News

Loading...

Friday, April 20, 2007

SecurityFocus Newsletter #397

SecurityFocus Newsletter #397
----------------------------------------

This Issue is Sponsored by: Kapersky Lab

Try Kaspersky Antivirus 6.0 Software
Download Kaspersky's Award-Winning antivirus & antispyware solution with anti-spam and firewall Free

http://newsletter.industrybrains.com/c?fe;1;5f04b;1000f;345;0;da4


SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1. The Politics of E-Mail
2. Notes On Vista Forensics, Part Two
II. BUGTRAQ SUMMARY
1. KTorrent Multiple Remote Vulnerabilities
2. Vixie Cron ST_Nlink Check Local Denial of Service Vulnerability
3. RETIRED: Freetype Font Files Integer Overflow Vulnerability
4. File(1) Command File_PrintF Integer Underflow Vulnerability
5. Zomplog File.PHP Directory Traversal Vulnerability
6. Squid Proxy TRACE Request Remote Denial of Service Vulnerability
7. McAfee VirusScan On-Access Scanner File Name Buffer Overflow Vulnerability
8. McAfee E-Business Administration Server Authentication Packet Denial of Service Vulnerability
9. Novell SecureLogin Security Bypass And Privilege Escalation Vulnerability
10. PHP Version 5.2.0 and Prior Multiple Vulnerabilities
11. Mozilla Firefox/SeaMonkey/Thunderbird Multiple Remote Vulnerabilities
12. Rezervi Root Parameter Multiple Remote File Include Vulnerabilities
13. Joomla Template Module Index.PHP Remote File Include Vulnerability
14. Mozzers SubSystem Add.PHP Remote Code Execution Vulnerability
15. TurnkeyWebTools Sunshop Multiple Remote File Include Vulnerabilities
16. MailBee WebMail Pro Check_login.ASP Cross-Site Scripting Vulnerability
17. RETIRED: Oracle April Critical Patch Update Advance Notification Vulnerability
18. ProFTPD AUTH Multiple Authentication Module Security Bypass Vulnerability
19. 3proxy HTTP Proxy Request Buffer Overflow Vulnerability
20. MadWIFI Channel Switch Announcement Information Elements Denial of Service Vulnerability
21. MADWiFi IEEE80211_Output.C Unencrypted Data Packet Multiple Vulnerabilities
22. MadWifi Auth Frame IBSS Remote Denial of Service Vulnerability
23. BlueArc Titan FTP Bounce Vulnerability
24. ShoutPro Shoutbox.PHP Remote PHP Code Execution Vulnerability
25. Sun Java Web Console LibWebconsole_Services.SO Format String Vulnerability
26. OllyDbg Debugger Messages Format String Vulnerability
27. Man Command -H Flag Local Buffer Overflow Vulnerability
28. MPlayer DMO File Parsing Buffer Overflow Vulnerability
29. Horde Framework Login.PHP Cross-Site Scripting Vulnerability
30. Vixie Cron Crontab File Disclosure Vulnerability
31. Avahi Compressed DNS Denial Of Service Vulnerability
32. Lighttpd Multiple Remote Denial of Service Vulnerabilities
33. Extremail Buffer Overflow And DNS Spoofing Vulnerabilities
34. Apple Mac OS X 2007-004 Multiple Security Vulnerabilities
35. Microsoft Windows DNS Server Escaped Zone Name Parameter Buffer Overflow Vulnerability
36. FreePBX SIP Packet Multiple HTML Injection Vulnerabilities
37. Exponent CMS Multiple Input Validation Vulnerabilities
38. GraceNote CDDBControl Multple Parameters ActiveX Control Buffer Overflow Vulnerability
39. FreeRadius EAP-TTLS Tunnel Memory Leak Remote Denial Of Service Vulnerability
40. Clam AntiVirus ClamAV Multiple Remote Vulnerabilities
41. PHP Folded Mail Headers Email Header Injection Vulnerability
42. PHP GD Extension WBMP File Integer Overflow Vulnerabilities
43. PHP Mb_Parse_Str Function Register_Globals Activation Weakness
44. GD Graphics Library JIS-Encoded Font Buffer Overflow Vulnerability
45. AimStats Process.PHP Remote Code Execution Vulnerability
46. Objective Development Sharity Unspecified Denial of Service Vulnerability
47. X.Org LibXFont Multiple Integer Overflow Vulnerabilities
48. Microsoft Content Management Server Remote Code Execution Vulnerability
49. Microsoft Content Management Server Cross-Site Scripting Vulnerability
50. Oracle April 2007 Security Update Multiple Vulnerabilities
51. RaidenFTPD Multiple Remote Denial of Service Vulnerabilitie
52. Apple Mac OS X Multiple Applications Multiple Vulnerabilities
53. Apple Installer Package Filename Format String Vulnerability
54. MIT Kerberos 5 RPC Library Remote Code Execution Vulnerability
55. X.Org X11 XC-MISC Extension Integer Overflow Vulnerability
56. NetBSD Ftpd and Tnftpd Port Remote Buffer Overflow Vulnerability
57. GNU Tar Invalid Headers Buffer Overflow Vulnerability
58. Apple Mac OS X Multiple Products Format String Vulnerabilities
59. Fetchmail Multiple Password Information Disclosure Vulnerabilities
60. Mac OS X System Preferences Writeconfig Local Privilege Escalation Vulnerability
61. MIT Kerberos 5 KAdminD Server Stack Buffer Overflow Vulnerability
62. MIT Kerberos Administration Daemon Kadmind Double Free Memory Corruption Vulnerabilities
63. PHP Session_Decode Double Free Memory Corruption Vulnerability
64. PHP ZVAL Reference Counter Integer Overflow Vulnerability
65. PHP ZendEngine Variable Destruction Remote Denial of Service Vulnerability
66. Foxit Reader Malformed PDF File Denial of Service Vulnerability
67. Nullsoft Winamp WMV File Processing Denial of Service Vulnerability
68. OpenAFS for Microsoft Windows Local Denial of Service Vulnerability
69. Fully Modded PHPBB2 PHPBB_Root_Path Remote File Include Vulnerability
70. Creascripts CreaDirectory Error.ASP SQL Injection Vulnerability
71. OpenSurveyPilot Group.Inc.PHP Remote File Include Vulnerability
72. Nortel VPN Routers Multiple Remote Unauthorized Access Vulnerabilities
73. IPSec-Tools Remote Denial Of Service Vulnerability
74. Microsoft Windows Cursor And Icon ANI Format Handling Remote Buffer Overflow Vulnerability
75. Microsoft Windows GDI WMF Remote Denial of Service Vulnerability
76. Microsoft Windows Graphics Rendering Engine EMF File Privilege Escalation Vulnerability
77. Microsoft Windows GDI Invalid Window Size Local Privilege Escalation Vulnerability
78. MXBB MX Smartor Module PHPBB_Root_Path Remote File Include Vulnerability
79. Microsoft Windows Graphics Rendering Engine GDI Local Privilege Escalation Vulnerability
80. Microsoft Windows Graphics Device Interface Font Rasterizer Local Privilege Escalation Vulnerability
81. Microsoft Windows GDI Kernel Local Privilege Escalation Vulnerability
82. Canon Network Camera Server Unspecified Cross Site Scripting Vulnerability
83. Einfacher Passworschutz Index.PHP Cross-Site Scripting Vulnerability
84. Wordpress Pingback SourceURI Denial Of Service and Information Disclosure Vulnerability
85. MIT Kerberos 5 Telnet Daemon Authentication Bypass Vulnerability
86. PHP sqlite_udf_decode_binary() Function Buffer Overflow Vulnerability
87. ImageMagick XGetPixel/XInitImage Multiple Integer Overflow Vulnerabilities
88. PHP EXT/Filter HTML Stripping Bypass Vulnerability
89. Trolltech QT UTF-8 Sequences Input Validation Vulnerability
90. Microsoft Windows Print Spooler Buffer Overflow Vulnerability
91. BMC Performance Manager PatrolAgent.EXE Memory Corruption Vulnerability
92. IBM Tivoli Monitoring Express Universal Agent Multiple Heap Buffer Overflow Vulnerabilities
93. Linksys WAG200G DSL Router/Gateway Information Disclosure Vulnerability
94. BMC Patrol BGS_SDservice.EXE Memory Corruption Vulnerability
95. Novell Groupwise WebAccess GWINTER.EXE Remote Buffer Overflow Vulnerability
96. NuclearBB Multiple SQL Injection Vulnerabilities
97. Dovecot Zlib Plugin Remote Information Disclosure Vulnerability
98. Extreme PHPBB PHPBB_Root_Path Remote File Include Vulnerability
99. EclipseBB Phpbb_Root_Path Remote File Include Vulnerability
100. Second Sight Software Multiple ActiveX Controls Multiple Buffer Overflow Vulnerabilities
III. SECURITYFOCUS NEWS
1. MacBooks withstand mild attacks on patch day
2. Attackers improve on JavaScript trickery
3. U.S. agencies get 'C-' for computer security
4. Developers warned to secure AJAX design
IV. SECURITY JOBS LIST SUMMARY
1. [SJ-JOB] Security Consultant, Dulles
2. [SJ-JOB] Sales Engineer, Phoenix
3. [SJ-JOB] Software Engineer, Mountain View
4. [SJ-JOB] Sales Engineer, Englewood
5. [SJ-JOB] Security Architect, Norcross/Lawrenceville
6. [SJ-JOB] Security Architect, Fort Lauderdale
7. [SJ-JOB] Penetration Engineer, Leeds
8. [SJ-JOB] Security Engineer, Pittsburgh
9. [SJ-JOB] Sales Engineer, Atlanta
10. [SJ-JOB] Channel / Business Development, Redwood City
11. [SJ-JOB] CHECK Team Leader, Leeds
12. [SJ-JOB] Channel / Business Development, Dallas
13. [SJ-JOB] Instructor, Irving
14. [SJ-JOB] Sales Engineer, NYC, Boston, Chicago, DC
V. INCIDENTS LIST SUMMARY
VI. VULN-DEV RESEARCH LIST SUMMARY
1. Yet another SQL injection framework
2. CfP Hack.lu 2007
3. SyScan'07 Call for Papers - End 30th April 2007
4. Linux restricted ASCII Shellcode
VII. MICROSOFT FOCUS LIST SUMMARY
1. Shared drives through a firewall
2. Help with Exploit
VIII. SUN FOCUS LIST SUMMARY
1. Sun Studio 11: C++ 5.8 Compiler
IX. LINUX FOCUS LIST SUMMARY
X. UNSUBSCRIBE INSTRUCTIONS
XI. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1. The Politics of E-Mail
By Mark Rasch
It's springtime in Washington, D.C. The cherry blossoms have bloomed, the tourists descended, and on both sides of Pennsylvania Avenue a new "scandal" is erupting.
http://www.securityfocus.com/columnists/440

2. Notes On Vista Forensics, Part Two
By Jamie Morris
In part one of this series we looked at the different editions of Vista available and discussed the various encryption and backup features which might be of interest to forensic examiners. In this article we will look at the user and system features of Vista which may (or may not) present new challenges for investigators and discuss the use of Vista itself as a platform for forensic analysis.
http://www.securityfocus.com/infocus/1890


II. BUGTRAQ SUMMARY
--------------------
1. KTorrent Multiple Remote Vulnerabilities
BugTraq ID: 22930
Remote: Yes
Last Updated: 2007-04-20
Relevant URL: http://www.securityfocus.com/bid/22930
Summary:
KTorrent is prone to multiple remote vulnerabilities, including a directory-traversal vulnerability and an unspecified vulnerability when processing messages with invalid chunk indexes.

Very little information is known about one of these issues. This BID will be updated as soon as more information becomes available.

An attacker can exploit the directory-traversal issue to overwrite arbitrary files on the user's system. Presumably, the unspecified vulnerability when processing messages with invalid chunk indexes will allow attackers to execute arbitrary code or to cause a denial of service, but this has not been confirmed.

Versions prior to 2.1.2 are vulnerable to these issues.

2. Vixie Cron ST_Nlink Check Local Denial of Service Vulnerability
BugTraq ID: 23520
Remote: No
Last Updated: 2007-04-20
Relevant URL: http://www.securityfocus.com/bid/23520
Summary:
Vixie Cron is prone to a local denial-of-service vulnerability.

This issue occurs when attackers create hard file links to cron files belonging to both privileged and normal users.

A local attacker may exploit this issue to prevent cron files owned by privileged and non-privileged users from being executed at startup or on the next reload of the cron database.

Vixie Cron versions prior to 4.1-r10 are vulnerable.

3. RETIRED: Freetype Font Files Integer Overflow Vulnerability
BugTraq ID: 23402
Remote: No
Last Updated: 2007-04-18
Relevant URL: http://www.securityfocus.com/bid/23402
Summary:
Freetype is prone to a local integer-overflow vulnerability because it fails to adequately bounds-check user-supplied input.

An attacker can exploit this vulnerability to execute arbitrary code with superuser privileges. Failed exploit attempts will likely cause denial-of-service conditions.

This BID has been retired because it is a duplicate of BID 23283.

4. File(1) Command File_PrintF Integer Underflow Vulnerability
BugTraq ID: 23021
Remote: Yes
Last Updated: 2007-04-18
Relevant URL: http://www.securityfocus.com/bid/23021
Summary:
The file(1) command is prone to an integer-underflow vulnerability because the command fails to adequately handle user-supplied data.

An attacker can leverage this issue to corrupt heap memory and execute arbitrary code with the privileges of a user running the command. A successful attack may result in the compromise of affected computers. Failed attempts will likely cause denial-of-service conditions.

Versions prior to 4.20 are vulnerable.

5. Zomplog File.PHP Directory Traversal Vulnerability
BugTraq ID: 23553
Remote: Yes
Last Updated: 2007-04-18
Relevant URL: http://www.securityfocus.com/bid/23553
Summary:
Zomplog is prone to a directory-traversal vulnerability because it fails to properly sanitize user-supplied input.

A remote attacker can exploit this issue to retrieve the contents of arbitrary files in the context of the webserver process.

This issue affects Zomplog 3.8; other versions may also be affected.

6. Squid Proxy TRACE Request Remote Denial of Service Vulnerability
BugTraq ID: 23085
Remote: Yes
Last Updated: 2007-04-18
Relevant URL: http://www.securityfocus.com/bid/23085
Summary:
Squid is prone to a remote denial-of-service vulnerability because the proxy server fails to handle certain TRACE requests.

Successfully exploiting this issue allows remote attackers to crash the affected application, denying futher service to legitimate users.

This issue affects version 2.6.

7. McAfee VirusScan On-Access Scanner File Name Buffer Overflow Vulnerability
BugTraq ID: 23543
Remote: Yes
Last Updated: 2007-04-18
Relevant URL: http://www.securityfocus.com/bid/23543
Summary:
McAfee VirusScan On-Access Scanner is prone to a filename-buffer-overflow vulnerability. The application fails to properly bounds-check user-supplied data before copying it into an insufficiently sized memory buffer.

A remote attacker may exploit this issue to execute arbitrary code on a vulnerable computer with SYSTEM privileges. Failed exploit attempts may disable the On-Access Scanner component of McAfee VirusScan.

McAfee VirusScan On-Access Scanner 8.0i Enterprise Patch 11 and earlier versions are vulnerable to this issue.

8. McAfee E-Business Administration Server Authentication Packet Denial of Service Vulnerability
BugTraq ID: 23544
Remote: Yes
Last Updated: 2007-04-18
Relevant URL: http://www.securityfocus.com/bid/23544
Summary:
McAfee E-Business Administration Server is prone to a remote denial-of-service vulnerability because the application fails to properly handle certain network packets. A successful attack allows a remote attacker to crash the Administration Server, denying further service to legitimate users.

These versions are affected:

E-Business Server 8.5.1 (and earlier) for Windows and Solaris
E-Business Server 8.1.0 (and earlier) for Linux, HP-UX, and AIX

9. Novell SecureLogin Security Bypass And Privilege Escalation Vulnerability
BugTraq ID: 23547
Remote: Yes
Last Updated: 2007-04-18
Relevant URL: http://www.securityfocus.com/bid/23547
Summary:
Novell SecureLogin is prone to a vulnerability that allows attackers to bypass security restrictions as well as a vulnerability that may allow attackers to gain elevated privileges on the affected computer.

These issues affect Novell Access Management Server 3 IR1.

10. PHP Version 5.2.0 and Prior Multiple Vulnerabilities
BugTraq ID: 22496
Remote: Yes
Last Updated: 2007-04-18
Relevant URL: http://www.securityfocus.com/bid/22496
Summary:
PHP version 5.2.0 and prior is prone to multiple security vulnerabilities. Successful exploits could allow an attacker to write files in unauthorized locations, cause a denial-of-service condition, and potentially execute code.

These issues are reported to affect PHP 4.4.4 and prior versions in the 4 branch, and 5.2.0 and prior versions in the 5 branch; other versions may also be vulnerable.

11. Mozilla Firefox/SeaMonkey/Thunderbird Multiple Remote Vulnerabilities
BugTraq ID: 21668
Remote: Yes
Last Updated: 2007-04-18
Relevant URL: http://www.securityfocus.com/bid/21668
Summary:
The Mozilla Foundation has released nine security advisories specifying vulnerabilities in Firefox, SeaMonkey, and Thunderbird.

These vulnerabilities allow attackers to:

- execute arbitrary code
- perform cross-site scripting attacks
- inject arbitrary content
- gain escalated privileges
- crash affected applications and potentially execute arbitrary code.

Other attacks may also be possible.

12. Rezervi Root Parameter Multiple Remote File Include Vulnerabilities
BugTraq ID: 23550
Remote: Yes
Last Updated: 2007-04-18
Relevant URL: http://www.securityfocus.com/bid/23550
Summary:
Rezervi is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data.

Exploiting these issues may allow an attacker to compromise the application and the underlying system; other attacks are also possible.

Rezervi 0.9 is vulnerable; other versions may also be affected.

13. Joomla Template Module Index.PHP Remote File Include Vulnerability
BugTraq ID: 23549
Remote: Yes
Last Updated: 2007-04-18
Relevant URL: http://www.securityfocus.com/bid/23549
Summary:
The Joomla Template module is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied input.

An attacker can exploit these issues to execute malicious PHP code in the context of the webserver process. This may allow the attacker to compromise the application and the underlying system; other attacks are also possible.

This issue affects Template Be2004-2; other versions may also be affected.

14. Mozzers SubSystem Add.PHP Remote Code Execution Vulnerability
BugTraq ID: 23548
Remote: Yes
Last Updated: 2007-04-18
Relevant URL: http://www.securityfocus.com/bid/23548
Summary:
Mozzers SubSystem is prone to a remote code-execution vulnerability because the application fails to sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary PHP code on an affected computer with the privileges of the webserver process.

This issue affects Mozzers SubSystem 1.0; other versions may also be affected.

15. TurnkeyWebTools Sunshop Multiple Remote File Include Vulnerabilities
BugTraq ID: 23511
Remote: Yes
Last Updated: 2007-04-18
Relevant URL: http://www.securityfocus.com/bid/23511
Summary:
SunShop is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data.

Exploiting these issues may allow an attacker to compromise the application and the underlying system; other attacks are also possible.

The vendor has announced that only versions prior to 3.5.1 are vulnerable.

16. MailBee WebMail Pro Check_login.ASP Cross-Site Scripting Vulnerability
BugTraq ID: 23481
Remote: Yes
Last Updated: 2007-04-18
Relevant URL: http://www.securityfocus.com/bid/23481
Summary:
MailBee WebMail Pro is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

This issue affects MailBee WebMail Pro 3.4; other versions may also be affected.

17. RETIRED: Oracle April Critical Patch Update Advance Notification Vulnerability
BugTraq ID: 23403
Remote: Yes
Last Updated: 2007-04-18
Relevant URL: http://www.securityfocus.com/bid/23403
Summary:
Oracle has released advance notification of their April Critical Patch Update that will address 37 vulnerabilities affecting Oracle Database, Oracle Application Server, Oracle Collaboration Suite, Oracle E-Business Suite and Applications, Oracle Enterprise Manager, and Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne.

Oracle will be releasing its April quarterly Critical Patch Update on April 17, 2007.

These issues are documented in BID 23532 (Oracle April 2007 Security Update Multiple Vulnerabilities).

18. ProFTPD AUTH Multiple Authentication Module Security Bypass Vulnerability
BugTraq ID: 23546
Remote: Yes
Last Updated: 2007-04-18
Relevant URL: http://www.securityfocus.com/bid/23546
Summary:
ProFTPD is reported prone to a security-restriction-bypass vulnerability because of an error in the AUTH API.

Attackers may exploit this issue to bypass security controls when multiple modules are configured with disparate authentication policies.

ProFTPD 1.2 and 1.3 branches are reported vulnerable; other versions may be affected as well.

NOTE: The latest version in the CVS repository reportedly addresses this issue.

19. 3proxy HTTP Proxy Request Buffer Overflow Vulnerability
BugTraq ID: 23545
Remote: Yes
Last Updated: 2007-04-18
Relevant URL: http://www.securityfocus.com/bid/23545
Summary:
3proxy is prone to a buffer-overflow vulnerability because it fails to adequately bounds-check user-supplied data before copying it to an insufficiently sized buffer.

Attackers can exploit this issue to cause denial-of-service conditions and possibly to execute arbitrary code with the privileges of the application.

3proxy 0.5 to 0.5.3g and 0.6b-devel before 20070413 are vulnerable to this issue.

20. MadWIFI Channel Switch Announcement Information Elements Denial of Service Vulnerability
BugTraq ID: 23436
Remote: Yes
Last Updated: 2007-04-18
Relevant URL: http://www.securityfocus.com/bid/23436
Summary:
MADWifi is prone to a denial-of-service vulnerability because if fails to properly handle certain network packets.

An attacker may exploit this issue by submitting a maliciously crafted packet to the vulnerable computer.

Attackers can exploit this issue to switch a communication channel, causing loss of communication and thus denying service to legitimate users.

Versions prior to 0.9.3 are vulnerable.

21. MADWiFi IEEE80211_Output.C Unencrypted Data Packet Multiple Vulnerabilities
BugTraq ID: 23434
Remote: No
Last Updated: 2007-04-18
Relevant URL: http://www.securityfocus.com/bid/23434
Summary:
MADWiFi is prone to a denial-of-service vulnerability, an information-disclosure issue, and a packet-spoofing vulnerability. These issues occur because of a design error.

An attacker can exploit these issues to spoof network traffic, crash arbitrary processes, and gain access to sensitive information.

These issues affect versions prior to 0.9.3.

22. MadWifi Auth Frame IBSS Remote Denial of Service Vulnerability
BugTraq ID: 23431
Remote: Yes
Last Updated: 2007-04-18
Relevant URL: http://www.securityfocus.com/bid/23431
Summary:
MADWifi is prone to a remote denial-of-service vulnerability because the application fails to handle certain AUTH frames from an IBSS node.

An attacker can exploit this issue to cause the affected computer to crash, denying further service to legitimate users.

This issue affects MADWifi 0.9.3 and prior versions.

23. BlueArc Titan FTP Bounce Vulnerability
BugTraq ID: 23540
Remote: Yes
Last Updated: 2007-04-18
Relevant URL: http://www.securityfocus.com/bid/23540
Summary:
BlueArc Titan is affected by an FTP-bounce issue that can allow remote attackers to connect between the FTP server and an arbitrary port on another computer.

Successful exploits may allow an attacker to make connections to arbitrary hosts and generate traffic with the identity of the vulnerable FTP server.

This issue affects firmware 4.2.944b; prior versions may also be affected.

24. ShoutPro Shoutbox.PHP Remote PHP Code Execution Vulnerability
BugTraq ID: 23542
Remote: Yes
Last Updated: 2007-04-17
Relevant URL: http://www.securityfocus.com/bid/23542
Summary:
ShoutPro is prone to an arbitrary PHP code-execution vulnerability because the application fails to properly sanitize user-supplied input.

An attacker can exploit this issue to write malicious data to the 'shouts.php' file and execute arbitrary malicious PHP code in the context of the webserver process. This may help the attacker compromise the application and the underlying system; other attacks are also possible.

ShoutPro 1.5.2 is vulnerable; other versions may also be affected.

25. Sun Java Web Console LibWebconsole_Services.SO Format String Vulnerability
BugTraq ID: 23539
Remote: Yes
Last Updated: 2007-04-17
Relevant URL: http://www.securityfocus.com/bid/23539
Summary:
Sun Java Web Console is prone to a format-string vulnerability because the application fails to properly sanitize user-supplied input before passing it as the format specifier to a formatted-printing function.

A successful attack may crash the application or possibly lead to arbitrary code execution, which may help the attacker gain unauthorized access to privileged data or escalate their privileges in the context of the user running the application.

26. OllyDbg Debugger Messages Format String Vulnerability
BugTraq ID: 10742
Remote: Yes
Last Updated: 2007-04-17
Relevant URL: http://www.securityfocus.com/bid/10742
Summary:
OllyDbg is prone to a format-string vulnerability.

This issue occurs when the application handles debugger messages that contain format specifiers.

Debugging a malicious program that is designed to exploit this issue could crash the application or allow arbitrary code to run in the context of the user running the debugger.

27. Man Command -H Flag Local Buffer Overflow Vulnerability
BugTraq ID: 23355
Remote: No
Last Updated: 2007-04-20
Relevant URL: http://www.securityfocus.com/bid/23355
Summary:
The 'man' command is prone to a local buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input before using it in a memory copy operation.

NOTE: Presumably, this issue is exploitable only when 'man' has been installed setuid.

Exploiting this issue allows attackers to execute malicious machine code with the privileges of the 'man' utility. This can result in the compromise of affected computers. Failed exploit attempts will likely result in denial-of-service conditions.

28. MPlayer DMO File Parsing Buffer Overflow Vulnerability
BugTraq ID: 22771
Remote: Yes
Last Updated: 2007-04-20
Relevant URL: http://www.securityfocus.com/bid/22771
Summary:
MPlayer is susceptible to a buffer-overflow vulnerability when it attempts to process malformed video files. This issue occurs because the application fails to perform proper bounds-checking on user-supplied data before copying it to an insufficiently sized memory buffer.

An attacker may exploit this issue to execute arbitrary code with the privileges of the user that activated the vulnerable application. This may facilitate unauthorized access or privilege escalation.

MPlayer version 1.0rc1 is vulnerable to this issue; previous versions may also be affected.

29. Horde Framework Login.PHP Cross-Site Scripting Vulnerability
BugTraq ID: 22984
Remote: Yes
Last Updated: 2007-04-20
Relevant URL: http://www.securityfocus.com/bid/22984
Summary:
Horde Framework is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

Attacker-supplied HTML and script code would execute in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials.

This issue affects versions prior to 3.1.4.

30. Vixie Cron Crontab File Disclosure Vulnerability
BugTraq ID: 13024
Remote: No
Last Updated: 2007-04-20
Relevant URL: http://www.securityfocus.com/bid/13024
Summary:
Vixie cron crontab is reported prone to an information-disclosure vulnerability that may allow local attackers to access users' crontab files.

Reportedly, this issue arises due to a design error resulting in the insecure creation of a temporary file in the '/tmp' directory. This occurs when crontab is executed with the '-e' option used for editing the current crontab.

Attackers may leverage this issue to access potentially sensitive data, which they may use to carry out further attacks against a computer.

Vixie cron 4.1-24_FC3 running on Fedora Core 3 is reported vulnerable. Other versions on different operating systems may be affected as well.

This issue may be specific to Red Hat operating systems and may be related to BID 1845 (HP-UX crontab /tmp File Vulnerability).

31. Avahi Compressed DNS Denial Of Service Vulnerability
BugTraq ID: 21881
Remote: Yes
Last Updated: 2007-04-20
Relevant URL: http://www.securityfocus.com/bid/21881
Summary:
Avahi is prone to a denial-of-service vulnerability.

A remote attacker may exploit this issue to cause the application to crash, denying further service to legitimate users.

Versions prior to 0.6.16 are vulnerable to this issue.

32. Lighttpd Multiple Remote Denial of Service Vulnerabilities
BugTraq ID: 23515
Remote: Yes
Last Updated: 2007-04-20
Relevant URL: http://www.securityfocus.com/bid/23515
Summary:
Lighttpd is prone to multiple remote denial-of-service vulnerabilities because the application fails to properly handle unexpected conditions.

Successfully exploiting these issues allows remote attackers to trigger an infinite loop, consuming excessive CPU resources, or to crash affected servers via a NULL-pointer dereference. This will deny further service to legitimate users.

Lighttpd versions prior to 1.4.14 are vulnerable.

33. Extremail Buffer Overflow And DNS Spoofing Vulnerabilities
BugTraq ID: 23577
Remote: Yes
Last Updated: 2007-04-20
Relevant URL: http://www.securityfocus.com/bid/23577
Summary:
eXtremail is prone to a buffer-overflow issue and DNS-spoofing vulnerabilities that could allow malicious users to trigger denial-of-service conditions, execute remote code with superuser privileges, and perform DNS-spoofing attacks on clients on unprotected networks.

These issues affect eXtremail 2.1 and 2.1.1; other versions may also be affected.

34. Apple Mac OS X 2007-004 Multiple Security Vulnerabilities
BugTraq ID: 23569
Remote: Yes
Last Updated: 2007-04-20
Relevant URL: http://www.securityfocus.com/bid/23569
Summary:
Apple Mac OS X is prone to multiple security vulnerabilities.

These issues affect Mac OS X and various applications, including AFP Client, AirPortDriver module, CoreServices, Libinfo, Login Window, Natd, SMB, System Configuration, URLMount, VideoConference framework, WebDAV, and WebFoundation.

Attackers may exploit these issues to execute arbitrary code, trigger denial-of-service conditions, escalate privileges, overwrite files, and access potentially sensitive information. Both local and remote vulnerabilities are present.

Apple Mac OS X 10.4.9 and prior versions are vulnerable to these issues.

35. Microsoft Windows DNS Server Escaped Zone Name Parameter Buffer Overflow Vulnerability
BugTraq ID: 23470
Remote: Yes
Last Updated: 2007-04-20
Relevant URL: http://www.securityfocus.com/bid/23470
Summary:
Microsoft Windows Domain Name System (DNS) Server Service is prone to a stack-based buffer-overflow vulnerability in its Remote Procedure Call (RPC) interface.

A remote attacker may exploit this issue to run arbitrary code in the context of the DNS Server Service. The DNS service runs in the 'SYSTEM' context.

Successfully exploiting this issue allows attackers to execute arbitrary code, facilitating the remote compromise of affected computers.

Windows Server 2000 Service Pack 4, Windows Server 2003 Service Pack 1, and Windows Server 2003 Service Pack 2 are confirmed vulnerable to this issue.

Microsoft Windows 2000 Professional SP4, Windows XP SP2, and Windows Vista are not affected by this vulnerability.

36. FreePBX SIP Packet Multiple HTML Injection Vulnerabilities
BugTraq ID: 23575
Remote: Yes
Last Updated: 2007-04-20
Relevant URL: http://www.securityfocus.com/bid/23575
Summary:
FreePBX is prone to multiple HTML-injection vulnerabilities because it fails to sufficiently sanitize user-supplied input data before using it in dynamically generated content.

Attacker-supplied HTML and script code may be executed in the context of the affected web application, potentially allowing the attacker to steal cookie-based authentication credentials, control how the web application is displayed to the user, or manipulate the underlying PBX application; other attacks are also possible.

FreePBX 2.2. series is vulnerable to these issues.

37. Exponent CMS Multiple Input Validation Vulnerabilities
BugTraq ID: 23574
Remote: Yes
Last Updated: 2007-04-20
Relevant URL: http://www.securityfocus.com/bid/23574
Summary:
Exponent CMS is prone to multiple input-validation vulnerabilities because the application fails to properly sanitize user-supplied input.

Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, execute arbitrary script code in the context of the webserver process, control how the site is rendered to the user, compromise the application, obtain sensitive information, and access or modify data.

38. GraceNote CDDBControl Multple Parameters ActiveX Control Buffer Overflow Vulnerability
BugTraq ID: 23567
Remote: Yes
Last Updated: 2007-04-20
Relevant URL: http://www.securityfocus.com/bid/23567
Summary:
GraceNote CDDBControl ActiveX control is prone to multiple stack-based buffer-overflow vulnerabilities.

An attacker can invoke the object from a malicious web page to trigger the condition. If the vulnerabilities are successfully exploited, the attacker may be able to corrupt process memory and execute arbitrary code within the context of the affected application.

39. FreeRadius EAP-TTLS Tunnel Memory Leak Remote Denial Of Service Vulnerability
BugTraq ID: 23466
Remote: Yes
Last Updated: 2007-04-20
Relevant URL: http://www.securityfocus.com/bid/23466
Summary:
FreeRADIUS is prone to a denial-of-service vulnerability.

This vulnerability presents itself when an attacker sends malformed data inside an EAP-TTLS tunnel.

40. Clam AntiVirus ClamAV Multiple Remote Vulnerabilities
BugTraq ID: 23473
Remote: Yes
Last Updated: 2007-04-20
Relevant URL: http://www.securityfocus.com/bid/23473
Summary:
ClamAV is prone to a file-descriptor leakage vulnerability and a buffer-overflow vulnerability.

A successful attack may allow an attacker to obtain sensitive information, cause denial-of-service conditions, and execute arbitrary code in the context of the user running the affected application.

ClamAV versions prior to 0.90.2 are vulnerable to these issues.

41. PHP Folded Mail Headers Email Header Injection Vulnerability
BugTraq ID: 23145
Remote: Yes
Last Updated: 2007-04-20
Relevant URL: http://www.securityfocus.com/bid/23145
Summary:
PHP is prone to an email-header-injection vulnerability because it fails to properly sanitize user-supplied input when constructing email messages.

Exploiting this issue allows a malicious user to create arbitrary email headers, and then create and transmit spam messages from the affected computer.

The following versions are vulnerable:

PHP 4 up to and including 4.4.6
PHP 5 up to and including 5.2.1

42. PHP GD Extension WBMP File Integer Overflow Vulnerabilities
BugTraq ID: 23357
Remote: Yes
Last Updated: 2007-04-20
Relevant URL: http://www.securityfocus.com/bid/23357
Summary:
PHP's GD extension is prone to two integer-overflow vulnerabilities because it fails to ensure that integer values aren't overrun.

Successfully exploiting these issues allows attackers to crash the affected application, potentially denying service to legitimate users. Due to the nature of the issues, code execution may also be possible, but this has not been confirmed.

PHP 5.2.1 and prior versions are vulnerable.

43. PHP Mb_Parse_Str Function Register_Globals Activation Weakness
BugTraq ID: 23016
Remote: Yes
Last Updated: 2007-04-20
Relevant URL: http://www.securityfocus.com/bid/23016
Summary:
PHP is prone to a weakness that allows attackers to enable the 'register_globals' directive because the application fails to handle a memory-limit exception.

Enabling the PHP 'register_globals' directive may allow attackers to further exploit latent vulnerabilities in PHP scripts.

This issue is related to the weakness found in the non-multibyte 'parse_str()' from BID 15249 - PHP Parse_Str Register_Globals Activation Weakness.

This issue affects PHP versions 4 to 4.4.6 and 5 to 5.2.1.

44. GD Graphics Library JIS-Encoded Font Buffer Overflow Vulnerability
BugTraq ID: 22289
Remote: Yes
Last Updated: 2007-04-20
Relevant URL: http://www.securityfocus.com/bid/22289
Summary:
The GD graphics library is prone to a buffer-overflow vulnerability.

An attacker can exploit this issue to cause denial-of-service conditions in applications implementing the affected library. Arbitrary code execution may also be possible; this has not been confirmed.

45. AimStats Process.PHP Remote Code Execution Vulnerability
BugTraq ID: 23573
Remote: Yes
Last Updated: 2007-04-20
Relevant URL: http://www.securityfocus.com/bid/23573
Summary:
AimStats is prone to a remote code-execution vulnerability because the application fails to sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary PHP code on an affected computer with the privileges of the webserver process.

This issue affects AimStats 3.2; other versions may also be affected.

46. Objective Development Sharity Unspecified Denial of Service Vulnerability
BugTraq ID: 23572
Remote: Yes
Last Updated: 2007-04-20
Relevant URL: http://www.securityfocus.com/bid/23572
Summary:
Objective Development Sharity is prone to an unspecified denial-of-service vulnerability.

A successful attack allows a remote attacker to crash the deamon, denying further service to legitimate users.

Objective Development Sharity versions prior to 3.3 are reported vulnerable.

47. X.Org LibXFont Multiple Integer Overflow Vulnerabilities
BugTraq ID: 23283
Remote: No
Last Updated: 2007-04-20
Relevant URL: http://www.securityfocus.com/bid/23283
Summary:
The 'libXfont' library is prone to multiple local integer-overflow vulnerabilities because it fails to adequately bounds-check user-supplied data.

An attacker can exploit these vulnerabilities to execute arbitrary code with superuser privileges. Failed exploit attempts will likely cause denial-of-service conditions.

These issues affect libXfont 1.2.2; other versions may also be vulnerable.

48. Microsoft Content Management Server Remote Code Execution Vulnerability
BugTraq ID: 22861
Remote: Yes
Last Updated: 2007-04-20
Relevant URL: http://www.securityfocus.com/bid/22861
Summary:
Microsoft Content Management Server (MCMS) is prone to an arbitrary code-execution vulnerability because the software fails to properly validate user-supplied input.

Exploiting this issue allows remote attackers to execute arbitrary machine code on affected computers with the privileges of the vulnerable application.

49. Microsoft Content Management Server Cross-Site Scripting Vulnerability
BugTraq ID: 22860
Remote: Yes
Last Updated: 2007-04-20
Relevant URL: http://www.securityfocus.com/bid/22860
Summary:
Microsoft Content Management Server (MCMS) is prone to an unspecified cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials, spoof content, or perform actions on behalf of the victim user; this could aid in further attacks.

50. Oracle April 2007 Security Update Multiple Vulnerabilities
BugTraq ID: 23532
Remote: Yes
Last Updated: 2007-04-20
Relevant URL: http://www.securityfocus.com/bid/23532
Summary:
Oracle has released a Critical Patch Update advisory for April 2007 to address these vulnerabilities for supported releases. Earlier unsupported releases are likely to be affected by these issues as well.

The issues identified by the vendor affect all security properties of the Oracle products and present local and remote threats. Various levels of authorization are needed to leverage some of the issues, but other issues do not require any authorization. The most severe of the vulnerabilities could possibly expose affected computers to complete compromise.

51. RaidenFTPD Multiple Remote Denial of Service Vulnerabilitie
BugTraq ID: 23570
Remote: Yes
Last Updated: 2007-04-20
Relevant URL: http://www.securityfocus.com/bid/23570
Summary:
RaidenFTPD is prone to multiple remote denial-of-service vulnerabilities because the application fails to properly handle user-supplied input.

Exploiting these issues allows remote attackers to crash the application, denying further service to legitimate users.

These issues affect RaidenFTPD 2.4; other versions may also be vulnerable.

52. Apple Mac OS X Multiple Applications Multiple Vulnerabilities
BugTraq ID: 22948
Remote: Yes
Last Updated: 2007-04-20
Relevant URL: http://www.securityfocus.com/bid/22948
Summary:
Mac OS X is prone to multiple vulnerabilities including stack-based buffer-overflow issues, denial-of-service vulnerabilities, two memory-corruption issues, an integer-overflow issue, two authentication-bypass issues, an information-disclosure vulnerability, and an insecure command-execution issue.

An attacker can exploit these issues to execute arbitrary code in the context of the user running the application, cause denial-of-service conditions, compromise the application, and access or modify data.

Few details regarding these issues are currently available. Separate BIDs for each issue will be created as new information becomes available.

Mac OS X and Mac OS X Server versions 10.3.9 and 10.4 through 10.4.8 are vulnerable.

53. Apple Installer Package Filename Format String Vulnerability
BugTraq ID: 22272
Remote: Yes
Last Updated: 2007-04-20
Relevant URL: http://www.securityfocus.com/bid/22272
Summary:
Apple Installer is prone to a format-string vulnerability because the application fails to properly sanitize user-supplied input before passing it as the format specifier to a formatted-printing function.

A successful attack may crash the application or possibly allow the attacker to execute arbitrary code. This may facilitate unauthorized access or privilege escalation in the context of the user running the application.

Apple Installer Version 2.1.5 on Mac OS X 10.4.8 is vulnerable to this issue; other versions may also be affected.

54. MIT Kerberos 5 RPC Library Remote Code Execution Vulnerability
BugTraq ID: 21970
Remote: Yes
Last Updated: 2007-04-20
Relevant URL: http://www.securityfocus.com/bid/21970
Summary:
MIT Kerberos 5 is prone to a remote code-execution vulnerability. This issue resides in the server-side portion of the Kerberos RPC library. Currently, the 'kadmind' service is known to be vulnerable, but other applications that use this library may also be affected.

An attacker can exploit this issue to execute arbitrary code with administrative privileges, completely compromising affected computers. Failed exploit attempts will result in a denial of service. After a Kerberos database computer has been compromised, attackers may gain unauthorized access to
other services that rely on the Kerberos infrastructure for authentication.

55. X.Org X11 XC-MISC Extension Integer Overflow Vulnerability
BugTraq ID: 23284
Remote: No
Last Updated: 2007-04-20
Relevant URL: http://www.securityfocus.com/bid/23284
Summary:
X11 is prone to a local integer-overflow vulnerability because it fails to adequately bounds-check user-supplied input.

An attacker can exploit this vulnerability to execute arbitrary code with superuser privileges. Failed exploit attempts will likely cause denial-of-service conditions.

56. NetBSD Ftpd and Tnftpd Port Remote Buffer Overflow Vulnerability
BugTraq ID: 21377
Remote: Yes
Last Updated: 2007-04-20
Relevant URL: http://www.securityfocus.com/bid/21377
Summary:
NetBSD ftpd and tnftpd are prone to a remote buffer-overflow vulnerability. This issue is due to an off-by-one error; it allows attackers to corrupt memory.

Remote attackers may execute arbitrary machine code in the context of the user running the affected application. Failed attempts will likely result in denial-of-service conditions.

57. GNU Tar Invalid Headers Buffer Overflow Vulnerability
BugTraq ID: 16764
Remote: Yes
Last Updated: 2007-04-20
Relevant URL: http://www.securityfocus.com/bid/16764
Summary:
GNU Tar is prone to a buffer overflow when handling invalid headers. Successful exploitation could potentially lead to arbitrary code execution, but this has not been confirmed.

Tar versions 1.14 and above are vulnerable.

58. Apple Mac OS X Multiple Products Format String Vulnerabilities
BugTraq ID: 22326
Remote: Yes
Last Updated: 2007-04-20
Relevant URL: http://www.securityfocus.com/bid/22326
Summary:
Multiple products for Mac OS X are prone to multiple remote format-string vulnerabilities. The affected applications include Help Viewer, Safari, iPhoto, and iMovie.

Exploiting these issues can allow attacker-supplied data to be written to arbitrary memory locations, which can facilitate the execution of arbitrary machine code with the privileges of a targeted application. Failed exploit attempts will likely crash the application.

Help Viewer 3.0.0, Safari 2.0.4, iMovie HD 6.0.3, and iPhoto 6.0.5 are reported affected; other versions may be vulnerable as well.

59. Fetchmail Multiple Password Information Disclosure Vulnerabilities
BugTraq ID: 21903
Remote: Yes
Last Updated: 2007-04-20
Relevant URL: http://www.securityfocus.com/bid/21903
Summary:
Fetchmail is prone to multiple information-disclosure vulnerabilities because the application discloses information about user passwords.

An attacker can exploit these issue to access sensitive information that may aid the attacker in other attacks.

These issues affect versions prior to 6.3.6-rc4

60. Mac OS X System Preferences Writeconfig Local Privilege Escalation Vulnerability
BugTraq ID: 22148
Remote: No
Last Updated: 2007-04-20
Relevant URL: http://www.securityfocus.com/bid/22148
Summary:
Mac OS X is prone to a local privilege-escalation vulnerability because the 'System Preferences' utility fails to verify the 'PATH' environment variable.

A successful attack can allow local attackers to gain superuser privileges.

Mac OS X 10.4.8 is reported vulnerable; other versions may be affected as well.

61. MIT Kerberos 5 KAdminD Server Stack Buffer Overflow Vulnerability
BugTraq ID: 23285
Remote: Yes
Last Updated: 2007-04-20
Relevant URL: http://www.securityfocus.com/bid/23285
Summary:
Kerberos 5 kadmind (Kerberos Administration Daemon) server is prone to a stack-based buffer-overflow vulnerability because the software fails to adequately bounds-check user-supplied data before copying it to an insufficiently sized buffer.

An attacker can exploit this issue to execute arbitrary code with administrative privileges. A successful attack can result in the complete compromise of the application. Failed attempts will likely result in denial-of-service conditions.

All kadmind servers run on the master Kerberos server. Since the master server holds the KDC principal and policy database, an attack may not only compromise the affected computer, but could also compromise multiple hosts that use the server for authentication.

Kerberos 5 kadmind 1.6 and prior versions are vulnerable.

62. MIT Kerberos Administration Daemon Kadmind Double Free Memory Corruption Vulnerabilities
BugTraq ID: 23282
Remote: Yes
Last Updated: 2007-04-20
Relevant URL: http://www.securityfocus.com/bid/23282
Summary:
MIT Kerberos 5 is prone to a double-free memory-corruption vulnerability.

An attacker can exploit this issue to execute arbitrary code with superuser or SYSTEM-level privileges, completely compromising affected computers. Failed exploit attempts will likely result in a denial-of-service conditions.

This issue also affects third-party applications using the affected API.

63. PHP Session_Decode Double Free Memory Corruption Vulnerability
BugTraq ID: 23121
Remote: No
Last Updated: 2007-04-20
Relevant URL: http://www.securityfocus.com/bid/23121
Summary:
PHP is prone to a double-free memory-corruption vulnerability.

Attackers may be able to exploit this issue to execute arbitrary code in the context of the webserver process or to cause denial-of-service conditions.

This issue is proven to be locally exploitable. Remote attack vectors may also be possible, but this is yet to be confirmed.

This issue affects PHP versions 4.4.5 and 4.4.6.

64. PHP ZVAL Reference Counter Integer Overflow Vulnerability
BugTraq ID: 22765
Remote: Yes
Last Updated: 2007-04-20
Relevant URL: http://www.securityfocus.com/bid/22765
Summary:
PHP is prone to an integer-overflow vulnerability because it fails to ensure that integer values are not overrun.

A local attacker can exploit this vulnerability to execute arbitrary PHP scripts within the context of the affected application. Failed exploit attempts will likely cause denial-of-service conditions.

Note: According to 'MOPB-04-2007:PHP 4 unserialize() ZVAL Reference Counter Overflow', this issue may be remotely triggered in PHP 4.4.4 environments because many legacy PHP applications still use 'unserialize()' on user-supplied data. 'Unserialize()' uses the '__wakeup()' method of deserialized objects in an unsafe manner that may lead to remote arbitrary code execution. This BID has been changed to reflect the possibility of remote exploitation in PHP 4.4.4 environments.

65. PHP ZendEngine Variable Destruction Remote Denial of Service Vulnerability
BugTraq ID: 22764
Remote: Yes
Last Updated: 2007-04-20
Relevant URL: http://www.securityfocus.com/bid/22764
Summary:
PHP is prone to a denial-of-service vulnerability because it fails to properly sanitize user-supplied input.

An attacker who can run PHP code on a vulnerable computer may exploit this vulnerability to crash PHP and the webserver, denying service to legitimate users.

This issue affects all versions of PHP.

66. Foxit Reader Malformed PDF File Denial of Service Vulnerability
BugTraq ID: 23576
Remote: Yes
Last Updated: 2007-04-20
Relevant URL: http://www.securityfocus.com/bid/23576
Summary:
Foxit Reader is prone to a denial-of-service vulnerability.

An attacker can exploit this issue to crash the affected application, denying service to legitimate users.

This issue affects Foxit Reader 2.0; other versions may also be affected.

67. Nullsoft Winamp WMV File Processing Denial of Service Vulnerability
BugTraq ID: 23568
Remote: Yes
Last Updated: 2007-04-19
Relevant URL: http://www.securityfocus.com/bid/23568
Summary:
Nullsoft Winamp is prone to a denial-of-service vulnerability when processing malformed WMV files.

Successfully exploiting this issue allows remote attackers to crash affected applications. Code execution may also be possible, but this has not been confirmed.

This issue is reported to affect Winamp 5.3; other versions may also be affected.

68. OpenAFS for Microsoft Windows Local Denial of Service Vulnerability
BugTraq ID: 23566
Remote: No
Last Updated: 2007-04-19
Relevant URL: http://www.securityfocus.com/bid/23566
Summary:
OpenAFS for Microsoft Windows is prone to a local denial-of-service vulnerability because the application fails to properly handle unexpected conditions.

Successfully exploiting this issue allows local attackers to trigger computer crashes. These crashes will occur every time Windows tries to start, creating a prolonged denial-of-service condition.

Versions of OpenAFS prior to 1.5.19 running on Windows are vulnerable.

Note that this issue is present only if MIT Kerberos for Windows is also installed on vulnerable computers.

69. Fully Modded PHPBB2 PHPBB_Root_Path Remote File Include Vulnerability
BugTraq ID: 23565
Remote: Yes
Last Updated: 2007-04-19
Relevant URL: http://www.securityfocus.com/bid/23565
Summary:
Fully Modded PHPBB2 is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data.

Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible.

70. Creascripts CreaDirectory Error.ASP SQL Injection Vulnerability
BugTraq ID: 23564
Remote: Yes
Last Updated: 2007-04-19
Relevant URL: http://www.securityfocus.com/bid/23564
Summary:
Creascripts CreaDirectory is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.

Creascripts CreaDirectory 1.2 is vulnerable; other versions may also be affected.

71. OpenSurveyPilot Group.Inc.PHP Remote File Include Vulnerability
BugTraq ID: 23563
Remote: Yes
Last Updated: 2007-04-19
Relevant URL: http://www.securityfocus.com/bid/23563
Summary:
OpenSurveyPilot is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data.

Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible.

This issue affects OpenSurveyPilot 1.2.1; other versions may also be affected.

72. Nortel VPN Routers Multiple Remote Unauthorized Access Vulnerabilities
BugTraq ID: 23562
Remote: Yes
Last Updated: 2007-04-19
Relevant URL: http://www.securityfocus.com/bid/23562
Summary:
Nortel VPN routers are prone to multiple remote unauthorized-access vulnerabilities due to design errors.

Successful exploits will allow attackers to access administrative functionality and completely compromise vulnerable devices or gain direct access to the private network.

This issue affects all model numbers for Nortel VPN Routers 1000, 2000, 4000, 5000. Nortel VPN routers were formerly known as Contivity.

73. IPSec-Tools Remote Denial Of Service Vulnerability
BugTraq ID: 23394
Remote: Yes
Last Updated: 2007-04-19
Relevant URL: http://www.securityfocus.com/bid/23394
Summary:
IPSec-Tools is affected by a remote denial-of-service vulnerability because the application fails to properly handle certain network packets.

A successful attack allows a remote attacker to crash the application, denying further service to legitimate users.

IPSec-Tools versions prior to 0.6.7 are vulnerable to this issue.

74. Microsoft Windows Cursor And Icon ANI Format Handling Remote Buffer Overflow Vulnerability
BugTraq ID: 23194
Remote: Yes
Last Updated: 2007-04-19
Relevant URL: http://www.securityfocus.com/bid/23194
Summary:
Microsoft Windows is prone to a stack buffer-overflow vulnerability because of insufficient format validation that occurs when handling malformed ANI cursor or icon files.

An attacker can exploit this issue to execute arbitrary code with the privileges of an unsuspecting user. A successful attack can result in the compromise of affected user accounts and computers.

This issue affects Windows Vista, Windows XP SP2, and Windows Server 2003 SP1 when running Internet Explorer 6 and 7; other versions and client applications may also be affected.

Microsoft has recently disclosed that Outlook 2007 is not vulnerable, that Windows Mail on Vista is vulnerable in replying to or forwarding emails containing malicious ANI files, and that Outlook Express is vulnerable to this issue.

Third-party applications such as browsers that handle ANI files and call the ANI rendering functionality in GDI pose an attack vector for this vulnerability.

75. Microsoft Windows GDI WMF Remote Denial of Service Vulnerability
BugTraq ID: 23275
Remote: Yes
Last Updated: 2007-04-19
Relevant URL: http://www.securityfocus.com/bid/23275
Summary:
Microsoft Windows is prone to a remote denial-of-service vulnerability because the software fails to handle malicious WMF files.

Exploiting this issue may cause Microsoft Windows to crash, denying service to legitimate users.

76. Microsoft Windows Graphics Rendering Engine EMF File Privilege Escalation Vulnerability
BugTraq ID: 23278
Remote: No
Last Updated: 2007-04-19
Relevant URL: http://www.securityfocus.com/bid/23278
Summary:
Microsoft Windows Graphics Rendering Engine is prone to a local privilege-escalation vulnerability when rendering malformed EMF image files.

An attacker may exploit this issue to execute arbitrary code with SYSTEM-level privileges, facilitating the complete compromise of affected computers.

77. Microsoft Windows GDI Invalid Window Size Local Privilege Escalation Vulnerability
BugTraq ID: 23277
Remote: No
Last Updated: 2007-04-19
Relevant URL: http://www.securityfocus.com/bid/23277
Summary:
Microsoft Windows is prone to a local privilege-escalation vulnerability.

An attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges. A successful exploit will result in the complete compromise of affected computers. Failed exploit attempts will result in a denial-of-service condition.

78. MXBB MX Smartor Module PHPBB_Root_Path Remote File Include Vulnerability
BugTraq ID: 23561
Remote: Yes
Last Updated: 2007-04-19
Relevant URL: http://www.securityfocus.com/bid/23561
Summary:
The mxBB MX Smartor module is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data.

Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible.

This issue affects MX Smartor 2.0 RC1; other versions may also be affected.

79. Microsoft Windows Graphics Rendering Engine GDI Local Privilege Escalation Vulnerability
BugTraq ID: 23273
Remote: No
Last Updated: 2007-04-19
Relevant URL: http://www.securityfocus.com/bid/23273
Summary:
Microsoft Windows Graphics Rendering Engine is prone to local privilege-escalation vulnerability.

Successful exploits may result in a complete compromise of affected computers.

80. Microsoft Windows Graphics Device Interface Font Rasterizer Local Privilege Escalation Vulnerability
BugTraq ID: 23276
Remote: No
Last Updated: 2007-04-19
Relevant URL: http://www.securityfocus.com/bid/23276
Summary:
Microsoft Windows GDI Font Rasterizer is prone to a local privilege-escalation vulnerability.

An attacker can exploit this issue to gain complete control of an affected computer. Failed attempts will likely cause the operating system to crash, resulting in denial-of-service conditions.

81. Microsoft Windows GDI Kernel Local Privilege Escalation Vulnerability
BugTraq ID: 20940
Remote: No
Last Updated: 2007-04-19
Relevant URL: http://www.securityfocus.com/bid/20940
Summary:
Microsoft Windows is prone to a local privilege-escalation vulnerability because data structures mapped by the GDI Kernel can be re-mapped as read-write by other processes.

An attacker could exploit this issue to execute arbitrary machine code with SYSTEM-level privileges. A successful exploit could result in the complete compromise of the affected computer. Failed attempts could cause denial-of-service conditions.

82. Canon Network Camera Server Unspecified Cross Site Scripting Vulnerability
BugTraq ID: 23560
Remote: Yes
Last Updated: 2007-04-19
Relevant URL: http://www.securityfocus.com/bid/23560
Summary:
Canon Network Camera Server is prone to an unspecified cross-site scripting vulnerability because the application fails to sufficiently sanitize user-supplied data.

Exploiting this issue may help the attacker steal cookie-based authentication credentials and launch other attacks.

These versions of Canon Network Camera Server are vulnerable:

- VB100 firmware V3.0 R69 (and earlier)
- VB101 firmware V3.0 R69 (and earlier)
- VB150 firmware V1.1 R39 (and earlier)

83. Einfacher Passworschutz Index.PHP Cross-Site Scripting Vulnerability
BugTraq ID: 23395
Remote: Yes
Last Updated: 2007-04-19
Relevant URL: http://www.securityfocus.com/bid/23395
Summary:
Einfacher Passworschutz is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

84. Wordpress Pingback SourceURI Denial Of Service and Information Disclosure Vulnerability
BugTraq ID: 22220
Remote: Yes
Last Updated: 2007-04-19
Relevant URL: http://www.securityfocus.com/bid/22220
Summary:
Wordpress is prone to a denial-of-service vulnerability and an information-disclosure vulnerability.

Attackers can exploit these issues to consume memory and bandwidth resources, denying service to legitimate users, or to gain information that may aid in further attacks.

Versions prior to 2.1 are vulnerable.

85. MIT Kerberos 5 Telnet Daemon Authentication Bypass Vulnerability
BugTraq ID: 23281
Remote: Yes
Last Updated: 2007-04-19
Relevant URL: http://www.securityfocus.com/bid/23281
Summary:
MIT Kerberos 5 is prone to an authentication-bypass vulnerability.

An attacker can exploit this issue to gain superuser or SYSTEM-level privileges on the affected computer. Successfully exploiting this issue will result in the complete compromise of affected computers.

This issue occurs in Kerberos 5 versions 1.6 and prior.

86. PHP sqlite_udf_decode_binary() Function Buffer Overflow Vulnerability
BugTraq ID: 23235
Remote: Yes
Last Updated: 2007-04-19
Relevant URL: http://www.securityfocus.com/bid/23235
Summary:
PHP is prone to a buffer-overflow vulnerability because the application fails to perform boundary checks before copying user-supplied data to insufficiently sized memory buffers.

An attacker can exploit this issue to execute arbitrary machine code in the context of the affected webserver. Failed exploit attempts will likely crash the webserver, denying service to legitimate users.

This issue affects PHP versions prior to 4.4.5 and 5.2.1.

87. ImageMagick XGetPixel/XInitImage Multiple Integer Overflow Vulnerabilities
BugTraq ID: 23300
Remote: Yes
Last Updated: 2007-04-19
Relevant URL: http://www.securityfocus.com/bid/23300
Summary:
ImageMagick is prone to multiple integer-overflow vulnerabilities because it fails to properly validate user-supplied data.

An attacker can exploit these issues to execute arbitrary code in the context of the application. Failed exploit attempts will likely cause denial-of-service conditions.

88. PHP EXT/Filter HTML Stripping Bypass Vulnerability
BugTraq ID: 22914
Remote: Yes
Last Updated: 2007-04-19
Relevant URL: http://www.securityfocus.com/bid/22914
Summary:
The PHP ext/filter content filter is prone to a filter-bypass vulnerability.

Successful exploitation can allow an attacker to bypass the security filter responsible for blocking potentially malicious HTML content.

An attacker can exploit this issue in PHP applications that use the vulnerable filter to potentially inject malicious HTML content.

89. Trolltech QT UTF-8 Sequences Input Validation Vulnerability
BugTraq ID: 23269
Remote: Yes
Last Updated: 2007-04-19
Relevant URL: http://www.securityfocus.com/bid/23269
Summary:
Trolltech QT is prone to an input-validation vulnerability because the application fails to properly sanitize user-supplied input.

An attacker may leverage this issue to exploit other issues in applications that employ the affected library. A successful attack may allow the attacker to execute arbitrary HTML and script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

Qt versions 3.3.8 and 4.2.3 are known to be vulnerable to this issue; other versions may be affected as well.

90. Microsoft Windows Print Spooler Buffer Overflow Vulnerability
BugTraq ID: 14514
Remote: Yes
Last Updated: 2007-04-19
Relevant URL: http://www.securityfocus.com/bid/14514
Summary:
Microsoft Windows Print Spooler service is prone to a buffer-overflow vulnerability.

Specifically, this issue occurs when the Print Spooler service handles malformed messages containing excessive data.

Exploiting this vulnerability allows attackers to escalate their privileges and gain unauthorized remote access, depending on the underlying operating system. A successful attack may allow an attacker to execute arbitrary code, which can allow the attacker to gain SYSTEM privileges.

91. BMC Performance Manager PatrolAgent.EXE Memory Corruption Vulnerability
BugTraq ID: 23559
Remote: Yes
Last Updated: 2007-04-19
Relevant URL: http://www.securityfocus.com/bid/23559
Summary:
BMC Performance Manager is prone to a memory-corruption vulnerability.

An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial of service.

92. IBM Tivoli Monitoring Express Universal Agent Multiple Heap Buffer Overflow Vulnerabilities
BugTraq ID: 23558
Remote: Yes
Last Updated: 2007-04-19
Relevant URL: http://www.securityfocus.com/bid/23558
Summary:
IBM Tivoli Monitoring Express Universal Agent is prone to multiple buffer-overflow vulnerabilities because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized memory buffer.

An attacker can exploit these issues to execute arbitrary code within the context of the vulnerable application. This may facilitate the compromise of affected servers. To leverage these issues, the attacker does not need to authenticate.

IBM Tivoli Monitoring Express 6.1 is affected.

93. Linksys WAG200G DSL Router/Gateway Information Disclosure Vulnerability
BugTraq ID: 23063
Remote: Yes
Last Updated: 2007-04-19
Relevant URL: http://www.securityfocus.com/bid/23063
Summary:
Linksys WAG200G is prone to a vulnerability that may disclose sensitive information.

An attacker can exploit this issue to retrieve sensitive information that may aid in further attacks.

This issue affects firmware version 1.01.01; other versions may also be vulnerable.

94. BMC Patrol BGS_SDservice.EXE Memory Corruption Vulnerability
BugTraq ID: 23557
Remote: Yes
Last Updated: 2007-04-19
Relevant URL: http://www.securityfocus.com/bid/23557
Summary:
BMC Patrol is prone to a memory-corruption vulnerability.

An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial of service.

95. Novell Groupwise WebAccess GWINTER.EXE Remote Buffer Overflow Vulnerability
BugTraq ID: 23556
Remote: Yes
Last Updated: 2007-04-19
Relevant URL: http://www.securityfocus.com/bid/23556
Summary:
Novell Groupwise WebAccess is prone to a remote buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.

An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.

96. NuclearBB Multiple SQL Injection Vulnerabilities
BugTraq ID: 23555
Remote: Yes
Last Updated: 2007-04-19
Relevant URL: http://www.securityfocus.com/bid/23555
Summary:
NuclearBB is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.

These issues affect NuclearBB Alpha 1; other versions may also be affected.

97. Dovecot Zlib Plugin Remote Information Disclosure Vulnerability
BugTraq ID: 23552
Remote: Yes
Last Updated: 2007-04-19
Relevant URL: http://www.securityfocus.com/bid/23552
Summary:
Dovecot is prone to an information-disclosure vulnerability.

An attacker can exploit this issue to access sensitive information that may lead to further attacks.

98. Extreme PHPBB PHPBB_Root_Path Remote File Include Vulnerability
BugTraq ID: 22708
Remote: Yes
Last Updated: 2007-04-18
Relevant URL: http://www.securityfocus.com/bid/22708
Summary:
Extreme PHPBB is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data.

Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible.

This issue affects version 3.0.1; other versions may also be vulnerable.

99. EclipseBB Phpbb_Root_Path Remote File Include Vulnerability
BugTraq ID: 22283
Remote: Yes
Last Updated: 2007-04-18
Relevant URL: http://www.securityfocus.com/bid/22283
Summary:
EclipseBB is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data.

Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible.

EclipseBB 0.5.0 Lite is vulnerable to this issue.

100. Second Sight Software Multiple ActiveX Controls Multiple Buffer Overflow Vulnerabilities
BugTraq ID: 23554
Remote: Yes
Last Updated: 2007-04-18
Relevant URL: http://www.securityfocus.com/bid/23554
Summary:
Second Sight Software ActiveGS and ActiveMod ActiveX controls are prone to multiple buffer-overflow vulnerabilities because the software fails to properly bounds-check user-supplied data before copying it into an insufficiently sized memory buffer.

Exploiting these issues allows remote attackers to execute arbitrary code in the context of applications using the affected ActiveX controls and to compromise affected computers. Failed attempts will likely result in denial-of-service conditions.

III. SECURITYFOCUS NEWS ARTICLES
--------------------------------
1. MacBooks withstand mild attacks on patch day
By: Robert Lemos
On the same day that Apple releases an update for its Mac OS X, security professionals at a conference in Canada show little initial interest in attempting to crack the security of two MacBook Pros.
http://www.securityfocus.com/news/11460

2. Attackers improve on JavaScript trickery
By: Robert Lemos
Latest malicious software throws in more obfuscation and works harder to foil defenders' attempts at reverse engineering.
http://www.securityfocus.com/news/11459

3. U.S. agencies get 'C-' for computer security
By: Robert Lemos
In an annual report card mandated by federal law, two dozen federal agencies improve their average grade slightly from last year's 'D+'.
http://www.securityfocus.com/news/11458

4. Developers warned to secure AJAX design
By: Robert Lemos
A flaw in the way many asynchronous JavaScript and XML (AJAX) frameworks use the scripting to communicate data between a server and client allows malicious sites to hijack the conversation.
http://www.securityfocus.com/news/11456

IV. SECURITY JOBS LIST SUMMARY
-------------------------------
1. [SJ-JOB] Security Consultant, Dulles
http://www.securityfocus.com/archive/77/466466

2. [SJ-JOB] Sales Engineer, Phoenix
http://www.securityfocus.com/archive/77/466460

3. [SJ-JOB] Software Engineer, Mountain View
http://www.securityfocus.com/archive/77/466457

4. [SJ-JOB] Sales Engineer, Englewood
http://www.securityfocus.com/archive/77/466458

5. [SJ-JOB] Security Architect, Norcross/Lawrenceville
http://www.securityfocus.com/archive/77/466467

6. [SJ-JOB] Security Architect, Fort Lauderdale
http://www.securityfocus.com/archive/77/466468

7. [SJ-JOB] Penetration Engineer, Leeds
http://www.securityfocus.com/archive/77/466461

8. [SJ-JOB] Security Engineer, Pittsburgh
http://www.securityfocus.com/archive/77/466469

9. [SJ-JOB] Sales Engineer, Atlanta
http://www.securityfocus.com/archive/77/466451

10. [SJ-JOB] Channel / Business Development, Redwood City
http://www.securityfocus.com/archive/77/466452

11. [SJ-JOB] CHECK Team Leader, Leeds
http://www.securityfocus.com/archive/77/466459

12. [SJ-JOB] Channel / Business Development, Dallas
http://www.securityfocus.com/archive/77/466447

13. [SJ-JOB] Instructor, Irving
http://www.securityfocus.com/archive/77/466454

14. [SJ-JOB] Sales Engineer, NYC, Boston, Chicago, DC
http://www.securityfocus.com/archive/77/466448

V. INCIDENTS LIST SUMMARY
---------------------------
VI. VULN-DEV RESEARCH LIST SUMMARY
-----------------------------------
1. Yet another SQL injection framework
http://www.securityfocus.com/archive/82/466299

2. CfP Hack.lu 2007
http://www.securityfocus.com/archive/82/466292

3. SyScan'07 Call for Papers - End 30th April 2007
http://www.securityfocus.com/archive/82/466293

4. Linux restricted ASCII Shellcode
http://www.securityfocus.com/archive/82/465865

VII. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. Shared drives through a firewall
http://www.securityfocus.com/archive/88/463468

2. Help with Exploit
http://www.securityfocus.com/archive/88/458938

VIII. SUN FOCUS LIST SUMMARY
----------------------------
1. Sun Studio 11: C++ 5.8 Compiler
http://www.securityfocus.com/archive/92/465859

IX. LINUX FOCUS LIST SUMMARY
----------------------------
X. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to sf-news-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.

XI. SPONSOR INFORMATION
------------------------
This Issue is Sponsored by: Kapersky Lab

Try Kaspersky Antivirus 6.0 Software
Download Kaspersky's Award-Winning antivirus & antispyware solution with anti-spam and firewall Free

http://newsletter.industrybrains.com/c?fe;1;5f04b;1000f;345;0;da4

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Blog Archive