News

Thursday, April 05, 2007

SecurityFocus Newsletter #395

SecurityFocus Newsletter #395
----------------------------------------

This Issue is Sponsored by: Watchfire

As web applications become increasingly complex, tremendous amounts of sensitive data - including personal, medical and financial information - are exchanged, and stored. This paper examines a few vulnerability detection methods - specifically comparing and contrasting manual penetration testing with automated scanning tools. Download Watchfire's "Web Application Security: Automated Scanning or Manual Penetration Testing?" whitepaper today!

https://www.watchfire.com/securearea/whitepapers.aspx?id=701500000008rSe


SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1. Metasploit 3.0 day
2. Blanket Discovery for Stolen Laptops
II. BUGTRAQ SUMMARY
1. Gnome Evolution Format String Vulnerability
2. Samba Deferred CIFS File Open Denial of Service Vulnerability
3. Linux Kernel CapiUtil.c Buffer Overflow Vulnerability
4. Microsoft Windows Unspecified Remote Code Execution Vulnerability
5. Lite-CMS Index.PHP Local File Include Vulnerability
6. CodeWand PHPBrowse Include_Stream.Inc.PHP Remote File Include Vulnerability
7. PHP-Generics _App_Relative_Path Multiple Remote File Include Vulnerabilities
8. Kaspersky AntiVirus SysInfo ActiveX Control Arbitrary File Exfiltration Vulnerability
9. Texinfo File Handling Buffer Overflow Vulnerability
10. GNU Texinfo Insecure Temporary File Creation Vulnerability
11. Zlib Compression Library gzprintf() Buffer Overrun Vulnerability
12. Zlib Compression Library Decompression Buffer Overflow Vulnerability
13. Zope HTTP Get Request HTML Injection Vulnerability
14. Microsoft Windows Vista Teredo UDP Nonce Spoofing Weakness
15. Microsoft Windows Cursor And Icon ANI Format Handling Remote Buffer Overflow Vulnerability
16. Microsoft Windows Vista Neighbor Discovery Spoofing Vulnerability
17. Microsoft Vista Spoofed LLTD HELLO Packet Security Restriction Bypass Vulnerability
18. Microsoft Windows Graphics Rendering Engine EMF File Privilege Escalation Vulnerability
19. Microsoft Windows GDI Kernel Local Privilege Escalation Vulnerability
20. Microsoft Windows GDI Invalid Window Size Local Privilege Escalation Vulnerability
21. Microsoft Windows Graphics Device Interface Font Rasterizer Local Privilege Escalation Vulnerability
22. Microsoft Windows Graphics Rendering Engine GDI Local Privilege Escalation Vulnerability
23. CyBoards PHP Lite Default_Header.PHP Remote File Include Vulnerability
24. Microsoft Windows Vista LLTD Mapper EMIT Packet Remote Denial Of Service Vulnerability
25. Microsoft Windows Vista Teredo Protocol Insecure Connection Weakness
26. Microsoft Windows Vista LLTD Responder Discovery Packet Spoofing Vulnerability
27. ImageMagick XGetPixel/XInitImage Multiple Integer Overflow Vulnerabilities
28. Linux Kernel BINFMT_ELF PT_INTERP Local Information Disclosure Vulnerability
29. VMware Unspecified Double Free Memory Corruption Vulnerability
30. HP Mercury Quality Center ActiveX Control Buffer Overflow Vulnerability.
31. Zlib Compression Library Buffer Overflow Vulnerability
32. GDB Multiple Vulnerabilities
33. ACDSee 9.0 Photo Manager Multiple BMP Denial of Service Vulnerabilities
34. FireBug Cross Zone Scripting Vulnerability
35. File(1) Command File_PrintF Integer Underflow Vulnerability
36. Network Audio System Local Privilege Escalation and Denial of Service Vulnerabilities
37. Centrino Intel PRO/Wireless Network Connection Drivers Remote Code Execution Vulnerability
38. OpenSSL PKCS Padding RSA Signature Forgery Vulnerability
39. SAP RFC_Start_Gui RFC Function Unspecified Buffer Overflow and Informaiton Vulnerabilities
40. FastStone Image Viewer Multiple BMP Denial of Service Vulnerabilities
41. MyBlog Games.PHP Remote File Include Vulnerability
42. SAP RFC_Set_Reg_Server_Property RFC Function Denial of Service Vulnerability
43. SAP RFC Library System_Create_Instance Function Buffer Overflow Vulnerability
44. SAP RFC Library Trusted_System_Security Function Information Disclosure Vulnerability
45. TrueCrypt Mount Set-EUID Local Privilege Escalation Vulnerability
46. Portable OpenSSH GSSAPI Remote Code Execution Vulnerability
47. XOOPS WF-Section Module Print.PHP SQL Injection Vulnerability
48. OpenSSH Duplicated Block Remote Denial of Service Vulnerability
49. SAP RFC_Start_Gui RFC Function Unspecified Buffer Overflow Vulnerability
50. AroundMe Multiple Remote File Include Vulnerabilities
51. LedgerSMB Unspecified SQL Injection Vulnerabilities
52. MySpeach Multiple Local And Remote File Include Vulnerabilities
53. Trolltech QT UTF-8 Sequences Input Validation Vulnerability
54. XOOPS Multiple Modules ViewCat.PHP SQL Injection Vulnerabilities
55. ZZipLib ZZip_Open_Shared_IO Stack Buffer Overflow Vulnerability
56. Metamod-P Safevoid_Vsnprintf() Remote Denial of Service Vulnerability
57. Mozilla FireFox FTP PASV Port-Scanning Vulnerability
58. IBM Tivoli Business Service Manager NCISETUP.DB and MSI.LOG Password Disclosure Vulnerability
59. KTorrent Multiple Remote Vulnerabilities
60. OpenAFS FetchStatus Reply Privilege Escalation Vulnerability
61. OpenPBS Multiple Local and Remote Vulnerabilities
62. OpenOffice Meta Character Remote Shell Command Execution Vulnerability
63. WordPress Post_ID Parameter SQL Injection Vulnerability
64. TinyMUX Fun_Ladd() Buffer Overflow Vulnerability
65. MIT Kerberos 5 KAdminD Server Stack Buffer Overflow Vulnerability
66. AOL SB.SuperBuddy.1 ActiveX Control Remote Code Execution Vulnerability
67. MIT Kerberos Administration Daemon Kadmind Double Free Memory Corruption Vulnerabilities
68. MIT Kerberos 5 Telnet Daemon Authentication Bypass Vulnerability
69. EXV2 CMS Multiple Cross-Site Scripting Vulnerabilities
70. X.Org X11 XC-MISC Extension Integer Overflow Vulnerability
71. X.Org LibXFont Multiple Integer Overflow Vulnerabilities
72. ESRI ArcSDE Server Stack Buffer Overflow Vulnerability
73. Yahoo! Messenger Audio Conferencing ActiveX Control Remote Buffer Overflow Vulnerability
74. IBM Lotus Domino IMAP Cram-MD5 Buffer Overflow Vulnerability
75. MySQL Privilege Elevation and Security Bypass Vulnerabilities
76. SolidWorks SLDimdownload ActiveX Control Arbitrary Code Execution Vulnerability
77. HolaCMS Index_CMS.PHP Cross-Site Scripting Vulnerability
78. XOOPS PopnupBlog Module Index.PHP SQL Injection Vulnerability
79. KDE Konqueror JavaScript IFrame Denial of Service Vulnerability
80. APOP Protocol Insecure MD5 Hash Weakness
81. XOOPS KShop Module Product_Details.PHP SQL Injection Vulnerability
82. Retired: Kinesis Interactive Cinema System Index.ASP SQL Injection Vulnerability
83. Mozilla Thunderbird/SeaMonkey/Firefox Multiple Remote Vulnerabilities
84. Mozilla Thunderbird/Seamonkey Rich Text Integer Overflow Vulnerability
85. NextPage LivePublish LPEXT.DLL Cross-Site Scripting Vulnerability
86. Owl's Workshop Multiple Remote File Disclosure Vulnerabilities
87. Oracle January 2007 Security Update Multiple Vulnerabilities
88. Ventrilo Status Requests Denial Of Service Vulnerability
89. Mozilla Firefox/Thunderbird/Seamonkey Multiple Remote Vulnerabilities
90. Linux Kernel NFSACL Denial of Service Vulnerability
91. Linux Kernel IPV6_SockGlue.c NULL Pointer Dereference Vulnerability
92. Linux Kernel IPV6_Getsockopt_Sticky Memory Leak Information Disclosure Vulnerability
93. Linux Kernel Omnikey CardMan 4040 Driver Local Buffer Overflow Vulnerability
94. XMMS Skins Integer Overflow And Underflow Vulnerabilities
95. Mozilla Firefox JavaScript Handler Race Condition Memory Corruption Vulnerability
96. Mozilla Firefox XML Handler Race Condition Memory Corruption Vulnerability
97. Advanced Website Creator SQL Injection Vulnerabilities
98. XFSection Xoops Module Print.PHP SQL Injection Vulnerability
99. Microsoft April 2007 Advance Notification Multiple Vulnerabilities
100. Sisplet CMS Komentar.PHP Remote File Include Vulnerability
III. SECURITYFOCUS NEWS
1. Developers warned to secure AJAX design
2. TJX theft tops 45.6 million card numbers
3. Groups team to test secure-coding skill
4. Oracle sues rival for hacking, data theft
IV. SECURITY JOBS LIST SUMMARY
V. INCIDENTS LIST SUMMARY
VI. VULN-DEV RESEARCH LIST SUMMARY
1. [CFP] VNSECON 07 - Call for Papers / HCMC - August 03-04, 2007
VII. MICROSOFT FOCUS LIST SUMMARY
1. Discovering Active Direcory users with blank passwords
2. SecurityFocus Microsoft Newsletter #335 (fwd)
VIII. SUN FOCUS LIST SUMMARY
IX. LINUX FOCUS LIST SUMMARY
X. UNSUBSCRIBE INSTRUCTIONS
XI. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1. Metasploit 3.0 day
By Federico Biancuzzi
The Metasploit Framework is a development platform for creating security tools and exploits. Federico Biancuzzi interviewed H D Moore to discuss what's new in release 3.0, the new license of the framework, plans for features and exploits development, and the links among the bad guys and Metasploit and the law.
http://www.securityfocus.com/columnists/439

2. Blanket Discovery for Stolen Laptops
By Mark Rasch
Mark Rasch discusses the legal issues behind the discovery and recovery of stolen laptops that use LoJack-style homing devices to announce their location, and the location of the thieves, anywhere in the world.
http://www.securityfocus.com/columnists/438


II. BUGTRAQ SUMMARY
--------------------
1. Gnome Evolution Format String Vulnerability
BugTraq ID: 23073
Remote: Yes
Last Updated: 2007-04-05
Relevant URL: http://www.securityfocus.com/bid/23073
Summary:
Gnome Evolution is prone to a format-string vulnerability.

This issue presents itself because the application fails to properly sanitize user-supplied input before passing it as the format specifier in a shared memo.

A successful attack may crash the application or possibly lead to arbitrary code execution. This may facilitate unauthorized access or privilege escalation in the context of the user running the application.

Gnome Evolution version 2.8.2.1 is vulnerable to this issue; other versions may also be affected.

2. Samba Deferred CIFS File Open Denial of Service Vulnerability
BugTraq ID: 22395
Remote: No
Last Updated: 2007-04-05
Relevant URL: http://www.securityfocus.com/bid/22395
Summary:
The smbd daemon is prone to a denial-of-service vulnerability.

An attacker can exploit this issue to consume excessive memory resources, ultimately crashing the affected application.

This issue affects Samba versions 3.0.6 through 3.0.23d, inclusive.

3. Linux Kernel CapiUtil.c Buffer Overflow Vulnerability
BugTraq ID: 23333
Remote: No
Last Updated: 2007-04-05
Relevant URL: http://www.securityfocus.com/bid/23333
Summary:
The Linux kernel is prone to a local buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input before using into an insufficiently sized buffer.

An attacker can exploit this issue to execute arbitrary code with kernel-level privileges or cause the affected kernel to crash denying service to legitimate users.

This issue affects versions 2.6.9 to 2.6.20 and isdn4k utilities

4. Microsoft Windows Unspecified Remote Code Execution Vulnerability
BugTraq ID: 23332
Remote: Yes
Last Updated: 2007-04-05
Relevant URL: http://www.securityfocus.com/bid/23332
Summary:
Microsoft Windows is prone to an unspecified remote code-execution vulnerability. Exploiting this issue reportedly requires minimal user interaction.

Successfully exploiting this issue allows attackers to execute arbitrary code, facilitating the remote compromise of affected computers.

Currently, little is known about this issue. This BID will be updated as more information becomes available.

5. Lite-CMS Index.PHP Local File Include Vulnerability
BugTraq ID: 23330
Remote: Yes
Last Updated: 2007-04-05
Relevant URL: http://www.securityfocus.com/bid/23330
Summary:
Lite-CMS is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.

Exploiting this issue may allow an unauthorized user to view files and execute local scripts.

Version 0.2.1 is vulnerable; other versions may also be affected.

6. CodeWand PHPBrowse Include_Stream.Inc.PHP Remote File Include Vulnerability
BugTraq ID: 23329
Remote: Yes
Last Updated: 2007-04-05
Relevant URL: http://www.securityfocus.com/bid/23329
Summary:
phpBrowse is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data.

Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible.

7. PHP-Generics _App_Relative_Path Multiple Remote File Include Vulnerabilities
BugTraq ID: 23328
Remote: Yes
Last Updated: 2007-04-05
Relevant URL: http://www.securityfocus.com/bid/23328
Summary:
PHP-Generics is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data.

Exploiting these issues may allow an attacker to compromise the application and the underlying system; other attacks are also possible.

These issues affect version 1.0 beta; other versions may also be vulnerable.

8. Kaspersky AntiVirus SysInfo ActiveX Control Arbitrary File Exfiltration Vulnerability
BugTraq ID: 23325
Remote: Yes
Last Updated: 2007-04-05
Relevant URL: http://www.securityfocus.com/bid/23325
Summary:
Kaspersky AntiVirus is prone to an arbitrary file exfiltration vulnerability.

An attacker can exploit this issue to steal files from a victim machine.

This issue affects Kaspersky Anti-Virus 6.0 and Kaspersky Internet Security 6.0.

9. Texinfo File Handling Buffer Overflow Vulnerability
BugTraq ID: 20959
Remote: Yes
Last Updated: 2007-04-04
Relevant URL: http://www.securityfocus.com/bid/20959
Summary:
Texinfo is prone to a buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer.

Exploiting this issue allows attackers to cause the affected applications using Texinfo to crash, denying service to legitimate users. Arbitrary code execution may also be possible, but this has not been confirmed.

10. GNU Texinfo Insecure Temporary File Creation Vulnerability
BugTraq ID: 14854
Remote: No
Last Updated: 2007-04-04
Relevant URL: http://www.securityfocus.com/bid/14854
Summary:
Texinfo creates temporary files in an insecure manner. The issue resides in the 'textindex.c' file.

Exploitation would most likely result in loss of data or a denial of service if critical files are overwritten in the attack. Other attacks may be possible as well.

11. Zlib Compression Library gzprintf() Buffer Overrun Vulnerability
BugTraq ID: 6913
Remote: Yes
Last Updated: 2007-04-04
Relevant URL: http://www.securityfocus.com/bid/6913
Summary:
A vulnerability has been reported in the zlib compression library. Due to the use of vsprintf() by an internal Zlib function, it may be possible to trigger a condition under which memory corruption will occur. This buffer overrun exists due to insufficient bounds checking of user-supplied data, supplied to the gzprintf() function.

Successful exploitation of this vulnerability may allow an attacker to execute arbitrary instructions.

It should be noted that only zlib 1.1.4 has been reported vulnerable to this issue. It is not yet known whether earlier versions are also affected.

12. Zlib Compression Library Decompression Buffer Overflow Vulnerability
BugTraq ID: 14340
Remote: Yes
Last Updated: 2007-04-04
Relevant URL: http://www.securityfocus.com/bid/14340
Summary:
Zlib is susceptible to a buffer-overflow vulnerability. This issue is due to the library's failure to properly handle unexpected input to its decompression routines.

Certain values used during decompression are incorrectly specified, allowing invalid inflate input to corrupt memory.

This vulnerability allows attackers to crash applications that use the affected library. This could also potentially allow for arbitrary code execution in the context of an affected application.

13. Zope HTTP Get Request HTML Injection Vulnerability
BugTraq ID: 23084
Remote: Yes
Last Updated: 2007-04-04
Relevant URL: http://www.securityfocus.com/bid/23084
Summary:
Zope is prone to an HTML-injection scripting vulnerability because the application fails to properly sanitize user-supplied input.

Attacker-supplied HTML and script code would execute in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user; other attacks are also possible.

14. Microsoft Windows Vista Teredo UDP Nonce Spoofing Weakness
BugTraq ID: 23301
Remote: Yes
Last Updated: 2007-04-04
Relevant URL: http://www.securityfocus.com/bid/23301
Summary:
Windows Vistsa Teredo server is prone to a nonce-spoofing weakness due to its use of a nonce during the lifetime of certain connections.

This weakness can aid in attempts to spoof a Teredo server.

15. Microsoft Windows Cursor And Icon ANI Format Handling Remote Buffer Overflow Vulnerability
BugTraq ID: 23194
Remote: Yes
Last Updated: 2007-04-04
Relevant URL: http://www.securityfocus.com/bid/23194
Summary:
Microsoft Windows is prone to a stack buffer-overflow vulnerability because of insufficient format validation that occurs when handling malformed ANI cursor or icon files.

An attacker can exploit this issue to execute arbitrary code with the privileges of an unsuspecting user. A successful attack can result in the compromise of affected user accounts and computers.

This issue affects Windows Vista, Windows XP SP2, and Windows Server 2003 SP1 when running Internet Explorer 6 and 7; other versions and client applications may also be affected.

Microsoft has recently disclosed that Outlook 2007 is not vulnerable, that Windows Mail on Vista is vulnerable in replying to or forwarding emails containing malicious ANI files, and that Outlook Express is vulnerable to this issue.

Third-party applications such as browsers that handle ANI files and call the ANI rendering functionality in GDI pose an attack vector for this vulnerability.

16. Microsoft Windows Vista Neighbor Discovery Spoofing Vulnerability
BugTraq ID: 23293
Remote: Yes
Last Updated: 2007-04-04
Relevant URL: http://www.securityfocus.com/bid/23293
Summary:
Microsoft Windows Vista is prone to a discovery-spoofing vulnerability.

An attacker can exploit this issue to conduct redirect attacks on another host on the network. This may lead to further attacks.

Note that to exploit this issue, the attacker must have access to the local network segment of a target computer.

17. Microsoft Vista Spoofed LLTD HELLO Packet Security Restriction Bypass Vulnerability
BugTraq ID: 23279
Remote: Yes
Last Updated: 2007-04-04
Relevant URL: http://www.securityfocus.com/bid/23279
Summary:
The Microsoft Windows Vista operating system is prone to a security-restriction-bypass vulnerability because the software fails to properly sanitize user-supplied packet-level data.

Attackers can exploit this issue to bypass the security restrictions and gain unauthorized access to restricted sites. This may allow attackers to bypass the security restrictions enforced by the Vista operating system.

18. Microsoft Windows Graphics Rendering Engine EMF File Privilege Escalation Vulnerability
BugTraq ID: 23278
Remote: No
Last Updated: 2007-04-04
Relevant URL: http://www.securityfocus.com/bid/23278
Summary:
Microsoft Windows Graphics Rendering Engine is prone to a local privilege-escalation vulnerability when rendering malformed EMF image files.

An attacker may exploit this issue to execute arbitrary code with SYSTEM-level privileges, facilitating the complete compromise of affected computers.

19. Microsoft Windows GDI Kernel Local Privilege Escalation Vulnerability
BugTraq ID: 20940
Remote: No
Last Updated: 2007-04-04
Relevant URL: http://www.securityfocus.com/bid/20940
Summary:
Microsoft Windows is prone to a local privilege-escalation vulnerability because data structures mapped by the GDI Kernel can be re-mapped as read-write by other processes.

An attacker could exploit this issue to execute arbitrary machine code with SYSTEM-level privileges. A successful exploit could result in the complete compromise of the affected computer. Failed attempts could cause denial-of-service conditions.

20. Microsoft Windows GDI Invalid Window Size Local Privilege Escalation Vulnerability
BugTraq ID: 23277
Remote: No
Last Updated: 2007-04-04
Relevant URL: http://www.securityfocus.com/bid/23277
Summary:
Microsoft Windows is prone to a local privilege-escalation vulnerability.

An attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges. A successful exploit will result in the complete compromise of affected computers. Failed exploit attempts will result in a denial-of-service condition.

21. Microsoft Windows Graphics Device Interface Font Rasterizer Local Privilege Escalation Vulnerability
BugTraq ID: 23276
Remote: No
Last Updated: 2007-04-04
Relevant URL: http://www.securityfocus.com/bid/23276
Summary:
Microsoft Windows GDI Font Rasterizer is prone to a local privilege-escalation vulnerability.

An attacker can exploit this issue to gain complete control of an affected computer. Failed attempts will likely cause the operating system to crash, resulting in denial-of-service conditions.

22. Microsoft Windows Graphics Rendering Engine GDI Local Privilege Escalation Vulnerability
BugTraq ID: 23273
Remote: No
Last Updated: 2007-04-04
Relevant URL: http://www.securityfocus.com/bid/23273
Summary:
Microsoft Windows Graphics Rendering Engine is prone to local privilege-escalation vulnerability.

Successful exploits may result in a complete compromise of affected computers.

23. CyBoards PHP Lite Default_Header.PHP Remote File Include Vulnerability
BugTraq ID: 23306
Remote: Yes
Last Updated: 2007-04-04
Relevant URL: http://www.securityfocus.com/bid/23306
Summary:
CyBoards PHP Lite is prone to a remote file-include vulnerability.

An attacker can exploit this issue to include an arbitrary remote file containing malicious PHP code and execute it in the context of the webserver process. This may allow the attacker to compromise the application and the underlying system; other attacks are also possible.

Version 1.21 is vulnerable; other versions may also be affected.

24. Microsoft Windows Vista LLTD Mapper EMIT Packet Remote Denial Of Service Vulnerability
BugTraq ID: 23271
Remote: Yes
Last Updated: 2007-04-04
Relevant URL: http://www.securityfocus.com/bid/23271
Summary:
Microsoft Windows Vista is prone to a remote denial-of-service vulnerability because the software fails to handle exceptional conditions.

An attacker can exploit this issue to cause a mapping failure, denying further service to legitimate users.

25. Microsoft Windows Vista Teredo Protocol Insecure Connection Weakness
BugTraq ID: 23267
Remote: No
Last Updated: 2007-04-04
Relevant URL: http://www.securityfocus.com/bid/23267
Summary:
Microsoft Windows Vista is prone to a weakness that may result in a false sense of security.

Teredo protocol can become activated without user interaction, which is contradictory to the documentation.

As a result, an affected computer can become vulnerable to attacks that leverage latent Teredo protocol vulnerabilities.

26. Microsoft Windows Vista LLTD Responder Discovery Packet Spoofing Vulnerability
BugTraq ID: 23263
Remote: Yes
Last Updated: 2007-04-04
Relevant URL: http://www.securityfocus.com/bid/23263
Summary:
Microsoft Windows Vista is prone to a vulnerability that permits an attacker to spoof arbitrary hosts through a network-based race condition.

An attacker can exploit this issue to impersonate another host on the network. This may lead to further attacks.

27. ImageMagick XGetPixel/XInitImage Multiple Integer Overflow Vulnerabilities
BugTraq ID: 23300
Remote: Yes
Last Updated: 2007-04-05
Relevant URL: http://www.securityfocus.com/bid/23300
Summary:
ImageMagick is prone to multiple integer-overflow vulnerabilities because it fails to properly validate user-supplied data.

An attacker can exploit these issues to execute arbitrary code in the context of the application. Failed exploit attempts will likely cause denial-of-service conditions.

28. Linux Kernel BINFMT_ELF PT_INTERP Local Information Disclosure Vulnerability
BugTraq ID: 22903
Remote: No
Last Updated: 2007-04-05
Relevant URL: http://www.securityfocus.com/bid/22903
Summary:
The Linux kernel is prone to a vulnerability in the Linux ELF binary loader. Exploiting this issue can allow local attackers to gain access to privileged information.

An attacker may be able to obtain sensitive data that can potentially be used to gain elevated privileges.

This issue is a variant of the vulnerability assigned CVE candidate ID CAN-2004-1073, which is documented in BID 11646.

Linux Kernel versions in the 2.6.0 branch prior to 2.6.20 are vulnerable; versions in the 2.4.0 branch may also be affected.

29. VMware Unspecified Double Free Memory Corruption Vulnerability
BugTraq ID: 23323
Remote: Yes
Last Updated: 2007-04-05
Relevant URL: http://www.securityfocus.com/bid/23323
Summary:
VMware is prone to a double-free memory-corruption vulnerability.

An attacker can exploit this issue to access potentially sensitive information or to cause denial-of-service conditions. Presumably, this issue can be leveraged to execute arbitrary code, but this has not been confirmed.

30. HP Mercury Quality Center ActiveX Control Buffer Overflow Vulnerability.
BugTraq ID: 23239
Remote: Yes
Last Updated: 2007-04-05
Relevant URL: http://www.securityfocus.com/bid/23239
Summary:
HP Mercury Quality Center ActiveX control is prone to a remote buffer-overflow vulnerability because it fails to adequately bounds-check user-supplied input before copying it to an insufficiently sized memory buffer.

Exploiting this issue allows remote attackers to execute arbitrary code in the context of applications using the affected ActiveX control and possibly to compromise affected computers.

HP Mercury Quality Center versions 8.2 SP1 and 9.0 are vulnerable to this issue.

31. Zlib Compression Library Buffer Overflow Vulnerability
BugTraq ID: 14162
Remote: Yes
Last Updated: 2007-04-05
Relevant URL: http://www.securityfocus.com/bid/14162
Summary:
Zlib is susceptible to a buffer-overflow vulnerability. This issue is due to the application's failure to properly validate input data before using it in a memory copy operation.

In certain circumstances, malformed input data during decompression may result in a memory buffer being overflowed. This may result in denial-of-service conditions or may allow remote code to execute in the context of applications that use the affected library.

32. GDB Multiple Vulnerabilities
BugTraq ID: 13697
Remote: Yes
Last Updated: 2007-04-05
Relevant URL: http://www.securityfocus.com/bid/13697
Summary:
GDB is reportedly affected by multiple vulnerabilities. These issues can allow an attacker to execute arbitrary code and commands on an affected computer. A successful attack may allow the attacker to gain elevated privileges or unauthorized access.

The following specific issues were identified:

- a remote heap-overflow vulnerability when loading malformed object files.
- a local privilege-escalation vulnerability.

GDB 6.3 is reportedly affected by these issues; other versions are likely vulnerable as well. GNU binutils 2.14 and 2.15 are affected by the heap-overflow issue as well.

33. ACDSee 9.0 Photo Manager Multiple BMP Denial of Service Vulnerabilities
BugTraq ID: 23317
Remote: Yes
Last Updated: 2007-04-05
Relevant URL: http://www.securityfocus.com/bid/23317
Summary:
ACDSee 9.0 Photo Manager is prone to multiple denial-of-service vulnerabilities because the application fails to properly handle malformed BMP image files.

Successfully exploiting these issues allows attackers to crash the affected application. Due to the nature of the issues, code execution may also be possible, but this has not been confirmed.

Version 9.0 of the application is affected; other versions may also be vulnerable.

34. FireBug Cross Zone Scripting Vulnerability
BugTraq ID: 23315
Remote: Yes
Last Updated: 2007-04-05
Relevant URL: http://www.securityfocus.com/bid/23315
Summary:
FireBug is prone to a cross-zone scripting vulnerability because the application fails to execute code in the proper security context.

Successfully exploiting this issue would allow an attacker to execute arbitrary code within the context of the affected browser.

This issue affects versions prior to 1.03.

35. File(1) Command File_PrintF Integer Underflow Vulnerability
BugTraq ID: 23021
Remote: Yes
Last Updated: 2007-04-05
Relevant URL: http://www.securityfocus.com/bid/23021
Summary:
The file(1) command is prone to an integer-underflow vulnerability because the command fails to adequately handle user-supplied data.

An attacker can leverage this issue to corrupt heap memory and execute arbitrary code with the privileges of a user running the command. A successful attack may result in the compromise of affected computers. Failed attempts will likely cause denial-of-service conditions.

Versions prior to 4.20 are vulnerable.

36. Network Audio System Local Privilege Escalation and Denial of Service Vulnerabilities
BugTraq ID: 23017
Remote: Yes
Last Updated: 2007-04-05
Relevant URL: http://www.securityfocus.com/bid/23017
Summary:
Network Audio System is prone to local privilege-escalation and denial-of-service vulnerabilities.

An attacker can exploit these issues to execute arbitrary commands with root privileges or to overwrite arbitrary system files, resulting in denial-of-service conditions.

Network Audio System version 1.8a is affected; other versions may also be vulnerable.

37. Centrino Intel PRO/Wireless Network Connection Drivers Remote Code Execution Vulnerability
BugTraq ID: 19864
Remote: Yes
Last Updated: 2007-04-05
Relevant URL: http://www.securityfocus.com/bid/19864
Summary:
Intel PRO/Wireless Network Connection drivers are prone to a remote code-execution vulnerability.

An attacker may trigger this vulnerability to corrupt memory and execute arbitrary code in the vulnerable system with kernel-level credentials.

A successful attack can result in a complete compromise of the affected computer.

38. OpenSSL PKCS Padding RSA Signature Forgery Vulnerability
BugTraq ID: 19849
Remote: Yes
Last Updated: 2007-04-05
Relevant URL: http://www.securityfocus.com/bid/19849
Summary:
OpenSSL is prone to a vulnerability that may allow an attacker to forge an RSA signature. The attacker may be able to forge a PKCS #1 v1.5 signature when an RSA key with exponent 3 is used.

An attacker may exploit this issue to sign digital certificates or RSA keys and take advantage of trust relationships that depend on these credentials, possibly posing as a trusted party and signing a certificate or key.

All versions of OpenSSL prior to and including 0.9.7j and 0.9.8b are affected by this vulnerability. Updates are available.

39. SAP RFC_Start_Gui RFC Function Unspecified Buffer Overflow and Informaiton Vulnerabilities
BugTraq ID: 23313
Remote: Yes
Last Updated: 2007-04-05
Relevant URL: http://www.securityfocus.com/bid/23313
Summary:
The SAP RFC Library is prone to an unspecified buffer-overflow issue and an information-disclosure issue.

An attacker could exploit these issues to execute arbitrary code, cause the affected application to crash, or gain access to sensitive information.

40. FastStone Image Viewer Multiple BMP Denial of Service Vulnerabilities
BugTraq ID: 23312
Remote: Yes
Last Updated: 2007-04-05
Relevant URL: http://www.securityfocus.com/bid/23312
Summary:
FastStone Image Viewer is prone to multiple denial-of-service vulnerabilities because the application fails to properly handle malformed BMP image files.

Successfully exploiting these issues allows attackers to crash the affected application. Due to the nature of the issues, code execution may also be possible, but this has not been confirmed.

Version 2.9 of the application is affected; other versions may also be vulnerable.

41. MyBlog Games.PHP Remote File Include Vulnerability
BugTraq ID: 23311
Remote: Yes
Last Updated: 2007-04-05
Relevant URL: http://www.securityfocus.com/bid/23311
Summary:
MyBlog is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data.

Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible.

42. SAP RFC_Set_Reg_Server_Property RFC Function Denial of Service Vulnerability
BugTraq ID: 23309
Remote: Yes
Last Updated: 2007-04-05
Relevant URL: http://www.securityfocus.com/bid/23309
Summary:
The SAP RFC Library is prone to a remote denial-of-service vulnerability.

Exploiting this issue allows remote attackers to deny service to legitimate users of valid SAP RFC servers.

43. SAP RFC Library System_Create_Instance Function Buffer Overflow Vulnerability
BugTraq ID: 23307
Remote: Yes
Last Updated: 2007-04-05
Relevant URL: http://www.securityfocus.com/bid/23307
Summary:
SAP RFC Library is prone to a buffer-overflow vulnerability because it fails to adequately bounds-check user-supplied input before copying it to an insufficiently sized buffer.

Few details regarding this issue are currently available. This BID will be updated as more information emerges.

An attacker can exploit this issue to execute arbitrary commands over external RFC servers. Failed attempts will likely cause denial-of-service conditions.

44. SAP RFC Library Trusted_System_Security Function Information Disclosure Vulnerability
BugTraq ID: 23305
Remote: Yes
Last Updated: 2007-04-05
Relevant URL: http://www.securityfocus.com/bid/23305
Summary:
SAP RFC Library is prone to an information-disclosure vulnerability.

Few details regarding this issue are currently available. This BID will be updated as more information emerges.

An attacker can exploit this issue to access sensitive informaiton.

45. TrueCrypt Mount Set-EUID Local Privilege Escalation Vulnerability
BugTraq ID: 23180
Remote: No
Last Updated: 2007-04-05
Relevant URL: http://www.securityfocus.com/bid/23180
Summary:
Truecrypt is prone to a local privilege-escalation vulnerability.

Exploiting this issue allows local attackers to attain superuser privileges, which can lead to a complete system compromise.

This issue affects version 4.3; earlier versions may also be vulnerable.

46. Portable OpenSSH GSSAPI Remote Code Execution Vulnerability
BugTraq ID: 20241
Remote: Yes
Last Updated: 2007-04-05
Relevant URL: http://www.securityfocus.com/bid/20241
Summary:
Portable OpenSSH is prone to a remote code-execution vulnerability. The issue derives from a race condition in a vulnerable signal handler.

Reportedly, under specific conditions, it is theoretically possible to execute code remotely prior to authentication when GSSAPI authentication is enabled. This has not been confirmed; the chance of a successful exploit of this nature is considered minimal.

On non-Portable OpenSSH implementations, this same race condition can be exploited to cause a pre-authentication denial of service.

This issue occurs when OpenSSH and Portable OpenSSH are configured to accept GSSAPI authentication.

47. XOOPS WF-Section Module Print.PHP SQL Injection Vulnerability
BugTraq ID: 23259
Remote: Yes
Last Updated: 2007-04-05
Relevant URL: http://www.securityfocus.com/bid/23259
Summary:
The XOOPS WF-Section module is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.

This issue affects version 1.01; prior versions may also be affected.

48. OpenSSH Duplicated Block Remote Denial of Service Vulnerability
BugTraq ID: 20216
Remote: Yes
Last Updated: 2007-04-05
Relevant URL: http://www.securityfocus.com/bid/20216
Summary:
OpenSSH is prone to a remote denial-of-service vulnerability because it fails to properly handle incoming duplicate blocks.

Remote attackers may exploit this issue to consume excessive CPU resources, potentially denying service to legitimate users.

This issue occurs only when OpenSSH is configured to accept SSH Version One traffic.

49. SAP RFC_Start_Gui RFC Function Unspecified Buffer Overflow Vulnerability
BugTraq ID: 23304
Remote: Yes
Last Updated: 2007-04-05
Relevant URL: http://www.securityfocus.com/bid/23304
Summary:
The SAP RFC Library is prone to an unspecified buffer-overflow vulnerability because it fails to perform adequate bounds-checking on user-supplied data before copying it to an insufficiently sized buffer.

An attacker could exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.

50. AroundMe Multiple Remote File Include Vulnerabilities
BugTraq ID: 23303
Remote: Yes
Last Updated: 2007-04-05
Relevant URL: http://www.securityfocus.com/bid/23303
Summary:
AROUNDMe is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data.

Exploiting these issues may allow an attacker to compromise the application and the underlying system; other attacks are also possible.

AROUNDMe 0.7.7 is vulnerable; other versions may also be affected.

51. LedgerSMB Unspecified SQL Injection Vulnerabilities
BugTraq ID: 20749
Remote: Yes
Last Updated: 2007-04-05
Relevant URL: http://www.securityfocus.com/bid/20749
Summary:
LedgerSMB is prone to multiple unspecified SQL-injection vulnerabilities because it fails to properly sanitize user-supplied input before using it in an SQL query.

A successful attack could allow an attacker to compromise the application, access or modify data, gain administrative access to the application, or exploit vulnerabilities in the underlying database implementation.

Version 1.1.0 is vulnerable to these issues; other versions may be vulnerable as well.

52. MySpeach Multiple Local And Remote File Include Vulnerabilities
BugTraq ID: 23302
Remote: Yes
Last Updated: 2007-04-05
Relevant URL: http://www.securityfocus.com/bid/23302
Summary:
MySpeach is prone to a remote and local file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data.

Exploiting these issues may allow an attacker to compromise the application and the underlying system; other attacks are also possible.

MySpeach version 3.0.7 is vulnerable to these issues; other versions may also be affected.

53. Trolltech QT UTF-8 Sequences Input Validation Vulnerability
BugTraq ID: 23269
Remote: Yes
Last Updated: 2007-04-05
Relevant URL: http://www.securityfocus.com/bid/23269
Summary:
Trolltech QT is prone to an input-validation vulnerability because the application fails to properly sanitize user-supplied input.

An attacker may leverage this issue to exploit other issues in applications that employ the affected library. A successful attack may allow the attacker to execute arbitrary HTML and script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

Qt versions 3.3.8 and 4.2.3 are known to be vulnerable to this issue; other versions may be affected as well.

54. XOOPS Multiple Modules ViewCat.PHP SQL Injection Vulnerabilities
BugTraq ID: 23229
Remote: Yes
Last Updated: 2007-04-05
Relevant URL: http://www.securityfocus.com/bid/23229
Summary:
Multiple XOOPS Modules are prone to SQL-injection vulnerabilities because they fail to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.

55. ZZipLib ZZip_Open_Shared_IO Stack Buffer Overflow Vulnerability
BugTraq ID: 23013
Remote: Yes
Last Updated: 2007-04-05
Relevant URL: http://www.securityfocus.com/bid/23013
Summary:
ZZIPlib is prone to a remote stack-based buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer.

Exploiting this issue may allow attackers to execute arbitrary machine code in the context of applicaitons using the library. Failed exploit attempts will likely result in a denial-of-service condition.

Versions prior to 0.13.49 are vulnerable.

56. Metamod-P Safevoid_Vsnprintf() Remote Denial of Service Vulnerability
BugTraq ID: 23299
Remote: Yes
Last Updated: 2007-04-05
Relevant URL: http://www.securityfocus.com/bid/23299
Summary:
Metamod-P is prone to a remote denial-of-service vulnerability.

Exploiting this issue allows remote attackers to crash the application, effectively denying service to legitimate users.

Metamod-P version 1.19p29 is vulnerable to this issue; previous versions may be affected as well.

57. Mozilla FireFox FTP PASV Port-Scanning Vulnerability
BugTraq ID: 23082
Remote: Yes
Last Updated: 2007-04-05
Relevant URL: http://www.securityfocus.com/bid/23082
Summary:
Mozilla Firefox is prone to vulnerability that may allow attackers to obtain potentially sensitive information.

A successful exploit of this issue would cause the affected application to connect to arbitrary TCP ports and potentially reveal sensitive information about services that are running on the affected computer. Information obtained may aid attackers in further attacks.

58. IBM Tivoli Business Service Manager NCISETUP.DB and MSI.LOG Password Disclosure Vulnerability
BugTraq ID: 23298
Remote: No
Last Updated: 2007-04-05
Relevant URL: http://www.securityfocus.com/bid/23298
Summary:
IBM Tivoli Business Service Manager is prone to a local password-disclosure vulnerability that arises because of a design error.

A successful attack can allow a local attacker to gain access to various unencrypted passwords, potentially allowing them to access the application in an unauthorized manner.

IBM Tivoli Business Service Manager 4.1 is reported vulnerable to this issue; other versions could be affected as well.

59. KTorrent Multiple Remote Vulnerabilities
BugTraq ID: 22930
Remote: Yes
Last Updated: 2007-04-05
Relevant URL: http://www.securityfocus.com/bid/22930
Summary:
KTorrent is prone to multiple remote vulnerabilities, including a directory-traversal vulnerability and an unspecified vulnerability when processing messages with invalid chunk indexes.

Very little information is known about one of these issues. This BID will be updated as soon as more information becomes available.

An attacker can exploit the directory-traversal issue to overwrite arbitrary files on the user's system. Presumably, the unspecified vulnerability when processing messages with invalid chunk indexes will allow attackers to execute arbitrary code or to cause a denial of service, but this has not been confirmed.

Versions prior to 2.1.2 are vulnerable to these issues.

60. OpenAFS FetchStatus Reply Privilege Escalation Vulnerability
BugTraq ID: 23060
Remote: No
Last Updated: 2007-04-05
Relevant URL: http://www.securityfocus.com/bid/23060
Summary:
OpenAFS is prone to a local privilege-escalation vulnerability.

A local attacker can exploit this issue to execute arbitrary commands with superuser privileges on the affected computer.

OpenAFS 1.4.3 (and prior versions) and 1.5.0 through 1.5.16 are affected by this vulnerability.

61. OpenPBS Multiple Local and Remote Vulnerabilities
BugTraq ID: 20776
Remote: Yes
Last Updated: 2007-04-05
Relevant URL: http://www.securityfocus.com/bid/20776
Summary:
OpenPBS is prone to multiple unspecified remote and local vulnerabilities.

Exploiting these issues may allow both local and remote attackers to completely compromise affected computers because portions of the software operate with superuser privileges. Failed exploit attempts may result in denial-of-service conditions.

Very little information is currently available; this BID will be updated as more information is disclosed.

62. OpenOffice Meta Character Remote Shell Command Execution Vulnerability
BugTraq ID: 22812
Remote: Yes
Last Updated: 2007-04-05
Relevant URL: http://www.securityfocus.com/bid/22812
Summary:
OpenOffice is prone to a vulnerability that allows arbitrary shell commands to run because the software fails to sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary shell commands on an affected computer with the privileges of the applicaiton.

63. WordPress Post_ID Parameter SQL Injection Vulnerability
BugTraq ID: 23294
Remote: Yes
Last Updated: 2007-04-05
Relevant URL: http://www.securityfocus.com/bid/23294
Summary:
WordPress is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.

WordPress 2.1.2 is vulnerable to this issue; other versions may also be affected.

64. TinyMUX Fun_Ladd() Buffer Overflow Vulnerability
BugTraq ID: 23292
Remote: Yes
Last Updated: 2007-04-05
Relevant URL: http://www.securityfocus.com/bid/23292
Summary:
TinyMUX is prone to a stack-based buffer-overflow vulnerability because the software fails to adequately bounds-check user-supplied data before copying it to an insufficiently sized buffer.

An attacker can exploit this issue to crash the application and deny service to legitimate users. This issue may be leveraged to execute arbitrary code with the privileges of the application, but this has not been confirmed.

Version 2.4 is vulnerable; other versions may also be affected.

65. MIT Kerberos 5 KAdminD Server Stack Buffer Overflow Vulnerability
BugTraq ID: 23285
Remote: Yes
Last Updated: 2007-04-05
Relevant URL: http://www.securityfocus.com/bid/23285
Summary:
Kerberos 5 kadmind (Kerberos Administration Daemon) server is prone to a stack-based buffer-overflow vulnerability because the software fails to adequately bounds-check user-supplied data before copying it to an insufficiently sized buffer.

An attacker can exploit this issue to execute arbitrary code with administrative privileges. A successful attack can result in the complete compromise of the application. Failed attempts will likely result in denial-of-service conditions.

All kadmind servers run on the master Kerberos server. Since the master server holds the KDC principal and policy database, an attack may not only compromise the affected computer, but could also compromise multiple hosts that use the server for authentication.

Kerberos 5 kadmind 1.6 and prior versions are vulnerable.

66. AOL SB.SuperBuddy.1 ActiveX Control Remote Code Execution Vulnerability
BugTraq ID: 23224
Remote: Yes
Last Updated: 2007-04-05
Relevant URL: http://www.securityfocus.com/bid/23224
Summary:
AOL SB.SuperBuddy.1 ActiveX control is prone to a remote code-execution vulnerability.

An attacker can invoke the object from a malicious web page to trigger the condition. If the vulnerability is successfully exploited, the attacker may be able to exploit the condition to corrupt process memory, resulting in arbitrary code execution within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.

67. MIT Kerberos Administration Daemon Kadmind Double Free Memory Corruption Vulnerabilities
BugTraq ID: 23282
Remote: Yes
Last Updated: 2007-04-05
Relevant URL: http://www.securityfocus.com/bid/23282
Summary:
MIT Kerberos 5 is prone to a double-free memory-corruption vulnerability.

An attacker can exploit this issue to execute arbitrary code with superuser or SYSTEM-level privileges, completely compromising affected computers. Failed exploit attempts will likely result in a denial-of-service conditions.

This issue also affects third-party applications using the affected API.

68. MIT Kerberos 5 Telnet Daemon Authentication Bypass Vulnerability
BugTraq ID: 23281
Remote: Yes
Last Updated: 2007-04-05
Relevant URL: http://www.securityfocus.com/bid/23281
Summary:
MIT Kerberos 5 is prone to an authentication-bypass vulnerability.

An attacker can exploit this issue to gain superuser or SYSTEM-level privileges on the affected computer. Successfully exploiting this issue will result in the complete compromise of affected computers.

This issue occurs in Kerberos 5 versions 1.6 and prior.

69. EXV2 CMS Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 23314
Remote: Yes
Last Updated: 2007-04-05
Relevant URL: http://www.securityfocus.com/bid/23314
Summary:
eXV2 CMS is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

These issues affect version 2.0.4.3; other versions may also be affected.

70. X.Org X11 XC-MISC Extension Integer Overflow Vulnerability
BugTraq ID: 23284
Remote: No
Last Updated: 2007-04-05
Relevant URL: http://www.securityfocus.com/bid/23284
Summary:
X11 is prone to a local integer-overflow vulnerability because it fails to adequately bounds-check user-supplied input.

An attacker can exploit this vulnerability to execute arbitrary code with superuser privileges. Failed exploit attempts will likely cause denial-of-service conditions.

71. X.Org LibXFont Multiple Integer Overflow Vulnerabilities
BugTraq ID: 23283
Remote: No
Last Updated: 2007-04-05
Relevant URL: http://www.securityfocus.com/bid/23283
Summary:
libXfont is prone to multiple local integer-overflow vulnerabilities because it fails to adequately bounds-check user-supplied data.

An attacker can exploit these vulnerabilities to execute arbitrary code with superuser privileges. Failed exploit attempts will likely cause denial-of-service conditions.

These issues affect version 1.2.2; other versions may also be vulnerable.

72. ESRI ArcSDE Server Stack Buffer Overflow Vulnerability
BugTraq ID: 23175
Remote: Yes
Last Updated: 2007-04-05
Relevant URL: http://www.securityfocus.com/bid/23175
Summary:
ESRI ArcSDE Server is prone to a stack based buffer-overflow vulnerability.

An attacker can exploit this issue on an affected computer to execute code in the context of the affected application.

ESRI ArcSDE Server versions 8.3, 9.0, and 9.1 are vulnerable to this issue.

Note: This BID was initially written as a Denial of Service condition. It has been updated to a stack based buffer-overflow due to the emergence of new information.

73. Yahoo! Messenger Audio Conferencing ActiveX Control Remote Buffer Overflow Vulnerability
BugTraq ID: 23291
Remote: Yes
Last Updated: 2007-04-05
Relevant URL: http://www.securityfocus.com/bid/23291
Summary:
The Audio Conferencing ActiveX control shipped with Yahoo! Messenger is prone to a buffer-overflow vulnerability. The software fails to perform sufficient bounds-checking of user-supplied input before copying it to an insufficiently sized memory buffer.

Yahoo! Messenger versions released prior to March 13, 2007 are vulnerable to this issue.

74. IBM Lotus Domino IMAP Cram-MD5 Buffer Overflow Vulnerability
BugTraq ID: 23172
Remote: Yes
Last Updated: 2007-04-05
Relevant URL: http://www.securityfocus.com/bid/23172
Summary:
IBM Lotus Domino Server is prone to a remote buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it to an insufficiently sized memory buffer.

An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial of service.

75. MySQL Privilege Elevation and Security Bypass Vulnerabilities
BugTraq ID: 19559
Remote: Yes
Last Updated: 2007-04-05
Relevant URL: http://www.securityfocus.com/bid/19559
Summary:
MySQL is prone to these vulnerabilities:

- A privilege-elevation vulnerability. A user with privileges to execute SUID routines may gain elevated privileges by executing certain commands and code with higher privileges.

- A security-bypass vulnerability. A user can bypass restrictions and create new databases.

MySQL 5.0.24 and prior versions are affected by these issues.

76. SolidWorks SLDimdownload ActiveX Control Arbitrary Code Execution Vulnerability
BugTraq ID: 23290
Remote: Yes
Last Updated: 2007-04-05
Relevant URL: http://www.securityfocus.com/bid/23290
Summary:
The SolidWorks sldimdownload.dll ActiveX control is prone to an arbitrary-code-execution vulnerability that will allow remote attackers to execute arbitrary code on an affected computer.

Successful exploits will allow attacker-supplied arbitrary code to run within the context of the affected server. Failed exploit attempts will likely cause denial-of-service conditions.

77. HolaCMS Index_CMS.PHP Cross-Site Scripting Vulnerability
BugTraq ID: 23288
Remote: Yes
Last Updated: 2007-04-05
Relevant URL: http://www.securityfocus.com/bid/23288
Summary:
HolaCMS is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

Version 1.4.10 is vulnerable; other versions may also be affected.

78. XOOPS PopnupBlog Module Index.PHP SQL Injection Vulnerability
BugTraq ID: 23286
Remote: Yes
Last Updated: 2007-04-05
Relevant URL: http://www.securityfocus.com/bid/23286
Summary:
The XOOPS PopnupBlog module is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.

This issue affects version 2.52; other versions may also be affected.

79. KDE Konqueror JavaScript IFrame Denial of Service Vulnerability
BugTraq ID: 22814
Remote: Yes
Last Updated: 2007-04-05
Relevant URL: http://www.securityfocus.com/bid/22814
Summary:
KDE Konqueror is prone to a remote denial-of-service vulnerability because of an error in KDE's JavaScript implementation.

An attacker may exploit this vulnerability to cause Konquerer to crash, resulting in denial-of-service conditions.

Konqueror included with KDE version 3.5.5 is vulnerable; other versions may also be affected.

80. APOP Protocol Insecure MD5 Hash Weakness
BugTraq ID: 23257
Remote: Yes
Last Updated: 2007-04-05
Relevant URL: http://www.securityfocus.com/bid/23257
Summary:
Applications that implement the APOP protocol may be vulnerable to a password-hash weakness. This issue occurs because the MD5 hash algorithm fails to properly prevent collisions.

Attackers may exploit this issue in man-in-the-middle attacks to potentially gain access to the first three characters of passwords. This will increase the likelihood of successful brute-force attacks against APOP authentication.

To limit the possibility of successful exploits, applications that implement the APOP protocol should set up safeguards to ensure that message IDs are RFC-compliant.

Mozilla Thunderbird, Evolution, mutt, and fetchmail are reportedly affected by this issue.

81. XOOPS KShop Module Product_Details.PHP SQL Injection Vulnerability
BugTraq ID: 23272
Remote: Yes
Last Updated: 2007-04-05
Relevant URL: http://www.securityfocus.com/bid/23272
Summary:
The XOOPS KShop module is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.

This issue affects version 1.17; other versions may also be affected.

82. Retired: Kinesis Interactive Cinema System Index.ASP SQL Injection Vulnerability
BugTraq ID: 20607
Remote: Yes
Last Updated: 2007-04-05
Relevant URL: http://www.securityfocus.com/bid/20607
Summary:
Kinesis Interactive Cinema System is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.

Since this is a site-specific issue, this BID is being retired.

83. Mozilla Thunderbird/SeaMonkey/Firefox Multiple Remote Vulnerabilities
BugTraq ID: 22694
Remote: Yes
Last Updated: 2007-04-05
Relevant URL: http://www.securityfocus.com/bid/22694
Summary:
The Mozilla Foundation has released six security advisories specifying vulnerabilities in Firefox, SeaMonkey, and Thunderbird.

These vulnerabilities allow attackers to:

- Execute arbitrary code
- Cause denial-of-service conditions
- Perform cross-site scripting attacks
- Obtain potentially sensitive information
- Spoof legitimate content

Other attacks may also be possible.

84. Mozilla Thunderbird/Seamonkey Rich Text Integer Overflow Vulnerability
BugTraq ID: 22845
Remote: Yes
Last Updated: 2007-04-05
Relevant URL: http://www.securityfocus.com/bid/22845
Summary:
Thunderbird and Seamonkey are prone to an integer-overflow vulnerability because they fail to handle excessively large specially formatted email messages.

A remote attacker can exploit this issue to execute arbitrary code; failed exploit attempts will likely result in denial-of-service conditions.

This issue affects Thunderbird versions prior to 1.5.0.10 and Seamonkey versions prior to 1.0.8.

85. NextPage LivePublish LPEXT.DLL Cross-Site Scripting Vulnerability
BugTraq ID: 23270
Remote: Yes
Last Updated: 2007-04-05
Relevant URL: http://www.securityfocus.com/bid/23270
Summary:
LivePublish is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

Version 2.02 is vulnerable; other versions may also be affected.

86. Owl's Workshop Multiple Remote File Disclosure Vulnerabilities
BugTraq ID: 9689
Remote: Yes
Last Updated: 2007-04-05
Relevant URL: http://www.securityfocus.com/bid/9689
Summary:
Owl's Workshop is reported prone to multiple remote file-disclosure vulnerabilities because the application fails to validate user-supplied input passed via a URI parameter.

Upon successful exploitation of these issues, an attacker may be able to gain access to sensitive system files, potentially facilitating further attacks.

87. Oracle January 2007 Security Update Multiple Vulnerabilities
BugTraq ID: 22083
Remote: Yes
Last Updated: 2007-04-05
Relevant URL: http://www.securityfocus.com/bid/22083
Summary:
Oracle has released a Critical Patch Update advisory for January 2007 to address these vulnerabilities for supported releases. Earlier unsupported releases are likely to be affected by these issues as well.

The issues identified by the vendor affect all security properties of the Oracle products and present local and remote threats. Various levels of authorization are needed to leverage some of the issues, but other issues do not require any authorization. The most severe of the vulnerabilities could possibly expose affected computers to complete compromise.

88. Ventrilo Status Requests Denial Of Service Vulnerability
BugTraq ID: 14644
Remote: Yes
Last Updated: 2007-04-05
Relevant URL: http://www.securityfocus.com/bid/14644
Summary:
Ventrilo is prone to a remote denial-of-service vulnerability because the application fails to handle execeptional conditions.

Successful exploitation will terminate the software, denying service to legitimate users.

89. Mozilla Firefox/Thunderbird/Seamonkey Multiple Remote Vulnerabilities
BugTraq ID: 20042
Remote: Yes
Last Updated: 2007-04-05
Relevant URL: http://www.securityfocus.com/bid/20042
Summary:
The Mozilla Foundation has released six security advisories specifying vulnerabilities in Mozilla Firefox, SeaMonkey, and Thunderbird.

These vulnerabilities allow attackers to:

- execute arbitrary code
- perform cross-site scripting attacks
- supply malicious data through updates
- inject arbitrary content
- execute arbitrary JavaScript
- crash affected applications and potentially execute arbitrary code.

Other attacks may also be possible.

The issues described here will be split into individual BIDs as more information becomes available.

These issues are fixed in:

- Mozilla Firefox version 1.5.0.7
- Mozilla Thunderbird version 1.5.0.7
- Mozilla SeaMonkey version 1.0.5

90. Linux Kernel NFSACL Denial of Service Vulnerability
BugTraq ID: 22625
Remote: No
Last Updated: 2007-04-05
Relevant URL: http://www.securityfocus.com/bid/22625
Summary:
The Linux kernel is prone to a local denial-of-service vulnerability.

An attacker can exploit this issue to crash the affected computer, denying service to legitimate users.

This issue affects the Linux kernel 2.6 series up to 2.6.20.

91. Linux Kernel IPV6_SockGlue.c NULL Pointer Dereference Vulnerability
BugTraq ID: 23142
Remote: No
Last Updated: 2007-04-05
Relevant URL: http://www.securityfocus.com/bid/23142
Summary:
The Linux kernel is prone to a NULL-pointer dereference vulnerability.

A local attacker can exploit this issue to crash the affected application, denying service to legitimate users. The attacker may also be able to execute arbitrary code with elevated privileges, but this has not been confirmed.

92. Linux Kernel IPV6_Getsockopt_Sticky Memory Leak Information Disclosure Vulnerability
BugTraq ID: 22904
Remote: No
Last Updated: 2007-04-05
Relevant URL: http://www.securityfocus.com/bid/22904
Summary:
Linux Kernel is prone to an information-disclosure vulnerability because it fails to handle unexpected user-supplied input.

Successful exploits will allow attackers to obtain portions of kernel memory. Information harvested may be used in further attacks.

Kernel versions 2.6.0 up to 2.6.20.1 are vulnerable to this issue.

93. Linux Kernel Omnikey CardMan 4040 Driver Local Buffer Overflow Vulnerability
BugTraq ID: 22870
Remote: No
Last Updated: 2007-04-05
Relevant URL: http://www.securityfocus.com/bid/22870
Summary:
The Linux kernel is prone to a local buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input before using it in a memory copy operation.

This issue allows local attackers to overwrite kernel memory with arbitrary data, potentially allowing them to execute malicious machine code in the context of affected kernels. Exploiting this vulnerability facilitates the complete compromise of affected computers.

Linux kernel versions prior to 2.6.21-rc3 are affected by this issue.

94. XMMS Skins Integer Overflow And Underflow Vulnerabilities
BugTraq ID: 23078
Remote: Yes
Last Updated: 2007-04-05
Relevant URL: http://www.securityfocus.com/bid/23078
Summary:
XMMS is prone to an integer-overflow vulnerability and an integer-underflow vulnerability because it fails to adequately handle user-supplied data.

An attacker can leverage these issues to corrupt stack-based memory and execute arbitrary code with the privileges of a user running the application. A successful attack may result in the compromise of affected computers. Failed attempts will likely cause denial-of-service conditions.

Version 1.2.10 is vulnerable; other versions may also be affected.

95. Mozilla Firefox JavaScript Handler Race Condition Memory Corruption Vulnerability
BugTraq ID: 19488
Remote: Yes
Last Updated: 2007-04-05
Relevant URL: http://www.securityfocus.com/bid/19488
Summary:
Mozilla Firefox is prone to a remote memory-corruption vulnerability. This issue is due to a race condition that may result in double-free or other memory-corruption issues.

Attackers may likely exploit this issue to execute arbitrary machine code in the context of the vulnerable application, but this has not been confirmed. Failed exploit attempts will likely crash the application.

Mozilla Firefox is vulnerable to this issue. Due to code reuse, other Mozilla products are also likely affected.

96. Mozilla Firefox XML Handler Race Condition Memory Corruption Vulnerability
BugTraq ID: 19534
Remote: Yes
Last Updated: 2007-04-05
Relevant URL: http://www.securityfocus.com/bid/19534
Summary:
Mozilla Firefox is prone to a remote memory-corruption vulnerability because of a race condition that may result in double-free or other memory-corruption issues.

Attackers may likely exploit this issue to execute arbitrary machine code in the context of the vulnerable application, but this has not been confirmed. Failed exploit attempts will likely crash the application.

Mozilla Firefox is vulnerable to this issue. Due to code-reuse, other Mozilla products are also likely affected.

The Flock browser version 0.7.4.1 and the K-Meleon browser version 1.0.1 are also reported vulnerable.

97. Advanced Website Creator SQL Injection Vulnerabilities
BugTraq ID: 23268
Remote: Yes
Last Updated: 2007-04-05
Relevant URL: http://www.securityfocus.com/bid/23268
Summary:
Advanced Website Creator is prone to SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.

These issues affect Advanced Website Creator versions prior to 1.9.0.

98. XFSection Xoops Module Print.PHP SQL Injection Vulnerability
BugTraq ID: 23261
Remote: Yes
Last Updated: 2007-04-05
Relevant URL: http://www.securityfocus.com/bid/23261
Summary:
XFsection is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.

XFsection 1.07 and prior versions are vulnerable; other versions may also be affected.

99. Microsoft April 2007 Advance Notification Multiple Vulnerabilities
BugTraq ID: 23335
Remote: Yes
Last Updated: 2007-04-05
Relevant URL: http://www.securityfocus.com/bid/23335
Summary:
Microsoft has released advance notification that the vendor will be releasing five security bulletins on April 10, 2007. The highest severity rating for these issues is 'Critical'.

Further details about these issues are not currently available. Individual BIDs will be created for each issue; this record will be removed when the security bulletins are released.

100. Sisplet CMS Komentar.PHP Remote File Include Vulnerability
BugTraq ID: 23334
Remote: Yes
Last Updated: 2007-04-05
Relevant URL: http://www.securityfocus.com/bid/23334
Summary:
Sisplet CMS is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data.

Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible.

Version 05.10 is vulnerable; other versions may also be affected.

III. SECURITYFOCUS NEWS ARTICLES
--------------------------------
1. Developers warned to secure AJAX design
By: Robert Lemos
A flaw in the way many asynchronous JavaScript and XML (AJAX) frameworks use the scripting to communicate data between a server and client allows malicious sites to hijack the conversation.
http://www.securityfocus.com/news/11456

2. TJX theft tops 45.6 million card numbers
By: Robert Lemos
In its annual filing to the U.S. Securities and Exchange Commission, the retail giant states that it will never be able to fully account for all the data stolen.
http://www.securityfocus.com/news/11455

3. Groups team to test secure-coding skill
By: Robert Lemos
A coalition of security companies and organizations team to create assessment tests to certify programmers knowledge of secure-coding practices.
http://www.securityfocus.com/news/11454

4. Oracle sues rival for hacking, data theft
By: Robert Lemos
The database and enterprise software firm files a lawsuit against competitor SAP claiming that the German firm pilfered an enormous number of documents and software from Oracle's customer-only support systems.
http://www.securityfocus.com/news/11453

IV. SECURITY JOBS LIST SUMMARY
-------------------------------
V. INCIDENTS LIST SUMMARY
---------------------------
VI. VULN-DEV RESEARCH LIST SUMMARY
-----------------------------------
1. [CFP] VNSECON 07 - Call for Papers / HCMC - August 03-04, 2007
http://www.securityfocus.com/archive/82/464605

VII. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. Discovering Active Direcory users with blank passwords
http://www.securityfocus.com/archive/88/464483

2. SecurityFocus Microsoft Newsletter #335 (fwd)
http://www.securityfocus.com/archive/88/464201

VIII. SUN FOCUS LIST SUMMARY
----------------------------
IX. LINUX FOCUS LIST SUMMARY
----------------------------
X. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to sf-news-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.

XI. SPONSOR INFORMATION
------------------------
This Issue is Sponsored by: Watchfire

As web applications become increasingly complex, tremendous amounts of sensitive data - including personal, medical and financial information - are exchanged, and stored. This paper examines a few vulnerability detection methods - specifically comparing and contrasting manual penetration testing with automated scanning tools. Download Watchfire's "Web Application Security: Automated Scanning or Manual Penetration Testing?" whitepaper today!

https://www.watchfire.com/securearea/whitepapers.aspx?id=701500000008rSe

No comments:

Blog Archive