News

Tuesday, March 20, 2007

SecurityFocus Newsletter #393

SecurityFocus Newsletter #393
----------------------------------------

This Issue is Sponsored by: Black Hat

Attend Black Hat Europe, March 27-30 in Amsterdam, Europe's premier technical event for ICT security experts. Featuring 10 hands-on training courses and 20 Briefings presentations with lots of new content - the best of Black Hat! See security solutions from 8 top sponsors including Microsoft and Google, and network with 400 colleagues from 30 nations. To download the preview program visit www.blackhat.com/html/bh-europe-07/marketing/bh-eu-07-preview-LR.pdf.

For general information or to register visit:

http://www.blackhat.com


------------------------------------------------------------------
I. FRONT AND CENTER
1. Blanket Discovery for Stolen Laptops
2. Notes On Vista Forensics, Part One
II. BUGTRAQ SUMMARY
1. PHP GD Extension Freed Resource Access Code Execution Vulnerability
2. Xen QEMU VNC Server Arbitrary Information Disclosure Vulnerability
3. PHPStats PHP-Stats-Options.PHP Remote Code Execution Vulnerability
4. FrontBase Relational Database Server Procedure Buffer Overflow Vulnerability
5. Apache Tomcat Mod_JK.SO Arbitrary Code Execution Vulnerability
6. Asterisk SIP Channel Driver Remote Denial of Service Vulnerability
7. PragmaMX Landkartenmodule Local File Include Vulnerability
8. Multiple Fujitsu Products File Decryption Information Disclosure Vulnerability
9. Particle Blogger Post.PHP SQL Injection Vulnerability
10. KarjaSoft Sami FTP Server Multiple Buffer Overflow Vulnerabilities
11. Yukihiro Matsumoto Ruby CGI.RB Library Remote Denial Of Service Vulnerability
12. PHPStats Multiple SQL Injection Vulnerabilities
13. Avant Browser Content Type Stack Buffer Overflow Vulnerability
14. SquirrelMail Multiple Cross Site Scripting and Input Validation Vulnerabilities
15. Fetchmail Remote Denial of Service Vulnerability
16. Fetchmail Multiple Password Information Disclosure Vulnerabilities
17. CAPI4Hylafax Remote Arbitrary Command Execution Vulnerability
18. FX-App Multiple HTML Injection Vulnerabilities
19. WBBlog Index.PHP Multiple Input Validation Vulnerabilities
20. Oracle Portal P_OldURL Parameter Cross-Site Scripting Vulnerability
21. Fetchmail Missing Email Header Remote Denial of Service Vulnerability
22. Linux Kernel Get_FDB_Entries Buffer Overflow Vulnerability
23. Linux Kernel Bluetooth CAPI Packet Remote Buffer Overflow Vulnerability
24. Linux Kernel ISDN PPP Remote Denial of Service Vulnerability
25. Linux Kernel ISDN PPP CCP Reset State Timer Denial of Service Vulnerability
26. Linux Kernel USB Driver Data Queue Local Denial of Service Vulnerability
27. Mozilla Firefox Location.Hostname Dom Property Cookie Theft Vulnerability
28. KTorrent Multiple Remote Vulnerabilities
29. TYPOlight Unspecified Vulnerability
30. Cisco 7940/7960 Phone SIP Invite Remote Denial of Service Vulnerability
31. Minerva Forum.PHP SQL Injection Vulnerability
32. LedgerSMB/SQL-Ledger Login Parameter Local File Include And Authentication Bypass Vulnerabilities
33. Computer Associates BrightStor ARCserve Backup LGServer.EXE Denial of Service Variant Vulnerability
34. MetaForum Arbitrary File Upload Vulnerability
35. Atrium Mercur IMap Subscribe Stack Buffer Overflow Vulnerability
36. GnuPG Signed Message Arbitrary Content Injection Weakness
37. PHPX Multiple Input Validation Vulnerabilities
38. PHP-Nuke IFrame Module IFrame.PHP Remote File Include Vulnerability
39. Asterisk SIP Invite Message Remote Denial of Service Vulnerability
40. Guesbara Administrator Password Change Vulnerability
41. LibWPD Library Multiple Buffer Overflow Vulnerabilities
42. CCleague Pro PHP Local File Include Vulnerability
43. Microsoft Windows Shell Hardware Detection Service Privilege Escalation Vulnerability
44. Linux Kernel MinCore User Space Access Locking Local Denial of Service Vulnerability
45. Linux Kernel BINFMT_ELF PT_INTERP Local Information Disclosure Vulnerability
46. NetVios Portal Page.ASP SQL Injection Vulnerability
47. Net Portal Dynamic System Print.PHP SQL Injection Vulnerability
48. Takebishi Electric DeviceXPlorer OPC Server Arbitrary Code Execution Vulnerability
49. Mozilla Firefox/SeaMonkey/Thunderbird Multiple Remote Vulnerabilities
50. MailEnable Append Remote Buffer Overflow Vulnerability
51. Splatt Forum BBCode_Ref.PHP Local File Include Vulnerability
52. Linux Kernel ListXATTR Local Denial of Service Vulnerability
53. Mozilla Firefox OnUnload Memory Corruption Vulnerability
54. Mozilla Firefox Javascript URI Remote Code Execution Vulnerability
55. Mozilla Firefox Popup Blocker Cross Zone Security Bypass Weakness
56. Mozilla Firefox 2 Password Manager Cross-Site Information Disclosure Weakness
57. Mozilla Thunderbird/SeaMonkey/Firefox Multiple Remote Vulnerabilities
58. Intervations FileCopa Unspecified Remote Stack Buffer Overflow Vulnerability
59. W-Agora Multiple Arbitrary File Upload Vulnerabilities
60. WebCalendar IncludeDir Multiple Remote File Include Vulnerabilities
61. GEBlog Index.PHP Local File Include Vulnerability
62. Web Wiz Forums String Filtering SQL Injection Vulnerability
63. FTPDMIN List Command Remote Denial of Service Vulnerability
64. GnuPG Parse_User_ID Remote Buffer Overflow Vulnerability
65. GnuPG Parse_Comment Remote Buffer Overflow Vulnerability
66. GnuPG OpenPGP Packet Processing Function Pointer Overwrite Vulnerability
67. GnuPG Make_Printable_String Remote Buffer Overflow Vulnerability
68. Wordpress PHP_Self Cross-Site Scripting Vulnerability
69. Microsoft Windows Ndistapi Local Privilege Escalation Vulnerability
70. Sun Java RunTime Environment Multiple Buffer Overflow Vulnerabilities
71. Sun Java RunTime Environment GIF Images Buffer Overflow Vulnerability
72. Sun Java Runtime Environment Multiple Remote Privilege Escalation Vulnerabilities
73. PostgreSQL Information Disclosure and Denial of Service Vulnerabilities
74. Linux Kernel Audit Subsystems Local Denial of Service Vulnerability
75. Lookup Insecure Temporary File Creation Vulnerability
76. Katalog Plyt Audio Index.PHP SQL Injection Vulnerability
77. F-Secure Anti-Virus Client Security Local Format String Vulnerability
78. Linux Kernel NFSACL Denial of Service Vulnerability
79. Linux Kernel Key_Alloc_Serial() Local Denial of Service Vulnerability
80. File(1) Command File_PrintF Integer Underflow Vulnerability
81. Interstage Application Server Unspecified Cross Site Scripting Vulnerability
82. Network Audio System Local Privilege Escalation and Denial of Service Vulnerabilities
83. ScriptMagix Lyrics Index.PHP SQL Injection Vulnerability
84. PHP Mb_Parse_Str Function Register_Globals Activation Weakness
85. Multiple ScriptMagix Products Index.PHP SQL Injection Vulnerability
86. Novell NetMail Multiple Buffer Overflow Vulnerabilities
87. ScriptMagix Photo Rating ViewComments.PHP SQL Injection Vulnerability
88. Linux Security Auditing Tool Insecure Temporary File Creation Vulnerability
89. ZZipLib ZZip_Open_Shared_IO Stack Buffer Overflow Vulnerability
90. Trend Micro ServerProtect SPNTSVC.EXE Multiple Stack Buffer Overflow Vulnerabilities
91. OpenSSL PKCS Padding RSA Signature Forgery Vulnerability
92. Fish Multiple Remote Buffer Overflow Vulnerabilities
93. Mozilla Thunderbird/Seamonkey Rich Text Integer Overflow Vulnerability
94. LibVNCServer Remote Authentication Bypass Vulnerability
95. Ulogd Unspecified Buffer Overflow Vulnerability
96. TCPDump IEEE802.11 printer Remote Buffer Overflow Vulnerability
97. PHP Header Function Space Trimming Buffer Overflow Vulnerability
98. Rhapsody IRC Multiple Remote Vulnerabilities
99. Active PHP Bookmarks Head.PHP Remote File Include Vulnerability
100. MPM Chat View.PHP Local File Include Vulnerability
III. SECURITYFOCUS NEWS
1. Anti-spyware bill could mean tougher fines
2. Tor hack proposed to catch criminals
3. Stormy weather for malware defenses
4. Maynor reveals missing Apple flaws
IV. SECURITY JOBS LIST SUMMARY
1. [SJ-JOB] Security Engineer, Herndon
2. [SJ-JOB] Security Architect, London
3. [SJ-JOB] Sr. Security Analyst, Jacksonville
4. [SJ-JOB] Sales Representative, Atlanta
5. [SJ-JOB] Security Product Manager, Mountain View
6. [SJ-JOB] Sales Engineer, Atlanta
7. [SJ-JOB] Security Engineer, Cincinnati
8. [SJ-JOB] Security Consultant, Atlanta
9. [SJ-JOB] Security Architect, Calgary
10. [SJ-JOB] Sales Engineer, Cleveland
11. [SJ-JOB] Quality Assurance, Bangalore
12. [SJ-JOB] Sales Representative, Cleveland
13. [SJ-JOB] Forensics Engineer, East Midlands
14. [SJ-JOB] Manager, Information Security, Jersey Ciry
15. [SJ-JOB] Training / Awareness Specialist, Jersey City
16. [SJ-JOB] Compliance Officer, New York
17. [SJ-JOB] Security Engineer, New York
18. [SJ-JOB] Management, BOSTON
19. [SJ-JOB] Management, San Diego
20. [SJ-JOB] Management, NEW YORK
21. [SJ-JOB] Management, SAN FRANCISCO
22. [SJ-JOB] Security Consultant, San Jose
23. [SJ-JOB] Manager, Information Security, SAN DIEGO
24. [SJ-JOB] Manager, Information Security, BOSTON
25. [SJ-JOB] Management, SAN FRANCISCO
26. [SJ-JOB] Management, NEW YORK
27. [SJ-JOB] Security Engineer, North Chicago
28. [SJ-JOB] Threat Analyst, New York
29. [SJ-JOB] Security Consultant, Merseyside
30. [SJ-JOB] Application Security Engineer, Cleveland
31. [SJ-JOB] VP / Dir / Mgr engineering, New York
32. [SJ-JOB] Security Auditor, New York
33. [SJ-JOB] Security Consultant, Calgary
34. [SJ-JOB] Director, Information Security, New York
35. [SJ-JOB] Security Architect, Leawood
36. [SJ-JOB] Security Consultant, Hyderabad
37. [SJ-JOB] Sr. Security Engineer, Hyderabad
38. [SJ-JOB] Security Engineer, Los Angeles
39. [SJ-JOB] Sr. Security Analyst, Indianapolis
40. [SJ-JOB] Security Architect, Bellevue
41. [SJ-JOB] Security Architect, Atlanta
42. [SJ-JOB] Security Architect, Charlotte
V. INCIDENTS LIST SUMMARY
VI. VULN-DEV RESEARCH LIST SUMMARY
1. TOOL: LLTD implementation in Perl
2. ARCserve msgeng.exe buffer overflow exploit (win2k SP4)
3. MS07-012 Not Fixed
4. newline injection in multipart/form-data
5. A common bug in comment preview that leads to an XSS attack
6. buffer overflow - basic help needed (aleph1)
VII. MICROSOFT FOCUS LIST SUMMARY
1. SecurityFocus Microsoft Newsletter #333
VIII. SUN FOCUS LIST SUMMARY
IX. LINUX FOCUS LIST SUMMARY
X. UNSUBSCRIBE INSTRUCTIONS
XI. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1. Blanket Discovery for Stolen Laptops
By Mark Rasch
Mark Rasch discusses the legal issues behind the discovery and recovery of stolen laptops that use LoJack-style homing devices to announce their location, and the location of the thieves, anywhere in the world.
http://www.securityfocus.com/columnists/438

2. Notes On Vista Forensics, Part One
By Jamie Morris
This article, the first in a two-part series, takes a high level look at what we know now about those changes in Windows Vista which seem likely to have the most impact on computer forensic investigations, starting with the built-in encryption, backup, and system protection features.
http://www.securityfocus.com/infocus/1889


II. BUGTRAQ SUMMARY
--------------------
1. PHP GD Extension Freed Resource Access Code Execution Vulnerability
BugTraq ID: 23046
Remote: No
Last Updated: 2007-03-20
Relevant URL: http://www.securityfocus.com/bid/23046
Summary:
PHP is prone to a locally exploitable arbitrary-code-execution vulnerability. This issue stems from a design error.

This issue affects functions from the GD extension. An attacker can execute arbitrary code by gaining access to freed memory and overwriting it with malicious data.

The researcher responsible for discovering this issue has indicated that other extensions may be vulnerable to this attack as well, but this has not been confirmed.

This issue affects PHP 4.x (4.4.6 and prior) as well as 5.x (5.2.1 and prior).

2. Xen QEMU VNC Server Arbitrary Information Disclosure Vulnerability
BugTraq ID: 22967
Remote: Yes
Last Updated: 2007-03-20
Relevant URL: http://www.securityfocus.com/bid/22967
Summary:
Xen is prone to an unspecified vulnerability that lets attackers obtain arbitrary information. The issue stems from a flaw in the VNC server code in QEMU.

An attacker can exploit this issue to access sensitive information that may aid in further attacks.

3. PHPStats PHP-Stats-Options.PHP Remote Code Execution Vulnerability
BugTraq ID: 23008
Remote: Yes
Last Updated: 2007-03-19
Relevant URL: http://www.securityfocus.com/bid/23008
Summary:
PhpStats is prone to a remote code-execution vulnerability because the application fails to sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary PHP code on an affected computer with the privileges of the webserver process.

This issue affects version 0.1.9.1b; other versions may also be affected.

4. FrontBase Relational Database Server Procedure Buffer Overflow Vulnerability
BugTraq ID: 23007
Remote: Yes
Last Updated: 2007-03-19
Relevant URL: http://www.securityfocus.com/bid/23007
Summary:
FrontBase Relational Database Server is prone to a remote stack-based buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer.

Attackers must have permission to create SQL-procedures requests.

Exploiting this issue allows attackers to execute arbitrary machine code with superuser or SYSTEM-Level privileges. This will result in a complete compromise of affected computers. Failed exploit attempts will likely result in denial-of-service conditions.

This issue affects FrontBase 4.2.7 and prior versions.

5. Apache Tomcat Mod_JK.SO Arbitrary Code Execution Vulnerability
BugTraq ID: 22791
Remote: Yes
Last Updated: 2007-03-19
Relevant URL: http://www.securityfocus.com/bid/22791
Summary:
Apache Tomcat is prone to a vulnerability that will allow remote attackers to execute arbitrary code on an affected computer. A successful attack may result in a complete compromise.

6. Asterisk SIP Channel Driver Remote Denial of Service Vulnerability
BugTraq ID: 22838
Remote: Yes
Last Updated: 2007-03-19
Relevant URL: http://www.securityfocus.com/bid/22838
Summary:
Asterisk is prone to a remote denial-of-service vulnerability.

Exploiting this issue allows remote attackers to cause the application to crash, effectively denying service to legitimate users.

Asterisk versions prior to 1.2.16 and 1.4.1 are vulnerable to this issue.

7. PragmaMX Landkartenmodule Local File Include Vulnerability
BugTraq ID: 23044
Remote: Yes
Last Updated: 2007-03-19
Relevant URL: http://www.securityfocus.com/bid/23044
Summary:
PragmaMX Landkartenmodule is prone to a local file-include vulnerability because the application fails to sanitize user-supplied input.

A successful exploit would allow an attacker to view files and execute arbitrary local scripts within the context of the webserver.

This issue affects PragmaMX Landkartenmodule version 2.1; other versions may also be affected.

8. Multiple Fujitsu Products File Decryption Information Disclosure Vulnerability
BugTraq ID: 23001
Remote: Yes
Last Updated: 2007-03-16
Relevant URL: http://www.securityfocus.com/bid/23001
Summary:
Multiple Fujitsu Products are prone to an information-disclosure vulnerability.

An attacker can exploit this issue to access sensitive information that may aid in further attacks.

This issue affects multiple versions of Systemwalker Desktop Encryption and FENCE-Pro applications.

9. Particle Blogger Post.PHP SQL Injection Vulnerability
BugTraq ID: 23005
Remote: Yes
Last Updated: 2007-03-16
Relevant URL: http://www.securityfocus.com/bid/23005
Summary:
Particle Blogger is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.

10. KarjaSoft Sami FTP Server Multiple Buffer Overflow Vulnerabilities
BugTraq ID: 22045
Remote: Yes
Last Updated: 2007-03-16
Relevant URL: http://www.securityfocus.com/bid/22045
Summary:
Sami FTP Server is prone to multiple stack-overflow vulnerabilities.

A successful exploit may lead to remote arbitrary code execution with the privileges of the server, facilitating remote compromise of affected computers.

Sami FTP Server version 2.0.2 is vulnerable to these issues; other versions may also be affected.

11. Yukihiro Matsumoto Ruby CGI.RB Library Remote Denial Of Service Vulnerability
BugTraq ID: 21441
Remote: Yes
Last Updated: 2007-03-16
Relevant URL: http://www.securityfocus.com/bid/21441
Summary:
Ruby is prone to a remote denial-of-service vulnerability because the application's CGI library fails to properly handle specially crafted HTTP requests.

Successful exploits may allow remote attackers to cause denial-of-service conditions on computers running the affected Ruby CGI library.

12. PHPStats Multiple SQL Injection Vulnerabilities
BugTraq ID: 23003
Remote: Yes
Last Updated: 2007-03-16
Relevant URL: http://www.securityfocus.com/bid/23003
Summary:
Php-Stats is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in an SQL query.

A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.

This issue affects version 0.1.9.1b; prior versions may also be affected.

13. Avant Browser Content Type Stack Buffer Overflow Vulnerability
BugTraq ID: 23002
Remote: Yes
Last Updated: 2007-03-16
Relevant URL: http://www.securityfocus.com/bid/23002
Summary:
Avant Browser is prone to a remote stack-based buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer.

Exploiting this issue allows attackers to execute arbitrary machine code in the context of the affected application.

Avant Browser 9.02 build 17 is vulnerable; other versions may also be affected.

14. SquirrelMail Multiple Cross Site Scripting and Input Validation Vulnerabilities
BugTraq ID: 21414
Remote: Yes
Last Updated: 2007-03-16
Relevant URL: http://www.securityfocus.com/bid/21414
Summary:
SquirrelMail is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.

Exploiting these issues could allow an attacker to steal cookie-based authentication credentials and to launch other attacks.

Versions prior to 1.4.9a are vulnerable.

15. Fetchmail Remote Denial of Service Vulnerability
BugTraq ID: 21902
Remote: Yes
Last Updated: 2007-03-16
Relevant URL: http://www.securityfocus.com/bid/21902
Summary:
Fetchmail is prone to a denial-of-service vulnerability because the application fails to handle exceptional conditions.

An attacker can exploit this issue to crash the affected application, denying service to legitimate users.

16. Fetchmail Multiple Password Information Disclosure Vulnerabilities
BugTraq ID: 21903
Remote: Yes
Last Updated: 2007-03-16
Relevant URL: http://www.securityfocus.com/bid/21903
Summary:
Fetchmail is prone to multiple information-disclosure vulnerabilities because the application discloses information about user passwords.

An attacker can exploit these issue to access sensitive information that may aid the attacker in other attacks.

These issues affect versions prior to 6.3.6-rc4

17. CAPI4Hylafax Remote Arbitrary Command Execution Vulnerability
BugTraq ID: 19801
Remote: Yes
Last Updated: 2007-03-16
Relevant URL: http://www.securityfocus.com/bid/19801
Summary:
CAP4Hylafax is prone to an arbitrary command-execution vulnerability.

An attacker can exploit this vulnerability to execute arbitrary commands in the context of the affected application.

18. FX-App Multiple HTML Injection Vulnerabilities
BugTraq ID: 18361
Remote: Yes
Last Updated: 2007-03-16
Relevant URL: http://www.securityfocus.com/bid/18361
Summary:
fx-APP is prone to multiple HTML-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in dynamically generated content.

Attacker-supplied HTML and script code would execute in the context of the affected website, potentially allowing an attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user; other attacks are also possible.

19. WBBlog Index.PHP Multiple Input Validation Vulnerabilities
BugTraq ID: 22998
Remote: Yes
Last Updated: 2007-03-16
Relevant URL: http://www.securityfocus.com/bid/22998
Summary:
WBBlog is prone to multiple input-validation vulnerabilities, including an SQL-injection issue and a cross-site scripting issue, because it fails to sufficiently sanitize user-supplied data.

Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.

20. Oracle Portal P_OldURL Parameter Cross-Site Scripting Vulnerability
BugTraq ID: 22999
Remote: Yes
Last Updated: 2007-03-16
Relevant URL: http://www.securityfocus.com/bid/22999
Summary:
Oracle Portal is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

21. Fetchmail Missing Email Header Remote Denial of Service Vulnerability
BugTraq ID: 15987
Remote: Yes
Last Updated: 2007-03-16
Relevant URL: http://www.securityfocus.com/bid/15987
Summary:
Fetchmail is affected by a remote denial-of-service vulnerability. This issue is due to the application's failure to handle unexpected input. This issue occurs only when Fetchmail is configured in 'multidrop' mode.

22. Linux Kernel Get_FDB_Entries Buffer Overflow Vulnerability
BugTraq ID: 21353
Remote: Yes
Last Updated: 2007-03-16
Relevant URL: http://www.securityfocus.com/bid/21353
Summary:
The Linux kernel is prone to a buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it to an insufficiently sized memory buffer.

Attackers may potentially exploit this issue to execute arbitrary code within the context of the affected kernel, but this has not been confirmed. Successfully exploiting this issue would cause the complete compromise of the affected computer.

Little information is currently known about this vulnerability. Since the affected function is in the network-bridging code, remote attacks may be possible.

23. Linux Kernel Bluetooth CAPI Packet Remote Buffer Overflow Vulnerability
BugTraq ID: 21604
Remote: Yes
Last Updated: 2007-03-16
Relevant URL: http://www.securityfocus.com/bid/21604
Summary:
The Linux kernel is prone to a remote buffer-overflow vulnerability because the kernel fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.

An attacker may exploit this issue to execute arbitrary code with kernel-level privileges, facilitating the complete compromise of affected computers. Failed exploit attempts will result in denial-of-service conditions.

Versions prior to 2.4.33.5 are vulnerable to this issue.

24. Linux Kernel ISDN PPP Remote Denial of Service Vulnerability
BugTraq ID: 21835
Remote: Yes
Last Updated: 2007-03-16
Relevant URL: http://www.securityfocus.com/bid/21835
Summary:
The Linux kernel is prone to a denial-of-service vulnerability.

An attacker can exploit this issue to cause an affected kernel to crash, effectively denying service to legitimate users.

Versions prior to 2.4.34 are vulnerable to this issue.

25. Linux Kernel ISDN PPP CCP Reset State Timer Denial of Service Vulnerability
BugTraq ID: 21883
Remote: No
Last Updated: 2007-03-16
Relevant URL: http://www.securityfocus.com/bid/21883
Summary:
The Linux kernel is prone to a denial-of-service vulnerability because it fails to handle exceptional conditions.

An attacker can exploit this issue to crash the affected kernel, denying service to legitimate users.

26. Linux Kernel USB Driver Data Queue Local Denial of Service Vulnerability
BugTraq ID: 19033
Remote: No
Last Updated: 2007-03-16
Relevant URL: http://www.securityfocus.com/bid/19033
Summary:
The Linux kernel is prone to a local denial-of-service vulnerability. This issue is due to a design error in the USB FTDI SIO driver.

This vulnerability allows local users to consume all available memory resources, denying further service to legitimate users.

This issue affects Linux kernel versions prior to 2.6.16.27.

27. Mozilla Firefox Location.Hostname Dom Property Cookie Theft Vulnerability
BugTraq ID: 22566
Remote: Yes
Last Updated: 2007-03-20
Relevant URL: http://www.securityfocus.com/bid/22566
Summary:
Mozilla Firefox is prone to a vulnerability that allows attackers to steal cookies. This issue occurs because the application fails to sufficiently sanitize user-supplied input.

An attacker can exploit this issue to manipulate cookie-based authentication credentials for third-party web pages or to control how the site is rendered to the user. Exploiting this issue may allow the attacker to bypass the same-origin policy for cross-window/cross-frame data access; other attacks are also possible.

This issue affects version 2.0.0.1; prior versions may also be affected.

28. KTorrent Multiple Remote Vulnerabilities
BugTraq ID: 22930
Remote: Yes
Last Updated: 2007-03-20
Relevant URL: http://www.securityfocus.com/bid/22930
Summary:
KTorrent is prone to multiple remote vulnerabilities, including a directory-traversal vulnerability and an unspecified vulnerability when processing messages with invalid chunk indexes.

Very little information is known about one of these issues. This BID will be updated as soon as more information becomes available.

An attacker can exploit the directory-traversal issue to overwrite arbitrary files on the user's system. Presumably, the unspecified vulnerability when processing messages with invalid chunk indexes will allow attackers to execute arbitrary code or to cause a denial of service, but this has not been confirmed.

Versions prior to 2.1.2 are vulnerable to these issues.

29. TYPOlight Unspecified Vulnerability
BugTraq ID: 23048
Remote: Yes
Last Updated: 2007-03-20
Relevant URL: http://www.securityfocus.com/bid/23048
Summary:
TYPOlight is prone to an unspecified vulnerability.

Currently, very little is known about this issue. This BID will be updated as more information becomes available.

Versions prior to 2.2 Build 5 (2007-03-19) are vulnerable.

30. Cisco 7940/7960 Phone SIP Invite Remote Denial of Service Vulnerability
BugTraq ID: 23047
Remote: Yes
Last Updated: 2007-03-20
Relevant URL: http://www.securityfocus.com/bid/23047
Summary:
Cisco 7940/7960 phones are prone to a remote denial-of-service vulnerability.

Exploiting this issue allows remote attackers to cause the device to reboot, effectively denying service to legitimate users.

31. Minerva Forum.PHP SQL Injection Vulnerability
BugTraq ID: 23036
Remote: Yes
Last Updated: 2007-03-20
Relevant URL: http://www.securityfocus.com/bid/23036
Summary:
Minerva is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.

Minerva 2.0.21 build 238a and prior versions are vulnerable; other versions may also be affected.

32. LedgerSMB/SQL-Ledger Login Parameter Local File Include And Authentication Bypass Vulnerabilities
BugTraq ID: 23034
Remote: Yes
Last Updated: 2007-03-20
Relevant URL: http://www.securityfocus.com/bid/23034
Summary:
LedgerSMB/SQL-Ledger are prone to a local file-include vulnerability because the application fails to sufficiently sanitize user-supplied input. SQL-Ledger is also prone to an authentication-bypass vulnerability.

A successful exploit would allow an attacker to view files and execute arbitrary local scripts within the context of the webserver and potentially gain unauthorized access to the affected application.

Note that the authentication-bypass issue affects only SQL-Ledger.

These issues affect LedgerSMB prior to 1.1.10 and SQL-Ledger prior to 2.6.27.

33. Computer Associates BrightStor ARCserve Backup LGServer.EXE Denial of Service Variant Vulnerability
BugTraq ID: 22337
Remote: Yes
Last Updated: 2007-03-20
Relevant URL: http://www.securityfocus.com/bid/22337
Summary:
Computer Associates BrightStor ARCserve Backup is prone to a remote denial-of-service vulnerability because the application fails to handle specially crafted TCP packets.

An attacker can exploit this issue to crash the affected processes, denying service to legitimate users.

34. MetaForum Arbitrary File Upload Vulnerability
BugTraq ID: 23032
Remote: Yes
Last Updated: 2007-03-20
Relevant URL: http://www.securityfocus.com/bid/23032
Summary:
MetaForum is prone to an arbitrary-file-upload vulnerability.

An attacker can exploit this vulnerability to upload PHP script code and execute it in the context of the webserver process.

MetaForum version 0.513 Beta is vulnerable.

35. Atrium Mercur IMap Subscribe Stack Buffer Overflow Vulnerability
BugTraq ID: 23050
Remote: Yes
Last Updated: 2007-03-20
Relevant URL: http://www.securityfocus.com/bid/23050
Summary:
Mercur IMAP is prone to a stack-based buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data before copying it to an insufficiently sized memory buffer.

Currently there are few technical details regarding this issue. This BID will be updated as further information becomes available.

This issue may be related to BID 7842 (Atrium Software Mercur Mailserver IMAP Remote Buffer Overflow Vulnerability).

An attacker may exploit this issue to execute arbitrary machine code in the context of the user running the application. Failed exploit attempts will likely result in denial-of-service conditions.

36. GnuPG Signed Message Arbitrary Content Injection Weakness
BugTraq ID: 22757
Remote: Yes
Last Updated: 2007-03-20
Relevant URL: http://www.securityfocus.com/bid/22757
Summary:
GnuPG is prone to a weakness that may allow an attacker to add arbitrary content into a message without the end user knowing.

An attacker may be able to exploit this issue in applications using GnuPG to add arbitrary content into a signed and/or encrypted message.

Exploiting this issue depends on the individual application's use of GnuPG. Individual records will be created detailing this issue in affected applications.

37. PHPX Multiple Input Validation Vulnerabilities
BugTraq ID: 23033
Remote: Yes
Last Updated: 2007-03-20
Relevant URL: http://www.securityfocus.com/bid/23033
Summary:
PHPX is prone to multiple input-validation vulnerabilities because the application fails to properly sanitize user-supplied input.

Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, execute arbitrary script code in the context of the webserver process, compromise the application, obtain sensitive information, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.

38. PHP-Nuke IFrame Module IFrame.PHP Remote File Include Vulnerability
BugTraq ID: 23038
Remote: Yes
Last Updated: 2007-03-20
Relevant URL: http://www.securityfocus.com/bid/23038
Summary:
The PHP-Nuke iframe module is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data.

Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible.

39. Asterisk SIP Invite Message Remote Denial of Service Vulnerability
BugTraq ID: 23031
Remote: Yes
Last Updated: 2007-03-20
Relevant URL: http://www.securityfocus.com/bid/23031
Summary:
Asterisk is prone to a remote denial-of-service vulnerability.

Exploiting this issue allows remote attackers to cause the application to crash, effectively denying service to legitimate users.

40. Guesbara Administrator Password Change Vulnerability
BugTraq ID: 23029
Remote: Yes
Last Updated: 2007-03-20
Relevant URL: http://www.securityfocus.com/bid/23029
Summary:
Guesbara is prone to a vulnerability that may permit attackers to change the administrative
password.

Exploiting this issue may allow an attacker to gain administrative access to the affected application. Successful exploits will result in a complete compromise of the application.

41. LibWPD Library Multiple Buffer Overflow Vulnerabilities
BugTraq ID: 23006
Remote: Yes
Last Updated: 2007-03-20
Relevant URL: http://www.securityfocus.com/bid/23006
Summary:
The libwpd library is prone to multiple buffer-overflow vulnerabilities because it fails to adequately check boundaries on user-supplied input.

A successful exploit could let a remote attacker execute arbitrary code in the context of an application using the affected library.

Version 0.8.7 is vulnerable; other versions prior to 0.8.9 may also be affected.

42. CCleague Pro PHP Local File Include Vulnerability
BugTraq ID: 19924
Remote: Yes
Last Updated: 2007-03-20
Relevant URL: http://www.securityfocus.com/bid/19924
Summary:
CCleague Pro is prone to a local file-include vulnerability because it fails to sufficiently sanitize user-supplied data.

Exploiting this issue may allow an attacker to access sensitive information and to execute local script code in the context of the application; this may facilitate other attacks against the affected computer and its users.

Version 1.0.1 RC1 is vulnerable; other versions may also be affected.

43. Microsoft Windows Shell Hardware Detection Service Privilege Escalation Vulnerability
BugTraq ID: 22481
Remote: No
Last Updated: 2007-03-20
Relevant URL: http://www.securityfocus.com/bid/22481
Summary:
Microsoft Windows is prone to a local privilege-escalation vulnerability due to a lack of proper input validation.

A local attacker can exploit this issue to elevate user privileges. Successful exploits will result in the complete compromise of vulnerable computers.

44. Linux Kernel MinCore User Space Access Locking Local Denial of Service Vulnerability
BugTraq ID: 21663
Remote: No
Last Updated: 2007-03-20
Relevant URL: http://www.securityfocus.com/bid/21663
Summary:
The Linux Kernel is prone to a denial-of-service vulnerability due to a design error.

A local attacker can exploit this issue to cause the kernel to become unresponsive, denying further service to legitimate users.

Linux Kernel versions prior to 2.4.33.6 are vulnerable.

45. Linux Kernel BINFMT_ELF PT_INTERP Local Information Disclosure Vulnerability
BugTraq ID: 22903
Remote: No
Last Updated: 2007-03-20
Relevant URL: http://www.securityfocus.com/bid/22903
Summary:
The Linux kernel is prone to a vulnerability in the Linux ELF binary loader. Exploiting this issue can allow local attackers to gain access to privileged information.

An attacker may be able to obtain sensitive data that can potentially be used to gain elevated privileges.

This issue is a variant of the vulnerability assigned CVE candidate ID CAN-2004-1073, which is documented in BID 11646.

Linux Kernel versions in the 2.6.0 branch prior to 2.6.20 are vulnerable; versions in the 2.4.0 branch may also be affected.

46. NetVios Portal Page.ASP SQL Injection Vulnerability
BugTraq ID: 23045
Remote: Yes
Last Updated: 2007-03-20
Relevant URL: http://www.securityfocus.com/bid/23045
Summary:
NetVios Portal is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.

The affected versions are currently unknown. This BID will be updated when additional information emerges.

47. Net Portal Dynamic System Print.PHP SQL Injection Vulnerability
BugTraq ID: 23041
Remote: Yes
Last Updated: 2007-03-20
Relevant URL: http://www.securityfocus.com/bid/23041
Summary:
Net Portal Dynamic System is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.

Net Portal Dynamic System 5.10 and prior versions are vulnerable.

48. Takebishi Electric DeviceXPlorer OPC Server Arbitrary Code Execution Vulnerability
BugTraq ID: 23037
Remote: Yes
Last Updated: 2007-03-20
Relevant URL: http://www.securityfocus.com/bid/23037
Summary:
Takebishi Electric DeviceXPlorer is prone to a vulnerability that will allow remote attackers to execute arbitrary code on an affected computer.

Successful exploits will allow attacker-supplied arbitrary code to runin the context of the affected server. Failed exploit attempts will likely cause denial-of-service conditions.

49. Mozilla Firefox/SeaMonkey/Thunderbird Multiple Remote Vulnerabilities
BugTraq ID: 21668
Remote: Yes
Last Updated: 2007-03-20
Relevant URL: http://www.securityfocus.com/bid/21668
Summary:
The Mozilla Foundation has released nine security advisories specifying vulnerabilities in Firefox, SeaMonkey, and Thunderbird.

These vulnerabilities allow attackers to:

- execute arbitrary code
- perform cross-site scripting attacks
- inject arbitrary content
- gain escalated privileges
- crash affected applications and potentially execute arbitrary code.

Other attacks may also be possible.

50. MailEnable Append Remote Buffer Overflow Vulnerability
BugTraq ID: 22792
Remote: Yes
Last Updated: 2007-03-20
Relevant URL: http://www.securityfocus.com/bid/22792
Summary:
MailEnable is prone to a buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data.

An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.

51. Splatt Forum BBCode_Ref.PHP Local File Include Vulnerability
BugTraq ID: 23035
Remote: Yes
Last Updated: 2007-03-20
Relevant URL: http://www.securityfocus.com/bid/23035
Summary:
Splatt Forum is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.

Exploiting this issue may allow an unauthorized user to view files and execute local scripts.

Version 4.0 RC1 is vulnerable; other versions may also be affected.

52. Linux Kernel ListXATTR Local Denial of Service Vulnerability
BugTraq ID: 22316
Remote: No
Last Updated: 2007-03-20
Relevant URL: http://www.securityfocus.com/bid/22316
Summary:
The Linux Kernel is prone to a denial-of-service vulnerability.

Successful exploits will result in denial-of-service conditions or potentially privilege escalation.

53. Mozilla Firefox OnUnload Memory Corruption Vulnerability
BugTraq ID: 22679
Remote: Yes
Last Updated: 2007-03-20
Relevant URL: http://www.securityfocus.com/bid/22679
Summary:
Mozilla Firefox is prone to a remote memory-corruption vulnerability.

Successfully exploiting this issue may allow remote attackers to execute arbitrary machine code in the context of the affected application. This could facilitate the remote compromise of affected computers.

Mozilla Firefox version 2.0.0.1 is vulnerable to this issue; other versions are also likely affected.

54. Mozilla Firefox Javascript URI Remote Code Execution Vulnerability
BugTraq ID: 22826
Remote: Yes
Last Updated: 2007-03-20
Relevant URL: http://www.securityfocus.com/bid/22826
Summary:
Mozilla Firefox is prone to a remote code-execution vulnerability due to a design error.

Attackers may exploit this issue by enticing victims into visiting a malicious site.

Successful exploits may allow an attacker to crash the application or execute arbitrary code in the context of the affected application.

55. Mozilla Firefox Popup Blocker Cross Zone Security Bypass Weakness
BugTraq ID: 22396
Remote: Yes
Last Updated: 2007-03-20
Relevant URL: http://www.securityfocus.com/bid/22396
Summary:
Mozilla Firefox is prone to a cross-zone security-bypass weakness. This issue allows attackers to open 'file://' URIs from remote websites.

By exploiting this issue in conjunction with other weaknesses or vulnerabilities, attackers may be able to execute arbitrary script code with the elevated privileges that are granted to scripts when they are executed from local sources.

Mozilla Firefox 1.5.0.9 is affected by this issue; other versions may be affected as well.

56. Mozilla Firefox 2 Password Manager Cross-Site Information Disclosure Weakness
BugTraq ID: 21240
Remote: Yes
Last Updated: 2007-03-20
Relevant URL: http://www.securityfocus.com/bid/21240
Summary:
Mozilla Firefox is reportedly prone to an information-disclosure weakness because it fails to properly notify users of the automatic population of form fields in disparate URLs deriving from the same domain.

Exploiting this issue may allow attackers to obtain user credentials that have been saved in forms deriving from the same website where attack code resides. The most common manifestation of this condition would typically be in blogs or forums. This may allow attackers to access potentially sensitive information that would facilitate the success of phishing attacks.

Initial reports and preliminary testing indicate that this issue affects only Firefox 2.

57. Mozilla Thunderbird/SeaMonkey/Firefox Multiple Remote Vulnerabilities
BugTraq ID: 22694
Remote: Yes
Last Updated: 2007-03-20
Relevant URL: http://www.securityfocus.com/bid/22694
Summary:
The Mozilla Foundation has released six security advisories specifying vulnerabilities in Firefox, SeaMonkey, and Thunderbird.

These vulnerabilities allow attackers to:

- Execute arbitrary code
- Cause denial-of-service conditions
- Perform cross-site scripting attacks
- Obtain potentially sensitive information
- Spoof legitimate content

Other attacks may also be possible.

58. Intervations FileCopa Unspecified Remote Stack Buffer Overflow Vulnerability
BugTraq ID: 23056
Remote: Yes
Last Updated: 2007-03-20
Relevant URL: http://www.securityfocus.com/bid/23056
Summary:
FileCopa is prone to a buffer-overflow vulnerability because it fails to adequately bounds check user supplied data before copying it to an insufficiently sized buffer.

An attacker can exploit this issue to execute arbitrary code in the context of the application. Fails attempts may cause denial-of-service conditions.

59. W-Agora Multiple Arbitrary File Upload Vulnerabilities
BugTraq ID: 23055
Remote: Yes
Last Updated: 2007-03-20
Relevant URL: http://www.securityfocus.com/bid/23055
Summary:
w-agora is prone to multiple arbitrary file-upload vulnerabilities.

An attacker can exploit these vulnerabilities to upload PHP script code and execute it in the context of the webserver process.

w-agora version 4.2.1 is vulnerable.

60. WebCalendar IncludeDir Multiple Remote File Include Vulnerabilities
BugTraq ID: 23054
Remote: Yes
Last Updated: 2007-03-20
Relevant URL: http://www.securityfocus.com/bid/23054
Summary:
WebCalendar is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data.

Exploiting these issues may allow an attacker to compromise the application and the underlying system; other attacks are also possible.

Versions prior to 1.0.4 are vulnerable to these issues.

61. GEBlog Index.PHP Local File Include Vulnerability
BugTraq ID: 23052
Remote: Yes
Last Updated: 2007-03-20
Relevant URL: http://www.securityfocus.com/bid/23052
Summary:
GeBlog is prone to a local file-include vulnerability because it fails to sufficiently sanitize user-supplied data.

Exploiting this issue may allow an attacker to access sensitive information and to execute local script code in the context of the application; this may facilitate other attacks against the affected computer.

GeBlog version 0.1 is vulnerable; other versions may also be affected.

62. Web Wiz Forums String Filtering SQL Injection Vulnerability
BugTraq ID: 23051
Remote: Yes
Last Updated: 2007-03-20
Relevant URL: http://www.securityfocus.com/bid/23051
Summary:
Web Wiz Forums is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.

The affected versions are currently unknown. This BID will be updated when additional information emerges.

This issue affects versions prior to 8.05a; other versions may also be affected.

63. FTPDMIN List Command Remote Denial of Service Vulnerability
BugTraq ID: 23049
Remote: Yes
Last Updated: 2007-03-20
Relevant URL: http://www.securityfocus.com/bid/23049
Summary:
FTPDMIN is prone to a remote denial-of-service vulnerability because the application fails to handle exceptional conditions.

Successfully exploiting this issue would cause the affected application to crash, denying service to legitimate users.

This issue affects version 0.96; other versions may also be affected.

64. GnuPG Parse_User_ID Remote Buffer Overflow Vulnerability
BugTraq ID: 18554
Remote: Yes
Last Updated: 2007-03-19
Relevant URL: http://www.securityfocus.com/bid/18554
Summary:
GnuPG is prone to a remote buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer.

This issue may allow remote attackers to execute arbitrary machine code in the context of the affected application, but this has not been confirmed.

GnuPG versions 1.4.3 and 1.9.20 are vulnerable to this issue; previous versions may also be affected.

65. GnuPG Parse_Comment Remote Buffer Overflow Vulnerability
BugTraq ID: 19110
Remote: Yes
Last Updated: 2007-03-19
Relevant URL: http://www.securityfocus.com/bid/19110
Summary:
GnuPG is prone to a remote buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer.

This issue may allow remote attackers to execute arbitrary machine code in the context of the affected application, but this has not been confirmed.

GnuPG version 1.4.4 is vulnerable to this issue; previous versions may also be affected.

66. GnuPG OpenPGP Packet Processing Function Pointer Overwrite Vulnerability
BugTraq ID: 21462
Remote: Yes
Last Updated: 2007-03-19
Relevant URL: http://www.securityfocus.com/bid/21462
Summary:
GnuPG is prone to a vulnerability that could permit an attacker to overwrite a function pointer.

This issue occurs because of a design error when dealing with OpenPGP packets. Attackers may exploit this issue to execute arbitrary code.

Successful exploits may result in the remote compromise of computers using the vulnerable application.

67. GnuPG Make_Printable_String Remote Buffer Overflow Vulnerability
BugTraq ID: 21306
Remote: Yes
Last Updated: 2007-03-19
Relevant URL: http://www.securityfocus.com/bid/21306
Summary:
GnuPG is prone to a remote buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer.

Exploiting this issue may allow remote attackers to execute arbitrary machine code in the context of the affected application, but this has not been confirmed.

GnuPG versions 1.4.5 and 2.0.0 are vulnerable to this issue; previous versions may also be affected.

68. Wordpress PHP_Self Cross-Site Scripting Vulnerability
BugTraq ID: 23027
Remote: Yes
Last Updated: 2007-03-19
Relevant URL: http://www.securityfocus.com/bid/23027
Summary:
Wordpress is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

69. Microsoft Windows Ndistapi Local Privilege Escalation Vulnerability
BugTraq ID: 23025
Remote: No
Last Updated: 2007-03-19
Relevant URL: http://www.securityfocus.com/bid/23025
Summary:
Microsoft Windows is prone to a local privilege-escalation vulnerability.

An attacker may exploit this issue to execute arbitrary machine code with Dispatch-level privileges or potentially crash the affected computer.

70. Sun Java RunTime Environment Multiple Buffer Overflow Vulnerabilities
BugTraq ID: 21675
Remote: No
Last Updated: 2007-03-19
Relevant URL: http://www.securityfocus.com/bid/21675
Summary:
The Java Runtime Environment is prone to multiple buffer-overflow vulnerabilities the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.

A local attacker can exploit these issues to execute arbitrary code with administrative privileges. A successful exploit attempt will lead to the complete compromise of affected computers. Failed exploit attempts will result in a denial of service.

71. Sun Java RunTime Environment GIF Images Buffer Overflow Vulnerability
BugTraq ID: 22085
Remote: Yes
Last Updated: 2007-03-19
Relevant URL: http://www.securityfocus.com/bid/22085
Summary:
The Java Runtime Environment is prone to a buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized memory buffer.

An attacker may exploit this issue by enticing a victim into opening a maliciously crafted Java applet.

The attacker can exploit these issues to execute arbitrary code with the privileges of the victim. Failed exploit attempts will likely result in denial-of-service conditions.

This issue is being tracked by BugID: 6445518

72. Sun Java Runtime Environment Multiple Remote Privilege Escalation Vulnerabilities
BugTraq ID: 21673
Remote: Yes
Last Updated: 2007-03-19
Relevant URL: http://www.securityfocus.com/bid/21673
Summary:
The Sun Java Runtime Environment is prone to multiple remote privilege-escalation vulnerabilities.

An attacker can execute arbitrary code and commands in the context of a user who invokes the Java applet or application.

A successful attack can facilitate privilege escalation.

73. PostgreSQL Information Disclosure and Denial of Service Vulnerabilities
BugTraq ID: 22387
Remote: Yes
Last Updated: 2007-03-19
Relevant URL: http://www.securityfocus.com/bid/22387
Summary:
PostgreSQL is prone to information-disclosure and denial-of-service vulnerabilities; fixes are available.

An attacker can exploit these vulnerabilities to cause the backend database to crash and reveal sensitive information. This may lead to other attacks.

These issues affect versions 8.0, 8.1, and 8.2. The second issue described also affects version 7.3 and 7.4.

74. Linux Kernel Audit Subsystems Local Denial of Service Vulnerability
BugTraq ID: 22737
Remote: No
Last Updated: 2007-03-19
Relevant URL: http://www.securityfocus.com/bid/22737
Summary:
The Linux Kernel is prone to a denial-of-service vulnerability.

A local attacker can exploit this issue to crash the kernel.

Linux kernel versions 2.6.x are vulnerable to this issue.

75. Lookup Insecure Temporary File Creation Vulnerability
BugTraq ID: 23026
Remote: No
Last Updated: 2007-03-19
Relevant URL: http://www.securityfocus.com/bid/23026
Summary:
Lookup creates temporary files in an insecure manner.

An attacker with local access could potentially exploit this issue to perform symlink attacks, overwriting arbitrary files in the context of the affected application.

Successfully exploiting a symlink attack may allow the attacker to overwrite or corrupt sensitive files. This may result in a denial of service; other attacks may also be possible.

Lookup version 1.4 is vulnerable to this issue; other versions may also be affected.

76. Katalog Plyt Audio Index.PHP SQL Injection Vulnerability
BugTraq ID: 23024
Remote: Yes
Last Updated: 2007-03-19
Relevant URL: http://www.securityfocus.com/bid/23024
Summary:
Katalog Plyt Audio is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.

Katalog Plyt Audio 1.0 and prior versions are vulnerable.

77. F-Secure Anti-Virus Client Security Local Format String Vulnerability
BugTraq ID: 23023
Remote: No
Last Updated: 2007-03-19
Relevant URL: http://www.securityfocus.com/bid/23023
Summary:
F-Secure Anti-Virus Client Security is prone to a format-string vulnerability because it fails to properly sanitize user-supplied input before using it in the format-specifier argument to a formatted-printing function.

Successfully exploiting this vulnerability may allow an attacker to access sensitive process memory or to crash the application. Code execution may potentially be possible, but this has not been confirmed.

78. Linux Kernel NFSACL Denial of Service Vulnerability
BugTraq ID: 22625
Remote: No
Last Updated: 2007-03-19
Relevant URL: http://www.securityfocus.com/bid/22625
Summary:
The Linux kernel is prone to a local denial-of-service vulnerability.

An attacker can exploit this issue to crash the affected computer, denying service to legitimate users.

This issue affects the Linux kernel 2.6 series up to 2.6.20.

79. Linux Kernel Key_Alloc_Serial() Local Denial of Service Vulnerability
BugTraq ID: 22539
Remote: No
Last Updated: 2007-03-19
Relevant URL: http://www.securityfocus.com/bid/22539
Summary:
The Linux Kernel is prone to a denial-of-service vulnerability.

A successful attack can allow local attackers to trigger a crash and deny service to legitimate users.

Kernel versions 2.6.x are vulnerable.

80. File(1) Command File_PrintF Integer Underflow Vulnerability
BugTraq ID: 23021
Remote: Yes
Last Updated: 2007-03-19
Relevant URL: http://www.securityfocus.com/bid/23021
Summary:
The file(1) command is prone to an integer-underflow vulnerability because the command fails to adequately handle user-supplied data.

An attacker can leverage this issue to corrupt heap memory and execute arbitrary code with the privileges of a user running the command. A successful attack may result in the compromise of affected computers. Failed attempts will likely cause denial-of-service conditions.

Versions prior to 4.20 are vulnerable.

81. Interstage Application Server Unspecified Cross Site Scripting Vulnerability
BugTraq ID: 23020
Remote: Yes
Last Updated: 2007-03-19
Relevant URL: http://www.securityfocus.com/bid/23020
Summary:
Interstage Application Server is prone to a cross-site scripting vulnerability because the application fails to sufficiently sanitize user-supplied data.

Exploiting this issue may help the attacker steal cookie-based authentication credentials and launch other attacks.

82. Network Audio System Local Privilege Escalation and Denial of Service Vulnerabilities
BugTraq ID: 23017
Remote: Yes
Last Updated: 2007-03-19
Relevant URL: http://www.securityfocus.com/bid/23017
Summary:
Network Audio System is prone to local privilege-escalation and denial-of-service vulnerabilities.

An attacker can exploit these issues to execute arbitrary commands with root privileges or to overwrite arbitrary system files, resulting in denial-of-service conditions.

Network Audio System version 1.8a is affected; other versions may also be vulnerable.

83. ScriptMagix Lyrics Index.PHP SQL Injection Vulnerability
BugTraq ID: 23019
Remote: Yes
Last Updated: 2007-03-19
Relevant URL: http://www.securityfocus.com/bid/23019
Summary:
ScriptMagix Lyrics is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.

ScriptMagix Lyrics 2.0 and prior versions are vulnerable.

84. PHP Mb_Parse_Str Function Register_Globals Activation Weakness
BugTraq ID: 23016
Remote: Yes
Last Updated: 2007-03-19
Relevant URL: http://www.securityfocus.com/bid/23016
Summary:
PHP is prone to a weakness that allows attackers to enable the 'register_globals' directive because the application fails to handle a memory-limit exception.

Enabling the PHP 'register_globals' directive may allow attackers to further exploit latent vulnerabilities in PHP scripts.

This issue is related to the weakness found in the non-multibyte 'parse_str()' from BID 15249 - PHP Parse_Str Register_Globals Activation Weakness.

This issue affects PHP versions 4 to 4.4.6 and 5 to 5.2.1.

85. Multiple ScriptMagix Products Index.PHP SQL Injection Vulnerability
BugTraq ID: 23015
Remote: Yes
Last Updated: 2007-03-19
Relevant URL: http://www.securityfocus.com/bid/23015
Summary:
Multiple ScriptMagix products are prone to an SQL-injection vulnerability because they fail to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.

86. Novell NetMail Multiple Buffer Overflow Vulnerabilities
BugTraq ID: 22857
Remote: Yes
Last Updated: 2007-03-19
Relevant URL: http://www.securityfocus.com/bid/22857
Summary:
Novell NetMail is prone to multiple remotely exploitable buffer-overflow vulnerabilities because it fails to do proper bounds checking on user-supplied input.

A successful exploit could let a remote attacker execute arbitrary code in the context of the affected application.

87. ScriptMagix Photo Rating ViewComments.PHP SQL Injection Vulnerability
BugTraq ID: 23018
Remote: Yes
Last Updated: 2007-03-19
Relevant URL: http://www.securityfocus.com/bid/23018
Summary:
ScriptMagix Photo Rating is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.

ScriptMagix Photo Rating 2.0 and prior versions are vulnerable.

88. Linux Security Auditing Tool Insecure Temporary File Creation Vulnerability
BugTraq ID: 23014
Remote: No
Last Updated: 2007-03-19
Relevant URL: http://www.securityfocus.com/bid/23014
Summary:
The Linux Security Auditing Tool creates temporary files in an insecure manner.

An attacker with local access could potentially exploit this issue to perform symlink attacks, overwriting arbitrary files in the context of the affected application.

Successfully mounting a symlink attack may allow the attacker to overwrite or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.

Version 0.9.2 is vulnerable to this issue; other versions may also be affected.

89. ZZipLib ZZip_Open_Shared_IO Stack Buffer Overflow Vulnerability
BugTraq ID: 23013
Remote: Yes
Last Updated: 2007-03-19
Relevant URL: http://www.securityfocus.com/bid/23013
Summary:
ZZIPlib is prone to a remote stack-based buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer.

Exploiting this issue may allow attackers to execute arbitrary machine code in the context of applicaitons using the library. Failed exploit attempts will likely result in a denial-of-service condition.

Versions prior to 0.13.49 are vulnerable.

90. Trend Micro ServerProtect SPNTSVC.EXE Multiple Stack Buffer Overflow Vulnerabilities
BugTraq ID: 22639
Remote: Yes
Last Updated: 2007-03-19
Relevant URL: http://www.securityfocus.com/bid/22639
Summary:
Trend Micro ServerProtect is prone to multiple remote stack-based buffer-overflow vulnerabilities because the application fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer.

Exploiting these issues allows attackers to execute arbitrary machine code with SYSTEM-level privileges.

91. OpenSSL PKCS Padding RSA Signature Forgery Vulnerability
BugTraq ID: 19849
Remote: Yes
Last Updated: 2007-03-19
Relevant URL: http://www.securityfocus.com/bid/19849
Summary:
OpenSSL is prone to a vulnerability that may allow an attacker to forge an RSA signature. The attacker may be able to forge a PKCS #1 v1.5 signature when an RSA key with exponent 3 is used.

An attacker may exploit this issue to sign digital certificates or RSA keys and take advantage of trust relationships that depend on these credentials, possibly posing as a trusted party and signing a certificate or key.

All versions of OpenSSL prior to and including 0.9.7j and 0.9.8b are affected by this vulnerability. Updates are available.

92. Fish Multiple Remote Buffer Overflow Vulnerabilities
BugTraq ID: 22880
Remote: Yes
Last Updated: 2007-03-19
Relevant URL: http://www.securityfocus.com/bid/22880
Summary:
FiSH is prone to multiple remote buffer-overflow vulnerabilities because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.

An attacker can exploit these issues to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial of service.

93. Mozilla Thunderbird/Seamonkey Rich Text Integer Overflow Vulnerability
BugTraq ID: 22845
Remote: Yes
Last Updated: 2007-03-19
Relevant URL: http://www.securityfocus.com/bid/22845
Summary:
Thunderbird and Seamonkey are prone to an integer-overflow vulnerability because they fail to handle excessively large specially formatted email messages.

A remote attacker can exploit this issue to execute arbitrary code; failed exploit attempts will likely result in denial-of-service conditions.

This issue affects Thunderbird versions prior to 1.5.0.10 and Seamonkey versions prior to 1.0.8.

94. LibVNCServer Remote Authentication Bypass Vulnerability
BugTraq ID: 18977
Remote: Yes
Last Updated: 2007-03-19
Relevant URL: http://www.securityfocus.com/bid/18977
Summary:
LibVNCServer is prone to an authentication-bypass vulnerability. This issue is due to a flaw in the authentication process of the affected package.

Exploiting this issue may allow attackers to gain unauthenticated, remote access to the VNC servers.

All versions of LibVNCServer are considered vulnerable to this issue.

Reports indicate that this issue is similar to the issue described in BID 17978 (RealVNC Remote Authentication Bypass Vulnerability). Note that since LibVNCServer and RealVNC do not share code, this issue is being assigned a separate BID.

95. Ulogd Unspecified Buffer Overflow Vulnerability
BugTraq ID: 22139
Remote: No
Last Updated: 2007-03-19
Relevant URL: http://www.securityfocus.com/bid/22139
Summary:
Ulogd is prone to a buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it into an insufficiently sized memory buffer.

Exploiting this issue allows attackers to execute arbitrary machine code in the context of the affected daemon. Failed attempts will likely result in denial-of-service conditions.

96. TCPDump IEEE802.11 printer Remote Buffer Overflow Vulnerability
BugTraq ID: 22772
Remote: Yes
Last Updated: 2007-03-19
Relevant URL: http://www.securityfocus.com/bid/22772
Summary:
The 'tcpdump' utility is prone to a heap-based buffer-overflow vulnerability because it fails to bounds-check user-supplied input before copying it into an insufficiently sized memory buffer.

An attacker can exploit this issue to execute arbitrary malicious code in the context of the user running the affected application. Failed exploit attempts will likely crash the affected application.

This issue affects tcpdump 3.9.5 and prior versions.

97. PHP Header Function Space Trimming Buffer Overflow Vulnerability
BugTraq ID: 23012
Remote: No
Last Updated: 2007-03-19
Relevant URL: http://www.securityfocus.com/bid/23012
Summary:
PHP is prone to a buffer-overflow vulnerability because the application fails to perform boundary checks before copying user-supplied data to insufficiently sized memory buffers.

An attacker can exploit this issue to execute arbitrary machine code in the context of the affected webserver. Failed exploit attempts will likely crash the webserver, denying service to legitimate users.

PHP 5.2.0 is reported vulnerable; other versions may also be affected.

98. Rhapsody IRC Multiple Remote Vulnerabilities
BugTraq ID: 23011
Remote: Yes
Last Updated: 2007-03-19
Relevant URL: http://www.securityfocus.com/bid/23011
Summary:
Rhapsody IRC is prone to multiple remote vulnerabilities, including multiple buffer-overflow issues and format-string issues.

Exploiting these issues allows remote attackers to execute arbitrary machine code in the context of the affected application. Failed exploit attempts will likely crash applications, denying service to legitimate users.

99. Active PHP Bookmarks Head.PHP Remote File Include Vulnerability
BugTraq ID: 23010
Remote: Yes
Last Updated: 2007-03-19
Relevant URL: http://www.securityfocus.com/bid/23010
Summary:
Active PHP Bookmarks is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data.

Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible.

This issue affects version 0.2.5; prior versions may also be affected.

100. MPM Chat View.PHP Local File Include Vulnerability
BugTraq ID: 23009
Remote: Yes
Last Updated: 2007-03-19
Relevant URL: http://www.securityfocus.com/bid/23009
Summary:
MPM Chat is prone to a local file-include vulnerability because the application fails to sanitize user-supplied input.

A successful exploit would allow an attacker to view files and execute arbitrary local scripts within the context of the webserver.

This issue affects version 2.5; other versions may also be affected.

III. SECURITYFOCUS NEWS ARTICLES
--------------------------------
1. Anti-spyware bill could mean tougher fines
By: Robert Lemos
Supporters of the Spy Act, which heightens civil penalties against those responsible for programs that hijack PCs and collect data without adequate authorization, hope that the bill's third time is a charm.
http://www.securityfocus.com/news/11450

2. Tor hack proposed to catch criminals
By: Robert Lemos
A security researcher unveils a project that aims to identify sources on the pro-privacy network, but does the initiative help track down criminals or just hurt legitimate users?

http://www.securityfocus.com/news/11447

3. Stormy weather for malware defenses
By: Robert Lemos
The misnamed Storm Worm, actually a Trojan horse, underscores the difficulties that evolving tactics pose for defenders. <em>The second article in a two-part series.</em>
http://www.securityfocus.com/news/11446

4. Maynor reveals missing Apple flaws
By: Robert Lemos
Security researcher David Maynor shows off the code for exploiting a vulnerability in the native Mac OS X wireless drivers revealed last summer as well as e-mails showing he notified Apple.
http://www.securityfocus.com/news/11445

IV. SECURITY JOBS LIST SUMMARY
-------------------------------
1. [SJ-JOB] Security Engineer, Herndon
http://www.securityfocus.com/archive/77/463320

2. [SJ-JOB] Security Architect, London
http://www.securityfocus.com/archive/77/463322

3. [SJ-JOB] Sr. Security Analyst, Jacksonville
http://www.securityfocus.com/archive/77/463306

4. [SJ-JOB] Sales Representative, Atlanta
http://www.securityfocus.com/archive/77/463321

5. [SJ-JOB] Security Product Manager, Mountain View
http://www.securityfocus.com/archive/77/463302

6. [SJ-JOB] Sales Engineer, Atlanta
http://www.securityfocus.com/archive/77/463303

7. [SJ-JOB] Security Engineer, Cincinnati
http://www.securityfocus.com/archive/77/463304

8. [SJ-JOB] Security Consultant, Atlanta
http://www.securityfocus.com/archive/77/463305

9. [SJ-JOB] Security Architect, Calgary
http://www.securityfocus.com/archive/77/463216

10. [SJ-JOB] Sales Engineer, Cleveland
http://www.securityfocus.com/archive/77/463219

11. [SJ-JOB] Quality Assurance, Bangalore
http://www.securityfocus.com/archive/77/463220

12. [SJ-JOB] Sales Representative, Cleveland
http://www.securityfocus.com/archive/77/463221

13. [SJ-JOB] Forensics Engineer, East Midlands
http://www.securityfocus.com/archive/77/463224

14. [SJ-JOB] Manager, Information Security, Jersey Ciry
http://www.securityfocus.com/archive/77/462967

15. [SJ-JOB] Training / Awareness Specialist, Jersey City
http://www.securityfocus.com/archive/77/462968

16. [SJ-JOB] Compliance Officer, New York
http://www.securityfocus.com/archive/77/462965

17. [SJ-JOB] Security Engineer, New York
http://www.securityfocus.com/archive/77/462966

18. [SJ-JOB] Management, BOSTON
http://www.securityfocus.com/archive/77/462925

19. [SJ-JOB] Management, San Diego
http://www.securityfocus.com/archive/77/462927

20. [SJ-JOB] Management, NEW YORK
http://www.securityfocus.com/archive/77/462935

21. [SJ-JOB] Management, SAN FRANCISCO
http://www.securityfocus.com/archive/77/462937

22. [SJ-JOB] Security Consultant, San Jose
http://www.securityfocus.com/archive/77/462922

23. [SJ-JOB] Manager, Information Security, SAN DIEGO
http://www.securityfocus.com/archive/77/462934

24. [SJ-JOB] Manager, Information Security, BOSTON
http://www.securityfocus.com/archive/77/462936

25. [SJ-JOB] Management, SAN FRANCISCO
http://www.securityfocus.com/archive/77/462921

26. [SJ-JOB] Management, NEW YORK
http://www.securityfocus.com/archive/77/462923

27. [SJ-JOB] Security Engineer, North Chicago
http://www.securityfocus.com/archive/77/462831

28. [SJ-JOB] Threat Analyst, New York
http://www.securityfocus.com/archive/77/462832

29. [SJ-JOB] Security Consultant, Merseyside
http://www.securityfocus.com/archive/77/462782

30. [SJ-JOB] Application Security Engineer, Cleveland
http://www.securityfocus.com/archive/77/462731

31. [SJ-JOB] VP / Dir / Mgr engineering, New York
http://www.securityfocus.com/archive/77/462733

32. [SJ-JOB] Security Auditor, New York
http://www.securityfocus.com/archive/77/462734

33. [SJ-JOB] Security Consultant, Calgary
http://www.securityfocus.com/archive/77/462730

34. [SJ-JOB] Director, Information Security, New York
http://www.securityfocus.com/archive/77/462732

35. [SJ-JOB] Security Architect, Leawood
http://www.securityfocus.com/archive/77/462713

36. [SJ-JOB] Security Consultant, Hyderabad
http://www.securityfocus.com/archive/77/462714

37. [SJ-JOB] Sr. Security Engineer, Hyderabad
http://www.securityfocus.com/archive/77/462724

38. [SJ-JOB] Security Engineer, Los Angeles
http://www.securityfocus.com/archive/77/462725

39. [SJ-JOB] Sr. Security Analyst, Indianapolis
http://www.securityfocus.com/archive/77/462726

40. [SJ-JOB] Security Architect, Bellevue
http://www.securityfocus.com/archive/77/462712

41. [SJ-JOB] Security Architect, Atlanta
http://www.securityfocus.com/archive/77/462718

42. [SJ-JOB] Security Architect, Charlotte
http://www.securityfocus.com/archive/77/462719

V. INCIDENTS LIST SUMMARY
---------------------------
VI. VULN-DEV RESEARCH LIST SUMMARY
-----------------------------------
1. TOOL: LLTD implementation in Perl
http://www.securityfocus.com/archive/82/463015

2. ARCserve msgeng.exe buffer overflow exploit (win2k SP4)
http://www.securityfocus.com/archive/82/463014

3. MS07-012 Not Fixed
http://www.securityfocus.com/archive/82/463013

4. newline injection in multipart/form-data
http://www.securityfocus.com/archive/82/462949

5. A common bug in comment preview that leads to an XSS attack
http://www.securityfocus.com/archive/82/462947

6. buffer overflow - basic help needed (aleph1)
http://www.securityfocus.com/archive/82/462946

VII. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. SecurityFocus Microsoft Newsletter #333
http://www.securityfocus.com/archive/88/462847

VIII. SUN FOCUS LIST SUMMARY
----------------------------
IX. LINUX FOCUS LIST SUMMARY
----------------------------
X. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to sf-news-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.

XI. SPONSOR INFORMATION
------------------------
This Issue is Sponsored by: Black Hat

Attend Black Hat Europe, March 27-30 in Amsterdam, Europe's premier technical event for ICT security experts. Featuring 10 hands-on training courses and 20 Briefings presentations with lots of new content - the best of Black Hat! See security solutions from 8 top sponsors including Microsoft and Google, and network with 400 colleagues from 30 nations. To download the preview program visit www.blackhat.com/html/bh-europe-07/marketing/bh-eu-07-preview-LR.pdf.

For general information or to register visit:

http://www.blackhat.com

No comments:

Blog Archive