SecurityFocus News
SecurityFocus Newsletter #511 Sep 25 2009 05:21PM
sfa securityfocus com
SecurityFocus Newsletter #511
----------------------------------------

This issue is sponsored by Entrust

Go Green for Less Green
Give your customers the highest level of assurance
Give your customers the green address bar
Entrust EV SSL Certificates - Now from only $199 per year

http://www.entrust.net/securityfocus-ev

------------------------------------------------------------------
I. FRONT AND CENTER
1.Lazy Workers May Be Deemed Hackers
2.The Scale of Security
II. BUGTRAQ SUMMARY
1. Xen pygrub Local Authentication Bypass Vulnerability
2. Cisco Application Control Engine (ACE) XML Gateway IP Address Information Disclosure Vulnerability
3. Check Point Connectra '/Login/Login' Arbitrary Script Injection Vulnerability
4. FFmpeg Version 0.5 Multiple Remote Vulnerabilities
5. Joomla! 'com_jinc' Component 'newsid' Parameter SQL Injection Vulnerability
6. Joomla! MyRemote Video Gallery 'user_id' Parameter SQL Injection Vulnerability
7. Changetrack Local Privilege Escalation Vulnerability
8. Mambo MOStlyCE Module Image Manager Utility Arbitrary File Upload Vulnerability
9. DCI-Designs Dawaween Poems.PHP SQL Injection Vulnerability
10. moziloCMS Prior to 1.10.3 Multiple Vulnerabilities
11. Squid Web Proxy Cache Authentication Header Parsing Remote Denial of Service Vulnerability
12. ISC BIND 9 Remote Dynamic Update Message Denial of Service Vulnerability
13. OpenSSL 'dtls1_retrieve_buffered_fragment()' DTLS Packet Denial of Service Vulnerability
14. OpenSSL 'dtls1_retrieve_buffered_fragment()' DTLS Remote Denial of Service Vulnerability
15. OpenSSL 'ChangeCipherSpec' DTLS Packet Denial of Service Vulnerability
16. Snort Unified1 Output Remote Denial Of Service Vulnerability
17. Linux Kernel 'sock_sendpage()' NULL Pointer Dereference Vulnerability
18. Linux Kernel RTL8169 NIC Remote Denial of Service Vulnerability
19. Linux Kernel 'udp_sendmsg()' MSG_MORE Flag Local Privilege Escalation Vulnerability
20. Linux kernel 'O_EXCL' NFSv4 Privilege Escalation Vulnerability
21. Debian and Ubuntu Postfix Insecure Temporary File Creation Vulnerability
22. HP-UX RBAC Unspecified Local Unauthorized Access Vulnerability
23. Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability
24. Apache Tomcat Cookie Quote Handling Remote Information Disclosure Vulnerability
25. Apache Tomcat Form Authentication Existing/Non-Existing Username Enumeration Weakness
26. Apache Tomcat Java AJP Connector Invalid Header Denial of Service Vulnerability
27. Drupal Bibliography Module Biblio Item HTML Injection Vulnerability
28. Joomla! Fastball Component SQL Injection Vulnerability
29. Code-Crafters Ability Mail Server IMAP FETCH Request Remote Denial Of Service Vulnerability
30. RETIRED: Mereo Malformed URI Remote Denial Of Service Vulnerability
31. OpenSAML 'use' Key Certificate Validation Security Bypass Vulnerability
32. OpenSAML URI Handling Remote Buffer Overflow Vulnerability
33. Samba Format String And Security Bypass Vulnerabilities
34. ActiveCampaign 1-2-All Broadcast Email Admin Control Panel Username SQL Injection Vulnerability
35. Newt Text Box Content Processing Remote Buffer Overflow Vulnerability
36. Kaspersky Online Scanner Security Bypass Vulnerability
37. e107 News Email Referer Header Cross Site Scripting Vulnerability
38. Serendipity Freetag Plugin SQL Injection Vulnerability
39. Dovecot Sieve Plugin Multiple Unspecified Buffer Overflow Vulnerabilities
40. Extended Module Player (xmp) 'oxm.c' And 'dtt_load.c' Multiple Local Buffer Overflow Vulnerabilities
41. Ruby on Rails Form Helpers Unicode String Handling Cross Site Scripting Vulnerability
42. ProFTPD 'mod_sql' Username SQL Injection Vulnerability
43. PHP 'exif_read_data()' JPEG Image Processing Denial Of Service Vulnerability
44. FreeType Multiple Integer Overflow Vulnerabilities
45. PostgreSQL Multiple Security Vulnerabilities
46. MySQL 'sql_parse.cc' Multiple Format String Vulnerabilities
47. MySQL Command Line Client HTML Special Characters HTML Injection Vulnerability
48. Lyris ListManager Multiple Remote Vulnerabilities
49. Drupal Devel Module Variable Editor HTML Injection Vulnerability
50. Drupal Markdown Preview Module Live Preview HTML Injection Vulnerability
51. OSSIM SQL Injection, Cross Site Scripting and Unauthorized Access Vulnerabilities
52. Cyrus IMAP Server SIEVE Script Local Buffer Overflow Vulnerability
53. Xfig Multiple Insecure Temporary File Creation Vulnerabilities
54. Adobe RoboHelp Server Authentication Bypass Vulnerability
55. WebKit Numeric Character References Remote Memory Corruption Vulnerability
56. WebKit 'Attr' DOM Objects Remote Code Execution Vulnerability
57. WebKit Java Applet Remote Code Execution Vulnerability
58. WebKit CSS 'Attr' Function Remote Code Execution Vulnerability
59. WebKit SVGList Objects Remote Memory Corruption Vulnerability
60. WebKit JavaScript Garbage Collector Memory Corruption Vulnerability
61. WebKit DOM Event Handler Remote Memory Corruption Vulnerability
62. GNOME GLib Symbolic Link Arbitrary File Access Vulnerability
63. Apache APR and APR-util Multiple Integer Overflow Vulnerabilities
64. Apache mod_proxy_ftp Remote Command Injection Vulnerability
65. Apache mod_proxy_ftp Module NULL Pointer Dereference Denial Of Service Vulnerability
66. Joomla!/Mambo Tupinambis Component SQL Injection Vulnerability
67. Linux Kernel KVM 'kvm_emulate_hypercall()' Local Denial of Service Vulnerability
68. Sun Solaris Trusted Extensions Common Desktop Environment Local Privilege Escalation Vulnerability
69. IBM Lotus Connections 'simpleSearch.do' Cross Site Scripting Vulnerability
70. Drupal Meta tags (Nodewords) Module Unauthorized Access Vulnerability
71. Avast! Antivirus 'aswMon2.sys' Driver Local Privilege Escalation Vulnerability
72. BakBone NetVault Backup 'npvmgr.exe' Remote Denial Of Service Vulnerability
73. TCP/IP Protocol Stack Multiple Remote Denial Of Service Vulnerabilities
74. Vastal I-Tech Agent Zone SQL Injection Vulnerability
75. Vastal I-Tech DVD Zone 'mag_id' Parameter Cross Site Scripting and SQL Injection Vulnerabilities
76. Vastal I-Tech Cosmetics Zone 'view_products.php' SQL Injection Vulnerability
77. Vastal I-Tech MMORPG 'view_news.php' SQL Injection Vulnerability
78. Cisco IOS NTPv4 Reply Packet Remote Denial of Service Vulnerability
79. Cisco IOS Specially Crafted Encryption Packet Denial of Service Vulnerability
80. Cisco IOS Zone-Based Policy Firewall SIP Inspection Denial of Service Vulnerability
81. Cisco IOS Software Tunnels Multiple Denial of Service Vulnerabilities
82. Cisco IOS Software Internet Key Exchange Resource Exhaustion Denial of Service Vulnerability
83. Cisco IOS SIP Message Denial of Service Vulnerability
84. Cisco Unified Communications Manager Express Extension Mobility Buffer Overflow Vulnerability
85. Cisco Unified Communications Manager SIP Message Denial of Service Vulnerability
86. Cisco IOS Object Group Access Control List Bypass Vulnerability
87. VLC Media Player Multiple Remote Stack Buffer Overflow Vulnerabilities
88. LibTIFF 'LZWDecodeCompat()' Remote Buffer Underflow Vulnerability
89. Cisco IOS H.323 Denial of Service Vulnerability
90. Cisco IOS Authentication Proxy for HTTP(S) Authentication Bypass Vulnerability
91. nginx WebDAV Multiple Directory Traversal Vulnerabilities
92. Joomla! JoomlaFacebook Component SQL Injection Vulnerability
93. Joomla! SportFusion Component SQL Injection Vulnerability
94. Apple QuickTime Multiple Arbitrary Code Execution Vulnerabilities
95. MaxWebPortal 'forum.asp' SQL Injection Vulnerability
96. Google Chrome NULL Character CA SSL Certificate Validation Security Bypass Vulnerability
97. Sun Solaris XScreenSaver X Resize and Rotate Local Information Disclosure Vulnerability
98. Sun Solaris Cluster Local Privilege Escalation Vulnerability
99. Apple iTunes '.pls' File Buffer Overflow Vulnerability
100. NetCitadel Firewall Builder Script Generation Insecure Temporary File Creation Vulnerability
III. SECURITYFOCUS NEWS
1. Popular apps need better patching, says report
2. Hacker charged with Heartland, other breaches
3. Web attacks hit U.S., South Korean sites
4. FTC persuades court to shutter rogue ISP
IV. SECURITY JOBS LIST SUMMARY
V. INCIDENTS LIST SUMMARY
VI. VULN-DEV RESEARCH LIST SUMMARY
VII. MICROSOFT FOCUS LIST SUMMARY
VIII. SUN FOCUS LIST SUMMARY
IX. LINUX FOCUS LIST SUMMARY
X. UNSUBSCRIBE INSTRUCTIONS
XI. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1.Lazy Workers May Be Deemed Hackers
By Mark Rasch
From his office job at the Shelby City (Ohio) Wastewater Treatment plant, he was browsing adult Web sites, including one called Adult Friend Finder to meet women. When some of the women asked Wolf for nude pictures, he bought a digital camera, took pictures, and e-mailed them using his work computer.
http://www.securityfocus.com/columnists/504

2.The Scale of Security
By Adam O'Donnell
Human beings do not naturally understand scale. While we speak of financial transactions in the hundreds of billions of dollars as being something as routine as brushing our teeth, we question the value of programs that cost in the single-digit millions and quibble with friends over dollars. Similarly, there are many problems in our industry that, when explained to an outsider, sound like they should have been solved decades ago. It is only when we relate the number of systems that need to be considered in the repair that we truly communicate the difficulty of the problem.
http://www.securityfocus.com/columnists/503

II. BUGTRAQ SUMMARY
--------------------
1. Xen pygrub Local Authentication Bypass Vulnerability
BugTraq ID: 36523
Remote: No
Last Updated: 2009-09-25
Relevant URL: http://www.securityfocus.com/bid/36523
Summary:
Xen is prone to a local authentication-bypass vulnerability.

A local attacker with physical access to an affected host can exploit this issue to bypass authentication and modify the 'grub.conf' file. This may aid in a complete compromise of the affected system.

Xen 3.0.3, 3.3.0, and 3.3.1 are affected; other versions may also be vulnerable.

2. Cisco Application Control Engine (ACE) XML Gateway IP Address Information Disclosure Vulnerability
BugTraq ID: 36522
Remote: Yes
Last Updated: 2009-09-25
Relevant URL: http://www.securityfocus.com/bid/36522
Summary:
Cisco Application Control Engine (ACE) XML Gateway is prone to an information-disclosure vulnerability.

Attackers can exploit this issue to obtain sensitive information that can aid in further attacks.

This issue is being tracked by Cisco Bug CSCtb82159.

Versions prior to ACE XML Gateway 6.1 and ACE Web Application Firewall 6.1 are vulnerable.

3. Check Point Connectra '/Login/Login' Arbitrary Script Injection Vulnerability
BugTraq ID: 36466
Remote: Yes
Last Updated: 2009-09-22
Relevant URL: http://www.securityfocus.com/bid/36466
Summary:
Check Point Connectra is prone to an arbitrary-script-injection vulnerability because it fails to properly sanitize user-supplied input.

An attacker can exploit this issue to execute arbitrary script code in the context of the webserver. Successful exploits can compromise the application.

4. FFmpeg Version 0.5 Multiple Remote Vulnerabilities
BugTraq ID: 36465
Remote: Yes
Last Updated: 2009-09-22
Relevant URL: http://www.securityfocus.com/bid/36465
Summary:
FFmpeg is prone to multiple remote vulnerabilities.

Attackers may leverage these issues to execute arbitrary code in the context of the application or crash the application.

FFmpeg 0.5 is affected; other versions may also be vulnerable.

5. Joomla! 'com_jinc' Component 'newsid' Parameter SQL Injection Vulnerability
BugTraq ID: 36471
Remote: Yes
Last Updated: 2009-09-22
Relevant URL: http://www.securityfocus.com/bid/36471
Summary:
The 'com_jinc' component for Joomla! is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

6. Joomla! MyRemote Video Gallery 'user_id' Parameter SQL Injection Vulnerability
BugTraq ID: 36470
Remote: Yes
Last Updated: 2009-09-22
Relevant URL: http://www.securityfocus.com/bid/36470
Summary:
The MyRemote Video Gallery component for Joomla! is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

MyRemote Video Gallery 1.0 Beta is vulnerable; other versions may also be affected.

7. Changetrack Local Privilege Escalation Vulnerability
BugTraq ID: 36420
Remote: No
Last Updated: 2009-09-22
Relevant URL: http://www.securityfocus.com/bid/36420
Summary:
Changetrack is prone to a local privilege-escalation vulnerability.

An attacker can exploit this issue to run arbitrary commands with root privileges.

Changetrack 4.3 is vulnerable; other versions may also be affected.

8. Mambo MOStlyCE Module Image Manager Utility Arbitrary File Upload Vulnerability
BugTraq ID: 27472
Remote: Yes
Last Updated: 2009-09-22
Relevant URL: http://www.securityfocus.com/bid/27472
Summary:
The MOStlyCE module for Mambo is prone to an arbitrary-file-upload vulnerability because the application fails to sufficiently sanitize user-supplied input.

Exploiting this issue could allow an attacker to upload and execute arbitrary script code in the context of the affected webserver process.

MOStlyCE 2.4 included with Mambo 4.6.3 is vulnerable; other versions may also be affected.

9. DCI-Designs Dawaween Poems.PHP SQL Injection Vulnerability
BugTraq ID: 16909
Remote: Yes
Last Updated: 2009-09-22
Relevant URL: http://www.securityfocus.com/bid/16909
Summary:
Dawaween is prone to an SQL-injection vulnerability because it fails to properly sanitize user-supplied input before using it in an SQL query.

Successful exploits could allow a remote attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.

Dawaween 1.03 is affected by this issue.

10. moziloCMS Prior to 1.10.3 Multiple Vulnerabilities
BugTraq ID: 31495
Remote: Yes
Last Updated: 2009-09-22
Relevant URL: http://www.securityfocus.com/bid/31495
Summary:
moziloCMS is prone to multiple vulnerabilities, including a session-fixation issue, multiple directory-traversal issues, and multiple cross-site scripting issues.

An attacker may leverage these issues to view arbitrary local files within the context of the webserver, to execute arbitrary script code in the browser of an unsuspecting user, or to hijack a valid user's session.

Versions prior to moziloCMS 1.10.3 are vulnerable.

UPDATE (September 22, 2009): Further reports indicate that some or all of these issues may have been re-introduced in versions prior to moziloCMS 1.11.2.

11. Squid Web Proxy Cache Authentication Header Parsing Remote Denial of Service Vulnerability
BugTraq ID: 36091
Remote: Yes
Last Updated: 2009-09-22
Relevant URL: http://www.securityfocus.com/bid/36091
Summary:
Squid is prone to a remote denial-of-service vulnerability because the proxy server fails to properly parse certain external authentication headers that contain comma delimiters.

Successfully exploiting this issue allows remote attackers to trigger an infinite loop and consume system resources, denying further service to legitimate users.

12. ISC BIND 9 Remote Dynamic Update Message Denial of Service Vulnerability
BugTraq ID: 35848
Remote: Yes
Last Updated: 2009-09-22
Relevant URL: http://www.securityfocus.com/bid/35848
Summary:
ISC BIND is prone to a remote denial-of-service vulnerability because the software fails to properly handle specially crafted dynamic update requests.

Successfully exploiting this issue allows remote attackers to crash affected DNS servers, denying further service to legitimate users. Other attacks are also possible.

Versions prior to BIND 9.4.3-P3, 9.5.1-P3, and 9.6.1-P3 are vulnerable.

13. OpenSSL 'dtls1_retrieve_buffered_fragment()' DTLS Packet Denial of Service Vulnerability
BugTraq ID: 35138
Remote: Yes
Last Updated: 2009-09-22
Relevant URL: http://www.securityfocus.com/bid/35138
Summary:
OpenSSL is prone to a vulnerability that may allow attackers to cause denial-of-service conditions.

OpenSSL 1.0.0 Beta 2 is vulnerable; other versions may also be affected.

14. OpenSSL 'dtls1_retrieve_buffered_fragment()' DTLS Remote Denial of Service Vulnerability
BugTraq ID: 35417
Remote: Yes
Last Updated: 2009-09-22
Relevant URL: http://www.securityfocus.com/bid/35417
Summary:
OpenSSL is prone to a denial-of-service vulnerability caused by a NULL-pointer dereference.

An attacker can exploit this issue to crash the affected application, denying service to legitimate users.

Versions prior to OpenSSL 1.0.0 Beta 2 are vulnerable.

15. OpenSSL 'ChangeCipherSpec' DTLS Packet Denial of Service Vulnerability
BugTraq ID: 35174
Remote: Yes
Last Updated: 2009-09-22
Relevant URL: http://www.securityfocus.com/bid/35174
Summary:
OpenSSL is prone to a denial-of-service vulnerability caused by a NULL-pointer dereference condition.

An attacker can exploit this issue to crash the affected application, denying service to legitimate users.

Versions prior to OpenSSL 0.9.8i are vulnerable.

16. Snort Unified1 Output Remote Denial Of Service Vulnerability
BugTraq ID: 36473
Remote: Yes
Last Updated: 2009-09-22
Relevant URL: http://www.securityfocus.com/bid/36473
Summary:
Snort is affected by a denial-of-service vulnerability because the application fails to properly process unified1 output.

Attackers can leverage this issue by sending malformed network packets that will produce corrupted logs and alerts, causing denial-of-service conditions.

Snort 2.8.1 through 2.8.4 are affected.

17. Linux Kernel 'sock_sendpage()' NULL Pointer Dereference Vulnerability
BugTraq ID: 36038
Remote: No
Last Updated: 2009-09-22
Relevant URL: http://www.securityfocus.com/bid/36038
Summary:
The Linux kernel is prone to a local NULL-pointer dereference vulnerability.

A local attacker can exploit this issue to execute arbitrary code with superuser privileges or crash an affected kernel, denying service to legitimate users.

Versions prior to the Linux kernel 2.4.37.5 and 2.6.31-rc6 are vulnerable.

18. Linux Kernel RTL8169 NIC Remote Denial of Service Vulnerability
BugTraq ID: 35281
Remote: Yes
Last Updated: 2009-09-22
Relevant URL: http://www.securityfocus.com/bid/35281
Summary:
The Linux Kernel is prone to a remote denial-of-service vulnerability.

An attacker can exploit this issue to crash the system, denying service to legitimate users.
Given the nature of this issue, the attacker may also be able to run arbitrary code, but this has not been confirmed.

Versions prior to Linux Kernel 2.6.30 are vulnerable.

19. Linux Kernel 'udp_sendmsg()' MSG_MORE Flag Local Privilege Escalation Vulnerability
BugTraq ID: 36108
Remote: No
Last Updated: 2009-09-22
Relevant URL: http://www.securityfocus.com/bid/36108
Summary:
The Linux kernel is prone to a local privilege-escalation vulnerability.

A local attacker can exploit this issue to execute arbitrary code with superuser privileges, resulting in a complete compromise of the affected computer. Failed exploit attempts may cause denial-of-service conditions.

Versions prior to the Linux Kernel 2.6.19 are vulnerable.

20. Linux kernel 'O_EXCL' NFSv4 Privilege Escalation Vulnerability
BugTraq ID: 36472
Remote: No
Last Updated: 2009-09-22
Relevant URL: http://www.securityfocus.com/bid/36472
Summary:
The Linux kernel is prone to a privilege-escalation vulnerability.

Local attackers may be able to exploit this issue to execute arbitrary code with the privileges of another user and compromise the affected computer.

Versions prior to Linux kernel 2.6.19-rc6 are vulnerable.

21. Debian and Ubuntu Postfix Insecure Temporary File Creation Vulnerability
BugTraq ID: 36469
Remote: No
Last Updated: 2009-09-22
Relevant URL: http://www.securityfocus.com/bid/36469
Summary:
Postfix on Debian and Ubuntu creates temporary files in an insecure manner.

An attacker with local access could potentially exploit this issue to perform symbolic-link attacks, overwriting arbitrary files in the context of the affected application.

Successfully mounting a symlink attack may allow the attacker to delete or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.

This issue affects the following:

Postfix 2.5.5 on Debian 4.0 (and later)
Postfix 2.5.5 on Ubuntu 6.06 LTS (and later)

Other versions may also be affected.

22. HP-UX RBAC Unspecified Local Unauthorized Access Vulnerability
BugTraq ID: 36476
Remote: No
Last Updated: 2009-09-22
Relevant URL: http://www.securityfocus.com/bid/36476
Summary:
HP-UX is prone to a local unspecified unauthorized-access vulnerability.

This issue affects the following versions running Role-Based Access Control (RBAC):

HP-UX B.11.23
HP-UX B.11.31

23. Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability
BugTraq ID: 35263
Remote: Yes
Last Updated: 2009-09-22
Relevant URL: http://www.securityfocus.com/bid/35263
Summary:
Apache Tomcat is prone to a remote information-disclosure vulnerability.

Attackers can exploit this issue to obtain sensitive information that may lead to further attacks.

The following versions of Apache Tomcat are vulnerable:

6.0.0-6.0.18
5.5.0-5.5.27
4.1.0-4.1.39

24. Apache Tomcat Cookie Quote Handling Remote Information Disclosure Vulnerability
BugTraq ID: 27706
Remote: Yes
Last Updated: 2009-09-22
Relevant URL: http://www.securityfocus.com/bid/27706
Summary:
Apache Tomcat is prone to an information-disclosure vulnerability because it fails to adequately sanitize user-supplied data.

Attackers can exploit this issue to access potentially sensitive data that may aid in further attacks.

Versions prior to Apache Tomcat 6.0.16 and 5.5.26 are vulnerable.

NOTE: This vulnerability is caused by an incomplete fix for BID 25316 - Apache Tomcat Multiple Remote Information Disclosure Vulnerabilities (CVE-2007-3385).

25. Apache Tomcat Form Authentication Existing/Non-Existing Username Enumeration Weakness
BugTraq ID: 35196
Remote: Yes
Last Updated: 2009-09-22
Relevant URL: http://www.securityfocus.com/bid/35196
Summary:
Apache Tomcat is prone to a username-enumeration weakness because it displays different responses to login attempts, depending on whether or not the username exists.

Attackers may exploit this weakness to discern valid usernames. This may aid them in brute-force password cracking or other attacks.

The following are vulnerable:

Tomcat 4.1.x (prior to 4.1.40)
Tomcat 5.5x (prior to 5.5.28)
Tomcat 6.0.x (prior to 6.0.20)

26. Apache Tomcat Java AJP Connector Invalid Header Denial of Service Vulnerability
BugTraq ID: 35193
Remote: Yes
Last Updated: 2009-09-22
Relevant URL: http://www.securityfocus.com/bid/35193
Summary:
Apache Tomcat is prone to a denial-of-service vulnerability.

Attackers can exploit this issue to cause the server to end up in an error state, denying service to legitimate users.

The following versions of Apache Tomcat are vulnerable:

6.0.0-6.0.18
5.5.0-5.5.27
4.1.0-4.1.39

27. Drupal Bibliography Module Biblio Item HTML Injection Vulnerability
BugTraq ID: 36521
Remote: Yes
Last Updated: 2009-09-25
Relevant URL: http://www.securityfocus.com/bid/36521
Summary:
The Bibliography module for Drupal is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content.

Attacker-supplied HTML and script code would run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.

Note that to exploit this issue, the attacker must have sufficient privileges to create content displayed by the Bibliography module.

The issue affects Bibliography 6.x-1.6; other versions may also be affected.

NOTE: This issue may be related to the vulnerability described in BID 35865 (Drupal Bibliography Module 'title' HTML Injection Vulnerability). We will update or retire this BID when more information becomes available.

28. Joomla! Fastball Component SQL Injection Vulnerability
BugTraq ID: 36520
Remote: Yes
Last Updated: 2009-09-25
Relevant URL: http://www.securityfocus.com/bid/36520
Summary:
The Fastball component ('com_fastball') for Joomla! is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

The issue affects Fastball 1.2; other versions may also be affected.

29. Code-Crafters Ability Mail Server IMAP FETCH Request Remote Denial Of Service Vulnerability
BugTraq ID: 36519
Remote: Yes
Last Updated: 2009-09-25
Relevant URL: http://www.securityfocus.com/bid/36519
Summary:
Ability Mail Server is prone to a denial-of-service vulnerability because it fails to adequately handle IMAP requests.

Attackers can exploit this issue to cause the affected application to crash, denying service to legitimate users.

Versions prior to Ability Mail Server 2.70 are affected.

30. RETIRED: Mereo Malformed URI Remote Denial Of Service Vulnerability
BugTraq ID: 35014
Remote: Yes
Last Updated: 2009-09-25
Relevant URL: http://www.securityfocus.com/bid/35014
Summary:
Mereo is prone to a denial-of-service vulnerability because it fails to adequately sanitize user-supplied input.

Attackers can exploit this issue to crash the affected application, denying service to legitimate users.

Mereo 1.8.0 is vulnerable; other versions may also be affected.

UPDATE (September 24, 2009): The vendor refutes this issue, stating that they can't trigger the vulnerability.

NOTE: This BID is being retired because the application is not vulnerable as described.

31. OpenSAML 'use' Key Certificate Validation Security Bypass Vulnerability
BugTraq ID: 36516
Remote: Yes
Last Updated: 2009-09-24
Relevant URL: http://www.securityfocus.com/bid/36516
Summary:
OpenSAML is prone to a security-bypass vulnerability because of an error in verifying website certificates.

Successfully exploiting this issue allows attackers to perform man-in-the-middle attacks or impersonate trusted servers, which will aid in further attacks.

32. OpenSAML URI Handling Remote Buffer Overflow Vulnerability
BugTraq ID: 36514
Remote: Yes
Last Updated: 2009-09-24
Relevant URL: http://www.securityfocus.com/bid/36514
Summary:
OpenSAML is prone to a remote buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input before copying it to an insufficiently sized buffer.

Attackers can exploit this issue to execute arbitrary code in the context of an application that uses the library. Failed attacks may cause denial-of-service conditions.

Versions prior to OpenSAML 1.1.3 are vulnerable.

33. Samba Format String And Security Bypass Vulnerabilities
BugTraq ID: 35472
Remote: Yes
Last Updated: 2009-09-24
Relevant URL: http://www.securityfocus.com/bid/35472
Summary:
Samba is prone to multiple vulnerabilities.

Attackers can leverage these issues to execute arbitrary code within the context of the vulnerable application or to bypass certain security restrictions.

Samba 3.0.31 through 3.3.5 are affected.

34. ActiveCampaign 1-2-All Broadcast Email Admin Control Panel Username SQL Injection Vulnerability
BugTraq ID: 15400
Remote: Yes
Last Updated: 2009-09-24
Relevant URL: http://www.securityfocus.com/bid/15400
Summary:
ActiveCampaign 1-2-All Broadcast Email is prone to an SQL-injection vulnerability. This is an input-validation issue related to data that will be used in SQL queries, allowing a remote user to influence the structure and logic of a query.

Successful attacks could compromise the software. Depending on the database implementation and the nature of the affected query, the attacker may be able to gain unauthorized access to the database.

35. Newt Text Box Content Processing Remote Buffer Overflow Vulnerability
BugTraq ID: 36515
Remote: Yes
Last Updated: 2009-09-24
Relevant URL: http://www.securityfocus.com/bid/36515
Summary:
The Newt library is prone to a remote buffer-overflow vulnerability because the software fails to perform adequate boundary checks on user-supplied data.

An attacker can exploit this issue to execute arbitrary code with the privileges of the user running an application that relies on the affected library. Failed exploit attempts will result in a denial-of-service condition.

36. Kaspersky Online Scanner Security Bypass Vulnerability
BugTraq ID: 36243
Remote: Yes
Last Updated: 2009-09-24
Relevant URL: http://www.securityfocus.com/bid/36243
Summary:
Kaspersky Online Scanner is prone to a security-bypass vulnerability.

Successfully exploiting this issue allows attackers to perform man-in-the-middle attacks or impersonate trusted servers, which will aid in further attacks.

Online Scanner 7.0 is affected; other versions may also be vulnerable.

37. e107 News Email Referer Header Cross Site Scripting Vulnerability
BugTraq ID: 36517
Remote: Yes
Last Updated: 2009-09-24
Relevant URL: http://www.securityfocus.com/bid/36517
Summary:
The 'e107' program is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.

38. Serendipity Freetag Plugin SQL Injection Vulnerability
BugTraq ID: 36376
Remote: Yes
Last Updated: 2009-09-24
Relevant URL: http://www.securityfocus.com/bid/36376
Summary:
Serendipity Freetag plugin is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

This issue affects versions prior to Serendipity Freetag 3.08.

39. Dovecot Sieve Plugin Multiple Unspecified Buffer Overflow Vulnerabilities
BugTraq ID: 36377
Remote: Yes
Last Updated: 2009-09-24
Relevant URL: http://www.securityfocus.com/bid/36377
Summary:
Dovecot Sieve plugin is prone to multiple buffer-overflow vulnerabilities.

Successful exploits may allow attackers to execute arbitrary code within the context of the affected application or to cause denial-of-service conditions.

No further details are currently available. We will update this BID as more information emerges.

These issues affect versions prior to Dovecot Sieve 1.1.7 and 1.0.4.

40. Extended Module Player (xmp) 'oxm.c' And 'dtt_load.c' Multiple Local Buffer Overflow Vulnerabilities
BugTraq ID: 27047
Remote: No
Last Updated: 2009-09-24
Relevant URL: http://www.securityfocus.com/bid/27047
Summary:
Extended Module Player (xmp) is prone to multiple local buffer-overflow vulnerabilities because it fails to perform adequate boundary checks before copying user-supplied input into an insufficiently sized buffer.

These issues occur when the application handles specially crafted OXM and DTT files.

Attackers can exploit these issues to execute arbitrary code that could compromise the affected computer. Failed attacks will likely cause denial-of-service conditions.

Extended Media Player 2.5.1 is vulnerable; other versions may also be affected.

41. Ruby on Rails Form Helpers Unicode String Handling Cross Site Scripting Vulnerability
BugTraq ID: 36278
Remote: Yes
Last Updated: 2009-09-24
Relevant URL: http://www.securityfocus.com/bid/36278
Summary:
Ruby on Rails is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks

NOTE: The vendor has reported that this issue may also lead to HTML-injection attacks in some configurations.

Ruby on Rails 2.x.x (prior to 2.3.4 and 2.2.3) are affected.

42. ProFTPD 'mod_sql' Username SQL Injection Vulnerability
BugTraq ID: 33722
Remote: Yes
Last Updated: 2009-09-24
Relevant URL: http://www.securityfocus.com/bid/33722
Summary:
ProFTPD is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to manipulate SQL queries, modify data, or exploit latent vulnerabilities in the underlying database. This may result in unauthorized access and a compromise of the application; other attacks are also possible.

ProFTPD 1.3.1 through 1.3.2 rc 2 are vulnerable.

43. PHP 'exif_read_data()' JPEG Image Processing Denial Of Service Vulnerability
BugTraq ID: 35440
Remote: Yes
Last Updated: 2009-09-24
Relevant URL: http://www.securityfocus.com/bid/35440
Summary:
PHP is prone to a denial-of-service vulnerability in its 'exif_read_data()' function.

Successful exploits may allow remote attackers to cause denial-of-service conditions in applications that use the vulnerable function.

Versions prior to PHP 5.2.10 are affected.

44. FreeType Multiple Integer Overflow Vulnerabilities
BugTraq ID: 34550
Remote: Yes
Last Updated: 2009-09-24
Relevant URL: http://www.securityfocus.com/bid/34550
Summary:
FreeType is prone to multiple integer-overflow vulnerabilities because it fails to properly validate user-supplied input.

Successful exploits may allow attackers to execute arbitrary code in the context of applications that use the affected library. Failed exploit attempts will likely result in denial-of-service conditions.

These issues affect FreeType 2.3.9; other versions may also be affected.

45. PostgreSQL Multiple Security Vulnerabilities
BugTraq ID: 36314
Remote: Yes
Last Updated: 2009-09-24
Relevant URL: http://www.securityfocus.com/bid/36314
Summary:
PostgreSQL is prone to multiple security vulnerabilities, including a denial-of-service issue, a privilege-escalation issue, and an authentication-bypass issue.

Attackers can exploit these issues to shut down affected servers, perform certain actions with elevated privileges, and bypass authentication mechanisms to perform unauthorized actions. Other attacks may also be possible.

46. MySQL 'sql_parse.cc' Multiple Format String Vulnerabilities
BugTraq ID: 35609
Remote: Yes
Last Updated: 2009-09-24
Relevant URL: http://www.securityfocus.com/bid/35609
Summary:
MySQL is prone to multiple format-string vulnerabilities.

Attackers can leverage these issues to execute arbitrary code within the context of the vulnerable application. Failed attacks will likely cause denial-of-service conditions.

MySQL 4.0.0 through 5.0.75 are vulnerable; other versions may also be affected.

47. MySQL Command Line Client HTML Special Characters HTML Injection Vulnerability
BugTraq ID: 31486
Remote: Yes
Last Updated: 2009-09-24
Relevant URL: http://www.securityfocus.com/bid/31486
Summary:
MySQL is prone to an HTML-injection vulnerability because the application's command-line client fails to properly sanitize user-supplied input before using it in dynamically generated content.

Attacker-supplied HTML and script code would run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.

48. Lyris ListManager Multiple Remote Vulnerabilities
BugTraq ID: 36509
Remote: Yes
Last Updated: 2009-09-24
Relevant URL: http://www.securityfocus.com/bid/36509
Summary:
Lyris ListManager is prone to multiple vulnerabilities:

- An information-disclosure weakness
- Information-disclosure vulnerabilities
- SQL-injection vulnerabilities
- HTML-injection vulnerabilities
- Cross-site scripting vulnerabilities

Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, obtain sensitive information, access or modify data, or exploit latent vulnerabilities in the underlying database.

49. Drupal Devel Module Variable Editor HTML Injection Vulnerability
BugTraq ID: 36508
Remote: Yes
Last Updated: 2009-09-24
Relevant URL: http://www.securityfocus.com/bid/36508
Summary:
The Devel module for Drupal is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content.

Attacker-supplied HTML and script code would run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.

Versions prior to Devel 6.x-1.18 and 5.x-1.2 are affected.

50. Drupal Markdown Preview Module Live Preview HTML Injection Vulnerability
BugTraq ID: 36505
Remote: Yes
Last Updated: 2009-09-24
Relevant URL: http://www.securityfocus.com/bid/36505
Summary:
The Markdown Preview module for Drupal is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content.

Attacker-supplied HTML and script code would run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.

Markdown 6.x is vulnerable; other versions may also be affected.

51. OSSIM SQL Injection, Cross Site Scripting and Unauthorized Access Vulnerabilities
BugTraq ID: 36504
Remote: Yes
Last Updated: 2009-09-24
Relevant URL: http://www.securityfocus.com/bid/36504
Summary:
OSSIM is prone to multiple input-validation vulnerabilities, including SQL-injection issues, a cross-site scripting issue, and unauthorized-access issues.

Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Versions prior to OSSIM 2.1.2 are affected.

52. Cyrus IMAP Server SIEVE Script Local Buffer Overflow Vulnerability
BugTraq ID: 36296
Remote: No
Last Updated: 2009-09-24
Relevant URL: http://www.securityfocus.com/bid/36296
Summary:
Cyrus IMAP Server is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data.

A local attacker can exploit this issue to execute arbitrary code as the affected process, possibly resulting in elevated privileges. Failed exploit attempts will likely cause denial-of-service conditions.

Cryus IMAP Server 2.2.13 is vulnerable; other versions may also be affected.

53. Xfig Multiple Insecure Temporary File Creation Vulnerabilities
BugTraq ID: 34328
Remote: No
Last Updated: 2009-09-24
Relevant URL: http://www.securityfocus.com/bid/34328
Summary:
Xfig creates temporary files in an insecure manner.

An attacker with local access could potentially exploit these issues to perform symbolic-link attacks, overwriting arbitrary files in the context of the affected application.

Successfully mounting a symlink attack may allow the attacker to delete or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.

54. Adobe RoboHelp Server Authentication Bypass Vulnerability
BugTraq ID: 36245
Remote: Yes
Last Updated: 2009-09-24
Relevant URL: http://www.securityfocus.com/bid/36245
Summary:
Adobe RoboHelp Server is prone to an authentication-bypass vulnerability. An attacker can exploit this issue to upload and execute arbitrary code with SYSTEM-level privileges.

RoboHelp Server 8.0 is affected; other versions may also be vulnerable.

55. WebKit Numeric Character References Remote Memory Corruption Vulnerability
BugTraq ID: 35607
Remote: Yes
Last Updated: 2009-09-24
Relevant URL: http://www.securityfocus.com/bid/35607
Summary:
WebKit is prone to a remote memory-corruption vulnerability.

An attacker can exploit this issue to execute arbitrary code in the context of the application. Failed exploit attempts will result in a denial-of-service condition.

56. WebKit 'Attr' DOM Objects Remote Code Execution Vulnerability
BugTraq ID: 35310
Remote: Yes
Last Updated: 2009-09-24
Relevant URL: http://www.securityfocus.com/bid/35310
Summary:
WebKit is prone to a remote code-execution vulnerability.

Attackers may exploit this issue to execute arbitrary code in the context of the application. Failed exploit attempts will result in a denial-of-service condition.

NOTE: This issue was previously covered in BID 35260 (Apple Safari Prior to 4.0 Multiple Security Vulnerabilities), but has been assigned its own record to better document it.

57. WebKit Java Applet Remote Code Execution Vulnerability
BugTraq ID: 35350
Remote: Yes
Last Updated: 2009-09-24
Relevant URL: http://www.securityfocus.com/bid/35350
Summary:
WebKit is prone to a remote code-execution vulnerability.

Successfully exploiting this issue will allow attackers to execute arbitrary code or obtain sensitive information.

NOTE: This issue was previously covered in BID 35260 (Apple Safari Prior to 4.0 Multiple Security
Vulnerabilities), but has been assigned its own record to better document it.

58. WebKit CSS 'Attr' Function Remote Code Execution Vulnerability
BugTraq ID: 35318
Remote: Yes
Last Updated: 2009-09-24
Relevant URL: http://www.securityfocus.com/bid/35318
Summary:
WebKit is prone to a remote code-execution vulnerability.

Attackers may exploit this issue to execute arbitrary code in the context of the application. Failed exploit attempts will result in a denial-of-service condition.

NOTE: This issue was previously covered in BID 35260 (Apple Safari Prior to 4.0 Multiple Security Vulnerabilities), but has been assigned its own record to better document it.

59. WebKit SVGList Objects Remote Memory Corruption Vulnerability
BugTraq ID: 34924
Remote: Yes
Last Updated: 2009-09-24
Relevant URL: http://www.securityfocus.com/bid/34924
Summary:
WebKit is prone to a remote memory-corruption vulnerability.

An attacker can exploit this issue to execute arbitrary code in the context of the application. Failed exploit attempts will result in a denial-of-service condition.

The issue also affects the following:

Apple Safari prior to 3.2.3
Apple Mac OS X v10.5 through v10.5.6,
Apple Mac OS X Server v10.5 through v10.5.6
Google Chrome prior to 1.0.154.65

60. WebKit JavaScript Garbage Collector Memory Corruption Vulnerability
BugTraq ID: 35309
Remote: Yes
Last Updated: 2009-09-24
Relevant URL: http://www.securityfocus.com/bid/35309
Summary:
WebKit is prone to a memory-corruption vulnerability.

Attackers may exploit this issue to execute arbitrary code in the context of the application. Failed attack attempts will result in a denial-of-service condition.

NOTE: This issue was previously covered in BID 35260 (Apple Safari Prior to 4.0 Multiple Security Vulnerabilities), but has been assigned its own record to better document it.

61. WebKit DOM Event Handler Remote Memory Corruption Vulnerability
BugTraq ID: 35271
Remote: Yes
Last Updated: 2009-09-24
Relevant URL: http://www.securityfocus.com/bid/35271
Summary:
WebKit is prone to a remote memory-corruption vulnerability.

An attacker can exploit this issue to execute arbitrary code in the context of the application. Failed exploit attempts will result in a denial-of-service condition.

NOTE: This issue was previously covered in BID 35260 (Apple Safari Prior to 4.0 Multiple Security Vulnerabilities), but has been assigned its own record to better document it.

62. GNOME GLib Symbolic Link Arbitrary File Access Vulnerability
BugTraq ID: 36313
Remote: No
Last Updated: 2009-09-24
Relevant URL: http://www.securityfocus.com/bid/36313
Summary:
GNOME GLib is prone to an arbitrary-file-access vulnerability.

Local attackers can exploit this issue to obtain sensitive information or overwrite files on the affected computer. Successful exploits may lead to other attacks.

63. Apache APR and APR-util Multiple Integer Overflow Vulnerabilities
BugTraq ID: 35949
Remote: Yes
Last Updated: 2009-09-24
Relevant URL: http://www.securityfocus.com/bid/35949
Summary:
Apache APR (Apache Portable Runtime) and 'APR-util' are prone to multiple integer-overflow vulnerabilities.

Attackers can exploit these issues to execute arbitrary code in the context of an application that uses the affected library. Successful exploits will compromise the affected application and possibly the computer. Failed attacks will cause denial-of-service conditions.

64. Apache mod_proxy_ftp Remote Command Injection Vulnerability
BugTraq ID: 36254
Remote: Yes
Last Updated: 2009-09-24
Relevant URL: http://www.securityfocus.com/bid/36254
Summary:
The Apache mod_proxy_ftp module is prone to a remote command-injection vulnerability because it fails to adequately sanitize user-supplied input data.

Attackers can exploit this issue to execute arbitrary commands within the context of the affected application.

65. Apache mod_proxy_ftp Module NULL Pointer Dereference Denial Of Service Vulnerability
BugTraq ID: 36260
Remote: Yes
Last Updated: 2009-09-24
Relevant URL: http://www.securityfocus.com/bid/36260
Summary:
The Apache 'mod_proxy_ftp' module is prone to a denial-of-service vulnerability because of a NULL-pointer dereference.

Successful exploits may allow remote attackers to cause denial-of-service conditions. Given the nature of this issue, attackers may also be able to run arbitrary code, but this has not been confirmed.

66. Joomla!/Mambo Tupinambis Component SQL Injection Vulnerability
BugTraq ID: 36511
Remote: Yes
Last Updated: 2009-09-24
Relevant URL: http://www.securityfocus.com/bid/36511
Summary:
The Tupinambis component ('com_tupinambis') for Joomla! and Mambo is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Tupinambis 1.0 is affected; other versions may also be vulnerable.

67. Linux Kernel KVM 'kvm_emulate_hypercall()' Local Denial of Service Vulnerability
BugTraq ID: 36512
Remote: No
Last Updated: 2009-09-24
Relevant URL: http://www.securityfocus.com/bid/36512
Summary:
The Linux kernel is prone to a local denial-of-service vulnerability that affects the Kernel-based Virtual Machine (KVM).

Attackers can exploit this issue to crash a guest kernel or potentially gain read or write access to guest kernel memory.

Linux kernel 2.6.25-rc1 through 2.6.30 are affected. Kernel 2.6.31 is not affected by this issue.

68. Sun Solaris Trusted Extensions Common Desktop Environment Local Privilege Escalation Vulnerability
BugTraq ID: 36510
Remote: No
Last Updated: 2009-09-24
Relevant URL: http://www.securityfocus.com/bid/36510
Summary:
Sun Solaris Trusted Extensions Common Desktop Environment (CDE) is prone to a local privilege-escalation vulnerability. This issue may also allow attackers to bypass the Mandatory Access Control (MAC) policy.

A local attacker can exploit this vulnerability to run arbitrary code with superuser privileges or gain access to restricted data.

Computers that have Solaris Trusted Extensions installed and configured on Solaris 10 running on x86 or SPARC platforms are affected.

69. IBM Lotus Connections 'simpleSearch.do' Cross Site Scripting Vulnerability
BugTraq ID: 36513
Remote: Yes
Last Updated: 2009-09-24
Relevant URL: http://www.securityfocus.com/bid/36513
Summary:
IBM Lotus Connections is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks

IBM Lotus Connections 2.0.1 is affected; other versions may be vulnerable as well.

70. Drupal Meta tags (Nodewords) Module Unauthorized Access Vulnerability
BugTraq ID: 36506
Remote: Yes
Last Updated: 2009-09-23
Relevant URL: http://www.securityfocus.com/bid/36506
Summary:
The Drupal Meta tags (Nodewords) module is prone to an unauthorized-access vulnerability because it fails to adequately enforce access permissions.

An attacker can exploit this vulnerability to gain unauthorized access to the application; other attacks may also possible.

Versions prior to Meta tags (Nodewords) 6.x-1.1 are vulnerable.

71. Avast! Antivirus 'aswMon2.sys' Driver Local Privilege Escalation Vulnerability
BugTraq ID: 36507
Remote: No
Last Updated: 2009-09-23
Relevant URL: http://www.securityfocus.com/bid/36507
Summary:
Avast! Antivirus is prone to a local privilege-escalation vulnerability.

Local attackers can exploit this issue to execute arbitrary code with superuser privileges and completely compromise the affected computer. Failed exploit attempts will result in a denial-of-service condition.

Avast! Antivirus 4.8.1351.0 is vulnerable; other versions may also be affected.

72. BakBone NetVault Backup 'npvmgr.exe' Remote Denial Of Service Vulnerability
BugTraq ID: 36489
Remote: Yes
Last Updated: 2009-09-23
Relevant URL: http://www.securityfocus.com/bid/36489
Summary:
BakBone NetVault Backup is affected by a remote denial-of-service vulnerability.

Attackers can leverage this issue by sending specially crafted network packets.

NetVault Backup 8.22 Build 29 is vulnerable; other versions may be affected as well.

73. TCP/IP Protocol Stack Multiple Remote Denial Of Service Vulnerabilities
BugTraq ID: 31545
Remote: Yes
Last Updated: 2009-09-23
Relevant URL: http://www.securityfocus.com/bid/31545
Summary:
The core TCP/IP protocol is prone to multiple remote denial-of-service vulnerabilities.

The issues are tracked by Cisco Bug IDs CSCsv04836, CSCsv07712, CSCsv66169, CSCsv02768, CSCsv08325, and CSCsv08579.

These issues are reported to affect multiple vendors' implementations of the TCP/IP stack.

74. Vastal I-Tech Agent Zone SQL Injection Vulnerability
BugTraq ID: 36503
Remote: Yes
Last Updated: 2009-09-23
Relevant URL: http://www.securityfocus.com/bid/36503
Summary:
Agent Zone is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

75. Vastal I-Tech DVD Zone 'mag_id' Parameter Cross Site Scripting and SQL Injection Vulnerabilities
BugTraq ID: 36487
Remote: Yes
Last Updated: 2009-09-23
Relevant URL: http://www.securityfocus.com/bid/36487
Summary:
DVD Zone is prone to an SQL-injection vulnerability and a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.

Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

76. Vastal I-Tech Cosmetics Zone 'view_products.php' SQL Injection Vulnerability
BugTraq ID: 36485
Remote: Yes
Last Updated: 2009-09-23
Relevant URL: http://www.securityfocus.com/bid/36485
Summary:
Cosmetics Zone is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

77. Vastal I-Tech MMORPG 'view_news.php' SQL Injection Vulnerability
BugTraq ID: 36483
Remote: Yes
Last Updated: 2009-09-23
Relevant URL: http://www.securityfocus.com/bid/36483
Summary:
MMORPG is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

78. Cisco IOS NTPv4 Reply Packet Remote Denial of Service Vulnerability
BugTraq ID: 36502
Remote: Yes
Last Updated: 2009-09-23
Relevant URL: http://www.securityfocus.com/bid/36502
Summary:
Cisco IOS is prone to a remote denial-of-service vulnerability.

An attacker can exploit this issue to cause an affected device to reload, denying service to legitimate users.

This issue is being tracked by Cisco Bug IDs CSCsu24505 and CSCsv75948.

79. Cisco IOS Specially Crafted Encryption Packet Denial of Service Vulnerability
BugTraq ID: 36493
Remote: Yes
Last Updated: 2009-09-23
Relevant URL: http://www.securityfocus.com/bid/36493
Summary:
Cisco IOS is prone to a remote denial-of-service vulnerability.

An attacker can exploit this issue to cause an affected device to reload, denying service to legitimate users.

This issue is being tracked by Cisco Bug ID CSCsq24002.http://tools.cisco.com/Support/BugToolKit/search/getBugDetail
s.do?method=fetchBugDetails&bugId=CSCsq24002

80. Cisco IOS Zone-Based Policy Firewall SIP Inspection Denial of Service Vulnerability
BugTraq ID: 36492
Remote: Yes
Last Updated: 2009-09-23
Relevant URL: http://www.securityfocus.com/bid/36492
Summary:
Cisco IOS is prone to a remote denial-of-service vulnerability.

An attacker can exploit this issue to cause an affected device to reload, denying service to legitimate users.

This issue is being tracked by Cisco Bug ID CSCsr18691.

81. Cisco IOS Software Tunnels Multiple Denial of Service Vulnerabilities
BugTraq ID: 36500
Remote: Yes
Last Updated: 2009-09-23
Relevant URL: http://www.securityfocus.com/bid/36500
Summary:
Cisco IOS is prone to multiple remote denial-of-service vulnerabilities.

An attacker can exploit these issues to cause an affected device to reload, denying service to legitimate users.

These issues are being tracked by Cisco Bug IDs CSCsh97579, CSCsq31776, and CSCsx70889.

82. Cisco IOS Software Internet Key Exchange Resource Exhaustion Denial of Service Vulnerability
BugTraq ID: 36497
Remote: Yes
Last Updated: 2009-09-23
Relevant URL: http://www.securityfocus.com/bid/36497
Summary:
Cisco IOS is prone to a remote denial-of-service vulnerability.

An attacker can exploit this issue to consume all available Phase 1 security associations, which may prevent new IPSec sessions from being established.

This issue is being tracked by Cisco Bug IDs CSCsy07555 and CSCee72997.

83. Cisco IOS SIP Message Denial of Service Vulnerability
BugTraq ID: 36499
Remote: Yes
Last Updated: 2009-09-23
Relevant URL: http://www.securityfocus.com/bid/36499
Summary:
Cisco IOS is prone to a denial-of-service vulnerability.

An attacker can exploit this issue to cause an affected device to crash and reload, denying service to legitimate users.

This issue is tracked by Cisco Bug ID CSCsx25880.

84. Cisco Unified Communications Manager Express Extension Mobility Buffer Overflow Vulnerability
BugTraq ID: 36498
Remote: Yes
Last Updated: 2009-09-23
Relevant URL: http://www.securityfocus.com/bid/36498
Summary:
Cisco IOS devices configured for Unified Communications Manager Express and the Extension Mobility feature are prone to a buffer-overflow vulnerability.

Attackers can exploit this issue to execute arbitrary code or to cause denial-of-service conditions.

This issue is documented by Cisco Bug ID CSCsq58779.

85. Cisco Unified Communications Manager SIP Message Denial of Service Vulnerability
BugTraq ID: 36496
Remote: Yes
Last Updated: 2009-09-23
Relevant URL: http://www.securityfocus.com/bid/36496
Summary:
Cisco Unified Communications Manager is prone to a denial-of-service vulnerability.

An attacker can exploit this issue to cause an interruption in voice services, denying service to legitimate users.

This issue is tracked by Cisco Bug ID CSCsz95423.

86. Cisco IOS Object Group Access Control List Bypass Vulnerability
BugTraq ID: 36495
Remote: Yes
Last Updated: 2009-09-23
Relevant URL: http://www.securityfocus.com/bid/36495
Summary:
Cisco IOS is prone to a security-bypass vulnerability.

An attacker can exploit this issue to bypass access control lists (ACLs), which may aid in further attacks.

This issue is documented by the following Cisco Bug IDs:

CSCsx07114
CSCsu70214
CSCsw47076
CSCsv48603
CSCsy54122
CSCsu50252

87. VLC Media Player Multiple Remote Stack Buffer Overflow Vulnerabilities
BugTraq ID: 36439
Remote: Yes
Last Updated: 2009-09-23
Relevant URL: http://www.securityfocus.com/bid/36439
Summary:
VLC media player is prone to multiple stack-based buffer-overflow vulnerabilities.

Attackers can exploit these issues to execute arbitrary code in the context of the affected application or crash the application, denying service to legitimate users.

VLC media player 1.0.1 is vulnerable; prior versions may also be affected.

88. LibTIFF 'LZWDecodeCompat()' Remote Buffer Underflow Vulnerability
BugTraq ID: 35451
Remote: Yes
Last Updated: 2009-09-23
Relevant URL: http://www.securityfocus.com/bid/35451
Summary:
LibTIFF is prone to a remote buffer-underflow vulnerability because it fails to perform adequate boundary checks on user-supplied data.

An attacker can exploit this issue to execute arbitrary malicious code in the context of a user running an application that uses the affected library. Failed exploit attempts will likely crash the application.

LibTIFF 3.8.2 is vulnerable; other versions may be affected as well.

89. Cisco IOS H.323 Denial of Service Vulnerability
BugTraq ID: 36494
Remote: Yes
Last Updated: 2009-09-23
Relevant URL: http://www.securityfocus.com/bid/36494
Summary:
Cisco IOS is prone to a remote denial-of-service vulnerability.

An attacker can exploit this issue to cause the affected device to reload, denying service to legitimate users.

This issue is being tracked by Cisco Bug ID CSCsz38104.

90. Cisco IOS Authentication Proxy for HTTP(S) Authentication Bypass Vulnerability
BugTraq ID: 36491
Remote: Yes
Last Updated: 2009-09-23
Relevant URL: http://www.securityfocus.com/bid/36491
Summary:
Cisco IOS is prone to a remote authentication-bypass vulnerability.

Successfully exploiting this issue allows remote attackers to gain access to vulnerable devices without requiring successful authentication.

This issue is being tracked by Cisco bug ID CSCsy15227.

91. nginx WebDAV Multiple Directory Traversal Vulnerabilities
BugTraq ID: 36490
Remote: Yes
Last Updated: 2009-09-23
Relevant URL: http://www.securityfocus.com/bid/36490
Summary:
The 'nginx' program is prone to multiple directory-traversal vulnerabilities because the software fails to sufficiently sanitize user-supplied input.

An attacker can exploit these issues using directory-traversal strings ('../') to overwrite arbitrary files outside the root directory.

These issues affect nginx 0.7.61 and 0.7.62; other versions may also be affected.

92. Joomla! JoomlaFacebook Component SQL Injection Vulnerability
BugTraq ID: 36484
Remote: Yes
Last Updated: 2009-09-23
Relevant URL: http://www.securityfocus.com/bid/36484
Summary:
The JoomlaFacebook component ('com_facebook') for Joomla! is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

93. Joomla! SportFusion Component SQL Injection Vulnerability
BugTraq ID: 36481
Remote: Yes
Last Updated: 2009-09-23
Relevant URL: http://www.securityfocus.com/bid/36481
Summary:
The SportFusion component ('com_sportfusion') for Joomla! is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

SportFusion 0.2.2 and 0.2.3 are affected; other versions may also be vulnerable.

94. Apple QuickTime Multiple Arbitrary Code Execution Vulnerabilities
BugTraq ID: 36328
Remote: Yes
Last Updated: 2009-09-23
Relevant URL: http://www.securityfocus.com/bid/36328
Summary:
Apple QuickTime is prone to multiple vulnerabilities that may allow remote attackers to execute arbitrary code.

These issues arise when the application handles specially crafted H.264, MPEG-4, and FlashPix video files. Successful exploits may allow attackers to execute arbitrary code in the context of the currently logged-in user; failed exploit attempts will cause denial-of-service conditions.

Versions prior to QuickTime 7.6.4 are vulnerable on Windows 7, Vista, XP, and Mac OS X platforms.

95. MaxWebPortal 'forum.asp' SQL Injection Vulnerability
BugTraq ID: 36480
Remote: Yes
Last Updated: 2009-09-23
Relevant URL: http://www.securityfocus.com/bid/36480
Summary:
MaxWebPortal is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

96. Google Chrome NULL Character CA SSL Certificate Validation Security Bypass Vulnerability
BugTraq ID: 36479
Remote: Yes
Last Updated: 2009-09-23
Relevant URL: http://www.securityfocus.com/bid/36479
Summary:
Google Chrome is prone to a security-bypass vulnerability because it fails to properly validate the domain name in a signed CA certificate, allowing attackers to substitute malicious SSL certificates for trusted ones.

Successfully exploiting this issue allows attackers to perform man-in-the-middle attacks or impersonate trusted servers, which will aid in further attacks.

97. Sun Solaris XScreenSaver X Resize and Rotate Local Information Disclosure Vulnerability
BugTraq ID: 36488
Remote: No
Last Updated: 2009-09-23
Relevant URL: http://www.securityfocus.com/bid/36488
Summary:
Solaris XScreenSaver is prone to a local information-disclosure vulnerability.

A local attacker can exploit this issue to obtain sensitive information that may lead to further attacks.

This issue affects the following on both SPARC and x86 platforms:

Solaris 10
OpenSolaris based on builds snv_01 through snv_111

98. Sun Solaris Cluster Local Privilege Escalation Vulnerability
BugTraq ID: 36486
Remote: No
Last Updated: 2009-09-23
Relevant URL: http://www.securityfocus.com/bid/36486
Summary:
Sun Solaris Cluster is prone to a local privilege-escalation vulnerability.

A local attacker can exploit this vulnerability to run arbitrary code with superuser privileges.

Solaris Cluster 3.2 is vulnerable.

99. Apple iTunes '.pls' File Buffer Overflow Vulnerability
BugTraq ID: 36478
Remote: Yes
Last Updated: 2009-09-22
Relevant URL: http://www.securityfocus.com/bid/36478
Summary:
Apple iTunes is prone to a buffer-overflow vulnerability because the software fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.

An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.

Versions prior to Apple iTunes 9.0.1 are vulnerable.

100. NetCitadel Firewall Builder Script Generation Insecure Temporary File Creation Vulnerability
BugTraq ID: 36468
Remote: No
Last Updated: 2009-09-22
Relevant URL: http://www.securityfocus.com/bid/36468
Summary:
Firewall Builder creates temporary files in an insecure manner.

An attacker with local access could potentially exploit this issue to perform symbolic-link attacks, overwriting arbitrary files in the context of the affected application.

Successfully mounting a symlink attack may allow the attacker to delete or corrupt sensitive files or to execute arbitrary code with elevated privileges.

Firewall Builder 3.0.4, 3.0.5, and 3.0.6 are vulnerable; other versions may also be affected.

III. SECURITYFOCUS NEWS ARTICLES
--------------------------------
1. Popular apps need better patching, says report
By: Robert Lemos
A report using data from two security vendors finds that ubiquitous applications, such as Apple's QuickTime and Adobe Flash, are not patched fast enough by their users.
http://www.securityfocus.com/news/11560

2. Hacker charged with Heartland, other breaches
By: Robert Lemos
A federal grand jury indicts a Florida man already charged with stealing data from TJX with allegedly helping breach five more companies.
http://www.securityfocus.com/news/11557

3. Web attacks hit U.S., South Korean sites
By: Robert Lemos
In its fourth day, a widespread distributed denial-of-service attack continued to inundate U.S. government and South Korean Web sites with network traffic.
http://www.securityfocus.com/news/11554

4. FTC persuades court to shutter rogue ISP
By: Robert Lemos
A federal district court shuts down Triple Fiber Network, after the Federal Trade Commission documents the Internet service provider's cooperation with online criminals and child pornographers.
http://www.securityfocus.com/news/11552

IV. SECURITY JOBS LIST SUMMARY
-------------------------------
V. INCIDENTS LIST SUMMARY
---------------------------
VI. VULN-DEV RESEARCH LIST SUMMARY
-----------------------------------
VII. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
VIII. SUN FOCUS LIST SUMMARY
----------------------------
IX. LINUX FOCUS LIST SUMMARY
----------------------------
X. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to sf-news-unsubscribe (at) securityfocus (dot) com [email concealed] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin (at) securityfocus (dot) com [email concealed] and ask to be manually removed.

XI. SPONSOR INFORMATION
------------------------
This issue is sponsored by Entrust

Go Green for Less Green
Give your customers the highest level of assurance
Give your customers the green address bar
Entrust EV SSL Certificates - Now from only $199 per year

http://www.entrust.net/securityfocus-ev

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus