traversal Vulnerability
BugTraq ID: 32625
Remote: Yes
Last Updated: 2009-05-05
Relevant URL: http://www.securityfocus.com/bid/32625
Summary:
PHP is prone to a directory-traversal vulnerability because the application fails to adequately sanitize user-supplied input.

A successful attack may allow an attacker to create or overwrite arbitrary files on the system. This may allow arbitrary script code to run in the context of the webserver.

PHP 5.2.6 and prior versions are vulnerable.

25. PHP 5.2.5 and Prior Versions Multiple Vulnerabilities
BugTraq ID: 29009
Remote: Yes
Last Updated: 2009-05-05
Relevant URL: http://www.securityfocus.com/bid/29009
Summary:
PHP 5.2.5 and prior versions are prone to multiple security vulnerabilities.

Successful exploits could allow an attacker to bypass security restrictions, cause a denial-of-service condition, and potentially execute code.

These issues are reported to affect PHP 5.2.5 and prior versions.

26. eLitius Arbitrary File Upload and Authentication Bypass Vulnerabilities
BugTraq ID: 34813
Remote: Yes
Last Updated: 2009-05-05
Relevant URL: http://www.securityfocus.com/bid/34813
Summary:
eLitius is prone to a vulnerability that lets remote attackers upload and execute arbitrary code because it fails to properly sanitize user-supplied files. The application is also prone to an authentication-bypass vulnerability.

An attacker can leverage these issues to execute arbitrary code on an affected computer with the privileges of the webserver process or to perform administrative actions without proper authentication.

eLitius 1.0 is vulnerable; other versions may also be affected.

27. Linux Kernel 'parisc_show_stack()' Local Denial of Service Vulnerability
BugTraq ID: 32636
Remote: No
Last Updated: 2009-05-07
Relevant URL: http://www.securityfocus.com/bid/32636
Summary:
The Linux kernel is prone to a local denial-of-service vulnerability.

Local attackers can exploit this issue to crash the affected computer, denying service to legitimate users.

Versions prior to Linux kernel 2.6.28-rc7 are vulnerable.

Note that this issue applies to PA-RISC 32-bit and 64-bit architectures.

28. Linux Kernel Frame Size Integer Overflow Remote Information Disclosure Vulnerability
BugTraq ID: 34654
Remote: Yes
Last Updated: 2009-05-07
Relevant URL: http://www.securityfocus.com/bid/34654
Summary:
The Linux Kernel is prone to a remote information-disclosure vulnerability.

Remote attackers can exploit this issue to obtain sensitive information that may lead to further attacks.

Versions prior to Linux Kernel 2.6.30-rc1 are vulnerable.

29. Linux Kernel 'NFS filename' Local Denial of Service Vulnerability
BugTraq ID: 34390
Remote: No
Last Updated: 2009-05-07
Relevant URL: http://www.securityfocus.com/bid/34390
Summary:
The Linux kernel is prone to a local denial-of-service vulnerability.

Attackers can exploit this issue to trigger a kernel oops, resulting in a denial-of-service condition.

30. Linux Kernel 'FWD-TSN' Chunk Remote Buffer Overflow Vulnerability
BugTraq ID: 33113
Remote: Yes
Last Updated: 2009-05-07
Relevant URL: http://www.securityfocus.com/bid/33113
Summary:
The Linux Kernel is prone to a remote buffer-overflow vulnerability because the software fails to perform adequate boundary checks on user-supplied data.

An attacker can exploit this issue to execute arbitrary code with kernel-level privileges. Successfully exploiting this issue will result in the complete compromise of affected computers. Failed exploit attempts will result in a denial-of-service condition.

The issue affects Linux Kernel 2.6.28; other versions may also be vulnerable.

31. Linux Kernel 'ib700wdt.c' Buffer Underflow Vulnerability
BugTraq ID: 33003
Remote: No
Last Updated: 2009-05-07
Relevant URL: http://www.securityfocus.com/bid/33003
Summary:
The Linux kernel is prone to a buffer-underflow vulnerability because it fails to perform adequate boundary checks on user-supplied data.

A local attacker can exploit this issue to execute arbitrary code with kernel-level privileges or crash the affected computer, denying service to legitimate users.

Versions prior to Linux kernel 2.6.28-rc1 are vulnerable.

32. Linux Kernel 'locks_remove_flock()' Local Race Condition Vulnerability
BugTraq ID: 33237
Remote: No
Last Updated: 2009-05-07
Relevant URL: http://www.securityfocus.com/bid/33237
Summary:
The Linux kernel is prone to a local race-condition vulnerability because it fails to properly handle POSIX locks.

A local attacker may exploit this issue to crash the computer or gain elevated privileges.

33. Linux Kernel '/ipc/shm.c' Local Denial of Service Vulnerability
BugTraq ID: 34020
Remote: No
Last Updated: 2009-05-07
Relevant URL: http://www.securityfocus.com/bid/34020
Summary:
The Linux kernel is prone to a local denial-of-service vulnerability.

Attackers can exploit this issue to cause the Linux kernel to lock up, resulting in a denial-of-service condition.

Versions prior to Linux kernel 2.6.28.5 are vulnerable.

34. Linux Kernel Audit System 'audit_syscall_entry()' System Call Security Bypass Vulnerability
BugTraq ID: 33951
Remote: No
Last Updated: 2009-05-07
Relevant URL: http://www.securityfocus.com/bid/33951
Summary:
The Linux kernel is prone to a local security-bypass vulnerability.

A local attacker may be able to exploit this issue to bypass audit mechanisms imposed on system calls. This may allow malicious behavior to escape notice.

35. Linux Kernel MIPS Untrusted User Application Local Denial of Service Vulnerability
BugTraq ID: 32716
Remote: No
Last Updated: 2009-05-07
Relevant URL: http://www.securityfocus.com/bid/32716
Summary:
The Linux kernel is prone to a local denial-of-service vulnerability affecting 64-bit MIPS architectures.

Attackers can exploit this issue to cause the kernel to crash, denying service to legitimate users.

36. Linux Kernel CIFS Remote Buffer Overflow Vulnerability
BugTraq ID: 34453
Remote: Yes
Last Updated: 2009-05-07
Relevant URL: http://www.securityfocus.com/bid/34453
Summary:
The Linux Kernel is prone to a remote buffer-overflow vulnerability because the software fails to perform adequate boundary checks on user-supplied data.

An attacker can exploit this issue to execute arbitrary code with kernel-level privileges. Successfully exploiting this issue will result in the complete compromise of affected computers. Failed exploit attempts will result in a denial-of-service condition.

The issue affects Linux Kernel 2.6.29; other versions may also be vulnerable.

37. Linux Kernel 'exit_notify()' CAP_KILL Verification Local Privilege Escalation Vulnerability
BugTraq ID: 34405
Remote: No
Last Updated: 2009-05-07
Relevant URL: http://www.securityfocus.com/bid/34405
Summary:
The Linux kernel is prone to a local privilege-escalation vulnerability.

A local attacker can exploit this issue to execute arbitrary code with superuser privileges, resulting in a complete compromise of the affected computer.

Versions prior to Linux kernel 2.6.29-git14 are vulnerable.

38. Linux Kernel 64 Bit ABI System Call Parameter Privilege Escalation Vulnerability
BugTraq ID: 33275
Remote: No
Last Updated: 2009-05-07
Relevant URL: http://www.securityfocus.com/bid/33275
Summary:
The Linux Kernel is prone to a local privilege-escalation vulnerability.

A local attacker may be able to exploit this issue to read or write to unintended address spaces. This may result in denial-of-service conditions, the disclosure of sensitive information, or privilege escalation.

This issue affects versions prior to Linux 2.6.28.6 on some 64-bit architectures, including s390, PowerPC, SPARC64, and MIPS. Additional architectures may also be affected.

39. Linux Kernel 'qdisc_run()' Local Denial of Service Vulnerability
BugTraq ID: 32985
Remote: No
Last Updated: 2009-05-07
Relevant URL: http://www.securityfocus.com/bid/32985
Summary:
The Linux kernel is prone to a local denial-of-service vulnerability.

Local attackers can exploit this issue to cause a soft lockup, denying service to legitimate users.

Versions prior to Linux kernel 2.6.25 are vulnerable.

40. Linux Kernel 'drivers/char/agp/generic.c' Local Information Disclosure Vulnerability
BugTraq ID: 34673
Remote: No
Last Updated: 2009-05-07
Relevant URL: http://www.securityfocus.com/bid/34673
Summary:
The Linux kernel is prone to a local information-disclosure vulnerability.

Local attackers can exploit this issue to obtain sensitive information that may lead to further attacks.

Versions prior to the Linux kernel 2.6.30-rc3 are vulnerable.

41. ldns 'rr.c' Remote Buffer Overflow Vulnerability
BugTraq ID: 34233
Remote: Yes
Last Updated: 2009-05-07
Relevant URL: http://www.securityfocus.com/bid/34233
Summary:
The 'ldns' library is prone to a buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it into an insufficiently sized memory buffer.

An attacker can exploit this issue to execute arbitrary code within the context of an application using the affected library. Failed exploit attempts will result in denial-of-service conditions.

Versions prior to ldns 1.5.0 are vulnerable.

42. acpid Local Denial of Service Vulnerability
BugTraq ID: 34692
Remote: No
Last Updated: 2009-05-07
Relevant URL: http://www.securityfocus.com/bid/34692
Summary:
The 'acpid' daemon is prone to a local denial-of-service vulnerability.

Successful exploits will allow attackers to make the daemon unresponsive, resulting in denial-of-service conditions.

The issue affects versions prior to acpid 1.0.10.

43. Mozilla Firefox/Thunderbird/SeaMonkey MFSA 2009 -14 through -22 Multiple Remote Vulnerabilities
BugTraq ID: 34656
Remote: Yes
Last Updated: 2009-05-07
Relevant URL: http://www.securityfocus.com/bid/34656
Summary:
The Mozilla Foundation has released multiple security advisories specifying various vulnerabilities in Firefox, Thunderbird, and SeaMonkey.

Attackers can exploit these issues to bypass same-origin restrictions, obtain potentially sensitive information, and execute arbitrary script code with elevated privileges; other attacks are also possible.

44. Mozilla Firefox 'nsTextFrame::ClearTextRun()' Remote Memory Corruption Vulnerability
BugTraq ID: 34743
Remote: Yes
Last Updated: 2009-05-07
Relevant URL: http://www.securityfocus.com/bid/34743
Summary:
Mozilla Firefox is prone to a remote memory-corruption vulnerability.

Successful exploits will allow remote attackers to execute arbitrary code within the context of the affected browser or crash the browser, denying service to legitimate users.

45. FreePBX Multiple Cross Site Scripting and Information Disclosure Vulnerabilities
BugTraq ID: 34857
Remote: Yes
Last Updated: 2009-05-07
Relevant URL: http://www.securityfocus.com/bid/34857
Summary:
FreePBX is prone to multiple cross-site scripting and information-disclosure vulnerabilities.

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks. An attacker may also exploit these issues to gain access to sensitive information.

FreePBX 2.4, 2.5 and trunk are affected.

46. Cscope 'find.c' Stack Based Buffer Overflow Vulnerability
BugTraq ID: 34832
Remote: Yes
Last Updated: 2009-05-06
Relevant URL: http://www.securityfocus.com/bid/34832
Summary:
Cscope is prone to a stack-based buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied input.

Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.

Versions prior to Cscope 15.6 are vulnerable.

47. SilverStripe 'AjaxUniqueTextField' Parameter SQL Injection Vulnerability
BugTraq ID: 34852
Remote: Yes
Last Updated: 2009-05-06
Relevant URL: http://www.securityfocus.com/bid/34852
Summary:
SilverStripe is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Versions prior to SilverStripe 2.3.3-rc2 are vulnerable.

48. ReVou 'adminlogin/password.php' Remote Password Change Vulnerability
BugTraq ID: 34851
Remote: Yes
Last Updated: 2009-05-06
Relevant URL: http://www.securityfocus.com/bid/34851
Summary:
ReVou is prone to a vulnerability that may permit an attacker to change the password of arbitrary users.

Exploiting this issue may allow the attacker to gain unauthorized access to the affected application. Successful exploits will completely compromise victims' accounts.

49. Multiple F-Secure Products RAR/ZIP Files Scan Evasion Vulnerability
BugTraq ID: 34849
Remote: Yes
Last Updated: 2009-05-06
Relevant URL: http://www.securityfocus.com/bid/34849
Summary:
Multiple F-Secure products are prone to a vulnerability that may allow certain compressed archives to bypass the scan engine.

Successful exploits will allow attackers to distribute files containing malicious code that the antivirus application will fail to detect.

50. FunGamez Local File Include and SQL Injection Vulnerabilities
BugTraq ID: 34610
Remote: Yes
Last Updated: 2009-05-06
Relevant URL: http://www.securityfocus.com/bid/34610
Summary:
FunGamez is prone to a local file-include vulnerability and multiple SQL-injection vulnerabilities because it fails to properly sanitize user-supplied input.

An attacker can exploit the local file-include vulnerability using directory-traversal strings to view and execute arbitrary local files within the context of the webserver process. Information harvested may aid in further attacks.

The attacker can exploit the SQL-injection vulnerabilities to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

51. Flatchat 'pmscript.php' Local File Include Vulnerability
BugTraq ID: 34734
Remote: Yes
Last Updated: 2009-05-06
Relevant URL: http://www.securityfocus.com/bid/34734
Summary:
Flatchat is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.

An attacker can exploit this vulnerability to view files and execute local scripts in the context of the webserver process. This may aid in further attacks.

Flatchat 3.0 is vulnerable; other versions may also be affected.

52. Sun Solaris DTrace Handler IOCTL Request Multiple Local Denial of Service Vulnerabilities
BugTraq ID: 34753
Remote: No
Last Updated: 2009-05-06
Relevant URL: http://www.securityfocus.com/bid/34753
Summary:
Sun Solaris is prone to multiple local denial-of-service vulnerabilities.

An attacker can exploit these issues to cause a system panic, denying service to legitimate users.

Very few technical details are currently available. We will update this BID as more information emerges.

These issues affect Solaris 10 and OpenSolaris builds snv_01 through snv_113.

53. Coccinelle Insecure Temporary File Creation Vulnerability
BugTraq ID: 34848
Remote: No
Last Updated: 2009-05-06
Relevant URL: http://www.securityfocus.com/bid/34848
Summary:
Coccinelle creates temporary files in an insecure manner.

An attacker with local access could potentially exploit this issue to perform symbolic link attacks to overwrite arbitrary attacker-specified files.

Versions prior to Coccinelle 0.1.7 are vulnerable.

54. SMA-DB Cross Site Scripting and Remote File Include Vulnerabilities
BugTraq ID: 33562
Remote: Yes
Last Updated: 2009-05-06
Relevant URL: http://www.securityfocus.com/bid/33562
Summary:
SMA-DB is prone to a cross-site scripting vulnerability and a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data.

An attacker can exploit these issues to execute malicious PHP code in the context of the webserver process. This may allow the attacker to compromise the application and the underlying system. Attackers may also execute script code in an unsuspecting user's browser or steal cookie-based authentication credentials; other attacks are also possible.

SMA-DB 0.3.12 is vulnerable; other versions may also be affected.

55. FreeType Multiple Integer Overflow Vulnerabilities
BugTraq ID: 34550
Remote: Yes
Last Updated: 2009-05-06
Relevant URL: http://www.securityfocus.com/bid/34550
Summary:
FreeType is prone to multiple integer-overflow vulnerabilities because it fails to properly validate user-supplied input.

Successful exploits may allow attackers to execute arbitrary code in the context of applications that use the affected library. Failed exploit attempts will likely result in denial-of-service conditions.

These issues affect FreeType 2.3.9; other versions may also be affected.

56. libwmf WMF Image File Remote Code Execution Vulnerability
BugTraq ID: 34792
Remote: Yes
Last Updated: 2009-05-06
Relevant URL: http://www.securityfocus.com/bid/34792
Summary:
The 'libwmf' library is prone to a buffer-overflow vulnerability because the vector graphics linked library improperly allocates memory when parsing WMF image files.

Successfully exploiting this issue would allow an attacker to corrupt memory and execute arbitrary code in the context of the currently logged-in user.

57. Drupal HTML Injection and Information Disclosure Vulnerabilities
BugTraq ID: 34779
Remote: Yes
Last Updated: 2009-05-06
Relevant URL: http://www.securityfocus.com/bid/34779
Summary:
Drupal is prone to a cross-site scripting vulnerability and an information-disclosure vulnerability.

An attacker may leverage these issues to obtain potentially sensitive information, execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, or control how the site is rendered to the user; other attacks are also possible.

These issues affect the following:

Drupal 5.x (prior to 5.17)
Drupal 6.x (prior to 6.11)

58. CUPS and Xpdf JBIG2 Symbol Dictionary Processing Heap Buffer Overflow Vulnerability
BugTraq ID: 34791
Remote: Yes
Last Updated: 2009-05-06
Relevant URL: http://www.securityfocus.com/bid/34791
Summary:
CUPS and Xpdf are prone to a remote buffer-overflow vulnerability because they fail to properly bounds-check user-supplied input before copying it into a finite-sized buffer.

Exploiting this issue may allow remote attackers to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely cause denial-of-service conditions.

The following are vulnerable; other applications or versions may also be affected:

Xpdf 3.02pl2 and earlier
CUPS 1.3.9 and earlier

NOTE: This vulnerability may already be covered in BID 34568 (Xpdf JBIG2 Processing Multiple Security Vulnerabilities). We will update (or possibly retire) this BID as more information emerges.

59. CUPS Insufficient 'Host' Header Validation Weakness
BugTraq ID: 34665
Remote: Yes
Last Updated: 2009-05-06
Relevant URL: http://www.securityfocus.com/bid/34665
Summary:
CUPS is prone to an insufficient 'Host' header validation weakness.

An attacker can use this weakness to carry out certain attacks such as DNS rebinding against the vulnerable server.

60. SunGard Banner Student 'twbkwbis.P_SecurityQuestion' HTML Injection Vulnerability
BugTraq ID: 34620
Remote: Yes
Last Updated: 2009-05-06
Relevant URL: http://www.securityfocus.com/bid/34620
Summary:
SunGard Banner Student is prone to an HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied data.

Attacker-supplied HTML or JavaScript code could run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials and to control how the site is rendered to the user; other attacks are also possible.

Banner Student 7.4 is vulnerable; other versions may also be affected.

61. MIT Kerberos 'asn1_decode_generaltime()' Uninitialized Pointer Memory Corruption Vulnerability
BugTraq ID: 34409
Remote: Yes
Last Updated: 2009-05-06
Relevant URL: http://www.securityfocus.com/bid/34409
Summary:
MIT Kerberos is prone to a memory-corruption vulnerability because it fails to properly initialize data structures.

Successful exploits may allow remote attackers to crash Kerberos servers, including the 'kadmind' administration daemon. Given the nature of this issue, attackers may also be able to execute arbitrary code with SYSTEM-level or superuser privileges, but this has not been confirmed.

Versions prior to Kerberos 5.17 and 5.1.6.4 are vulnerable.

62. Google Chrome 'chromehtml:' Protocol Handler Same Origin Policy Bypass Vulnerability
BugTraq ID: 34704
Remote: Yes
Last Updated: 2009-05-06
Relevant URL: http://www.securityfocus.com/bid/34704
Summary:
Google Chrome is prone to a vulnerability that allows attackers to bypass the same-origin policy and obtain sensitive information, including the existence of local files and authentication credentials for web applications. Other attacks are also possible.

Google Chrome 1.0.154.55 and prior versions are vulnerable.

63. Nucleus Kernel Recovery for Mac and Novell Multiple Buffer Overflow Vulnerabilities
BugTraq ID: 34846
Remote: Yes
Last Updated: 2009-05-06
Relevant URL: http://www.securityfocus.com/bid/34846
Summary:
Multiple Nucleus Kernel Recovery products are prone to remote stack-based buffer-overflow vulnerabilities because the software fails to perform adequate boundary checks on user-supplied input.

Attackers may leverage these issues to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.

These issues affect the following:

Kernel Recovery for Novell 4.03
Kernel Recovery for Macintosh 4.04

Other versions may also be affected.

64. VerliAdmin 'index.php' Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 34845
Remote: Yes
Last Updated: 2009-05-06
Relevant URL: http://www.securityfocus.com/bid/34845
Summary:
VerliAdmin is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input.

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

The issues affect VerliAdmin 0.3.7 and 0.3.8; other versions may also be affected.

65. LinkBase Users Menu HTML Injection Vulnerability
BugTraq ID: 34844
Remote: Yes
Last Updated: 2009-05-06
Relevant URL: http://www.securityfocus.com/bid/34844
Summary:
LinkBase is prone to an HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied data.

Attacker-supplied HTML or JavaScript code could run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials and to control how the site is rendered to the user; other attacks are also possible.

LinkBase 2.0 is vulnerable; other versions may also be affected.

66. 32bit FTP 'CWD' Response Remote Buffer Overflow Vulnerability
BugTraq ID: 34838
Remote: Yes
Last Updated: 2009-05-06
Relevant URL: http://www.securityfocus.com/bid/34838
Summary:
32bit FTP is prone to a buffer-overflow vulnerability because it fails to properly perform adequate boundary checks on user-supplied data.

An attacker may exploit this issue to execute arbitrary code in the context of the vulnerable application. Failed exploit attempts will likely result in a denial-of-service condition.

32bit FTP 09.04.24 is vulnerable; other versions may also be affected.

67. Cisco Subscriber Edge Services Manager Cross Site Scripting And HTML Injection Vulnerabilities
BugTraq ID: 34454
Remote: Yes
Last Updated: 2009-05-06
Relevant URL: http://www.securityfocus.com/bid/34454
Summary:
Cisco Subscriber Edge Services Manager is prone to a cross-site scripting vulnerability and an HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied data.

Attacker-supplied HTML or JavaScript code could run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials and to control how the site is rendered to the user; other attacks are also possible.

We don't know which versions of Subscriber Edge Services Manager are affected. We will update this BID as more information emerges.

68. Almond Classifieds for Joomla! 'id' Parameter SQL Injection Vulnerability
BugTraq ID: 34843
Remote: Yes
Last Updated: 2009-05-06
Relevant URL: http://www.securityfocus.com/bid/34843
Summary:
Almond Classifieds for Joomla! is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Almond Classifieds for Joomla! 5.6.2 is vulnerable; other versions may also be affected.

69. TemaTres SQL Injection and Cross Site Scripting Vulnerabilities
BugTraq ID: 34830
Remote: Yes
Last Updated: 2009-05-06
Relevant URL: http://www.securityfocus.com/bid/34830
Summary:
TemaTres is prone to multiple SQL-injection and cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.

Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

TemaTres 1.0.3 is vulnerable; other versions may also be affected.

70. Xpdf JBIG2 Processing Multiple Security Vulnerabilities
BugTraq ID: 34568
Remote: Yes
Last Updated: 2009-05-06
Relevant URL: http://www.securityfocus.com/bid/34568
Summary:
Xpdf is prone to multiple security vulnerabilities.

Exploiting these issues may allow remote attackers to execute arbitrary code in the context of an affected application. Failed exploit attempts will likely cause denial-of-service conditions.

These issues affect multiple applications on multiple platforms that use the affected library.

71. CUPS '_cupsImageReadTIFF()' Integer Overflow Vulnerability
BugTraq ID: 34571
Remote: Yes
Last Updated: 2009-05-06
Relevant URL: http://www.securityfocus.com/bid/34571
Summary:
CUPS is prone to an integer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied TIFF image sizes before using them to allocate memory buffers.

Successful exploits may allow attackers to execute arbitrary code with the privileges of a user running the utilities. Failed exploit attempts likely cause denial-of-service conditions.

Versions prior to CUPS 1.3.10 are vulnerable.

72. xvfb-run Insecure Magic Cookie Local Information Disclosure Vulnerability
BugTraq ID: 34828
Remote: No
Last Updated: 2009-05-06
Relevant URL: http://www.securityfocus.com/bid/34828
Summary:
The 'xvfb-run' command is prone to an information-disclosure vulnerability.

Exploiting this issue may allow a local attacker to obtain sensitive information that may lead to further attacks.

73. Woodstock 404 Error Page Cross Site Scripting Vulnerability
BugTraq ID: 34829
Remote: Yes
Last Updated: 2009-05-06
Relevant URL: http://www.securityfocus.com/bid/34829
Summary:
Woodstock is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site and to steal cookie-based authentication credentials.

Woodstock 4.2 is vulnerable; other versions may also be affected.

74. 32bit FTP 'banner' Remote Buffer Overflow Vulnerability
BugTraq ID: 34822
Remote: Yes
Last Updated: 2009-05-06
Relevant URL: http://www.securityfocus.com/bid/34822
Summary:
32bit FTP is prone to a buffer-overflow vulnerability because it fails to properly perform adequate boundary checks on user-supplied data.

An attacker may exploit this issue to execute arbitrary code in the context of the vulnerable application. Failed exploit attempts will likely result in a denial-of-service condition.

32bit FTP 09.04.24 is vulnerable; other versions may also be affected.

75. GlassFish Enterprise Server Multiple Cross Site Scripting Vulnerabilities
BugTraq ID: 34824
Remote: Yes
Last Updated: 2009-05-06
Relevant URL: http://www.securityfocus.com/bid/34824
Summary:
GlassFish Enterprise Server is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input.

Attacker-supplied HTML and script code would run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials.

GlassFish Enterprise Server 2.1 is vulnerable; other versions may also be affected.

76. Grabit 'NZB' File Remote Stack Buffer Overflow Vulnerability
BugTraq ID: 34807
Remote: Yes
Last Updated: 2009-05-06
Relevant URL: http://www.securityfocus.com/bid/34807
Summary:
Grabit is prone to a remote stack-based buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied input.

Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.

Grabit 1.7.2 beta 3 is vulnerable; other versions may also be affected.

77. IceWarp Merak Mail Server 'item.php' Cross-Site Scripting Vulnerability
BugTraq ID: 34825
Remote: Yes
Last Updated: 2009-05-06
Relevant URL: http://www.securityfocus.com/bid/34825
Summary:
IceWarp Merak Mail Server is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal potentially sensitive information and launch other attacks.

78. IceWarp Merak Mail Server 'Forgot Password' Input Validation Vulnerability
BugTraq ID: 34827
Remote: Yes
Last Updated: 2009-05-06
Relevant URL: http://www.securityfocus.com/bid/34827
Summary:
IceWarp Merak Mail Server is prone to an input-validation vulnerability because it uses client-supplied data when performing a 'Forgot Password' function.

Attackers can exploit this issue via social-engineering techniques to obtain valid users' login credentials; other attacks may also be possible.

79. IceWarp Merak Mail Server 'cleanHTML()' Function Cross-Site Scripting Vulnerability
BugTraq ID: 34823
Remote: Yes
Last Updated: 2009-05-06
Relevant URL: http://www.securityfocus.com/bid/34823
Summary:
IceWarp Merak Mail Server is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal potentially sensitive information and launch other attacks.

80. IceWarp Merak Mail Server Groupware Component Multiple SQL Injection Vulnerabilities
BugTraq ID: 34820
Remote: Yes
Last Updated: 2009-05-06
Relevant URL: http://www.securityfocus.com/bid/34820
Summary:
IceWarp Merak Mail Server is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

IceWarp Merak Mail Server 9.4.1 is affected; other versions may be vulnerable as well.

81. Mitel NuPoint Messenger Authentication Credentials Information Disclosure Vulnerability
BugTraq ID: 34847
Remote: Yes
Last Updated: 2009-05-06
Relevant URL: http://www.securityfocus.com/bid/34847
Summary:
Mitel NuPoint Messenger is prone to an information-disclosure vulnerability.

Exploiting this issue can allow a remote attacker to harvest sensitive information that can aid in further attacks.

Mitel NuPoint Messenger R3 and R11 are affected.

82. MoinMoin 'AttachFile.py' Multiple Cross Site Scripting Vulnerabilities
BugTraq ID: 34631
Remote: Yes
Last Updated: 2009-05-06
Relevant URL: http://www.securityfocus.com/bid/34631
Summary:
MoinMoin is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

MoinMoin 1.8.2 is vulnerable; other versions may also be affected.

83. Nagios External Commands and Adaptive Commands Unspecified Vulnerability
BugTraq ID: 32611
Remote: Yes
Last Updated: 2009-05-06
Relevant URL: http://www.securityfocus.com/bid/32611
Summary:
Nagios is prone to an unspecified vulnerability related to the CGI submission of external commands and the processing of adaptive commands.

Very little information is known about this issue. We will update this BID as soon as more information becomes available.

The issue affects versions prior to Nagios 3.0.6.

84. Nagios Web Interface Privilege Escalation Vulnerability
BugTraq ID: 32156
Remote: Yes
Last Updated: 2009-05-06
Relevant URL: http://www.securityfocus.com/bid/32156
Summary:
Nagios is prone to an unspecified privilege-escalation scripting vulnerability.

An attacker with low-level privileges may exploit this issue to bypass authorization and cause arbitrary commands to run within the context of the Nagios server. This may aid in further attacks.

Few technical details are available at this time; we will update this BID as more information emerges.

The issue affects versions prior to Nagios 3.0.5.

85. Adobe Flash Player Unspecified Remote Denial of Service Vulnerability
BugTraq ID: 33890
Remote: Yes
Last Updated: 2009-05-06
Relevant URL: http://www.securityfocus.com/bid/33890
Summary:
Adobe Flash Player is prone to a remote denial-of-service vulnerability because it fails to properly validate user-supplied input.

Exploiting this issue allows remote attackers to crash the application and possibly to execute code, but this has not been confirmed.

Versions prior to Flash Player 10.0.22.87 are vulnerable.

86. Adobe Flash Player Invalid Object Reference Remote Code Execution Vulnerability
BugTraq ID: 33880
Remote: Yes
Last Updated: 2009-05-06
Relevant URL: http://www.securityfocus.com/bid/33880
Summary:
Adobe Flash Player is prone to a remote code-execution vulnerability.

An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the application. Failed exploit attempts will likely crash the application, denying service to legitimate users.

Versions prior to Flash Player 10.0.12.36 are vulnerable.

87. Verlihub Control Panel Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 34856
Remote: Yes
Last Updated: 2009-05-06
Relevant URL: http://www.securityfocus.com/bid/34856
Summary:
Verlihub Control Panel is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input.

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

The issues affect Verlihub Control Panel 1.7e; other versions may also be affected.

88. Kayako SupportSuite Ticket Notes HTML Injection Vulnerability
BugTraq ID: 34853
Remote: Yes
Last Updated: 2009-05-06
Relevant URL: http://www.securityfocus.com/bid/34853
Summary:
Kayako SupportSuite is prone to an HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied data.

Attacker-supplied HTML or JavaScript code could run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials and to control how the site is rendered to the user; other attacks are also possible.

SupportSuite 3.04.10 is vulnerable; other versions may also be affected.

89. Sorinara Streaming Audio Player '.m3u' File Remote Stack Buffer Overflow Vulnerability
BugTraq ID: 34842
Remote: Yes
Last Updated: 2009-05-05
Relevant URL: http://www.securityfocus.com/bid/34842
Summary:
Sorinara Streaming Audio Player is prone to a remote stack-based buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied input.

Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.

Sorinara Streaming Audio Player 0.9 is vulnerable; other version may also be affected.

90. Sun Glassfish 'name' Parameter Cross Site Scripting Vulnerability
BugTraq ID: 29646
Remote: Yes
Last Updated: 2009-05-05
Relevant URL: http://www.securityfocus.com/bid/29646
Summary:
Sun Glassfish is prone to a cross-site scripting vulnerability because the application fails to sufficiently sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.

91. schroot '/tmp/shm' Local Denial of Service Vulnerability
BugTraq ID: 34819
Remote: No
Last Updated: 2009-05-05
Relevant URL: http://www.securityfocus.com/bid/34819
Summary:
The 'schroot' program is prone to a local denial-of-service vulnerability.

Attackers can exploit this issue to exhaust all available memory and crash a system, resulting in a denial-of-service condition.

This issue affects schroot 1.2.2; other versions may also be affected.

92. MyBB 1.4.5 Multiple Security Vulnerabilities
BugTraq ID: 34798
Remote: Yes
Last Updated: 2009-05-05
Relevant URL: http://www.securityfocus.com/bid/34798
Summary:
MyBB is prone to multiple security vulnerabilities, including an HTML-injection issue and an unspecified issue.

An attacker may leverage the HTML-injection issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials, control how the site is rendered to the user, and to launch other attacks.

MyBB 1.4.5 is vulnerable; other versions may also be affected.

93. ProjectCMS Multiple Input Validation Vulnerabilities
BugTraq ID: 34816
Remote: Yes
Last Updated: 2009-05-05
Relevant URL: http://www.securityfocus.com/bid/34816
Summary:
ProjectCMS is prone to multiple input-validation vulnerabilities:

- An arbitrary-file-upload vulnerability
- An information-disclosure vulnerability
- A security-bypass vulnerability

An attacker can exploit these issues to upload and execute arbitrary PHP code in the context of the webserver process, obtain sensitive information, or delete an arbitrary directory. Other attacks are also possible.

Versions prior to ProjectCMS 1.2 Beta are vulnerable.

94. Quagga Autonomous System Number Remote Denial Of Service Vulnerability
BugTraq ID: 34817
Remote: Yes
Last Updated: 2009-05-05
Relevant URL: http://www.securityfocus.com/bid/34817
Summary:
Quagga is prone to a remote denial-of-service vulnerability.

Exploiting this issue allows remote attackers to cause the vulnerable process to crash, denying further service to legitimate users.

Quagga 0.99.11 is vulnerable; other versions may also be affected.

95. aMule 'wxExecute()' Arbitrary Command Execution Vulnerability
BugTraq ID: 34683
Remote: Yes
Last Updated: 2009-05-05
Relevant URL: http://www.securityfocus.com/bid/34683
Summary:
aMule is prone to a vulnerability that lets attackers execute arbitrary commands in the context of the vulnerable application.

This issue affects aMule 2.2.4; other versions may also be vulnerable.

96. CoolPlayer M3U File Buffer Overflow Vulnerability
BugTraq ID: 30418
Remote: Yes
Last Updated: 2009-05-05
Relevant URL: http://www.securityfocus.com/bid/30418
Summary:
CoolPlayer is prone a buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data.

The issue occurs when handling specially crafted M3U files.

Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the application. Failed exploit attempts likely result in denial-of-service conditions.

We don't know which versions of CoolPlayer are affected. We will update this BID as more information emerges.

97. CoolPlayer Skin File Buffer Overflow Vulnerability
BugTraq ID: 32947
Remote: Yes
Last Updated: 2009-05-05
Relevant URL: http://www.securityfocus.com/bid/32947
Summary:
CoolPlayer is prone a buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data.

The issue occurs when handling specially crafted skin files.

Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the application. Failed exploit attempts likely result in denial-of-service conditions.

This issue affects CoolPlayer 219; other versions may be vulnerable as well.

98. Quick 'n Easy Mail Server SMTP Request Remote Denial Of Service Vulnerability
BugTraq ID: 34814
Remote: Yes
Last Updated: 2009-05-05
Relevant URL: http://www.securityfocus.com/bid/34814
Summary:
Quick 'n Easy Mail Server is prone to a denial-of-service vulnerability because it fails to adequately handle multiple socket requests.

Attackers can exploit this issue to cause the affected application to reject SMTP requests, denying service to legitimate users.

The demonstration release of Quick 'n Easy Mail Server 3.3 is vulnerable; other versions may also be affected.

99. AGTC MyShop Insecure Cookie Authentication Bypass Vulnerability
BugTraq ID: 34808
Remote: Yes
Last Updated: 2009-05-05
Relevant URL: http://www.securityfocus.com/bid/34808
Summary:
AGTC MyShop is prone to an authentication-bypass vulnerability because it fails to adequately verify user-supplied input used for cookie-based authentication.

Attackers can exploit this vulnerability to gain administrative access to the affected application, which may aid in further attacks.

AGTC MyShop 3.2b is vulnerable; other versions may also be affected.

100. BluSky CMS 'index.php' SQL Injection Vulnerability
BugTraq ID: 34811
Remote: Yes
Last Updated: 2009-05-05
Relevant URL: http://www.securityfocus.com/bid/34811
Summary:
BluSky CMS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

III. SECURITYFOCUS NEWS ARTICLES
--------------------------------
1. Browsers bashed first in hacking contest
By: Robert Lemos
A security researcher keeps a vulnerability on ice for an entire year, before using it at the Pwn2Own contest to exploit Apple's browser. Microsoft's Internet Explorer 8 falls soon after.
http://www.securityfocus.com/news/11549

2. Experts: U.S. needs to defend its "cyber turf"
By: Robert Lemos
The United States must develop a Monroe Doctrine for the Internet, defining what constitutes its cyberspace and pledging to defend its virtual borders, security experts told Congress.
http://www.securityfocus.com/news/11548

3. Advisor: U.S. needs policy to defend cyberspace
By: Robert Lemos
An Obama transition-team member argues that any future cyber policy needs to deal with the role of the intelligence community, the militarization of cyberspace and designating a lead disaster agency.
http://www.securityfocus.com/news/11547

4. Cabal forms to fight Conficker, offers bounty
By: Robert Lemos
Microsoft offers $250,000 for information leading to the arrest of the author and, along with security firms and Internet service providers, pledges to work to prevent the prolific worm from spreading further.
http://www.securityfocus.com/news/11546

IV. SECURITY JOBS LIST SUMMARY
-------------------------------
V. INCIDENTS LIST SUMMARY
---------------------------
1. EUSecWest 2009 (May27/28) London Agenda and PacSec 2009 (Nov 4/5) Tokyo CFP deadline: June 1 2009
http://www.securityfocus.com/archive/75/503338

VI. VULN-DEV RESEARCH LIST SUMMARY
-----------------------------------
VII. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. SecurityFocus Microsoft Newsletter #442
http://www.securityfocus.com/archive/88/503195

VIII. SUN FOCUS LIST SUMMARY
----------------------------
IX. LINUX FOCUS LIST SUMMARY
----------------------------
1. EUSecWest 2009 (May27/28) London Agenda and PacSec 2009 (Nov 4/5) Tokyo CFP deadline: June 1 2009
http://www.securityfocus.com/archive/91/503313

X. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to sf-news-unsubscribe (at) securityfocus (dot) com [email concealed] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin (at) securityfocus (dot) com [email concealed] and ask to be manually removed.

XI. SPONSOR INFORMATION
------------------------
This issue is sponsored by Thawte

Extended Validation SSL Certificates: Inspire Trust, Improve Confidence and Increase Sales

Extended Validation SSL delivers the acknowledged industry standard for the highest level of online identity assurance processes for SSL certificate issuance. Find out how the EV standard increases the visibility of authentication status through the use of a green address bar in the latest high security web browsers.

http://www.dinclinx.com/Redirect.aspx?36;5004;25;1371;0;3;946;54442f0f21
4c470a

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus