SecurityFocus News
SecurityFocus Newsletter #505 Jun 18 2009 10:29PM
sfa securityfocus com
SecurityFocus Newsletter #505
----------------------------------------

This issue is sponsored by VeriSign

VeriSign EV SSL Certificates for your sites' security turn the address bar in high security browsers green which helps your customers know they are safe on your site.

http://ad.doubleclick.net/clk;215510129;37701658;c

------------------------------------------------------------------
I. FRONT AND CENTER
1. Hacker-Tool Law Still Does Little
2. A Botnet by Any Other Name
II. BUGTRAQ SUMMARY
1. Sun Solstice AdminSuite 'sadmind' 'adm_build_path()' Remote Stack Buffer Overflow Vulnerability
2. Sun Solaris 'sadmind' Daemon Multiple Buffer Overflow Vulnerabilities
3. CMS Buzz Multiple Security Vulnerabilities
4. Edraw PDF Viewer Component Active X Control Arbitrary File Overwrite Vulnerability
5. Multiple F-PROT Products RAR/ARJ/LHA/LZH File Scan Evasion Vulnerability
6. GForge SQL Injection and Cross Site Scripting Vulnerabilities
7. Apple Mac OS X CoreGraphics PDF Handling Multiple Memory Corruption Vulnerabilities
8. Apple Mac OS X CoreGraphics PDF Handling Heap Overflow Vulnerability
9. Apple Mac OS X International Components for Unicode Invalid Byte Sequence Handling Vulnerability
10. Apple Safari Prior to 3.2 Multiple Security Vulnerabilities
11. Apple iPhone and iPod touch Prior to Version 3.0 Multiple Vulnerabilities
12. Apple Mac OS X CarbonCore Stack Based Buffer Overflow Vulnerability
13. WebKit 'Canvas' HTML Element Image Capture Remote Information Disclosure Vulnerability
14. WebKit Frame Transition Cross Domain Scripting Vulnerability
15. WebKit JavaScript DOM User After Free Remote Code Execution Vulnerability
16. WebKit 'Location' and 'History' Objects Cross Site Scripting Vulnerability
17. WebKit 'Canvas' SVG Image Capture Remote Information Disclosure Vulnerability
18. WebKit XSLT Redirects Remote Information Disclosure Vulnerability
19. WebKit DOM Event Handler Remote Memory Corruption Vulnerability
20. WebKit JavaScript Prototypes Cross Site Scripting Vulnerability
21. WebKit 'XMLHttpRequest' HTTP Response Splitting Vulnerability
22. WebKit CSS 'Attr' Function Remote Code Execution Vulnerability
23. WebKit XML External Entity Information Disclosure Vulnerability
24. WebKit 'about:blank' Security Bypass Vulnerability
25. WebKit 'document.implementation' Cross Domain Scripting Vulnerability
26. WebKit JavaScript Exception Handling Remote Code Execution Vulnerability
27. AOL Radio AmpX ActiveX Control 'ConvertFile()' Buffer Overflow Vulnerability
28. ClamAV CAB File Scan Evasion Vulnerability
29. VLC Media Player Cinepak Codec Buffer Overflow Vulnerability
30. VLC Media Player WAV File Buffer Overflow Vulnerability
31. VLC Media Player 'mmstu.c' MMS Protocol Handling Buffer Overflow Vulnerability
32. VLC Media Player Multiple Remote Integer Overflow Vulnerabilities
33. VLC Media Player 'Subtitle' Buffer Overflow Vulnerability
34. VLC Media Player Multiple Stack Based Buffer Overflow Vulnerabilities
35. VLC Media Player MP4 Demuxer Buffer Overflow Vulnerability
36. Nokia 6131 Multiple Vulnerabilities
37. HP Discovery and Dependency Mapping Inventory Unauthorized Access Vulnerability
38. CUPS 'cups/ipp.c' NULL Pointer Dereference Denial Of Service Vulnerability
39. CUPS PDF File Multiple Heap Buffer Overflow Vulnerabilities
40. CUPS Scheduler Directory Services Remote Denial Of Service Vulnerability
41. Apple iPhone Call Approval Dialog Security Bypass Vulnerability
42. Mozilla Firefox and SeaMonkey Address Bar URI Spoofing Vulnerability
43. Mozilla Firefox/Thunderbird/SeaMonkey 'file://' URI Security Bypass Vulnerability
44. Mozilla Firefox/Thunderbird/SeaMonkey Null Owner Document Arbitrary Code Execution Vulnerability
45. Mozilla Firefox/Thunderbird/SeaMonkey Multiple JavaScript Engine Memory Corruption Vulnerabilities
46. Mozilla Firefox/Thunderbird/SeaMonkey Double Frame Construction Memory Corruption Vulnerability
47. Mozilla Firefox/Thunderbird/SeaMonkey XUL Scripts Content-Policy Check Security Bypass Vulnerability
48. Mozilla Firefox and SeaMonkey JavaScript Chrome Privilege Escalation Vulnerability
49. Mozilla Firefox 'NPObject' Access Remote Code Execution Vulnerability
50. Mozilla Firefox/SeaMonkey 'file://' URI Information Disclosure Vulnerability
51. Mozilla Firefox 'nsViewManager.cpp' Denial of Service Vulnerability
52. Mozilla Firefox Large GIF File Background Denial of Service Vulnerability
53. Sun Java System Web Server Reverse Proxy Plug-in Cross-Site Scripting Vulnerability
54. Apple Safari Windows Installer Local Privilege Escalation Vulnerability
55. Mozilla Firefox/Thunderbird/SeaMonkey Multiple Browser Engine Memory Corruption Vulnerabilities
56. Multiple Browser Malicious Proxy HTTPS Man In The Middle Vulnerability
57. Cyrus SASL 'sasl_encode64()' Remote Buffer Overflow Vulnerability
58. Multiple Browsers Cached Certificate HTTP Site Spoofing Vulnerability
59. VicFTPS 'LIST' Command Remote Denial of Service Vulnerability
60. Dokuwiki 'doku.php' Local File Include Vulnerability
61. cpCommerce 'GLOBALS[prefix]' Local/Remote File Include Vulnerability
62. strongSwan IKE Request Multiple Remote Denial Of Service Vulnerabilities
63. Multiple Browser JavaScript Engine 'Math.Random()' Cross Domain Information Disclosure Vulnerability
64. Linux Kernel 64 Bit ABI System Call Parameter Privilege Escalation Vulnerability
65. Multiple Browsers Web Proxy Redirect Handling Man In The Middle Vulnerability
66. Linux Kernel Frame Size Integer Overflow Remote Information Disclosure Vulnerability
67. Linux Kernel 'drivers/char/agp/generic.c' Local Information Disclosure Vulnerability
68. Linux Kernel 'e1000/e1000_main.c' Remote Denial of Service Vulnerability
69. Linux Kernel NFS 'MAY_EXEC' Security Bypass Vulnerability
70. Linux Kernel 'exit_notify()' CAP_KILL Verification Local Privilege Escalation Vulnerability
71. Linux Kernel 'splice(2)' Double Lock Local Denial of Service Vulnerability
72. Linux Kernel 'inet6_hashtables.c' NULL Pointer Dereference Denial of Service Vulnerability
73. Linux Kernel '/proc/iomem' Sparc64 Local Denial of Service Vulnerability
74. Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability
75. Apache Tomcat XML Parser Information Disclosure Vulnerability
76. Microsoft Windows Print Spooler Remote Code Execution Vulnerability
77. Microsoft IIS Unicode Requests to WebDAV Multiple Authentication Bypass Vulnerabilities
78. Microsoft IIS 5.0 WebDAV Authentication Bypass Vulnerability
79. Libpng Library Uninitialized Pointer Arrays Memory Corruption Vulnerabilities
80. Libpng Library Unknown Chunk Handler Vulnerability
81. Roxio CinePlayer SonicDVDDashVRNav.DLL ActiveX Control Remote Buffer Overflow Vulnerability
82. Libpng 1-bit Interlaced Images Information Disclosure Vulnerability
83. Wireshark PCNFSD Dissector Denial of Service Vulnerability
84. Wireshark PN-DCP Data Format String Vulnerability
85. Wireshark Prior to 1.0.7 Multiple Denial Of Service Vulnerabilities
86. IBM AIX 'rpc.ttdbserver' Remote Buffer Overflow Vulnerability
87. IrfanView 'TIFF' File Handling Remote Integer Overflow Vulnerability
88. Microsoft Active Directory Encoded LDAP String Memory Corruption Remote Code Execution Vulnerability
89. Microsoft Active Directory Memory Leak Denial Of Service Vulnerability
90. Citrix NetScaler Access Gateway Default Configuration Unauthorized Access Vulnerability
91. MoinMoin Hierarchical ACL Security Bypass Vulnerability
92. MoinMoin 'antispam.py' Cross-Site Scripting Vulnerability
93. MoinMoin Multiple Cross Site Scripting Vulnerabilities
94. MoinMoin 'AttachFile.py' Cross-Site Scripting Vulnerability
95. MoinMoin 'AdvancedSearch.py' Multiple Cross-Site Scripting Vulnerabilities
96. Citrix Secure Gateway Denial Of Service Vulnerability
97. Libungif Null Pointer Dereference Denial of Service Vulnerability
98. Libungif Colormap Handling Memory Corruption Vulnerability
99. cTorrent and dTorrent Torrent File Buffer Overflow Vulnerability
100. DESlock+ 'dlpcrypt.sys' Local Privilege Escalation Vulnerability
III. SECURITYFOCUS NEWS
1. FTC persuades court to shutter rogue ISP
2. Obama launches cybersecurity initiative
3. Browsers bashed first in hacking contest
4. Experts: U.S. needs to defend its "cyber turf"
IV. SECURITY JOBS LIST SUMMARY
V. INCIDENTS LIST SUMMARY
1. Workshop on the Analysis of System Logs (WASL) 2009
VI. VULN-DEV RESEARCH LIST SUMMARY
VII. MICROSOFT FOCUS LIST SUMMARY
1. SecurityFocus Microsoft Newsletter #445
VIII. SUN FOCUS LIST SUMMARY
IX. LINUX FOCUS LIST SUMMARY
X. UNSUBSCRIBE INSTRUCTIONS
XI. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1. Hacker-Tool Law Still Does Little
By Mark Rasch
On August 10, 2007, a new section of the German Penal code went into effect. The statute, intended to implement certain provisions of the Council of Europe Treaty on Cybercrime, could be interpreted to make the creation or distribution of computer security software a criminal offense.
http://www.securityfocus.com/columnists/502

2. A Botnet by Any Other Name
By Gubter Ollmann
The news has been awash the last few weeks with fears over globe-spanning botnets and their criminal intent: Conficker managed to hog the limelight for well over a month, and then came Finjan's disclosure of a previously unknown - and currently unnamed - botnet consisting of some 1.9 million malicious agents.
http://www.securityfocus.com/columnists/501

II. BUGTRAQ SUMMARY
--------------------
1. Sun Solstice AdminSuite 'sadmind' 'adm_build_path()' Remote Stack Buffer Overflow Vulnerability
BugTraq ID: 31751
Remote: Yes
Last Updated: 2009-06-18
Relevant URL: http://www.securityfocus.com/bid/31751
Summary:
Sun Solstice AdminSuite is prone to a remote stack-based buffer-overflow vulnerability because the software fails to perform adequate boundary checks on user-supplied input.

Attackers can leverage this issue to execute arbitrary code in the context of the application. Successful exploits will compromise the application and the underlying computer. Failed attacks will cause denial-of-service conditions.

We don't know which specific versions of Solstice AdminSuite are affected, but versions for Solaris 8 and 9 are reported vulnerable. We will update this BID as more information emerges.

2. Sun Solaris 'sadmind' Daemon Multiple Buffer Overflow Vulnerabilities
BugTraq ID: 35083
Remote: Yes
Last Updated: 2009-06-18
Relevant URL: http://www.securityfocus.com/bid/35083
Summary:
Sun Solaris is prone to multiple buffer-overflow vulnerabilities because the software fails to perform adequate boundary checks on user-supplied input.

Attackers can leverage these issues to execute arbitrary code with superuser privileges. Failed attacks will cause denial-of-service conditions.

These issues affect Solaris 8 and 9.

3. CMS Buzz Multiple Security Vulnerabilities
BugTraq ID: 35431
Remote: Yes
Last Updated: 2009-06-18
Relevant URL: http://www.securityfocus.com/bid/35431
Summary:
CMS Buzz is prone to multiple vulnerabilities, including a cross-site scripting issue, an HTML-injection issue, and an authentication-bypass issue.

Attackers can leverage these vulnerabilities to execute arbitrary HTML or script code in the context of the affected site or access certain administrative functions. This can allow the attacker to steal cookie-based authentication credentials, control how the site is rendered to the user, launch denial-of-service attacks, and compromise the application; other attacks are also possible.

4. Edraw PDF Viewer Component Active X Control Arbitrary File Overwrite Vulnerability
BugTraq ID: 35428
Remote: Yes
Last Updated: 2009-06-18
Relevant URL: http://www.securityfocus.com/bid/35428
Summary:
Edraw PDF Viewer Component ActiveX control is prone to a vulnerability that lets attackers overwrite arbitrary local files on the victim's computer in the context of the vulnerable application using the ActiveX control (typically Internet Explorer).

Versions prior to PDF Viewer Component 3.2.0.126 are vulnerable.

5. Multiple F-PROT Products RAR/ARJ/LHA/LZH File Scan Evasion Vulnerability
BugTraq ID: 35427
Remote: Yes
Last Updated: 2009-06-18
Relevant URL: http://www.securityfocus.com/bid/35427
Summary:
Multiple F-PROT products are prone to a vulnerability that may allow certain compressed archives to bypass the scan engine.

Successful exploits will allow attackers to distribute files containing malicious code that the antivirus application will fail to detect.

6. GForge SQL Injection and Cross Site Scripting Vulnerabilities
BugTraq ID: 35424
Remote: Yes
Last Updated: 2009-06-18
Relevant URL: http://www.securityfocus.com/bid/35424
Summary:
GForge is prone to multiple SQL-injection and cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.

Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

GForge versions 4.5.14 and 4.7rc2 are affected; other versions may be affected as well.

7. Apple Mac OS X CoreGraphics PDF Handling Multiple Memory Corruption Vulnerabilities
BugTraq ID: 34962
Remote: Yes
Last Updated: 2009-06-17
Relevant URL: http://www.securityfocus.com/bid/34962
Summary:
Apple Mac OS X is prone to multiple memory-corruption vulnerabilities in CoreGraphics.

An attacker can exploit these issues by tricking a victim into opening a specially crafted PDF file.

A successful attack will allow attacker-supplied code to run in the context of the victim opening the file.

NOTE: This issue was previously covered in BID 34926 (Apple Mac OS X 2009-002 Multiple Security Vulnerabilities), but has been assigned its own record to better document it.

8. Apple Mac OS X CoreGraphics PDF Handling Heap Overflow Vulnerability
BugTraq ID: 34965
Remote: Yes
Last Updated: 2009-06-17
Relevant URL: http://www.securityfocus.com/bid/34965
Summary:
Apple Mac OS X is prone to a heap-based buffer-overflow vulnerability in CoreGraphics.

An attacker can exploit this issue by tricking a victim into opening a specially crafted PDF file.

A successful attack will allow attacker-supplied code to run in the context of the victim opening the file.

NOTE: This issue was previously covered in BID 34926 (Apple Mac OS X 2009-002 Multiple Security Vulnerabilities), but has been assigned its own record to better document it.

9. Apple Mac OS X International Components for Unicode Invalid Byte Sequence Handling Vulnerability
BugTraq ID: 34974
Remote: Yes
Last Updated: 2009-06-17
Relevant URL: http://www.securityfocus.com/bid/34974
Summary:
Apple Mac OS X is prone to an input-validation vulnerability because the International Components for Unicode component may incorrectly convert some invalid byte sequences.

An attacker may leverage this vulnerability to bypass content filters. This may lead to cross-site scripting attacks or allow the attacker to obtain sensitive information in some cases. Other attacks are also possible.

NOTE: This issue was previously covered in BID 34926 (Apple Mac OS X 2009-002 Multiple Security Vulnerabilities), but has been assigned its own record to better document it.

10. Apple Safari Prior to 3.2 Multiple Security Vulnerabilities
BugTraq ID: 32291
Remote: Yes
Last Updated: 2009-06-17
Relevant URL: http://www.securityfocus.com/bid/32291
Summary:
Apple Safari is prone to three security vulnerabilities.

Attackers may exploit these issues to execute arbitrary code or obtain sensitive information. Other attacks are also possible.

These issues affect versions prior to Safari 3.2 running on Apple Mac OS X 10.4.11 and 10.5.5, Microsoft Windows XP, and Windows Vista.

11. Apple iPhone and iPod touch Prior to Version 3.0 Multiple Vulnerabilities
BugTraq ID: 35414
Remote: Yes
Last Updated: 2009-06-17
Relevant URL: http://www.securityfocus.com/bid/35414
Summary:
Apple iPhone and iPod touch are prone to multiple vulnerabilities.

Successfully exploiting these issues may allow attackers to bypass security restrictions, obtain sensitive information, or cause denial-of-service conditions.

These issues affect the following:

iPhone OS 1.0 through 2.2.1
iPhone OS for iPod touch 1.1 through 2.2.1

12. Apple Mac OS X CarbonCore Stack Based Buffer Overflow Vulnerability
BugTraq ID: 30487
Remote: Yes
Last Updated: 2009-06-17
Relevant URL: http://www.securityfocus.com/bid/30487
Summary:
Apple Mac OS X is prone to a buffer-overflow vulnerability that affects the CarbonCore component.

Attackers can exploit this issue to execute arbitrary code in the context of the affected application. Failed attempts will likely cause denial-of-service conditions.

The following versions are affected:

Mac OS X v10.4.11 and prior
Mac OS X Server v10.4.11 and prior
Mac OS X v10.5.4 and prior
Mac OS X Server v10.5.4 and prior

NOTE: This issue was previously covered in BID 30483 (Apple Mac OS X 2008-005 Multiple Security Vulnerabilities) but has been given its own record to better document the vulnerability.

13. WebKit 'Canvas' HTML Element Image Capture Remote Information Disclosure Vulnerability
BugTraq ID: 35322
Remote: Yes
Last Updated: 2009-06-17
Relevant URL: http://www.securityfocus.com/bid/35322
Summary:
WebKit is prone to a remote information-disclosure vulnerability.

An attacker can exploit this issue to obtain sensitive information that may aid in further attacks.

NOTE: This issue was previously covered in BID 35260 (Apple Safari Prior to 4.0 Multiple Security Vulnerabilities), but has been assigned its own record to better document it.

14. WebKit Frame Transition Cross Domain Scripting Vulnerability
BugTraq ID: 35328
Remote: Yes
Last Updated: 2009-06-17
Relevant URL: http://www.securityfocus.com/bid/35328
Summary:
WebKit is prone to a cross-domain scripting vulnerability.

An attacker can exploit this vulnerability to bypass the same-origin policy and obtain potentially sensitive information or to launch spoofing attacks against other sites. Other attacks are also possible.

NOTE: This issue was previously covered in BID 35260 (Apple Safari Prior to 4.0 Multiple Security Vulnerabilities), but has been assigned its own record to better document it.

15. WebKit JavaScript DOM User After Free Remote Code Execution Vulnerability
BugTraq ID: 35325
Remote: Yes
Last Updated: 2009-06-17
Relevant URL: http://www.securityfocus.com/bid/35325
Summary:
WebKit is prone to a remote code-execution vulnerability.

Attackers may exploit this issue to execute arbitrary code in the context of the application. Failed exploit attempts will result in a denial-of-service condition.

NOTE: This issue was previously covered in BID 35260 (Apple Safari Prior to 4.0 Multiple Security Vulnerabilities), but has been assigned its own record to better document it.

16. WebKit 'Location' and 'History' Objects Cross Site Scripting Vulnerability
BugTraq ID: 35327
Remote: Yes
Last Updated: 2009-06-17
Relevant URL: http://www.securityfocus.com/bid/35327
Summary:
WebKit is prone to a cross-site scripting vulnerability because the application fails to sufficiently sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.

NOTE: This issue was previously covered in BID 35260 (Apple Safari Prior to 4.0 Multiple Security Vulnerabilities), but has been assigned its own record to better document it.

17. WebKit 'Canvas' SVG Image Capture Remote Information Disclosure Vulnerability
BugTraq ID: 35331
Remote: Yes
Last Updated: 2009-06-17
Relevant URL: http://www.securityfocus.com/bid/35331
Summary:
WebKit is prone to a remote information-disclosure vulnerability.

An attacker can exploit this issue to obtain sensitive information that may aid in further attacks.

NOTE: This issue was previously covered in BID 35260 (Apple Safari Prior to 4.0 Multiple Security Vulnerabilities), but has been assigned its own record to better document it.

18. WebKit XSLT Redirects Remote Information Disclosure Vulnerability
BugTraq ID: 35283
Remote: Yes
Last Updated: 2009-06-17
Relevant URL: http://www.securityfocus.com/bid/35283
Summary:
WebKit is prone to a remote information-disclosure vulnerability.

An attacker can exploit this issue to obtain sensitive information that may aid in further attacks.

NOTE: This issue was previously covered in BID 35260 (Apple Safari Prior to 4.0 Multiple Security Vulnerabilities), but has been assigned its own record to better document it.

19. WebKit DOM Event Handler Remote Memory Corruption Vulnerability
BugTraq ID: 35271
Remote: Yes
Last Updated: 2009-06-17
Relevant URL: http://www.securityfocus.com/bid/35271
Summary:
WebKit is prone to a remote memory-corruption vulnerability.

An attacker can exploit this issue to execute arbitrary code in the context of the application. Failed exploit attempts will result in a denial-of-service condition.

NOTE: This issue was previously covered in BID 35260 (Apple Safari Prior to 4.0 Multiple Security Vulnerabilities), but has been assigned its own record to better document it.

20. WebKit JavaScript Prototypes Cross Site Scripting Vulnerability
BugTraq ID: 35330
Remote: Yes
Last Updated: 2009-06-17
Relevant URL: http://www.securityfocus.com/bid/35330
Summary:
WebKit is prone to a cross-site scripting vulnerability.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.

NOTE: This issue was previously covered in BID 35260 (Apple Safari Prior to 4.0 Multiple Security Vulnerabilities), but has been assigned its own record to better document it.

21. WebKit 'XMLHttpRequest' HTTP Response Splitting Vulnerability
BugTraq ID: 35270
Remote: Yes
Last Updated: 2009-06-17
Relevant URL: http://www.securityfocus.com/bid/35270
Summary:
WebKit is prone to an HTTP response-splitting vulnerability because it fails to adequately sanitize user-supplied input.

A remote attacker can exploit this vulnerability to influence or misrepresent how web content is served, cached, or interpreted. This could aid in various attacks that try to entice client users into a false sense of trust.

NOTE: This issue was previously covered in BID 35260 (Apple Safari Prior to 4.0 Multiple Security Vulnerabilities), but has been assigned its own record to better document it.

22. WebKit CSS 'Attr' Function Remote Code Execution Vulnerability
BugTraq ID: 35318
Remote: Yes
Last Updated: 2009-06-17
Relevant URL: http://www.securityfocus.com/bid/35318
Summary:
WebKit is prone to a remote code-execution vulnerability.

Attackers may exploit this issue to execute arbitrary code in the context of the application. Failed exploit attempts will result in a denial-of-service condition.

NOTE: This issue was previously covered in BID 35260 (Apple Safari Prior to 4.0 Multiple Security Vulnerabilities), but has been assigned its own record to better document it.

23. WebKit XML External Entity Information Disclosure Vulnerability
BugTraq ID: 35321
Remote: Yes
Last Updated: 2009-06-17
Relevant URL: http://www.securityfocus.com/bid/35321
Summary:
WebKit is prone to a remote information-disclosure vulnerability.

An attacker can exploit this issue to obtain sensitive information that may aid in further attacks.

NOTE: This issue was previously covered in BID 35260 (Apple Safari Prior to 4.0 Multiple Security Vulnerabilities), but has been assigned its own record to better document it.

24. WebKit 'about:blank' Security Bypass Vulnerability
BugTraq ID: 35332
Remote: Yes
Last Updated: 2009-06-17
Relevant URL: http://www.securityfocus.com/bid/35332
Summary:
WebKit is prone to a security-bypass vulnerability.

An attacker may leverage this issue to bypass the document's security context and run arbitrary script code in a new security context.

NOTE: This issue was previously covered in BID 35260 (Apple Safari Prior to 4.0 Multiple Security Vulnerabilities), but has been assigned its own record to better document it.

25. WebKit 'document.implementation' Cross Domain Scripting Vulnerability
BugTraq ID: 35319
Remote: Yes
Last Updated: 2009-06-17
Relevant URL: http://www.securityfocus.com/bid/35319
Summary:
WebKit is prone to a cross-domain scripting vulnerability.

A remote attacker can exploit this vulnerability to bypass the same-origin policy and obtain potentially sensitive information or to launch spoofing attacks against other sites. Other attacks are also possible.

NOTE: This issue was previously covered in BID 35260 (Apple Safari Prior to 4.0 Multiple Security Vulnerabilities), but has been assigned its own record to better document it.

26. WebKit JavaScript Exception Handling Remote Code Execution Vulnerability
BugTraq ID: 35311
Remote: Yes
Last Updated: 2009-06-17
Relevant URL: http://www.securityfocus.com/bid/35311
Summary:
WebKit is prone to a remote code-execution vulnerability because it fails to adequately handle JavaScript exceptions.

An attacker can exploit this issue to execute arbitrary code in the context of the application. Failed exploit attempts will result in a denial-of-service condition.

NOTE: This issue was previously covered in BID 35260 (Apple Safari Prior to 4.0 Multiple Security Vulnerabilities), but has been assigned its own record to better document it.

27. AOL Radio AmpX ActiveX Control 'ConvertFile()' Buffer Overflow Vulnerability
BugTraq ID: 35028
Remote: Yes
Last Updated: 2009-06-18
Relevant URL: http://www.securityfocus.com/bid/35028
Summary:
AOL Radio AmpX ActiveX control is prone to a stack-based buffer-overflow vulnerability because the application fails to adequately check boundaries on user-supplied input.

An attacker can exploit this issue to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed attacks will likely cause denial-of-service conditions.

'AmpX.dll' 2.4.0.6 is vulnerable; other versions may also be affected.

28. ClamAV CAB File Scan Evasion Vulnerability
BugTraq ID: 35426
Remote: Yes
Last Updated: 2009-06-18
Relevant URL: http://www.securityfocus.com/bid/35426
Summary:
ClamAV AntiVirus is prone to a vulnerability that may allow certain compressed archives to bypass the scan engine.

Successful exploits will allow attackers to distribute files containing malicious code that the antivirus application will fail to detect.

Versions prior to ClamAV 0.95.2 are vulnerable.

29. VLC Media Player Cinepak Codec Buffer Overflow Vulnerability
BugTraq ID: 28904
Remote: Yes
Last Updated: 2009-06-18
Relevant URL: http://www.securityfocus.com/bid/28904
Summary:
VLC media player is prone to a buffer-overflow vulnerability because the Cinepak decoder fails to perform adequate boundary checks on user-supplied input.

Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.

VLC media player 0.8.6e is vulnerable; other versions may also be affected.

30. VLC Media Player WAV File Buffer Overflow Vulnerability
BugTraq ID: 30058
Remote: Yes
Last Updated: 2009-06-18
Relevant URL: http://www.securityfocus.com/bid/30058
Summary:
VLC media player is prone to a buffer-overflow vulnerability because the WAV file decoder fails to perform adequate boundary checks on user-supplied input.

Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.

VLC media player 0.8.6h is vulnerable; other versions may also be affected.

31. VLC Media Player 'mmstu.c' MMS Protocol Handling Buffer Overflow Vulnerability
BugTraq ID: 30806
Remote: Yes
Last Updated: 2009-06-18
Relevant URL: http://www.securityfocus.com/bid/30806
Summary:
VLC media player is prone to a heap-based buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied input.

Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.

VLC media player 0.8.6i is vulnerable; other versions may also be affected.

32. VLC Media Player Multiple Remote Integer Overflow Vulnerabilities
BugTraq ID: 31867
Remote: Yes
Last Updated: 2009-06-18
Relevant URL: http://www.securityfocus.com/bid/31867
Summary:
VLC media player is prone to multiple integer-overflow vulnerabilities.

Attackers can exploit these issues to execute arbitrary code in the context of the affected application or crash the application, denying service to legitimate users.

VLC media player 0.9.4 is vulnerable; prior versions may also be affected.

33. VLC Media Player 'Subtitle' Buffer Overflow Vulnerability
BugTraq ID: 28274
Remote: Yes
Last Updated: 2009-06-18
Relevant URL: http://www.securityfocus.com/bid/28274
Summary:
VLC media player is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input.

Attackers can leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.

VLC media player 0.8.6e is vulnerable; other versions may also be affected.

34. VLC Media Player Multiple Stack Based Buffer Overflow Vulnerabilities
BugTraq ID: 32125
Remote: Yes
Last Updated: 2009-06-18
Relevant URL: http://www.securityfocus.com/bid/32125
Summary:
VLC media player is prone to multiple stack-based buffer-overflow vulnerabilities because the application fails to perform adequate boundary checks on user-supplied input.

Attackers may leverage these issues to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.

Versions prior to VLC media player 0.9.6 are vulnerable.

35. VLC Media Player MP4 Demuxer Buffer Overflow Vulnerability
BugTraq ID: 28903
Remote: Yes
Last Updated: 2009-06-18
Relevant URL: http://www.securityfocus.com/bid/28903
Summary:
VLC media player is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input.

Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.

Versions prior to VLC media player 0.8.6f are vulnerable.

36. Nokia 6131 Multiple Vulnerabilities
BugTraq ID: 30716
Remote: Yes
Last Updated: 2009-06-18
Relevant URL: http://www.securityfocus.com/bid/30716
Summary:
Nokia 6131 is prone to multiple vulnerabilities.

The device is affected by URI-spoofing and denial-of-service issues.

Remote attackers may spoof the source URI of a site to direct users to a malicious location and trigger crashes in an affected device.

UPDATE (June 18, 2009): The Nokia 6212 Classic phone is vulnerable to one of the denial-of-service vulnerabilities.

37. HP Discovery and Dependency Mapping Inventory Unauthorized Access Vulnerability
BugTraq ID: 35250
Remote: Yes
Last Updated: 2009-06-18
Relevant URL: http://www.securityfocus.com/bid/35250
Summary:
HP Discovery and Dependency Mapping Inventory (DDMI) is prone to an unspecified unauthorized-access vulnerability.

Remote attackers can exploit this issue to gain unauthorized access to the DDMI agent.

38. CUPS 'cups/ipp.c' NULL Pointer Dereference Denial Of Service Vulnerability
BugTraq ID: 35169
Remote: Yes
Last Updated: 2009-06-18
Relevant URL: http://www.securityfocus.com/bid/35169
Summary:
CUPS is prone to a denial-of-service vulnerability because of a NULL-pointer dereference that occurs when processing two consecutive IPP_TAG_UNSUPPORTED tags in specially crafted IPP (Internet Printing Protocal) packets.

An attacker can exploit this issue to crash the affected application, denying service to legitimate users.

39. CUPS PDF File Multiple Heap Buffer Overflow Vulnerabilities
BugTraq ID: 35195
Remote: Yes
Last Updated: 2009-06-18
Relevant URL: http://www.securityfocus.com/bid/35195
Summary:
CUPS is prone to multiple heap-based buffer-overflow vulnerabilities because it fails to properly bounds-check user-supplied input before copying it into a finite-sized buffer.

Exploiting these issues may allow remote attackers to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely cause denial-of-service conditions.

40. CUPS Scheduler Directory Services Remote Denial Of Service Vulnerability
BugTraq ID: 35194
Remote: Yes
Last Updated: 2009-06-18
Relevant URL: http://www.securityfocus.com/bid/35194
Summary:
CUPS is prone to a denial-of-service vulnerability.

A remote attacker can exploit this issue to crash the affected application, denying service to legitimate users.

41. Apple iPhone Call Approval Dialog Security Bypass Vulnerability
BugTraq ID: 35425
Remote: Yes
Last Updated: 2009-06-18
Relevant URL: http://www.securityfocus.com/bid/35425
Summary:
Apple iPhone is prone to a security-bypass vulnerability that may cause a call to be placed automatically.

Successfully exploiting this issue may allow attackers to bypass the Mail's call-approval dialog and place a call automatically from a vulnerable device.

NOTE: This issue was previously covered in BID 35414 (Apple iPhone and iPod touch Prior to Version 3.0 Multiple Vulnerabilities), but has been assigned its own record to better document it.

42. Mozilla Firefox and SeaMonkey Address Bar URI Spoofing Vulnerability
BugTraq ID: 35388
Remote: Yes
Last Updated: 2009-06-18
Relevant URL: http://www.securityfocus.com/bid/35388
Summary:
Mozilla Firefox and SeaMonkey are affected by a URI-spoofing vulnerability because they fail to adequately handle user-supplied data.

An attacker may leverage this issue by inserting arbitrary content to spoof a URI presented to an unsuspecting user. This may lead to a false sense of trust because the victim may be presented with a URI of a seemingly trusted site while interacting with the attacker's malicious site.

Versions *prior to* the following are affected:

Firefox 3.0.11
SeaMonkey 1.1.17

NOTE: This issue was previously covered in BID 35326 (Mozilla Firefox/Thunderbird/SeaMonkey MFSA 2009-24 through -32 Multiple Remote Vulnerabilities), but has been assigned its own record to better document it.

43. Mozilla Firefox/Thunderbird/SeaMonkey 'file://' URI Security Bypass Vulnerability
BugTraq ID: 35386
Remote: Yes
Last Updated: 2009-06-18
Relevant URL: http://www.securityfocus.com/bid/35386
Summary:
Mozilla Firefox, Thunderbird, and SeaMonkey are prone to a security-bypass vulnerability.

Attackers can exploit this issue to bypass restrictions on reading local files, which may allow them to obtain sensitive information or launch other attacks.

NOTE: This issue was previously covered in BID 35326 (Mozilla Firefox/Thunderbird/SeaMonkey MFSA 2009-24 through -32 Multiple Remote Vulnerabilities), but has been assigned its own record to better document it.

44. Mozilla Firefox/Thunderbird/SeaMonkey Null Owner Document Arbitrary Code Execution Vulnerability
BugTraq ID: 35383
Remote: Yes
Last Updated: 2009-06-18
Relevant URL: http://www.securityfocus.com/bid/35383
Summary:
Mozilla Firefox, Thunderbird, and SeaMonkey are prone to a remote code-execution vulnerability.

Attackers can exploit this issue to execute arbitrary JavaScript code with chrome privileges. This may result in elevated privileges or lead to a denial-of-service condition. Other attacks may also be possible.

NOTE: This issue was previously covered in BID 35326 (Mozilla Firefox/Thunderbird/SeaMonkey MFSA 2009-24 through -32 Multiple Remote Vulnerabilities), but has been assigned its own record to better document it.

45. Mozilla Firefox/Thunderbird/SeaMonkey Multiple JavaScript Engine Memory Corruption Vulnerabilities
BugTraq ID: 35372
Remote: Yes
Last Updated: 2009-06-18
Relevant URL: http://www.securityfocus.com/bid/35372
Summary:
Mozilla Firefox, Thunderbird, and SeaMonkey are prone to multiple remote memory-corruption vulnerabilities.

An attacker can exploit these issues to corrupt memory on the affected computer and run arbitrary code in the context of the user running the affected application. Failed exploit attempts will cause denial-of-service conditions.

NOTE: These issues were previously covered in BID 35326 (Mozilla Firefox/Thunderbird/SeaMonkey MFSA 2009-24 through -32 Multiple Remote Vulnerabilities), but have been assigned their own record to better document them.

46. Mozilla Firefox/Thunderbird/SeaMonkey Double Frame Construction Memory Corruption Vulnerability
BugTraq ID: 35371
Remote: Yes
Last Updated: 2009-06-18
Relevant URL: http://www.securityfocus.com/bid/35371
Summary:
Mozilla Firefox, Thunderbird, and SeaMonkey are prone to a remote memory-corruption vulnerability.

An attacker can exploit these issues to corrupt memory on the affected computer and run arbitrary code in the context of the user running the affected application. Failed exploit attempts will cause denial-of-service conditions.

NOTE: This issue was previously covered in BID 35326 (Mozilla Firefox/Thunderbird/SeaMonkey MFSA 2009-24 through -32 Multiple Remote Vulnerabilities), but has been assigned its own record to better document it.

47. Mozilla Firefox/Thunderbird/SeaMonkey XUL Scripts Content-Policy Check Security Bypass Vulnerability
BugTraq ID: 35377
Remote: Yes
Last Updated: 2009-06-18
Relevant URL: http://www.securityfocus.com/bid/35377
Summary:
Mozilla Firefox, Thunderbird, and SeaMonkey are prone to a security-bypass vulnerability.

Attackers can exploit this issue to bypass the content-loading policies. The impact of this issue will depend on the reasons behind the content check.

NOTE: This issue was previously covered in BID 35326 (Mozilla Firefox/Thunderbird/SeaMonkey MFSA 2009-24 through -32 Multiple Remote Vulnerabilities), but has been assigned its own record to better document it.

48. Mozilla Firefox and SeaMonkey JavaScript Chrome Privilege Escalation Vulnerability
BugTraq ID: 35373
Remote: Yes
Last Updated: 2009-06-18
Relevant URL: http://www.securityfocus.com/bid/35373
Summary:
Mozilla Firefox and SeaMonkey are prone to a privilege-escalation vulnerability in the browser's sidebar and FeedWriter.

Attackers can exploit this issue to execute arbitrary code with the object's chrome privileges.

NOTE: This issue was previously covered in BID 35326 (Mozilla Firefox/Thunderbird/SeaMonkey MFSA 2009-24 through -32 Multiple Remote Vulnerabilities), but has been assigned its own record to better document it.

49. Mozilla Firefox 'NPObject' Access Remote Code Execution Vulnerability
BugTraq ID: 35360
Remote: Yes
Last Updated: 2009-06-18
Relevant URL: http://www.securityfocus.com/bid/35360
Summary:
Mozilla Firefox is prone to a remote code-execution vulnerability.

Successful exploits may allow an attacker to execute arbitrary code in the context of the user running the affected application or to obtain sensitive information.

NOTE: This issue was previously covered in BID 35326 (Mozilla Firefox/Thunderbird/SeaMonkey MFSA 2009-24 through -32 Multiple Remote Vulnerabilities), but has been assigned its own record to better document it.

50. Mozilla Firefox/SeaMonkey 'file://' URI Information Disclosure Vulnerability
BugTraq ID: 35391
Remote: Yes
Last Updated: 2009-06-18
Relevant URL: http://www.securityfocus.com/bid/35391
Summary:
Mozilla Firefox and SeaMonkey are prone to an information-disclosure vulnerability.

Attackers can exploit this issue to bypass certain security restrictions and gain access to potentially sensitive information that may aid in further attacks.

NOTE: This issue was previously covered in BID 35326 (Mozilla Firefox/Thunderbird/SeaMonkey MFSA 2009-24 through -32 Multiple Remote Vulnerabilities), but has been assigned its own record to better document it.

51. Mozilla Firefox 'nsViewManager.cpp' Denial of Service Vulnerability
BugTraq ID: 35413
Remote: Yes
Last Updated: 2009-06-18
Relevant URL: http://www.securityfocus.com/bid/35413
Summary:
Mozilla Firefox is prone to a remote denial-of-service vulnerability.

Successful exploits can allow attackers to crash the affected browser, resulting in denial-of-service conditions.

Firefox 3.0.2 through 3.0.10 are vulnerable.

52. Mozilla Firefox Large GIF File Background Denial of Service Vulnerability
BugTraq ID: 35280
Remote: Yes
Last Updated: 2009-06-18
Relevant URL: http://www.securityfocus.com/bid/35280
Summary:
Mozilla Firefox is prone to a remote denial-of-service vulnerability.

Successful exploits can allow attackers to crash the affected browser, resulting in denial-of-service conditions.

Firefox 3.0.10 is affected; other versions mat also be vulnerable.

53. Sun Java System Web Server Reverse Proxy Plug-in Cross-Site Scripting Vulnerability
BugTraq ID: 35204
Remote: Yes
Last Updated: 2009-06-18
Relevant URL: http://www.securityfocus.com/bid/35204
Summary:
Sun Java System Web Server is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of a site that uses the affected functionality. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

This issue affects Sun Java System Web Server 6.1 SPARC, x86, Linux, Windows, HP-UX, and AIX platforms.

54. Apple Safari Windows Installer Local Privilege Escalation Vulnerability
BugTraq ID: 35339
Remote: No
Last Updated: 2009-06-18
Relevant URL: http://www.securityfocus.com/bid/35339
Summary:
Apple Safari is prone to a local privilege-escalation vulnerability.

A local attacker may be able to exploit this issue to gain elevated privileges, which may aid in further attacks.

This issue affects versions prior to Safari 4.0 running on Microsoft Windows XP and Vista.

NOTE: This issue was previously covered in BID 35260 (Apple Safari Prior to 4.0 Multiple Security Vulnerabilities), but has been assigned its own record to better document it.

55. Mozilla Firefox/Thunderbird/SeaMonkey Multiple Browser Engine Memory Corruption Vulnerabilities
BugTraq ID: 35370
Remote: Yes
Last Updated: 2009-06-18
Relevant URL: http://www.securityfocus.com/bid/35370
Summary:
Mozilla Firefox, Thunderbird, and SeaMonkey are prone to multiple remote memory-corruption vulnerabilities.

An attacker can exploit these issues to corrupt memory on the affected computer and run arbitrary code in the context of the user running the affected application. Failed exploit attempts will cause denial-of-service conditions.

NOTE: In some cases, arbitrary code execution may not be possible.

NOTE: These issues were previously covered in BID 35326 (Mozilla Firefox/Thunderbird/SeaMonkey MFSA 2009-24 through -32 Multiple Remote Vulnerabilities), but have been assigned their own record to better document them.

56. Multiple Browser Malicious Proxy HTTPS Man In The Middle Vulnerability
BugTraq ID: 35380
Remote: Yes
Last Updated: 2009-06-18
Relevant URL: http://www.securityfocus.com/bid/35380
Summary:
Multiple web browsers are prone to a man-in-the-middle vulnerability.

Attacker-supplied HTML and script code would run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how sites are rendered to the user. Other attacks are also possible.

NOTE: This issue was previously covered in BID 35326 (Mozilla Firefox/Thunderbird/SeaMonkey MFSA 2009-24 through -32 Multiple Remote Vulnerabilities), but has been assigned its own record to better document it.

UPDATE (June 17, 2009): This BID had been updated to reflect that the issue affects multiple browsers, not just Mozilla products.

57. Cyrus SASL 'sasl_encode64()' Remote Buffer Overflow Vulnerability
BugTraq ID: 34961
Remote: Yes
Last Updated: 2009-06-18
Relevant URL: http://www.securityfocus.com/bid/34961
Summary:
Cyrus SASL is prone to a buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it into an insufficiently sized memory buffer.

An attacker can exploit this issue to execute arbitrary code within the context of an application using the affected library. Failed exploit attempts will result in denial-of-service conditions.

Versions prior to Cyrus SASL 2.1.23 are vulnerable.

58. Multiple Browsers Cached Certificate HTTP Site Spoofing Vulnerability
BugTraq ID: 35411
Remote: Yes
Last Updated: 2009-06-18
Relevant URL: http://www.securityfocus.com/bid/35411
Summary:
Multiple browsers are prone to a vulnerability that may allow attackers to spoof arbitrary HTTPS sites.

Attackers may exploit this vulnerability via a malicious webpage to spoof the origin of an HTTPS site. Successful exploits will lead to a false sensitive security since the victim is visiting a site that is assumed to be legitimate.

59. VicFTPS 'LIST' Command Remote Denial of Service Vulnerability
BugTraq ID: 28967
Remote: Yes
Last Updated: 2009-06-18
Relevant URL: http://www.securityfocus.com/bid/28967
Summary:
VicFTPS is prone to a remote denial-of-service vulnerability because the application fails to handle exceptional conditions.

Successfully exploiting this issue would cause the affected application to crash, denying service to legitimate users. This issue may possibly also allow remote code-execution, but this has not been confirmed.

60. Dokuwiki 'doku.php' Local File Include Vulnerability
BugTraq ID: 35095
Remote: Yes
Last Updated: 2009-06-18
Relevant URL: http://www.securityfocus.com/bid/35095
Summary:
Dokuwiki is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.

An attacker can exploit this vulnerability to view files and execute local scripts in the context of the webserver process, which may aid in further attacks.

Dokuwiki 2009-02-14, rc2009-02-06, and rc2009-01-30 are vulnerable; other versions may also be affected.

61. cpCommerce 'GLOBALS[prefix]' Local/Remote File Include Vulnerability
BugTraq ID: 35103
Remote: Yes
Last Updated: 2009-06-18
Relevant URL: http://www.securityfocus.com/bid/35103
Summary:
cpCommerce is prone to a local/remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data.

Exploiting this issue may allow an attacker to compromise the application and the computer; other attacks are also possible.

Versions in the cpCommerce 1.2.x branch are vulnerable.

62. strongSwan IKE Request Multiple Remote Denial Of Service Vulnerabilities
BugTraq ID: 35178
Remote: Yes
Last Updated: 2009-06-18
Relevant URL: http://www.securityfocus.com/bid/35178
Summary:
strongSwan is prone to multiple remote denial-of-service vulnerabilities because it fail to properly handle certain IKE packets.

Attackers can exploit this issue to crash the IKEv2 charon daemon, denying access to legitimate users.

Versions prior to strongSwan 4.3.1 and 4.2.15 are vulnerable.

63. Multiple Browser JavaScript Engine 'Math.Random()' Cross Domain Information Disclosure Vulnerability
BugTraq ID: 33276
Remote: Yes
Last Updated: 2009-06-18
Relevant URL: http://www.securityfocus.com/bid/33276
Summary:
Multiple web browsers are prone to a cross-domain information-disclosure vulnerability.

An attacker can exploit this issue to gain information about the internal state of the random number generator used by the vulnerable browsers. This may aid in further attacks.

The following browsers are vulnerable:

Microsoft Internet Explorer
Mozilla Firefox
Apple Safari
Google Chrome
Opera

Other browsers may also be affected.

64. Linux Kernel 64 Bit ABI System Call Parameter Privilege Escalation Vulnerability
BugTraq ID: 33275
Remote: No
Last Updated: 2009-06-18
Relevant URL: http://www.securityfocus.com/bid/33275
Summary:
The Linux Kernel is prone to a local privilege-escalation vulnerability.

A local attacker may be able to exploit this issue to read or write to unintended address spaces. This may result in denial-of-service conditions, the disclosure of sensitive information, or privilege escalation.

This issue affects versions prior to Linux 2.6.28.6 on some 64-bit architectures, including s390, PowerPC, SPARC64, and MIPS. Additional architectures may also be affected.

65. Multiple Browsers Web Proxy Redirect Handling Man In The Middle Vulnerability
BugTraq ID: 35412
Remote: Yes
Last Updated: 2009-06-18
Relevant URL: http://www.securityfocus.com/bid/35412
Summary:
Multiple web browsers are prone to a man-in-the-middle vulnerability.

Attackers may exploit this vulnerability to aid in phishing attacks or to obtain sensitive information. Other attacks are also possible. Note that to take advantage of this issue, an attacker must be able to intercept or control network traffic. This would normally be possible through a man-in-the-middle attack, DNS poisoning, or similar vectors.

The following are vulnerable:

Mozilla Firefox prior to 3.0.10
Apple Safari prior to 3.2.2
Opera prior to 9.25

Additional browsers may also be affected.

66. Linux Kernel Frame Size Integer Overflow Remote Information Disclosure Vulnerability
BugTraq ID: 34654
Remote: Yes
Last Updated: 2009-06-18
Relevant URL: http://www.securityfocus.com/bid/34654
Summary:
The Linux Kernel is prone to a remote information-disclosure vulnerability.

Remote attackers can exploit this issue to obtain sensitive information that may lead to further attacks.

Versions prior to Linux Kernel 2.6.30-rc1 are vulnerable.

67. Linux Kernel 'drivers/char/agp/generic.c' Local Information Disclosure Vulnerability
BugTraq ID: 34673
Remote: No
Last Updated: 2009-06-18
Relevant URL: http://www.securityfocus.com/bid/34673
Summary:
The Linux kernel is prone to a local information-disclosure vulnerability.

Local attackers can exploit this issue to obtain sensitive information that may lead to further attacks.

Versions prior to the Linux kernel 2.6.30-rc3 are vulnerable.

68. Linux Kernel 'e1000/e1000_main.c' Remote Denial of Service Vulnerability
BugTraq ID: 35185
Remote: Yes
Last Updated: 2009-06-18
Relevant URL: http://www.securityfocus.com/bid/35185
Summary:
The Linux kernel is prone to a remote denial-of-service vulnerability.

Attackers can exploit this issue via crafted packets to cause a kernel panic, denying service to legitimate users.

69. Linux Kernel NFS 'MAY_EXEC' Security Bypass Vulnerability
BugTraq ID: 34934
Remote: Yes
Last Updated: 2009-06-18
Relevant URL: http://www.securityfocus.com/bid/34934
Summary:
The Linux Kernel is prone to an security-bypass vulnerability that affects the NFS (Network File System) implementation.

An attacker can exploit this issue to perform privileged operations on a vulnerable computer, which may aid in further attacks.

70. Linux Kernel 'exit_notify()' CAP_KILL Verification Local Privilege Escalation Vulnerability
BugTraq ID: 34405
Remote: No
Last Updated: 2009-06-18
Relevant URL: http://www.securityfocus.com/bid/34405
Summary:
The Linux kernel is prone to a local privilege-escalation vulnerability.

A local attacker can exploit this issue to execute arbitrary code with superuser privileges, resulting in a complete compromise of the affected computer.

Versions prior to Linux kernel 2.6.29-git14 are vulnerable.

71. Linux Kernel 'splice(2)' Double Lock Local Denial of Service Vulnerability
BugTraq ID: 35143
Remote: No
Last Updated: 2009-06-18
Relevant URL: http://www.securityfocus.com/bid/35143
Summary:
The Linux kernel is prone to a local denial-of-service vulnerability.

Attackers can exploit this issue to cause an affected process to hang, denying service to legitimate users. Other denial-of-service attacks are also possible.

This issue was introduced in Linux Kernel 2.6.19. The following versions have been fixed:

Linux Kernel 2.6.30-rc3
Linux Kernel 2.6.27.24
Linux Kernel 2.6.29.4

72. Linux Kernel 'inet6_hashtables.c' NULL Pointer Dereference Denial of Service Vulnerability
BugTraq ID: 34602
Remote: No
Last Updated: 2009-06-18
Relevant URL: http://www.securityfocus.com/bid/34602
Summary:
The Linux kernel is prone to a local denial-of-service vulnerability.

Attackers can exploit this issue to crash the affected kernel, denying service to legitimate users. Given the nature of this issue, attackers may also be able to execute arbitrary code, but this has not been confirmed.

This issue was introduced in Linux kernel 2.6.27 and fixed in 2.6.29.

73. Linux Kernel '/proc/iomem' Sparc64 Local Denial of Service Vulnerability
BugTraq ID: 35415
Remote: No
Last Updated: 2009-06-18
Relevant URL: http://www.securityfocus.com/bid/35415
Summary:
The Linux kernel is prone to a local denial-of-service vulnerability that attackers can exploit to cause an affected computer to crash.

This issue affects the Linux kernel 2.6.22-rc1 through 2.6.29 on the sparc64 architecture.

74. Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability
BugTraq ID: 35115
Remote: No
Last Updated: 2009-06-18
Relevant URL: http://www.securityfocus.com/bid/35115
Summary:
Apache HTTP server is prone to a security-bypass vulnerability related to the handling of specific configuration directives.

A local attacker may exploit this issue to execute arbitrary code within the context of the webserver process. This may result in elevated privileges or aid in further attacks.

Versions prior to Apache 2.2.11 are vulnerable.

75. Apache Tomcat XML Parser Information Disclosure Vulnerability
BugTraq ID: 35416
Remote: No
Last Updated: 2009-06-18
Relevant URL: http://www.securityfocus.com/bid/35416
Summary:
Apache Tomcat is prone to an information-disclosure vulnerability.

Attackers can exploit this issue to obtain sensitive information that may lead to further attacks.

76. Microsoft Windows Print Spooler Remote Code Execution Vulnerability
BugTraq ID: 35209
Remote: Yes
Last Updated: 2009-06-18
Relevant URL: http://www.securityfocus.com/bid/35209
Summary:
Microsoft Windows is prone to a remote code-execution vulnerability that affects the Print Spooler service.

A remote authenticated attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges, which can result in the complete compromise of affected computers.

77. Microsoft IIS Unicode Requests to WebDAV Multiple Authentication Bypass Vulnerabilities
BugTraq ID: 34993
Remote: Yes
Last Updated: 2009-06-18
Relevant URL: http://www.securityfocus.com/bid/34993
Summary:
Microsoft Internet Information Service (IIS) is prone to multiple authentication-bypass vulnerabilities because the application fails to properly enforce access restrictions on certain requests to password-protected WebDAV folders.

An attacker can exploit these issues to gain unauthorized access to protected WebDAV resources, which may lead to other attacks.

This issue affects IIS 5.0, 5.1, and 6.0.

78. Microsoft IIS 5.0 WebDAV Authentication Bypass Vulnerability
BugTraq ID: 35232
Remote: Yes
Last Updated: 2009-06-18
Relevant URL: http://www.securityfocus.com/bid/35232
Summary:
Microsoft Internet Information Services (IIS) is prone to an authentication-bypass vulnerability because it fails to properly enforce access restrictions on certain requests to a site that requires authentication.

An attacker can exploit this issue to gain unauthorized access to protected resources, which may lead to other attacks.

This issue affects IIS 5.0.

79. Libpng Library Uninitialized Pointer Arrays Memory Corruption Vulnerabilities
BugTraq ID: 33827
Remote: Yes
Last Updated: 2009-06-18
Relevant URL: http://www.securityfocus.com/bid/33827
Summary:
The 'libpng' library is prone to multiple memory-corruption vulnerabilities because it fails to properly initialize data structures.

Successful exploits may allow remote attackers to cause denial-of-service conditions or potentially execute arbitrary code on computers running the affected library.

These issues affect versions prior to 'libpng' 1.0.43 and 1.2.35.

80. Libpng Library Unknown Chunk Handler Vulnerability
BugTraq ID: 28770
Remote: Yes
Last Updated: 2009-06-18
Relevant URL: http://www.securityfocus.com/bid/28770
Summary:
The 'libpng' library is prone to a vulnerability that causes denial-of-service conditions or may allow code to run. The issue occurs because the software fails to properly handle unexpected chunk data in PNG files.

Successfully exploiting this issue allows remote attackers to trigger denial-of-service conditions or to possibly execute arbitrary machine code in the context of applications that use the library.

The following versions are affected:

libpng 1.0.6 through 1.0.32
libpng 1.2.0 through 1.2.26
libpng 1.4.0beta01 through 1.4.0beta19

81. Roxio CinePlayer SonicDVDDashVRNav.DLL ActiveX Control Remote Buffer Overflow Vulnerability
BugTraq ID: 23412
Remote: Yes
Last Updated: 2009-06-18
Relevant URL: http://www.securityfocus.com/bid/23412
Summary:
Roxio CinePlayer is prone to a stack-based buffer-overflow vulnerability because it fails to sufficiently check boundaries of user-supplied input before copying it to an insufficiently sized memory buffer.

A remote attacker may exploit this issue by enticing victims into opening a malicious HTML document.

Exploiting this issue allows the attacker to execute arbitrary code in the context of applications using the affected ActiveX control and to compromise affected computers. Failed attempts will likely result in denial-of-service conditions.

Roxio CinePlayer 3.2 is vulnerable; other versions may also be affected.

82. Libpng 1-bit Interlaced Images Information Disclosure Vulnerability
BugTraq ID: 35233
Remote: Yes
Last Updated: 2009-06-18
Relevant URL: http://www.securityfocus.com/bid/35233
Summary:
The 'libpng' library is prone to an information-disclosure vulnerability.

Successful exploits will allow an attacker to obtain potentially sensitive information.

This issue affects versions prior to libpng 1.2.37.

83. Wireshark PCNFSD Dissector Denial of Service Vulnerability
BugTraq ID: 35081
Remote: Yes
Last Updated: 2009-06-18
Relevant URL: http://www.securityfocus.com/bid/35081
Summary:
Wireshark is prone to a denial-of-service vulnerability.

Exploiting this issue may allow attackers to cause the application to crash.

This issue affects Wireshark 0.8.20 through 1.0.7.

84. Wireshark PN-DCP Data Format String Vulnerability
BugTraq ID: 34291
Remote: Yes
Last Updated: 2009-06-18
Relevant URL: http://www.securityfocus.com/bid/34291
Summary:
Wireshark is prone to a format-string vulnerability.

Attackers can leverage this issue to execute arbitrary code within the context of the vulnerable application. Failed attacks will likely cause denial-of-service conditions.

Wireshark 1.0.6 is vulnerable; other versions may also be affected.

85. Wireshark Prior to 1.0.7 Multiple Denial Of Service Vulnerabilities
BugTraq ID: 34457
Remote: Yes
Last Updated: 2009-06-18
Relevant URL: http://www.securityfocus.com/bid/34457
Summary:
Wireshark is prone to multiple denial-of-service vulnerabilities.

Exploiting these issues may allow attackers to crash the application, denying service to legitimate users. Attackers may be able to leverage some of these vulnerabilities to execute arbitrary code, but this has not been confirmed.

Versions prior to Wireshark 1.0.7 are vulnerable.

86. IBM AIX 'rpc.ttdbserver' Remote Buffer Overflow Vulnerability
BugTraq ID: 35419
Remote: Yes
Last Updated: 2009-06-18
Relevant URL: http://www.securityfocus.com/bid/35419
Summary:
IBM AIX is prone to a remote buffer-overflow vulnerability because the software fails to perform adequate boundary checks on user-supplied data.

Remote attackers can exploit this issue to execute arbitrary code with superuser privileges, which can result in the complete compromise of affected computers. Failed exploit attempts will cause a denial-of-service condition.

87. IrfanView 'TIFF' File Handling Remote Integer Overflow Vulnerability
BugTraq ID: 35423
Remote: Yes
Last Updated: 2009-06-18
Relevant URL: http://www.securityfocus.com/bid/35423
Summary:
IrfanView is prone to a remote integer-overflow vulnerability because the software fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer.

Successful exploits allow remote attackers to execute arbitrary machine code in the context of the vulnerable application. Failed exploit attempts likely cause denial-of-service conditions.

Versions prior to IrfanView 4.25 are vulnerable.

88. Microsoft Active Directory Encoded LDAP String Memory Corruption Remote Code Execution Vulnerability
BugTraq ID: 35226
Remote: Yes
Last Updated: 2009-06-18
Relevant URL: http://www.securityfocus.com/bid/35226
Summary:
Microsoft Active Directory is prone to a remote code-execution vulnerability.

Attackers can exploit this issue to execute arbitrary code in the context of the application. Successful exploits will completely compromise the affected computer. Failed attacks will cause denial-of-service conditions.

89. Microsoft Active Directory Memory Leak Denial Of Service Vulnerability
BugTraq ID: 35225
Remote: Yes
Last Updated: 2009-06-18
Relevant URL: http://www.securityfocus.com/bid/35225
Summary:
Microsoft Active Directory is prone to a denial-of-service vulnerability.

An attacker can exploit this issue to crash the server, denying access to legitimate users.

90. Citrix NetScaler Access Gateway Default Configuration Unauthorized Access Vulnerability
BugTraq ID: 35422
Remote: Yes
Last Updated: 2009-06-18
Relevant URL: http://www.securityfocus.com/bid/35422
Summary:
Citrix NetScaler Access Gateway is prone to a vulnerability that can allow an attacker to gain unauthorized access to network resources, which may help in other attacks.

This issue affects NetScaler Access Gateway Enterprise Edition with firmware 8.1 and earlier.

NOTE: Appliances running version 9.0 that were upgraded from a previous version are also affected.

91. MoinMoin Hierarchical ACL Security Bypass Vulnerability
BugTraq ID: 35277
Remote: Yes
Last Updated: 2009-06-18
Relevant URL: http://www.securityfocus.com/bid/35277
Summary:
MoinMoin is prone to a security-bypass vulnerability.

Successful exploits will allow attackers to bypass certain security restrictions and gain unauthorized access to restricted sub-pages. This may aid in further attacks.

This issue affects MoinMoin 1.8.3; other versions may also be affected.

92. MoinMoin 'antispam.py' Cross-Site Scripting Vulnerability
BugTraq ID: 33479
Remote: Yes
Last Updated: 2009-06-18
Relevant URL: http://www.securityfocus.com/bid/33479
Summary:
MoinMoin is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input data.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

MoinMoin 1.7.3 and 1.8.1 are vulnerable; other versions may also be affected

93. MoinMoin Multiple Cross Site Scripting Vulnerabilities
BugTraq ID: 27904
Remote: Yes
Last Updated: 2009-06-18
Relevant URL: http://www.securityfocus.com/bid/27904
Summary:
MoinMoin is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.

Exploiting these issues could allow an attacker to steal cookie-based authentication credentials and to launch other attacks.

These issues affect the following versions:

MoinMoin 1.5.8 and prior versions
MoinMoin 1.6.x prior to 1.6.1.

94. MoinMoin 'AttachFile.py' Cross-Site Scripting Vulnerability
BugTraq ID: 33365
Remote: Yes
Last Updated: 2009-06-18
Relevant URL: http://www.securityfocus.com/bid/33365
Summary:
MoinMoin is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input data.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

Versions prior to MoinMoin 1.8.1 are vulnerable.

95. MoinMoin 'AdvancedSearch.py' Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 30297
Remote: Yes
Last Updated: 2009-06-18
Relevant URL: http://www.securityfocus.com/bid/30297
Summary:
MoinMoin is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

MoinMoin 1.7.0 and 1.6.3 are vulnerable; prior versions may be affected as well.

96. Citrix Secure Gateway Denial Of Service Vulnerability
BugTraq ID: 35421
Remote: Yes
Last Updated: 2009-06-18
Relevant URL: http://www.securityfocus.com/bid/35421
Summary:
Citrix Secure Gateway is prone to a denial-of-service vulnerability.

An attacker can exploit this issue to crash the server, denying access to legitimate users.

Citrix Secure Gateway 3.1 and prior versions are affected.

97. Libungif Null Pointer Dereference Denial of Service Vulnerability
BugTraq ID: 15304
Remote: Yes
Last Updated: 2009-06-18
Relevant URL: http://www.securityfocus.com/bid/15304
Summary:
The 'libungif' library is prone to a denial-of-service vulnerability because it fails to handle exceptional conditions.

Successful exploitation of this vulnerability will cause the application using the affected library to crash, effectively denying service to legitimate users.

This issue affects libungif 4.1.3 and earlier.

98. Libungif Colormap Handling Memory Corruption Vulnerability
BugTraq ID: 15299
Remote: Yes
Last Updated: 2009-06-18
Relevant URL: http://www.securityfocus.com/bid/15299
Summary:
The libungif library is prone to a memory-corruption vulnerability.

Reports indicate that due to the library's improper handling of colormaps in GIF files, an attacker can trigger out-of-bounds writes and corrupt memory.

This may lead to a denial-of-service condition.

This issue affects libungif 4.1.3 and earlier.

99. cTorrent and dTorrent Torrent File Buffer Overflow Vulnerability
BugTraq ID: 34584
Remote: Yes
Last Updated: 2009-06-18
Relevant URL: http://www.securityfocus.com/bid/34584
Summary:
cTorrent and dTorrent are prone to a remote buffer-overflow vulnerability because the software fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer.

Successful exploits allow remote attackers to execute arbitrary machine code in the context of a vulnerable application. Failed exploit attempts will likely result in denial-of-service conditions.

cTorrent 1.3.4 and dTorrent 3.3.2 are vulnerable; other versions may also be affected.

100. DESlock+ 'dlpcrypt.sys' Local Privilege Escalation Vulnerability
BugTraq ID: 35432
Remote: No
Last Updated: 2009-06-18
Relevant URL: http://www.securityfocus.com/bid/35432
Summary:
DESlock+ is prone to a local privilege-escalation vulnerability.

An attacker may exploit this issue to execute arbitrary code with elevated privileges, which may facilitate a complete compromise of the affected computer.

DESlock+ 4.0.2 is vulnerable; other versions may also be affected.

III. SECURITYFOCUS NEWS ARTICLES
--------------------------------
1. FTC persuades court to shutter rogue ISP
By: Robert Lemos
A federal district court shuts down Triple Fiber Network, after the Federal Trade Commission documents the Internet service provider's cooperation with online criminals and child pornographers.
http://www.securityfocus.com/news/11552

2. Obama launches cybersecurity initiative
By: Robert Lemos
The U.S. president announces that the nation's networks will be considered a "strategic national asset" and creates a top position in the White House to formulate a better cybersecurity policy.
http://www.securityfocus.com/news/11551

3. Browsers bashed first in hacking contest
By: Robert Lemos
A security researcher keeps a vulnerability on ice for an entire year, before using it at the Pwn2Own contest to exploit Apple's browser. Microsoft's Internet Explorer 8 falls soon after.
http://www.securityfocus.com/news/11549

4. Experts: U.S. needs to defend its "cyber turf"
By: Robert Lemos
The United States must develop a Monroe Doctrine for the Internet, defining what constitutes its cyberspace and pledging to defend its virtual borders, security experts told Congress.
http://www.securityfocus.com/news/11548

IV. SECURITY JOBS LIST SUMMARY
-------------------------------
V. INCIDENTS LIST SUMMARY
---------------------------
1. Workshop on the Analysis of System Logs (WASL) 2009
http://www.securityfocus.com/archive/75/504350

VI. VULN-DEV RESEARCH LIST SUMMARY
-----------------------------------
VII. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. SecurityFocus Microsoft Newsletter #445
http://www.securityfocus.com/archive/88/504256

VIII. SUN FOCUS LIST SUMMARY
----------------------------
IX. LINUX FOCUS LIST SUMMARY
----------------------------
X. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to sf-news-unsubscribe (at) securityfocus (dot) com [email concealed] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin (at) securityfocus (dot) com [email concealed] and ask to be manually removed.

XI. SPONSOR INFORMATION
------------------------
This issue is sponsored by VeriSign

VeriSign EV SSL Certificates for your sites' security turn the address bar in high security browsers green which helps your customers know they are safe on your site.

http://ad.doubleclick.net/clk;215510129;37701658;c

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus