----------------------------------------
This Issue is Sponsored by: Watchfire
As web applications become increasingly complex, tremendous amounts of sensitive data - including personal, medical and financial information - are exchanged, and stored. This paper examines a few vulnerability detection methods - specifically comparing and contrasting manual penetration testing with automated scanning tools. Download Watchfire's "Web Application Security: Automated Scanning or Manual Penetration Testing?" whitepaper today!
https://www.watchfire.com/securearea/whitepapers.aspx?id=701500000008uPd
SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs
------------------------------------------------------------------
I. FRONT AND CENTER
1. Time for a new certification
2. 0wning Vista from the boot
II. BUGTRAQ SUMMARY
1. Apple Quicktime Unspecified Java Handling Arbitrary Code Execution Vulnerability
2. Ariadne Index.PHP Cross-Site Scripting Vulnerability
3. RETIRED: AFFLib GetLock Local Race Condition Vulnerability
4. ImageMagick XGetPixel/XInitImage Multiple Integer Overflow Vulnerabilities
5. MyDNS Multiple Remote Dynamic DNS Update Vulnerabilities
6. ManageEngine Password Manager Pro Database Remote Unauthorized Access Vulnerability
7. PostgreSQL SECURITY DEFINER Function Local Privilege Escalation Vulnerability
8. IrfanView .IFF Format Handling Remote Buffer Overflow Vulnerability
9. Clam AntiVirus ClamAV PDF Handling Remote Denial Of Service Vulnerability
10. Linux Kernel IPV6_Getsockopt_Sticky Memory Leak Information Disclosure Vulnerability
11. Symantec Multiple Products Local Buffer Overflow and Information Disclosure Vulnerabilities
12. BurnCMS Root Parameter Multiple Remote File Include Vulnerabilities
13. Hitachi Groupmax Mobile Option Unspecified Remote Buffer Overflow Vulnerability
14. PHP Array_User_Key_Compare Function Memory Corruption Vulnerability
15. Clam AntiVirus ClamAV Multiple Remote Vulnerabilities
16. PHP Zip_Entry_Read() Integer Overflow Vulnerability
17. Gazi Download Portal Down_Indir.ASP SQL Injection Vulnerability
18. PHP Session_Decode Double Free Memory Corruption Vulnerability
19. IPIX Image Well ActiveX Controls Multiple Buffer Overflow Vulnerabilities
20. LibWPD Library Multiple Buffer Overflow Vulnerabilities
21. NCTsoft NCTAudioFile2 ActiveX Control Remote Buffer Overflow Vulnerability
22. IPv6 Protocol Type 0 Route Header Denial of Service Vulnerability
23. Dovecot Zlib Plugin Remote Information Disclosure Vulnerability
24. PHP ZVAL Reference Counter Integer Overflow Vulnerability
25. Mozilla Network Security Services Library Remote Denial of Service Vulnerability
26. IPSec-Tools Remote Denial Of Service Vulnerability
27. RealNetwork RealPlayer RA File Handling Remote Denial of Service Vulnerability
28. Sun Java System Directory Server Uninitialized Pointer Remote Memory Corruption Vulnerability
29. ZoneAlarm VSdatant Driver Denial of Service Vulnerability
30. Office OCX PowerPoint Viewer ActiveX Denial of Service Vulnerabilities
31. VMware Multiple Denial Of Service Vulnerabilities
32. Wordpress PHP_Self Cross-Site Scripting Vulnerability
33. Wordpress WP_Title Function HTML Injection Vulnerability
34. QEMU Multiple Local Vulnerabilities
35. WordPress Post_ID Parameter SQL Injection Vulnerability
36. Cerulean Studios Trillian Multiple IRC Module UTF-8 Vulnerabilities
37. X.Org LibXFont Multiple Integer Overflow Vulnerabilities
38. KTorrent Multiple Remote Vulnerabilities
39. Apache HTTP Server Tomcat Directory Traversal Vulnerability
40. Winamp MP4 File Parsing Buffer Overflow Vulnerability
41. Apple Mac OS X AppleTalk AIOCRegLocalZN IOCTL Stack Buffer Overflow Vulnerability
42. Nukedit Search.ASP Cross-Site Scripting Vulnerability
43. Sun Java Web Start Unauthorized Access Vulnerability
44. Info-ZIP UnZip File Name Buffer Overflow Vulnerability
45. Info-ZIP UnZip CHMod File Permission Modification Race Condition Weakness
46. W3C Libwww Multiple Vulnerabilities
47. FastJar Archive Extraction Directory Traversal Vulnerability
48. E-Annu Home.PHP SQL Injection Vulnerability
49. GDB DWARF Multiple Buffer Overflow Vulnerabilities
50. BusyBox Insecure Password Hash Weakness
51. VIM Feedkeys and Writefile Functions Remote Code Execution Vulnerabilities
52. CPIO File Size Stack Buffer Overflow Vulnerability
53. Shadow-Utils UserAdd Local Insecure Permissions Vulnerability
54. GNOME Foundation GDM .ICEauthority Improper File Permissions Vulnerability
55. OpenLDAP SLAPD Access Control Circumvention Vulnerability
56. VMware Workstation Shared Folders Directory Traversal Vulnerability
57. Linux Kernel UTrace Unspecified Local Denial of Service Vulnerability
58. OPeNDAP Server3 Remote Command Execution Vulnerability
59. Psipuss Editusers.PHP SQL Injection Vulnerability
60. Aventail Connect Hostname Remote Buffer Overflow Vulnerability
61. MyServer Unspecified Denial Of Service Vulnerability
62. LMS Druk.PHP Cross Site Scripting Vulnerability
63. Adobe Acrobat Reader Unspecified Heap Corruption Vulnerability
64. Adobe Reader Plugin Open Parameters Cross-Site Scripting Vulnerability
65. Pi3Web Overly Long HTTP Request Denial Of Service Vulnerability
66. Imager 8 Bit BMP Heap Based Buffer Overflow Vulnerability
67. Imageview Fileview.PHP Local File Include Vulnerability
68. Red Hat Directory Server Multiple Cross Site Scripting Vulnerabilities
69. N/X WCMS PCLTar.PHP Remote File Include Vulnerability
70. OpenVMS Exception Handling Local Denial of Service Vulnerability
71. Sun Java System Directory Server BER Decoding Denial Of Service Vulnerability
72. Red Hat Sendmail Localhost.Localdomain Email Spoofing Vulnerability
73. X.Org X Window System Xserver XRender Extension Divide by Zero Denial of Service Vulnerability
74. Psi-labs Photo Upload Share Script SQL Injection and Unauthorized Access Vulnerability
75. ISC BIND Query_AddSOA Denial Of Service Vulnerability
76. Wordpress Plugins Multiple Remote File Include Vulnerabilities
77. LFTP MirrorJob::HandleFile Arbitrary Command Injection Vulnerability
78. GIMP RAS File Buffer Overflow Vulnerability
79. Linux Kernel IPV6_SockGlue.c NULL Pointer Dereference Vulnerability
80. Opera Malicious HTML Processing Denial of Service Vulnerability
81. PHP Folded Mail Headers Email Header Injection Vulnerability
82. PHP PHP_Binary Heap Information Leak Vulnerability
83. PHP Session_Regenerate_ID Function Double Free Memory Corruption Vulnerability
84. 3proxy HTTP Proxy Request Buffer Overflow Vulnerability
85. The Merchant Index.PHP Remote File Include Vulnerability
86. RETIRED: Seir Anphin File.PHP Local File Include Vulnerability
87. RETIRED: Sphider Index.PHP Remote File Include Vulnerability
88. Iputils Rarpd Remote Denial Of Service Vulnerability
89. TCExam SessionUserLang Remote PHP Code Execution Vulnerability
90. TCExam $_SERVER[] Cross-Site Scripting Vulnerability
91. HP Power Manager Remote Agent Local Privilege Escalation Vulnerability
92. Fenice Remote Buffer Overflow and Denial Of Service Vulnerabilities
93. Wordpress MyGallery Plugin Remote File Include Vulnerability
94. PHP Msg_Receive() Memory Allocation Integer Overflow Vulnerability
95. PHP EXT/Filter HTML Stripping Bypass Vulnerability
96. PHP EXT/Filter Function Remote Buffer Overflow Vulnerability
97. PNFlashGames PostNuke Module Index.PHP SQL Injection Vulnerability
98. Multiple Image Editing Applications .PNG Format Handling Remote Buffer Overflow Vulnerability
99. Linux Kernel CapiUtil.c Buffer Overflow Vulnerability
100. Beast Resource Limit Local Denial Of Service Vulnerability
III. SECURITYFOCUS NEWS
1. E-Gold charged with money laundering
2. A Mac gets whacked, a second survives
3. MacBooks withstand mild attacks on patch day
4. Attackers improve on JavaScript trickery
IV. SECURITY JOBS LIST SUMMARY
1. [SJ-JOB] Application Security Engineer, Mt. Prospect
2. [SJ-JOB] Sales Engineer, Annapolis
3. [SJ-JOB] Security System Administrator, MILWAUKEE
4. [SJ-JOB] Security Consultant, New York
5. [SJ-JOB] Security Product Manager, Mt. Prospect
6. [SJ-JOB] Security Architect, MOUNT PROSPECT
7. [SJ-JOB] Sr. Security Analyst, Fort Lauderdale
8. [SJ-JOB] Sales Engineer, Bay Area
V. INCIDENTS LIST SUMMARY
VI. VULN-DEV RESEARCH LIST SUMMARY
1. Help developing an exploit
VII. MICROSOFT FOCUS LIST SUMMARY
1. Restrict Windows login to certain IPs/hosts for certain domain accounts?
2. SecurityFocus Microsoft Newsletter #339
VIII. SUN FOCUS LIST SUMMARY
1. Sun Application Server Drop Privs
IX. LINUX FOCUS LIST SUMMARY
X. UNSUBSCRIBE INSTRUCTIONS
XI. SPONSOR INFORMATION
I. FRONT AND CENTER
---------------------
1. Time for a new certification
By Don Parker
I wrote a column for Securityfocus some time ago that aired my concerns over GIAC dropping the practical portion of their certification process. That column resulted in a lot of feedback, with most agreeing about how GIAC bungled what was up till then, the best certification around.
http://www.securityfocus.com/columnists/443
2. 0wning Vista from the boot
By Federico Biancuzzi
Federico Biancuzzi interviews Nitin and Vipin Kumar, authors of VBootkit, a rootkit that is able to load from Windows Vista boot-sectors. They discuss the "features" of their code, the support of the various versions of Vista, the possibility to place it inside the BIOS (it needs around 1500 bytes), and the chance to use it to bypass Vista's product activation or avoid DRM.
http://www.securityfocus.com/columnists/442
II. BUGTRAQ SUMMARY
--------------------
1. Apple Quicktime Unspecified Java Handling Arbitrary Code Execution Vulnerability
BugTraq ID: 23608
Remote: Yes
Last Updated: 2007-05-01
Relevant URL: http://www.securityfocus.com/bid/23608
Summary:
QuickTime is prone to a vulnerability that may aid in the remote compromise of a vulnerable computer.
The issue occurs when a Java-enabled browser is used to view a malicious website. QuickTime must also be installed. Few details are currently available regarding this issue. This BID will be updated as more information emerges.
This issue is exploitable through both Safari and Mozilla Firefox running on Mac OS X. Reports indicate that Firefox on Windows platforms may also be an exploit vector.
Reports also indicate that Internet Explorer 6 and 7 running on Windows XP may be an exploit vector, but that a sandboxing feature may interfere with successful exploits. Neither of these points has been confirmed.
2. Ariadne Index.PHP Cross-Site Scripting Vulnerability
BugTraq ID: 23735
Remote: Yes
Last Updated: 2007-05-01
Relevant URL: http://www.securityfocus.com/bid/23735
Summary:
Ariadne is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
This issue affects Ariadne 2.4.1; other versions may also be vulnerable.
3. RETIRED: AFFLib GetLock Local Race Condition Vulnerability
BugTraq ID: 23696
Remote: No
Last Updated: 2007-04-30
Relevant URL: http://www.securityfocus.com/bid/23696
Summary:
AFFLIB is prone to a local race-condition vulnerability.
An attacker can exploit this issue to cause arbitrary files to be overwritten. A successful exploit will result in denial-of-service conditions.
Versions prior to 2.2.6 are vulnerable.
UPDATE: This BID is being retired because information provided by the vendor shows that the application is not prone to this vulnerability.
4. ImageMagick XGetPixel/XInitImage Multiple Integer Overflow Vulnerabilities
BugTraq ID: 23300
Remote: Yes
Last Updated: 2007-04-30
Relevant URL: http://www.securityfocus.com/bid/23300
Summary:
ImageMagick is prone to multiple integer-overflow vulnerabilities because it fails to properly validate user-supplied data.
An attacker can exploit these issues to execute arbitrary code in the context of the application. Failed exploit attempts will likely cause denial-of-service conditions.
5. MyDNS Multiple Remote Dynamic DNS Update Vulnerabilities
BugTraq ID: 23694
Remote: Yes
Last Updated: 2007-04-30
Relevant URL: http://www.securityfocus.com/bid/23694
Summary:
MyDNS is prone to two remote denial-of-service vulnerabilities that stem from flaws in MyDNS's dynamic DNS update feature.
Successfully exploiting these issues allows remote attackers to crash affected applications, denying service to legitimate users. Given the nature of one of the issues, remote code-execution may also be possible, but this has not been confirmed.
MyDNS 1.1.0 is vulnerable to these issues; other versions may also be affected.
6. ManageEngine Password Manager Pro Database Remote Unauthorized Access Vulnerability
BugTraq ID: 23693
Remote: Yes
Last Updated: 2007-04-30
Relevant URL: http://www.securityfocus.com/bid/23693
Summary:
ManageEngine Password Manager Pro is prone to a remote unauthorized-access vulnerability due to a design error.
An attacker may leverage this issue to gain unauthorized access to the application's database with administrative privileges. Successful exploits will result in a complete compromise of vulnerable applications and may aid in further attacks.
7. PostgreSQL SECURITY DEFINER Function Local Privilege Escalation Vulnerability
BugTraq ID: 23618
Remote: No
Last Updated: 2007-04-30
Relevant URL: http://www.securityfocus.com/bid/23618
Summary:
PostgreSQL is prone to a local privilege-escalation vulnerability.
Exploiting this issue allows local attackers to escalate privileges in the context of the 'security_definer' function.
PostgreSQL versions prior to 8.2.4, 8.1.9, 8.0.13, 7.4.17, and 7.3.19 are vulnerable to this issue.
8. IrfanView .IFF Format Handling Remote Buffer Overflow Vulnerability
BugTraq ID: 23692
Remote: Yes
Last Updated: 2007-04-30
Relevant URL: http://www.securityfocus.com/bid/23692
Summary:
IrfanView is prone to a remote buffer-overflow vulnerability because the software fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer.
Successful exploits allow remote attackers to execute arbitrary machine code in the context of the vulnerable application. Failed exploit attempts likely result in denial-of-service conditions.
IrfanView 4.00 is vulnerable; other versions may also be affected.
9. Clam AntiVirus ClamAV PDF Handling Remote Denial Of Service Vulnerability
BugTraq ID: 23656
Remote: Yes
Last Updated: 2007-04-30
Relevant URL: http://www.securityfocus.com/bid/23656
Summary:
ClamAV is prone to a denial-of-service vulnerability.
A successful attack may allow an attacker to cause denial-of-service conditions.
10. Linux Kernel IPV6_Getsockopt_Sticky Memory Leak Information Disclosure Vulnerability
BugTraq ID: 22904
Remote: No
Last Updated: 2007-04-30
Relevant URL: http://www.securityfocus.com/bid/22904
Summary:
Linux Kernel is prone to an information-disclosure vulnerability because it fails to handle unexpected user-supplied input.
Successful exploits will allow attackers to obtain portions of kernel memory. Information harvested may be used in further attacks.
Kernel versions 2.6.0 up to 2.6.20.1 are vulnerable to this issue.
11. Symantec Multiple Products Local Buffer Overflow and Information Disclosure Vulnerabilities
BugTraq ID: 23654
Remote: No
Last Updated: 2007-04-30
Relevant URL: http://www.securityfocus.com/bid/23654
Summary:
Multiple Symantec products are prone to a buffer-overflow and an information-disclosure vulnerability.
Attackers may exploit these issues to execute arbitrary code on a vulnerable computer with SYSTEM-level privilleges or to gain access to sensitive information.
These vulnerabilities affect Norton Ghost, Norton Save & Recovery, LiveState Recovery, and BackupExec System Recover.
12. BurnCMS Root Parameter Multiple Remote File Include Vulnerabilities
BugTraq ID: 23691
Remote: Yes
Last Updated: 2007-04-30
Relevant URL: http://www.securityfocus.com/bid/23691
Summary:
burnCMS is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data.
Exploiting these issues may allow an attacker to compromise the application and the underlying system; other attacks are also possible.
burnCMS 0.2 is vulnerable; other versions may also be affected.
13. Hitachi Groupmax Mobile Option Unspecified Remote Buffer Overflow Vulnerability
BugTraq ID: 23690
Remote: Yes
Last Updated: 2007-04-30
Relevant URL: http://www.securityfocus.com/bid/23690
Summary:
Hitachi Groupmax Mobile Option is prone to a remote buffer-overflow vulnerability because the software fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer.
Successful exploits allow remote attackers to execute arbitrary machine code in the context of the vulnerable application. Failed exploit attempts likely result in denial-of-service conditions.
14. PHP Array_User_Key_Compare Function Memory Corruption Vulnerability
BugTraq ID: 22990
Remote: No
Last Updated: 2007-04-30
Relevant URL: http://www.securityfocus.com/bid/22990
Summary:
PHP is prone to a memory-corruption vulnerability.
Attackers can exploit this issue to execute arbitrary code in the context of the webserver process or to cause denial-of-service conditions.
This issue is proven to be locally exploitable.
The vulnerability affects these versions:
PHP 4.x but prior to 4.4.6
PHP 5.x but prior to 5.2.1
15. Clam AntiVirus ClamAV Multiple Remote Vulnerabilities
BugTraq ID: 23473
Remote: Yes
Last Updated: 2007-04-30
Relevant URL: http://www.securityfocus.com/bid/23473
Summary:
ClamAV is prone to a file-descriptor leakage vulnerability and a buffer-overflow vulnerability.
A successful attack may allow an attacker to obtain sensitive information, cause denial-of-service conditions, and execute arbitrary code in the context of the user running the affected application.
ClamAV versions prior to 0.90.2 are vulnerable to these issues.
16. PHP Zip_Entry_Read() Integer Overflow Vulnerability
BugTraq ID: 23169
Remote: Yes
Last Updated: 2007-04-30
Relevant URL: http://www.securityfocus.com/bid/23169
Summary:
PHP is prone to an integer-overflow vulnerability because it fails to ensure that integer values aren't overrun. Attackers may exploit this issue to cause a heap-based buffer overflow.
Exploiting this issue may allow attackers to execute arbitrary machine code in the context of the affected application. Failed exploit attempts will likely result in a denial-of-service condition.
This issue affects PHP versions prior to 4.4.5.
17. Gazi Download Portal Down_Indir.ASP SQL Injection Vulnerability
BugTraq ID: 23714
Remote: Yes
Last Updated: 2007-04-30
Relevant URL: http://www.securityfocus.com/bid/23714
Summary:
Gazi Download Portal is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.
18. PHP Session_Decode Double Free Memory Corruption Vulnerability
BugTraq ID: 23121
Remote: No
Last Updated: 2007-04-30
Relevant URL: http://www.securityfocus.com/bid/23121
Summary:
PHP is prone to a double-free memory-corruption vulnerability.
Attackers may be able to exploit this issue to execute arbitrary code in the context of the webserver process or to cause denial-of-service conditions.
This issue is proven to be locally exploitable. Remote attack vectors may also be possible, but this is yet to be confirmed.
This issue affects PHP versions 4.4.5 and 4.4.6.
19. IPIX Image Well ActiveX Controls Multiple Buffer Overflow Vulnerabilities
BugTraq ID: 23379
Remote: Yes
Last Updated: 2007-04-30
Relevant URL: http://www.securityfocus.com/bid/23379
Summary:
IPIX Image Well ActiveX controls are prone to multiple buffer-overflow vulnerabilities because the software fails to properly bounds-check user-supplied data before copying it into an insufficiently sized memory buffer.
Exploiting these issues allows remote attackers to execute arbitrary code in the context of applications using the affected ActiveX controls and to compromise affected computers. Failed attempts will likely result in denial-of-service conditions.
20. LibWPD Library Multiple Buffer Overflow Vulnerabilities
BugTraq ID: 23006
Remote: Yes
Last Updated: 2007-04-30
Relevant URL: http://www.securityfocus.com/bid/23006
Summary:
The libwpd library is prone to multiple buffer-overflow vulnerabilities because it fails to adequately check boundaries on user-supplied input.
A successful exploit could let a remote attacker execute arbitrary code in the context of an application using the affected library.
Version 0.8.7 is vulnerable; other versions prior to 0.8.9 may also be affected.
21. NCTsoft NCTAudioFile2 ActiveX Control Remote Buffer Overflow Vulnerability
BugTraq ID: 22196
Remote: Yes
Last Updated: 2007-04-30
Relevant URL: http://www.securityfocus.com/bid/22196
Summary:
NCTsoft NCTAudioFile2 ActiveX control is prone to a buffer-overflow vulnerability. The software fails to perform sufficient bounds-checking of user-supplied input before copying it to an insufficiently sized memory buffer.
NCTAudioEditor is a collection of ActiveX controls for manipulating audio data. Numerous audio software products use the vulnerable 'NCTAudioFile2.AudioFile' ActiveX component.
NCTAudioStudio 2.7.1, NCTAudioEditor 2.7.1, and NCTDialogicVoice 2.7.1 are affected by this vulnerability; other versions may be affected as well.
Please see the list of associated technologies for a table of third-party products that are vulnerable because they depend on this ActiveX control.
22. IPv6 Protocol Type 0 Route Header Denial of Service Vulnerability
BugTraq ID: 23615
Remote: Yes
Last Updated: 2007-04-30
Relevant URL: http://www.securityfocus.com/bid/23615
Summary:
IPv6 protocol implementations are prone to a denial-of-service vulnerability due to a design error.
Exploiting this issue allows attackers to cause denial-of-service conditions.
This issue is related to the issue discussed in BID 22210 (Cisco IOS IPv6 Source Routing Remote Memory Corruption Vulnerability).
23. Dovecot Zlib Plugin Remote Information Disclosure Vulnerability
BugTraq ID: 23552
Remote: Yes
Last Updated: 2007-04-30
Relevant URL: http://www.securityfocus.com/bid/23552
Summary:
Dovecot is prone to an information-disclosure vulnerability.
An attacker can exploit this issue to access sensitive information that may lead to further attacks.
24. PHP ZVAL Reference Counter Integer Overflow Vulnerability
BugTraq ID: 22765
Remote: Yes
Last Updated: 2007-04-30
Relevant URL: http://www.securityfocus.com/bid/22765
Summary:
PHP is prone to an integer-overflow vulnerability because it fails to ensure that integer values are not overrun.
A local attacker can exploit this vulnerability to execute arbitrary PHP scripts within the context of the affected application. Failed exploit attempts will likely cause denial-of-service conditions.
Note: According to 'MOPB-04-2007:PHP 4 unserialize() ZVAL Reference Counter Overflow', this issue may be remotely triggered in PHP 4.4.4 environments because many legacy PHP applications still use 'unserialize()' on user-supplied data. 'Unserialize()' uses the '__wakeup()' method of deserialized objects in an unsafe manner that may lead to remote arbitrary code execution. This BID has been changed to reflect the possibility of remote exploitation in PHP 4.4.4 environments.
25. Mozilla Network Security Services Library Remote Denial of Service Vulnerability
BugTraq ID: 18604
Remote: Yes
Last Updated: 2007-04-30
Relevant URL: http://www.securityfocus.com/bid/18604
Summary:
NSS is susceptible to a remote denial-of-service vulnerability. This issue is due to a memory leak in the library.
This issue allows remote attackers to consume excessive memory resources on affected computers. This may lead to computer hangs or panics, denying service to legitimate users.
NSS version 3.11 is affected by this issue.
26. IPSec-Tools Remote Denial Of Service Vulnerability
BugTraq ID: 23394
Remote: Yes
Last Updated: 2007-04-30
Relevant URL: http://www.securityfocus.com/bid/23394
Summary:
IPSec-Tools is affected by a remote denial-of-service vulnerability because the application fails to properly handle certain network packets.
A successful attack allows a remote attacker to crash the application, denying further service to legitimate users.
IPSec-Tools versions prior to 0.6.7 are vulnerable to this issue.
27. RealNetwork RealPlayer RA File Handling Remote Denial of Service Vulnerability
BugTraq ID: 23712
Remote: Yes
Last Updated: 2007-05-01
Relevant URL: http://www.securityfocus.com/bid/23712
Summary:
RealNetworks RealPlayer is prone to a remote denial-of-service vulnerability because the application fails to handle specially crafted files.
An attacker may exploit this issue by enticing victims into opening a maliciously crafted file.
Exploiting this issue allows remote attackers to crash the application, denying further service to legitimate users.
RealPlayer 10 Gold is vulnerable to this issue; other versions may also be affected.
28. Sun Java System Directory Server Uninitialized Pointer Remote Memory Corruption Vulnerability
BugTraq ID: 23117
Remote: Yes
Last Updated: 2007-05-01
Relevant URL: http://www.securityfocus.com/bid/23117
Summary:
Sun Java System Directory Server is prone to a memory-corruption vulnerability due to a design error in the clean-up code following certain failed queries.
Successful exploits will result in a server crash, denying further service to legitimate users. Attackers may be able to exploit this issue for remote code execution, but this has not been confirmed.
Versions prior to 5.2 Patch5 are affected.
29. ZoneAlarm VSdatant Driver Denial of Service Vulnerability
BugTraq ID: 23734
Remote: No
Last Updated: 2007-05-01
Relevant URL: http://www.securityfocus.com/bid/23734
Summary:
ZoneAlarm is prone to a local denial-of-service vulnerability because the application fails to validate its input buffer.
An attacker may exploit this issue to crash affected computers, denying service to legitimate users. Arbitrary code execution may be possible, this has not been confirmed.
ZoneAlarm Pro 6.5.737.000 and 6.1.744.001 are prone to this issue; other versions may be affected as well.
30. Office OCX PowerPoint Viewer ActiveX Denial of Service Vulnerabilities
BugTraq ID: 23733
Remote: Yes
Last Updated: 2007-05-01
Relevant URL: http://www.securityfocus.com/bid/23733
Summary:
PowerPoint Viewer ActiveX control is prone to multiple denial-of-service vulnerabilities.
Exploiting these issues allows remote attackers to crash applications that employ the vulnerable control (typically Microsoft Internet Explorer).
PowerPoint Viewer ActiveX Control 3.1 is reported vulnerable to these issues; other versions may also be affected.
31. VMware Multiple Denial Of Service Vulnerabilities
BugTraq ID: 23732
Remote: Yes
Last Updated: 2007-05-01
Relevant URL: http://www.securityfocus.com/bid/23732
Summary:
VMware is prone to multiple denial-of-service vulnerabilities.
An attacker can exploit these issues to cause denial-of-service conditions.
Versions prior to 5.5.4 Build 44386 are vulnerable to these issues.
32. Wordpress PHP_Self Cross-Site Scripting Vulnerability
BugTraq ID: 23027
Remote: Yes
Last Updated: 2007-05-01
Relevant URL: http://www.securityfocus.com/bid/23027
Summary:
Wordpress is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
33. Wordpress WP_Title Function HTML Injection Vulnerability
BugTraq ID: 22902
Remote: Yes
Last Updated: 2007-05-01
Relevant URL: http://www.securityfocus.com/bid/22902
Summary:
Wordpress is prone to an HTML-injection scripting vulnerability because the application fails to properly sanitize user-supplied input.
Attacker-supplied HTML and script code would execute in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user; other attacks are also possible.
34. QEMU Multiple Local Vulnerabilities
BugTraq ID: 23731
Remote: No
Last Updated: 2007-05-01
Relevant URL: http://www.securityfocus.com/bid/23731
Summary:
QEMU is prone to multiple locally exploitable buffer-overflow and denial-of-service vulnerabilities. The buffer-overflow issues occur because the software fails to properly check boundaries of user-supplied input when copying it to insufficiently sized memory buffers. The denial-of-service issues stem from design errors.
Attackers may be able to exploit these issues to escalate privileges or trigger denial-of-service conditions.
35. WordPress Post_ID Parameter SQL Injection Vulnerability
BugTraq ID: 23294
Remote: Yes
Last Updated: 2007-05-01
Relevant URL: http://www.securityfocus.com/bid/23294
Summary:
WordPress is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.
WordPress 2.1.2 is vulnerable to this issue; other versions may also be affected.
36. Cerulean Studios Trillian Multiple IRC Module UTF-8 Vulnerabilities
BugTraq ID: 23730
Remote: Yes
Last Updated: 2007-05-01
Relevant URL: http://www.securityfocus.com/bid/23730
Summary:
Trillian is prone to multiple buffer-overflow issues and an information leak in its IRC module. These issues occur because the application fails to properly bounds-check user-supplied data before copying it into fixed-sized memory buffers and fails to respond properly to exceptional conditions.
Remote attackers may exploit these vulnerabilities to execute arbitrary machine code in the context of vulnerable Trillian clients or to steal the contents of client-server communications.
Trillian 3.1 is affected.
37. X.Org LibXFont Multiple Integer Overflow Vulnerabilities
BugTraq ID: 23283
Remote: No
Last Updated: 2007-05-01
Relevant URL: http://www.securityfocus.com/bid/23283
Summary:
The 'libXfont' library is prone to multiple local integer-overflow vulnerabilities because it fails to adequately bounds-check user-supplied data.
An attacker can exploit these vulnerabilities to execute arbitrary code with superuser privileges. Failed exploit attempts will likely cause denial-of-service conditions.
These issues affect libXfont 1.2.2; other versions may also be vulnerable.
38. KTorrent Multiple Remote Vulnerabilities
BugTraq ID: 22930
Remote: Yes
Last Updated: 2007-05-01
Relevant URL: http://www.securityfocus.com/bid/22930
Summary:
KTorrent is prone to multiple remote vulnerabilities, including a directory-traversal vulnerability and an unspecified vulnerability when processing messages with invalid chunk indexes.
Very little information is known about one of these issues. This BID will be updated as soon as more information becomes available.
An attacker can exploit the directory-traversal issue to overwrite arbitrary files on the user's system. Presumably, the unspecified vulnerability when processing messages with invalid chunk indexes will allow attackers to execute arbitrary code or to cause a denial of service, but this has not been confirmed.
Versions prior to 2.1.2 are vulnerable to these issues.
39. Apache HTTP Server Tomcat Directory Traversal Vulnerability
BugTraq ID: 22960
Remote: Yes
Last Updated: 2007-05-01
Relevant URL: http://www.securityfocus.com/bid/22960
Summary:
Apache HTTP servers running with the Tomcat servlet container are prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input data.
Exploiting this issue allows attackers to access arbitrary files in the Tomcat webroot. This can expose sensitive information that could help the attacker launch further attacks.
Versions in the 5.0 series prior to 5.5.22 and in the 6.0 series prior to 6.0.10 are vulnerable.
40. Winamp MP4 File Parsing Buffer Overflow Vulnerability
BugTraq ID: 23723
Remote: Yes
Last Updated: 2007-05-01
Relevant URL: http://www.securityfocus.com/bid/23723
Summary:
Winamp is prone to a buffer-overflow vulnerability when it attempts to process certain files. This issue occurs because the application fails to properly check boundaries on user-supplied data before copying it to an insufficiently sized memory buffer.
Successful exploits can allow attackers to execute arbitrary code with the privileges of the user running the vulnerable application. Failed exploit attempts will likely result in denial-of-service conditions.
This issue affects Winamp 5.02 through 5.34.
UPDATE: The vendor states that this issue will be addressed in Winamp 5.35.
41. Apple Mac OS X AppleTalk AIOCRegLocalZN IOCTL Stack Buffer Overflow Vulnerability
BugTraq ID: 21317
Remote: No
Last Updated: 2007-05-01
Relevant URL: http://www.securityfocus.com/bid/21317
Summary:
Apple Mac OS X is prone to a local memory-corruption vulnerability. This issue occurs when the operating system fails to handle specially crafted arguments to an IOCTL call.
Due to the nature of this issue, an attacker may be able to execute arbitrary machine code in the context of the affected kernel, but this has not been confirmed. Failed exploit attempts result in kernel panics, denying service to legitimate users.
Mac OS X version 10.4.8 is vulnerable to this issue; other versions may also be affected.
42. Nukedit Search.ASP Cross-Site Scripting Vulnerability
BugTraq ID: 23729
Remote: Yes
Last Updated: 2007-05-01
Relevant URL: http://www.securityfocus.com/bid/23729
Summary:
Nukedit is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
This issue affects Nukedit 4.9.7b; other versions may also be affected.
43. Sun Java Web Start Unauthorized Access Vulnerability
BugTraq ID: 23728
Remote: Yes
Last Updated: 2007-05-01
Relevant URL: http://www.securityfocus.com/bid/23728
Summary:
Sun Java Web Start is prone to a vulnerability that may allow remote attackers to gain unauthorized access to a vulnerable computer.
The vendor has reported that this vulnerability allows untrusted applications to gain read/write privileges to local files on a vulnerable computer.
The following versions for Windows, Solaris and Linux platforms are vulnerable:
Java Web Start in JDK and JRE 5.0 Update 10 and earlier
Java Web Start in SDK and JRE 1.4.2_13 and earlier
44. Info-ZIP UnZip File Name Buffer Overflow Vulnerability
BugTraq ID: 15968
Remote: Yes
Last Updated: 2007-05-01
Relevant URL: http://www.securityfocus.com/bid/15968
Summary:
Info-ZIP 'unzip' is susceptible to a filename buffer-overflow vulnerability. The application fails to properly bounds-check user-supplied data before copying it into an insufficiently sized memory buffer.
This issue allows attackers to execute arbitrary machine code in the context of users running the affected application.
45. Info-ZIP UnZip CHMod File Permission Modification Race Condition Weakness
BugTraq ID: 14450
Remote: No
Last Updated: 2007-05-01
Relevant URL: http://www.securityfocus.com/bid/14450
Summary:
Info-ZIP unzip is reported prone to a security weakness. The issue occurs only when an archive is extracted into a world- or group-writable directory. Reportedly, unzip employs non-atomic procedures to write a file and later to change the permissions on the newly extracted file.
A local attacker may leverage this issue to modify file permissions of target files.
46. W3C Libwww Multiple Vulnerabilities
BugTraq ID: 15035
Remote: Yes
Last Updated: 2007-05-01
Relevant URL: http://www.securityfocus.com/bid/15035
Summary:
W3C Libwww is prone to multiple vulnerabilities.
These issues include a buffer-overflow vulnerability and some issues related to the handling of multipart/byteranges content.
Libwww 5.4.0 is reported to be vulnerable. Other versions may be affected as well. These issues may also be exploited through other applications that implement the library.
47. FastJar Archive Extraction Directory Traversal Vulnerability
BugTraq ID: 15669
Remote: Yes
Last Updated: 2007-05-01
Relevant URL: http://www.securityfocus.com/bid/15669
Summary:
Fastjar is prone to a directory traversal vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied data.
An attacker can exploit this vulnerability to overwrite arbitrary files in the context of the user utilizing the vulnerable application. Depending on the files overwritten this could result in a crash of the system or facilitate unauthorized access; other attacks are also possible.
48. E-Annu Home.PHP SQL Injection Vulnerability
BugTraq ID: 23727
Remote: Yes
Last Updated: 2007-05-01
Relevant URL: http://www.securityfocus.com/bid/23727
Summary:
E-Annu is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.
49. GDB DWARF Multiple Buffer Overflow Vulnerabilities
BugTraq ID: 19802
Remote: Yes
Last Updated: 2007-05-01
Relevant URL: http://www.securityfocus.com/bid/19802
Summary:
GDB is prone to multiple buffer-overflow vulnerabilities because of insufficient bounds-checking when handling DWARF and DWARF2 data.
Attackers could leverage this issue to run arbitrary code outside of a restricted environment; this may lead to privilege escalation.
50. BusyBox Insecure Password Hash Weakness
BugTraq ID: 17330
Remote: Yes
Last Updated: 2007-05-01
Relevant URL: http://www.securityfocus.com/bid/17330
Summary:
BusyBox is prone to an insecure password-hash weakness. This issue is due to a design flaw that results in password hashes being created in an insecure manner.
This issue allows attackers to use precomputed password hashes in brute-force attacks if they can gain access to password hashes by some means (such as exploiting another vulnerability).
51. VIM Feedkeys and Writefile Functions Remote Code Execution Vulnerabilities
BugTraq ID: 23725
Remote: Yes
Last Updated: 2007-05-01
Relevant URL: http://www.securityfocus.com/bid/23725
Summary:
VIM is prone to multiple vulnerabilities that permit a remote attacker to execute arbitrary code.
An attacker could exploit these issues by enticing a victim to load a malicious file. A successful exploit could result in the execution of arbitrary code within the context of the affected application.
52. CPIO File Size Stack Buffer Overflow Vulnerability
BugTraq ID: 16057
Remote: No
Last Updated: 2007-05-01
Relevant URL: http://www.securityfocus.com/bid/16057
Summary:
The cpio utility is prone to a stack buffer-overflow vulnerability.
This issue presents itself when cpio tries to create an archive containing files with extremely large sizes, potentially resulting in a memory buffer being overrun.
Note that this vulnerability presents itself only on 64-bit platforms. Presumably, on 32-bit platforms using 64-bit filesystems, this may be exploited to crash cpio.
53. Shadow-Utils UserAdd Local Insecure Permissions Vulnerability
BugTraq ID: 18111
Remote: No
Last Updated: 2007-05-01
Relevant URL: http://www.securityfocus.com/bid/18111
Summary:
The useradd utility in shadow-utils is susceptible to a local insecure-permissions vulnerability. This issue is due to a race-condition between when user mailboxes are created and when permissions are set on the file.
A local, unprivileged attacker can exploit this issue to gain access to newly created mailbox files. This may allow them to directly inject forged email messages to aid them in social-engineering attacks. Attackers may also be able to inject data into the mailbox file that will cause mail applications to fail to access the file, denying email access to targeted users. Other attacks may also be possible.
Version 4.0.3 of shadow-utils is vulnerable to this issue; other versions may also be affected.
54. GNOME Foundation GDM .ICEauthority Improper File Permissions Vulnerability
BugTraq ID: 17635
Remote: No
Last Updated: 2007-05-01
Relevant URL: http://www.securityfocus.com/bid/17635
Summary:
GDM is prone to an improper file-permissions vulnerability.
An attacker can exploit this issue to gain access to sensitive or privileged information that may facilitate a complete compromise of the vulnerable computer.
55. OpenLDAP SLAPD Access Control Circumvention Vulnerability
BugTraq ID: 19832
Remote: Yes
Last Updated: 2007-05-01
Relevant URL: http://www.securityfocus.com/bid/19832
Summary:
OpenLDAP slapd is prone to a vulnerability that allows attackers to circumvent access controls.
An attacker may be able to modify any domain name regardless of the owner.
Versions prior to 2.3.25 are vulnerable.
56. VMware Workstation Shared Folders Directory Traversal Vulnerability
BugTraq ID: 23721
Remote: Yes
Last Updated: 2007-05-01
Relevant URL: http://www.securityfocus.com/bid/23721
Summary:
VMware Workstation is prone to a directory-traversal vulnerability because it fails to properly sanitize input.
An attacker with access to a virtual guest operating system can exploit this issue by traversing a shared directory to manipulate arbitrary files on the host operating system in the context of the user running the application.
Successful attacks could result in the compromise of the affected host operating system. Other attacks are possible.
VMware Workstation 5.5.3 build 34685 on Windows XP SP2 is vulnerable. Other versions may also be affected.
57. Linux Kernel UTrace Unspecified Local Denial of Service Vulnerability
BugTraq ID: 23720
Remote: No
Last Updated: 2007-05-01
Relevant URL: http://www.securityfocus.com/bid/23720
Summary:
The Linux kernel is prone to a denial-of-service vulnerability that stems from a flaw in 'utrace' support.
A local attacker may exploit this issue to cause the affected kernel to crash, effectively denying service to legitimate users.
58. OPeNDAP Server3 Remote Command Execution Vulnerability
BugTraq ID: 23719
Remote: Yes
Last Updated: 2007-05-01
Relevant URL: http://www.securityfocus.com/bid/23719
Summary:
OPeNDAP is prone to a remote command-execution vulnerability because the application fails to properly sanitize user-supplied input.
Exploiting this issue allows attackers to execute arbitrary commands in the context of the server.
A successful exploit could facilitate the compromise of an affected computer; other attacks are also possible.
OpeNDAP Server3 3.2.10 through to 3.7.4 are vulnerable to this issue.
59. Psipuss Editusers.PHP SQL Injection Vulnerability
BugTraq ID: 23718
Remote: Yes
Last Updated: 2007-05-01
Relevant URL: http://www.securityfocus.com/bid/23718
Summary:
The 'psipuss' program is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.
Version 1.0 of psipuss is vulnerable; other versions may also be affected.
60. Aventail Connect Hostname Remote Buffer Overflow Vulnerability
BugTraq ID: 23717
Remote: No
Last Updated: 2007-05-01
Relevant URL: http://www.securityfocus.com/bid/23717
Summary:
Aventail Connect is prone to a buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.
An attacker may exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts wlll result in a denial of service.
This issue affects Aventail Connect 4.1.2.13; other versions may also be affected.
61. MyServer Unspecified Denial Of Service Vulnerability
BugTraq ID: 23716
Remote: Yes
Last Updated: 2007-05-01
Relevant URL: http://www.securityfocus.com/bid/23716
Summary:
MyServer is prone to a denial-of-service vulnerability because the application fails to properly sanitize user-supplied input.
An attacker can exploit this issue to crash the affected application, denying service to legitimate users.
MyServer 0.8.7 for Windows is vulnerable; earlier versions may also be affected.
62. LMS Druk.PHP Cross Site Scripting Vulnerability
BugTraq ID: 23715
Remote: Yes
Last Updated: 2007-05-01
Relevant URL: http://www.securityfocus.com/bid/23715
Summary:
LMS is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.
Exploiting this issue could allow an attacker to steal cookie-based authentication credentials and to launch other attacks.
This issue affects versions prior to 1.6.9.
63. Adobe Acrobat Reader Unspecified Heap Corruption Vulnerability
BugTraq ID: 21981
Remote: Yes
Last Updated: 2007-05-01
Relevant URL: http://www.securityfocus.com/bid/21981
Summary:
Adobe Acrobat Reader is prone to a heap-based buffer-overflow vulnerability because the application fails to properly bounds-check malicious PDF files, resulting in a heap-based buffer overflow.
Successfully exploiting this issue may allow a remote attacker to execute arbitrary code in the context of the victim user running the affected application. Failed exploit attempts will likely result in denial-of-service conditions.
An attacker could exploit this issue by enticing a victim to open a malicious PDF file.
64. Adobe Reader Plugin Open Parameters Cross-Site Scripting Vulnerability
BugTraq ID: 21858
Remote: Yes
Last Updated: 2007-05-01
Relevant URL: http://www.securityfocus.com/bid/21858
Summary:
Adobe Reader Plugin is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.
An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user in the context of the visited site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
This issue affects Adobe Reader versions 6 and 7 for Mozilla Firefox, Opera, and Microsoft Internet Explorer. Other versions for other browsers may also be affected.
65. Pi3Web Overly Long HTTP Request Denial Of Service Vulnerability
BugTraq ID: 23713
Remote: Yes
Last Updated: 2007-05-01
Relevant URL: http://www.securityfocus.com/bid/23713
Summary:
Pi3Web is prone to a denial-of-service vulnerability because it fails to properly sanitize user-supplied input.
An attacker can exploit this issue to crash the affected application, denying service to legitimate users.
Pi3Web 2.0.3 for Windows is vulnerable; earlier versions may also be affected.
66. Imager 8 Bit BMP Heap Based Buffer Overflow Vulnerability
BugTraq ID: 23711
Remote: Yes
Last Updated: 2007-05-01
Relevant URL: http://www.securityfocus.com/bid/23711
Summary:
Imager is prone to a heap-based buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input data before copying it to an insufficiently sized memory buffer.
Successful exploits of this vulnerability allow remote attackers to execute arbitrary machine code in the context of an application using the vulnerable library. Failed attempts will likely result in denial-of-service conditions.
NOTE: The effects of successful attacks depend on how system memory is allocated. The implementation of the 'glibc' memory allocator will likely allow an attacker to trigger only denial-of-service conditions. Other allocators may allow arbitrary code execution.
Versions prior to Imager 0.57 are vulnerable.
67. Imageview Fileview.PHP Local File Include Vulnerability
BugTraq ID: 23710
Remote: Yes
Last Updated: 2007-05-01
Relevant URL: http://www.securityfocus.com/bid/23710
Summary:
Imageview is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.
Exploiting this issue may allow an unauthorized user to view files and execute local scripts.
This issue affects Imageview 5.3; other versions may also be affected.
68. Red Hat Directory Server Multiple Cross Site Scripting Vulnerabilities
BugTraq ID: 23709
Remote: Yes
Last Updated: 2007-05-01
Relevant URL: http://www.securityfocus.com/bid/23709
Summary:
Red Hat Directory Server is prone to multiple cross-site scripting vulnerabilities because the application fails to sufficiently sanitize user-supplied input.
An attacker can exploit these issues to steal cookie-based authentication credentials and launch other attacks.
Red Hat Directory Server 7.1 is reported vulnerable; other versions may also be affected.
69. N/X WCMS PCLTar.PHP Remote File Include Vulnerability
BugTraq ID: 23708
Remote: Yes
Last Updated: 2007-05-01
Relevant URL: http://www.securityfocus.com/bid/23708
Summary:
N/X WCMS is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data.
Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible.
N/X WCMS 4.5 is vulnerable; other versions may also be affected.
70. OpenVMS Exception Handling Local Denial of Service Vulnerability
BugTraq ID: 23744
Remote: No
Last Updated: 2007-05-01
Relevant URL: http://www.securityfocus.com/bid/23744
Summary:
OpenVMS is prone to a local denial-of-service vulnerability. This issue is due to a failure of the operating system to properly handle exceptions.
A local unprivileged attacker can exploit this vulnerability to cause system crashes, denying service to legitimate users.
Very little information is currently available about this vulnerability; this BID will be updated as more information becomes available.
71. Sun Java System Directory Server BER Decoding Denial Of Service Vulnerability
BugTraq ID: 23743
Remote: Yes
Last Updated: 2007-05-01
Relevant URL: http://www.securityfocus.com/bid/23743
Summary:
Sun Java System Directory Server is prone to a denial-of-service vulnerability.
An attacker can exploit this issue to crash the server, denying access to legitimate users.
72. Red Hat Sendmail Localhost.Localdomain Email Spoofing Vulnerability
BugTraq ID: 23742
Remote: Yes
Last Updated: 2007-05-01
Relevant URL: http://www.securityfocus.com/bid/23742
Summary:
Red Hat Sendmail is prone to a vulnerability that permits an attacker to send spoofed emails.
A successful exploit may allow an attacker to impersonate the localhost when sending an email message.
This issue affects Sendmail on Red Hat systems due to a configuration error. It is not currently known at this time if this issue affects other released of the software.
73. X.Org X Window System Xserver XRender Extension Divide by Zero Denial of Service Vulnerability
BugTraq ID: 23741
Remote: Yes
Last Updated: 2007-05-01
Relevant URL: http://www.securityfocus.com/bid/23741
Summary:
X.Org X Window System Xserver is prone to a denial-of-service vulnerabilty. This issue is due to a failure of the software to properly handle exceptional conditions.
Attackers with the ability to connect to a vulnerable X server may exploit this issue to crash the targeted server, denying futher service to legitimate users.
X.Org X Window System Xserver version 1.3.0 is vulnerable to this issue; other versions may also be affected.
74. Psi-labs Photo Upload Share Script SQL Injection and Unauthorized Access Vulnerability
BugTraq ID: 23739
Remote: Yes
Last Updated: 2007-05-01
Relevant URL: http://www.securityfocus.com/bid/23739
Summary:
Psi-labs Photo Upload Share Script is prone to an SQL-injection and an unauthorized access vulnerability. These issues are due to a failure of the application to protect certain administrative scripts and to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.
These issues affect version 1.0 and prior.
75. ISC BIND Query_AddSOA Denial Of Service Vulnerability
BugTraq ID: 23738
Remote: Yes
Last Updated: 2007-05-01
Relevant URL: http://www.securityfocus.com/bid/23738
Summary:
ISC BIND is prone to a denial-of-service vulnerability because it fails to handle certain sequences of malicious queries.
NOTE: Only applications configured with the 'recursion' directive/attribute enabled are vulnerable to this issue.
An attacker can exploit this issue to cause the application to exit, denying service to legitimate users.
Versions 9.40, 9.5.0a1, 9.5.0a2, and 9.5.0a3 are vulnerable.
76. Wordpress Plugins Multiple Remote File Include Vulnerabilities
BugTraq ID: 23737
Remote: Yes
Last Updated: 2007-05-01
Relevant URL: http://www.securityfocus.com/bid/23737
Summary:
The Wordpress wordTube and wp-Table plugins are prone to multiple remote file-include vulnerabilities because they fail to sufficiently sanitize user-supplied data.
Exploiting these issues may allow an attacker to compromise the application and the underlying system; other attacks are also possible.
wpTable version 1.43 and wordTube version 1.43 are vulnerable; other versions may also be affected.
77. LFTP MirrorJob::HandleFile Arbitrary Command Injection Vulnerability
BugTraq ID: 23736
Remote: Yes
Last Updated: 2007-05-01
Relevant URL: http://www.securityfocus.com/bid/23736
Summary:
LFTP is prone to an arbitrary command-injection vulnerability because it fails to adequately sanitize user-supplied data.
An attacker can exploit this issue to execute arbitrary commands in the context of the user running the application.
Versions prior to 3.5.9 are vulnerable.
78. GIMP RAS File Buffer Overflow Vulnerability
BugTraq ID: 23680
Remote: Yes
Last Updated: 2007-04-30
Relevant URL: http://www.securityfocus.com/bid/23680
Summary:
GIMP is prone to a buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input data before copying it to an insufficiently sized memory buffer.
Successful exploits of this vulnerability allow remote attackers to execute arbitrary machine code in the context of the affected application.
GIMP 2.2.14 is vulnerable to this issue; other versions may also be affected.
79. Linux Kernel IPV6_SockGlue.c NULL Pointer Dereference Vulnerability
BugTraq ID: 23142
Remote: No
Last Updated: 2007-04-30
Relevant URL: http://www.securityfocus.com/bid/23142
Summary:
The Linux kernel is prone to a NULL-pointer dereference vulnerability.
A local attacker can exploit this issue to crash the affected application, denying service to legitimate users. The attacker may also be able to execute arbitrary code with elevated privileges, but this has not been confirmed.
80. Opera Malicious HTML Processing Denial of Service Vulnerability
BugTraq ID: 18585
Remote: Yes
Last Updated: 2007-04-30
Relevant URL: http://www.securityfocus.com/bid/18585
Summary:
Opera Web Browser is prone to a denial-of-service condition when parsing certain malicious HTML content. Successful exploits will cause the browser to fail or hang.
Opera 9 is prone to this issue; the Opera 8.x product line is not affected.
81. PHP Folded Mail Headers Email Header Injection Vulnerability
BugTraq ID: 23145
Remote: Yes
Last Updated: 2007-04-30
Relevant URL: http://www.securityfocus.com/bid/23145
Summary:
PHP is prone to an email-header-injection vulnerability because it fails to properly sanitize user-supplied input when constructing email messages.
Exploiting this issue allows a malicious user to create arbitrary email headers, and then create and transmit spam messages from the affected computer.
The following versions are vulnerable:
PHP 4 up to and including 4.4.6
PHP 5 up to and including 5.2.1
82. PHP PHP_Binary Heap Information Leak Vulnerability
BugTraq ID: 22805
Remote: No
Last Updated: 2007-04-30
Relevant URL: http://www.securityfocus.com/bid/22805
Summary:
PHP 'php_binary' serialization handler is prone to a heap-information leak.
The vulnerability arises because of a missing boundary check in the extraction of variable names. A local attacker can exploit this issue to obtain sensitive information (such as heap offsets and canaries) that may aid in other attacks.
These versions are affected:
PHP4 versions prior to 4.4.5
PHP5 versions prior to 5.2.1
Updates are available.
83. PHP Session_Regenerate_ID Function Double Free Memory Corruption Vulnerability
BugTraq ID: 22968
Remote: No
Last Updated: 2007-04-30
Relevant URL: http://www.securityfocus.com/bid/22968
Summary:
PHP is prone to a double-free memory-corruption vulnerability.
Attackers may be able to exploit this issue to execute arbitrary code in the context of the webserver process or to cause denial-of-service conditions.
This issue is proven to be locally exploitable. Remote attack vectors may also be possible, but this is yet to be confirmed.
This issue affects PHP versions 5 to 5.2.1. PHP version 4 is vulnerable only if successful remote exploits are proven.
84. 3proxy HTTP Proxy Request Buffer Overflow Vulnerability
BugTraq ID: 23545
Remote: Yes
Last Updated: 2007-04-30
Relevant URL: http://www.securityfocus.com/bid/23545
Summary:
3proxy is prone to a buffer-overflow vulnerability because it fails to adequately bounds-check user-supplied data before copying it to an insufficiently sized buffer.
Attackers can exploit this issue to cause denial-of-service conditions and possibly to execute arbitrary code with the privileges of the application.
3proxy 0.5 to 0.5.3g and 0.6b-devel before 20070413 are vulnerable to this issue.
85. The Merchant Index.PHP Remote File Include Vulnerability
BugTraq ID: 23707
Remote: Yes
Last Updated: 2007-04-30
Relevant URL: http://www.securityfocus.com/bid/23707
Summary:
The Merchant is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied input.
Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible.
This issue affects The Merchant 2.2.0; other versions may also be vulnerable.
86. RETIRED: Seir Anphin File.PHP Local File Include Vulnerability
BugTraq ID: 23700
Remote: Yes
Last Updated: 2007-04-30
Relevant URL: http://www.securityfocus.com/bid/23700
Summary:
Seir Anphin is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.
Exploiting this issue may allow an unauthorized user to view files and execute local scripts.
Seir Anphin 2.0.0 and prior versions are vulnerable to this issue; other versions may also be affected.
NOTE: This BID is being retired because the application is not vulnerable to this issue.
87. RETIRED: Sphider Index.PHP Remote File Include Vulnerability
BugTraq ID: 23699
Remote: Yes
Last Updated: 2007-04-30
Relevant URL: http://www.securityfocus.com/bid/23699
Summary:
Sphider is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data.
Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible.
Sphider 1.2.7 and prior versions are vulnerable; other versions may also be affected.
NOTE: This BID is being retired because the application is not vulnerable to this issue.
88. Iputils Rarpd Remote Denial Of Service Vulnerability
BugTraq ID: 23706
Remote: Yes
Last Updated: 2007-04-30
Relevant URL: http://www.securityfocus.com/bid/23706
Summary:
The 'iputils rarpd' program is affected by a remote denial-of-service vulnerability because the software fails to properly handle certain network packets.
A successful attack allows a remote attacker to crash the application, denying further service to legitimate users.
89. TCExam SessionUserLang Remote PHP Code Execution Vulnerability
BugTraq ID: 23705
Remote: Yes
Last Updated: 2007-04-30
Relevant URL: http://www.securityfocus.com/bid/23705
Summary:
TCExam is prone to an arbitrary PHP code-execution vulnerability because the application fails to properly sanitize user-supplied input.
An attacker can exploit this issue to execute arbitrary malicious PHP code in the context of the webserver process. This may help the attacker compromise the application and the underlying system; other attacks are also possible.
TCExam 4.0.011 and prior versions are vulnerable.
90. TCExam $_SERVER[] Cross-Site Scripting Vulnerability
BugTraq ID: 23704
Remote: Yes
Last Updated: 2007-04-30
Relevant URL: http://www.securityfocus.com/bid/23704
Summary:
TCExam is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
TCExam 4.0.011 and prior versions are vulnerable.
91. HP Power Manager Remote Agent Local Privilege Escalation Vulnerability
BugTraq ID: 23703
Remote: No
Last Updated: 2007-04-30
Relevant URL: http://www.securityfocus.com/bid/23703
Summary:
HP Power Manager is prone to a local privilege-escalation vulnerability.
A local attacker may execute arbitrary code with a root privileges. This may facilitate a complete compromise of the affected computer.
HP Power Manager 4.0Build10 and prior versions are vulnerable to this issue.
92. Fenice Remote Buffer Overflow and Denial Of Service Vulnerabilities
BugTraq ID: 17678
Remote: Yes
Last Updated: 2007-04-30
Relevant URL: http://www.securityfocus.com/bid/17678
Summary:
Fenice is prone to multiple remote vulnerabilities:
- A buffer-overflow vulnerability. The application fails to perform sufficient bounds checking of user-supplied data before copying it to an insufficiently sized memory buffer. This issue potentially allows remote attackers to execute arbitrary machine code in the context of the affected server process. Failed exploit attempts will likely crash the application, denying service to legitimate users.
- A denial-of-service vulnerability due to an integer-overflow flaw. This issue allows remote attackers to crash the affected application, denying service to legitimate users.
Fenice 1.10 is vulnerable to these issues; other versions may also be affected.
93. Wordpress MyGallery Plugin Remote File Include Vulnerability
BugTraq ID: 23702
Remote: Yes
Last Updated: 2007-04-30
Relevant URL: http://www.securityfocus.com/bid/23702
Summary:
Wordpress myGallery plugin is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data.
Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible.
Wordpress myGallery 1.4b4 and prior versions are vulnerable; other versions may also be affected.
94. PHP Msg_Receive() Memory Allocation Integer Overflow Vulnerability
BugTraq ID: 23236
Remote: Yes
Last Updated: 2007-04-30
Relevant URL: http://www.securityfocus.com/bid/23236
Summary:
PHP is prone to an integer-overflow vulnerability because it fails to ensure that integer values aren't overrun. Attackers may exploit this issue to cause a buffer overflow and to corrupt process memory.
Exploiting this issue may allow attackers to execute arbitrary machine code in the context of the affected application. Failed exploit attempts will likely result in a denial-of-service condition.
This issue affects PHP versions prior to 4.4.5 and 5.2.1.
95. PHP EXT/Filter HTML Stripping Bypass Vulnerability
BugTraq ID: 22914
Remote: Yes
Last Updated: 2007-04-30
Relevant URL: http://www.securityfocus.com/bid/22914
Summary:
The PHP ext/filter content filter is prone to a filter-bypass vulnerability.
Successful exploitation can allow an attacker to bypass the security filter responsible for blocking potentially malicious HTML content.
An attacker can exploit this issue in PHP applications that use the vulnerable filter to potentially inject malicious HTML content.
96. PHP EXT/Filter Function Remote Buffer Overflow Vulnerability
BugTraq ID: 22922
Remote: Yes
Last Updated: 2007-04-30
Relevant URL: http://www.securityfocus.com/bid/22922
Summary:
PHP is prone to a remote buffer-overflow vulnerability because the application fails to perform boundary checks before copying user-supplied data to insufficiently sized memory buffers.
An attacker can exploit this issue to execute arbitrary machine code in the context of the affected webserver. Failed exploit attempts will likely crash the webserver, denying service to legitimate users.
PHP 5.2.0 is reported vulnerable; other versions may also be affected.
This issue was originally reported as an unspecified vulnerability in BID 22496 (PHP Version 5.2.0 and Prior Multiple Vulnerabilities). Due to the availability of more details, this issue is being assigned a new BID.
97. PNFlashGames PostNuke Module Index.PHP SQL Injection Vulnerability
BugTraq ID: 23701
Remote: Yes
Last Updated: 2007-04-30
Relevant URL: http://www.securityfocus.com/bid/23701
Summary:
pnFlashGames PostNuke module is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.
pnFlashGames 1.5 is vulnerable; other versions may also be affected.
98. Multiple Image Editing Applications .PNG Format Handling Remote Buffer Overflow Vulnerability
BugTraq ID: 23698
Remote: Yes
Last Updated: 2007-04-30
Relevant URL: http://www.securityfocus.com/bid/23698
Summary:
Multiple image editors are prone to a remote buffer-overflow vulnerability because the software fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer.
Successful exploits allow remote attackers to execute arbitrary machine code in the context of a vulnerable application. Failed exploit attempts likely result in denial-of-service conditions.
The following are vulnerable:
Adobe Photoshop CS2, CS3, and Elements 5.0
Corel Paint Shop Pro 11.20
Other versions may also be affected.
99. Linux Kernel CapiUtil.c Buffer Overflow Vulnerability
BugTraq ID: 23333
Remote: No
Last Updated: 2007-04-30
Relevant URL: http://www.securityfocus.com/bid/23333
Summary:
The Linux kernel is prone to a local buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input before using into an insufficiently sized buffer.
An attacker can exploit this issue to execute arbitrary code with kernel-level privileges or cause the affected kernel to crash, denying service to legitimate users.
This issue affects versions 2.6.9 to 2.6.20 and the 'isdn4k-utils' utilities.
100. Beast Resource Limit Local Denial Of Service Vulnerability
BugTraq ID: 23697
Remote: No
Last Updated: 2007-04-30
Relevant URL: http://www.securityfocus.com/bid/23697
Summary:
Beast is prone to a local denial-of-service vulnerability.
A local attacker can exploit this issue to overwrite potentially sensitive files, ultimately resulting in denial-of-service conditions.
III. SECURITYFOCUS NEWS ARTICLES
--------------------------------
1. E-Gold charged with money laundering
By: Robert Lemos
Federal prosecutors claim the company and its owners violated federal funds transfer laws, saying it knowingly served online scammers, identity thieves and child pornographers.
http://www.securityfocus.com/news/11462
2. A Mac gets whacked, a second survives
By: Robert Lemos
Researchers use a previously unknown flaw in Apple's Safari browser to compromise a MacBook Pro and win the PWN to Own contest, but does the hack actually prove anything?
http://www.securityfocus.com/news/11461
3. MacBooks withstand mild attacks on patch day
By: Robert Lemos
On the same day that Apple releases an update for its Mac OS X, security professionals at a conference in Canada show little initial interest in attempting to crack the security of two MacBook Pros.
http://www.securityfocus.com/news/11460
4. Attackers improve on JavaScript trickery
By: Robert Lemos
Latest malicious software throws in more obfuscation and works harder to foil defenders' attempts at reverse engineering.
http://www.securityfocus.com/news/11459
IV. SECURITY JOBS LIST SUMMARY
-------------------------------
1. [SJ-JOB] Application Security Engineer, Mt. Prospect
http://www.securityfocus.com/archive/77/467284
2. [SJ-JOB] Sales Engineer, Annapolis
http://www.securityfocus.com/archive/77/467285
3. [SJ-JOB] Security System Administrator, MILWAUKEE
http://www.securityfocus.com/archive/77/467286
4. [SJ-JOB] Security Consultant, New York
http://www.securityfocus.com/archive/77/467287
5. [SJ-JOB] Security Product Manager, Mt. Prospect
http://www.securityfocus.com/archive/77/467288
6. [SJ-JOB] Security Architect, MOUNT PROSPECT
http://www.securityfocus.com/archive/77/467277
7. [SJ-JOB] Sr. Security Analyst, Fort Lauderdale
http://www.securityfocus.com/archive/77/467278
8. [SJ-JOB] Sales Engineer, Bay Area
http://www.securityfocus.com/archive/77/467283
V. INCIDENTS LIST SUMMARY
---------------------------
VI. VULN-DEV RESEARCH LIST SUMMARY
-----------------------------------
1. Help developing an exploit
http://www.securityfocus.com/archive/82/467154
VII. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. Restrict Windows login to certain IPs/hosts for certain domain accounts?
http://www.securityfocus.com/archive/88/467049
2. SecurityFocus Microsoft Newsletter #339
http://www.securityfocus.com/archive/88/466877
VIII. SUN FOCUS LIST SUMMARY
----------------------------
1. Sun Application Server Drop Privs
http://www.securityfocus.com/archive/92/466736
IX. LINUX FOCUS LIST SUMMARY
----------------------------
X. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to sf-news-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.
If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.
XI. SPONSOR INFORMATION
------------------------
This Issue is Sponsored by: Watchfire
As web applications become increasingly complex, tremendous amounts of sensitive data - including personal, medical and financial information - are exchanged, and stored. This paper examines a few vulnerability detection methods - specifically comparing and contrasting manual penetration testing with automated scanning tools. Download Watchfire's "Web Application Security: Automated Scanning or Manual Penetration Testing?" whitepaper today!
https://www.watchfire.com/securearea/whitepapers.aspx?id=701500000008uPd
No comments:
Post a Comment