WINDOWS CENTER: SecurityFocus Newsletter #379

SecurityFocus Newsletter #379
----------------------------------------

This Issue is Sponsored by: Watchfire

Watchfire announces AppScan 7.0! The industry's only web application security scanner with new features that include Privilege Escalation Testing, Validation Highlighting and Reasoning and Complex Authentication Support to automate even more scanning and provide greater visibility and control for security professionals, penetration testers and QA staff. See for yourself. Download an evaluation copy of AppScan now!

https://www.watchfire.com/securearea/appscancamp.aspx?id=701500000008YTx

------------------------------------------------------------------
I. FRONT AND CENTER
1. Christmas Shopping: Vista Over XP?
2. Vulnerability Scanning Web 2.0 Client-Side Components
II. BUGTRAQ SUMMARY
1. Infinicart Multiple Input Validation Vulnerabilities
2. Apache Mod_Auth_Kerb Off-By-One Denial of Service Vulnerability
3. Asterisk Voicemail Unauthorized Access Vulnerability
4. ResMgr Unauthorized USB Device Access Vulnerability
5. Clam AntiVirus FreshClam Remote Buffer Overflow Vulnerability
6. H-Sphere Control Panel Insecure Logfile Permissions Vulnerability
7. Asterisk JPEG File Handling Integer Overflow Vulnerability
8. Microsoft Word Unspecified Remote Code Execution Vulnerability
9. SMF Image File HTML Injection Vulnerability
10. LibGSF Remote Heap Buffer Overflow Vulnerability
11. JAB Guest Book HTML Injection Vulnerability
12. Novell Client SRVLOC.SYS Remote Denial of Service Vulnerability
13. Vt-Forum Lite Multiple Cross-Site Scripting Vulnerabilities
14. Frech.CH Online-BookMarks Multiple Input Validation Vulnerabilities
15. ABitWhizzy ABitWhizzy.PHP Directory Traversal Vulnerability
16. Mobile Multiple Scripts Multiple Cross-Site Scripting Vulnerabilities
17. Inside Systems Mail Error.PHP Cross-Site Scripting Vulnerability
18. Cerberus Helpdesk Spellwin.PHP Cross-Site Scripting Vulnerability
19. PHPMyAdmin Multiple HTTP Response Splitting Vulnerabilities
20. Apache Mod_IMAP Referer Cross-Site Scripting Vulnerability
21. F-PROT Antivirus ACE Remote Denial Of Service Vulnerability
22. Apache Mod_Rewrite Off-By-One Buffer Overflow Vulnerability
23. X.Org XRender Extension Buffer Overflow Vulnerability
24. BlueSocket BSC 2100 Admin.PL Cross-Site Scripting Vulnerability
25. Hastymail IMAP SMTP Command Injection Vulnerability
26. Metyus Okul Yonetim Sistemi Uye_giris_islem.ASP SQL Injection Vulnerability
27. Clam AntiVirus ClamAV Multiple Vulnerabilities
28. Agileco Multiple Applications Denial of Service Vulnerability
29. XScreenSaver Local Password Disclosure Vulnerability
30. Yukihiro Matsumoto Ruby CGI.RB Library Remote Denial Of Service Vulnerability
31. BSD-Games Multiple Local Buffer Overflow Vulnerabilities
32. Mozilla Suite, Firefox, SeaMonkey, and Thunderbird Multiple Remote Vulnerabilities
33. Multiple Mozilla Products Memory Corruption/Code Injection/Access Restriction Bypass Vulnerabilities
34. Linux Kernel NFS and EXT3 Combination Remote Denial of Service Vulnerability
35. Mozilla Firefox Large History File Buffer Overflow Vulnerability
36. Linux Kernel RCU signal handling __group_complete_signal Function Unspecified Vulnerability
37. Multiple Vendor AMD CPU Local FPU Information Disclosure Vulnerability
38. Linux Kernel Shared Memory Security Restriction Bypass Vulnerabilities
39. Linux Kernel IP_ROUTE_INPUT Local Denial of Service Vulnerability
40. Linux Kernel __keyring_search_one Local Denial of Service Vulnerability
41. GnuPG Make_Printable_String Remote Buffer Overflow Vulnerability
42. Linux Kernel Intel EM64T SYSRET Local Denial of Service Vulnerability
43. XZGV Image Viewer JPEG File Remote Heap Buffer Overflow Vulnerability
44. Adobe Acrobat Multiple Vulnerabilities
45. Linux Kernel Get_FDB_Entries Buffer Overflow Vulnerability
46. GNU GV Stack Buffer Overflow Vulnerability
47. Convert-UUlib Perl Module Buffer Overflow Vulnerability
48. Asterisk Chan_Skinny Remote Buffer Overflow Vulnerability
49. Cyrus SASL Remote Digest-MD5 Denial of Service Vulnerability
50. NetBSD Ftpd and Tnftpd Port Remote Buffer Overflow Vulnerability
51. Ethereal Multiple Protocol Dissector Vulnerabilities In Versions Prior To 0.99.0
52. Multiple Mozilla Products IFRAME JavaScript Execution Vulnerability
53. Brim Multiple Remote File Include Vulnerabilities
54. 2X ThinClientServer Unauthorized Administrative Account Creation Vulnerability
55. Adobe Download Manager AOM Buffer Overflow Vulnerability
56. Multiple BSD Vendor FireWire IOCTL Local Integer Overflow Vulnerability
57. GNU Tar GNUTYPE_NAMES Remote Directory Traversal Vulnerability
58. Xine-Lib RuleMatches Remote Buffer Overflow Vulnerability
59. DenyHosts Remote Denial of Service Vulnerability
60. iWare Professional Index.PHP SQL Injection Vulnerability
61. Microsoft Internet Explorer CSS Width Element Denial of Service Vulnerability
62. Dol Storye Dettaglio.ASP Multiple SQL Injection Vulnerabilities
63. GnuPG OpenPGP Packet Processing Function Pointer Overwrite Vulnerability
64. Plone Unspecified Group Spoofing Vulnerability
65. Citrix Presentation Server Client WFICA.OCX ActiveX Component Heap Buffer Overflow Vulnerability
66. Publicera Multiple Input Validation Vulnerabilities
67. Intel Network Drivers Local Code Execution Vulnerability
68. Drupal CVS Management/Tracker Motivation Field Cross-Site Scripting Vulnerability
69. Emdros Database Engine Multiple Local Denial of Service Vulnerabilities
70. OpenSSL SSL_Get_Shared_Ciphers Buffer Overflow Vulnerability
71. Mozilla Thunderbird Multiple Remote Information Disclosure Vulnerabilities
72. OpenSSL SSLv2 Null Pointer Dereference Client Denial of Service Vulnerability
73. SAP IGS Multiple Unspecified Vulnerabilities
74. Yukihiro Matsumoto Ruby XMLRPC Server Denial of Service Vulnerability
75. SAP Internet Graphics Service Unspecified Directory Traversal Vulnerability
76. Links ELinks SMBClient Remote Command Execution Vulnerability
77. OpenSSL Insecure Protocol Negotiation Weakness
78. OpenVPN Client Remote Code Execution Vulnerability
79. ABCMIDI ABC Music Files Remote Buffer Overflow Vulnerability
80. OpenSSH Duplicated Block Remote Denial of Service Vulnerability
81. MySQL Query Logging Bypass Vulnerability
82. Portable OpenSSH GSSAPI Remote Code Execution Vulnerability
83. L2TPNS Heartbeat Handling Denial of Service Vulnerability
84. OpenSSH SCP Shell Command Execution Vulnerability
85. OpenSSH-Portable GSSAPI Authentication Abort Information Disclosure Weakness
86. Google Search Appliance UTF-7 Cross Site Scripting Vulnerability
87. Microsoft Internet Explorer Frame Src Denial Of Service Vulnerability
88. @lex Guestbook Index.PHP Multiple Input Validation Vulnerabilities
89. RETIRED: UApplication UGuestbook Index.ASP SQL Injection Vulnerability
90. Apple BOMArchiveHelper Multiple Remote Archive File Vulnerabilities
91. Paul A. Rombouts PDNSD Unspecified Buffer Overflow Vulnerability
92. Evolve Shopping Cart products.ASP SQL Injection Vulnerability
93. Abarcar Realty Portal Multiple SQL Injection Vulnerabilities
94. JustSystems Multiple Products Unspecified Buffer Overflow Vulnerability
95. Evolve Merchant Viewcart.ASP SQL Injection Vulnerability
96. KOffice PPT Files Integer Overflow Vulnerability
97. FFmpeg Image File Multiple Buffer Overflow Vulnerabilities
98. Trend Micro OfficeScan Wizard and CgiRemoteInstall Multiple Buffer Overflow Vulnerabilities
99. Nvidia NView Keystone.EXE Local Denial of Service Vulnerability
100. IBM Tivoli Storage Manager Multiple Buffer Overflow Vulnerabilities
III. SECURITYFOCUS NEWS
1. MySpace teams to create sex-offender database
2. Social sites' insecurity increasingly worrisome
3. Bot spreads through antivirus, Windows flaws
4. Viruses go virtual
IV. SECURITY JOBS LIST SUMMARY
1. [SJ-JOB] Director, Information Security, New York
2. [SJ-JOB] Manager, Information Security, Cheltenham
3. [SJ-JOB] Security Engineer, Sydney
4. [SJ-JOB] Security Consultant, London
5. [SJ-JOB] Penetration Engineer, Rishon LeTzion
6. [SJ-JOB] Security Architect, Schaumburg
7. [SJ-JOB] Sr. Security Engineer, North Chicago Suburb
8. [SJ-JOB] Sr. Security Analyst, Costa Mesa
9. [SJ-JOB] Manager, Information Security, Zurich
10. [SJ-JOB] Security Engineer, Zurich
11. [SJ-JOB] Management, San Diego
12. [SJ-JOB] Sales Representative, Miami
13. [SJ-JOB] Sr. Security Engineer, Frisco
14. [SJ-JOB] Sr. Security Analyst, Gurgaon
15. [SJ-JOB] Developer, Dubai
16. [SJ-JOB] Manager, Information Security, Dubai
17. [SJ-JOB] Sr. Security Analyst, Louisville
18. [SJ-JOB] Security Engineer, melbourne
19. [SJ-JOB] Sales Representative, Cupertino
20. [SJ-JOB] Security Engineer, Columbia
21. [SJ-JOB] Technical Support Engineer, Cupertino
22. [SJ-JOB] Security Researcher, Rockville
23. [SJ-JOB] Security Consultant, Bath & M4 Corridor
V. INCIDENTS LIST SUMMARY
1. Thousands of attempts to port 35825 and 11090
VI. VULN-DEV RESEARCH LIST SUMMARY
VII. MICROSOFT FOCUS LIST SUMMARY
1. SecurityFocus Microsoft Newsletter #320
2. DNS recursive
VIII. SUN FOCUS LIST SUMMARY
IX. LINUX FOCUS LIST SUMMARY
1. Selecting OS for High-availability/mission-critical web portal
2. Red Hat vs Debian Linux: overall security
3. How to check UID of process on the other side of local TCP/UDP connection
X. UNSUBSCRIBE INSTRUCTIONS
XI. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1. Christmas Shopping: Vista Over XP?
By Federico Biancuzzi
Microsoft has announced Vista's release dates. From a security standpoint what choice should consumers take during this Christmas shopping season? Most will be faced with Windows XP only or Windows XP with Microsoft's Express Upgrade option to Vista. Federico Biancuzzi interviewed a wide range of security researchers and anti-virus folks to get some consensus on the security of Vista over Windows XP for consumers, with some advice for corporate users as well.
http://www.securityfocus.com/columnists/425

2. Vulnerability Scanning Web 2.0 Client-Side Components
By Shreeraj Shah
This article discusses the challenges faced when vulnerability scanning Web 2.0 applications, and then provides a methodology to detect vulnerabilities in Web 2.0 client-side application components.
http://www.securityfocus.com/infocus/1881

II. BUGTRAQ SUMMARY
--------------------
1. Infinicart Multiple Input Validation Vulnerabilities
BugTraq ID: 21043
Remote: Yes
Last Updated: 2006-12-06
Relevant URL: http://www.securityfocus.com/bid/21043
Summary:
Infinicart is prone to multiple input-validation vulnerabilities, including HTML-injection and SQL-injection issues, because the application fails to properly sanitize user-supplied input.

A successful exploit of these vulnerabilities could allow an attacker to compromise the application, access or modify data, steal cookie-based authentication credentials, or even exploit vulnerabilities in the underlying database implementation. Other attacks are also possible.

The vendor reports these issues only affect the demonstration version of Infinicart and do not affect any official released versions of the application.

2. Apache Mod_Auth_Kerb Off-By-One Denial of Service Vulnerability
BugTraq ID: 21214
Remote: Yes
Last Updated: 2006-12-06
Relevant URL: http://www.securityfocus.com/bid/21214
Summary:
Apache mod_auth_kerb is prone to an off-by-one buffer-overflow condition.

The vulnerability allows for potential memory corruption.

An attacker may exploit this issue to trigger a denial-of-service condition. Arbitrary code execution may be possible, but this has not been confirmed.

3. Asterisk Voicemail Unauthorized Access Vulnerability
BugTraq ID: 15336
Remote: Yes
Last Updated: 2006-12-05
Relevant URL: http://www.securityfocus.com/bid/15336
Summary:
Asterisk is prone to an unauthorized-access vulnerability. This issue is due to a failure in the application to properly verify user-supplied input.

Successful exploitation will grant an attacker access to a victim user's voicemail and to any '.wav/.WAV' files currently on the affected system.

4. ResMgr Unauthorized USB Device Access Vulnerability
BugTraq ID: 17752
Remote: No
Last Updated: 2006-12-05
Relevant URL: http://www.securityfocus.com/bid/17752
Summary:
The resmgr module is prone to a vulnerability that permits unauthorized access to USB devices.

A successful exploit of this issue would result in a bypass of access controls leading to a false sense of security and a possible loss of confidentiality if data is intercepted; other attacks are also possible.

5. Clam AntiVirus FreshClam Remote Buffer Overflow Vulnerability
BugTraq ID: 17754
Remote: Yes
Last Updated: 2006-12-05
Relevant URL: http://www.securityfocus.com/bid/17754
Summary:
ClamAV's freshclam utility is susceptible to a remote buffer-overflow vulnerability. The utility fails to perform sufficient boundary checks in server-supplied HTTP data before copying it to an insufficiently sized memory buffer.

To exploit this issue, attackers must subvert webservers in the ClamAV database server pool. Or, they would perform DNS-based attacks or man-in-the-middle attacks to cause affected freshclam applications to connect to attacker-controlled webservers.

This issue allows remote attackers to execute arbitrary machine code in the context of the freshclam utility. The affected utility may run with superuser privileges, aiding remote attackers in the complete compromise of affected computers.

ClamAV versions 0.88 and 0.88.1 are affected by this issue.

6. H-Sphere Control Panel Insecure Logfile Permissions Vulnerability
BugTraq ID: 21436
Remote: No
Last Updated: 2006-12-05
Relevant URL: http://www.securityfocus.com/bid/21436
Summary:
H-Sphere Control Panel creates logfiles with permissions. A local attacker may exploit this issue to gain elevated privileges, potentially facilitating a compromise of the system.

H-Sphere Control Panel version 2.4.3 is reportedly vulnerable; other versions may be affected as well.

7. Asterisk JPEG File Handling Integer Overflow Vulnerability
BugTraq ID: 17561
Remote: Yes
Last Updated: 2006-12-05
Relevant URL: http://www.securityfocus.com/bid/17561
Summary:
Asterisk is prone to an integer-overflow vulnerability.

This issue arises when the application handles a malformed JPEG file.

An attacker could exploit this vulnerability to execute arbitrary code in the context of the vulnerable application.

8. Microsoft Word Unspecified Remote Code Execution Vulnerability
BugTraq ID: 21451
Remote: Yes
Last Updated: 2006-12-05
Relevant URL: http://www.securityfocus.com/bid/21451
Summary:
Microsoft Word is prone to a remote code-execution vulnerability.

An attacker could exploit this issue by enticing a victim to open a malicious Word file. If the vulnerability is successfully exploited, this could result in the execution of arbitrary code in the context of the currently logged-in user.

9. SMF Image File HTML Injection Vulnerability
BugTraq ID: 21431
Remote: Yes
Last Updated: 2006-12-04
Relevant URL: http://www.securityfocus.com/bid/21431
Summary:
SMF is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input before using it in dynamically generated content.

Attacker-supplied HTML and script code would execute in the context of the affected website, potentially allowing an attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user; other attacks are also possible.

Note that this vulnerability may be triggered only in the Internet Explorer browser.

SMF version 1.1 is vulnerable to this issue.

10. LibGSF Remote Heap Buffer Overflow Vulnerability
BugTraq ID: 21358
Remote: Yes
Last Updated: 2006-12-04
Relevant URL: http://www.securityfocus.com/bid/21358
Summary:
The libgsf library is prone to a remote heap buffer-overflow vulnerability.

Exploiting this issue may allow attackers to execute arbitrary machine code within the context of the vulnerable application or to cause a denial of service.

11. JAB Guest Book HTML Injection Vulnerability
BugTraq ID: 21429
Remote: Yes
Last Updated: 2006-12-04
Relevant URL: http://www.securityfocus.com/bid/21429
Summary:
JAB Guest Book is prone to an HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied input data.

Exploiting this issue may allow an attacker to execute HTML and script code in the context of the affected site, to steal cookie-based authentication credentials, or to control how the site is rendered to the user; other attacks are also possible.

12. Novell Client SRVLOC.SYS Remote Denial of Service Vulnerability
BugTraq ID: 21430
Remote: Yes
Last Updated: 2006-12-04
Relevant URL: http://www.securityfocus.com/bid/21430
Summary:
Novell Client is prone to a remote denial-of-service vulnerability because it fails to properly handle unexpected network traffic.

Successfully exploiting this issue allows remote attackers to crash affected computers, denying service to legitimate users.

Novell Client 4.91 is vulnerable; other versions may also be affected.

13. Vt-Forum Lite Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 21428
Remote: Yes
Last Updated: 2006-12-04
Relevant URL: http://www.securityfocus.com/bid/21428
Summary:
Vt-Forum Lite is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.

An attacker may leverage these issues to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

The attacker may also be able to conduct HTML-injection attacks through unspecified fields on the 'vf_newtopic.asp' script page.

These issues affect version 1.3; other versions may also be vulnerable.

14. Frech.CH Online-BookMarks Multiple Input Validation Vulnerabilities
BugTraq ID: 21422
Remote: Yes
Last Updated: 2006-12-04
Relevant URL: http://www.securityfocus.com/bid/21422
Summary:
The online-bookmarks applicationis prone to multiple input-validation vulnerabilities, including cross-site scriping and SQL-injection issues, because it fails to properly sanitize user-supplied input.

Version 0.6.12 is vulnerable to this issue; other versions may also be affected.

15. ABitWhizzy ABitWhizzy.PHP Directory Traversal Vulnerability
BugTraq ID: 21222
Remote: Yes
Last Updated: 2006-12-04
Relevant URL: http://www.securityfocus.com/bid/21222
Summary:
aBitWhizzy is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input data.

Exploiting this issue may allow an attacker to access sensitive information that could aid in further attacks.

16. Mobile Multiple Scripts Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 21427
Remote: Yes
Last Updated: 2006-12-04
Relevant URL: http://www.securityfocus.com/bid/21427
Summary:
Mobile is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input.

17. Inside Systems Mail Error.PHP Cross-Site Scripting Vulnerability
BugTraq ID: 21424
Remote: Yes
Last Updated: 2006-12-04
Relevant URL: http://www.securityfocus.com/bid/21424
Summary:
Inside Systems Mail is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

Version 2.0 is vulnerable; other versions may also be affected.

18. Cerberus Helpdesk Spellwin.PHP Cross-Site Scripting Vulnerability
BugTraq ID: 21423
Remote: Yes
Last Updated: 2006-12-04
Relevant URL: http://www.securityfocus.com/bid/21423
Summary:
Cerberus Helpdesk is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

19. PHPMyAdmin Multiple HTTP Response Splitting Vulnerabilities
BugTraq ID: 21421
Remote: Yes
Last Updated: 2006-12-04
Relevant URL: http://www.securityfocus.com/bid/21421
Summary:
phpMyAdmin is prone to multiple HTTP response-splitting vulnerabilities because the application fails to properly sanitize user-supplied input.

A remote attacker may exploit this vulnerability to influence or misrepresent how web content is served, cached, or interpreted. This could aid in various attacks that attempt to entice client users into a false sense of trust.

Version 2.7.0-pl2 is vulnerable to these issues; other versions may also be affected.

20. Apache Mod_IMAP Referer Cross-Site Scripting Vulnerability
BugTraq ID: 15834
Remote: Yes
Last Updated: 2006-12-04
Relevant URL: http://www.securityfocus.com/bid/15834
Summary:
Apache's mod_imap module is prone to a cross-site scripting vulnerability. This issue is due to the module's failure to properly sanitize user-supplied input.

An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.

21. F-PROT Antivirus ACE Remote Denial Of Service Vulnerability
BugTraq ID: 21420
Remote: Yes
Last Updated: 2006-12-04
Relevant URL: http://www.securityfocus.com/bid/21420
Summary:
F-PROT Antivirus is prone to a remote denial-of-service vulnerability because the application fails to properly handle certain file types, resulting in excessive consumption of system resources.

An attacker may exploit this issue to crash the affected application, denying further service to legitimate users.

F-PROT Antivirus version 4.6.6 is vulnerable; other versions may also be affected.

22. Apache Mod_Rewrite Off-By-One Buffer Overflow Vulnerability
BugTraq ID: 19204
Remote: Yes
Last Updated: 2006-12-04
Relevant URL: http://www.securityfocus.com/bid/19204
Summary:
Apache mod_rewrite is prone to an off-by-one buffer-overflow condition.

The vulnerability arising in the mod_rewrite module's ldap scheme handling allows for potential memory corruption when an attacker exploits certain rewrite rules.

An attacker may exploit this issue to trigger a denial-of-service condition. Reportedly, arbitrary code execution may be possible as well.

23. X.Org XRender Extension Buffer Overflow Vulnerability
BugTraq ID: 17795
Remote: Yes
Last Updated: 2006-12-04
Relevant URL: http://www.securityfocus.com/bid/17795
Summary:
The X.Org X Window System is prone to a buffer-overflow vulnerability.

An attacker can exploit this issue to execute arbitrary code with elevated privileges. This may facilitate a compromise of the affected computer.

24. BlueSocket BSC 2100 Admin.PL Cross-Site Scripting Vulnerability
BugTraq ID: 21419
Remote: Yes
Last Updated: 2006-12-04
Relevant URL: http://www.securityfocus.com/bid/21419
Summary:
BlueSocket BSC 2100 is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.

This issue affects versions prior to 5.2 and versions without the 5.1.1-BluePatch fix.

25. Hastymail IMAP SMTP Command Injection Vulnerability
BugTraq ID: 20424
Remote: Yes
Last Updated: 2006-12-04
Relevant URL: http://www.securityfocus.com/bid/20424
Summary:
Hastymail is prone to an IMAP / SMTP command-injection vulnerability because it fails to sufficiently sanitize user-supplied input.

An authenticated malicious user could execute arbitrary IMAP / SMTP commands on the affected mail server processes. This may allow the user to send SPAM from the server or to exploit latent vulnerabilities in the underlying system.

Hastymail 1.5 and prior versions are affected.

26. Metyus Okul Yonetim Sistemi Uye_giris_islem.ASP SQL Injection Vulnerability
BugTraq ID: 21418
Remote: Yes
Last Updated: 2006-12-04
Relevant URL: http://www.securityfocus.com/bid/21418
Summary:
Metyus Okul Yonetim Sistemi is prone to an SQL-injection vulnerability because it fails to properly sanitize user-supplied input before using it in an SQL query.

A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.

27. Clam AntiVirus ClamAV Multiple Vulnerabilities
BugTraq ID: 17388
Remote: Yes
Last Updated: 2006-12-06
Relevant URL: http://www.securityfocus.com/bid/17388
Summary:
ClamAV is prone to multiple vulnerabilities:

- An integer-overflow vulnerability.
- A format-string vulnerability.
- A denial-of-service vulnerability.

The first two issues may permit attackers to execute arbitrary code, which can facilitate a compromise of an affected computer.

If an attacker can successfully exploit the denial-of-service issue, this may crash the affected application, which may aid an attacker in further attacks if the antivirus software no longer works.

28. Agileco Multiple Applications Denial of Service Vulnerability
BugTraq ID: 21459
Remote: Yes
Last Updated: 2006-12-06
Relevant URL: http://www.securityfocus.com/bid/21459
Summary:
AgileBill and AgileVoice are prone to a denial-of-service vulnerability due to a design error when handling certain requests.

An attacker can exploit this issue to cause denail-of-service conditions on an affected computer.

AgileBill version 1.4 and AgileVoice 1.4 are vulnerable.

29. XScreenSaver Local Password Disclosure Vulnerability
BugTraq ID: 17471
Remote: Yes
Last Updated: 2006-12-06
Relevant URL: http://www.securityfocus.com/bid/17471
Summary:
XScreenSaver is prone to a local password-disclosure vulnerability. This issue is due to a flaw in the application that may result in the screen-unlock password being passed onto other applications that are already running on the computer.

This may disclose the password used to unlock the applications. The login password is typically used to unlock XScreenSaver, so this issue may reveal login passwords to attackers.

This issue is currently known to affect users who are running RDesktop on the locked computer, due to the interaction between the applications. This may result in the disclosure of the login password across the network. Other unknown applications in conjunction with XScreenSaver may result in a similar issue.

Version 4.14 and 4.16 are vulnerable to this issue; other versions may also be affected.

30. Yukihiro Matsumoto Ruby CGI.RB Library Remote Denial Of Service Vulnerability
BugTraq ID: 21441
Remote: Yes
Last Updated: 2006-12-06
Relevant URL: http://www.securityfocus.com/bid/21441
Summary:
Ruby is prone to a remote denial-of-service vulnerability because the application's CGI library fails to properly handle specially crafted HTTP requests.

Successful exploits may allow remote attackers to cause denial-of-service conditions on computers running the affected Ruby CGI library.

31. BSD-Games Multiple Local Buffer Overflow Vulnerabilities
BugTraq ID: 17401
Remote: No
Last Updated: 2006-12-06
Relevant URL: http://www.securityfocus.com/bid/17401
Summary:
Multiple games in the BSD-games package are prone to locally exploitable buffer-overflow vulnerabilities. These issues are due to insufficient bounds-checking when copying user-supplied input to insufficiently sized memory buffers.

Since these games are installed 'setgid games' on many operating systems, attackers may be able to exploit these issues to escalate privileges to this level.

32. Mozilla Suite, Firefox, SeaMonkey, and Thunderbird Multiple Remote Vulnerabilities
BugTraq ID: 17516
Remote: Yes
Last Updated: 2006-12-06
Relevant URL: http://www.securityfocus.com/bid/17516
Summary:
The Mozilla Foundation has released nine security advisories specifying security vulnerabilities in Mozilla Suite, Firefox, SeaMonkey, and Thunderbird.

These vulnerabilities allow attackers to:

- execute arbitrary machine code in the context of the vulnerable application
- crash affected applications
- gain elevated privileges in JavaScript code, potentially allowing remote machine code execution
- gain access to potentially sensitive information
- bypass security checks
- spoof window contents.

Other attacks may also be possible.

The issues described here will be split into individual BIDs as the information embargo on the Mozilla Bugzilla entries is lifted and as further information becomes available. This BID will then be retired.

These issues are fixed in:
- Mozilla Firefox versions 1.0.8 and 1.5.0.2
- Mozilla Thunderbird versions 1.0.8 and 1.5.0.2
- Mozilla Suite version 1.7.13
- Mozilla SeaMonkey version 1.0.1

33. Multiple Mozilla Products Memory Corruption/Code Injection/Access Restriction Bypass Vulnerabilities
BugTraq ID: 16476
Remote: Yes
Last Updated: 2006-12-06
Relevant URL: http://www.securityfocus.com/bid/16476
Summary:
Multiple Mozilla products are prone to multiple vulnerabilities. These issues include various memory-corruption, code-injection, and access-restriction-bypass vulnerabilities. Other undisclosed issues may have also been addressed in the various updated vendor applications.

Successful exploitation of these issues may permit an attacker to execute arbitrary code in the context of the affected application. This may facilitate a compromise of the affected computer; other attacks are also possible.

34. Linux Kernel NFS and EXT3 Combination Remote Denial of Service Vulnerability
BugTraq ID: 19396
Remote: No
Last Updated: 2006-12-06
Relevant URL: http://www.securityfocus.com/bid/19396
Summary:
The Linux kernel is susceptible to a remote denial-of-service vulnerability because the EXT3 filesystem code fails to properly handle unexpected conditions.

Remote attackers may trigger this issue by sending crafted UDP datagrams to affected computers that are configured as NFS servers, causing filesystem errors. Depending on the mount-time options of affected filesystems, this may result in remounting filesystems as read-only or cause a kernel panic.

Linux kernel versions 2.6.14.4, 2.6.17.6, and 2.6.17.7 are vulnerable to this issue; other versions in the 2.6 series are also likely affected.

35. Mozilla Firefox Large History File Buffer Overflow Vulnerability
BugTraq ID: 15773
Remote: Yes
Last Updated: 2006-12-06
Relevant URL: http://www.securityfocus.com/bid/15773
Summary:
Mozilla Firefox is reportedly prone to a remote denial-of-service vulnerability.

This issue presents itself when the browser handles a large entry in the 'history.dat' file. An attacker may trigger this issue by enticing a user to visit a malicious website and by supplying excessive data to be stored in the affected file.

This may cause a denial-of-service condition.

**UPDATE: Proof-of-concept exploit code has been published. The author of the code attributes the crash to a buffer-overflow condition. Symantec has not reproduced the alleged flaw.

36. Linux Kernel RCU signal handling __group_complete_signal Function Unspecified Vulnerability
BugTraq ID: 17640
Remote: No
Last Updated: 2006-12-06
Relevant URL: http://www.securityfocus.com/bid/17640
Summary:
Linux Kernel is prone to a local unspecified vulnerability.

This issue exists in the '__group_complete_signal' function of the RCU signal-handling facility.

Due to a lack of details, further information cannot be provided at the moment. This BID will be updated when more details are available.

37. Multiple Vendor AMD CPU Local FPU Information Disclosure Vulnerability
BugTraq ID: 17600
Remote: No
Last Updated: 2006-12-06
Relevant URL: http://www.securityfocus.com/bid/17600
Summary:
Multiple vendors' operating systems are prone to a local information-disclosure vulnerability. This issue is due to a flaw in the operating systems that fail to properly use AMD CPUs.

Local attackers may exploit this vulnerability to gain access to potentially sensitive information regarding other processes executing on affected computers. This may aid attackers in retrieving information regarding cryptographic keys or other sensitive information.

This issue affects Linux and FreeBSD operating systems that use generations 7 and 8 AMD CPUs.

38. Linux Kernel Shared Memory Security Restriction Bypass Vulnerabilities
BugTraq ID: 17587
Remote: No
Last Updated: 2006-12-06
Relevant URL: http://www.securityfocus.com/bid/17587
Summary:
The Linux kernel is prone to vulnerabilities regarding access to shared memory.

A local attacker could potentially gain read and write access to shared memory and write access to read-only tmpfs filesystems, bypassing security restrictions.

An attacker can exploit these issues to possibly corrupt applications and their data when the applications use temporary files or shared memory.

39. Linux Kernel IP_ROUTE_INPUT Local Denial of Service Vulnerability
BugTraq ID: 17593
Remote: No
Last Updated: 2006-12-06
Relevant URL: http://www.securityfocus.com/bid/17593
Summary:
The Linux kernel is prone to a local denial-of-service vulnerability. This issue is due to a design error in the 'ip_route_input()' function.

This vulnerability allows local users to panic the kernel, denying further service to legitimate users.

This issue affects Linux kernel versions prior to 2.6.16.8.

40. Linux Kernel __keyring_search_one Local Denial of Service Vulnerability
BugTraq ID: 17451
Remote: No
Last Updated: 2006-12-06
Relevant URL: http://www.securityfocus.com/bid/17451
Summary:
Linux kernel is susceptible to a local denial-of-service vulnerability. This vulnerability arises in the '__keyring_search_one' function. This issue allows local users to crash the kernel, denying service to legitimate users.

Kernel versions prior to 2.6.16.3 are vulnerable to this issue.

41. GnuPG Make_Printable_String Remote Buffer Overflow Vulnerability
BugTraq ID: 21306
Remote: Yes
Last Updated: 2006-12-06
Relevant URL: http://www.securityfocus.com/bid/21306
Summary:
GnuPG is prone to a remote buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer.

Exploiting this issue may allow remote attackers to execute arbitrary machine code in the context of the affected application, but this has not been confirmed.

GnuPG versions 1.4.5 and 2.0.0 are vulnerable to this issue; previous versions may also be affected.

42. Linux Kernel Intel EM64T SYSRET Local Denial of Service Vulnerability
BugTraq ID: 17541
Remote: No
Last Updated: 2006-12-06
Relevant URL: http://www.securityfocus.com/bid/17541
Summary:
The Linux kernel is prone to a local denial-of-service vulnerability. This issue arises in Intel EM64T CPUs when returning program control using SYSRET.

This vulnerability allows local users to crash the kernel, denying further service to legitimate users.

43. XZGV Image Viewer JPEG File Remote Heap Buffer Overflow Vulnerability
BugTraq ID: 17409
Remote: Yes
Last Updated: 2006-12-06
Relevant URL: http://www.securityfocus.com/bid/17409
Summary:
The 'xzgv' viewer is reported prone to a remote heap-overflow vulnerability.

This issue is reported to present itself when the application handles a specially crafted JPEG image. A remote attacker may execute arbitrary code in the context of a user running the application. As a result, the attacker can gain unauthorized access to the vulnerable computer.

This issue affects 'xzgv' 0.8 and prior. 'zgv' image viewer is vulnerable to this issue as well.

44. Adobe Acrobat Multiple Vulnerabilities
BugTraq ID: 21155
Remote: Yes
Last Updated: 2006-12-06
Relevant URL: http://www.securityfocus.com/bid/21155
Summary:
Adobe Acrobat is prone to multiple vulnerabilities. These errors have been confirmed to occur when Reader is invoked by Internet Explorer; other occurrences may exist.

Attackers can exploit these issues to cause denial-of-service conditions on a victim computer.

The vendor has confirmed that one of these issues may lead to arbitrary code execution.

45. Linux Kernel Get_FDB_Entries Buffer Overflow Vulnerability
BugTraq ID: 21353
Remote: Yes
Last Updated: 2006-12-06
Relevant URL: http://www.securityfocus.com/bid/21353
Summary:
The Linux kernel is prone to a buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it to an insufficiently sized memory buffer.

Attackers may potentially exploit this issue to execute arbitrary code within the context of the affected kernel, but this has not been confirmed. Successfully exploiting this issue would cause the complete compromise of the affected computer.

Little information is currently known about this vulnerability. Due to the fact that the affected function is in the network-bridging code, remote attacks may be possible.

Linux kernel versions prior to 2.6.18.4 are vulnerable to this issue.

46. GNU GV Stack Buffer Overflow Vulnerability
BugTraq ID: 20978
Remote: Yes
Last Updated: 2006-12-06
Relevant URL: http://www.securityfocus.com/bid/20978
Summary:
GNU gv is prone to a stack-based buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data before copying it into an insufficiently sized memory buffer.

Exploiting this issue allows attackers to execute arbitrary machine code in the context of users running the affected application. Failed attempts will likely crash the application, resulting in denial-of-service conditions.

Version 3.6.2 is reported vulnerable; other versions may also be affected.

NOTE: Various other applications may employ embedded GNU gv code and could also be vulnerable as a result.

47. Convert-UUlib Perl Module Buffer Overflow Vulnerability
BugTraq ID: 13401
Remote: Yes
Last Updated: 2006-12-06
Relevant URL: http://www.securityfocus.com/bid/13401
Summary:
Convert-UUlib Perl module is prone to a remotely exploitable buffer-overflow vulnerability.

A remote attacker may leverage this condition to overwrite sensitive program control variables and thus gain control of the process's execution flow.

This BID will be updated as soon as further information regarding this issue is made available.

48. Asterisk Chan_Skinny Remote Buffer Overflow Vulnerability
BugTraq ID: 20617
Remote: Yes
Last Updated: 2006-12-06
Relevant URL: http://www.securityfocus.com/bid/20617
Summary:
Asterisk is prone to a remote heap-based buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data before copying it to an insufficiently sized memory buffer.

Exploiting this vulnerability allows remote attackers to execute arbitrary machine code in the context of the affected application. Failed exploit attempts will likely crash the server, denying further service to legitimate users.

49. Cyrus SASL Remote Digest-MD5 Denial of Service Vulnerability
BugTraq ID: 17446
Remote: Yes
Last Updated: 2006-12-06
Relevant URL: http://www.securityfocus.com/bid/17446
Summary:
Cyrus SASL is affected by a remote denial-of-service vulnerability. This issue occurs before successful authentication, allowing anonymous remote attackers to trigger it.

This vulnerability allows remote attackers to crash services using the affected SASL library, denying service to legitimate users.

This issue reportedly affects version 2.1.18 of Cyrus SASL; other versions may also be affected.

50. NetBSD Ftpd and Tnftpd Port Remote Buffer Overflow Vulnerability
BugTraq ID: 21377
Remote: Yes
Last Updated: 2006-12-06
Relevant URL: http://www.securityfocus.com/bid/21377
Summary:
NetBSD ftpd and tnftpd are prone to a remote buffer-overflow vulnerability. This issue is due to an off-by-one error; it allows attackers to corrupt memory.

Remote attackers may execute arbitrary machine code in the context of the user running the affected application. Failed attempts will likely result in denial-of-service conditions.

51. Ethereal Multiple Protocol Dissector Vulnerabilities In Versions Prior To 0.99.0
BugTraq ID: 17682
Remote: Yes
Last Updated: 2006-12-06
Relevant URL: http://www.securityfocus.com/bid/17682
Summary:
The vendor has disclosed several vulnerabilities in Ethereal. The reported issues are in various protocol dissectors. These issues include:

- Buffer-overflow vulnerabilities
- Denial-of-service vulnerabilities
- Infinite loop denial-of-service vulnerabilities
- Unspecified denial-of-service vulnerabilities
- Off-by-one overflow vulnerabilities

These issues could allow remote attackers to execute arbitrary machine code in the context of the vulnerable application. Attackers could also crash the affected application.

Various vulnerabilities affect different versions of Ethereal, from 0.8.5 through to 0.10.14.

52. Multiple Mozilla Products IFRAME JavaScript Execution Vulnerability
BugTraq ID: 16770
Remote: Yes
Last Updated: 2006-12-06
Relevant URL: http://www.securityfocus.com/bid/16770
Summary:
Multiple Mozilla products are prone to a script-execution vulnerability.

The vulnerability presents itself when an attacker supplies a specially crafted email to a user containing malicious script code in an IFRAME and the user tries to reply to the mail. Arbitrary JavaScript can be executed even if the user has disabled JavaScript execution in the client.

The following mozilla products are vulnerable to this issue:
- Mozilla Thunderbird, versions prior to 1.5.0.2, and prior to 1.0.8
- Mozilla SeaMonkey, versions prior to 1.0.1
- Mozilla Suite, versions prior to 1.7.13

53. Brim Multiple Remote File Include Vulnerabilities
BugTraq ID: 20594
Remote: Yes
Last Updated: 2006-12-06
Relevant URL: http://www.securityfocus.com/bid/20594
Summary:
Brim is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input.

A successful exploit of these issues allows an attacker to execute arbitrary server-side script code on an affected computer with the privileges of the webserver process. This may facilitate unauthorized access.

Brim versions 1.2.0pre3 and 1.2.1 are vulnerable to these issues.

54. 2X ThinClientServer Unauthorized Administrative Account Creation Vulnerability
BugTraq ID: 21300
Remote: Yes
Last Updated: 2006-12-06
Relevant URL: http://www.securityfocus.com/bid/21300
Summary:
ThinClientServer is prone to a vulnerability that may allow an unauthorized remote attacker to create an administrative account and to gain administrative access to an affected application.

55. Adobe Download Manager AOM Buffer Overflow Vulnerability
BugTraq ID: 21453
Remote: Yes
Last Updated: 2006-12-06
Relevant URL: http://www.securityfocus.com/bid/21453
Summary:
Adobe Download Manager is affected by a remote buffer-overflow vulnerability.

An attacker can exploit this issue by crafting a malicious AOM file and enticing a user to view a webpage containing the file. A successful attack may result in arbitrary code execution.

This issue affects Adobe Download Manager 2.1 and prior versions.

56. Multiple BSD Vendor FireWire IOCTL Local Integer Overflow Vulnerability
BugTraq ID: 21089
Remote: No
Last Updated: 2006-12-06
Relevant URL: http://www.securityfocus.com/bid/21089
Summary:
Multiple BSD operating systems are prone to a local integer-overflow vulnerability. This issue affects the FireWire subsystem.

An attacker can exploit this vulnerability to gain access to potentially sensitive kernel memory. Information harvested by exploiting this issue will aid in further attacks.

TrustedBSD, FreeBSD, NetBSD, and DragonFly BSD are all vulnerable to this issue. Specific version information is not currently available.

Update: FreeBSD and possibly other operating systems reportedly allow only members of the 'operators' group and the superuser to issue IOCTL commands against FireWire devices.

57. GNU Tar GNUTYPE_NAMES Remote Directory Traversal Vulnerability
BugTraq ID: 21235
Remote: Yes
Last Updated: 2006-12-06
Relevant URL: http://www.securityfocus.com/bid/21235
Summary:
GNU Tar is prone to a vulnerability that may allow an attacker to place files and overwrite files in arbitrary locations on a vulnerable computer. These issues present themselves when the application processes malicious archives.

A successful attack can allow the attacker to place potentially malicious files and overwrite files on a computer in the context of the user running the affected application. Successful exploits may aid in further attacks.

58. Xine-Lib RuleMatches Remote Buffer Overflow Vulnerability
BugTraq ID: 21435
Remote: Yes
Last Updated: 2006-12-06
Relevant URL: http://www.securityfocus.com/bid/21435
Summary:
xine-lib library running on real media is prone to a remote buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data before copying it into an insufficiently sized buffer.

An attacker can exploit this issue to execute arbitrary code with the privileges of the currently logged in user. Failed exploit attempts will result in a denial-of-service.

59. DenyHosts Remote Denial of Service Vulnerability
BugTraq ID: 21468
Remote: Yes
Last Updated: 2006-12-06
Relevant URL: http://www.securityfocus.com/bid/21468
Summary:
DenyHosts is prone to a remote denial-of-service vulnerability. This issue is due to a failure of the application to properly ensure the source of authentication failure messages.

Successfully exploiting this issue allows remote attackers to add arbitrary IP addresses to the block list utilized by the application. This allows attackers to deny further SSH network access to arbitrary IP addresses, denying service to legitimate users.

60. iWare Professional Index.PHP SQL Injection Vulnerability
BugTraq ID: 21467
Remote: Yes
Last Updated: 2006-12-06
Relevant URL: http://www.securityfocus.com/bid/21467
Summary:
iWare Professional is prone to an SQL-injection vulnerability because it fails to properly sanitize user-supplied input before using it in an SQL query.

A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.

This issue affects version 5.0.4; other versions may also be vulnerable.

61. Microsoft Internet Explorer CSS Width Element Denial of Service Vulnerability
BugTraq ID: 21466
Remote: Yes
Last Updated: 2006-12-06
Relevant URL: http://www.securityfocus.com/bid/21466
Summary:
Microsoft Internet Explorer is prone to a denial-of-service vulnerability because the application fails to handle exceptional conditions.

This issue is triggered when an attacker entices a victim user to visit a malicious website.

Remote attackers may exploit this issue to crash Internet Explorer, effectively denying service to legitimate users.

Internet Explorer 6 is vulnerable to this issue; other versions may also be affected.

62. Dol Storye Dettaglio.ASP Multiple SQL Injection Vulnerabilities
BugTraq ID: 21463
Remote: Yes
Last Updated: 2006-12-06
Relevant URL: http://www.securityfocus.com/bid/21463
Summary:
dol storye is prone to multiple SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.

63. GnuPG OpenPGP Packet Processing Function Pointer Overwrite Vulnerability
BugTraq ID: 21462
Remote: Yes
Last Updated: 2006-12-06
Relevant URL: http://www.securityfocus.com/bid/21462
Summary:
GnuPG is prone to a vulnerability that could permit an attacker to overwrite a function pointer.

This issue is due to a design error when dealing with OpenPGP packets and may be exploited to execute arbitrary code.

Successful exploits may result in the remote compromise of computers utilizing the vulnerable application.

64. Plone Unspecified Group Spoofing Vulnerability
BugTraq ID: 21460
Remote: Yes
Last Updated: 2006-12-06
Relevant URL: http://www.securityfocus.com/bid/21460
Summary:
Plone is prone to a spoofing vulnerability due to an unspecified error.

An attacker can exploit this issue to spoof certain user data.

NOTE: This only affects sites which permit anonymous user registration.

Version 2.5 and 2.5.1 are vulnerable.

65. Citrix Presentation Server Client WFICA.OCX ActiveX Component Heap Buffer Overflow Vulnerability
BugTraq ID: 21458
Remote: Yes
Last Updated: 2006-12-06
Relevant URL: http://www.securityfocus.com/bid/21458
Summary:
Citrix Presentation Server Client is prone to a heap buffer-overflow vulnerability because it fails to properly bounds-check
user-supplied data before copying it into an insufficiently sized memory buffer.

An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in denial-of-service conditions.

Version 9.200 is vulnerable. Other versions may also be affected.

66. Publicera Multiple Input Validation Vulnerabilities
BugTraq ID: 21457
Remote: Yes
Last Updated: 2006-12-06
Relevant URL: http://www.securityfocus.com/bid/21457
Summary:
Publicera is prone to multiple input-validation vulnerabilities, including cross-site scripting and multiple SQL-injection issues, because it fails to sufficiently sanitize user-supplied input.

An attacker could exploit these issues to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.

Versions 1.0-rc2 and prior are vulnerable to these issues.

67. Intel Network Drivers Local Code Execution Vulnerability
BugTraq ID: 21456
Remote: No
Last Updated: 2006-12-06
Relevant URL: http://www.securityfocus.com/bid/21456
Summary:
Intel LAN drivers are prone to local code-execution vulnerability.

An attacker can trigger this issue to corrupt memory and execute code with kernel-level privileges.

A successful attack can result in a complete compromise of the affected computer due to privilege escalation.

All PCI, PCI-X and PCIe Intel network adapter drivers are vulnerable.

68. Drupal CVS Management/Tracker Motivation Field Cross-Site Scripting Vulnerability
BugTraq ID: 21455
Remote: Yes
Last Updated: 2006-12-06
Relevant URL: http://www.securityfocus.com/bid/21455
Summary:
Drupal CVS management/tracker is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.

Drupal CVS Management/Tracker version prior to 4.7.0-1.1 is affected by this issue.

69. Emdros Database Engine Multiple Local Denial of Service Vulnerabilities
BugTraq ID: 21444
Remote: Yes
Last Updated: 2006-12-05
Relevant URL: http://www.securityfocus.com/bid/21444
Summary:
Emdros Database Engine is prone to multiple local denial-of-service vulnerabilities.

These issues occur because the application fails to handle specially crafted database requests.

A remote attacker can exploit these vulnerabilities to consume all memory resources, denying service to legitimate users.

Versions 1.2.0 prior to pre231 are vulnerable to these issues.

70. OpenSSL SSL_Get_Shared_Ciphers Buffer Overflow Vulnerability
BugTraq ID: 20249
Remote: Yes
Last Updated: 2006-12-05
Relevant URL: http://www.securityfocus.com/bid/20249
Summary:
OpenSSL is prone to a buffer-overflow vulnerability because the library fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer.

Successfully exploiting this issue may result in the execution of arbitrary machine code in the context of applications that use the affected library. Failed exploit attempts may crash applications, denying service to legitimate users.

71. Mozilla Thunderbird Multiple Remote Information Disclosure Vulnerabilities
BugTraq ID: 16881
Remote: Yes
Last Updated: 2006-12-05
Relevant URL: http://www.securityfocus.com/bid/16881
Summary:
Mozilla Thunderbird is susceptible to multiple remote information-disclosure vulnerabilities. These issues are due to the application's failure to properly enforce the restriction for downloading remote content in email messages.

These issues allow remote attackers to gain access to potentially sensitive information, aiding them in further attacks. Attackers may also exploit these issues to know whether and when users read email messages.

Mozilla Thunderbird version 1.5 is vulnerable to these issues; other versions may also be affected.

72. OpenSSL SSLv2 Null Pointer Dereference Client Denial of Service Vulnerability
BugTraq ID: 20246
Remote: Yes
Last Updated: 2006-12-05
Relevant URL: http://www.securityfocus.com/bid/20246
Summary:
OpenSSL is prone to a denial-of-service vulnerability.

A malicious server could cause a vulnerable client application to crash, effectively denying service.

73. SAP IGS Multiple Unspecified Vulnerabilities
BugTraq ID: 21448
Remote: Yes
Last Updated: 2006-12-05
Relevant URL: http://www.securityfocus.com/bid/21448
Summary:
SAP IGS is prone to multiple vulnerabilities. These issues include a denial-of-service vulnerability and multiple access-validation vulnerabilities.

Exploiting these issues would allow an attacker to perform unauthorized actions, to access configuration files, and to crash the affected application, denying service to legitimate users.

Very little information is known about these issues. This BID will be updated as soon as more information becomes available.

SAP IGS 6.40 patchlevel 15, 7.0 patchlevel 3, and prior versions are vulnerable to these issues.

74. Yukihiro Matsumoto Ruby XMLRPC Server Denial of Service Vulnerability
BugTraq ID: 17645
Remote: Yes
Last Updated: 2006-12-05
Relevant URL: http://www.securityfocus.com/bid/17645
Summary:
Ruby is affected by a denial-of-service vulnerability in the WEBrick HTTP server. This issue is due to the use of blocking network operations. Ruby's implementation of XML/RPC is also affected, since it uses the vulnerable WEBrick server.

This issue allows remote attackers to cause affected webservers to fail to respond to further legitimate requests.

Ruby versions prior to 1.8.3 are affected by this issue.

75. SAP Internet Graphics Service Unspecified Directory Traversal Vulnerability
BugTraq ID: 21449
Remote: Yes
Last Updated: 2006-12-05
Relevant URL: http://www.securityfocus.com/bid/21449
Summary:
SAP Internet Graphics Service (IGS) is prone to an unspecified directory-traversal vulnerability.

An attacker can exploit this issue to remove arbitrary files on the SAP IGS filesystem.

Versions 6.40 prior to patch 17 and 7.00 prior to patch 7 are vulnerable.

NOTE: This issue affects IGS only when running on UNIX computers.

76. Links ELinks SMBClient Remote Command Execution Vulnerability
BugTraq ID: 21082
Remote: Yes
Last Updated: 2006-12-05
Relevant URL: http://www.securityfocus.com/bid/21082
Summary:
Links and ELinks are prone to a remote command-execution vulnerability because the applications fail to properly process website data containing smb commands.

An attacker can exploit this issue to execute arbitrary smb commands on a victim computer. This may help the attacker compromise the application and the underlying system; other attacks are also possible.

Links version 1.00pre12 and ELinks version 0.11.1 are reportedly vulnerable; other versions may also be affected.

NOTE: This vulnerability may be exploited only if 'smbclient' is installed on a target computer.

77. OpenSSL Insecure Protocol Negotiation Weakness
BugTraq ID: 15071
Remote: Yes
Last Updated: 2006-12-05
Relevant URL: http://www.securityfocus.com/bid/15071
Summary:
OpenSSL is susceptible to a remote protocol-negotiation weakness. This issue is due to the implementation of the 'SSL_OP_MSIE_SSLV2_RSA_PADDING' option to maintain compatibility with third-party software.

This issue presents itself when two peers try to negotiate the protocol they wish to communicate with. Attackers who can intercept and modify the SSL communications may exploit this weakness to force SSL version 2 to be chosen.

The attacker may then exploit various insecurities in SSL version 2 to gain access to or tamper with the cleartext communications between the targeted client and server.

Note that the 'SSL_OP_MSIE_SSLV2_RSA_PADDING' option is enabled with the frequently used 'SSL_OP_ALL' option.

SSL peers that are configured to disallow SSL version 2 are not affected by this issue.

78. OpenVPN Client Remote Code Execution Vulnerability
BugTraq ID: 17392
Remote: Yes
Last Updated: 2006-12-05
Relevant URL: http://www.securityfocus.com/bid/17392
Summary:
OpenVPN is reported prone to a remote code-execution vulnerability. This issue is due to a lack of proper sanitization of server-supplied data.

A remote attacker may exploit this issue to execute arbitrary code with elevated privileges on a vulnerable computer to gain unauthorized access.

To be vulnerable to this issue, client OpenVPN computers must be configured to use 'up' or 'down' scripts and must have either the 'pull' configuration directive or a 'client' macro set up.

OpenVPN versions 2.0.0 through 2.0.5 are affected by this issue.

79. ABCMIDI ABC Music Files Remote Buffer Overflow Vulnerability
BugTraq ID: 17704
Remote: Yes
Last Updated: 2006-12-05
Relevant URL: http://www.securityfocus.com/bid/17704
Summary:
abcMIDI is prone to a remote buffer-overflow vulnerability.

A remote attacker can exploit this issue to execute arbitrary code in the context of a user running the application. As a result, the attacker can gain unauthorized access to the vulnerable computer.

80. OpenSSH Duplicated Block Remote Denial of Service Vulnerability
BugTraq ID: 20216
Remote: Yes
Last Updated: 2006-12-05
Relevant URL: http://www.securityfocus.com/bid/20216
Summary:
OpenSSH is prone to a remote denial-of-service vulnerability because it fails to properly handle incoming duplicate blocks.

Remote attackers may exploit this issue to consume excessive CPU resources, potentially denying service to legitimate users.

This issue occurs only when OpenSSH is configured to accept SSH Version One traffic.

81. MySQL Query Logging Bypass Vulnerability
BugTraq ID: 16850
Remote: Yes
Last Updated: 2006-12-05
Relevant URL: http://www.securityfocus.com/bid/16850
Summary:
MySQL is susceptible to a query-logging-bypass vulnerability. This issue is due to a discrepancy between the handling of NULL bytes in the 'mysql_real_query()' function and in the query-logging functionality.

This issue allows attackers to bypass the query-logging functionality of the database so they can cause malicious SQL queries to be improperly logged. This may help them hide the traces of their malicious activity from administrators.

This issue affects MySQL version 5.0.18; other versions may also be affected.

82. Portable OpenSSH GSSAPI Remote Code Execution Vulnerability
BugTraq ID: 20241
Remote: Yes
Last Updated: 2006-12-05
Relevant URL: http://www.securityfocus.com/bid/20241
Summary:
Portable OpenSSH is prone to a remote code-execution vulnerability. The issue derives from a race condition in a vulnerable signal handler.

Reportedly, under specific conditions, it is theoretically possible to execute code remotely prior to authentication when GSSAPI authentication is enabled. This has not been confirmed; the chance of a successful exploit of this nature is considered minimal.

On non-Portable OpenSSH implementations, this same race condition can be exploited to cause a pre-authentication denial of service.

This issue occurs when OpenSSH and Portable OpenSSH are configured to accept GSSAPI authentication.

83. L2TPNS Heartbeat Handling Denial of Service Vulnerability
BugTraq ID: 21443
Remote: Yes
Last Updated: 2006-12-05
Relevant URL: http://www.securityfocus.com/bid/21443
Summary:
The l2tpns program is prone to a denial-of-service vulnerability because it fails to properly handle user-supplied data.

Attackers can exploit this issue to crash the affected application, effectively denying service to legitimate users. Attackers may be able to exploit this issue to execute arbitrary code, but this has not been confirmed.

84. OpenSSH SCP Shell Command Execution Vulnerability
BugTraq ID: 16369
Remote: Yes
Last Updated: 2006-12-05
Relevant URL: http://www.securityfocus.com/bid/16369
Summary:
OpenSSH is prone to an SCP shell command-execution vulnerability because the application fails to properly sanitize user-supplied input before using it in a 'system()' function call.

This issue allows attackers to execute arbitrary shell commands with the privileges of users executing a vulnerable version of SCP.

This issue reportedly affects version 4.2 of OpenSSH. Other versions may also be affected.

85. OpenSSH-Portable GSSAPI Authentication Abort Information Disclosure Weakness
BugTraq ID: 20245
Remote: Yes
Last Updated: 2006-12-05
Relevant URL: http://www.securityfocus.com/bid/20245
Summary:
OpenSSH-Portable is prone to an information-disclosure weakness. The issue stems from a GSSAPI authentication abort.

Reportedly, attackers may leverage a GSSAPI authentication abort to determine the presence and validity of usernames on unspecified platforms.

This issue occurs when OpenSSH-Portable is configured to accept GSSAPI authentication.

OpenSSH-Portable 4.3p1 and prior versions exhibit this weakness.

86. Google Search Appliance UTF-7 Cross Site Scripting Vulnerability
BugTraq ID: 21438
Remote: Yes
Last Updated: 2006-12-05
Relevant URL: http://www.securityfocus.com/bid/21438
Summary:
The Google Search Appliance is prone to a cross-site scripting vulnerability because the device fails to handle UTF-7-encoded URIs securely.

Attackers may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

The Google Search Appliance and Google Mini Search Appliance are vulnerable to this issue.

87. Microsoft Internet Explorer Frame Src Denial Of Service Vulnerability
BugTraq ID: 21447
Remote: Yes
Last Updated: 2006-12-05
Relevant URL: http://www.securityfocus.com/bid/21447
Summary:
Microsoft Internet Explorer is prone to a denial-of-service vulnerability because the application fails to handle exceptional conditions.

This issue is triggered when an attacker entices a victim user to visit a malicious website.

Remote attackers may exploit this issue to crash Internet Explorer, effectively denying service to legitimate users.

88. @lex Guestbook Index.PHP Multiple Input Validation Vulnerabilities
BugTraq ID: 21373
Remote: Yes
Last Updated: 2006-12-05
Relevant URL: http://www.securityfocus.com/bid/21373
Summary:
@lex Guestbook is prone to multiple input-validation vulnerabilities because the application fails to properly sanitize user-supplied input.

An attacker may leverage these issues to have arbitrary script code execute in the browser of an unsuspecting user and to retrieve sensitive information. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

Version 4.0.1 is vulnerable to these issues.

89. RETIRED: UApplication UGuestbook Index.ASP SQL Injection Vulnerability
BugTraq ID: 21426
Remote: Yes
Last Updated: 2006-12-05
Relevant URL: http://www.securityfocus.com/bid/21426
Summary:
Uapplication Uguestbook is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.

UPDATE: This BID is being retired because further information shows that the application is not vulnerable to this issue.

90. Apple BOMArchiveHelper Multiple Remote Archive File Vulnerabilities
BugTraq ID: 21446
Remote: Yes
Last Updated: 2006-12-05
Relevant URL: http://www.securityfocus.com/bid/21446
Summary:
The BOMArchiveHelper application is prone to multiple remote vulnerabilities when processing malformed files.

These issues have been shown to crash the application, denying service to legitimate users. Attackers may be able to exploit one or more of these issues to execute code, but this has not been confirmed.

Note that these issues were discovered by using a file-fuzzing application, but have not been researched further. This BID will be updated as more information is released.

91. Paul A. Rombouts PDNSD Unspecified Buffer Overflow Vulnerability
BugTraq ID: 17720
Remote: Yes
Last Updated: 2006-12-05
Relevant URL: http://www.securityfocus.com/bid/17720
Summary:
The pdnsd DNS server is prone to an unspecified buffer-overflow vulnerability. A successful exploit may result in a denial of service or arbitrary code execution.

Details regarding the precise nature of this vulnerability are not currently available. This record will be updated when more information is available.

92. Evolve Shopping Cart products.ASP SQL Injection Vulnerability
BugTraq ID: 21323
Remote: Yes
Last Updated: 2006-12-05
Relevant URL: http://www.securityfocus.com/bid/21323
Summary:
Evolve Shopping Cart is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query.

A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.

UPDATE: The vendor indicates that the application is not vulnerable to this issue.

93. Abarcar Realty Portal Multiple SQL Injection Vulnerabilities
BugTraq ID: 20970
Remote: Yes
Last Updated: 2006-12-05
Relevant URL: http://www.securityfocus.com/bid/20970
Summary:
Abarcar Realty Portal is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in an SQL query.

A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.

94. JustSystems Multiple Products Unspecified Buffer Overflow Vulnerability
BugTraq ID: 21445
Remote: Yes
Last Updated: 2006-12-05
Relevant URL: http://www.securityfocus.com/bid/21445
Summary:
Multiple JustSystems products are prone to a buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data.

A successful attack may allow remote attackers to execute arbitrary code in the context of the vulnerable application. Failed attack attempts may cause denial-of-service conditions.

http://secunia.com/product/12805/

95. Evolve Merchant Viewcart.ASP SQL Injection Vulnerability
BugTraq ID: 21070
Remote: Yes
Last Updated: 2006-12-05
Relevant URL: http://www.securityfocus.com/bid/21070
Summary:
Evolve Merchant is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query.

A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.

96. KOffice PPT Files Integer Overflow Vulnerability
BugTraq ID: 21354
Remote: Yes
Last Updated: 2006-12-05
Relevant URL: http://www.securityfocus.com/bid/21354
Summary:
KOffice is prone to an integer-overflow vulnerability because it fails to properly validate user-supplied data.

An attacker can exploit this vulnerability to execute arbitrary code in the context of the application. Failed exploit attempts will likely cause denial-of-service conditions.

KOffice versions prior to 1.6.1 are affected.

97. FFmpeg Image File Multiple Buffer Overflow Vulnerabilities
BugTraq ID: 20009
Remote: Yes
Last Updated: 2006-12-05
Relevant URL: http://www.securityfocus.com/bid/20009
Summary:
FFmpeg is prone to multiple remote buffer-overflow vulnerabilities because the application using this library fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer.

These issues allow attackers to execute arbitrary machine code within the context of the affected application.

Versions prior to 0.4.9_p20060530 are vulnerable to this issue.

98. Trend Micro OfficeScan Wizard and CgiRemoteInstall Multiple Buffer Overflow Vulnerabilities
BugTraq ID: 21442
Remote: Yes
Last Updated: 2006-12-05
Relevant URL: http://www.securityfocus.com/bid/21442
Summary:
Trend Micro OfficeScan is prone to multiple buffer-overflow vulnerabilities because the application fails to check the size of data in unspecified arguments before copying it into finite-sized internal memory buffers.

An attacker can exploit these issues to execute arbitrary code with administrative privileges within the context of the OfficeScan Server application. This may facilitate the compromise of affected servers.

Trend Micro OfficeScan versions prior to and including 6.5 and 7.3 are confirmed affected by these issues.

99. Nvidia NView Keystone.EXE Local Denial of Service Vulnerability
BugTraq ID: 21260
Remote: No
Last Updated: 2006-12-05
Relevant URL: http://www.securityfocus.com/bid/21260
Summary:
NVIDIA nView is prone to a local denial-of-service vulnerability.

An attacker can exploit this issue to crash the affected computer, denying service to legitimate users.

100. IBM Tivoli Storage Manager Multiple Buffer Overflow Vulnerabilities
BugTraq ID: 21440
Remote: Yes
Last Updated: 2006-12-05
Relevant URL: http://www.securityfocus.com/bid/21440
Summary:
IBM Tivoli Storage Manager is prone to multiple buffer-overflow vulnerabilities because the application fails to check the size of message fields before copying them into finite-sized internal memory buffers.

An attacker can exploit these issues to execute arbitrary code within the context of the Tivoli application. This may facilitate the compromise of affected servers. Authentication is not required to leverage these issues.

Tivoli Storage Manager versions prior to and including 5.2.9 and 5.3.4 are confirmed affected by these issues.

III. SECURITYFOCUS NEWS ARTICLES
--------------------------------
1. MySpace teams to create sex-offender database
By: Robert Lemos
The social networking site has paired up with an ID verification firm to build a national database of convicted sex offenders, a technology the service hopes will enable it to keep predators out of its community.
http://www.securityfocus.com/news/11428

2. Social sites' insecurity increasingly worrisome
By: Robert Lemos
Security issues at MySpace and other sites have raised fears over protecting users against Trojan horse programs masquerading as user-created content.
http://www.securityfocus.com/news/11427

3. Bot spreads through antivirus, Windows flaws
By: Robert Lemos
University campuses are dealing with a spate of infections caused by a bot program that compromises computers running unpatched versions of Windows and an older version of Symantec's antivirus software.
http://www.securityfocus.com/news/11426

4. Viruses go virtual
By: Robert Lemos
Online worlds--from Second Life to the World of Warcraft--pave the way to a virtual future, replete with tailored viruses and digital diseases.
http://www.securityfocus.com/news/11425

IV. SECURITY JOBS LIST SUMMARY
-------------------------------
1. [SJ-JOB] Director, Information Security, New York
http://www.securityfocus.com/archive/77/453661

2. [SJ-JOB] Manager, Information Security, Cheltenham
http://www.securityfocus.com/archive/77/453658

3. [SJ-JOB] Security Engineer, Sydney
http://www.securityfocus.com/archive/77/453659

4. [SJ-JOB] Security Consultant, London
http://www.securityfocus.com/archive/77/453660

5. [SJ-JOB] Penetration Engineer, Rishon LeTzion
http://www.securityfocus.com/archive/77/453662

6. [SJ-JOB] Security Architect, Schaumburg
http://www.securityfocus.com/archive/77/453570

7. [SJ-JOB] Sr. Security Engineer, North Chicago Suburb
http://www.securityfocus.com/archive/77/453578

8. [SJ-JOB] Sr. Security Analyst, Costa Mesa
http://www.securityfocus.com/archive/77/453581

9. [SJ-JOB] Manager, Information Security, Zurich
http://www.securityfocus.com/archive/77/453542

10. [SJ-JOB] Security Engineer, Zurich
http://www.securityfocus.com/archive/77/453541

11. [SJ-JOB] Management, San Diego
http://www.securityfocus.com/archive/77/453476

12. [SJ-JOB] Sales Representative, Miami
http://www.securityfocus.com/archive/77/453477

13. [SJ-JOB] Sr. Security Engineer, Frisco
http://www.securityfocus.com/archive/77/453406

14. [SJ-JOB] Sr. Security Analyst, Gurgaon
http://www.securityfocus.com/archive/77/453407

15. [SJ-JOB] Developer, Dubai
http://www.securityfocus.com/archive/77/453408

16. [SJ-JOB] Manager, Information Security, Dubai
http://www.securityfocus.com/archive/77/453409

17. [SJ-JOB] Sr. Security Analyst, Louisville
http://www.securityfocus.com/archive/77/453154

18. [SJ-JOB] Security Engineer, melbourne
http://www.securityfocus.com/archive/77/453156

19. [SJ-JOB] Sales Representative, Cupertino
http://www.securityfocus.com/archive/77/453153

20. [SJ-JOB] Security Engineer, Columbia
http://www.securityfocus.com/archive/77/453155

21. [SJ-JOB] Technical Support Engineer, Cupertino
http://www.securityfocus.com/archive/77/453157

22. [SJ-JOB] Security Researcher, Rockville
http://www.securityfocus.com/archive/77/453073

23. [SJ-JOB] Security Consultant, Bath & M4 Corridor
http://www.securityfocus.com/archive/77/453074

V. INCIDENTS LIST SUMMARY
---------------------------
1. Thousands of attempts to port 35825 and 11090
http://www.securityfocus.com/archive/75/453547

VI. VULN-DEV RESEARCH LIST SUMMARY
-----------------------------------
VII. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. SecurityFocus Microsoft Newsletter #320
http://www.securityfocus.com/archive/88/453645

2. DNS recursive
http://www.securityfocus.com/archive/88/451486

VIII. SUN FOCUS LIST SUMMARY
----------------------------
IX. LINUX FOCUS LIST SUMMARY
----------------------------
1. Selecting OS for High-availability/mission-critical web portal
http://www.securityfocus.com/archive/91/453320

2. Red Hat vs Debian Linux: overall security
http://www.securityfocus.com/archive/91/452878

3. How to check UID of process on the other side of local TCP/UDP connection
http://www.securityfocus.com/archive/91/452761

X. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to sf-news-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.

XI. SPONSOR INFORMATION
------------------------
This Issue is Sponsored by: Watchfire

https://www.watchfire.com/securearea/appscancamp.aspx?id=701500000008YTx

News

Wednesday, December 06, 2006

SecurityFocus Newsletter #379

No comments:

WINDOWS CENTER

Blog Archive