SecurityFocus News
SecurityFocus Newsletter #508 Jul 23 2009 04:08PM
sfa securityfocus com
SecurityFocus Newsletter #508
----------------------------------------

This issue is sponsored by IronKey

INTRODUCING THE WORLD'S ONLY FIPS 140-2 LEVEL 3 VALIDATED USB FLASH DRIVE

Designed to meet the needs of military, government and demanding enterprise users, the IronKey? S200 series USB flash drives have passed the stringent Security Level 3 tests for the FIPS 140-2 standard. A rugged, tamper-resistant and tamper-evident enclosure protects the critical components, while strong AES 256-bit hardware encryption and active malware defenses safeguard even the most sensitive data. Enterprise-class central management capabilities also make it easy to enforce security policies on fleets of drives and even remotely destroy drives in the field.

Learn more at https://www.ironkey.com/S200_Launch?ik_c=s200_launch&ik_s=security_focus
&ik_t=newsletter

------------------------------------------------------------------
I. FRONT AND CENTER
1.The Scale of Security
2.Hacker-Tool Law Still Does Little
II. BUGTRAQ SUMMARY
1. IBM Tivoli Identity Manager Session Fixation Vulnerability
2. Mozilla Firefox 'XPCCrossOriginWrapper' Multiple Cross Domain Scripting Vulnerabilities
3. Nagios 'statuswml.cgi' Remote Arbitrary Shell Command Injection Vulnerability
4. Nagios Web Interface Privilege Escalation Vulnerability
5. Nagios External Commands and Adaptive Commands Unspecified Vulnerability
6. RETIRED: Microsoft July 2009 Advance Notification Multiple Vulnerabilities
7. ISC DHCP 'dhcpd -t' Command Insecure Temporary File Creation Vulnerability
8. Crysis HTTP/XML-RPC Service Access Violation Remote Denial of Service Vulnerability
9. WordPress 'wp-admin/admin.php' Module Configuration Security Bypass Vulnerability
10. FCKeditor 'CurrentFolder' Parameter Arbitrary File Upload Vulnerability
11. MediaWiki 'Special:Blocks' Page Cross Site Scripting Vulnerability
12. Multiple Vendor Browser 'HTMLSelectElement' Denial of Service Vulnerability
13. 'Compress::Raw::Zlib' Perl Module Remote Code Execution Vulnerability
14. Net-SNMP GETBULK Divide By Zero Remote Denial of Service Vulnerability
15. Git Parameter Processing Remote Denial Of Service Vulnerability
16. ISC DHCP Server Host Definition Remote Denial Of Service Vulnerability
17. Python 'expandtabs' Multiple Integer Overflow Vulnerabilities
18. GStreamer gst-plugins-good 'gstpngdec.c' PNG Output Buffer Integer Overflow Vulnerability
19. LibTIFF 'LZWDecodeCompat()' Remote Buffer Underflow Vulnerability
20. LibTIFF Multiple Remote Integer Overflow Vulnerabilities
21. D-Bus 'dbus_signature_validate()' Type Signature Denial of Service Vulnerability
22. Apple iPhone SMS Application Denial of Service Vulnerability
23. Sun OpenSolaris Process File System (proc(4)) Local Denial Of Service Vulnerability
24. IBM WebSphere Application Server Stax XMLStreamWrite Security Bypass Vulnerability
25. Microsoft Windows Desktop Wall Paper System Parameter Local Privilege Escalation Vulnerability
26. Novell Access Manager Administration Console Information Disclosure Vulnerability
27. Mozilla Firefox 'watch()' and ' __defineSetter__ ()' Functions Remote Code Execution Vulnerability
28. Mozilla Firefox/Thunderbird JavaScript Engine Memory Corruption Vulnerabilities
29. Mozilla Firefox and Thunderbird RDF File Handling Remote Memory Corruption Vulnerability
30. Mozilla Firefox Flash Player Unloading Remote Code Execution Vulnerability
31. Mozilla Firefox 'setTimeout()' Remote Code Execution Vulnerability
32. Mozilla Firefox and Thunderbird Multiple Remote Memory Corruption Vulnerabilities
33. Mozilla Firefox/Thunderbird Double Frame Construction Memory Corruption Vulnerabilities
34. Mozilla Firefox and Thunderbird Remote Integer Overflow Vulnerability
35. WebKit CSS 'Attr' Function Remote Code Execution Vulnerability
36. DD-WRT Web Management Interface Remote Arbitrary Shell Command Injection Vulnerability
37. NOS getPlus Download Manager Insecure File Permissions Local Privilege Escalation Vulnerability
38. Adobe Acrobat, Reader, and Flash Player Remote Code Execution Vulnerability
39. RaidenHTTPD Cross Site Scripting and Local File Include Vulnerabilities
40. Mozilla Firefox Unicode Data Remote Denial of Service Vulnerability
41. Mozilla Firefox 3.5 'TraceMonkey' Component Remote Code Execution Vulnerability
42. wxWidgets 'wxImage::Create()' Integer Overflow Vulnerability
43. RETIRED: Mozilla Firefox MFSA 2009-34, -35, -36, -37, -39, -40 Multiple Vulnerabilities
44. Microsoft Publisher Object Handler Data Pointer Dereference Remote Code Execution Vulnerability
45. Microsoft Windows Embedded OpenType Font Engine Heap Overflow Vulnerability
46. Perl IO::Socket::SSL 'verify_hostname_of_cert()' Security Bypass Vulnerability
47. Pango 'pango_glyph_string_set_size()' Integer Overflow Vulnerability
48. NetBSD 'hack(6)' Multiple Privilege Escalation Vulnerabilities
49. NTP 'ntpq' Stack Buffer Overflow Vulnerability
50. NTP 'ntpd' Autokey Stack Buffer Overflow Vulnerability
51. GNOME glib Base64 Encoding and Decoding Multiple Integer Overflow Vulnerabilities
52. Evolution Data Server 'ntlm_challenge()' Memory Contents Information Disclosure Vulnerability
53. GNOME Evolution S/MIME Email Signature Verification Vulnerability
54. Linux Kernel 'tun_chr_pool()' NULL Pointer Dereference Vulnerability
55. Xpdf JBIG2 Processing Multiple Security Vulnerabilities
56. Apache Tomcat XML Parser Information Disclosure Vulnerability
57. Apache Tomcat Form Authentication Existing/Non-Existing Username Enumeration Weakness
58. Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability
59. Apache Tomcat Cookie Quote Handling Remote Information Disclosure Vulnerability
60. Apache Tomcat Java AJP Connector Invalid Header Denial of Service Vulnerability
61. S.T.A.L.K.E.R. Remote Denial of Service Vulnerability
62. OpenSSL DTLS Packets Multiple Denial of Service Vulnerabilities
63. OpenSSL 'dtls1_retrieve_buffered_fragment()' DTLS Packet Denial of Service Vulnerability
64. Joomla! Remote File Upload Vulnerability And Information Disclosure Weakness
65. Akamai Download Manager ActiveX Control Redswoosh Download Stack Buffer Overflow Vulnerability
66. Phorum Multiple BBCode HTML Injection Vulnerabilities
67. Snitz Forums 2000 'register.asp' SQL Injection Vulnerability
68. Drupal Bubbletimer Create Timesheets HTML Injection Vulnerability
69. S.T.A.L.K.E.R. Clear Sky Remote Denial of Service Vulnerability
70. phpGroupWare Multiple Input Validation Vulnerabilities
71. ZNC File Upload Directory Traversal Vulnerability
72. Novell Privileged User Manager Remote Library Injection Vulnerability
73. Common Data Format Library Multiple Memory Corruption Vulnerabilities
74. @Mail 'admin.php' Cross-Site Scripting Vulnerabilities
75. World in Conflict Typecheck Remote Denial of Service Vulnerability
76. Linux Kernel SGI GRU Driver Off By One Vulnerability
77. McAfee SmartFilter Multiple Information Disclosure Vulnerabilities
78. Sun Java System Web Server '.jsp' File Information Disclosure Vulnerability
79. Microsoft Office Web Components ActiveX Control 'msDataSourceObject' Code Execution Vulnerability
80. WordPress Comment Author URI Cross-Site Scripting Vulnerability
81. America's Army Multiple Vulnerabilities
82. Wireshark 1.2.0 Multiple Vulnerabilities
83. YourFreeWorld Programs Rating Script Multiple Cross Site Scripting Vulnerabilities
84. E-Xoopport MyAnnonces 'lid' Parameter SQL Injection Vulnerability
85. Novell NetIdentity Agent 'XTIERRPCPIPE' Remote Code Execution Vulnerability
86. CoreGraphics Font Glyph Rendering Library Multiple Remote Code Execution Vulnerabilities
87. phpDirectorySource SQL Injection and Cross Site Scripting Vulnerabilities
88. XMB Forum 1.6 Magic Lantern Cross Site Scripting Vulnerabilities
89. KMPlayer '.srt' File Remote Buffer Overflow Vulnerability
90. KMPlayer Multiple Remote Denial of Service Vulnerabilities
91. GraFX MiniCWB 'LANG' Parameter Multiple Remote File Include Vulnerabilities
92. Sun Solaris 'auditconfig(1M)' Command Local Privilege Escalation Vulnerability
93. Apple Safari 'CFCharacterSetInitInlineBuffer()' Remote Denial Of Service Vulnerability
94. Apple Safari 'file://' Protocol Handler Information Disclosure and Denial of Service Vulnerability
95. Joomla! 'joomla-php' Component 'id' Parameter SQL Injection Vulnerability
96. Drupal Cross-Site Scripting, Code Injection and Information Disclosure Vulnerabilities
97. osTicket Staff Username SQL Injection Vulnerability
98. FreeWebShop 'startmodules.inc.php' Local File Include Vulnerability
99. Ruby 'OCSP_basic_verify()' X.509 Certificate Verification Vulnerability
100. Ruby BigDecimal Library Denial Of Service Vulnerability
III. SECURITYFOCUS NEWS
1. Web attacks hit U.S., South Korean sites
2. FTC persuades court to shutter rogue ISP
3. Obama launches cybersecurity initiative
4. Browsers bashed first in hacking contest
IV. SECURITY JOBS LIST SUMMARY
V. INCIDENTS LIST SUMMARY
VI. VULN-DEV RESEARCH LIST SUMMARY
VII. MICROSOFT FOCUS LIST SUMMARY
1. Forcing Password Changes for Non-Interacitve Logons
VIII. SUN FOCUS LIST SUMMARY
IX. LINUX FOCUS LIST SUMMARY
X. UNSUBSCRIBE INSTRUCTIONS
XI. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1.The Scale of Security
By Adam O'Donnell
Human beings do not naturally understand scale. While we speak of financial transactions in the hundreds of billions of dollars as being something as routine as brushing our teeth, we question the value of programs that cost in the single-digit millions and quibble with friends over dollars. Similarly, there are many problems in our industry that, when explained to an outsider, sound like they should have been solved decades ago. It is only when we relate the number of systems that need to be considered in the repair that we truly communicate the difficulty of the problem.
http://www.securityfocus.com/columnists/503

2. Hacker-Tool Law Still Does Little
By Mark Rasch
On August 10, 2007, a new section of the German Penal code went into effect. The statute, intended to implement certain provisions of the Council of Europe Treaty on Cybercrime, could be interpreted to make the creation or distribution of computer security software a criminal offense.
http://www.securityfocus.com/columnists/502

II. BUGTRAQ SUMMARY
--------------------
1. IBM Tivoli Identity Manager Session Fixation Vulnerability
BugTraq ID: 35779
Remote: Yes
Last Updated: 2009-07-23
Relevant URL: http://www.securityfocus.com/bid/35779
Summary:
IBM Tivoli Identity Manager is prone to a session-fixation vulnerability.

Attackers can exploit this issue to hijack a user's session and gain unauthorized access to the affected application.

Tivoli Identity Manager 5.0 is affected.

2. Mozilla Firefox 'XPCCrossOriginWrapper' Multiple Cross Domain Scripting Vulnerabilities
BugTraq ID: 35773
Remote: Yes
Last Updated: 2009-07-23
Relevant URL: http://www.securityfocus.com/bid/35773
Summary:
Mozilla Firefox is prone to multiple cross-domain scripting vulnerabilities.

An attacker can exploit these vulnerabilities to bypass the same-origin policy and obtain potentially sensitive information or to launch spoofing attacks against other sites. Other attacks are also possible.

Versions prior to Firefox 3.0.12 and 3.5 are vulnerable.

NOTE: These vulnerabilities were previously covered in BID 35758 (Mozilla Firefox MFSA 2009-34, -35, -36, -37, -39, -40 Multiple Vulnerabilities) but have been assigned their own record to better document them.

3. Nagios 'statuswml.cgi' Remote Arbitrary Shell Command Injection Vulnerability
BugTraq ID: 35464
Remote: Yes
Last Updated: 2009-07-20
Relevant URL: http://www.securityfocus.com/bid/35464
Summary:
Nagios is prone to a remote command-injection vulnerability because it fails to adequately sanitize user-supplied input data.

Remote attackers can exploit this issue to execute arbitrary shell commands with the privileges of the user running the application.

Note that for an exploit to succeed, access to the WAP interface's ping feature must be allowed.

Versions prior to Nagios 3.1.1 are vulnerable.

4. Nagios Web Interface Privilege Escalation Vulnerability
BugTraq ID: 32156
Remote: Yes
Last Updated: 2009-07-20
Relevant URL: http://www.securityfocus.com/bid/32156
Summary:
Nagios is prone to an unspecified privilege-escalation scripting vulnerability.

An attacker with low-level privileges may exploit this issue to bypass authorization and cause arbitrary commands to run within the context of the Nagios server. This may aid in further attacks.

Few technical details are available at this time; we will update this BID as more information emerges.

The issue affects versions prior to Nagios 3.0.5.

5. Nagios External Commands and Adaptive Commands Unspecified Vulnerability
BugTraq ID: 32611
Remote: Yes
Last Updated: 2009-07-20
Relevant URL: http://www.securityfocus.com/bid/32611
Summary:
Nagios is prone to an unspecified vulnerability related to the CGI submission of external commands and the processing of adaptive commands.

Very little information is known about this issue. We will update this BID as soon as more information becomes available.

The issue affects versions prior to Nagios 3.0.6.

6. RETIRED: Microsoft July 2009 Advance Notification Multiple Vulnerabilities
BugTraq ID: 35617
Remote: Yes
Last Updated: 2009-07-20
Relevant URL: http://www.securityfocus.com/bid/35617
Summary:
Microsoft has released advance notification that on July 14, 2009 the vendor will be releasing six security bulletins covering multiple issues. The highest severity rating for these issues is 'Critical'.

These issues affect the following:

Windows
DirectX
Virtual PC
Virtual Server
ISA Server
Publisher

Successfully exploiting these issues may allow remote or local attackers to compromise affected computers.

The following individual records exist to better document these issues:

35139 Microsoft DirectX DirectShow QuickTime Video Remote Code Execution Vulnerability
35600 Microsoft DirectX DirectShow Pointer Validation Remote Code Execution Vulnerability
35616 Microsoft DirectX DirectShow Size Field Remote Code Execution Vulnerability
35186 Microsoft Windows Embedded OpenType Font Engine Heap Overflow Vulnerability
35187 Microsoft Windows Embedded OpenType Font Engine Integer Overflow Vulnerability
35599 Microsoft Publisher Object Handler Data Pointer Dereference Remote Code Execution Vulnerability
35631 Microsoft ISA Server Radius OTP Authentication Bypass Vulnerability
35558 Microsoft Windows 'MPEG2TuneRequest' ActiveX Control Remote Code Execution Vulnerability
35601 Microsoft Virtual PC and Virtual Server Privilege Escalation Vulnerability

7. ISC DHCP 'dhcpd -t' Command Insecure Temporary File Creation Vulnerability
BugTraq ID: 35670
Remote: No
Last Updated: 2009-07-20
Relevant URL: http://www.securityfocus.com/bid/35670
Summary:
ISC DHCP creates temporary files in an insecure manner.

An attacker with local access could potentially exploit this issue to perform symbolic link attacks to overwrite arbitrary attacker-specified files.

8. Crysis HTTP/XML-RPC Service Access Violation Remote Denial of Service Vulnerability
BugTraq ID: 35735
Remote: Yes
Last Updated: 2009-07-20
Relevant URL: http://www.securityfocus.com/bid/35735
Summary:
Crysis is prone to a remote denial-of-service vulnerability because the application fails to handle exceptional conditions.

An attacker can exploit this issue to crash the affected application, denying further service to legitimate users. Given the nature of this issue, the attacker may also be able to run arbitrary code, but this has not been confirmed.

The following are affected:

Crysis 1.21 and prior versions
Crysis Wars 1.5 and prior versions

9. WordPress 'wp-admin/admin.php' Module Configuration Security Bypass Vulnerability
BugTraq ID: 35584
Remote: Yes
Last Updated: 2009-07-20
Relevant URL: http://www.securityfocus.com/bid/35584
Summary:
WordPress is prone to a security-bypass vulnerability.

Authenticated attackers may exploit this issue to gain access to configuration scripts, which may allow them to obtain sensitive information or elevate privileges; other attacks may also be possible.

Versions prior to the following are vulnerable:

WordPress 2.8.1
WordPress MU 2.8.1

10. FCKeditor 'CurrentFolder' Parameter Arbitrary File Upload Vulnerability
BugTraq ID: 31812
Remote: Yes
Last Updated: 2009-07-20
Relevant URL: http://www.securityfocus.com/bid/31812
Summary:
FCKeditor is prone to a vulnerability that lets attackers upload arbitrary files it fails to adequately sanitize user-supplied input.

An attacker can exploit this vulnerability to upload arbitrary code and execute it in the context of the webserver process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible.

Versions prior to FCKeditor 2.6.4.1 are vulnerable.

11. MediaWiki 'Special:Blocks' Page Cross Site Scripting Vulnerability
BugTraq ID: 35662
Remote: Yes
Last Updated: 2009-07-20
Relevant URL: http://www.securityfocus.com/bid/35662
Summary:
MediaWiki is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.

MediaWiki 1.14.0 and 1.15.0 are vulnerable.

12. Multiple Vendor Browser 'HTMLSelectElement' Denial of Service Vulnerability
BugTraq ID: 35446
Remote: Yes
Last Updated: 2009-07-20
Relevant URL: http://www.securityfocus.com/bid/35446
Summary:
Browsers from multiple vendors are prone to a denial-of-service vulnerability.

Successfully exploiting this issue may allow attackers to crash an affected application.

NOTE: This issue was previously covered in BID 35414 (Apple iPhone and iPod touch Prior to Version 3.0 Multiple Vulnerabilities), but has been assigned its own record to better document it.

13. 'Compress::Raw::Zlib' Perl Module Remote Code Execution Vulnerability
BugTraq ID: 35307
Remote: Yes
Last Updated: 2009-07-20
Relevant URL: http://www.securityfocus.com/bid/35307
Summary:
The 'Compress::Raw::Zlib' Perl module is prone to a remote code-execution vulnerability.

Successful exploits may allow remote attackers to execute arbitrary code or cause denial-of-service conditions in applications that use the vulnerable module.

Versions prior to 'Compress::Raw::Zlib' 2.017 are affected.

14. Net-SNMP GETBULK Divide By Zero Remote Denial of Service Vulnerability
BugTraq ID: 35492
Remote: Yes
Last Updated: 2009-07-20
Relevant URL: http://www.securityfocus.com/bid/35492
Summary:
Net-SNMP is prone to a remote denial-of-service vulnerability.

Successfully exploiting this issue allows remote attackers to cause denial-of-service conditions. To exploit this issue, an attacker must have read access to an SNMP community.

This issue affects Net-SNMP as distributed with Red Hat Enterprise Linux 3. Other distributions may also be affected.

15. Git Parameter Processing Remote Denial Of Service Vulnerability
BugTraq ID: 35338
Remote: Yes
Last Updated: 2009-07-20
Relevant URL: http://www.securityfocus.com/bid/35338
Summary:
Git is prone to a denial-of-service vulnerability because it fails to properly handle some client requests.

Attackers can exploit this issue to cause a daemon process to enter an infinite loop. Repeated exploits may consume excessive system resources, resulting in a denial-of-service condition.

Git 1.4.4.5 through 1.6.3.2 are vulnerable; other versions may also be affected.

16. ISC DHCP Server Host Definition Remote Denial Of Service Vulnerability
BugTraq ID: 35669
Remote: Yes
Last Updated: 2009-07-20
Relevant URL: http://www.securityfocus.com/bid/35669
Summary:
ISC DHCP Server is prone to a remote denial-of-service vulnerability because it fails to adequately handle specially crafted DHCP requests.

Attackers can exploit this issue to cause the server to terminate, thus denying service to legitimate users.

17. Python 'expandtabs' Multiple Integer Overflow Vulnerabilities
BugTraq ID: 33187
Remote: Yes
Last Updated: 2009-07-20
Relevant URL: http://www.securityfocus.com/bid/33187
Summary:
Python is prone to multiple integer-overflow vulnerabilities.

Successful exploits may allow attackers to execute arbitrary code in the context of applications using the vulnerable Python module. This may result in a compromise of the underlying system. Failed attempts may lead to a denial-of-service condition.

These issues affect versions prior to Python 2.5.2.

18. GStreamer gst-plugins-good 'gstpngdec.c' PNG Output Buffer Integer Overflow Vulnerability
BugTraq ID: 35172
Remote: Yes
Last Updated: 2009-07-20
Relevant URL: http://www.securityfocus.com/bid/35172
Summary:
GStreamer 'gst-plugins-good' is prone to an integer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data before using it to allocate memory buffers.

Successful exploits will allow attacker-supplied code to run in the context of the user running the affected application. Failed attacks will result in denial-of-service conditions.

This issue affects gst-plugins-good 0.10.15; other versions may also be affected.

19. LibTIFF 'LZWDecodeCompat()' Remote Buffer Underflow Vulnerability
BugTraq ID: 35451
Remote: Yes
Last Updated: 2009-07-20
Relevant URL: http://www.securityfocus.com/bid/35451
Summary:
LibTIFF is prone to a remote buffer-underflow vulnerability because it fails to perform adequate boundary checks on user-supplied data.

An attacker can exploit this issue to execute arbitrary malicious code in the context of a user running an application that uses the affected library. Failed exploit attempts will likely crash the application.

LibTIFF 3.8.2 is vulnerable; other versions may be affected as well.

20. LibTIFF Multiple Remote Integer Overflow Vulnerabilities
BugTraq ID: 35652
Remote: Yes
Last Updated: 2009-07-20
Relevant URL: http://www.securityfocus.com/bid/35652
Summary:
LibTIFF is prone to multiple remote integer-overflow vulnerabilities because it fails to perform adequate boundary checks on user-supplied data.

An attacker can exploit these issues to execute arbitrary malicious code in the context of a user running an application that uses the affected library. Failed exploit attempts will likely crash the application.

LibTIFF 3.8.2, 3.9, and 4.0 are vulnerable; other versions may also be affected.

21. D-Bus 'dbus_signature_validate()' Type Signature Denial of Service Vulnerability
BugTraq ID: 31602
Remote: No
Last Updated: 2009-07-20
Relevant URL: http://www.securityfocus.com/bid/31602
Summary:
D-Bus is prone to a local denial-of-service vulnerability because it fails to handle malformed signatures contained in messages.

Local attackers can exploit this issue to crash an application that uses the affected library, denying service to legitimate users.

This issue affects D-BUS 1.2.1; other versions may also be affected.

22. Apple iPhone SMS Application Denial of Service Vulnerability
BugTraq ID: 35569
Remote: Yes
Last Updated: 2009-07-20
Relevant URL: http://www.securityfocus.com/bid/35569
Summary:
The Apple iPhone SMS application is prone to a denial-of-service vulnerability.

An attacker may exploit the issue to crash iPhone's SMS application. The attacker may also be able to execute arbitrary code, but this has not been confirmed.

Very few details are available regarding this issue. We will update this BID as more information emerges.

23. Sun OpenSolaris Process File System (proc(4)) Local Denial Of Service Vulnerability
BugTraq ID: 35588
Remote: No
Last Updated: 2009-07-20
Relevant URL: http://www.securityfocus.com/bid/35588
Summary:
Sun OpenSolaris is prone to a local denial-of-service vulnerability.

Local attackers may exploit this issue to cause a kernel panic and crash the system.

OpenSolaris builds snv_49 through snv_109 are affected.

24. IBM WebSphere Application Server Stax XMLStreamWrite Security Bypass Vulnerability
BugTraq ID: 35741
Remote: Yes
Last Updated: 2009-07-20
Relevant URL: http://www.securityfocus.com/bid/35741
Summary:
IBM WebSphere Application Server (WAS) is prone to a security-bypass vulnerability.

Successful exploits may allow attackers to bypass certain security restrictions and modify data sent through SOAP requests.

This issue affects WAS 6.1.0 prior to 6.1.0.25.

25. Microsoft Windows Desktop Wall Paper System Parameter Local Privilege Escalation Vulnerability
BugTraq ID: 35120
Remote: No
Last Updated: 2009-07-20
Relevant URL: http://www.securityfocus.com/bid/35120
Summary:
Microsoft Windows is prone to a local privilege-escalation vulnerability.

Attackers may exploit this issue to execute arbitrary code with kernel-level privileges. Successful exploits will facilitate the complete compromise of affected computers. Failed exploit attempts will result in a denial-of-service condition.

26. Novell Access Manager Administration Console Information Disclosure Vulnerability
BugTraq ID: 35734
Remote: Yes
Last Updated: 2009-07-20
Relevant URL: http://www.securityfocus.com/bid/35734
Summary:
Novell Access Manager is prone to a remote information-disclosure vulnerability.

Attackers can exploit this issue to obtain potentially sensitive information that may aid in further attacks.

The vulnerability affects versions prior to Novell Access Manager 3.1 SP1.

27. Mozilla Firefox 'watch()' and ' __defineSetter__ ()' Functions Remote Code Execution Vulnerability
BugTraq ID: 35772
Remote: Yes
Last Updated: 2009-07-23
Relevant URL: http://www.securityfocus.com/bid/35772
Summary:
Mozilla Firefox is prone to a remote code-execution vulnerability.

Successful exploits may allow an attacker to execute arbitrary code in the context of the user running the affected application. Failed attempts will likely result in denial-of-service conditions.

Versions prior to Firefox 3.5 and 3.0.12 are vulnerable.

This vulnerability was previously covered in BID 35758 (Mozilla Firefox MFSA 2009-34, -35, -36, -37, -39, -40 Multiple Vulnerabilities) but has been assigned its own record to better document the issue.

28. Mozilla Firefox/Thunderbird JavaScript Engine Memory Corruption Vulnerabilities
BugTraq ID: 35776
Remote: Yes
Last Updated: 2009-07-23
Relevant URL: http://www.securityfocus.com/bid/35776
Summary:
Mozilla Firefox and Thunderbird are prone to multiple remote memory-corruption vulnerabilities that affect the JavaScript engine.

An attacker can exploit these issues to corrupt memory on the affected computer and run arbitrary code in the context of the user running the affected application. Failed exploit attempts will cause denial-of-service conditions.

These vulnerabilities were previously covered in BID 35758 (Mozilla Firefox MFSA 2009-34, -35, -36, -37, -39, -40 Multiple Vulnerabilities) but have been assigned this record to better document the issues.

29. Mozilla Firefox and Thunderbird RDF File Handling Remote Memory Corruption Vulnerability
BugTraq ID: 35775
Remote: Yes
Last Updated: 2009-07-23
Relevant URL: http://www.securityfocus.com/bid/35775
Summary:
Mozilla Firefox and Thunderbird are prone to a remote memory-corruption vulnerability that attackers can exploit to cause denial-of-service conditions and possibly execute arbitrary code.

The vulnerability is fixed in Firefox 3.0.12 and 3.5. Note that Thunderbird is also affected but Mozilla hasn't specified the vulnerable and fixed versions.

This vulnerability was previously covered in BID 35758 (Mozilla Firefox MFSA 2009-34, -35, -36, -37, -39, -40 Multiple Vulnerabilities) but has been assigned its own record to better document the issue.

30. Mozilla Firefox Flash Player Unloading Remote Code Execution Vulnerability
BugTraq ID: 35767
Remote: Yes
Last Updated: 2009-07-23
Relevant URL: http://www.securityfocus.com/bid/35767
Summary:
Mozilla Firefox is prone to a remote code-execution vulnerability.

Successful exploits may allow an attacker to execute arbitrary code in the context of the user running the affected application. Failed attempts will likely result in denial-of-service conditions.

Versions prior to Firefox 3.5.1 and 3.0.12 are vulnerable.

This vulnerability was previously covered in BID 35758 (Mozilla Firefox MFSA 2009-34, -35, -36, -37, -39, -40 Multiple Vulnerabilities) but has been assigned its own record to better document the issue.

31. Mozilla Firefox 'setTimeout()' Remote Code Execution Vulnerability
BugTraq ID: 35766
Remote: Yes
Last Updated: 2009-07-23
Relevant URL: http://www.securityfocus.com/bid/35766
Summary:
Mozilla Firefox is prone to a remote code-execution vulnerability that affects the 'setTimeout()' JavaScript function.

Attackers can exploit this issue to execute arbitrary JavaScript code with chrome privileges, which may result in a compromise of the affected computer.

NOTE: This vulnerability was previously covered in BID 35758 (Mozilla Firefox MFSA 2009-34, -35, -36, -37, -39, -40 Multiple Vulnerabilities) but has been assigned its own record to better document the issue.

Versions prior to Firefox 3.0.12 and 3.5 are vulnerable.

32. Mozilla Firefox and Thunderbird Multiple Remote Memory Corruption Vulnerabilities
BugTraq ID: 35765
Remote: Yes
Last Updated: 2009-07-23
Relevant URL: http://www.securityfocus.com/bid/35765
Summary:
Mozilla Firefox and Thunderbird are prone to multiple memory-corruption vulnerabilities that attackers can exploit to cause denial-of-service conditions and, in some cases, to run arbitrary code.

The vulnerabilities are fixed in Firefox 3.0.12 and 3.5. Mozilla states that Thunderbird is also affected, but doesn't specify the vulnerable and fixed versions.

These vulnerabilities were previously covered in BID 35758 (Mozilla Firefox MFSA 2009-34, -35, -36, -37, -39, -40 Multiple Vulnerabilities) but have been assigned this record to better document them.

33. Mozilla Firefox/Thunderbird Double Frame Construction Memory Corruption Vulnerabilities
BugTraq ID: 35770
Remote: Yes
Last Updated: 2009-07-23
Relevant URL: http://www.securityfocus.com/bid/35770
Summary:
Mozilla Firefox and Thunderbird are prone to multiple remote memory-corruption vulnerabilities.

An attacker can exploit these issues to corrupt memory on the affected computer and run arbitrary code in the context of the user running the affected application. Failed exploit attempts will cause denial-of-service conditions.

These vulnerabilities were previously covered in BID 35758 (Mozilla Firefox MFSA 2009-34, -35, -36, -37, -39, -40 Multiple Vulnerabilities) but have been assigned this record to better document them.

34. Mozilla Firefox and Thunderbird Remote Integer Overflow Vulnerability
BugTraq ID: 35769
Remote: Yes
Last Updated: 2009-07-23
Relevant URL: http://www.securityfocus.com/bid/35769
Summary:
Mozilla Firefox and Thunderbird are prone to a remote integer-overflow vulnerability that attackers can exploit to cause denial-of-service conditions and possibly to execute arbitrary code.

The vulnerability is fixed in Firefox 3.0.12 and 3.5. Note that Thunderbird is also affected but Mozilla hasn't specified the vulnerable and fixed versions.

This vulnerability was previously covered in BID 35758 (Mozilla Firefox MFSA 2009-34, -35, -36, -37, -39, -40 Multiple Vulnerabilities) but has been assigned its own record to better document the issue.

35. WebKit CSS 'Attr' Function Remote Code Execution Vulnerability
BugTraq ID: 35318
Remote: Yes
Last Updated: 2009-07-23
Relevant URL: http://www.securityfocus.com/bid/35318
Summary:
WebKit is prone to a remote code-execution vulnerability.

Attackers may exploit this issue to execute arbitrary code in the context of the application. Failed exploit attempts will result in a denial-of-service condition.

NOTE: This issue was previously covered in BID 35260 (Apple Safari Prior to 4.0 Multiple Security Vulnerabilities), but has been assigned its own record to better document it.

36. DD-WRT Web Management Interface Remote Arbitrary Shell Command Injection Vulnerability
BugTraq ID: 35742
Remote: Yes
Last Updated: 2009-07-23
Relevant URL: http://www.securityfocus.com/bid/35742
Summary:
DD-WRT is prone to a remote command-injection vulnerability because it fails to adequately sanitize user-supplied input data.

Remote attackers can exploit this issue to execute arbitrary shell commands with superuser privileges, which may facilitate a complete compromise of the affected device.

DD-WRT v24-sp1 is affected; other versions may also be vulnerable.

37. NOS getPlus Download Manager Insecure File Permissions Local Privilege Escalation Vulnerability
BugTraq ID: 35740
Remote: No
Last Updated: 2009-07-23
Relevant URL: http://www.securityfocus.com/bid/35740
Summary:
NOS Microsystems getPlus Download Manager is prone to a local privilege-escalation vulnerability that stems from a design error. This vulnerability occurs because the application assigns insecure file permissions to certain files during installation.

An attacker may exploit this vulnerability to overwrite affected files with arbitrary code that will then run with SYSTEM-level privileges. This may facilitate a complete compromise of affected computers.

Note that Adobe Acrobat Reader uses the getPlus Download Manager. Other applications may also use getPlus.

38. Adobe Acrobat, Reader, and Flash Player Remote Code Execution Vulnerability
BugTraq ID: 35759
Remote: Yes
Last Updated: 2009-07-23
Relevant URL: http://www.securityfocus.com/bid/35759
Summary:
Adobe Acrobat, Reader, and Flash Player are prone to a remote code-execution vulnerability.

An attacker can exploit this issue by supplying a malicious Flash ('.swf') file or by embedding a malicious Flash application in a PDF file. Successful exploits may allow the attacker to execute arbitrary code in the context of the user running the affected application. Failed attempts will likely result in denial-of-service conditions.

The issue affects the following:

Reader and Acrobat 9.1.2
Flash Player 9 and 10

39. RaidenHTTPD Cross Site Scripting and Local File Include Vulnerabilities
BugTraq ID: 35781
Remote: Yes
Last Updated: 2009-07-23
Relevant URL: http://www.securityfocus.com/bid/35781
Summary:
RaidenHTTPD is prone to local file-include and cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. These issues affect the WebAdmin component.

An attacker may leverage the cross-site scripting issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

Exploiting the local file-include issue allows remote attackers to view and subsequently execute local files within the context of the webserver process.

RaidenHTTPD 2.0 build 26 and prior versions are affected.

40. Mozilla Firefox Unicode Data Remote Denial of Service Vulnerability
BugTraq ID: 35707
Remote: Yes
Last Updated: 2009-07-22
Relevant URL: http://www.securityfocus.com/bid/35707
Summary:
Mozilla Firefox is prone to a remote denial-of-service vulnerability.

Successful exploits may allow an attacker to deny service to legitimate users.

NOTE: This issue cannot be exploited to execute code.

The issue affects Firefox 3.5.1 and prior versions.

41. Mozilla Firefox 3.5 'TraceMonkey' Component Remote Code Execution Vulnerability
BugTraq ID: 35660
Remote: Yes
Last Updated: 2009-07-22
Relevant URL: http://www.securityfocus.com/bid/35660
Summary:
Mozilla Firefox is prone to a remote code-execution vulnerability.

Successful exploits may allow an attacker to execute arbitrary code in the context of the user running the affected application. Failed attempts will likely result in denial-of-service conditions.

The issue affects Firefox 3.5; other versions may also be vulnerable.

NOTE: Remote code execution was confirmed in Firefox 3.5 running on Microsoft Windows XP SP2. A crash was observed in Firefox 3.5 on Windows XP SP3.

UPDATE (July 15, 2009): Remote code execution is also possible in Firefox 3.5 running on Apple Mac OS X.

42. wxWidgets 'wxImage::Create()' Integer Overflow Vulnerability
BugTraq ID: 35552
Remote: Yes
Last Updated: 2009-07-22
Relevant URL: http://www.securityfocus.com/bid/35552
Summary:
wxWidgets is prone to an integer-overflow vulnerability.

An attacker may exploit this issue by enticing victims into opening maliciously crafted JPEG files.

Successful exploits will allow attackers to execute arbitrary code in the context in the context of applications that use the affected library. Failed exploit attempts will likely result in denial-of-service conditions.

wxWidgets 2.8.10 is vulnerable; other versions may also be affected.

43. RETIRED: Mozilla Firefox MFSA 2009-34, -35, -36, -37, -39, -40 Multiple Vulnerabilities
BugTraq ID: 35758
Remote: Yes
Last Updated: 2009-07-22
Relevant URL: http://www.securityfocus.com/bid/35758
Summary:
The Mozilla Foundation has released multiple advisories to address vulnerabilities in Firefox.

This BID is being retired; the following individual records now document these issues:

34870 Pango 'pango_glyph_string_set_size()' Integer Overflow Vulnerability
35765 Mozilla Firefox and Thunderbird Multiple Remote Memory Corruption Vulnerabilities
35766 Mozilla Firefox 'setTimeout()' Remote Code Execution Vulnerability
35767 Mozilla Firefox Flash Player Unloading Remote Code Execution Vulnerability
35769 Mozilla Firefox and Thunderbird Remote Integer Overflow Vulnerability
35770 Mozilla Firefox/Thunderbird Double Frame Construction Memory Corruption Vulnerabilities
35772 Mozilla Firefox 'watch()' and ' __defineSetter__ ()' Functions Remote Code Execution Vulnerability
35773 Mozilla Firefox 'XPCCrossOriginWrapper' Multiple Cross Domain Scripting Vulnerabilities
35774 CoreGraphics Font Glyph Rendering Library Multiple Remote Code Execution Vulnerabilities
35775 Mozilla Firefox and Thunderbird RDF File Handling Remote Memory Corruption Vulnerability
35776 Mozilla Firefox/Thunderbird JavaScript Engine Memory Corruption Vulnerabilities

44. Microsoft Publisher Object Handler Data Pointer Dereference Remote Code Execution Vulnerability
BugTraq ID: 35599
Remote: Yes
Last Updated: 2009-07-22
Relevant URL: http://www.securityfocus.com/bid/35599
Summary:
Microsoft Publisher is prone to a remote code-execution vulnerability.

An attacker can exploit this issue by enticing a victim to open a malicious Publisher file.

Successfully exploiting this issue would allow the attacker to execute arbitrary code in the context of the currently logged-in user.

45. Microsoft Windows Embedded OpenType Font Engine Heap Overflow Vulnerability
BugTraq ID: 35186
Remote: Yes
Last Updated: 2009-07-22
Relevant URL: http://www.securityfocus.com/bid/35186
Summary:
Microsoft Windows is prone to a remotely exploitable heap-overflow vulnerability because the software fails to properly bounds-check user-supplied input before copying it into an insufficiently sized memory buffer.

Remote attackers can exploit this issue to execute arbitrary machine code in the context of the vulnerable software on the targeted user's computer.

46. Perl IO::Socket::SSL 'verify_hostname_of_cert()' Security Bypass Vulnerability
BugTraq ID: 35587
Remote: Yes
Last Updated: 2009-07-22
Relevant URL: http://www.securityfocus.com/bid/35587
Summary:
The IO::Socket::SSL module for Perl is prone to a security-bypass vulnerability because the application fails to properly validate certificate hostnames.

Successfully exploiting this issue allows attackers to bypass certain security restrictions, which may aid in further attacks.

Versions prior to IO::Socket::SSL 1.26 are vulnerable.

47. Pango 'pango_glyph_string_set_size()' Integer Overflow Vulnerability
BugTraq ID: 34870
Remote: Yes
Last Updated: 2009-07-22
Relevant URL: http://www.securityfocus.com/bid/34870
Summary:
Pango is prone to an integer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data before using the data to allocate memory buffers.

Successful exploits may allow attackers to crash an application that uses the library, denying service to legitimate users. Given the nature of this issue, attackers may also be able to run arbitrary code, but this has not been confirmed.

Versions prior to Pango 1.2.4 are vulnerable. Mozilla Firefox is also vulnerable to this issue.

48. NetBSD 'hack(6)' Multiple Privilege Escalation Vulnerabilities
BugTraq ID: 35542
Remote: No
Last Updated: 2009-07-22
Relevant URL: http://www.securityfocus.com/bid/35542
Summary:
The NetBSD 'hack(6)' game is prone to multiple privilege-escalation vulnerabilities caused by buffer-overflow errors because it fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer.

A local attacker may exploit these issues to elevate privileges to the 'games' group.

49. NTP 'ntpq' Stack Buffer Overflow Vulnerability
BugTraq ID: 34481
Remote: Yes
Last Updated: 2009-07-22
Relevant URL: http://www.securityfocus.com/bid/34481
Summary:
The 'ntpq' command is prone to a stack-based buffer-overflow vulnerability.

Successful exploits will crash the affected utility. Code execution may also be possible, but has not been confirmed.

50. NTP 'ntpd' Autokey Stack Buffer Overflow Vulnerability
BugTraq ID: 35017
Remote: Yes
Last Updated: 2009-07-22
Relevant URL: http://www.securityfocus.com/bid/35017
Summary:
The 'ntpd' daemon is prone to a stack-based buffer-overflow vulnerability when it is configured to use the 'autokey' OpenSSL protocol.

Attackers can exploit this issue to execute arbitrary code in the context of the application. Failed attempts will likely crash the application, causing denial-of-service conditions.

51. GNOME glib Base64 Encoding and Decoding Multiple Integer Overflow Vulnerabilities
BugTraq ID: 34100
Remote: Yes
Last Updated: 2009-07-22
Relevant URL: http://www.securityfocus.com/bid/34100
Summary:
The GNOME glib library is prone to multiple integer-overflow vulnerabilities related to encoding and decoding Base64 data.

Successful exploits may allow remote attackers to cause denial-of-service conditions or potentially execute arbitrary code on computers running the affected library.

The following are vulnerable:

GNOME glib 2.11
GNOME glib 2.12
GStreamer gst-plugins-base prior to 0.10.23
GNOME libsoup prior to 2.2.0
GNOME libsoup prior to 2.24
Evolution Data Server prior to 2.24.5

Additional applications and versions may also be affected.

52. Evolution Data Server 'ntlm_challenge()' Memory Contents Information Disclosure Vulnerability
BugTraq ID: 34109
Remote: Yes
Last Updated: 2009-07-22
Relevant URL: http://www.securityfocus.com/bid/34109
Summary:
Evolution Data Server is prone to an information-disclosure vulnerability.

Successful exploits will allow attackers to obtain the contents of a portion of memory or crash the application.

This issue affects Evolution Data Server 2.45.5; other versions may also be affected.

53. GNOME Evolution S/MIME Email Signature Verification Vulnerability
BugTraq ID: 33720
Remote: Yes
Last Updated: 2009-07-22
Relevant URL: http://www.securityfocus.com/bid/33720
Summary:
GNOME Evolution is prone to a signature-verification vulnerability.

Attackers can exploit this issue through man-in-the-middle attacks to modify signed messages undetected.

54. Linux Kernel 'tun_chr_pool()' NULL Pointer Dereference Vulnerability
BugTraq ID: 35724
Remote: No
Last Updated: 2009-07-22
Relevant URL: http://www.securityfocus.com/bid/35724
Summary:
The Linux kernel is prone to a local NULL-pointer dereference vulnerability.

A local attacker can exploit this issue to execute arbitrary code with superuser privileges or crash an affected kernel, denying service to legitimate users.

This issue was introduced in Linux kernel 2.6.30.

55. Xpdf JBIG2 Processing Multiple Security Vulnerabilities
BugTraq ID: 34568
Remote: Yes
Last Updated: 2009-07-22
Relevant URL: http://www.securityfocus.com/bid/34568
Summary:
Xpdf is prone to multiple security vulnerabilities.

Exploiting these issues may allow remote attackers to execute arbitrary code in the context of an affected application. Failed exploit attempts will likely cause denial-of-service conditions.

These issues affect multiple applications on multiple platforms that use the affected library.

56. Apache Tomcat XML Parser Information Disclosure Vulnerability
BugTraq ID: 35416
Remote: No
Last Updated: 2009-07-22
Relevant URL: http://www.securityfocus.com/bid/35416
Summary:
Apache Tomcat is prone to an information-disclosure vulnerability.

Attackers can exploit this issue to obtain sensitive information that may lead to further attacks.

57. Apache Tomcat Form Authentication Existing/Non-Existing Username Enumeration Weakness
BugTraq ID: 35196
Remote: Yes
Last Updated: 2009-07-22
Relevant URL: http://www.securityfocus.com/bid/35196
Summary:
Apache Tomcat is prone to a username-enumeration weakness because it displays different responses to login attempts, depending on whether or not the username exists.

Attackers may exploit this weakness to discern valid usernames. This may aid them in brute-force password cracking or other attacks.

The following are vulnerable:

Tomcat 4.1.x (prior to 4.1.40)
Tomcat 5.5x (prior to 5.5.28)
Tomcat 6.0.x (prior to 6.0.20)

58. Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability
BugTraq ID: 35263
Remote: Yes
Last Updated: 2009-07-22
Relevant URL: http://www.securityfocus.com/bid/35263
Summary:
Apache Tomcat is prone to a remote information-disclosure vulnerability.

Attackers can exploit this issue to obtain sensitive information that may lead to further attacks.

The following versions of Apache Tomcat are vulnerable:

6.0.0-6.0.18
5.5.0-5.5.27
4.1.0-4.1.39

59. Apache Tomcat Cookie Quote Handling Remote Information Disclosure Vulnerability
BugTraq ID: 27706
Remote: Yes
Last Updated: 2009-07-22
Relevant URL: http://www.securityfocus.com/bid/27706
Summary:
Apache Tomcat is prone to an information-disclosure vulnerability because it fails to adequately sanitize user-supplied data.

Attackers can exploit this issue to access potentially sensitive data that may aid in further attacks.

Versions prior to Apache Tomcat 6.0.16 and 5.5.26 are vulnerable.

NOTE: This vulnerability is caused by an incomplete fix for BID 25316 - Apache Tomcat Multiple Remote Information Disclosure Vulnerabilities (CVE-2007-3385).

60. Apache Tomcat Java AJP Connector Invalid Header Denial of Service Vulnerability
BugTraq ID: 35193
Remote: Yes
Last Updated: 2009-07-22
Relevant URL: http://www.securityfocus.com/bid/35193
Summary:
Apache Tomcat is prone to a denial-of-service vulnerability.

Attackers can exploit this issue to cause the server to end up in an error state, denying service to legitimate users.

The following versions of Apache Tomcat are vulnerable:

6.0.0-6.0.18
5.5.0-5.5.27
4.1.0-4.1.39

61. S.T.A.L.K.E.R. Remote Denial of Service Vulnerability
BugTraq ID: 29723
Remote: Yes
Last Updated: 2009-07-22
Relevant URL: http://www.securityfocus.com/bid/29723
Summary:
S.T.A.L.K.E.R. game servers are prone to a remote denial-of-service vulnerability because the software fails to handle exceptional conditions when processing user nicknames.

Successfully exploiting this issue allows remote attackers to crash the affected application, denying service to legitimate users.

62. OpenSSL DTLS Packets Multiple Denial of Service Vulnerabilities
BugTraq ID: 35001
Remote: Yes
Last Updated: 2009-07-22
Relevant URL: http://www.securityfocus.com/bid/35001
Summary:
OpenSSL is prone to multiple vulnerabilities that may allow attackers to cause denial-of-service conditions.

63. OpenSSL 'dtls1_retrieve_buffered_fragment()' DTLS Packet Denial of Service Vulnerability
BugTraq ID: 35138
Remote: Yes
Last Updated: 2009-07-22
Relevant URL: http://www.securityfocus.com/bid/35138
Summary:
OpenSSL is prone to a vulnerability that may allow attackers to cause denial-of-service conditions.

OpenSSL 1.0.0 Beta 2 is vulnerable; other versions may also be affected.

64. Joomla! Remote File Upload Vulnerability And Information Disclosure Weakness
BugTraq ID: 35780
Remote: Yes
Last Updated: 2009-07-22
Relevant URL: http://www.securityfocus.com/bid/35780
Summary:
Joomla! is prone to a remote file-upload vulnerability and an information-disclosure weakness.

Attackers can exploit these issues to disclosure sensitive information, or upload arbitrary code and execute it in the context of the webserver process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible.

Joomla! 1.5.x versions prior to 1.5.13 are vulnerable.

65. Akamai Download Manager ActiveX Control Redswoosh Download Stack Buffer Overflow Vulnerability
BugTraq ID: 35778
Remote: Yes
Last Updated: 2009-07-22
Relevant URL: http://www.securityfocus.com/bid/35778
Summary:
Akamai Download Manager ActiveX control is prone to a remote stack-based buffer-overflow vulnerability.

Attackers can exploit this issue to execute arbitrary code within the context of an application that uses the ActiveX control (typically Internet Explorer). Failed exploit attempts will result in a denial-of-service condition.

Versions prior to Akamai Download Manager 2.2.4.8 are vulnerable.

66. Phorum Multiple BBCode HTML Injection Vulnerabilities
BugTraq ID: 35777
Remote: Yes
Last Updated: 2009-07-22
Relevant URL: http://www.securityfocus.com/bid/35777
Summary:
Phorum is prone to multiple HTML-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data.

Attacker-supplied HTML or JavaScript code could run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials and to control how the site is rendered to the user; other attacks are also possible.

Versions prior to Phorum 5.2.12a are vulnerable.

67. Snitz Forums 2000 'register.asp' SQL Injection Vulnerability
BugTraq ID: 35764
Remote: Yes
Last Updated: 2009-07-22
Relevant URL: http://www.securityfocus.com/bid/35764
Summary:
Snitz Forums 2000 is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Snitz Forums 2000 3.4.07 is vulnerable; other versions may also be affected.

68. Drupal Bubbletimer Create Timesheets HTML Injection Vulnerability
BugTraq ID: 35763
Remote: Yes
Last Updated: 2009-07-22
Relevant URL: http://www.securityfocus.com/bid/35763
Summary:
The Bubbletimer module for Drupal is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content.

Attacker-supplied HTML and script code would run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.

69. S.T.A.L.K.E.R. Clear Sky Remote Denial of Service Vulnerability
BugTraq ID: 35762
Remote: Yes
Last Updated: 2009-07-22
Relevant URL: http://www.securityfocus.com/bid/35762
Summary:
S.T.A.L.K.E.R. Clear Sky is prone to a remote denial-of-service vulnerability because the software fails to handle exceptional conditions when processing user nicknames.

Successfully exploiting this issue allows remote attackers to crash the affected application, denying service to legitimate users.

The issue affects S.T.A.L.K.E.R. Clear Sky versions 1.5.10 (1.0010) and prior.

Please note that this issue may be related to the issue described in BID 29723 (S.T.A.L.K.E.R. Remote Denial of Service Vulnerability). We will update this BID is more information emerges.

70. phpGroupWare Multiple Input Validation Vulnerabilities
BugTraq ID: 35761
Remote: Yes
Last Updated: 2009-07-22
Relevant URL: http://www.securityfocus.com/bid/35761
Summary:
phpGroupWare is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied data.

Exploiting these issues could allow an attacker to disclose sensitive information, steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

phpGroupWare 0.9.16.12 is affected; other versions may also be vulnerable.

71. ZNC File Upload Directory Traversal Vulnerability
BugTraq ID: 35757
Remote: Yes
Last Updated: 2009-07-21
Relevant URL: http://www.securityfocus.com/bid/35757
Summary:
ZNC is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input.

Exploiting this issue can allow an authenticated attacker to upload and overwrite files on the affected computer. Successful exploits will lead to other attacks.

Versions prior to ZNC 0.072 are vulnerable,

72. Novell Privileged User Manager Remote Library Injection Vulnerability
BugTraq ID: 35752
Remote: Yes
Last Updated: 2009-07-21
Relevant URL: http://www.securityfocus.com/bid/35752
Summary:
Novell Privileged User Manager is prone to a vulnerability that allows a remote attacker to inject a malicious library.

The attacker can exploit this issue to inject and execute arbitrary malicious code in the context of the vulnerable application. Successful exploits can compromise the application and possibly the computer; other attacks are also possible.

Novell Privileged User Manager 2.2.0 is vulnerable.

73. Common Data Format Library Multiple Memory Corruption Vulnerabilities
BugTraq ID: 35754
Remote: Yes
Last Updated: 2009-07-21
Relevant URL: http://www.securityfocus.com/bid/35754
Summary:
The Common Data Format (CDF) library is prone to multiple memory-corruption vulnerabilities.

An attacker can exploit these issues by tricking a victim into opening a specially crafted CDF file.

A successful attack will allow attacker-supplied code to run in the context of the victim opening the file. Failed exploit attempts will result in a denial-of-service condition.

CDF 3.2.4 is vulnerable; other versions may also be affected.

74. @Mail 'admin.php' Cross-Site Scripting Vulnerabilities
BugTraq ID: 34762
Remote: Yes
Last Updated: 2009-07-21
Relevant URL: http://www.securityfocus.com/bid/34762
Summary:
@Mail is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input.

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

The issues affect @Mail 5.61; other versions may also be affected.

75. World in Conflict Typecheck Remote Denial of Service Vulnerability
BugTraq ID: 35751
Remote: Yes
Last Updated: 2009-07-21
Relevant URL: http://www.securityfocus.com/bid/35751
Summary:
World in Conflict is prone to a remote denial-of-service vulnerability because the application fails to handle exceptional conditions.

An attacker could exploit this issue to crash the affected application, denying service to legitimate users.

This issue affects World in Conflict 1.0.1.1 and prior versions.

76. Linux Kernel SGI GRU Driver Off By One Vulnerability
BugTraq ID: 35753
Remote: No
Last Updated: 2009-07-21
Relevant URL: http://www.securityfocus.com/bid/35753
Summary:
Linux Kernel is prone to an off-by-one vulnerability that may allow attackers to trigger a denial-of-service condition. This issue affects the SGI GRU driver.

Given the nature of this issue, attackers may also be able to execute arbitrary code with kernel privileges, but this has not been confirmed.

77. McAfee SmartFilter Multiple Information Disclosure Vulnerabilities
BugTraq ID: 35756
Remote: No
Last Updated: 2009-07-21
Relevant URL: http://www.securityfocus.com/bid/35756
Summary:
McAfee SmartFilter is prone to an information-disclosure vulnerability.

Exploiting this issue may allow an attacker to access sensitive information that may aid in further attacks.

SmartFilter 4.2.1.00 is vulnerable; other versions may also be affected.

78. Sun Java System Web Server '.jsp' File Information Disclosure Vulnerability
BugTraq ID: 35577
Remote: Yes
Last Updated: 2009-07-21
Relevant URL: http://www.securityfocus.com/bid/35577
Summary:
Sun Java System Web Server is prone to a remote information-disclosure vulnerability.

Attackers can exploit this issue to obtain potentially sensitive information that may aid in further attacks.

The vulnerability affects Sun Java System Web Server 6.1 SP10, 6.1 SP11, and 7.0; other versions may also be affected.

79. Microsoft Office Web Components ActiveX Control 'msDataSourceObject' Code Execution Vulnerability
BugTraq ID: 35642
Remote: Yes
Last Updated: 2009-07-21
Relevant URL: http://www.securityfocus.com/bid/35642
Summary:
Microsoft Office Web Components is prone to a remote code-execution vulnerability that affects the OWC Spreadsheet ActiveX control. The control is identified by the following CLSIDs:

0002E541-0000-0000-C000-000000000046
0002E559-0000-0000-C000-000000000046

An attacker could exploit this issue by enticing a victim to visit a maliciously crafted site.

Successfully exploiting this issue would allow the attacker to execute arbitrary code in the context of the currently logged-in user.

80. WordPress Comment Author URI Cross-Site Scripting Vulnerability
BugTraq ID: 35755
Remote: Yes
Last Updated: 2009-07-21
Relevant URL: http://www.securityfocus.com/bid/35755
Summary:
WordPress is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

Versions prior to WordPress 2.8.2 are vulnerable.

81. America's Army Multiple Vulnerabilities
BugTraq ID: 35749
Remote: Yes
Last Updated: 2009-07-21
Relevant URL: http://www.securityfocus.com/bid/35749
Summary:
America's Army is prone to multiple vulnerabilities.

Exploiting these issues may allow attackers to crash the application and deny service to legitimate users. Attackers may be able to leverage some of these vulnerabilities to execute arbitrary code, but this has not been confirmed.

These issues affect America's Army 3.0.5 and prior versions.

82. Wireshark 1.2.0 Multiple Vulnerabilities
BugTraq ID: 35748
Remote: Yes
Last Updated: 2009-07-21
Relevant URL: http://www.securityfocus.com/bid/35748
Summary:
Wireshark is prone to multiple vulnerabilities, including a buffer-overflow issue and denial-of-service issues.

Exploiting these issues may allow attackers to crash the application and deny service to legitimate users. Attackers may be able to leverage some of these vulnerabilities to execute arbitrary code, but this has not been confirmed.

These issues affect Wireshark 0.9.2 through 1.2.0.

83. YourFreeWorld Programs Rating Script Multiple Cross Site Scripting Vulnerabilities
BugTraq ID: 35746
Remote: Yes
Last Updated: 2009-07-21
Relevant URL: http://www.securityfocus.com/bid/35746
Summary:
Programs Rating Script is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

84. E-Xoopport MyAnnonces 'lid' Parameter SQL Injection Vulnerability
BugTraq ID: 35744
Remote: Yes
Last Updated: 2009-07-21
Relevant URL: http://www.securityfocus.com/bid/35744
Summary:
E-Xoopport MyAnnounces module is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

85. Novell NetIdentity Agent 'XTIERRPCPIPE' Remote Code Execution Vulnerability
BugTraq ID: 34400
Remote: Yes
Last Updated: 2009-07-21
Relevant URL: http://www.securityfocus.com/bid/34400
Summary:
Novell NetIdentity Agent is prone to a remote code-execution vulnerability.

Attackers could exploit this issue to execute arbitrary code with SYSTEM-level privileges. Failed exploit attempts will likely cause denial-of-service conditions.

Novell NetIdentity Agent 1.2.3 is vulnerable; other versions may be affected as well.

86. CoreGraphics Font Glyph Rendering Library Multiple Remote Code Execution Vulnerabilities
BugTraq ID: 35774
Remote: Yes
Last Updated: 2009-07-21
Relevant URL: http://www.securityfocus.com/bid/35774
Summary:
CoreGraphics is prone to multiple remote code-execution vulnerabilities.

Successful exploits may allow an attacker to execute arbitrary code in the context of the user running the affected application. Failed attempts will likely result in denial-of-service conditions.

These vulnerabilities are related to the issues described in BID 34870 (Pango 'pango_glyph_string_set_size()' Integer Overflow Vulnerability).

These vulnerabilities were previously covered in BID 35758 (Mozilla Firefox MFSA 2009-34, -35, -36, -37, -39, -40 Multiple Vulnerabilities) but has been assigned its own record to better document the issue.

87. phpDirectorySource SQL Injection and Cross Site Scripting Vulnerabilities
BugTraq ID: 35760
Remote: Yes
Last Updated: 2009-07-21
Relevant URL: http://www.securityfocus.com/bid/35760
Summary:
phpDirectorySource is prone to an SQL-injection vulnerability and a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.

Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

88. XMB Forum 1.6 Magic Lantern Cross Site Scripting Vulnerabilities
BugTraq ID: 4721
Remote: Yes
Last Updated: 2009-07-20
Relevant URL: http://www.securityfocus.com/bid/4721
Summary:
XMB Forum 1.6 Magic Lantern is a web-based discussion forum. It is vulnerable to a number of cross-site scripting issues because of improper filtering of user input.

1. The first involves 'member.php'; submitting script to the variable 'member' in the context of 'action=viewpro' (profile viewing) will cause that script to be returned as an error message.

2. The second involves the 'MSN' information field of a user profile; a registered user can submit script to this field without it being filtered.

3. The third issue can be exploited by submitting a '<script>' tag encoded as '%253Cscript%253E' (note that the percent sign is encoded as '%25', and '3C' and '3E' are the '<' and '>' brackets) to the username variable in the context of 'action=reg' to 'member.php'.

89. KMPlayer '.srt' File Remote Buffer Overflow Vulnerability
BugTraq ID: 35745
Remote: Yes
Last Updated: 2009-07-20
Relevant URL: http://www.securityfocus.com/bid/35745
Summary:
KMPlayer is prone to a remote buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied input.

Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.

KMPlayer 2.9.4.1433 is vulnerable; other versions may also be affected.

90. KMPlayer Multiple Remote Denial of Service Vulnerabilities
BugTraq ID: 25651
Remote: Yes
Last Updated: 2009-07-20
Relevant URL: http://www.securityfocus.com/bid/25651
Summary:
KMPlayer is prone to multiple denial-of-service vulnerabilities when handling malformed AVI media files.

Successfully exploiting this issue allows remote attackers to deny service to legitimate users.

These issues affect KMPlayer 2.9.3.1210; other versions may also be vulnerable.

91. GraFX MiniCWB 'LANG' Parameter Multiple Remote File Include Vulnerabilities
BugTraq ID: 35738
Remote: Yes
Last Updated: 2009-07-20
Relevant URL: http://www.securityfocus.com/bid/35738
Summary:
GraFX MiniCWB is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data.

Exploiting these issues may allow an attacker to compromise the application and the computer; other attacks are also possible.

MiniCWB 2.3.0 is vulnerable; other versions may also be affected.

92. Sun Solaris 'auditconfig(1M)' Command Local Privilege Escalation Vulnerability
BugTraq ID: 35501
Remote: No
Last Updated: 2009-07-20
Relevant URL: http://www.securityfocus.com/bid/35501
Summary:
Sun Solaris is prone to a local privilege-escalation vulnerability.

An attacker can exploit this issue to run arbitrary code with privileges specified in the RBAC profile.

This issue affects the following on both SPARC and x86 platforms:

Solaris 8
Solaris 9
Solaris 10
OpenSolaris based on builds snv_01 through snv_58

93. Apple Safari 'CFCharacterSetInitInlineBuffer()' Remote Denial Of Service Vulnerability
BugTraq ID: 35481
Remote: Yes
Last Updated: 2009-07-20
Relevant URL: http://www.securityfocus.com/bid/35481
Summary:
Apple Safari is prone to a denial-of-service vulnerability that stems from a NULL-pointer dereference.

Attackers can exploit this issue to crash the affected application, denying service to legitimate users.
Given the nature of this issue, attackers may also be able to run arbitrary code, but this has not been confirmed.

Versions prior to Apple Safari 4 are vulnerable.

94. Apple Safari 'file://' Protocol Handler Information Disclosure and Denial of Service Vulnerability
BugTraq ID: 35482
Remote: Yes
Last Updated: 2009-07-20
Relevant URL: http://www.securityfocus.com/bid/35482
Summary:
Apple Safari is prone to an information-disclosure and denial-of-service vulnerability because it fails to properly sanitize user-supplied input.

An attacker can exploit this issue to access local files. On Microsoft Windows platforms, the attacker may launch rogue instances of Windows Explorer, which may affect the computer's overall stability, leading to a denial of service.

This issue affects versions prior to Safari 4.0 running on Apple Mac OS X 10.5.6 and on Microsoft Windows XP and Vista.

95. Joomla! 'joomla-php' Component 'id' Parameter SQL Injection Vulnerability
BugTraq ID: 35515
Remote: Yes
Last Updated: 2009-07-20
Relevant URL: http://www.securityfocus.com/bid/35515
Summary:
The 'joomla-php' component for Joomla! is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

96. Drupal Cross-Site Scripting, Code Injection and Information Disclosure Vulnerabilities
BugTraq ID: 35548
Remote: Yes
Last Updated: 2009-07-20
Relevant URL: http://www.securityfocus.com/bid/35548
Summary:
Drupal is prone to a cross-site vulnerability, a code-injection vulnerability, and an information-disclosure weakness.

An attacker may leverage these issues to obtain potentially sensitive information, execute arbitrary code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, or control how the site is rendered to the user; other attacks are also possible. In certain situations, the attacker may be able to leverage these issues to run arbitrary PHP code on the affected site.

These issues affect the following:

Drupal 5.x (prior to 5.19)
Drupal 6.x (prior to 6.13)

97. osTicket Staff Username SQL Injection Vulnerability
BugTraq ID: 35516
Remote: Yes
Last Updated: 2009-07-20
Relevant URL: http://www.securityfocus.com/bid/35516
Summary:
osTicket is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Versions prior to osTicket 1.6 RC5 are vulnerable.

98. FreeWebShop 'startmodules.inc.php' Local File Include Vulnerability
BugTraq ID: 34538
Remote: Yes
Last Updated: 2009-07-20
Relevant URL: http://www.securityfocus.com/bid/34538
Summary:
FreeWebShop is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.

An attacker can exploit this vulnerability to view and execute arbitrary local files in the context of the webserver process. This may aid in further attacks.

FreeWebShop 2.2.9 R2 is vulnerable; other versions may also be affected.

99. Ruby 'OCSP_basic_verify()' X.509 Certificate Verification Vulnerability
BugTraq ID: 33769
Remote: Yes
Last Updated: 2009-07-20
Relevant URL: http://www.securityfocus.com/bid/33769
Summary:
Ruby is prone to an X.509 certificate-verification vulnerability.

Exploiting this issue may allow an attacker to have a revoked x.509 certificate accepted as valid. This may allow the attacker to conduct phishing attacks or to impersonate legitimate sites. Other attacks are also possible.

Ruby 1.8.7 and 1.9.1 are vulnerable; other versions may also be affected.

100. Ruby BigDecimal Library Denial Of Service Vulnerability
BugTraq ID: 35278
Remote: Yes
Last Updated: 2009-07-20
Relevant URL: http://www.securityfocus.com/bid/35278
Summary:
Ruby is prone to a denial-of-service vulnerability in its BigDecimal library.

Successful exploits may allow remote attackers to cause denial-of-service conditions in applications that use the vulnerable module.

Versions prior to Ruby 1.8.6-p369 and 1.8.7-p173 are affected.

III. SECURITYFOCUS NEWS ARTICLES
--------------------------------
1. Web attacks hit U.S., South Korean sites
By: Robert Lemos
In its fourth day, a widespread distributed denial-of-service attack continued to inundate U.S. government and South Korean Web sites with network traffic.
http://www.securityfocus.com/news/11554

2. FTC persuades court to shutter rogue ISP
By: Robert Lemos
A federal district court shuts down Triple Fiber Network, after the Federal Trade Commission documents the Internet service provider's cooperation with online criminals and child pornographers.
http://www.securityfocus.com/news/11552

3. Obama launches cybersecurity initiative
By: Robert Lemos
The U.S. president announces that the nation's networks will be considered a "strategic national asset" and creates a top position in the White House to formulate a better cybersecurity policy.
http://www.securityfocus.com/news/11551

4. Browsers bashed first in hacking contest
By: Robert Lemos
A security researcher keeps a vulnerability on ice for an entire year, before using it at the Pwn2Own contest to exploit Apple's browser. Microsoft's Internet Explorer 8 falls soon after.
http://www.securityfocus.com/news/11549

IV. SECURITY JOBS LIST SUMMARY
-------------------------------
V. INCIDENTS LIST SUMMARY
---------------------------
VI. VULN-DEV RESEARCH LIST SUMMARY
-----------------------------------
VII. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. Forcing Password Changes for Non-Interacitve Logons
http://www.securityfocus.com/archive/88/505115

VIII. SUN FOCUS LIST SUMMARY
----------------------------
IX. LINUX FOCUS LIST SUMMARY
----------------------------
X. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to sf-news-unsubscribe (at) securityfocus (dot) com [email concealed] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin (at) securityfocus (dot) com [email concealed] and ask to be manually removed.

XI. SPONSOR INFORMATION
------------------------
This issue is sponsored by IronKey

INTRODUCING THE WORLD'S ONLY FIPS 140-2 LEVEL 3 VALIDATED USB FLASH DRIVE

Designed to meet the needs of military, government and demanding enterprise users, the IronKey? S200 series USB flash drives have passed the stringent Security Level 3 tests for the FIPS 140-2 standard. A rugged, tamper-resistant and tamper-evident enclosure protects the critical components, while strong AES 256-bit hardware encryption and active malware defenses safeguard even the most sensitive data. Enterprise-class central management capabilities also make it easy to enforce security policies on fleets of drives and even remotely destroy drives in the field.

? Always-On AES 256-bit Hardware Encryption
? FIPS 140-2 Level 3 Validated
? Hardened Case?Waterproof Beyond MIL-STD-810F
? Remote Management Software

Research for the IronKey architecture was funded in part by the U.S. Department of Homeland Security. In addition, IronKey maintains a trusted supply chain: all research and development is performed in the USA, and all boards are built and all drives are assembled in secure facilities in the USA.

IronKey Basic S200 drives will also be available in high-capacity 16GB models.

https://www.ironkey.com/S200_Launch?ik_c=s200_launch&ik_s=security_focus
&ik_t=newsletter

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus