SecurityFocus News
SecurityFocus Newsletter #512 Nov 02 2009 11:51PM
sfa securityfocus com
SecurityFocus Newsletter #512
----------------------------------------

This issue is sponsored by Entrust

Go Green for Less Green
Give your customers the highest level of assurance
Give your customers the green address bar
Entrust EV SSL Certificates - Now from only $199 per year

http://www.entrust.net/securityfocus-ev

------------------------------------------------------------------
I. FRONT AND CENTER
1. Time to Squish SQL Injection
2. Lazy Workers May Be Deemed Hackers
II. BUGTRAQ SUMMARY
1. Mahara Admin Password Reset Security Bypass Vulnerability
2. Mahara Resume Blocktype Cross Site Scripting Vulnerability
3. Mozilla Firefox JavaScript Web-Workers Remote Code Execution Vulnerability
4. Drupal Insert Node Module HTML Injection Vulnerability
5. Drupal LDAP Integration Cross Site Scripting and Authentication Bypass Vulnerabilities
6. Microsoft GDI+ TIFF File Processing 'BitsPerSample' Tag Remote Code Execution Vulnerability
7. Microsoft GDI+ CCITT G4 TIFF File Processing Memory Corruption Remote Code Execution Vulnerability
8. Microsoft GDI+ .NET Framework Remote Code Execution Vulnerability
9. Microsoft GDI+ PNG File Processing Remote Code Execution Vulnerability
10. Microsoft GDI+ PNG File Integer Overflow Remote Code Execution Vulnerability
11. Microsoft GDI+ WMF File Processing Remote Code Execution Vulnerability
12. nginx 'ngx_http_process_request_headers()' Remote Buffer Overflow Vulnerability
13. Linux Kernel eCryptfs Lower Dentry Null Pointer Dereference Local Denial of Service Vulnerability
14. TFTgallery 'album' Parameter Cross Site Scripting Vulnerability
15. GD Graphics Library '_gdGetColors' Remote Buffer Overflow Vulnerability
16. Linux Kernel KVM 'kvm_dev_ioctl_get_supported_cpuid()' Integer Overflow Vulnerability
17. phpMyAdmin SQL Injection and Cross Site Scripting Vulnerabilities
18. Basic Analysis and Security Engine Multiple Input Validation Vulnerabilities
19. python-markdown2 Multiple Security Vulnerabilities
20. eCryptfs 'parse_tag_3_packet()' Packet Heap Based Buffer Overflow Vulnerability
21. PostgreSQL Multiple Security Vulnerabilities
22. FreeType Multiple Integer Overflow Vulnerabilities
23. Poppler 'create_surface_from_thumbnail_data()' Integer Overflow Memory Corruption Vulnerability
24. BackupPC 'ClientNameAlias()' Security Bypass Vulnerability
25. Samba Format String And Security Bypass Vulnerabilities
26. Samba Misconfigured '/etc/passwd' File Security Bypass Vulnerability
27. ProFTPD mod_tls Module NULL Character CA SSL Certificate Validation Security Bypass Vulnerability
28. IETF and W3C XML Digital Signature Specification HMAC Truncation Authentication Bypass Vulnerability
29. Apache APR-util 'apr_brigade_vprintf' Off By One Vulnerability
30. Apache APR-util 'apr_strmatch_precompile()' Integer Underflow Vulnerability
31. Mambo Cache_Lite Class 'mosConfig_absolute_path' Remote File Include Vulnerability
32. Apache APR-util 'xml/apr_xml.c' Denial of Service Vulnerability
33. Adobe Reader and Acrobat XMP-XML Entity Expansion Denial of Service Vulnerability
34. Sun Solaris 'xscreensaver(1)' From JDS Local Information Disclosure Vulnerability
35. IBM Runtimes for Java Technology 'XML4J' Component Unspecified Vulnerability
36. Linux Kernel Subsystem Connector Missing Capablilty Check Security Bypass Vulnerabilities
37. Oracle WebLogic Server Administration Console HTML Injection Vulnerability
38. Open Handset Alliance Android SMS Remote Denial Of Service Vulnerability
39. Multiple Intel Desktop Board Models Bitmap Processing Buffer Overflow Vulnerability
40. Avast! Antivirus 'aavmKer4.sys' Driver Local Privilege Escalation Vulnerability
41. TYPO3 Apache Solr Search Extension Unspecified Cross Site Scripting Vulnerability
42. TYPO3 Flagbit Filebase Extension Unspecified SQL Injection Vulnerability
43. Multiple BSD Distributions 'printf(3)' Memory Corruption Vulnerability
44. KDE Multiple Input Validation Vulnerabilities
45. 'com_jumi' Component for Joomla! Backdoor Vulnerability
46. CubeCart 'admin.php' Authentication Bypass Vulnerability
47. OpenBSD and NetBSD 'printf(1)' Format String Parsing Denial of Service Vulnerability
48. Linux Kernel 'udp_sendmsg()' MSG_MORE Flag Local Privilege Escalation Vulnerability
49. Mozilla Firefox Download Manager World Writable File Local Privilege Escalation Vulnerability
50. Mozilla Firefox 'document.getSelect' Cross Domain Information Disclosure Vulnerability
51. Linux Kernel RTL8169 NIC Remote Denial of Service Vulnerability
52. Linux Kernel 'sock_sendpage()' NULL Pointer Dereference Vulnerability
53. Mozilla Firefox CVE-2009-3380 Multiple Remote Memory Corruption Vulnerabilities
54. Microsoft Internet Explorer NULL Byte CA SSL Certificate Validation Security Bypass Vulnerability
55. SUSE Linux 'scsi_discovery tool' Insecure Temporary File Creation Vulnerability
56. Allaire JRun Web Root Directory Disclosure Vulnerability
57. Internet Explorer X.509 Certificate Common Name Encoding Multiple Security Bypass Vulnerabilities
58. Mozilla Firefox and SeaMonkey Download Filename Spoofing Vulnerability
59. Mozilla Firefox Floating Point Conversion Heap Overflow Vulnerability
60. Multiple Panda Products Insecure Program File Permissions Local Privilege Escalation Vulnerability
61. Microsoft Windows Media Player ScriptCommand Multiple Information Disclosure Vulnerabilities
62. Oracle Network Authentication CVE-2009-1979 Security Vulnerability
63. Microsoft Windows Media Player ASF File Processing Remote Code Execution Vulnerability
64. Microsoft .NET Framework Type Verification Remote Code Execution Vulnerability
65. Sun Java SE Advance Notification of Multiple Security Vulnerabilities
66. Joomla! 'com_photoblog' Component 'category' Parameter SQL Injection Vulnerability
67. Novell eDirectory '/dhost/modules?L:' Buffer Overflow Vulnerability
68. SEIL/X Series and SEIL/B1 Buffer Overflow and Denial of Service Vulnerabilities
69. Multiple Symantec Altiris Products ActiveX Control Buffer Overflow Vulnerability
70. Serv-U Web Client HTTP Request Remote Buffer Overflow Vulnerability
71. HTML-Parser Invalid HTML Entity Remote Denial of Service Vulnerability
72. Jetty Cross Site Scripting and Information Disclosure Vulnerabilities
73. Multiple 2Wire DSL Routers 'xslt' HTTP Request Denial of Service Vulnerability
74. Multiple Vendor Hummingbird STR Service Buffer Overflow Vulnerability
75. F-Secure Products PDF Files Scan Evasion Vulnerability
76. Pidgin OSCAR Plugin Invalid Memory Access Denial Of Service Vulnerability
77. Cherokee Directory Traversal Vulnerability
78. Pidgin Libpurple Multiple Denial of Service Vulnerabilities
79. OpenBSD 'getsockopt(2)' NULL Pointer Dereference Remote Denial of Service Vulnerability
80. Pegasus Mail POP3 Response Remote Buffer Overflow Vulnerability
81. Xpdf Multiple Integer Overflow Vulnerabilities
82. PunBB 'pun_attachment' extension SQL Injection Vulnerability
83. Opera Web Browser prior to 10.01 Multiple Security Vulnerabilities
84. Mozilla Firefox and SeaMonkey 'libpr0n' GIF Parser Heap Based Buffer Overflow Vulnerability
85. Mozilla Firefox XPCOM Utility Chrome Privilege Escalation Vulnerability
86. Mozilla Firefox CVE-2009-3382 Remote Memory Corruption Vulnerability
87. Mozilla Firefox and SeaMonkey Proxy Auto-Configuration File Remote Code Execution Vulnerability
88. Mozilla Firefox Form History Information Disclosure Vulnerability
89. Drupal Storm Module 'storminvoiceitem' Security Bypass Vulnerability
90. Drupal Workflow Module Multiple HTML Injection Vulnerabilities
91. Drupal FAQ Ask Module URI Redirection and Cross Site Scripting Vulnerabilities
92. Drupal CCK Comment Reference Module Node Title Security Bypass Vulnerability
93. Drupal OpenSocial Shindig-Integrator Module HTML Injection Vulnerability
94. Microsoft Internet Explorer 'writing-mode' Uninitialized Memory Remote Code Execution Vulnerability
95. Mozilla Firefox CVE-2009-3378 Remote Memory Corruption Vulnerability
96. Mozilla Firefox CVE-2009-3377 Remote Memory Corruption Vulnerability
97. Mozilla Firefox CVE-2009-3381 Multiple Remote Memory Corruption Vulnerabilities
98. Mozilla Firefox CVE-2009-3383 Multiple Remote Memory Corruption Vulnerabilities
99. Mozilla Firefox CVE-2009-3379 Multiple Remote Memory Corruption Vulnerabilities
100. RETIRED: Mozilla Firefox and SeaMonkey MFSA 2009-52 through -64 Multiple Vulnerabilities
III. SECURITYFOCUS NEWS
1. Popular apps need better patching, says report
2. Hacker charged with Heartland, other breaches
3. Web attacks hit U.S., South Korean sites
4. FTC persuades court to shutter rogue ISP
IV. SECURITY JOBS LIST SUMMARY
V. INCIDENTS LIST SUMMARY
VI. VULN-DEV RESEARCH LIST SUMMARY
VII. MICROSOFT FOCUS LIST SUMMARY
VIII. SUN FOCUS LIST SUMMARY
IX. LINUX FOCUS LIST SUMMARY
1. Smart-Card Open Test Toolkit
X. UNSUBSCRIBE INSTRUCTIONS
XI. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1. Time to Squish SQL Injection
by Gunter Ollmann
Heartland Payment Systems and Hannaford Bros. both fell prey to botnets wielding SQL injection flaws. Corporate IT managers need to place a priority on fixing Web site vulnerabilities, argues Gunter Ollmann, vice president of research for Damballa.
http://www.securityfocus.com/columnists/505

2. Lazy Workers May Be Deemed Hackers
By Mark Rasch
From his office job at the Shelby City (Ohio) Wastewater Treatment plant, he was browsing adult Web sites, including one called Adult Friend Finder to meet women. When some of the women asked Wolf for nude pictures, he bought a digital camera, took pictures, and e-mailed them using his work computer.
http://www.securityfocus.com/columnists/504

II. BUGTRAQ SUMMARY
--------------------
1. Mahara Admin Password Reset Security Bypass Vulnerability
BugTraq ID: 36893
Remote: Yes
Last Updated: 2009-11-30
Relevant URL: http://www.securityfocus.com/bid/36893
Summary:
Mahara is prone to a security-bypass vulnerability because it fails to adequately restrict access to the password-reset feature.

An attacker can exploit this issue to reset the administrator password of the application.

Mahara versions prior to 1.0.13 and 1.1.7 are affected.

2. Mahara Resume Blocktype Cross Site Scripting Vulnerability
BugTraq ID: 36892
Remote: Yes
Last Updated: 2009-11-02
Relevant URL: http://www.securityfocus.com/bid/36892
Summary:
Mahara is prone to a cross-site scripting vulnerability because the application fails to sufficiently sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.

This issue affects versions prior to Mahara 1.0.13 and 1.1.7.

3. Mozilla Firefox JavaScript Web-Workers Remote Code Execution Vulnerability
BugTraq ID: 36854
Remote: Yes
Last Updated: 2009-10-28
Relevant URL: http://www.securityfocus.com/bid/36854
Summary:
Mozilla Firefox is prone to a remote code-execution vulnerability.

Successful exploits may allow an attacker to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will result in a denial-of-service condition.

NOTE: This issue was previously covered in BID 36843 (Mozilla Firefox and SeaMonkey MFSA 2009-52 through -64 Multiple Vulnerabilities), but has been assigned its own record to better document it.

4. Drupal Insert Node Module HTML Injection Vulnerability
BugTraq ID: 36861
Remote: Yes
Last Updated: 2009-10-28
Relevant URL: http://www.securityfocus.com/bid/36861
Summary:
The Insert Node module for Drupal is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content.

Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.

5. Drupal LDAP Integration Cross Site Scripting and Authentication Bypass Vulnerabilities
BugTraq ID: 36860
Remote: Yes
Last Updated: 2009-10-28
Relevant URL: http://www.securityfocus.com/bid/36860
Summary:
Drupal LDAP Integration is prone to a cross-site scripting vulnerability and multiple authentication-bypass vulnerabilities.

Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, execute arbitrary code, and gain unauthorized access to the affected application.

6. Microsoft GDI+ TIFF File Processing 'BitsPerSample' Tag Remote Code Execution Vulnerability
BugTraq ID: 36646
Remote: Yes
Last Updated: 2009-10-28
Relevant URL: http://www.securityfocus.com/bid/36646
Summary:
Microsoft GDI+ is prone to a remote code-execution vulnerability because the vector graphics link library improperly processes TIFF image files.

An attacker could exploit this issue to execute arbitrary code with the privileges of the currently logged-in user. Failed exploit attempts may crash applications that use the library.

7. Microsoft GDI+ CCITT G4 TIFF File Processing Memory Corruption Remote Code Execution Vulnerability
BugTraq ID: 36647
Remote: Yes
Last Updated: 2009-10-28
Relevant URL: http://www.securityfocus.com/bid/36647
Summary:
Microsoft GDI+ is prone to a remote code-execution vulnerability because the vector graphics link library improperly processes TIFF image files. This issue occurs when CCITT G4 compressed TIFF images are decompressed.

An attacker could exploit this issue to execute arbitrary code with the privileges of the currently logged-in user. Failed exploit attempts may crash applications that use the library.

8. Microsoft GDI+ .NET Framework Remote Code Execution Vulnerability
BugTraq ID: 36648
Remote: Yes
Last Updated: 2009-10-28
Relevant URL: http://www.securityfocus.com/bid/36648
Summary:
Microsoft GDI+ is prone to a remote code-execution vulnerability because the vector graphics link library within the .NET framework fails to properly handle certain API calls.

Successful exploits can allow an attacker to execute arbitrary code with the privileges of the currently logged-in user. Failed attacks will cause denial-of-service conditions.

In a web hosting environment, the attacker can leverage this issue to break out of the Code Access Security (CAS) sandbox to perform unauthorized actions on the underlying host.

9. Microsoft GDI+ PNG File Processing Remote Code Execution Vulnerability
BugTraq ID: 36645
Remote: Yes
Last Updated: 2009-10-28
Relevant URL: http://www.securityfocus.com/bid/36645
Summary:
Microsoft GDI+ is prone to a remote code-execution vulnerability because the vector graphics link library improperly processes PNG image files.

An attacker could exploit this issue to execute arbitrary code with the privileges of the currently logged-in user. Failed exploit attempts may crash applications that use the library.

10. Microsoft GDI+ PNG File Integer Overflow Remote Code Execution Vulnerability
BugTraq ID: 36649
Remote: Yes
Last Updated: 2009-10-28
Relevant URL: http://www.securityfocus.com/bid/36649
Summary:
Microsoft GDI+ is prone to a remote code-execution vulnerability because the vector graphics link library improperly processes PNG image files.

An attacker could exploit this issue to execute arbitrary code with the privileges of the currently logged-in user. Failed exploit attempts may crash applications that use the library.

11. Microsoft GDI+ WMF File Processing Remote Code Execution Vulnerability
BugTraq ID: 36619
Remote: Yes
Last Updated: 2009-10-28
Relevant URL: http://www.securityfocus.com/bid/36619
Summary:
Microsoft GDI+ is prone to a remote code-execution vulnerability because the vector graphics link library improperly processes WMF image files.

An attacker could exploit this issue to execute arbitrary code with the privileges of the currently logged-in user. Failed exploit attempts may crash applications that use the library.

12. nginx 'ngx_http_process_request_headers()' Remote Buffer Overflow Vulnerability
BugTraq ID: 36839
Remote: Yes
Last Updated: 2009-10-28
Relevant URL: http://www.securityfocus.com/bid/36839
Summary:
The 'nginx' program is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data.

Attackers can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.

13. Linux Kernel eCryptfs Lower Dentry Null Pointer Dereference Local Denial of Service Vulnerability
BugTraq ID: 36639
Remote: No
Last Updated: 2009-10-28
Relevant URL: http://www.securityfocus.com/bid/36639
Summary:
The Linux kernel is prone to a local denial-of-service vulnerability in the 'eCryptfs' component.

Attackers can exploit this issue to corrupt memory, resulting in a denial-of-service condition. Given the nature of this issue, attackers may also be able to run arbitrary code, but this has not been confirmed.

Versions prior to Linux kernel 2.6.31.2 are vulnerable.

14. TFTgallery 'album' Parameter Cross Site Scripting Vulnerability
BugTraq ID: 36833
Remote: Yes
Last Updated: 2009-10-28
Relevant URL: http://www.securityfocus.com/bid/36833
Summary:
TFTgallery is prone to a cross-site scripting vulnerability because the application fails to sufficiently sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.

This issue affects TFTgallery 0.13; other versions may be vulnerable as well.

15. GD Graphics Library '_gdGetColors' Remote Buffer Overflow Vulnerability
BugTraq ID: 36712
Remote: Yes
Last Updated: 2009-10-28
Relevant URL: http://www.securityfocus.com/bid/36712
Summary:
GD Graphics is prone to a remote buffer-overflow vulnerability because the software fails to perform adequate boundary checks on user-supplied data.

An attacker can exploit this issue to execute arbitrary code with the privileges of the user running an application that relies on the affected library. Failed exploit attempts will result in a denial-of-service condition.

16. Linux Kernel KVM 'kvm_dev_ioctl_get_supported_cpuid()' Integer Overflow Vulnerability
BugTraq ID: 36803
Remote: No
Last Updated: 2009-10-28
Relevant URL: http://www.securityfocus.com/bid/36803
Summary:
The Linux kernel is prone to an integer-overflow vulnerability that affects the Kernel-based Virtual Machine (KVM).

Attackers can exploit this issue to execute arbitrary code with superuser privileges. Successful exploits will completely compromise affected computers.

Versions prior to Linux kernel 2.6.32-rc4 are vulnerable.

17. phpMyAdmin SQL Injection and Cross Site Scripting Vulnerabilities
BugTraq ID: 36658
Remote: Yes
Last Updated: 2009-10-28
Relevant URL: http://www.securityfocus.com/bid/36658
Summary:
phpMyAdmin is prone to an SQL-injection issue and a cross-site scripting issue because it fails to sufficiently sanitize user-supplied data.

Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Versions prior to phpMyAdmin 2.11.9.6 and 3.2.2.1 are affected.

18. Basic Analysis and Security Engine Multiple Input Validation Vulnerabilities
BugTraq ID: 36830
Remote: Yes
Last Updated: 2009-10-28
Relevant URL: http://www.securityfocus.com/bid/36830
Summary:
Basic Analysis and Security Engine (BASE) is prone to multiple input-validation vulnerabilities because it fails to adequately sanitize user-supplied input. These vulnerabilities include an SQL-injection issue, a cross-site scripting issue, and a local file-include issue.

Exploiting these issues can allow an attacker to steal cookie-based authentication credentials, view and execute local files within the context of the webserver, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. Other attacks may also be possible.

These issues affect versions prior to BASE 1.4.4.

19. python-markdown2 Multiple Security Vulnerabilities
BugTraq ID: 36829
Remote: Yes
Last Updated: 2009-10-28
Relevant URL: http://www.securityfocus.com/bid/36829
Summary:
The 'python-markdown2' module is prone to two vulnerabilities because it fails to sufficiently sanitize user-supplied input:

1. A cross-site scripting issue may allow an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.

2. The impact of the second issue is unknown.

These issues affects python-markdown2 1.0.1.14 and earlier.

20. eCryptfs 'parse_tag_3_packet()' Packet Heap Based Buffer Overflow Vulnerability
BugTraq ID: 35850
Remote: Yes
Last Updated: 2009-10-28
Relevant URL: http://www.securityfocus.com/bid/35850
Summary:
eCryptfs is prone to a heap-based buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data.

An attacker can exploit this issue to execute arbitrary code with kernel-level privileges, resulting in the complete compromise of affected computers. Failed exploit attempts will result in a denial-of-service condition.

21. PostgreSQL Multiple Security Vulnerabilities
BugTraq ID: 36314
Remote: Yes
Last Updated: 2009-10-28
Relevant URL: http://www.securityfocus.com/bid/36314
Summary:
PostgreSQL is prone to multiple security vulnerabilities, including a denial-of-service issue, a privilege-escalation issue, and an authentication-bypass issue.

Attackers can exploit these issues to shut down affected servers, perform certain actions with elevated privileges, and bypass authentication mechanisms to perform unauthorized actions. Other attacks may also be possible.

22. FreeType Multiple Integer Overflow Vulnerabilities
BugTraq ID: 34550
Remote: Yes
Last Updated: 2009-10-28
Relevant URL: http://www.securityfocus.com/bid/34550
Summary:
FreeType is prone to multiple integer-overflow vulnerabilities because it fails to properly validate user-supplied input.

Successful exploits may allow attackers to execute arbitrary code in the context of applications that use the affected library. Failed exploit attempts will likely result in denial-of-service conditions.

These issues affect FreeType 2.3.9; other versions may also be affected.

23. Poppler 'create_surface_from_thumbnail_data()' Integer Overflow Memory Corruption Vulnerability
BugTraq ID: 36718
Remote: Yes
Last Updated: 2009-10-28
Relevant URL: http://www.securityfocus.com/bid/36718
Summary:
Poppler is prone to a memory-corruption vulnerability.

Successfully exploiting this issue may allow attackers to execute arbitrary code within the context of affected applications. Failed exploit attempts will result in a denial-of-service condition.

24. BackupPC 'ClientNameAlias()' Security Bypass Vulnerability
BugTraq ID: 36575
Remote: Yes
Last Updated: 2009-10-28
Relevant URL: http://www.securityfocus.com/bid/36575
Summary:
BackupPC is prone to a security-bypass vulnerability because it allows authenticated attackers to mimic other systems in a multiuser configuration.

Attackers may exploit the issue to back up (and restore) sensitive files, which can lead to a complete compromise of an affected computer.

BackupPC 3.1.0 is vulnerable; other versions may also be affected.

25. Samba Format String And Security Bypass Vulnerabilities
BugTraq ID: 35472
Remote: Yes
Last Updated: 2009-10-28
Relevant URL: http://www.securityfocus.com/bid/35472
Summary:
Samba is prone to multiple vulnerabilities.

Attackers can leverage these issues to execute arbitrary code within the context of the vulnerable application or to bypass certain security restrictions.

Samba 3.0.31 through 3.3.5 are affected.

26. Samba Misconfigured '/etc/passwd' File Security Bypass Vulnerability
BugTraq ID: 36363
Remote: Yes
Last Updated: 2009-10-28
Relevant URL: http://www.securityfocus.com/bid/36363
Summary:
Samba is prone to a vulnerability that may allow attackers to bypass certain security restrictions.

Successful exploits may allow attackers to gain access to resources that aren't supposed to be shared.

Versions prior to Samba 3.4.2, 3.3.8, 3.2.15, and 3.0.37 are vulnerable.

NOTE: This issue was previously covered in BID 36349 (Apple Mac OS X 2009-005 Multiple Security Vulnerabilities), but has been assigned its own record to better document it.

27. ProFTPD mod_tls Module NULL Character CA SSL Certificate Validation Security Bypass Vulnerability
BugTraq ID: 36804
Remote: Yes
Last Updated: 2009-11-02
Relevant URL: http://www.securityfocus.com/bid/36804
Summary:
ProFTPD is prone to a security-bypass vulnerability because the application fails to properly validate the domain name in a signed CA certificate, allowing attackers to substitute malicious SSL certificates for trusted ones.

Successful exploits allow attackers to perform man-in-the-middle attacks or impersonate trusted servers, which will aid in further attacks.

Versions prior to ProFTPD 1.3.2b are vulnerable.

28. IETF and W3C XML Digital Signature Specification HMAC Truncation Authentication Bypass Vulnerability
BugTraq ID: 35671
Remote: Yes
Last Updated: 2009-11-02
Relevant URL: http://www.securityfocus.com/bid/35671
Summary:
The IETF and W3C XML Digital Signature Specification is prone to an authentication-bypass vulnerability.

Attackers may exploit this issue to forge signatures to arbitrary XML data. This may lead to further attacks.

Note that the specification doesn't require implementations to accept all truncation length values. As a result, not all implementations of the XML Digital Signature Specification will be affected by this issue.

29. Apache APR-util 'apr_brigade_vprintf' Off By One Vulnerability
BugTraq ID: 35251
Remote: Yes
Last Updated: 2009-11-02
Relevant URL: http://www.securityfocus.com/bid/35251
Summary:
Apache 'APR-util' is prone to an off-by-one vulnerability that may allow attackers to obtain sensitive information or trigger a denial-of-service condition.

Given the nature of this issue, attackers may also be able to execute arbitrary code in the context of an application that uses the affected library, but this has not been confirmed.

Versions prior to 'APR-util' 1.3.5 on big-endian platforms are vulnerable.

30. Apache APR-util 'apr_strmatch_precompile()' Integer Underflow Vulnerability
BugTraq ID: 35221
Remote: Yes
Last Updated: 2009-11-02
Relevant URL: http://www.securityfocus.com/bid/35221
Summary:
Apache 'APR-util' is prone to an integer-underflow vulnerability.

Attackers can exploit this issue to execute arbitrary code in the context of an affected application. Successful exploits will compromise the affected application and possibly the computer. Failed attacks will cause denial-of-service conditions.

Versions prior to 'APR-util' 1.3.5 are vulnerable.

31. Mambo Cache_Lite Class 'mosConfig_absolute_path' Remote File Include Vulnerability
BugTraq ID: 29716
Remote: Yes
Last Updated: 2009-11-02
Relevant URL: http://www.securityfocus.com/bid/29716
Summary:
The Cache_Lite class for Mambo is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied input.

Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible.

Cache_Lite 1.1 from Mambo 4.6.4 is vulnerable; other versions may also be affected.

32. Apache APR-util 'xml/apr_xml.c' Denial of Service Vulnerability
BugTraq ID: 35253
Remote: Yes
Last Updated: 2009-11-02
Relevant URL: http://www.securityfocus.com/bid/35253
Summary:
Apache 'APR-util' is prone to a vulnerability that may allow attackers to cause an affected application to consume memory, resulting in a denial-of-service condition.

Versions prior to 'APR-util' 1.3.7 are vulnerable.

33. Adobe Reader and Acrobat XMP-XML Entity Expansion Denial of Service Vulnerability
BugTraq ID: 36686
Remote: Yes
Last Updated: 2009-11-02
Relevant URL: http://www.securityfocus.com/bid/36686
Summary:
Adobe Reader and Acrobat are prone to a denial-of-service vulnerability.

Successfully exploiting this issue may allow attackers to crash the affected applications, denying service to legitimate users.

This issue affects versions *prior to* Reader and Acrobat 8.1.7, and 9.2.

This issue was previously covered in BID 36638 (Adobe Reader and Acrobat October 2009 Multiple Remote Vulnerabilities), but has been given its own record to better document it.

34. Sun Solaris 'xscreensaver(1)' From JDS Local Information Disclosure Vulnerability
BugTraq ID: 36891
Remote: No
Last Updated: 2009-11-02
Relevant URL: http://www.securityfocus.com/bid/36891
Summary:
Solaris 'xscreensaver(1)' is prone to a local information-disclosure vulnerability that occurs in Solaris Trusted Extensions.

A local attacker can exploit this issue to obtain sensitive information that may lead to further attacks.

35. IBM Runtimes for Java Technology 'XML4J' Component Unspecified Vulnerability
BugTraq ID: 36894
Remote: Yes
Last Updated: 2009-11-02
Relevant URL: http://www.securityfocus.com/bid/36894
Summary:
IBM Runtimes for Java Technology is prone to an unspecified security vulnerability.

Currently, very little is known about this issue. We will update this BID as more information emerges.

The issue affects IBM Runtimes for Java Technology 5.0.

36. Linux Kernel Subsystem Connector Missing Capablilty Check Security Bypass Vulnerabilities
BugTraq ID: 36834
Remote: No
Last Updated: 2009-11-02
Relevant URL: http://www.securityfocus.com/bid/36834
Summary:
The Linux kernel is prone to multiple security-bypass vulnerabilities because of missing capability checks in several subsystem connectors.

Local attackers can exploit these issue to bypass certain security restrictions and perform unauthorized actions such as changing certain configurations. Successful exploits may lead to other attacks.

37. Oracle WebLogic Server Administration Console HTML Injection Vulnerability
BugTraq ID: 36766
Remote: Yes
Last Updated: 2009-11-02
Relevant URL: http://www.securityfocus.com/bid/36766
Summary:
Oracle WebLogic Server is prone to an HTML Injection Vulnerability. This issue occurs in the Web Administration Console.

The vulnerability can be exploited over the 'HTTP' protocol. For an exploit to succeed, the attacker must have 'WLS Console' privileges.

Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser,
potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.

This vulnerability affects the following supported versions:

9.0
9.1
9.2.3
10.0.1
10.3

38. Open Handset Alliance Android SMS Remote Denial Of Service Vulnerability
BugTraq ID: 35886
Remote: Yes
Last Updated: 2009-11-02
Relevant URL: http://www.securityfocus.com/bid/35886
Summary:
Open Handset Alliance Android is prone to a denial-of-service vulnerability.

Attackers can exploit this issue to disconnect devices from the network. Repeated attacks may result in a prolonged denial-of-service condition.

39. Multiple Intel Desktop Board Models Bitmap Processing Buffer Overflow Vulnerability
BugTraq ID: 36886
Remote: No
Last Updated: 2009-11-02
Relevant URL: http://www.securityfocus.com/bid/36886
Summary:
Multiple Intel Desktop Board models are prone to a buffer-overflow vulnerability because they fail to properly bounds-check user-supplied data.

Successfully exploiting this issue will allow local attackers to run arbitrary code with elevated privileges or trigger a denial-of-service condition.

The following models are affected:

DQ35JO
DQ35MP
DQ45CB
DQ45EK

40. Avast! Antivirus 'aavmKer4.sys' Driver Local Privilege Escalation Vulnerability
BugTraq ID: 36888
Remote: No
Last Updated: 2009-11-02
Relevant URL: http://www.securityfocus.com/bid/36888
Summary:
Avast! Antivirus is prone to a local privilege-escalation vulnerability.

Local attackers can exploit this issue to execute arbitrary code with superuser privileges and completely compromise the affected computer. Failed exploit attempts will result in a denial-of-service condition.

Versions prior to Avast! Antivirus 4.8.1356 are vulnerable.

41. TYPO3 Apache Solr Search Extension Unspecified Cross Site Scripting Vulnerability
BugTraq ID: 36889
Remote: Yes
Last Updated: 2009-11-02
Relevant URL: http://www.securityfocus.com/bid/36889
Summary:
TYPO3 Apache Solr Search ('solr') extension is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.

Versions prior to Apache Solr Search 1.0.1 are vulnerable.

42. TYPO3 Flagbit Filebase Extension Unspecified SQL Injection Vulnerability
BugTraq ID: 36890
Remote: Yes
Last Updated: 2009-11-02
Relevant URL: http://www.securityfocus.com/bid/36890
Summary:
TYPO3 Flagbit Filebase ('fb_filebase') is prone to an unspecified SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Flagbit Filebase 0.1.0 is vulnerable; other versions may also be affected.

43. Multiple BSD Distributions 'printf(3)' Memory Corruption Vulnerability
BugTraq ID: 36885
Remote: No
Last Updated: 2009-11-02
Relevant URL: http://www.securityfocus.com/bid/36885
Summary:
Multiple BSD distributions are prone to a memory-corruption vulnerability because the software fails to properly bounds-check data used as an array index.

An attacker can exploit this issue to cause applications to crash with a segmentation fault, denying service to legitimate users. Given the nature of this issue, the attacker may also be able to run arbitrary code, but this has not been confirmed.

The following are vulnerable:

OpenBSD 4.6
NetBSD 5.0.1

44. KDE Multiple Input Validation Vulnerabilities
BugTraq ID: 36845
Remote: Yes
Last Updated: 2009-11-02
Relevant URL: http://www.securityfocus.com/bid/36845
Summary:
KDE is prone to multiple input-validation vulnerabilities that affect 'Ark', 'IO Slaves', and 'Kmail'.

An attacker can exploit these issues by tricking an unsuspecting victim into opening a malicious file. A successful attack will allow arbitrary attacker-supplied JavaScript to run in the context of the victim running the affected application.

45. 'com_jumi' Component for Joomla! Backdoor Vulnerability
BugTraq ID: 36883
Remote: Yes
Last Updated: 2009-11-02
Relevant URL: http://www.securityfocus.com/bid/36883
Summary:
The 'com_jumi' component for Joomla is prone to a backdoor vulnerability.

Attackers can exploit this issue to execute arbitrary commands in the context of the application. Successful attacks will compromise the affected application and possibly the webserver or computer.

This issue affects 'com_jumi' 2.0.5; other versions may also be affected.

46. CubeCart 'admin.php' Authentication Bypass Vulnerability
BugTraq ID: 36882
Remote: Yes
Last Updated: 2009-11-02
Relevant URL: http://www.securityfocus.com/bid/36882
Summary:
CubeCart is prone to an authentication-bypass vulnerability because it fails to adequately verify user-supplied input used for authentication.

Attackers can exploit this vulnerability to gain administrative access, which may aid in further attacks.

Versions prior to CubeCart 4.3.5 are vulnerable.

47. OpenBSD and NetBSD 'printf(1)' Format String Parsing Denial of Service Vulnerability
BugTraq ID: 36884
Remote: No
Last Updated: 2009-11-02
Relevant URL: http://www.securityfocus.com/bid/36884
Summary:
OpenBSD and NetBSD are prone to a denial-of-service vulnerability because they fail to properly parse format strings to the 'printf(1)' function.

An attacker can exploit this issue to cause applications using the vulnerable call to crash with a segmentation fault, denying service to legitimate users.

The following are reported vulnerable:

OpenBSD 4.6
NetBSD 5.0.1

48. Linux Kernel 'udp_sendmsg()' MSG_MORE Flag Local Privilege Escalation Vulnerability
BugTraq ID: 36108
Remote: No
Last Updated: 2009-11-02
Relevant URL: http://www.securityfocus.com/bid/36108
Summary:
The Linux kernel is prone to a local privilege-escalation vulnerability.

A local attacker can exploit this issue to execute arbitrary code with superuser privileges, resulting in a complete compromise of the affected computer. Failed exploit attempts may cause denial-of-service conditions.

Versions prior to the Linux Kernel 2.6.19 are vulnerable.

49. Mozilla Firefox Download Manager World Writable File Local Privilege Escalation Vulnerability
BugTraq ID: 36852
Remote: No
Last Updated: 2009-11-02
Relevant URL: http://www.securityfocus.com/bid/36852
Summary:
Mozilla Firefox is prone to a local privilege-escalation vulnerability.

A local attacker can exploit this issue to execute arbitrary code with elevated privileges. Successful exploits will compromise the affected application and possibly the computer.

NOTE: This issue was previously covered in BID 36843 (Mozilla Firefox and SeaMonkey MFSA 2009-52 through -64 Multiple Vulnerabilities), but has been assigned its own record to better document it.

50. Mozilla Firefox 'document.getSelect' Cross Domain Information Disclosure Vulnerability
BugTraq ID: 36858
Remote: Yes
Last Updated: 2009-11-02
Relevant URL: http://www.securityfocus.com/bid/36858
Summary:
Mozilla Firefox is prone to a cross-domain information-disclosure vulnerability because the application fails to properly enforce the same-origin policy.

An attacker can exploit this issue to access local files or content from a browser window in another domain or security zone. This may allow the attacker to obtain sensitive information that may aid in further attacks.

NOTE: This issue was previously covered in BID 36843 (Mozilla Firefox and SeaMonkey MFSA 2009-52 through -64 Multiple Vulnerabilities), but has been assigned its own record to better document it.

51. Linux Kernel RTL8169 NIC Remote Denial of Service Vulnerability
BugTraq ID: 35281
Remote: Yes
Last Updated: 2009-11-02
Relevant URL: http://www.securityfocus.com/bid/35281
Summary:
The Linux Kernel is prone to a remote denial-of-service vulnerability.

An attacker can exploit this issue to crash the system, denying service to legitimate users.
Given the nature of this issue, the attacker may also be able to run arbitrary code, but this has not been confirmed.

Versions prior to Linux Kernel 2.6.30 are vulnerable.

52. Linux Kernel 'sock_sendpage()' NULL Pointer Dereference Vulnerability
BugTraq ID: 36038
Remote: No
Last Updated: 2009-11-02
Relevant URL: http://www.securityfocus.com/bid/36038
Summary:
The Linux kernel is prone to a local NULL-pointer dereference vulnerability.

A local attacker can exploit this issue to execute arbitrary code with superuser privileges or crash an affected kernel, denying service to legitimate users.

Versions prior to the Linux kernel 2.4.37.5 and 2.6.31-rc6 are vulnerable.

53. Mozilla Firefox CVE-2009-3380 Multiple Remote Memory Corruption Vulnerabilities
BugTraq ID: 36871
Remote: Yes
Last Updated: 2009-11-02
Relevant URL: http://www.securityfocus.com/bid/36871
Summary:
Mozilla Firefox is prone to multiple remote memory-corruption vulnerabilities.

Successful exploits may allow an attacker to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will result in a denial-of-service condition.

NOTE: These issues were previously covered in BID 36843 (Mozilla Firefox and SeaMonkey MFSA 2009-52 through -64 Multiple Vulnerabilities), but have been assigned their own record to better document them.

54. Microsoft Internet Explorer NULL Byte CA SSL Certificate Validation Security Bypass Vulnerability
BugTraq ID: 36475
Remote: Yes
Last Updated: 2009-11-02
Relevant URL: http://www.securityfocus.com/bid/36475
Summary:
Microsoft Internet Explorer is prone to a security-bypass vulnerability because it fails to properly validate the domain name in a signed CA certificate, allowing attackers to substitute malicious SSL certificates for trusted ones.

Successful exploits allow attackers to perform man-in-the-middle attacks or impersonate trusted servers, which will aid in further attacks.

55. SUSE Linux 'scsi_discovery tool' Insecure Temporary File Creation Vulnerability
BugTraq ID: 36887
Remote: No
Last Updated: 2009-11-02
Relevant URL: http://www.securityfocus.com/bid/36887
Summary:
SUSE Linux creates temporary files in an insecure manner.

An attacker with local access could potentially exploit this issue to perform symbolic-link attacks to overwrite arbitrary attacker-specified files.

The following versions are affected:

openSUSE 10.3 through 11.1
SUSE Linux Enterprise (SLE) 10 SP2 and 11

56. Allaire JRun Web Root Directory Disclosure Vulnerability
BugTraq ID: 3592
Remote: Yes
Last Updated: 2009-11-02
Relevant URL: http://www.securityfocus.com/bid/3592
Summary:
Allaire JRun is a web application development suite with JSP and Java Servlets.

Due to the inproper handling of malformed URLs, a vulnerability exists in Allaire JRun which could disclose the contents under the web server root directory.

Submitting a request for 'http://server/%3f.jsp' could cause JRun to reveal the contents within the web root. It is also possible to view the contents of any subdirectories along with ACL protected resources.

This vulnerability could also be used to disclose the source of known files residing on the host, including the source of ASP files.

Originally this vulnerability was reported to work on Microsoft IIS hosts only, however other web servers (Apache, Jetty) have been reported to be affected by this issue.

57. Internet Explorer X.509 Certificate Common Name Encoding Multiple Security Bypass Vulnerabilities
BugTraq ID: 36577
Remote: Yes
Last Updated: 2009-11-02
Relevant URL: http://www.securityfocus.com/bid/36577
Summary:
Microsoft Internet Explorer is a browser available for Microsoft Windows.

Internet Explorer is prone to multiple security-bypass vulnerabilities because it fails to properly handle encoded values in X.509 certificates. Specifically, it fails to properly distinguish integer sequences that are then recognized as CN (common name) elements.

Successful exploits allow attackers to perform man-in-the-middle attacks or impersonate trusted servers, which will aid in further attacks.

58. Mozilla Firefox and SeaMonkey Download Filename Spoofing Vulnerability
BugTraq ID: 36867
Remote: Yes
Last Updated: 2009-11-02
Relevant URL: http://www.securityfocus.com/bid/36867
Summary:
Mozilla Firefox and SeaMonkey are prone to a spoofing vulnerability.

Attackers can exploit this issue to spoof the filenames displayed in the download dialog box and trick a user into downloading executable files.

NOTE: This issue was previously covered in BID 36843 (Mozilla Firefox and SeaMonkey MFSA 2009-52 through -64 Multiple Vulnerabilities), but has been assigned its own record to better document it.

59. Mozilla Firefox Floating Point Conversion Heap Overflow Vulnerability
BugTraq ID: 36851
Remote: Yes
Last Updated: 2009-11-02
Relevant URL: http://www.securityfocus.com/bid/36851
Summary:
Mozilla Firefox is prone to a heap-based buffer-overflow vulnerability.

An attacker can exploit this issue by tricking a victim into visiting a malicious webpage to execute arbitrary code and to cause denial-of-service conditions.

NOTE: This issue was previously covered in BID 36843 (Mozilla Firefox and SeaMonkey MFSA 2009-52 through -64 Multiple Vulnerabilities), but has been assigned its own record to better document it.

60. Multiple Panda Products Insecure Program File Permissions Local Privilege Escalation Vulnerability
BugTraq ID: 36897
Remote: No
Last Updated: 2009-11-02
Relevant URL: http://www.securityfocus.com/bid/36897
Summary:
Multiple Panda Security products are prone to a local privilege-escalation vulnerability.

A local attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges, resulting in a complete compromise of the affected computer.

The following products are affected:

Panda Global Protection 2010
Panda Internet Security 2010

Note: This issue appears to be related to the vulnerability described by BID 19891 (Panda Platinum Internet Security 2006/2007 Local Privilege Escalation Vulnerability).

61. Microsoft Windows Media Player ScriptCommand Multiple Information Disclosure Vulnerabilities
BugTraq ID: 35335
Remote: Yes
Last Updated: 2009-11-02
Relevant URL: http://www.securityfocus.com/bid/35335
Summary:
Microsoft Windows Media Player is prone to multiple information-disclosure vulnerabilities because it fails to properly restrict access to certain functionality when handling media files.

An attacker can exploit these vulnerabilities to obtain information that may aid in further attacks.

62. Oracle Network Authentication CVE-2009-1979 Security Vulnerability
BugTraq ID: 36747
Remote: Yes
Last Updated: 2009-11-02
Relevant URL: http://www.securityfocus.com/bid/36747
Summary:
Oracle Network Authentication is prone to a remote security vulnerability.

The vulnerability can be exploited over the 'Oracle Net' protocol. An attacker doesn't need specific privileges to exploit this vulnerability.

Oracle Database 10g versions 10.1.0.5 and 10.2.0.4.

63. Microsoft Windows Media Player ASF File Processing Remote Code Execution Vulnerability
BugTraq ID: 36644
Remote: Yes
Last Updated: 2009-11-02
Relevant URL: http://www.securityfocus.com/bid/36644
Summary:
Microsoft Windows Media Player is prone to a remote code-execution vulnerability when handling specially crafted Advanced Systems Format (ASF) files.

An attacker can exploit this issue by enticing an unsuspecting user into opening a malicious file with the vulnerable application. A successful exploit will allow arbitrary code to run in the context of the currently logged-in user.

64. Microsoft .NET Framework Type Verification Remote Code Execution Vulnerability
BugTraq ID: 36617
Remote: Yes
Last Updated: 2009-11-02
Relevant URL: http://www.securityfocus.com/bid/36617
Summary:
The .NET Framework is prone to a remote code-execution vulnerability because it fails to properly verify .NET applications before running them.

Successful exploits may allow an attacker to execute arbitrary code with the privileges of the currently logged-in user. Failed attacks will cause denial-of-service conditions.

In a web hosting environment, attacker-supplied code will run with the privileges of the service account associated with the identity of the application pool that the malicious .NET application is running under.

65. Sun Java SE Advance Notification of Multiple Security Vulnerabilities
BugTraq ID: 36881
Remote: Yes
Last Updated: 2009-11-02
Relevant URL: http://www.securityfocus.com/bid/36881
Summary:
Sun has released advance notification that the vendor will be addressing multiple security vulnerabilities in Java SE on November 3, 2009.

These issues will be addressed in the following releases:

JDK and JRE 6 Update 17
JDK and JRE 5.0 Update 22
SDK and JRE 1.4.2_24
SDK and JRE 1.3.1_27

66. Joomla! 'com_photoblog' Component 'category' Parameter SQL Injection Vulnerability
BugTraq ID: 36809
Remote: Yes
Last Updated: 2009-11-02
Relevant URL: http://www.securityfocus.com/bid/36809
Summary:
The 'com_photoblog' component for Joomla! is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

67. Novell eDirectory '/dhost/modules?L:' Buffer Overflow Vulnerability
BugTraq ID: 36815
Remote: Yes
Last Updated: 2009-11-02
Relevant URL: http://www.securityfocus.com/bid/36815
Summary:
Novell eDirectory is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data.

Attackers can exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely cause denial-of-service conditions.

Novell eDirectory 8.8 SP5 is vulnerable; other versions may also be affected.

68. SEIL/X Series and SEIL/B1 Buffer Overflow and Denial of Service Vulnerabilities
BugTraq ID: 36896
Remote: Yes
Last Updated: 2009-11-02
Relevant URL: http://www.securityfocus.com/bid/36896
Summary:
SEIL/X Series and SEIL/B1 are prone to a buffer-overflow vulnerability and a denial-of-service vulnerability.

Successfully exploiting these issues allows remote attackers to execute arbitrary code with administrative privileges or crash the affected device, denying service to legitimate users.

The following devices are affected:

SEIL/X1 2.40 to 2.51
SEIL/X2 2.40 to 2.51
SEIL/B1 2.40 to 2.51

69. Multiple Symantec Altiris Products ActiveX Control Buffer Overflow Vulnerability
BugTraq ID: 36698
Remote: Yes
Last Updated: 2009-11-02
Relevant URL: http://www.securityfocus.com/bid/36698
Summary:
Symantec Altiris Notification Server with Symantec Management Platform and Altiris Deployment Solution are prone to a buffer-overflow vulnerability. This issue occurs because the applications use an ActiveX control provided by 'AeXNSConsoleUtilities.dll' that fails to properly validate user-supplied input.

An attacker can exploit this issue to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed attacks will likely cause denial-of-service conditions.

70. Serv-U Web Client HTTP Request Remote Buffer Overflow Vulnerability
BugTraq ID: 36895
Remote: Yes
Last Updated: 2009-11-01
Relevant URL: http://www.securityfocus.com/bid/36895
Summary:
Serv-U Web Client is prone to a buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data.

Attackers can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.

Serv-U Web Client 9.0.0.5 is vulnerable; other versions may also be affected.

71. HTML-Parser Invalid HTML Entity Remote Denial of Service Vulnerability
BugTraq ID: 36807
Remote: Yes
Last Updated: 2009-10-30
Relevant URL: http://www.securityfocus.com/bid/36807
Summary:
HTML-Parser is prone to a remote denial-of-service vulnerability.

An attacker can exploit this issue to cause an affected application that uses the module to fall into an infinite loop, denying service to legitimate users.

Versions prior to HTML-Parser 3.63 are vulnerable.

72. Jetty Cross Site Scripting and Information Disclosure Vulnerabilities
BugTraq ID: 34800
Remote: Yes
Last Updated: 2009-10-29
Relevant URL: http://www.securityfocus.com/bid/34800
Summary:
Jetty is prone to a cross-site scripting vulnerability and an information-disclosure vulnerability.

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, and obtain sensitive information.

Jetty 6.1.16 and prior versions are affected.

73. Multiple 2Wire DSL Routers 'xslt' HTTP Request Denial of Service Vulnerability
BugTraq ID: 32211
Remote: No
Last Updated: 2009-10-29
Relevant URL: http://www.securityfocus.com/bid/32211
Summary:
Multiple 2Wire DSL routers are prone to a denial-of-service vulnerability because they fail to adequately handle specially crafted HTTP requests.

Successful exploits will cause the DSL connection to be dropped, denying service to legitimate users.

74. Multiple Vendor Hummingbird STR Service Buffer Overflow Vulnerability
BugTraq ID: 36868
Remote: Yes
Last Updated: 2009-10-29
Relevant URL: http://www.securityfocus.com/bid/36868
Summary:
The Hummingbird STR service ('STRsvc.exe') used in products by multiple vendors is prone to a buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it into an insufficiently sized memory buffer.

An attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Failed exploit attempts will result in denial-of-service conditions.

This issue affects the following:

EMC Documentum eRoom (prior to 7.4.2)
Open Text Search Server 6.0 and 6.1.

Other versions may be vulnerable as well.

75. F-Secure Products PDF Files Scan Evasion Vulnerability
BugTraq ID: 36876
Remote: Yes
Last Updated: 2009-10-29
Relevant URL: http://www.securityfocus.com/bid/36876
Summary:
Multiple F-Secure products are prone to a vulnerability that may allow certain files to bypass the scan engine.

Successful exploits will allow attackers to distribute files containing malicious code that the antivirus application on a gateway device will fail to detect.

76. Pidgin OSCAR Plugin Invalid Memory Access Denial Of Service Vulnerability
BugTraq ID: 36719
Remote: Yes
Last Updated: 2009-10-29
Relevant URL: http://www.securityfocus.com/bid/36719
Summary:
Pidgin is prone to a denial-of-service vulnerability because of 'invalid memory access' errors when processing specially crafted messages.

Attackers can exploit this issue to cause denial-of-service conditions. Given the nature of these issues, attackers may also be able to run arbitrary code, but this has not been confirmed.

Versions prior to Pidgin 2.6.3 are vulnerable.

77. Cherokee Directory Traversal Vulnerability
BugTraq ID: 36874
Remote: Yes
Last Updated: 2009-10-29
Relevant URL: http://www.securityfocus.com/bid/36874
Summary:
Cherokee is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input data.

Exploiting the issue may allow an attacker to obtain sensitive information that could aid in further attacks.

Cherokee 0.5.4 and prior versions are vulnerable.

78. Pidgin Libpurple Multiple Denial of Service Vulnerabilities
BugTraq ID: 36277
Remote: Yes
Last Updated: 2009-10-29
Relevant URL: http://www.securityfocus.com/bid/36277
Summary:
Pidgin Libpurple is prone to multiple denial-of-service vulnerabilities.

Successful exploits will crash the application, denying service to legitimate users.

Pidgin Libpurple 2.6.1 and prior versions are affected.

79. OpenBSD 'getsockopt(2)' NULL Pointer Dereference Remote Denial of Service Vulnerability
BugTraq ID: 36859
Remote: Yes
Last Updated: 2009-10-29
Relevant URL: http://www.securityfocus.com/bid/36859
Summary:
OpenBSD is prone to a remote denial-of-service vulnerability because of a NULL-pointer dereference error.

Attackers can exploit this issue to crash the kernel.

This issue affects OpenBSD 4.6 and earlier.

80. Pegasus Mail POP3 Response Remote Buffer Overflow Vulnerability
BugTraq ID: 36797
Remote: Yes
Last Updated: 2009-10-29
Relevant URL: http://www.securityfocus.com/bid/36797
Summary:
Pegasus Mail is prone to a remote buffer-overflow vulnerability because it fails to properly sanitize user-supplied input.

An attacker may exploit this issue to execute arbitrary code in the context of the vulnerable application. Failed exploit attempts will likely result in a denial-of-service condition.

Pegasus Mail 4.51 is vulnerable; other versions may also be affected.

81. Xpdf Multiple Integer Overflow Vulnerabilities
BugTraq ID: 36703
Remote: Yes
Last Updated: 2009-10-29
Relevant URL: http://www.securityfocus.com/bid/36703
Summary:
Xpdf is prone to multiple integer-overflow vulnerabilities.

Exploiting these issues may allow remote attackers to execute arbitrary code in the context of an affected application or cause denial-of-service conditions.

82. PunBB 'pun_attachment' extension SQL Injection Vulnerability
BugTraq ID: 36865
Remote: Yes
Last Updated: 2009-10-29
Relevant URL: http://www.securityfocus.com/bid/36865
Summary:
The 'pun_attachment' extension for PunBB is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

This issue affects 'pun_attachment' 1.0.2.

83. Opera Web Browser prior to 10.01 Multiple Security Vulnerabilities
BugTraq ID: 36850
Remote: Yes
Last Updated: 2009-10-29
Relevant URL: http://www.securityfocus.com/bid/36850
Summary:
Opera Web Browser is prone to multiple security vulnerabilities.

Successful exploits may allow attackers to execute arbitrary code, bypass certain security restrictions, or perform spoofing attacks.

Versions prior to Opera 10.01 are vulnerable.

84. Mozilla Firefox and SeaMonkey 'libpr0n' GIF Parser Heap Based Buffer Overflow Vulnerability
BugTraq ID: 36855
Remote: Yes
Last Updated: 2009-10-29
Relevant URL: http://www.securityfocus.com/bid/36855
Summary:
Mozilla Firefox and SeaMonkey are prone to a heap-based buffer-overflow vulnerability.

An attacker can exploit this issue to execute arbitrary code and to cause denial-of-service conditions by tricking a victim into visiting a malicious webpage.

NOTE: This issue was previously covered in BID 36843 (Mozilla Firefox and SeaMonkey MFSA 2009-52 through -64 Multiple Vulnerabilities), but has been assigned its own record to better document it.

85. Mozilla Firefox XPCOM Utility Chrome Privilege Escalation Vulnerability
BugTraq ID: 36857
Remote: Yes
Last Updated: 2009-10-29
Relevant URL: http://www.securityfocus.com/bid/36857
Summary:
Mozilla Firefox and SeaMonkey are prone to a privilege-escalation vulnerability in the browser's sidebar and FeedWriter.

Attackers can exploit this issue to execute arbitrary code with the object's chrome privileges.

NOTE: This issue was previously covered in BID 36843 (Mozilla Firefox and SeaMonkey MFSA 2009-52 through -64 Multiple Vulnerabilities), but has been assigned its own record to better document it.

86. Mozilla Firefox CVE-2009-3382 Remote Memory Corruption Vulnerability
BugTraq ID: 36866
Remote: Yes
Last Updated: 2009-10-29
Relevant URL: http://www.securityfocus.com/bid/36866
Summary:
Mozilla Firefox is prone to a remote memory-corruption vulnerability.

Successful exploits may allow an attacker to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will result in a denial-of-service condition.

NOTE: This issue was previously covered in BID 36843 (Mozilla Firefox and SeaMonkey MFSA 2009-52 through -64 Multiple Vulnerabilities), but has been assigned its own record to better document it.

87. Mozilla Firefox and SeaMonkey Proxy Auto-Configuration File Remote Code Execution Vulnerability
BugTraq ID: 36856
Remote: Yes
Last Updated: 2009-10-29
Relevant URL: http://www.securityfocus.com/bid/36856
Summary:
Mozilla Firefox and SeaMonkey are prone to a remote code-execution vulnerability.

Attackers can exploit this issue to execute arbitrary code in the context of the user running the application. Successful exploits will compromise the application and possibly the computer. Failed attacks may cause denial-of-service conditions.

NOTE: This issue was previously covered in BID 36843 (Mozilla Firefox and SeaMonkey MFSA 2009-52 through -64 Multiple Vulnerabilities), but has been assigned its own record to better document it.

88. Mozilla Firefox Form History Information Disclosure Vulnerability
BugTraq ID: 36853
Remote: Yes
Last Updated: 2009-10-29
Relevant URL: http://www.securityfocus.com/bid/36853
Summary:
Mozilla Firefox is prone to an information-disclosure vulnerability.

Attackers can exploit this issue to obtain sensitive information that may aid in launching further attacks.

NOTE: This issue was previously covered in BID 36843 (Mozilla Firefox and SeaMonkey MFSA 2009-52 through -64 Multiple Vulnerabilities), but has been assigned its own record to better document it.

89. Drupal Storm Module 'storminvoiceitem' Security Bypass Vulnerability
BugTraq ID: 36879
Remote: Yes
Last Updated: 2009-10-29
Relevant URL: http://www.securityfocus.com/bid/36879
Summary:
The Storm module for Drupal is prone to a security-bypass vulnerability that may allow attackers to perform actions without proper authorization.

Attackers can exploit this issue to bypass security restrictions to obtain sensitive information or perform unauthorized actions; this may aid in launching further attacks.

This issue affects versions prior to Storm 6.x-1.25.

90. Drupal Workflow Module Multiple HTML Injection Vulnerabilities
BugTraq ID: 36878
Remote: Yes
Last Updated: 2009-10-29
Relevant URL: http://www.securityfocus.com/bid/36878
Summary:
The Workflow module for Drupal is prone to multiple HTML-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in dynamically generated content.

Attacker-supplied HTML and script code would run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.

Attackers require 'administer workflow' permission to exploit these issues.

Versions prior to Workflow 5.x-2.4 and 6.x-1.2 are vulnerable.

91. Drupal FAQ Ask Module URI Redirection and Cross Site Scripting Vulnerabilities
BugTraq ID: 36877
Remote: Yes
Last Updated: 2009-10-29
Relevant URL: http://www.securityfocus.com/bid/36877
Summary:
The FAQ Ask module for Drupal is prone to a remote URI-redirection vulnerability and a cross-site scripting vulnerability because the application fails to sufficiently sanitize user-supplied input.

Attackers can exploit this issue to execute arbitrary script or HTML code, steal cookie-based authentication credentials, and conduct phishing attacks. Other attacks may also be possible.

92. Drupal CCK Comment Reference Module Node Title Security Bypass Vulnerability
BugTraq ID: 36863
Remote: Yes
Last Updated: 2009-10-29
Relevant URL: http://www.securityfocus.com/bid/36863
Summary:
The CCK Comment Reference module for Drupal is prone to a security-bypass vulnerability that may allow attackers to perform actions without proper authorization.

Attackers can exploit this issue to bypass security restrictions to obtain sensitive information or perform unauthorized actions; this may aid in launching further attacks.

This issue affects versions prior to CCK Comment Reference 5.x-1.2 and 6.x-1.3.

93. Drupal OpenSocial Shindig-Integrator Module HTML Injection Vulnerability
BugTraq ID: 36862
Remote: Yes
Last Updated: 2009-10-29
Relevant URL: http://www.securityfocus.com/bid/36862
Summary:
The OpenSocial Shindig-Integrator module for Drupal is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

This issue affects versions prior to OpenSocial Shindig-Integrator 6.x-2.1.

94. Microsoft Internet Explorer 'writing-mode' Uninitialized Memory Remote Code Execution Vulnerability
BugTraq ID: 36616
Remote: Yes
Last Updated: 2009-10-29
Relevant URL: http://www.securityfocus.com/bid/36616
Summary:
Microsoft Internet Explorer is prone to a remote code-execution vulnerability.

Attackers can exploit this issue to execute arbitrary code in the context of the user running the application. Successful exploits will compromise the application and possibly the computer. Failed attacks may cause denial-of-service conditions.

95. Mozilla Firefox CVE-2009-3378 Remote Memory Corruption Vulnerability
BugTraq ID: 36873
Remote: Yes
Last Updated: 2009-10-29
Relevant URL: http://www.securityfocus.com/bid/36873
Summary:
Mozilla Firefox is prone to a remote memory-corruption vulnerability.

Successful exploits may allow an attacker to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will result in a denial-of-service condition.

NOTE: This issue was previously covered in BID 36843 (Mozilla Firefox and SeaMonkey MFSA 2009-52 through -64 Multiple Vulnerabilities), but has been assigned its own record to better document it.

96. Mozilla Firefox CVE-2009-3377 Remote Memory Corruption Vulnerability
BugTraq ID: 36872
Remote: Yes
Last Updated: 2009-10-29
Relevant URL: http://www.securityfocus.com/bid/36872
Summary:
Mozilla Firefox is prone to a remote memory-corruption vulnerability.

Successful exploits may allow an attacker to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will result in a denial-of-service condition.

NOTE: This issue was previously covered in BID 36843 (Mozilla Firefox and SeaMonkey MFSA 2009-52 through -64 Multiple Vulnerabilities), but has been assigned its own record to better document it.

97. Mozilla Firefox CVE-2009-3381 Multiple Remote Memory Corruption Vulnerabilities
BugTraq ID: 36870
Remote: Yes
Last Updated: 2009-10-29
Relevant URL: http://www.securityfocus.com/bid/36870
Summary:
Mozilla Firefox is prone to multiple remote memory-corruption vulnerabilities.

Successful exploits may allow an attacker to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will result in a denial-of-service condition.

NOTE: These issues were previously covered in BID 36843 (Mozilla Firefox and SeaMonkey MFSA 2009-52 through -64 Multiple Vulnerabilities), but have been assigned their own record to better document them.

98. Mozilla Firefox CVE-2009-3383 Multiple Remote Memory Corruption Vulnerabilities
BugTraq ID: 36869
Remote: Yes
Last Updated: 2009-10-29
Relevant URL: http://www.securityfocus.com/bid/36869
Summary:
Mozilla Firefox is prone to multiple remote memory-corruption vulnerabilities.

Successful exploits may allow an attacker to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will result in a denial-of-service condition.

NOTE: These issues were previously covered in BID 36843 (Mozilla Firefox and SeaMonkey MFSA 2009-52 through -64 Multiple Vulnerabilities), but have been assigned their own record to better document them.

99. Mozilla Firefox CVE-2009-3379 Multiple Remote Memory Corruption Vulnerabilities
BugTraq ID: 36875
Remote: Yes
Last Updated: 2009-10-29
Relevant URL: http://www.securityfocus.com/bid/36875
Summary:
Mozilla Firefox is prone to multiple remote memory-corruption vulnerabilities.

Successful exploits may allow an attacker to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will result in a denial-of-service condition.

NOTE: These issues were previously covered in BID 36843 (Mozilla Firefox and SeaMonkey MFSA 2009-52 through -64 Multiple Vulnerabilities), but have been assigned their own record to better document them.

100. RETIRED: Mozilla Firefox and SeaMonkey MFSA 2009-52 through -64 Multiple Vulnerabilities
BugTraq ID: 36843
Remote: Yes
Last Updated: 2009-10-29
Relevant URL: http://www.securityfocus.com/bid/36843
Summary:
The Mozilla Foundation has released multiple advisories to address vulnerabilities in Firefox and SeaMonkey.

This BID is being retired; the following individual records now document these issues:

36875 Mozilla Firefox CVE-2009-3379 Multiple Remote Memory Corruption Vulnerabilities
36873 Mozilla Firefox CVE-2009-3378 Remote Memory Corruption Vulnerability
36866 Mozilla Firefox CVE-2009-3382 Remote Memory Corruption Vulnerability
36872 Mozilla Firefox CVE-2009-3377 Remote Memory Corruption Vulnerability
36871 Mozilla Firefox CVE-2009-3380 Multiple Remote Memory Corruption Vulnerabilities
36870 Mozilla Firefox CVE-2009-3381 Multiple Remote Memory Corruption Vulnerabilities
36869 Mozilla Firefox CVE-2009-3383 Multiple Remote Memory Corruption Vulnerabilities
36867 Mozilla Firefox and Seamonkey Download Filename Spoofing Vulnerability
36852 Mozilla Firefox Download Manager World Writable File Local Privilege Escalation Vulnerability
36854 Mozilla Firefox JavaScript Web-Workers Remote Code Execution Vulnerability
36858 Mozilla Firefox 'document.getSelect' Cross Domain Information Disclosure Vulnerability
36857 Mozilla Firefox XPCOM Utility Chrome Privilege Escalation Vulnerability
36855 Mozilla Firefox and SeaMonkey 'libpr0n' GIF Parser Heap Based Buffer Overflow Vulnerability
36853 Mozilla Firefox Form History Information Disclosure Vulnerability
36851 Mozilla Firefox Floating Point Conversion Heap Overflow Vulnerability
36856 Mozilla Firefox and SeaMonkey Proxy Auto-Configuration File Remote Code Execution Vulnerability

III. SECURITYFOCUS NEWS ARTICLES
--------------------------------
1. Popular apps need better patching, says report
By: Robert Lemos
A report using data from two security vendors finds that ubiquitous applications, such as Apple's QuickTime and Adobe Flash, are not patched fast enough by their users.
http://www.securityfocus.com/news/11560

2. Hacker charged with Heartland, other breaches
By: Robert Lemos
A federal grand jury indicts a Florida man already charged with stealing data from TJX with allegedly helping breach five more companies.
http://www.securityfocus.com/news/11557

3. Web attacks hit U.S., South Korean sites
By: Robert Lemos
In its fourth day, a widespread distributed denial-of-service attack continued to inundate U.S. government and South Korean Web sites with network traffic.
http://www.securityfocus.com/news/11554

4. FTC persuades court to shutter rogue ISP
By: Robert Lemos
A federal district court shuts down Triple Fiber Network, after the Federal Trade Commission documents the Internet service provider's cooperation with online criminals and child pornographers.
http://www.securityfocus.com/news/11552

IV. SECURITY JOBS LIST SUMMARY
-------------------------------
V. INCIDENTS LIST SUMMARY
---------------------------
VI. VULN-DEV RESEARCH LIST SUMMARY
-----------------------------------
VII. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
VIII. SUN FOCUS LIST SUMMARY
----------------------------
IX. LINUX FOCUS LIST SUMMARY
----------------------------
1. Smart-Card Open Test Toolkit
http://www.securityfocus.com/archive/91/507540

X. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to sf-news-unsubscribe (at) securityfocus (dot) com [email concealed] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin (at) securityfocus (dot) com [email concealed] and ask to be manually removed.

XI. SPONSOR INFORMATION
------------------------
This issue is sponsored by Entrust

Go Green for Less Green
Give your customers the highest level of assurance
Give your customers the green address bar
Entrust EV SSL Certificates - Now from only $199 per year

http://www.entrust.net/securityfocus-ev

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus