SecurityFocus News
SecurityFocus Newsletter #510 Aug 19 2009 05:30PM
sfa securityfocus com
SecurityFocus Newsletter #510
----------------------------------------

This issue is sponsored by Immunet

Are you running Anti-Virus from Symantec, AVG or Mcafee? Make it significantly more effective and harness the security of thousands of others with 'Collective Immunity'. See the beta for Immunet Protect here: https://www.immunet.com/user/new

------------------------------------------------------------------
I. FRONT AND CENTER
1.The Scale of Security
2.Hacker-Tool Law Still Does Little
II. BUGTRAQ SUMMARY
1. GnuTLS NULL Character CA SSL Certificate Validation Security Bypass Vulnerability
2. VLC Media Player 'smb://' URI Handling Remote Buffer Overflow Vulnerability
3. Ipswitch FTP Log Server Denial of Service Vulnerability
4. Apple Safari Top Site Feature Website Promotion Security Vulnerability
5. ViewVC Cross Site Scripting and Unspecified Security Vulnerabilities
6. SAP NetWeaver Application Server 'uddiclient/process' HTML Injection Vulnerability
7. 2Wire Routers 'CD35_SETUP_01' Access Validation Vulnerability
8. Sun OpenSSO Enterprise XML Document Processing Unspecified Memory Corruption Vulnerability
9. IBM AIX '_LIB_INIT_DBG' and '_LIB_INIT_DBG_FILE' File Creation Vulnerability
10. Sun Java SE Multiple Security Vulnerabilities
11. libxml2 'xmlBufferResize()' Remote Denial of Service Vulnerability
12. libxml2 'xmlSAX2Characters()' Integer Overflow Vulnerability
13. Microsoft Windows Malformed AVI File Parsing Remote Integer Overflow Vulnerability
14. Microsoft Windows Malformed AVI File Header Parsing Remote Code Execution Vulnerability
15. PulseAudio setuid Local Privilege Escalation Vulnerability
16. Motorola Timbuktu Pro 'PlughNTCommand' Named Pipe Remote Stack Buffer Overflow Vulnerability
17. Microsoft Active Template Library Object Type Mismatch Remote Code Execution Vulnerability
18. FreeBSD 'mount(2)' and 'nmount(2)' Multiple Stack Buffer Overflow Vulnerabilities
19. SafeNet SoftRemote IKE Service Remote Stack Buffer Overflow Vulnerability
20. Unisys Business Information Server Remote Stack Buffer Overflow Vulnerability
21. IETF and W3C XML Digital Signature Specification HMAC Truncation Authentication Bypass Vulnerability
22. Microsoft Visual Studio Active Template Library COM Object Remote Code Execution Vulnerability
23. Microsoft Visual Studio ATL 'VariantClear()' Remote Code Execution Vulnerability
24. Microsoft Active Template Library 'IPersistStreamInit' Remote Code Execution Vulnerability
25. Microsoft Active Template Library Header Data Remote Code Execution Vulnerability
26. Microsoft Windows WINS Server Network Buffer Length Integer Overflow Vulnerability
27. Linux Kernel 'sock_sendpage()' NULL Pointer Dereference Vulnerability
28. Memcached Multiple Heap Based Buffer Overflow Vulnerability
29. Subversion Binary Delta Processing Multiple Integer Overflow Vulnerabilities
30. Linux Kernel 'e1000/e1000_main.c' Remote Denial of Service Vulnerability
31. Linux Kernel 'drivers/char/agp/generic.c' Local Information Disclosure Vulnerability
32. Linux Kernel NFS 'MAY_EXEC' Security Bypass Vulnerability
33. Linux Kernel nfsd 'CAP_MKNOD' Unauthorized Access Vulnerability
34. Xen 'hypervisor_callback()' Guest Local Denial Of Service Vulnerability
35. Sun Solaris 'IP(7P)' Multicast Reception Local Denial Of Service Vulnerability
36. Sun Solaris 'rpc.nisd(1M)' Daemon NIS+ Server Remote Denial Of Service Vulnerability
37. Sun Solaris SCTP Packet Processing Remote Denial of Service Vulnerability
38. ICQ Incoming Message HTML Injection Vulnerability
39. libxml2 Multiple Memory Corruption Vulnerabilities
40. Mozilla Firefox 3.5.1/3.0.12 Multiple Memory Corruption Vulnerabilities
41. IBM Tivoli Key Lifecycle Manager Password Unspecified Vulnerability
42. nilfs-utils Multiple Local Privilege Escalation Vulnerabilities
43. Sophos Antivirus Multiple File Processing Remote Denial Of Service Vulnerabilities
44. Mozilla Firefox Incorrect Security Wrapper JavaScript Chrome Privilege Escalation Vulnerability
45. ZNC File Upload Directory Traversal Vulnerability
46. Multiple AvailScript Products Arbitrary File Upload Vulnerabilities
47. WS_FTP Server Manager Authentication Bypass and Information Disclosure Vulnerabilities
48. Ipswitch WS_FTP SFTP Opendir Command Buffer Overflow Vulnerability
49. Net-SNMP GETBULK Remote Denial of Service Vulnerability
50. Rsync 'xattr' Support Integer Overflow Vulnerability
51. PHP 5.2.8 and Prior Versions Multiple Vulnerabilities
52. OpenSSL Multiple Vulnerabilities
53. OpenSSH CBC Mode Information Disclosure Vulnerability
54. Linux Kernel RTL8169 NIC Remote Denial of Service Vulnerability
55. Linux Kernel CIFS 'decode_unicode_ssetup()' Remote Buffer Overflow Vulnerability
56. Linux Kernel CIFS Remote Buffer Overflow Vulnerability
57. cURL / libcURL NULL Character CA SSL Certificate Validation Security Bypass Vulnerability
58. Microsoft Windows Workstation Service Double Free Remote Code Execution Vulnerability
59. Fetchmail NULL Character CA SSL Certificate Validation Security Bypass Vulnerability
60. WordPress Plugin WP-Syntax Remote PHP Code Execution Vulnerability
61. Drupal Printer, e-mail and PDF versions Module Multiple HTML Injection Vulnerabilities
62. Linux Kernel 'binfmt_flat.c' NULL Pointer Dereference Denial of Service Vulnerability
63. HP Insight Control Suite for Linux (ICE-LX) Unspecified Security Vulnerability
64. Microsoft Remote Desktop Connection ActiveX Control Heap Based Buffer Overflow Vulnerability
65. Microsoft Office Web Components ActiveX Control Buffer Overflow Code Execution Vulnerability
66. Microsoft Office Web Components ActiveX Control 'msDataSourceObject()' Code Execution Vulnerability
67. Microsoft OWC ActiveX Control 'BorderAround()' Heap Corruption Remote Code Execution Vulnerability
68. Microsoft Windows Telnet NTLM Credential Reflection Authentication Bypass Vulnerability
69. Microsoft Message Queuing Service NULL Pointer Dereference Local Privilege Escalation Vulnerability
70. Apple Mac OS X 2009-003 Multiple Security Vulnerabilities
71. CamlImages PNG Image Parsing Multiple Integer Overflow Vulnerabilities
72. ISC BIND 9 Remote Dynamic Update Message Denial of Service Vulnerability
73. Ruby 'OCSP_basic_verify()' X.509 Certificate Verification Vulnerability
74. Ruby BigDecimal Library Denial Of Service Vulnerability
75. phpGroupWare Multiple Input Validation Vulnerabilities
76. NTP 'ntpd' Autokey Stack Buffer Overflow Vulnerability
77. Asterisk SIP Channel Driver 'scanf' Multiple Remote Denial of Service Vulnerabilities
78. Gallarific Cross Site Scripting and Authentication Bypass Vulnerabilities
79. Avant Browser 'browser:home' Multiple HTML Injection Vulnerabilities
80. NTP 'ntpq' Stack Buffer Overflow Vulnerability
81. BoonEx Orca Topic Title HTML Injection Vulnerability
82. Mozilla Firefox and Seamonkey Regular Expression Parsing Heap Buffer Overflow Vulnerability
83. Mozilla NSS NULL Character CA SSL Certificate Validation Security Bypass Vulnerability
84. Pixaria Gallery 'file' Parameter Directory Traversal Vulnerability
85. WordPress 'wp-login.php' Admin Password Reset Security Bypass Vulnerability
86. strongSwan Crafted X.509 Certificate Multiple Remote Denial Of Service Vulnerabilities
87. Adobe Reader and Acrobat JBIG Segments 'Text Region' Memory Corruption Vulnerability
88. Adobe Reader and Acrobat JBIG 'Pattern Dictionary' Remote Heap Buffer Overflow Vulnerability
89. Adobe Reader & Acrobat JBIG Pattern Dictionary Allocation Remote Heap Buffer Overflow Vulnerability
90. Adobe Reader and Acrobat JBIG 'Halftone Region' Remote Heap Buffer Overflow Vulnerability
91. Adobe Reader and Acrobat FlateDecode Filter Integer Overflow Vulnerability
92. Adobe Reader and Acrobat TrueType Font Handling Memory Corruption Vulnerability
93. Adobe Reader and Acrobat JBIG Halftone Region Grid Area Remote Heap Buffer Overflow Vulnerability
94. Adobe Reader and Acrobat Huffman-encoded JBIG2 Text Heap Overflow Vulnerability
95. Adobe Reader and Acrobat JBIG2 Filter Unspecified Memory Corruption Vulnerability
96. Adobe Reader and Acrobat JBIG 'Halftone Region' Remote Heap Buffer Overflow Vulnerability
97. Adobe Reader and Acrobat U3D Model Remote Stack Buffer Overflow Vulnerability
98. Adobe Reader and Acrobat Unspecified Memory Corruption Vulnerability
99. Adobe Reader and Acrobat Multiple Unspecified Remote Heap Buffer Overflow Vulnerabilities
100. Adobe Reader and Acrobat 9.1.1 and Prior Multiple Remote Vulnerabilities
III. SECURITYFOCUS NEWS
1. Hacker charged with Heartland, other breaches
2. Web attacks hit U.S., South Korean sites
3. FTC persuades court to shutter rogue ISP
4. Obama launches cybersecurity initiative
IV. SECURITY JOBS LIST SUMMARY
V. INCIDENTS LIST SUMMARY
VI. VULN-DEV RESEARCH LIST SUMMARY
VII. MICROSOFT FOCUS LIST SUMMARY
VIII. SUN FOCUS LIST SUMMARY
IX. LINUX FOCUS LIST SUMMARY
X. UNSUBSCRIBE INSTRUCTIONS
XI. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1.The Scale of Security
By Adam O'Donnell
Human beings do not naturally understand scale. While we speak of financial transactions in the hundreds of billions of dollars as being something as routine as brushing our teeth, we question the value of programs that cost in the single-digit millions and quibble with friends over dollars. Similarly, there are many problems in our industry that, when explained to an outsider, sound like they should have been solved decades ago. It is only when we relate the number of systems that need to be considered in the repair that we truly communicate the difficulty of the problem.
http://www.securityfocus.com/columnists/503

2. Hacker-Tool Law Still Does Little
By Mark Rasch
On August 10, 2007, a new section of the German Penal code went into effect. The statute, intended to implement certain provisions of the Council of Europe Treaty on Cybercrime, could be interpreted to make the creation or distribution of computer security software a criminal offense.
http://www.securityfocus.com/columnists/502

II. BUGTRAQ SUMMARY
--------------------
1. GnuTLS NULL Character CA SSL Certificate Validation Security Bypass Vulnerability
BugTraq ID: 35952
Remote: Yes
Last Updated: 2009-08-14
Relevant URL: http://www.securityfocus.com/bid/35952
Summary:
GnuTLS is prone to a security-bypass vulnerability because it fails to properly validate the domain name in a signed CA certificate, allowing attackers to substitute malicious SSL certificates for trusted ones.

Successfully exploiting this issue allows attackers to perform man-in-the-middle attacks or impersonate trusted servers, which will aid in further attacks.

Versions prior to GnuTLS 2.8.2 are vulnerable.

2. VLC Media Player 'smb://' URI Handling Remote Buffer Overflow Vulnerability
BugTraq ID: 35500
Remote: Yes
Last Updated: 2009-08-14
Relevant URL: http://www.securityfocus.com/bid/35500
Summary:
VLC Media Player is prone to a remote stack-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data.

Attackers could exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely cause denial-of-service conditions.

VLC Media Player 0.9.9 through 1.0.1 for Windows are vulnerable; other versions may also be affected.

3. Ipswitch FTP Log Server Denial of Service Vulnerability
BugTraq ID: 27612
Remote: Yes
Last Updated: 2009-08-12
Relevant URL: http://www.securityfocus.com/bid/27612
Summary:
WS_FTP Log Server shipped with WS_FTP is prone to a remote denial-of-service vulnerability.

Successfully exploiting this issue allows remote attackers to crash the affected application, denying service to legitimate users.

This issue affects WS_FTP running FTP Log Server 7.9.14.0; other versions may also be affected.

4. Apple Safari Top Site Feature Website Promotion Security Vulnerability
BugTraq ID: 36022
Remote: Yes
Last Updated: 2009-08-12
Relevant URL: http://www.securityfocus.com/bid/36022
Summary:
Apple Safari is prone to a vulnerability that may aid in phishing-style attacks.

An attacker may exploit this issue to promote arbitrary sites into the Top Site views through automated actions. Successfully exploiting this issue will lead to other attacks.

Versions prior to Apple Safari 4.0.3 are vulnerable.

5. ViewVC Cross Site Scripting and Unspecified Security Vulnerabilities
BugTraq ID: 36035
Remote: Yes
Last Updated: 2009-08-12
Relevant URL: http://www.securityfocus.com/bid/36035
Summary:
ViewVC is prone to multiple security vulnerabilities, including:

- A cross-site scripting vulnerability.
- An unspecified security vulnerability that may allow attackers to print illegal parameter names and values.

An attacker may leverage theses issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site and steal cookie-based authentication credentials. Other attacks are also possible.

Versions prior to ViewVC 1.0.9 are vulnerable.

6. SAP NetWeaver Application Server 'uddiclient/process' HTML Injection Vulnerability
BugTraq ID: 36034
Remote: Yes
Last Updated: 2009-08-12
Relevant URL: http://www.securityfocus.com/bid/36034
Summary:
SAP NetWeaver Application Server is prone to an HTML-injection vulnerability because the application's UDDI client fails to properly sanitize user-supplied input before using it in dynamically generated content.

Attacker-supplied HTML and script code would run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.

This issue is documented by SAP Note 1322098.

7. 2Wire Routers 'CD35_SETUP_01' Access Validation Vulnerability
BugTraq ID: 36031
Remote: Yes
Last Updated: 2009-08-12
Relevant URL: http://www.securityfocus.com/bid/36031
Summary:
Multiple 2Wire routers are prone to an access-validation vulnerability because they fail to adequately authenticate users before performing certain actions.

Unauthenticated attackers can leverage this issue to change the administrative password of the router. Successful attacks will completely compromise affected devices.

2Wire routers prior to Firmware version 5.29.135.5 are vulnerable.

8. Sun OpenSSO Enterprise XML Document Processing Unspecified Memory Corruption Vulnerability
BugTraq ID: 35977
Remote: Yes
Last Updated: 2009-08-11
Relevant URL: http://www.securityfocus.com/bid/35977
Summary:
Sun OpenSSO Enterprise (formerly Sun Java System Access Manager and Sun Java System Identity Server) is prone to a memory-corruption vulnerability because it fails to properly handle specially crafted XML documents.

Very few details are available regarding this issue. We will update this BID as more information emerges.

An attacker can exploit this issue to execute arbitrary code within the context of the vulnerable application. Failed exploit attempts will result in a denial-of-service condition.

9. IBM AIX '_LIB_INIT_DBG' and '_LIB_INIT_DBG_FILE' File Creation Vulnerability
BugTraq ID: 35934
Remote: No
Last Updated: 2009-08-11
Relevant URL: http://www.securityfocus.com/bid/35934
Summary:
IBM AIX is prone to multiple file-creation vulnerabilities.

An attacker with local access can exploit these issues to create arbitrary files and execute arbitrary files with superuser privileges. Successfully exploiting this issue will completely compromise affected computers.

AIX 5.3 and 6.1 are vulnerable.

10. Sun Java SE Multiple Security Vulnerabilities
BugTraq ID: 35922
Remote: Yes
Last Updated: 2009-08-11
Relevant URL: http://www.securityfocus.com/bid/35922
Summary:
Sun has released updates to address multiple vulnerabilities in Java SE.

Very little technical information is currently available on these issues. This BID will be updated as the vendor advisories are released.

These issues are addressed in the following releases:

JDK and JRE 6 Update 15
JDK and JRE 5.0 Update 20
SDK and JRE 1.4.2_22
SDK and JRE 1.3.1_26

11. libxml2 'xmlBufferResize()' Remote Denial of Service Vulnerability
BugTraq ID: 32331
Remote: Yes
Last Updated: 2009-08-11
Relevant URL: http://www.securityfocus.com/bid/32331
Summary:
The 'libxml2' library is prone to a remote denial-of-service vulnerability.

Attackers can exploit this issue to cause the affected application using the library to fall into an infinite loop, denying service to legitimate users.

This issue affects libxml2-2.7.2; other versions may also be affected.

12. libxml2 'xmlSAX2Characters()' Integer Overflow Vulnerability
BugTraq ID: 32326
Remote: Yes
Last Updated: 2009-08-11
Relevant URL: http://www.securityfocus.com/bid/32326
Summary:
The 'libxml2' library is prone to an integer-overflow vulnerability because it fails to properly verify user-supplied data when handling XML files.

Successful exploits of this vulnerability allow remote attackers to execute arbitrary machine code in the context of an affected application. Failed exploits may crash the application.

This issue affects libxml2-2.7.2; other versions may also be affected.

13. Microsoft Windows Malformed AVI File Parsing Remote Integer Overflow Vulnerability
BugTraq ID: 35970
Remote: Yes
Last Updated: 2009-08-11
Relevant URL: http://www.securityfocus.com/bid/35970
Summary:
Microsoft Windows is prone to a remote integer-overflow vulnerability.

This issue arises when an affected Windows component handles a malicious Audio Video Interleave (AVI) file.

An attacker can exploit this issue to execute arbitrary code with the privileges of the affected user. Failed exploit attempts will result in a denial-of-service condition.

NOTE: The affected Windows operating system component is independent of Windows Media Player therefore this issue does not specifically affect Windows Media Player.

14. Microsoft Windows Malformed AVI File Header Parsing Remote Code Execution Vulnerability
BugTraq ID: 35967
Remote: Yes
Last Updated: 2009-08-11
Relevant URL: http://www.securityfocus.com/bid/35967
Summary:
Microsoft Windows is prone to a remote code-execution vulnerability.

This issue arises when an affected Windows component handles a malicious Audio Video Interleave (AVI) file.

An attacker can exploit this issue to execute arbitrary code with the privileges of the affected user. Failed exploit attempts will result in a denial-of-service condition.

NOTE: The affected Windows operating system component is independent of Windows Media Player therefore this issue does not specifically affect Windows Media Player.

15. PulseAudio setuid Local Privilege Escalation Vulnerability
BugTraq ID: 35721
Remote: No
Last Updated: 2009-08-11
Relevant URL: http://www.securityfocus.com/bid/35721
Summary:
PulseAudio is prone to a local privilege-escalation vulnerability caused by a race-condition error.

Exploiting this issue could allow attackers to perform actions with superuser privileges, resulting in a complete compromise of affected computers.

16. Motorola Timbuktu Pro 'PlughNTCommand' Named Pipe Remote Stack Buffer Overflow Vulnerability
BugTraq ID: 35496
Remote: Yes
Last Updated: 2009-08-11
Relevant URL: http://www.securityfocus.com/bid/35496
Summary:
Motorola Timbuktu Pro for Windows is prone to a remote stack-based buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it into an insufficiently sized memory buffer.

An attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Failed exploit attempts will result in denial-of-service conditions.

Versions prior to Timbuktu Pro 8.6.7 for Windows are vulnerable.

17. Microsoft Active Template Library Object Type Mismatch Remote Code Execution Vulnerability
BugTraq ID: 35982
Remote: Yes
Last Updated: 2009-08-11
Relevant URL: http://www.securityfocus.com/bid/35982
Summary:
The Microsoft Active Template Library is prone to a remote code-execution vulnerability.

This issue affects a private version of the ATL used internally by Microsoft; components written by other vendors are unlikely to be affected.

Remote attackers can exploit this issue to execute arbitrary code with the privileges of the user running an application built against the affected library. Failed exploit attempts will result in a denial-of-service condition.

18. FreeBSD 'mount(2)' and 'nmount(2)' Multiple Stack Buffer Overflow Vulnerabilities
BugTraq ID: 31002
Remote: No
Last Updated: 2009-08-11
Relevant URL: http://www.securityfocus.com/bid/31002
Summary:
FreeBSD is prone to multiple stack-based buffer-overflow vulnerabilities because the kernel fails to perform adequate boundary checks on user-supplied data.

A local attacker can exploit these issues to execute arbitrary code with kernel-level privileges. Successfully exploiting these issues will result in the complete compromise of affected computers. Failed exploit attempts will cause a denial-of-service condition.

FreeBSD 7.0-RELEASE and 7.0-STABLE are vulnerable.

19. SafeNet SoftRemote IKE Service Remote Stack Buffer Overflow Vulnerability
BugTraq ID: 35154
Remote: Yes
Last Updated: 2009-08-11
Relevant URL: http://www.securityfocus.com/bid/35154
Summary:
SafeNet SoftRemote is prone to a remote stack-based buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it into an insufficiently sized memory buffer.

An attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successfully exploiting this issue will result in the complete compromise of affected computers. Failed exploit attempts will result in a denial-of-service condition.

Versions prior to SoftRemote 10.8.6 are vulnerable.

20. Unisys Business Information Server Remote Stack Buffer Overflow Vulnerability
BugTraq ID: 35494
Remote: Yes
Last Updated: 2009-08-11
Relevant URL: http://www.securityfocus.com/bid/35494
Summary:
Unisys Business Information Server (formerly known as MAPPER) is prone to a remote stack-based buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it into an insufficiently sized memory buffer.

An attacker can exploit this issue to execute arbitrary code within the context of an affected server, possibly with SYSTEM-level privileges. Failed exploit attempts will result in denial-of-service conditions.

Business Information Server 10 and 10.1 are vulnerable; other versions may also be affected.

21. IETF and W3C XML Digital Signature Specification HMAC Truncation Authentication Bypass Vulnerability
BugTraq ID: 35671
Remote: Yes
Last Updated: 2009-08-11
Relevant URL: http://www.securityfocus.com/bid/35671
Summary:
The IETF and W3C XML Digital Signature Specification is prone to an authentication-bypass vulnerability.

Attackers may exploit this issue to forge signatures to arbitrary XML data. This may lead to further attacks.

Note that the specification doesn't require implementations to accept all truncation length values. As a result, not all implementations of the XML Digital Signature Specification will be affected by this issue.

22. Microsoft Visual Studio Active Template Library COM Object Remote Code Execution Vulnerability
BugTraq ID: 35828
Remote: Yes
Last Updated: 2009-08-11
Relevant URL: http://www.securityfocus.com/bid/35828
Summary:
Microsoft Visual Studio is prone to a remote code-execution vulnerability in the Active Template Library (ATL).

Remote attackers can exploit this issue to execute arbitrary code with the privileges of the user running an application built against the affected library. Failed exploit attempts will result in a denial-of-service condition.

23. Microsoft Visual Studio ATL 'VariantClear()' Remote Code Execution Vulnerability
BugTraq ID: 35832
Remote: Yes
Last Updated: 2009-08-11
Relevant URL: http://www.securityfocus.com/bid/35832
Summary:
Microsoft Visual Studio is prone to a remote code-execution vulnerability in the Active Template Library (ATL).

Remote attackers can exploit this issue to execute arbitrary code with the privileges of the user running an application built with the affected library.

24. Microsoft Active Template Library 'IPersistStreamInit' Remote Code Execution Vulnerability
BugTraq ID: 35585
Remote: Yes
Last Updated: 2009-08-11
Relevant URL: http://www.securityfocus.com/bid/35585
Summary:
The Microsoft Active Template Library is prone to a remote code-execution vulnerability.

This issue affects a private version of the ATL used internally by Microsoft; components written by other vendors are unlikely to be affected.

Remote attackers can exploit this issue to execute arbitrary code with the privileges of the user running an application built against the affected library. Failed exploit attempts will result in a denial-of-service condition.

NOTE: This BID was previously titled "Microsoft Windows 'msvidctl.dll' ActiveX Control Unspecified Remote Memory Corruption Vulnerability". It has been updated to better document the underlying issue.

25. Microsoft Active Template Library Header Data Remote Code Execution Vulnerability
BugTraq ID: 35558
Remote: Yes
Last Updated: 2009-08-11
Relevant URL: http://www.securityfocus.com/bid/35558
Summary:
The Microsoft Active Template Library is prone to a remote code-execution vulnerability.

This issue affects a private version of the ATL used internally by Microsoft; components written by other vendors are unlikely to be affected.

Remote attackers can exploit this issue to execute arbitrary code with the privileges of the user running an application built against the affected library. Failed exploit attempts will result in a denial-of-service condition.

NOTE: This BID was previously titled "Microsoft Windows 'MPEG2TuneRequest' ActiveX Control Remote Code Execution Vulnerability". It has been updated to better reflect the underlying issue.

26. Microsoft Windows WINS Server Network Buffer Length Integer Overflow Vulnerability
BugTraq ID: 35981
Remote: Yes
Last Updated: 2009-08-11
Relevant URL: http://www.securityfocus.com/bid/35981
Summary:
The Microsoft Windows WINS Server is prone to a remote integer-overflow vulnerability.

An attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successfully exploiting this issue will completely compromise affected computers. Failed exploit attempts will result in a denial-of-service condition.

27. Linux Kernel 'sock_sendpage()' NULL Pointer Dereference Vulnerability
BugTraq ID: 36038
Remote: No
Last Updated: 2009-08-14
Relevant URL: http://www.securityfocus.com/bid/36038
Summary:
The Linux kernel is prone to a local NULL-pointer dereference vulnerability.

A local attacker can exploit this issue to execute arbitrary code with superuser privileges or crash an affected kernel, denying service to legitimate users.

Versions prior to the Linux kernel 2.4.37.5 and 2.6.31-rc6 are vulnerable.

28. Memcached Multiple Heap Based Buffer Overflow Vulnerability
BugTraq ID: 35989
Remote: Yes
Last Updated: 2009-08-14
Relevant URL: http://www.securityfocus.com/bid/35989
Summary:
Memcached is prone to multiple heap-based buffer-overflow vulnerabilities because the application fails to perform adequate boundary-checks on user-supplied data.

Attackers can exploit these issues to execute arbitrary code with superuser privileges. Successfully exploiting this issue will compromise the affected application. Failed exploit attempts will result in a denial-of-service condition.

29. Subversion Binary Delta Processing Multiple Integer Overflow Vulnerabilities
BugTraq ID: 35983
Remote: Yes
Last Updated: 2009-08-14
Relevant URL: http://www.securityfocus.com/bid/35983
Summary:
Subversion is prone to multiple integer-overflow vulnerabilities.

Attackers can exploit these issues to execute arbitrary code in the context of Subversion clients and servers. Successful exploits will compromise the affected application and possibly the computer. Failed attacks will cause denial-of-service conditions.

The issues affect the following:
Subversion clients and servers versions 1.5.6 and prior.
Subversion clients and servers versions 1.6.0 through 1.6.3.

30. Linux Kernel 'e1000/e1000_main.c' Remote Denial of Service Vulnerability
BugTraq ID: 35185
Remote: Yes
Last Updated: 2009-08-14
Relevant URL: http://www.securityfocus.com/bid/35185
Summary:
The Linux kernel is prone to a remote denial-of-service vulnerability.

Attackers can exploit this issue via crafted packets to cause a kernel panic, denying service to legitimate users.

31. Linux Kernel 'drivers/char/agp/generic.c' Local Information Disclosure Vulnerability
BugTraq ID: 34673
Remote: No
Last Updated: 2009-08-14
Relevant URL: http://www.securityfocus.com/bid/34673
Summary:
The Linux kernel is prone to a local information-disclosure vulnerability.

Local attackers can exploit this issue to obtain sensitive information that may lead to further attacks.

Versions prior to the Linux kernel 2.6.30-rc3 are vulnerable.

32. Linux Kernel NFS 'MAY_EXEC' Security Bypass Vulnerability
BugTraq ID: 34934
Remote: Yes
Last Updated: 2009-08-14
Relevant URL: http://www.securityfocus.com/bid/34934
Summary:
The Linux Kernel is prone to an security-bypass vulnerability that affects the NFS (Network File System) implementation.

An attacker can exploit this issue to perform privileged operations on a vulnerable computer, which may aid in further attacks.

33. Linux Kernel nfsd 'CAP_MKNOD' Unauthorized Access Vulnerability
BugTraq ID: 34205
Remote: Yes
Last Updated: 2009-08-14
Relevant URL: http://www.securityfocus.com/bid/34205
Summary:
The Linux Kernel is prone to an unauthorized-access vulnerability that can occur when users with certain capabilities connect to the 'nfsd' service.

An attacker with authenticated access to the affected application can exploit this issue to perform privileged operations on a vulnerable computer; this may aid in further attacks.

34. Xen 'hypervisor_callback()' Guest Local Denial Of Service Vulnerability
BugTraq ID: 34957
Remote: No
Last Updated: 2009-08-14
Relevant URL: http://www.securityfocus.com/bid/34957
Summary:
Xen is prone to a denial-of-service vulnerability because the application fails to properly do checks in 'hypervisor_callback()'.

An attacker in the guest system can exploit this issue to cause the guest kernel to oops, effectively denying service to legitimate users.

35. Sun Solaris 'IP(7P)' Multicast Reception Local Denial Of Service Vulnerability
BugTraq ID: 35474
Remote: No
Last Updated: 2009-08-14
Relevant URL: http://www.securityfocus.com/bid/35474
Summary:
Sun Solaris is prone to a local denial-of-service vulnerability.

Local attackers may exploit this issue to cause the kernel to leak memory, denying service to legitimate users.

This issue affects the following on both SPARC and x86 platforms:

Solaris 10
OpenSolaris based upon builds snv_67 through snv_93

36. Sun Solaris 'rpc.nisd(1M)' Daemon NIS+ Server Remote Denial Of Service Vulnerability
BugTraq ID: 35276
Remote: Yes
Last Updated: 2009-08-14
Relevant URL: http://www.securityfocus.com/bid/35276
Summary:
Sun Solaris 'rpc.nisd(1M)' daemon may allow remote attackers to crash an instance of the NIS+ server, causing the service to stop responding to further requests.

Solaris 8, 9, 10, and OpenSolaris based on builds snv_01 through snv_103 are affected.

37. Sun Solaris SCTP Packet Processing Remote Denial of Service Vulnerability
BugTraq ID: 35712
Remote: Yes
Last Updated: 2009-08-14
Relevant URL: http://www.securityfocus.com/bid/35712
Summary:
Sun Solaris is prone to a remote denial-of-service vulnerability because of an error in SCTP 'sctp(7P)' packet processing.

Exploiting this issue allows attackers to panic the vulnerable system, effectively denying service to legitimate users.

These issues affect Solaris 10 and OpenSolaris snv_01 through snv_119.

38. ICQ Incoming Message HTML Injection Vulnerability
BugTraq ID: 36041
Remote: Yes
Last Updated: 2009-08-14
Relevant URL: http://www.securityfocus.com/bid/36041
Summary:
ICQ is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content.

Attacker-supplied HTML and script code would run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.

ICQ 6.5 build 1042 is vulnerable; other versions may also be affected.

39. libxml2 Multiple Memory Corruption Vulnerabilities
BugTraq ID: 36010
Remote: Yes
Last Updated: 2009-08-13
Relevant URL: http://www.securityfocus.com/bid/36010
Summary:
libxml2 is prone to multiple memory-corruption vulnerabilities.

An attacker can exploit these issues by tricking a victim into opening a specially crafted XML file.

A successful attack can allow attacker-supplied code to run in the context of the application using the vulnerable library or cause a denial-of-service condition.

40. Mozilla Firefox 3.5.1/3.0.12 Multiple Memory Corruption Vulnerabilities
BugTraq ID: 35927
Remote: Yes
Last Updated: 2009-08-13
Relevant URL: http://www.securityfocus.com/bid/35927
Summary:
Mozilla Firefox is prone to multiple remote memory-corruption vulnerabilities.

An attacker can exploit these issues to corrupt memory on the affected computer and potentially run arbitrary code in the context of the user running the affected application. Failed exploit attempts will cause denial-of-service conditions.

Mozilla Firefox versions prior to 3.5.2 and 3.0.13 are affected.

41. IBM Tivoli Key Lifecycle Manager Password Unspecified Vulnerability
BugTraq ID: 35938
Remote: Yes
Last Updated: 2009-08-13
Relevant URL: http://www.securityfocus.com/bid/35938
Summary:
IBM Tivoli Key Lifecycle Manager is prone to an unspecified security vulnerability related to passwords.

Currently, very little is known about this issue. We will update this BID as more information emerges.

The issue affects IBM Tivoli Key Lifecycle Manager 1.0 on AIX, Linux, Solaris, and Windows platforms.

42. nilfs-utils Multiple Local Privilege Escalation Vulnerabilities
BugTraq ID: 35796
Remote: No
Last Updated: 2009-08-13
Relevant URL: http://www.securityfocus.com/bid/35796
Summary:
The 'nilfs-utils' Linux application is prone to multiple local privilege-escalation vulnerabilities.

Local attackers may exploit these issues to gain elevated privileges, which may lead to a complete compromise of an affected computer.

Versions prior to 'nilfs-utils' 2.0.14 are vulnerable.

43. Sophos Antivirus Multiple File Processing Remote Denial Of Service Vulnerabilities
BugTraq ID: 32748
Remote: Yes
Last Updated: 2009-08-13
Relevant URL: http://www.securityfocus.com/bid/32748
Summary:
Sophos Antivirus is prone to multiple remote denial-of-service vulnerabilities because the application fails to properly handle malformed files.

Remote attackers may exploit these issues to crash the affected application, denying service to legitimate users. Given the nature of these issues, attackers may also be able to execute code, but this has not been confirmed.

44. Mozilla Firefox Incorrect Security Wrapper JavaScript Chrome Privilege Escalation Vulnerability
BugTraq ID: 35928
Remote: Yes
Last Updated: 2009-08-13
Relevant URL: http://www.securityfocus.com/bid/35928
Summary:
Mozilla Firefox is prone to a privilege-escalation vulnerability.

Attackers can exploit this issue to execute arbitrary JavaScript code with chrome privileges.

The issue affects Firefox 3.5 prior to 3.5.2.

45. ZNC File Upload Directory Traversal Vulnerability
BugTraq ID: 35757
Remote: Yes
Last Updated: 2009-08-13
Relevant URL: http://www.securityfocus.com/bid/35757
Summary:
ZNC is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input.

Exploiting this issue can allow an authenticated attacker to upload and overwrite files on the affected computer. Successful exploits will lead to other attacks.

Versions prior to ZNC 0.072 are vulnerable,

46. Multiple AvailScript Products Arbitrary File Upload Vulnerabilities
BugTraq ID: 32821
Remote: Yes
Last Updated: 2009-08-13
Relevant URL: http://www.securityfocus.com/bid/32821
Summary:
Multiple AvailScript Products are prone to multiple vulnerabilities that let remote attackers upload and execute arbitrary script code on an affected computer with the privileges of the webserver process. The issues occur because the applications fail to sanitize user-supplied input.

47. WS_FTP Server Manager Authentication Bypass and Information Disclosure Vulnerabilities
BugTraq ID: 27654
Remote: Yes
Last Updated: 2009-08-13
Relevant URL: http://www.securityfocus.com/bid/27654
Summary:
WS_FTP Server Manager is prone to an authentication-bypass vulnerability and an information-disclosure vulnerability.

An attacker can exploit these issues to gain unauthorized access to the affected application and gain access to potentially sensitive information.

These issues affect WS_FTP Server Manager 6.1.0.0; prior versions may also be affected.

48. Ipswitch WS_FTP SFTP Opendir Command Buffer Overflow Vulnerability
BugTraq ID: 27573
Remote: Yes
Last Updated: 2009-08-13
Relevant URL: http://www.securityfocus.com/bid/27573
Summary:
Ipswitch WS_FTP is prone to a buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.

An attacker may exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successfully exploiting this issue will result in the complete compromise of affected computers. Failed exploit attempts will result in a denial of service.

This issue affects WS_FTP 6.1.0.0; other versions may also be affected.

49. Net-SNMP GETBULK Remote Denial of Service Vulnerability
BugTraq ID: 32020
Remote: Yes
Last Updated: 2009-08-13
Relevant URL: http://www.securityfocus.com/bid/32020
Summary:
Net-SNMP is prone to a remote denial-of-service vulnerability.

Successfully exploiting this issue allows remote attackers to cause denial-of-service conditions.

This issue affects versions *prior to* the following:

Net-SNMP 5.2.5.1
Net-SNMP 5.3.2.3
Net-SNMP 5.4.2.1

50. Rsync 'xattr' Support Integer Overflow Vulnerability
BugTraq ID: 28726
Remote: Yes
Last Updated: 2009-08-13
Relevant URL: http://www.securityfocus.com/bid/28726
Summary:
The rsync utility is prone to a remote integer-overflow vulnerability because the application fails to properly ensure that user-supplied input doesn't overflow integer values. This may result in user-supplied data being copied past the end of a memory buffer.

Attackers may exploit this issue to execute arbitrary machine code in the context of the affected application, facilitating in the compromise of affected computers.

Versions of rsync between 2.6.9 and 3.0.1 that have 'xattr' support enabled are vulnerable.

51. PHP 5.2.8 and Prior Versions Multiple Vulnerabilities
BugTraq ID: 33927
Remote: Yes
Last Updated: 2009-08-13
Relevant URL: http://www.securityfocus.com/bid/33927
Summary:
PHP is prone to multiple security vulnerabilities. Successful exploits could allow an attacker to cause a denial-of-service condition. An unspecified issue with an unknown impact was also reported.

These issues affect PHP 5.2.8 and prior versions.

52. OpenSSL Multiple Vulnerabilities
BugTraq ID: 34256
Remote: Yes
Last Updated: 2009-08-13
Relevant URL: http://www.securityfocus.com/bid/34256
Summary:
OpenSSL is prone to multiple vulnerabilities that may allow attackers to trigger denial-of-service conditions or bypass certain security checks.

Versions prior to OpenSSL 0.9.8k are vulnerable.

53. OpenSSH CBC Mode Information Disclosure Vulnerability
BugTraq ID: 32319
Remote: Yes
Last Updated: 2009-08-13
Relevant URL: http://www.securityfocus.com/bid/32319
Summary:
OpenSSH is prone to an information-disclosure vulnerability.

Successful exploits will allow attackers to obtain four bytes of plaintext from an encrypted session.

Versions prior to OpenSSH 5.2 are vulnerable. Various versions of SSH Tectia are also affected.

54. Linux Kernel RTL8169 NIC Remote Denial of Service Vulnerability
BugTraq ID: 35281
Remote: Yes
Last Updated: 2009-08-13
Relevant URL: http://www.securityfocus.com/bid/35281
Summary:
The Linux Kernel is prone to a remote denial-of-service vulnerability.

An attacker can exploit this issue to crash the system, denying service to legitimate users.
Given the nature of this issue, the attacker may also be able to run arbitrary code, but this has not been confirmed.

Versions prior to Linux Kernel 2.6.30 are vulnerable.

55. Linux Kernel CIFS 'decode_unicode_ssetup()' Remote Buffer Overflow Vulnerability
BugTraq ID: 34612
Remote: Yes
Last Updated: 2009-08-13
Relevant URL: http://www.securityfocus.com/bid/34612
Summary:
The Linux Kernel is prone to a remote buffer-overflow vulnerability because the software fails to perform adequate boundary checks on user-supplied data.

An attacker can exploit this issue to execute arbitrary code with kernel-level privileges. Successfully exploiting this issue will result in the complete compromise of affected computers. Failed exploit attempts will result in a denial-of-service condition.

56. Linux Kernel CIFS Remote Buffer Overflow Vulnerability
BugTraq ID: 34453
Remote: Yes
Last Updated: 2009-08-13
Relevant URL: http://www.securityfocus.com/bid/34453
Summary:
The Linux Kernel is prone to a remote buffer-overflow vulnerability because the software fails to perform adequate boundary checks on user-supplied data.

An attacker can exploit this issue to execute arbitrary code with kernel-level privileges. Successfully exploiting this issue will result in the complete compromise of affected computers. Failed exploit attempts will result in a denial-of-service condition.

The issue affects Linux Kernel 2.6.29; other versions may also be vulnerable.

57. cURL / libcURL NULL Character CA SSL Certificate Validation Security Bypass Vulnerability
BugTraq ID: 36032
Remote: Yes
Last Updated: 2009-08-13
Relevant URL: http://www.securityfocus.com/bid/36032
Summary:
cURL and libcURL are prone to a security-bypass vulnerability because they fail to properly validate the domain name in a signed CA certificate, allowing attackers to substitute malicious SSL certificates for trusted ones.

This issue affects cURL and libcURL when compiled against OpenSSL.

Successfully exploiting this issue allows attackers to perform man-in-the-middle attacks or impersonate trusted servers, which will aid in further attacks.

cURL and libcURL 7.4 through 7.19.5 are vulnerable. Additional applications which use the affected library may also be vulnerable.

58. Microsoft Windows Workstation Service Double Free Remote Code Execution Vulnerability
BugTraq ID: 35972
Remote: Yes
Last Updated: 2009-08-13
Relevant URL: http://www.securityfocus.com/bid/35972
Summary:
Microsoft Windows is prone to a remote code-execution vulnerability.

An attacker can exploit this issue by sending specially crafted Remote Procedure Call (RPC) messages to a vulnerable computer.

Successfully exploiting this issue will allow attackers to execute arbitrary code with SYSTEM-level privileges, completely compromising affected computers. Failed exploit attempts will result in a denial-of-service condition.

59. Fetchmail NULL Character CA SSL Certificate Validation Security Bypass Vulnerability
BugTraq ID: 35951
Remote: Yes
Last Updated: 2009-08-13
Relevant URL: http://www.securityfocus.com/bid/35951
Summary:
Fetchmail is prone to a security-bypass vulnerability because the application fails to properly validate the domain name in a signed CA certificate, allowing attackers to substitute malicious SSL certificates for trusted ones.

Successfully exploiting this issue allows attackers to perform man-in-the-middle attacks or impersonate trusted servers, which will aid in further attacks.

Versions prior to Fetchmail 6.3.11 are vulnerable.

60. WordPress Plugin WP-Syntax Remote PHP Code Execution Vulnerability
BugTraq ID: 36040
Remote: Yes
Last Updated: 2009-08-13
Relevant URL: http://www.securityfocus.com/bid/36040
Summary:
The WP-Syntax plugin for WordPress is prone to a vulnerability that lets remote attackers execute arbitrary code because the application fails to sanitize user-supplied input.

Attackers can exploit this issue to execute arbitrary PHP code within the context of the affected webserver process.

This issue affects WP-Syntax versions 0.9.1 and prior.

61. Drupal Printer, e-mail and PDF versions Module Multiple HTML Injection Vulnerabilities
BugTraq ID: 36039
Remote: Yes
Last Updated: 2009-08-13
Relevant URL: http://www.securityfocus.com/bid/36039
Summary:
The 'Printer, e-mail and PDF versions' module for Drupal is prone to multiple HTML-injection vulnerabilities because the module fails to properly sanitize user-supplied input before using it in dynamically generated content.

Attacker-supplied HTML and script code would run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.

'Printer, e-mail and PDF versions' 5.x-4.7 and 6.x-1.7 are vulnerable; other versions may also be affected.

62. Linux Kernel 'binfmt_flat.c' NULL Pointer Dereference Denial of Service Vulnerability
BugTraq ID: 36037
Remote: No
Last Updated: 2009-08-13
Relevant URL: http://www.securityfocus.com/bid/36037
Summary:
The Linux kernel is prone to a local denial-of-service vulnerability.

Attackers can exploit this issue to crash the affected kernel, denying service to legitimate users. Given the nature of this issue, attackers may also be able to execute arbitrary code, but this has not been confirmed.

This issue was introduced in Linux kernel 2.6.30; fixes have been committed to the Linux Git repository.

63. HP Insight Control Suite for Linux (ICE-LX) Unspecified Security Vulnerability
BugTraq ID: 36036
Remote: Yes
Last Updated: 2009-08-13
Relevant URL: http://www.securityfocus.com/bid/36036
Summary:
HP Insight Control Suite for Linux (ICE-LX) is prone to an unspecified security vulnerability.

Very little is known about this issue or its effects at this time. We will update this BID as more information emerges.

Version of HP Insight Control Suite for Linux (ICE-LX) prior to 2.11 are vulnerable.

64. Microsoft Remote Desktop Connection ActiveX Control Heap Based Buffer Overflow Vulnerability
BugTraq ID: 35973
Remote: Yes
Last Updated: 2009-08-12
Relevant URL: http://www.securityfocus.com/bid/35973
Summary:
Microsoft Remote Desktop Connection ActiveX control is prone to a remote heap-based buffer-overflow vulnerability.

Attackers may exploit this issue by enticing an unsuspecting victim to view a malicious Web page.

Successful exploits will allow attackers to execute arbitrary code within the context of the affected application that uses the ActiveX control (typically Internet Explorer). Failed exploit attempts will result in a denial-of-service condition.

65. Microsoft Office Web Components ActiveX Control Buffer Overflow Code Execution Vulnerability
BugTraq ID: 35992
Remote: Yes
Last Updated: 2009-08-12
Relevant URL: http://www.securityfocus.com/bid/35992
Summary:
Microsoft Office Web Components ActiveX control is prone to a remote code-execution vulnerability.

An attacker could exploit this issue by enticing a victim to visit a maliciously crafted Web page.

Successfully exploiting this issue will allow attackers to execute arbitrary code within the context of the affected application that uses the ActiveX control (typically Internet Explorer). Failed exploit attempts will result in a denial-of-service condition.

66. Microsoft Office Web Components ActiveX Control 'msDataSourceObject()' Code Execution Vulnerability
BugTraq ID: 35642
Remote: Yes
Last Updated: 2009-08-12
Relevant URL: http://www.securityfocus.com/bid/35642
Summary:
Microsoft Office Web Components is prone to a remote code-execution vulnerability that affects the OWC10.Spreadsheet ActiveX control. The control is identified by the following CLSIDs:

0002E541-0000-0000-C000-000000000046
0002E559-0000-0000-C000-000000000046

An attacker could exploit this issue by enticing a victim to visit a maliciously crafted site.

Successfully exploiting this issue would allow the attacker to execute arbitrary code in the context of the currently logged-in user.

67. Microsoft OWC ActiveX Control 'BorderAround()' Heap Corruption Remote Code Execution Vulnerability
BugTraq ID: 35991
Remote: Yes
Last Updated: 2009-08-12
Relevant URL: http://www.securityfocus.com/bid/35991
Summary:
Microsoft Office Web Components ActiveX control is prone to a remote code-execution vulnerability.

An attacker could exploit this issue by enticing a victim to visit a maliciously crafted Web page.

Successfully exploiting this issue will allow attackers to execute arbitrary code within the context of the affected application that uses the ActiveX control (typically Internet Explorer). Failed exploit attempts will result in a denial-of-service condition.

68. Microsoft Windows Telnet NTLM Credential Reflection Authentication Bypass Vulnerability
BugTraq ID: 35993
Remote: Yes
Last Updated: 2009-08-12
Relevant URL: http://www.securityfocus.com/bid/35993
Summary:
Microsoft Windows is prone to an authentication-bypass vulnerability that exists in the Telnet protocol.

An attacker can exploit this issue to gain unauthorized access to the affected computer with the privileges of the victim user. Successfully exploiting this issue may compromise the affected computer.

69. Microsoft Message Queuing Service NULL Pointer Dereference Local Privilege Escalation Vulnerability
BugTraq ID: 35969
Remote: No
Last Updated: 2009-08-12
Relevant URL: http://www.securityfocus.com/bid/35969
Summary:
The Microsoft Message Queuing service is prone to a local privilege-escalation vulnerability because it fails to adequately handle user-supplied input.

An attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successfully exploiting this issue will result in the complete compromise of affected computers. Failed exploits will cause a denial of service.

70. Apple Mac OS X 2009-003 Multiple Security Vulnerabilities
BugTraq ID: 35954
Remote: Yes
Last Updated: 2009-08-12
Relevant URL: http://www.securityfocus.com/bid/35954
Summary:
Apple Mac OS X is prone to multiple security vulnerabilities that have been addressed in Security Update 2009-003.

The security update addresses new vulnerabilities that affect the CFNetwork, ColorSync, CoreTypes, Dock, Image RAW, ImageIO, launchd, Login Window, MobileMe, Kernel and XQuery components of Mac OS X. The advisory also contains security updates for seven previously reported issues.

71. CamlImages PNG Image Parsing Multiple Integer Overflow Vulnerabilities
BugTraq ID: 35556
Remote: Yes
Last Updated: 2009-08-12
Relevant URL: http://www.securityfocus.com/bid/35556
Summary:
CamlImages is prone to multiple integer-overflow vulnerabilities because it fails to properly validate user-supplied input.

Successful exploits may allow attackers to execute arbitrary code in the context of applications that use the affected library. Failed exploit attempts will likely result in denial-of-service conditions.

CamlImages 2.2 and prior are vulnerable; other versions may also be affected.

72. ISC BIND 9 Remote Dynamic Update Message Denial of Service Vulnerability
BugTraq ID: 35848
Remote: Yes
Last Updated: 2009-08-12
Relevant URL: http://www.securityfocus.com/bid/35848
Summary:
ISC BIND is prone to a remote denial-of-service vulnerability because the software fails to properly handle specially crafted dynamic update requests.

Successfully exploiting this issue allows remote attackers to crash affected DNS servers, denying further service to legitimate users. Other attacks are also possible.

Versions prior to BIND 9.4.3-P3, 9.5.1-P3, and 9.6.1-P3 are vulnerable.

73. Ruby 'OCSP_basic_verify()' X.509 Certificate Verification Vulnerability
BugTraq ID: 33769
Remote: Yes
Last Updated: 2009-08-12
Relevant URL: http://www.securityfocus.com/bid/33769
Summary:
Ruby is prone to an X.509 certificate-verification vulnerability.

Exploiting this issue may allow an attacker to have a revoked x.509 certificate accepted as valid. This may allow the attacker to conduct phishing attacks or to impersonate legitimate sites. Other attacks are also possible.

Ruby 1.8.7 and 1.9.1 are vulnerable; other versions may also be affected.

74. Ruby BigDecimal Library Denial Of Service Vulnerability
BugTraq ID: 35278
Remote: Yes
Last Updated: 2009-08-12
Relevant URL: http://www.securityfocus.com/bid/35278
Summary:
Ruby is prone to a denial-of-service vulnerability in its BigDecimal library.

Successful exploits may allow remote attackers to cause denial-of-service conditions in applications that use the vulnerable module.

Versions prior to Ruby 1.8.6-p369 and 1.8.7-p173 are affected.

75. phpGroupWare Multiple Input Validation Vulnerabilities
BugTraq ID: 35761
Remote: Yes
Last Updated: 2009-08-12
Relevant URL: http://www.securityfocus.com/bid/35761
Summary:
phpGroupWare is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied data.

Exploiting these issues could allow an attacker to obtain sensitive information, steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

phpGroupWare 0.9.16.12 is affected; other versions may also be vulnerable.

76. NTP 'ntpd' Autokey Stack Buffer Overflow Vulnerability
BugTraq ID: 35017
Remote: Yes
Last Updated: 2009-08-12
Relevant URL: http://www.securityfocus.com/bid/35017
Summary:
The 'ntpd' daemon is prone to a stack-based buffer-overflow vulnerability when it is configured to use the 'autokey' OpenSSL protocol.

Attackers can exploit this issue to execute arbitrary code in the context of the application. Failed attempts will likely crash the application, causing denial-of-service conditions.

77. Asterisk SIP Channel Driver 'scanf' Multiple Remote Denial of Service Vulnerabilities
BugTraq ID: 36015
Remote: Yes
Last Updated: 2009-08-12
Relevant URL: http://www.securityfocus.com/bid/36015
Summary:
Asterisk is prone to multiple remote denial-of-service vulnerabilities.

Successful exploits can crash the SIP channel driver, resulting in denial-of-service conditions for legitimate users.

The issues affect the Asterisk 1.6.1.

Please note that other versions may also include the affected code but may not be exploitable as they do not allow SIP packets to exceed 1500 bytes total.

78. Gallarific Cross Site Scripting and Authentication Bypass Vulnerabilities
BugTraq ID: 28163
Remote: Yes
Last Updated: 2009-08-12
Relevant URL: http://www.securityfocus.com/bid/28163
Summary:
Gallarific is prone to a cross-site scripting vulnerability and multiple authentication-bypass vulnerabilities.

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, add new categories, add new users, and modify existing users. Other attacks are also possible.

These issues affect both the commercial and the free versions of Gallarific.

79. Avant Browser 'browser:home' Multiple HTML Injection Vulnerabilities
BugTraq ID: 35898
Remote: Yes
Last Updated: 2009-08-12
Relevant URL: http://www.securityfocus.com/bid/35898
Summary:
Avant Browser is prone to multiple HTML-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in dynamically generated content.

Attacker-supplied HTML and script code would run in the context of the affected application, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.

Avant Browser 11.7 build 35 is vulnerable; other versions may also be affected.

80. NTP 'ntpq' Stack Buffer Overflow Vulnerability
BugTraq ID: 34481
Remote: Yes
Last Updated: 2009-08-12
Relevant URL: http://www.securityfocus.com/bid/34481
Summary:
The 'ntpq' command is prone to a stack-based buffer-overflow vulnerability.

Successful exploits will crash the affected utility. Code execution may also be possible, but has not been confirmed.

81. BoonEx Orca Topic Title HTML Injection Vulnerability
BugTraq ID: 33545
Remote: Yes
Last Updated: 2009-08-12
Relevant URL: http://www.securityfocus.com/bid/33545
Summary:
BoonEx Orca is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content.

Attacker-supplied HTML and script code would run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.

Orca 2.0.2 is vulnerable; other versions may also be affected.

82. Mozilla Firefox and Seamonkey Regular Expression Parsing Heap Buffer Overflow Vulnerability
BugTraq ID: 35891
Remote: Yes
Last Updated: 2009-08-12
Relevant URL: http://www.securityfocus.com/bid/35891
Summary:
Mozilla Firefox and Seamonkey are prone to a heap-based buffer-overflow vulnerability in the regular expression parser used to match common names in SSL certificates.

Successfully exploiting this issue can allow attackers to execute arbitrary code in the context of the application. Failed attempts will likely cause denial-of-service conditions.

Note that attackers need to exploit this issue with a crafted certificate that SeaMonkey trusts; otherwise, a warning message will be presented to the user.

SeaMonkey 1.09 and Firefox 3.0.x are vulnerable; other versions may also be affected.

This issue is related to the vulnerability described by BID 35888 (Mozilla Firefox NULL Character CA SSL Certificate Validation Security Bypass Vulnerability).

83. Mozilla NSS NULL Character CA SSL Certificate Validation Security Bypass Vulnerability
BugTraq ID: 35888
Remote: Yes
Last Updated: 2009-08-12
Relevant URL: http://www.securityfocus.com/bid/35888
Summary:
Mozilla Network Security Services (NSS) is prone to a security-bypass vulnerability because the applications fail to properly validate the domain name in a signed CA certificate, allowing attackers to substitute malicious SSL certificates for trusted ones.

The NSS library is used by a number of applications, including Mozilla Firefox, Thunderbird and SeaMonkey.

Successfully exploiting this issue allows attackers to perform man-in-the-middle attacks or impersonate trusted servers, which will aid in further attacks.

NOTE (6 August 2009): This BID was updated to include a similar issue in Fetchmail; that issue has been documented in BID 35951 (Fetchmail NULL Character CA SSL Certificate Validation Security Bypass Vulnerability) in order to better describe the vulnerability.

84. Pixaria Gallery 'file' Parameter Directory Traversal Vulnerability
BugTraq ID: 35802
Remote: Yes
Last Updated: 2009-08-12
Relevant URL: http://www.securityfocus.com/bid/35802
Summary:
Pixaria Gallery is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input data.

Exploiting the issue may allow an attacker to obtain sensitive information that could aid in further attacks.

Pixaria 2.3.5 is vulnerable; other versions may also be affected.

85. WordPress 'wp-login.php' Admin Password Reset Security Bypass Vulnerability
BugTraq ID: 36014
Remote: Yes
Last Updated: 2009-08-12
Relevant URL: http://www.securityfocus.com/bid/36014
Summary:
WordPress is prone to a security-bypass vulnerability because it fails to adequately restrict access to the password-reset feature.

An attacker can exploit this issue to reset the administrator password of the application. Repeated attacks may allow the attacker to cause persistent denial-of-service conditions.

WordPress version 2.8.3 is affected; other versions may also be vulnerable.

86. strongSwan Crafted X.509 Certificate Multiple Remote Denial Of Service Vulnerabilities
BugTraq ID: 35452
Remote: Yes
Last Updated: 2009-08-12
Relevant URL: http://www.securityfocus.com/bid/35452
Summary:
strongSwan is prone to multiple remote denial-of-service vulnerabilities.

Attackers can exploit these issues to crash the application, denying access to legitimate users.

Versions prior to strongSwan 2.8.10, 4.3.2, and 4.2.16 are vulnerable.

UPDATE (July 27, 2009): Additional corrective measures were added to address these issues in strongSwan 2.8.11. 4.2.17, and 4.3.3.

87. Adobe Reader and Acrobat JBIG Segments 'Text Region' Memory Corruption Vulnerability
BugTraq ID: 35303
Remote: Yes
Last Updated: 2009-08-12
Relevant URL: http://www.securityfocus.com/bid/35303
Summary:
Adobe Reader and Acrobat are prone to a memory corruption vulnerability.

An attacker can exploit these issues by tricking a victim into opening a malicious file to execute arbitrary code and to cause denial-of-service conditions.

NOTE: This issue was previously covered in BID 35274 (Adobe Reader and Acrobat 9.1.1 and Prior Multiple Remote Vulnerabilities), but has been assigned its own record to better document it.

88. Adobe Reader and Acrobat JBIG 'Pattern Dictionary' Remote Heap Buffer Overflow Vulnerability
BugTraq ID: 35299
Remote: Yes
Last Updated: 2009-08-12
Relevant URL: http://www.securityfocus.com/bid/35299
Summary:
Adobe Reader and Acrobat are prone to a remote heap-based buffer-overflow vulnerability because they fail to sufficiently sanitize user-supplied input.

An attacker can exploit this issue by tricking a victim into opening a malicious file to execute arbitrary code and to cause denial-of-service conditions.

NOTE: This issue was previously covered in BID 35274 (Adobe Reader and Acrobat 9.1.1 and Prior Multiple Remote Vulnerabilities), but has been assigned its own record to better document it.

89. Adobe Reader & Acrobat JBIG Pattern Dictionary Allocation Remote Heap Buffer Overflow Vulnerability
BugTraq ID: 35300
Remote: Yes
Last Updated: 2009-08-12
Relevant URL: http://www.securityfocus.com/bid/35300
Summary:
Adobe Reader and Acrobat are prone to a remote heap-based buffer-overflow vulnerability because they fail to sufficiently sanitize user-supplied input.

An attacker can exploit this issue by tricking a victim into opening a malicious file to execute arbitrary code and to cause denial-of-service conditions.

NOTE: This issue was previously covered in BID 35274 (Adobe Reader and Acrobat 9.1.1 and Prior Multiple Remote Vulnerabilities), but has been assigned its own record to better document it.

90. Adobe Reader and Acrobat JBIG 'Halftone Region' Remote Heap Buffer Overflow Vulnerability
BugTraq ID: 35301
Remote: Yes
Last Updated: 2009-08-12
Relevant URL: http://www.securityfocus.com/bid/35301
Summary:
Adobe Reader and Acrobat are prone to a remote heap-based buffer-overflow vulnerability because they fail to sufficiently sanitize user-supplied input.

An attacker can exploit this issue by tricking a victim into opening a malicious file to execute arbitrary code and to cause denial-of-service conditions.

NOTE: This issue was previously covered in BID 35274 (Adobe Reader and Acrobat 9.1.1 and Prior Multiple Remote Vulnerabilities), but has been assigned its own record to better document it.

91. Adobe Reader and Acrobat FlateDecode Filter Integer Overflow Vulnerability
BugTraq ID: 35294
Remote: Yes
Last Updated: 2009-08-12
Relevant URL: http://www.securityfocus.com/bid/35294
Summary:
Adobe Reader and Acrobat are prone to an integer-overflow vulnerability.

An attacker can exploit this issue to execute arbitrary code. Failed exploit attempts will likely cause denial-of-service conditions.

NOTE: This issue was previously covered in BID 35274 (Adobe Reader and Acrobat 9.1.1 and Prior Multiple Remote Vulnerabilities), but has been assigned its own record to better document it.

92. Adobe Reader and Acrobat TrueType Font Handling Memory Corruption Vulnerability
BugTraq ID: 35296
Remote: Yes
Last Updated: 2009-08-12
Relevant URL: http://www.securityfocus.com/bid/35296
Summary:
Adobe Reader and Acrobat are prone to a memory-corruption vulnerability.

An attacker can exploit this issue to execute arbitrary code. Failed exploit attempts will likely cause denial-of-service conditions.

NOTE: This issue was previously covered in BID 35274 (Adobe Reader and Acrobat 9.1.1 and Prior Multiple Remote Vulnerabilities), but has been assigned its own record to better document it.

93. Adobe Reader and Acrobat JBIG Halftone Region Grid Area Remote Heap Buffer Overflow Vulnerability
BugTraq ID: 35291
Remote: Yes
Last Updated: 2009-08-12
Relevant URL: http://www.securityfocus.com/bid/35291
Summary:
Adobe Reader and Acrobat are prone to a remote heap-based buffer-overflow vulnerability because they fail to sufficiently sanitize user-supplied input.

An attacker can exploit this issue by tricking a victim into opening a malicious file to execute arbitrary code and to cause denial-of-service conditions.

NOTE: This issue was previously covered in BID 35274 (Adobe Reader and Acrobat 9.1.1 and Prior Multiple Remote Vulnerabilities), but has been assigned its own record to better document it.

94. Adobe Reader and Acrobat Huffman-encoded JBIG2 Text Heap Overflow Vulnerability
BugTraq ID: 35302
Remote: Yes
Last Updated: 2009-08-12
Relevant URL: http://www.securityfocus.com/bid/35302
Summary:
Adobe Reader and Acrobat are prone to a heap-based buffer-overflow vulnerability.

An attacker can exploit these issues by tricking a victim into opening a malicious file to execute arbitrary code and to cause denial-of-service conditions.

NOTE: This issue was previously covered in BID 35274 (Adobe Reader and Acrobat 9.1.1 and Prior Multiple Remote Vulnerabilities), but has been assigned its own record to better document it.

95. Adobe Reader and Acrobat JBIG2 Filter Unspecified Memory Corruption Vulnerability
BugTraq ID: 35298
Remote: Yes
Last Updated: 2009-08-12
Relevant URL: http://www.securityfocus.com/bid/35298
Summary:
Adobe Reader and Acrobat are prone to an unspecified memory-corruption vulnerability.

An attacker can exploit this issue by tricking a victim into opening a malicious file to execute arbitrary code and to cause denial-of-service conditions.

NOTE: This issue was previously covered in BID 35274 (Adobe Reader and Acrobat 9.1.1 and Prior Multiple Remote Vulnerabilities), but has been assigned its own record to better document it.

96. Adobe Reader and Acrobat JBIG 'Halftone Region' Remote Heap Buffer Overflow Vulnerability
BugTraq ID: 35293
Remote: Yes
Last Updated: 2009-08-12
Relevant URL: http://www.securityfocus.com/bid/35293
Summary:
Adobe Reader and Acrobat are prone to a remote heap-based buffer-overflow vulnerability because they fail to sufficiently sanitize user-supplied input.

An attacker can exploit this issue by tricking a victim into opening a malicious file to execute arbitrary code and to cause denial-of-service conditions.

NOTE: This issue was previously covered in BID 35274 (Adobe Reader and Acrobat 9.1.1 and Prior Multiple Remote Vulnerabilities), but has been assigned its own record to better document it.

97. Adobe Reader and Acrobat U3D Model Remote Stack Buffer Overflow Vulnerability
BugTraq ID: 35282
Remote: Yes
Last Updated: 2009-08-12
Relevant URL: http://www.securityfocus.com/bid/35282
Summary:
Adobe Reader and Acrobat are prone to a remote stack-based buffer-overflow vulnerability because they fail to adequately bounds-check user-supplied data.

An attacker can exploit this issue by tricking a victim into opening a malicious file to execute arbitrary code and to cause denial-of-service conditions.

NOTE: This issue was previously covered in BID 35274 (Adobe Reader and Acrobat 9.1.1 and Prior Multiple Remote Vulnerabilities), but has been assigned its own record to better document it.

98. Adobe Reader and Acrobat Unspecified Memory Corruption Vulnerability
BugTraq ID: 35289
Remote: Yes
Last Updated: 2009-08-12
Relevant URL: http://www.securityfocus.com/bid/35289
Summary:
Adobe Reader and Acrobat are prone to an unspecified memory-corruption vulnerability.

Exploiting this issue will allow remote attackers to execute arbitrary code within the context of the affected application or crash the application.

NOTE: This issue was previously covered in BID 35274 (Adobe Reader and Acrobat 9.1.1 and Prior Multiple Remote Vulnerabilities), but has been assigned its own record to better document it.

99. Adobe Reader and Acrobat Multiple Unspecified Remote Heap Buffer Overflow Vulnerabilities
BugTraq ID: 35295
Remote: Yes
Last Updated: 2009-08-12
Relevant URL: http://www.securityfocus.com/bid/35295
Summary:
Adobe Reader and Acrobat are prone to multiple remote heap-based buffer-overflow vulnerabilities because they fail to sufficiently sanitize user-supplied input.

An attacker can exploit these issues by tricking a victim into opening a malicious file to execute arbitrary code and to cause denial-of-service conditions.

NOTE: These issues were previously covered in BID 35274 (Adobe Reader and Acrobat 9.1.1 and Prior Multiple Remote Vulnerabilities), but has been assigned their own record to better document the issues.

100. Adobe Reader and Acrobat 9.1.1 and Prior Multiple Remote Vulnerabilities
BugTraq ID: 35274
Remote: Yes
Last Updated: 2009-08-12
Relevant URL: http://www.securityfocus.com/bid/35274
Summary:
Adobe Reader and Acrobat are prone to multiple remote vulnerabilities.

An attacker can exploit these issues by tricking a victim into opening a malicious file to execute arbitrary code and to cause denial-of-service conditions.

The following individual records have been created to better document some of these issues:

35298 Adobe Reader and Acrobat JBIG2 Filter Unspecified Memory Corruption Vulnerability
35295 Adobe Reader and Acrobat Multiple Unspecified Remote Heap Buffer Overflow Vulnerabilities
35294 Adobe Reader and Acrobat 9.1.1 and Prior Integer Overflow Vulnerability
35296 Adobe Reader and Acrobat 9.1.1 and Prior Unspecified Memory Corruption Vulnerability
35289 Adobe Reader and Acrobat Unspecified Memory Corruption Vulnerability
35293 Adobe Reader and Acrobat JBIG 'Halftone Region' Remote Heap Buffer Overflow Vulnerability
35291 Adobe Reader and Acrobat JBIG Halftone Region Grid Area Remote Heap Buffer Overflow Vulnerability
35282 Adobe Reader and Acrobat U3D Model Remote Stack Buffer Overflow Vulnerability
35299 Adobe Reader and Acrobat JBIG 'Pattern Dictionary' Remote Heap Buffer Overflow Vulnerability
35300 Adobe Reader & Acrobat JBIG Pattern Dictionary Allocation Remote Heap Buffer Overflow Vulnerability
35301 Adobe Reader and Acrobat JBIG 'Halftone Region' Remote Heap Buffer Overflow Vulnerability
35302 Adobe Reader and Acrobat Huffman-encoded JBIG2 Text Heap Overflow Vulnerability
35303 Adobe Reader and Acrobat JBIG Segments 'Text Region' Memory Corruption Vulnerability

The vendor reports other unspecified security issues have also been addressed. Information regarding these issues is currently not available. We will update this BID as more information emerges.

III. SECURITYFOCUS NEWS ARTICLES
--------------------------------
1. Hacker charged with Heartland, other breaches
By: Robert Lemos
A federal grand jury indicts a Florida man already charged with stealing data from TJX with allegedly helping breach five more companies.
http://www.securityfocus.com/news/11557

2. Web attacks hit U.S., South Korean sites
By: Robert Lemos
In its fourth day, a widespread distributed denial-of-service attack continued to inundate U.S. government and South Korean Web sites with network traffic.
http://www.securityfocus.com/news/11554

3. FTC persuades court to shutter rogue ISP
By: Robert Lemos
A federal district court shuts down Triple Fiber Network, after the Federal Trade Commission documents the Internet service provider's cooperation with online criminals and child pornographers.
http://www.securityfocus.com/news/11552

4. Obama launches cybersecurity initiative
By: Robert Lemos
The U.S. president announces that the nation's networks will be considered a "strategic national asset" and creates a top position in the White House to formulate a better cybersecurity policy.
http://www.securityfocus.com/news/11551

IV. SECURITY JOBS LIST SUMMARY
-------------------------------
V. INCIDENTS LIST SUMMARY
---------------------------
VI. VULN-DEV RESEARCH LIST SUMMARY
-----------------------------------
VII. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
VIII. SUN FOCUS LIST SUMMARY
----------------------------
IX. LINUX FOCUS LIST SUMMARY
----------------------------
X. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to sf-news-unsubscribe (at) securityfocus (dot) com [email concealed] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin (at) securityfocus (dot) com [email concealed] and ask to be manually removed.

XI. SPONSOR INFORMATION
------------------------
This issue is sponsored by Immunet

Are you running Anti-Virus from Symantec, AVG or Mcafee? Make it significantly more effective and harness the security of thousands of others with 'Collective Immunity'. See the beta for Immunet Protect here: https://www.immunet.com/user/new

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus