WINDOWS CENTER: SecurityFocus Newsletter #404

SecurityFocus Newsletter #404
----------------------------------------

This Issue is Sponsored by: Watchfire

As web applications become increasingly complex, tremendous amounts of sensitive data - including personal, medical and financial information - are exchanged, and stored. This paper examines a few vulnerability detection methods - specifically comparing and contrasting manual penetration testing with automated scanning tools. Download Watchfire's "Web Application Security: Automated Scanning or Manual Penetration Testing?" whitepaper today!

https://www.watchfire.com/securearea/whitepapers.aspx?id=701500000008uPd

SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1. Security Analogies
2. Your Space, My Space, Everybody's Space
II. BUGTRAQ SUMMARY
1. Computer Associates Multiple Products Remote Stack Buffer Overflow Vulnerability
2. Computer Associates Anti-Virus Engine Malformed CAB Filename Buffer Overflow Vulnerability
3. F-Secure Anti-Virus LHA Processing Buffer Overflow Vulnerability
4. Linker Index.PHP Cross-Site Scripting Vulnerability
5. MIT Kerberos Administration Daemon Kadmind Double Free Memory Corruption Vulnerabilities
6. SNMPC Username/Password Remote Denial of Service Vulnerability
7. HP Tru64 Valid User Enumeration Weakness
8. Iputils Rarpd Remote Denial Of Service Vulnerability
9. NetcPlus SmartServer3 DoS Vulnerability
10. NetCPlus BusinessMail Multiple Remote Buffer Overflow Vulnerabilities
11. Mozilla FireFox About:Blank IFrame Cross Domain Information Disclosure Vulnerability
12. Hunkaray Okul Portaly Haberoku.ASP SQL Injection Vulnerability
13. PHP Chunk_Split() Function Integer Overflow Vulnerability
14. PHP Filter_Var FILTER_VALIDATE_EMAIL Newline Injection Vulnerability
15. Clam AntiVirus ClamAV RAR Handling Remote Denial Of Service Vulnerability
16. Credant Mobile Guardian Shield Information Disclosure Vulnerability
17. Cisco Wireless Control System Multiple Security Vulnerabilities
18. Okyanusmedya Index.PHP Cross-Site Scripting Vulnerability
19. Agnitum Outpost Firewall Outpost_IPC_HDR Local Denial of Service Vulnerability
20. Open Solution QuickCart Index.PHP Local File Include Vulnerability
21. Mutt Insecure Temporary File Creation Multiple Vulnerabilities
22. GD Graphics Library PNG File Processing Denial of Service Vulnerability
23. IBM Web-based System Manager Unspecified Denial of Service Vulnerability
24. Provideo Camimage Class ISSCamControl.DLL ActiveX Control Buffer Overflow Vulnerability
25. DVD X Player PLF File Buffer Overflow Vulnerability
26. PHPLive Multiple Scripts Multiple Cross-Site Scripting Vulnerabilities
27. Symantec Ghost Solution Suite UDP Packet Multiple Denial of Service Vulnerabilities
28. MadWifi Multiple Denial of Service Vulnerabilities
29. Sun Java Runtime Environment Image Parsing Buffer Overflow Vulnerability
30. ComicSense Index.PHP SQL Injection Vulnerability
31. Mozilla Products Multiple Remote Vulnerabilities
32. APOP Protocol Insecure MD5 Hash Weakness
33. Libpng Library Remote Denial of Service Vulnerability
34. Kravchuk K-Letter Multiple Remote File Include Vulnerabilities
35. FreeVMS Backup Utility Unspecified Buffer Overflow Vulnerability
36. Microsoft Internet Explorer Javascript Cross Domain Information Disclosure Vulnerability
37. W3M Browser InputAnswer Format String Vulnerability
38. Acme.Serve v1.7 Arbitrary File Access Vulnerability
39. Symantec System Center Reporting Server Remote Privilege Escalation Vulnerability
40. Symantec Reporting Server Authentication Bypass Vulnerability
41. Symantec Reporting Server Password Information Disclosure Vulnerability
42. Net-SNMP TCP Disconnect Remote Denial Of Service Vulnerability
43. File Multiple Denial of Service Vulnerabilities
44. Microsoft Windows GDI+ ICO File Remote Denial of Service Vulnerability
45. ASP Folder Gallery Download_Script.ASP Arbitrary File Download Vulnerability
46. Wordpress XMLRPC.PHP SQL Injection Vulnerability
47. JD Wiki For Joomla Multiple Remote File Include Vulnerabilities
48. Yahoo! Messenger Multiple Unspecified Remote Code Execution Vulnerabilities
49. PBLang Login.PHP Local File Include Vulnerability
50. MPlayer Multiple CDDB Parsing Buffer Overflow Vulnerabilities
51. MaraDNS Multiple Remote Denial of Service Vulnerabilities
52. LibEXIF Exif_Data_Load_Data_Entry Remote Integer Overflow Vulnerability
53. E-Book Systems FlipViewer FlipViewerX.DLL ActiveX Multiple Buffer Overflow Vulnerabilities
54. HP System Management Homepage (SMH) Unspecified Cross Site Scripting Vulnerability
55. Kevin Johnson BASE Base_Main.PHP Authentication Bypass Vulnerability
56. Samba NDR RPC Request NetSetFileSecurity Heap-Based Buffer Overflow Vulnerability
57. Samba NDR RPC Request LsarLookupSids/LsarLookupSids2 Heap-Based Buffer Overflow Vulnerability
58. Samba NDR RPC Request DFSEnum Heap-Based Buffer Overflow Vulnerability
59. Samba NDR RPC Request LsarAddPrivilegesToAccount Heap-Based Buffer Overflow Vulnerability
60. Samba MS-RPC Remote Shell Command Execution Vulnerability
61. Samba NDR RPC Request RFNPCNEX Heap-Based Buffer Overflow Vulnerability
62. Sun Solaris Management Console Logging Mechanism Remote Privilege Escalation Vulnerability
63. Sun Solaris Management Console Authentication Mechanism Remote Privilege Escalation Vulnerability
64. Util-linux Login Security Bypass Vulnerability
65. Mozilla Firefox Beatnik Extension Remote Script Code Execution Vulnerability
66. SSL-Explorer Multiple Input Validation Vulnerabilities
67. Multiple Vendor XFERWAN.EXE Filename Remote Buffer Overflow Vulnerability
68. WebStudio CMS Index.PHP Cross-Site Scripting Vulnerability
69. IBM Lotus Domino Agent Signature Verification Local Privilege Escalation Vulnerability
70. Symantec Storage Foundation VxSchedService.EXE Scheduler Service Authentication Bypass Vulnerability
71. Xine-Lib RuleMatches Remote Buffer Overflow Vulnerability
72. Clam AntiVirus ClamAV OLE2 Parser Remote Denial Of Service Vulnerability
73. Sun Solaris Gnome Assistive Technology XScreenSaver Local Arbitrary Command Execution Vulnerability
74. My DataBook Diary.PHP Multiple Input Validation Vulnerabilities
75. WebSVN Filedetails.PHP Cross-Site Scripting Vulnerability
76. Movable Type Multiple Input Validation Vulnerabilities And User Enumeration Weakness
77. Quick.Cart General.PHP Local File Include Vulnerability
78. Microsoft Internet Explorer Location Object Webpage Spoofing Vulnerability
79. Linker Search.PHP Cross-Site Scripting Vulnerability
80. PostNuke PNPHPBB2 Module Index.PHP SQL Injection Vulnerability
81. EQDKP Listmembers.PHP SQL Injection Vulnerability
82. Meneame Multiple Unspecified Cross Site Scripting Vulnerabilities
83. Mutt Mutt_Gecos_Name Function Local Buffer Overflow Vulnerability
84. PHP PEAR INSTALL-AS Attribute Arbitrary File Overwrite Vulnerability
85. LHA Insecure Temporary File Creation Vulnerability
86. WordPress Predictable Cookie Generation Information Disclosure Vulnerability
87. SendCard SendCard.PHP Local File Include Vulnerability
88. IBM Lotus Domino Web Server Unspecified Remote Denial of Service Vulnerability
89. F5 FirePass 4100 SSL VPN My.Activiation.PHP3 Remote Command Injection Vulnerability
90. XOOPS IContent Module Spaw_Control.Class.PHP Remote File Include Vulnerability
91. Todd Miller Sudo Ptrace API Local Privilege Escalation Vulnerability
92. Hitachi XP/W Unspecified Remote Denial of Service Vulnerability
93. Microsoft Excel Malformed Column Record Remote Code Execution Vulnerability
94. Microsoft Excel Malformed String Remote Code Execution Vulnerability
95. Microsoft Excel IMDATA Record Remote Code Execution Vulnerability
96. eSellerate SDK eSellerateControl365.DLL ActiveX Control Buffer Overflow Vulnerability
97. Mozilla Firefox Resource Variant Directory Traversal Vulnerability
98. IBM Tivoli Provisioning Manager OS Deployment Multiple Stack Buffer Overflow Vulnerabilities
99. Mozilla Firefox Action Prompt Delay Security Mechanism Bypass Vulnerability
100. GDB Process_Coff_Symbol UPX File Buffer Overflow Vulnerability
III. SECURITYFOCUS NEWS
1. Judge nixes teacher's conviction on porn pop-ups
2. Zero-day sales not "fair" -- to researchers
3. Insecure plug-ins pose danger to Firefox users
4. Peer-to-peer networks co-opted for DOS attacks
IV. SECURITY JOBS LIST SUMMARY
V. INCIDENTS LIST SUMMARY
VI. VULN-DEV RESEARCH LIST SUMMARY
VII. MICROSOFT FOCUS LIST SUMMARY
1. SecurityFocus Microsoft Newsletter #344
VIII. SUN FOCUS LIST SUMMARY
1. SSL Cert for patchpro.sun.com Invalid?
IX. LINUX FOCUS LIST SUMMARY
X. UNSUBSCRIBE INSTRUCTIONS
XI. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1. Security Analogies
By Scott Granneman
Scott Granneman discusses security analogies and their function in educating the masses on security concepts.
http://www.securityfocus.com/columnists/445

2. Your Space, My Space, Everybody's Space
By Mark Rasch
Privacy is about protecting data when somebody wants it for some purpose. It is easy to protect data that nobody wants.
http://www.securityfocus.com/columnists/444

II. BUGTRAQ SUMMARY
--------------------
1. Computer Associates Multiple Products Remote Stack Buffer Overflow Vulnerability
BugTraq ID: 24330
Remote: Yes
Last Updated: 2007-06-06
Relevant URL: http://www.securityfocus.com/bid/24330
Summary:
Multiple Computer Associates products are prone to a remote stack-based buffer-overflow vulnerability because the scan engine fails to properly bounds-check user-supplied data before copying it to an insufficiently sized buffer.

A successful exploit will allow an attacker to execute arbitrary code with SYSTEM-level privileges.

2. Computer Associates Anti-Virus Engine Malformed CAB Filename Buffer Overflow Vulnerability
BugTraq ID: 24331
Remote: Yes
Last Updated: 2007-06-06
Relevant URL: http://www.securityfocus.com/bid/24331
Summary:
Multiple Computer Associates products that implement the antivirus engine are prone to a stack-based buffer-overflow vulnerability. This issue occurs because the software fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.

An attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successfully exploiting this issue will result in the complete compromise of affected computers. Failed exploit attempts will result in a denial-of-service condition.

3. F-Secure Anti-Virus LHA Processing Buffer Overflow Vulnerability
BugTraq ID: 24235
Remote: Yes
Last Updated: 2007-06-04
Relevant URL: http://www.securityfocus.com/bid/24235
Summary:
Multiple F-Secure Anti-Virus applications are prone to a buffer-overflow vulnerability when they process certain LHA archive files. This issue occurs because the applications fail to properly check boundaries on user-supplied data before copying it to an insufficiently sized memory buffer.

Successful exploits can allow attackers to execute arbitrary code with the privileges of the vulnerable application. Failed exploit attempts will likely result in denial-of-service conditions.

Reports indicate that this vulnerability also occurs when processing malformed LZH archives, ARJ files, and FSG packed files.

4. Linker Index.PHP Cross-Site Scripting Vulnerability
BugTraq ID: 24277
Remote: Yes
Last Updated: 2007-06-04
Relevant URL: http://www.securityfocus.com/bid/24277
Summary:
Codelib Linker is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

5. MIT Kerberos Administration Daemon Kadmind Double Free Memory Corruption Vulnerabilities
BugTraq ID: 23282
Remote: Yes
Last Updated: 2007-06-04
Relevant URL: http://www.securityfocus.com/bid/23282
Summary:
MIT Kerberos 5 is prone to a double-free memory-corruption vulnerability.

An attacker can exploit this issue to execute arbitrary code with superuser or SYSTEM-level privileges, completely compromising affected computers. Failed exploit attempts will likely result in a denial-of-service conditions.

This issue also affects third-party applications using the affected API.

6. SNMPC Username/Password Remote Denial of Service Vulnerability
BugTraq ID: 24292
Remote: Yes
Last Updated: 2007-06-04
Relevant URL: http://www.securityfocus.com/bid/24292
Summary:
SNMPc is prone to a remote denial-of-service vulnerability.

Successfully exploiting this issue would cause the affected application to crash, denying service to legitimate users.

This issue is reported to affect versions of SNMPc prior to 7.0.19.

7. HP Tru64 Valid User Enumeration Weakness
BugTraq ID: 24021
Remote: Yes
Last Updated: 2007-06-04
Relevant URL: http://www.securityfocus.com/bid/24021
Summary:
Hewlett Packard Tru64 is prone to an information-disclosure weakness.

An attacker can exploit this issue to enumerate valid user names. This may aid in further attacks.

HP Tru64 UNIX v5.1B-3 and v5.1B-4 are vulnerable.

8. Iputils Rarpd Remote Denial Of Service Vulnerability
BugTraq ID: 23706
Remote: Yes
Last Updated: 2007-06-04
Relevant URL: http://www.securityfocus.com/bid/23706
Summary:
The 'iputils rarpd' program is affected by a remote denial-of-service vulnerability because the software fails to properly handle certain network packets.

A successful attack allows a remote attacker to crash the application, denying further service to legitimate users.

9. NetcPlus SmartServer3 DoS Vulnerability
BugTraq ID: 1965
Remote: Yes
Last Updated: 2007-06-04
Relevant URL: http://www.securityfocus.com/bid/1965
Summary:
SmartServer3 is an email server designed for small networks.

The POP3 and SMTP services within SmartServer3 are prone to a denial-of-service issue. Submitting an unusually long argument to the User or Pass command in the POP3 service will cause the server to stop responding and refuse any new connections. An unusually long argument submitted to the SMTP service after the 'HELO' command will cause the server to stop responding, yet will still accept new connections. In either instance, a restart of the server is required to gain normal functionality.

Successful exploits could allow attackers to execute arbitrary commands, but this has not been confirmed.

10. NetCPlus BusinessMail Multiple Remote Buffer Overflow Vulnerabilities
BugTraq ID: 14434
Remote: Yes
Last Updated: 2007-06-04
Relevant URL: http://www.securityfocus.com/bid/14434
Summary:
BusinessMail is affected by multiple remote buffer-overflow vulnerabilities because the software fails to perform boundary checks. Remote attackers may be able to execute machine code in the context of the server process.

BusinessMail 4.60 is reportedly vulnerable; other versions may be affected as well.

11. Mozilla FireFox About:Blank IFrame Cross Domain Information Disclosure Vulnerability
BugTraq ID: 24286
Remote: Yes
Last Updated: 2007-06-04
Relevant URL: http://www.securityfocus.com/bid/24286
Summary:
Mozilla Firefox is prone to a cross-domain information-disclosure vulnerability because scripts may persist across navigations.

A malicious site may be able to modify the iframe of a site in an arbitrary external domain. Attackers could exploit this to gain access to sensitive information that is associated with the external domain. Other attacks are also possible, such as executing script code in other browser security zones.

This issue is being tracked by Bugzilla Bug 382686 and is reportedly related to Bug 343168.

Firefox 2.0.0.4 and prior versions are vulnerable.

12. Hunkaray Okul Portaly Haberoku.ASP SQL Injection Vulnerability
BugTraq ID: 24288
Remote: Yes
Last Updated: 2007-06-04
Relevant URL: http://www.securityfocus.com/bid/24288
Summary:
HÃ¼nkaray Okul PortalÃ½ is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

An attacker can exploit this issue by manipulating the SQL query logic to carry out unauthorized actions on the underlying database.

HÃ¼nkaray Okul PortalÃ½ 1.1 is vulnerable to this issue.

13. PHP Chunk_Split() Function Integer Overflow Vulnerability
BugTraq ID: 24261
Remote: Yes
Last Updated: 2007-06-04
Relevant URL: http://www.securityfocus.com/bid/24261
Summary:
PHP is prone to an integer-overflow vulnerability because it fails to ensure that integer values aren't overrun. Attackers may exploit this issue to cause a buffer overflow and to corrupt process memory.

Attackers may be able to execute arbitrary machine code in the context of the affected application. Failed exploit attempts will likely result in a denial-of-service condition.

This issue affects versions of PHP prior to 5.2.3.

14. PHP Filter_Var FILTER_VALIDATE_EMAIL Newline Injection Vulnerability
BugTraq ID: 23359
Remote: Yes
Last Updated: 2007-06-04
Relevant URL: http://www.securityfocus.com/bid/23359
Summary:
PHP is prone to an email-newline-injection vulnerability because it fails to properly sanitize user-supplied input.

Exploiting this issue may allow a malicious user to create arbitrary email headers, and then create and transmit spam messages from the affected computer.

15. Clam AntiVirus ClamAV RAR Handling Remote Denial Of Service Vulnerability
BugTraq ID: 24289
Remote: Yes
Last Updated: 2007-06-04
Relevant URL: http://www.securityfocus.com/bid/24289
Summary:
ClamAV is prone to a denial-of-service vulnerability.

A successful attack may allow an attacker to cause denial-of-service conditions.

16. Credant Mobile Guardian Shield Information Disclosure Vulnerability
BugTraq ID: 24139
Remote: Yes
Last Updated: 2007-06-04
Relevant URL: http://www.securityfocus.com/bid/24139
Summary:
Credant Mobile Guardian Shield is prone to an information-disclosure vulnerability because it stores sensitive password information in plain text.

This issue affects Credant Mobile Guardian Shield 5.2.1.105 and prior versions.

17. Cisco Wireless Control System Multiple Security Vulnerabilities
BugTraq ID: 18701
Remote: Yes
Last Updated: 2007-06-04
Relevant URL: http://www.securityfocus.com/bid/18701
Summary:
Cisco Wireless Control System is prone to multiple security vulnerabilities.

The following issues have been disclosed:

- Authorization-bypass vulnerability due to multiple hardcoded username and password pairs
- Arbitrary file access vulnerability
- Cross-site scripting vulnerability
- Information-disclosure vulnerability

An attacker can exploit these issues to retrieve potentially sensitive information, overwrite files, perform cross-site scripting attacks, and gain unauthorized access; other attacks are also possible.

18. Okyanusmedya Index.PHP Cross-Site Scripting Vulnerability
BugTraq ID: 24285
Remote: Yes
Last Updated: 2007-06-04
Relevant URL: http://www.securityfocus.com/bid/24285
Summary:
Okyanusmedya is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

19. Agnitum Outpost Firewall Outpost_IPC_HDR Local Denial of Service Vulnerability
BugTraq ID: 24284
Remote: No
Last Updated: 2007-06-04
Relevant URL: http://www.securityfocus.com/bid/24284
Summary:
Outpost Firewall is prone to a local denial-of-service vulnerability.

An attacker can exploit this issue to block arbitrary processes, denying service to legitimate users.

This issue affects Outpost Firewall 4.0 build 1007.591.145 and build 964.582.059; other versions may also be affected.

20. Open Solution QuickCart Index.PHP Local File Include Vulnerability
BugTraq ID: 24281
Remote: Yes
Last Updated: 2007-06-04
Relevant URL: http://www.securityfocus.com/bid/24281
Summary:
Quick.Cart is prone to a local file-include vulnerability because the application fails to sufficiently sanitize user-supplied input.

Exploiting this issue may allow an unauthorized user to view files and execute local scripts.

Quick.Cart 2.2 and prior versions are vulnerable to this issue.

21. Mutt Insecure Temporary File Creation Multiple Vulnerabilities
BugTraq ID: 20733
Remote: No
Last Updated: 2007-06-04
Relevant URL: http://www.securityfocus.com/bid/20733
Summary:
Mutt creates temporary files in an insecure manner.

Attackers could exploit these issues to perform symlink attacks to overwrite arbitrary files using the privileges of the user running the vulnerable application.

Mutt 1.5.12 and prior versions are vulnerable.

22. GD Graphics Library PNG File Processing Denial of Service Vulnerability
BugTraq ID: 24089
Remote: Yes
Last Updated: 2007-06-04
Relevant URL: http://www.securityfocus.com/bid/24089
Summary:
The GD graphics library is prone to a denial-of-service vulnerability.

An attacker can exploit this issue to cause denial-of-service conditions in applications implementing the affected library.

GD graphics library 2.0.34 is reported vulnerable; other versions may be affected as well.

23. IBM Web-based System Manager Unspecified Denial of Service Vulnerability
BugTraq ID: 24240
Remote: Yes
Last Updated: 2007-06-04
Relevant URL: http://www.securityfocus.com/bid/24240
Summary:
IBM Web-based System Manager (WebSM) is prone to an unspecified denial-of-service vulnerability.

An attacker can exploit this issue to consume excessive memory, resulting in a denial-of-service condition.

24. Provideo Camimage Class ISSCamControl.DLL ActiveX Control Buffer Overflow Vulnerability
BugTraq ID: 24279
Remote: Yes
Last Updated: 2007-06-04
Relevant URL: http://www.securityfocus.com/bid/24279
Summary:
Provideo Camimage Class ActiveX control is prone to a buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.

Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed exploit attempts likely result in denial-of-service conditions.

This issue affects Provideo Camimage Class 1.0.1.5; other versions may also be affected.

25. DVD X Player PLF File Buffer Overflow Vulnerability
BugTraq ID: 24278
Remote: Yes
Last Updated: 2007-06-04
Relevant URL: http://www.securityfocus.com/bid/24278
Summary:
DVD X Player is prone to a buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.

Successfully exploiting this issue allows remote attackers to execute arbitrary machine code in the context of the affected user. Failed exploit attempts likely result in application crashes.

This issue affects DVD X Player 4.1; other versions may also be affected.

26. PHPLive Multiple Scripts Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 24276
Remote: Yes
Last Updated: 2007-06-04
Relevant URL: http://www.securityfocus.com/bid/24276
Summary:
PHP Live! is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

PHP Live! 3.2.2 is vulnerable to this issue; other versions may also be affected.

27. Symantec Ghost Solution Suite UDP Packet Multiple Denial of Service Vulnerabilities
BugTraq ID: 24323
Remote: Yes
Last Updated: 2007-06-06
Relevant URL: http://www.securityfocus.com/bid/24323
Summary:
Symantec Ghost Solution Suite is prone to multiple denial-of-service vulnerabilities because it fails to handle certain UDP network packets.

Successful exploits may allow remote attackers to cause denial-of-service conditions via the client or server daemons.

These issues affects Ghost Solution Suite 2.0.0 and prior versions.

28. MadWifi Multiple Denial of Service Vulnerabilities
BugTraq ID: 24114
Remote: Yes
Last Updated: 2007-06-06
Relevant URL: http://www.securityfocus.com/bid/24114
Summary:
MadWifi is prone to multiple denial-of-service vulnerabilities.

Exploiting these issues may permit attackers to cause system crashes and deny service to legitimate users.

Versions of MadWifi prior to 0.9.3.1 are vulnerable.

29. Sun Java Runtime Environment Image Parsing Buffer Overflow Vulnerability
BugTraq ID: 24267
Remote: Yes
Last Updated: 2007-06-06
Relevant URL: http://www.securityfocus.com/bid/24267
Summary:
The Sun Java Runtime Environment is prone to a buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.

An attacker can exploit this issue to execute arbitrary code in the context of a user who invokes a malicious Java applet.

30. ComicSense Index.PHP SQL Injection Vulnerability
BugTraq ID: 24329
Remote: Yes
Last Updated: 2007-06-06
Relevant URL: http://www.securityfocus.com/bid/24329
Summary:
ComicSense is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

An attacker can exploit this issue by manipulating the SQL query logic to carry out unauthorized actions on the underlying database.

31. Mozilla Products Multiple Remote Vulnerabilities
BugTraq ID: 24242
Remote: Yes
Last Updated: 2007-06-06
Relevant URL: http://www.securityfocus.com/bid/24242
Summary:
The Mozilla Foundation has released six security advisories specifying vulnerabilities in Firefox, SeaMonkey, and Thunderbird.

These vulnerabilities allow attackers to:

- Execute arbitrary code
- Cause denial-of-service conditions
- Perform cross-site scripting attacks
- Obtain potentially sensitive information
- Spoof legitimate content

Other attacks may also be possible.

32. APOP Protocol Insecure MD5 Hash Weakness
BugTraq ID: 23257
Remote: Yes
Last Updated: 2007-06-06
Relevant URL: http://www.securityfocus.com/bid/23257
Summary:
Applications that implement the APOP protocol may be vulnerable to a password-hash weakness. This issue occurs because the MD5 hash algorithm fails to properly prevent collisions.

Attackers may exploit this issue in man-in-the-middle attacks to potentially gain access to the first three characters of passwords. This will increase the likelihood of successful brute-force attacks against APOP authentication.

To limit the possibility of successful exploits, applications that implement the APOP protocol should set up safeguards to ensure that message IDs are RFC-compliant.

Mozilla Thunderbird, Evolution, mutt, and fetchmail are reportedly affected by this issue.

33. Libpng Library Remote Denial of Service Vulnerability
BugTraq ID: 24000
Remote: Yes
Last Updated: 2007-06-06
Relevant URL: http://www.securityfocus.com/bid/24000
Summary:
The 'libpng' library is prone to a remote denial-of-service vulnerability because the library fails to handle malicious PNG files.

Successful exploits may allow remote attackers to cause denial-of-service conditions on computers running the affected library.

This issue affects 'libpng' 1.2.16 and prior versions.

34. Kravchuk K-Letter Multiple Remote File Include Vulnerabilities
BugTraq ID: 24334
Remote: Yes
Last Updated: 2007-06-06
Relevant URL: http://www.securityfocus.com/bid/24334
Summary:
Kravchuk K-letter is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input to the application.

An attacker may leverage these issues to execute an arbitrary remote file containing malicious script code in the context of the webserver process. This may allow the attacker to compromise the application and the underlying system. Other attacks are also possible.

These issues affect K-letter 1.0; other versions may also be affected.

35. FreeVMS Backup Utility Unspecified Buffer Overflow Vulnerability
BugTraq ID: 24333
Remote: No
Last Updated: 2007-06-06
Relevant URL: http://www.securityfocus.com/bid/24333
Summary:
FreeVMS backup utility is prone to a buffer-overflow vulnerability because it fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.

Successfully exploiting this issue allows attackers to execute arbitrary code in the context of the vulnerable application. Failed exploit attempts likely result in denial-of-service conditions.

This issue affects versions prior to FreeVMS 0.3.6

36. Microsoft Internet Explorer Javascript Cross Domain Information Disclosure Vulnerability
BugTraq ID: 24283
Remote: Yes
Last Updated: 2007-06-06
Relevant URL: http://www.securityfocus.com/bid/24283
Summary:
The browser is prone to a cross-domain information-disclosure vulnerability because scripts may persist across navigations.

This vulnerability may let a malicious site interact with a site in an arbitrary external domain. Attackers could exploit this to gain access to sensitive information that is associated with the external domain. Other attacks may be possible, such as executing script code in other browser security zones.

UPDATE: Reports indicate that Safari browser may also be vulnerable, but this has not been confirmed.

UPDATE - June 6 2007: The WebKit framework used by Safari is reported to be vulnerable. Builds 522 and later which are associated with the nightly WebKit build are vulnerable; other versions may also be affected.

37. W3M Browser InputAnswer Format String Vulnerability
BugTraq ID: 24332
Remote: Yes
Last Updated: 2007-06-06
Relevant URL: http://www.securityfocus.com/bid/24332
Summary:
W3M is prone to a format-string vulnerability because it fails to properly sanitize user-supplied input before passing it as the format specifier to a formatted-printing function.

An attack can exploit this issue to execute arbitrary machine code in the context of the user running the affected browser. A successful attack will compromise the application. Failed attempts may cause denial-of-service conditions.

Versions prior to W3M 0.5.2 are vulnerable.

38. Acme.Serve v1.7 Arbitrary File Access Vulnerability
BugTraq ID: 2809
Remote: Yes
Last Updated: 2007-06-06
Relevant URL: http://www.securityfocus.com/bid/2809
Summary:
Acme.Serve is a free, open source embeddable web server written in Java. It is small and intended to provide minimal functionality and is fully compatible with JavaServer.

Acme.Serve version 1.7 comes with a webserver that listens on port 9090. This webserver allows clients to browse the filesystem. By default, this webserver is enabled and accessible by any remote host on the Internet.

If an attacker were to connect, they could view possibly sensitive information.

39. Symantec System Center Reporting Server Remote Privilege Escalation Vulnerability
BugTraq ID: 24313
Remote: Yes
Last Updated: 2007-06-06
Relevant URL: http://www.securityfocus.com/bid/24313
Summary:
Symantec System Center Reporting Server is prone to a remote privilege-escalation vulnerability.

Attackers can exploit this issue to execute malicious code on an affected server and gain the privileges of the user running the server. Successful attacks will compromise the application and possibly the underlying computer.

Reporting Server is distributed with Symantec AntiVirus Corporate Edition 10.1 and later and Symantec Client Security 3.1 and later.

Versions prior to Reporting Server 1.0.224.0, AntiVirus Corporate Edition 10.1.6.6000, and Client Security 3.1.6.6000 are vulnerable.

40. Symantec Reporting Server Authentication Bypass Vulnerability
BugTraq ID: 24325
Remote: Yes
Last Updated: 2007-06-06
Relevant URL: http://www.securityfocus.com/bid/24325
Summary:
Symantec Reporting Server is prone to an authentication-bypass vulnerability.

An attacker can exploit this issue to gain access to the reporting database.

41. Symantec Reporting Server Password Information Disclosure Vulnerability
BugTraq ID: 24312
Remote: Yes
Last Updated: 2007-06-06
Relevant URL: http://www.securityfocus.com/bid/24312
Summary:
Symantec Reporting Server is prone to an information-disclosure vulnerability.

Successfully exploiting this issue would allow an attacker to obtain sensitive information that will allow the attacker to gain administrative access to the server database.

42. Net-SNMP TCP Disconnect Remote Denial Of Service Vulnerability
BugTraq ID: 23762
Remote: Yes
Last Updated: 2007-06-06
Relevant URL: http://www.securityfocus.com/bid/23762
Summary:
Net-SNMP is prone to a remote denial-of-service vulnerability. The issue is exposed when Net-SNMP is configured to communicate over TCP; Net-SNMP using UDP is unaffected.

This issue affects Net-SNMP when running in 'master agentx' mode. An attacker can exploit this issue to cause the affected service to crash, effectively denying service to legitimate users.

43. File Multiple Denial of Service Vulnerabilities
BugTraq ID: 24146
Remote: Yes
Last Updated: 2007-06-06
Relevant URL: http://www.securityfocus.com/bid/24146
Summary:
The 'file' utility is prone to multiple denial-of-service vulnerabilities because it fails to handle exceptional conditions.

An attacker could exploit this issue by enticing a victim to open a specially crafted file. A denial-of-service condition can occur. Arbitrary code execution may be possible, but Symantec has not confirmed this.

44. Microsoft Windows GDI+ ICO File Remote Denial of Service Vulnerability
BugTraq ID: 24346
Remote: Yes
Last Updated: 2007-06-06
Relevant URL: http://www.securityfocus.com/bid/24346
Summary:
Microsoft Windows is prone to a remote denial-of-service vulnerability because it fails to properly handle maliciously crafted ICO files.

An attacker may exploit this issue by enticing victims into opening a malicious file.

Successful exploits will result in denial-of-service conditions on applications using the affected library. Applications such as Windows Explorer or Picture and Fax viewer have been identified as vulnerable.

45. ASP Folder Gallery Download_Script.ASP Arbitrary File Download Vulnerability
BugTraq ID: 24345
Remote: Yes
Last Updated: 2007-06-06
Relevant URL: http://www.securityfocus.com/bid/24345
Summary:
ASP Folder Gallery is prone to an arbitrary file-download vulnerability because the application fails to sufficiently sanitize user-supplied input.

An attacker can exploit this issue to download arbitrary files within the context of the affected webserver.

46. Wordpress XMLRPC.PHP SQL Injection Vulnerability
BugTraq ID: 24344
Remote: Yes
Last Updated: 2007-06-06
Relevant URL: http://www.securityfocus.com/bid/24344
Summary:
WordPress is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query.

A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.

This issue affects WordPress 2.2; other versions may also be vulnerable.

47. JD Wiki For Joomla Multiple Remote File Include Vulnerabilities
BugTraq ID: 24342
Remote: Yes
Last Updated: 2007-06-06
Relevant URL: http://www.securityfocus.com/bid/24342
Summary:
JD-Wiki is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input.

An attacker can exploit these issues to include arbitrary remote files containing malicious PHP code and execute it in the context of the webserver process. This may allow the attacker to compromise the application and to gain access to the underlying system.

JD-Wiki 1.0.2 and earlier are vulnerable to this issue; other versions may also be affected.

48. Yahoo! Messenger Multiple Unspecified Remote Code Execution Vulnerabilities
BugTraq ID: 24341
Remote: Yes
Last Updated: 2007-06-06
Relevant URL: http://www.securityfocus.com/bid/24341
Summary:
Yahoo! Messenger is prone to multiple unspecified remote code-execution vulnerabilities.

No further information is currently available. This BID will be updated as more information is disclosed.

Successfully exploiting these issues allows remote attackers to execute arbitrary machine code in the context of the affected application. This facilitates the remote compromise of affected computers.

Specific vulnerable Yahoo! Messenger versions are not known, but versions in the 8 series for Microsoft Windows are reportedly affected.

49. PBLang Login.PHP Local File Include Vulnerability
BugTraq ID: 24340
Remote: Yes
Last Updated: 2007-06-06
Relevant URL: http://www.securityfocus.com/bid/24340
Summary:
PBLang is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.

Exploiting this issue may allow an unauthorized user to view files and execute local scripts.

Version 4.67.16.a is vulnerable to this issue; prior versions may also be affected.

50. MPlayer Multiple CDDB Parsing Buffer Overflow Vulnerabilities
BugTraq ID: 24339
Remote: Yes
Last Updated: 2007-06-06
Relevant URL: http://www.securityfocus.com/bid/24339
Summary:
MPlayer is prone to multiple buffer-overflow vulnerabilities when it attempts to process malformed album and category titles. These issues occur because the application fails to perform proper bounds-checking on user-supplied data before copying it to an insufficiently sized memory buffer.

An attacker may exploit these issues to execute arbitrary code with the privileges of the user that activated the vulnerable application. This may facilitate unauthorized access or privilege escalation.

MPlayer 1.0rc1 is vulnerable to these issues; other versions may also be affected.

51. MaraDNS Multiple Remote Denial of Service Vulnerabilities
BugTraq ID: 24337
Remote: Yes
Last Updated: 2007-06-06
Relevant URL: http://www.securityfocus.com/bid/24337
Summary:
MaraDNS is prone to multiple remote denial-of-service vulnerabilities because of memory leaks.

Successfully exploiting these issues allows remote attackers to crash affected servers by exhausting memory resources. This will deny further service to legitimate users.

MaraDNS versions prior to 1.2.12.06 are vulnerable.

52. LibEXIF Exif_Data_Load_Data_Entry Remote Integer Overflow Vulnerability
BugTraq ID: 23927
Remote: Yes
Last Updated: 2007-06-05
Relevant URL: http://www.securityfocus.com/bid/23927
Summary:
The libexif library is prone to an integer-overflow vulnerability because the software fails to properly ensure that integer math operations do not result in unintended overflows.

Successful exploits of this vulnerability allow remote attackers to execute arbitrary machine code in the context of an application using the vulnerable library. Failed attempts will likely result in denial-of-service conditions.

Versions of libexif prior to 0.6.14 are vulnerable to this issue.

53. E-Book Systems FlipViewer FlipViewerX.DLL ActiveX Multiple Buffer Overflow Vulnerabilities
BugTraq ID: 24328
Remote: Yes
Last Updated: 2007-06-05
Relevant URL: http://www.securityfocus.com/bid/24328
Summary:
E-Book Systems FlipViewer ActiveX Control is prone to multiple buffer-overflow vulnerabilities.

Successfully exploiting these issues allows remote attackers to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed exploit attempts likely result in denial-of-service conditions.

Versions prior to FlipViewer 4.0 are vulnerable; other versions may also be affected.

54. HP System Management Homepage (SMH) Unspecified Cross Site Scripting Vulnerability
BugTraq ID: 24256
Remote: Yes
Last Updated: 2007-06-05
Relevant URL: http://www.securityfocus.com/bid/24256
Summary:
HP System Management Homepage is prone to a cross-site scripting vulnerability.

Exploiting this vulnerability may allow an attacker to perform cross-site scripting attacks on unsuspecting users in the context of the affected website. As a result, the attacker may be able to steal cookie-based authentication credentials and to launch other attacks.

Versions of HP System Management Homepage (SMH) prior to 2.1.2 for Linux and Windows are affected.

55. Kevin Johnson BASE Base_Main.PHP Authentication Bypass Vulnerability
BugTraq ID: 24315
Remote: Yes
Last Updated: 2007-06-05
Relevant URL: http://www.securityfocus.com/bid/24315
Summary:
BASE is prone to an authentication-bypass vulnerability due to a design error.

An attacker can exploit this issue to gain unauthorized access to the affected application.

This issue affects BASE 1.3.6; prior versions may also be affected.

56. Samba NDR RPC Request NetSetFileSecurity Heap-Based Buffer Overflow Vulnerability
BugTraq ID: 24196
Remote: Yes
Last Updated: 2007-06-05
Relevant URL: http://www.securityfocus.com/bid/24196
Summary:
Samba is prone to a remote heap-based buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it to an insufficiently sized memory buffer.

An attacker can exploit this issue to execute arbitrary code with superuser privileges, facilitating the complete remote compromise of affected computers. Failed exploit attempts will result in a denial of service.