News

Thursday, June 14, 2007

SecurityFocus Newsletter #405

SecurityFocus Newsletter #405
----------------------------------------

This Issue is Sponsored by: SPI Dynamics

ALERT: "How A Hacker Launches A Cross-Site Scripting Attack"- White Paper
Cross-site scripting vulnerabilities in web apps allow hackers to compromise confidential information, steal cookies and create requests that can be mistaken for those of a valid user!! Download this *FREE* white paper from SPI Dynamics for a complete guide to protection!

https://download.spidynamics.com/1/ad/xss.asp?Campaign_ID=70160000000CsFU


SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1. Embedded Problems
2. Security Analogies
II. BUGTRAQ SUMMARY
1. Linux Kernel USB Driver Data Queue Local Denial of Service Vulnerability
2. Linux Kernel ISDN PPP Remote Denial of Service Vulnerability
3. Sun Solaris INETD(1M) Local Denial of Service Vulnerability
4. YaBB Forum Profile CRLF Injection Remote Privilege Escalation Vulnerability
5. IBM TotalStorage DS400 Remote Telnet Backdoor Vulnerability
6. Xoops Horoscope Module Footer.PHP Remote File Include Vulnerability
7. Mbedthis AppWeb URL Protocol Format String Vulnerability
8. Fuzzylime Low.PHP SQL Injection Vulnerability
9. ISC BIND Remote Fetch Context Denial of Service Vulnerability
10. Xscreensaver Local Denial Of Service Vulnerability
11. ISC BIND Remote DNSSEC Validation Denial of Service Vulnerability
12. Menu Manager Module System Command Remote Command Execution Vulnerability
13. Todd Miller Sudo Kerberos Authentication Local Authentication Bypass Weakness
14. Mozilla Firefox URLBar Null Byte File Remote Code Execution Vulnerability
15. Arris Cadant C3 CTMS IP Packet Denial Of Service Vulnerability
16. Cisco Trust Agent for Mac OS X Local Privilege Escalation Vulnerability
17. Apple Safari for Windows Unspecified SVG Parse Engine Multiple Unspecified Vulnerabilities
18. PHP Live! Request.PHP Cross-Site Scripting Vulnerability
19. Invision Power Board Profile Updating Access Validation Vulnerability
20. Domain Technologie Control 404.PHP Cross-Site Scripting Vulnerability
21. TEC-IT TBarCode OCX ActiveX Control Arbitrary File Overwrite Vulnerability
22. Sporum Forum Multiple Remote Cross Site Scripting Vulnerabilities
23. D-Link DWL-G650 TIM Information Element Wireless Driver Beacon Buffer Overflow Vulnerability
24. RETIRED: Microsoft Internet Explorer Navigation Cancel Webpage Spoofing Vulnerability
25. 602Pro Lan Suite 2003 Remote Email Message Buffer Overflow Vulnerability
26. Microsoft Internet Explorer URLMON.DLL COM Object Instantiation Remote Code Execution Vulnerability
27. Linux Kernel ISDN PPP CCP Reset State Timer Denial of Service Vulnerability
28. Linux Kernel ListXATTR Local Denial of Service Vulnerability
29. Linux Kernel AppleTalk ATalk_Sum_SKB Function Denial Of Service Vulnerability
30. Linux Kernel IPv6 TCP Sockets Local Denial of Service Vulnerability
31. Linux Kernel L2CAP and HCI Setsockopt Memory Leak Information Disclosure Vulnerability
32. Microsoft Windows SChannel Security Remote Code Execution Vulnerability
33. X.Org X Window System Xserver XRender Extension Divide by Zero Denial of Service Vulnerability
34. Mod_Perl Path_Info Remote Denial Of Service Vulnerability
35. Apple Safari for Windows Window.setTimeout Content Spoofing Vulnerability
36. Apple Safari for Windows Unspecified Remote Code Execution and Denial of Service Vulnerabilities
37. XOOPS Multiple Module Spaw_Control.Class.PHP Remote File Include Vulnerability
38. PHP Prior to 5.2.2/4.4.7 Multiple Remote Buffer Overflow Vulnerabilities
39. OpenLDAP SLAPD Access Control Circumvention Vulnerability
40. EXIF Library EXIF File Processing Integer Overflow Vulnerability
41. Retired: Sitellite Forge Bug-559668.PHP Remote File Include Vulnerability
42. APOP Protocol Insecure MD5 Hash Weakness
43. Mozilla Products Multiple Remote Vulnerabilities
44. Xoops XT-Conteudo Module Spaw_Control.Class.PHP Remote File Include Vulnerability
45. SpamAssassin Long URI Handling Remote Denial of Service Vulnerability
46. Sun Solaris IKED(1M) Denial of Service Vulnerability
47. Sun Java System Directory Server Remote Unauthorized Access Vulnerability
48. Samba NDR RPC Request DFSEnum Heap-Based Buffer Overflow Vulnerability
49. Samba NDR RPC Request RFNPCNEX Heap-Based Buffer Overflow Vulnerability
50. Apache Tomcat Manager and Host Manager Upload Script Cross-Site Scripting Vulnerability
51. Samba NDR RPC Request NetSetFileSecurity Heap-Based Buffer Overflow Vulnerability
52. DotProject Unspecified Parameters Cross-Site Scripting Vulnerability
53. Samba NDR RPC Request LsarLookupSids/LsarLookupSids2 Heap-Based Buffer Overflow Vulnerability
54. Samba SID Names Local Privilege Escalation Vulnerability
55. Sun Java System Directory Server Attributes List Information Disclosure Vulnerability
56. Samba NDR RPC Request LsarAddPrivilegesToAccount Heap-Based Buffer Overflow Vulnerability
57. Samba MS-RPC Remote Shell Command Execution Vulnerability
58. Sun Solaris NFS Server XDR Handling Denial of Service Vulnerability
59. Xoops XFsection Module Dir_Module Parameter Remote File Include Vulnerability
60. Corel ActiveCGM Browser ActiveX Control Multiple Buffer Overflow Vulnerabilities
61. PHP FTP_Putcmd Function HTTP Response Splitting Vulnerability
62. Linux Kernel PRNG Entropy Weakness
63. GD Graphics Library PNG File Processing Denial of Service Vulnerability
64. Freetype TT_Load_Simple_Glyph() TTF File Integer Overflow Vulnerability
65. Microsoft Internet Explorer Speech API 4 COM Object Instantiation Buffer Overflow Vulnerabilities
66. Linux Kernel PPPoE Socket Local Denial of Service Vulnerability
67. Blackboard Products Multiple HTML Injection Vulnerabilities
68. Microsoft Internet Explorer NavCancel.HTM Cross-Site Scripting Vulnerability
69. Microsoft Internet Explorer Prototype Variable Uninitialized Memory Corruption Vulnerability
70. Microsoft Internet Explorer Language Pack Installation Remote Code Execution Vulnerability
71. Microsoft Internet Explorer CSS Tag Memory Corruption Vulnerability
72. Microsoft Internet Explorer IMJPCKSI COM Object Instantiation Memory Corruption Vulnerability
73. Microsoft Outlook Express Content Disposition Parsing Information Disclosure Vulnerability
74. Microsoft Outlook Express MHTML URL Parsing Information Disclosure Vulnerability
75. Microsoft Windows Vista Windows Mail Local File Execution Vulnerability
76. Outlook Express/Windows Mail MHTML URI Handler Information Disclosure Vulnerability
77. Apple Safari for Windows Protocol Handler Command Injection Vulnerability
78. Microsoft Windows CE POP3 Remote Denial of Service Vulnerability
79. Microsoft Windows CE .NET Compact Framework Components Multiple Vulnerabilities
80. Subversion Remote Revision Property Information Disclosure Vulnerability
81. Apache MyFaces Tomahawk JSF Framework Autoscroll Parameter Cross Site Scripting Vulnerability
82. Joomla! Letterman Subscriber Module Mod_Lettermansubscribe.PHP Cross-Site Scripting Vulnerability
83. Elxis CMS Banner Module MB_Tracker SQL Injection Vulnerability
84. PHP::HTML HTMLClass_Path Remote File Include Vulnerability
85. Apache Tomcat JSP Example Web Applications Cross Site Scripting Vulnerability
86. Sun Solaris Remote IPv6 IPSec Packet Denial of Service Vulnerability
87. Open ISCSI Multiple Local Denial Of Service Vulnerabilities
88. OpenOffice RTF File Parser Buffer Overflow Vulnerability
89. IPv6 Protocol Type 0 Route Header Denial of Service Vulnerability
90. Microsoft Office MSODataSourceControl ActiveX Control Buffer Overflow Vulnerability
91. Ruby on Rails To_JSON Script Injection Vulnerability
92. Opera Web Browser Running Adobe Flash Player Information Disclosure Vulnerability
93. Microsoft MFC Embedded OLE Object Remote Code Execution Vulnerability
94. HP Help and Support Center Unspecified Buffer Overflow Vulnerability
95. Cellosoft Tokens Removechr() Stack Buffer Overflow Vulnerability
96. Microsoft Content Management Server Cross-Site Scripting Vulnerability
97. Apple Safari Feed URI Denial Of Service Vulnerability
98. Microsoft Content Management Server Remote Code Execution Vulnerability
99. Sun Solaris Management Console HTTP TRACE Information Disclosure Vulnerability
100. Mbedthis AppWeb HTTP TRACE Information Disclosure Vulnerability
III. SECURITYFOCUS NEWS
1. Judge nixes teacher's conviction on porn pop-ups
2. Zero-day sales not "fair" -- to researchers
3. Insecure plug-ins pose danger to Firefox users
4. Peer-to-peer networks co-opted for DOS attacks
IV. SECURITY JOBS LIST SUMMARY
1. [SJ-JOB] Security Consultant, Palo Alto
2. [SJ-JOB] Security Consultant, New York
3. [SJ-JOB] Security Engineer, Pittsburgh
4. [SJ-JOB] Software Engineer, San Diego
5. [SJ-JOB] Security Consultant, Palo Alto
6. [SJ-JOB] Certification & Accreditation Engineer, Washington DC
7. [SJ-JOB] Sr. Security Analyst, Chicago
8. [SJ-JOB] Sales Representative, Atlanta
9. [SJ-JOB] Jr. Security Analyst, Irvine
10. [SJ-JOB] Sr. Security Engineer, Bangalore
11. [SJ-JOB] Security Consultant, Overland Park
12. [SJ-JOB] Security Consultant, Ottawa
13. [SJ-JOB] Security Consultant, Dover
14. [SJ-JOB] Security Consultant, New York City
15. [SJ-JOB] Chief Security Strategist, Cotonou
16. [SJ-JOB] Security Consultant, Chicago
17. [SJ-JOB] Sr. Security Analyst, Cairo
18. [SJ-JOB] Jr. Security Analyst, Washington DC
19. [SJ-JOB] Penetration Engineer, Worcester
20. [SJ-JOB] Security System Administrator, Canberra
21. [SJ-JOB] Security Consultant, Groton
22. [SJ-JOB] Security Architect, Canberra
23. [SJ-JOB] VP of Regional Sales, Chicago
24. [SJ-JOB] Manager, Information Security, London
25. [SJ-JOB] Security Consultant, Houston
26. [SJ-JOB] Sr. Security Engineer, Fort Lauderdale
27. [SJ-JOB] Security Engineer, Canberra
28. [SJ-JOB] Security Engineer, Canberra
29. [SJ-JOB] Security Consultant, Denver
30. [SJ-JOB] Technology Risk Consultant, London
31. [SJ-JOB] Application Security Engineer, Los Angeles
32. [SJ-JOB] Security Consultant, Bedminster
33. [SJ-JOB] Security System Administrator, Winston Salem
34. [SJ-JOB] Security System Administrator, Foster City
35. [SJ-JOB] Security Consultant, Chicago
36. [SJ-JOB] Security Consultant, Mountain View
37. [SJ-JOB] Application Security Engineer, Broomfield
38. [SJ-JOB] Software Engineer, Mountain View
39. [SJ-JOB] Security Engineer, London
40. [SJ-JOB] Software Engineer, Columbia
41. [SJ-JOB] Sr. Security Analyst, Warren
42. [SJ-JOB] Software Engineer, Mountain VIew
43. [SJ-JOB] Auditor, Jacksonville
44. [SJ-JOB] Security Engineer, Saint Louis
45. [SJ-JOB] Disaster Recovery Coordinator, Saint Louis
46. [SJ-JOB] Software Engineer, Redwood Shores
47. [SJ-JOB] Security Product Manager, Berkshire
48. [SJ-JOB] Management, New York City
49. [SJ-JOB] Account Manager, New York
50. [SJ-JOB] Sr. Security Analyst, Cupertino
51. [SJ-JOB] Manager, Information Security, Baltimore
52. [SJ-JOB] Technical Support Engineer, Palo Alto
53. [SJ-JOB] Sr. Security Engineer, Phoenix
54. [SJ-JOB] Sales Representative, Baltimore
55. [SJ-JOB] Sales Representative, Reston
56. [SJ-JOB] Compliance Officer, London
57. [SJ-JOB] Application Security Engineer, Aba city
58. [SJ-JOB] Principal Software Engineer, Boston
59. [SJ-JOB] Sales Representative, Washington
60. [SJ-JOB] Security Engineer, DC
61. [SJ-JOB] Senior Software Engineer, Fort Lauderdale
62. [SJ-JOB] Security Engineer, Raleigh
63. [SJ-JOB] Security Engineer, Norcross/Lawrenceville
64. [SJ-JOB] VP, Information Security, Jersey City
65. [SJ-JOB] Sr. Security Analyst, New York
66. [SJ-JOB] Sr. Security Engineer, DC suburb outside Beltway
67. [SJ-JOB] Security Engineer, Southfield
68. [SJ-JOB] Sr. Security Analyst, Santa Clara
69. [SJ-JOB] Sr. Security Analyst, New York
70. [SJ-JOB] Manager, Information Security, Jersey City
71. [SJ-JOB] Sales Representative, Washington
72. [SJ-JOB] Disaster Recovery Coordinator, Anywhere within EMEA
73. [SJ-JOB] Sales Representative, Minneapolis
74. [SJ-JOB] Security Researcher, San Antonio
75. [SJ-JOB] Security Consultant, Montreal
76. [SJ-JOB] Auditor, Riyadh
77. [SJ-JOB] Information Assurance Analyst, Cleveland
78. [SJ-JOB] Security Engineer, Denver
79. [SJ-JOB] Security Consultant, New York
80. [SJ-JOB] Account Manager, Myrtle Beach
81. [SJ-JOB] Security Architect, Edison
82. [SJ-JOB] Security Consultant, Chicago, Milwaukee and Minneapolis
83. [SJ-JOB] Account Manager, Atlanta
84. [SJ-JOB] Sr. Product Manager, Atlanta
85. [SJ-JOB] Security Engineer, Jersey City
86. [SJ-JOB] Technical Support Engineer, Irving
87. [SJ-JOB] Information Assurance Analyst, Springfield
88. [SJ-JOB] Sales Engineer, Atlanta
89. [SJ-JOB] Sales Engineer, Chicago
90. [SJ-JOB] Security Consultant, Northern California
91. [SJ-JOB] Manager, Information Security, Dallas
92. [SJ-JOB] Sr. Security Analyst, Framingham
93. [SJ-JOB] Security Consultant, London
94. [SJ-JOB] Application Security Architect, New York
95. [SJ-JOB] Forensics Engineer, Munich
96. [SJ-JOB] Security Consultant, London
97. [SJ-JOB] Technical Writer, Mountain View
98. [SJ-JOB] Security Researcher, San Jose/Silicon Valley/Bay Area
99. [SJ-JOB] Quality Assurance, New York
100. [SJ-JOB] Auditor, Denver
101. [SJ-JOB] Management, Chandler
102. [SJ-JOB] Sr. Security Engineer, San Francisco
103. [SJ-JOB] Sr. Security Analyst, New York
104. [SJ-JOB] Security Architect, New York
105. [SJ-JOB] Sales Representative, Sydney
106. [SJ-JOB] Application Security Engineer, Pune
107. [SJ-JOB] Security System Administrator, Brooklyn (Metrotech)
108. [SJ-JOB] Security Engineer, Chicago
109. [SJ-JOB] Security Engineer, Atlanta
110. [SJ-JOB] Security Engineer, Myrtle Beach
111. [SJ-JOB] Sales Engineer, New York
112. [SJ-JOB] Sr. Security Engineer, Westlake Village
113. [SJ-JOB] Technology Risk Consultant, San Jose
114. [SJ-JOB] Security Researcher, Any
115. [SJ-JOB] Security Consultant, Woonsocket, RI
116. [SJ-JOB] Application Security Engineer, Calabasas
117. [SJ-JOB] Jr. Security Analyst, Toronto
118. [SJ-JOB] Sr. Security Analyst, Ft. Meade
119. [SJ-JOB] Developer, Toronto
120. [SJ-JOB] Jr. Security Analyst, Moscow
121. [SJ-JOB] Security Researcher, Toronto
122. [SJ-JOB] Sr. Security Analyst, Woonsocket
123. [SJ-JOB] Jr. Security Analyst, Braintree
124. [SJ-JOB] Security Engineer, York
V. INCIDENTS LIST SUMMARY
1. send to MAC A, reply from MAC B, same IP. Whats going on ?
VI. VULN-DEV RESEARCH LIST SUMMARY
1. Static Code Analysis - Nuts and Bolts
2. non-process-terminating shellcode
3. Seh over write
4. GDI+ and Internet Explorer question
5. Second Call for Papers: DeepSec IDSC 2007 Europe/Vienna: 20-23 Nov 2007
VII. MICROSOFT FOCUS LIST SUMMARY
VIII. SUN FOCUS LIST SUMMARY
IX. LINUX FOCUS LIST SUMMARY
X. UNSUBSCRIBE INSTRUCTIONS
XI. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1. Embedded Problems
By Federico Biancuzzi
Federico Biancuzzi interviews Barnaby Jack to discuss the vector rewrite attack, which architectures are vulnerable, how to defend the integrity of the exception vector table, some firmware extraction methods, and what bad things you can do on a cheap SOHO router.
http://www.securityfocus.com/columnists/446

2. Security Analogies
By Scott Granneman
Scott Granneman discusses security analogies and their function in educating the masses on security concepts.
http://www.securityfocus.com/columnists/445


II. BUGTRAQ SUMMARY
--------------------
1. Linux Kernel USB Driver Data Queue Local Denial of Service Vulnerability
BugTraq ID: 19033
Remote: No
Last Updated: 2007-06-14
Relevant URL: http://www.securityfocus.com/bid/19033
Summary:
The Linux kernel is prone to a local denial-of-service vulnerability. This issue is due to a design error in the USB FTDI SIO driver.

This vulnerability allows local users to consume all available memory resources, denying further service to legitimate users.

This issue affects Linux kernel versions prior to 2.6.16.27.

2. Linux Kernel ISDN PPP Remote Denial of Service Vulnerability
BugTraq ID: 21835
Remote: Yes
Last Updated: 2007-06-14
Relevant URL: http://www.securityfocus.com/bid/21835
Summary:
The Linux kernel is prone to a denial-of-service vulnerability.

An attacker can exploit this issue to cause an affected kernel to crash, effectively denying service to legitimate users.

Versions prior to 2.4.34 are vulnerable to this issue.

3. Sun Solaris INETD(1M) Local Denial of Service Vulnerability
BugTraq ID: 24213
Remote: No
Last Updated: 2007-06-13
Relevant URL: http://www.securityfocus.com/bid/24213
Summary:
Sun Solaris inetd(1M) is prone to a local denial-of-service vulnerability.

An attacker can exploit this issue to disable the inetd daemon, resulting in denial-of-service conditions.

4. YaBB Forum Profile CRLF Injection Remote Privilege Escalation Vulnerability
BugTraq ID: 24455
Remote: Yes
Last Updated: 2007-06-13
Relevant URL: http://www.securityfocus.com/bid/24455
Summary:
YaBB Forum is prone to a remote privilege-escalation vulnerability because the application fails to properly sanitize user-supplied input before writing it to a configuration file.

Successfully exploiting this issue allows remote attackers to gain administrative privileges in the web application and to execute arbitrary Perl script code in the context of the hosting webserver. This may facilitate the remote compromise of affected computers.

YaBB Forum 2.1 is vulnerable to this issue; other versions may also be affected.

5. IBM TotalStorage DS400 Remote Telnet Backdoor Vulnerability
BugTraq ID: 24452
Remote: Yes
Last Updated: 2007-06-13
Relevant URL: http://www.securityfocus.com/bid/24452
Summary:
IBM TotalStorage DS400 is prone to a remote telnet backdoor vulnerability. This issue occurs because of an undocumented telnet server as well as accounts without passwords that may be present in affected devices.

Successfully exploiting this issue allows remote attackers to gain superuser-level access to affected devices.

This issue affects devices with firmware version 4.15 installed; other versions may also be affected.

6. Xoops Horoscope Module Footer.PHP Remote File Include Vulnerability
BugTraq ID: 24449
Remote: Yes
Last Updated: 2007-06-13
Relevant URL: http://www.securityfocus.com/bid/24449
Summary:
Horoscope for XOOPS is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data.

Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible.

Horoscope 2.0 is vulnerable; other versions may also be affected.

7. Mbedthis AppWeb URL Protocol Format String Vulnerability
BugTraq ID: 24454
Remote: Yes
Last Updated: 2007-06-13
Relevant URL: http://www.securityfocus.com/bid/24454
Summary:
Mbedthis AppWeb is prone to a format-string vulnerability because the application fails to properly sanitize user-supplied input before passing it as the format specifier to a formatted-printing function.

This issue affects only applications that were built with logging enabled and installed with no "ErrorLog" directive in 'appweb.conf'.

Successful exploits may allow remote attackers to execute arbitrary code in the context of the vulnerable application. Failed exploit attempts will likely crash the application, denying further service to legitimate users.

AppWeb 2.2.2 is reported vulnerable; other versions may also be affected.

8. Fuzzylime Low.PHP SQL Injection Vulnerability
BugTraq ID: 24451
Remote: Yes
Last Updated: 2007-06-13
Relevant URL: http://www.securityfocus.com/bid/24451
Summary:
Fuzzylime is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Fuzzylime 1.0 is vulnerable; other versions may also be affected.

9. ISC BIND Remote Fetch Context Denial of Service Vulnerability
BugTraq ID: 22229
Remote: Yes
Last Updated: 2007-06-13
Relevant URL: http://www.securityfocus.com/bid/22229
Summary:
ISC BIND is prone to a remote denial-of-service vulnerability because the application fails to properly handle unexpected DNS requests.

Successfully exploiting this issue allows remote attackers to crash affected DNS servers, denying further service to legitimate users.

10. Xscreensaver Local Denial Of Service Vulnerability
BugTraq ID: 23783
Remote: No
Last Updated: 2007-06-13
Relevant URL: http://www.securityfocus.com/bid/23783
Summary:
Xscreensaver is prone to a local denial-of-service vulnerability.

Successful exploits will cause the xscreensaver daemon to crash, unlock the screen, and allow unauthorized access to the vulnerable computer.

Xscreensaver versions prior to 5.02 are vulnerable to this issue.

11. ISC BIND Remote DNSSEC Validation Denial of Service Vulnerability
BugTraq ID: 22231
Remote: Yes
Last Updated: 2007-06-13
Relevant URL: http://www.securityfocus.com/bid/22231
Summary:
ISC BIND is prone to a remote denial-of-service vulnerability because the application fails to properly handle malformed DNSSEC validation requests.

Successfully exploiting this issue allows remote attackers to crash affected DNS servers, denying further service to legitimate users.

12. Menu Manager Module System Command Remote Command Execution Vulnerability
BugTraq ID: 24453
Remote: Yes
Last Updated: 2007-06-13
Relevant URL: http://www.securityfocus.com/bid/24453
Summary:
The Menu Manager module for WebAPP is prone to a remote command-execution vulnerability because it fails to sufficiently sanitize user-supplied input.

An attacker can exploit this issue to execute arbitrary system commands within the context of the affected webserver.

This issue affects Menu Manager Module 1.5 running on WebAPP prior to 0.9.9.7.

13. Todd Miller Sudo Kerberos Authentication Local Authentication Bypass Weakness
BugTraq ID: 24368
Remote: No
Last Updated: 2007-06-13
Relevant URL: http://www.securityfocus.com/bid/24368
Summary:
The 'sudo' utility is prone to a local authentication-bypass weakness when used in conjunction with Kerberos. Attackers must first gain local, interactive access to a computer running 'sudo' configured to authenticate via Kerberos. They may do this by exploiting other latent vulnerabilities.

Successfully exploiting this issue allows local attackers to bypass sudo's authentication prompt, allowing them to perform actions that are granted to users via the 'sudoers' file.

This issue affects 'sudo' 1.6.8p12; other versions may also be affected.

14. Mozilla Firefox URLBar Null Byte File Remote Code Execution Vulnerability
BugTraq ID: 24447
Remote: Yes
Last Updated: 2007-06-13
Relevant URL: http://www.securityfocus.com/bid/24447
Summary:
Mozilla Firefox is prone to a remote code-execution vulnerability because it fails to adequately sanitize user-supplied input.

Attackers may exploit this issue by enticing victims into visiting a malicious site and followings links with improper file extensions.

Successful exploits may allow an attacker to crash the application or execute arbitrary code in the context of the affected application. Other attacks are also possible.

15. Arris Cadant C3 CTMS IP Packet Denial Of Service Vulnerability
BugTraq ID: 24430
Remote: Yes
Last Updated: 2007-06-13
Relevant URL: http://www.securityfocus.com/bid/24430
Summary:
Arris Cadant C3 CMTS is prone to a denial-of-service vulnerability because it fails to adequately handle malformed IP packets.

An attacker can exploit this issue to crash the affected device, denying service to legitimate users.

16. Cisco Trust Agent for Mac OS X Local Privilege Escalation Vulnerability
BugTraq ID: 24415
Remote: No
Last Updated: 2007-06-13
Relevant URL: http://www.securityfocus.com/bid/24415
Summary:
Cisco Trust Agent for Mac OS X is prone to a local privilege-escalation vulnerability because of the method that the application uses to deliver notifications to users.

Successfully exploiting this issue allows local users to gain superuser-level privileges on affected computers if it is exploited before an authorized user is authenticated. If exploited after an authorized user has been authenticated, attackers may gain user-level access to affected computers.

Versions of Cisco Trust Agent prior to 2.1.104.0 are vulnerable to this issue when running on Apple Mac OS X. Other platforms are not affected.

This issue is documented in Cisco bug ID CSCsi58799.

17. Apple Safari for Windows Unspecified SVG Parse Engine Multiple Unspecified Vulnerabilities
BugTraq ID: 24446
Remote: Yes
Last Updated: 2007-06-13
Relevant URL: http://www.securityfocus.com/bid/24446
Summary:
Apple Safari for Microsoft Windows is prone to multiple unspecified vulnerabilities.

Few technical details are currently available. We will update this BID as more information emerges.

Safari 3 public beta for Windows is reported vulnerable.

18. PHP Live! Request.PHP Cross-Site Scripting Vulnerability
BugTraq ID: 24443
Remote: Yes
Last Updated: 2007-06-13
Relevant URL: http://www.securityfocus.com/bid/24443
Summary:
PHP Live! is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

PHP Live! 3.2.2 and prior versions are vulnerable.

19. Invision Power Board Profile Updating Access Validation Vulnerability
BugTraq ID: 24442
Remote: Yes
Last Updated: 2007-06-13
Relevant URL: http://www.securityfocus.com/bid/24442
Summary:
Invision Power Board is prone to an access-validation vulnerability.

An attacker can exploit this issue to change another user's instant messenger identity. This may lead to other attacks.

This issue affects Invision Power Board 2.2.0 to 2.2.2.

20. Domain Technologie Control 404.PHP Cross-Site Scripting Vulnerability
BugTraq ID: 24441
Remote: Yes
Last Updated: 2007-06-13
Relevant URL: http://www.securityfocus.com/bid/24441
Summary:
Domain Technologie Control is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

Reports indicate that versions prior to 0.25.9 are vulnerable, but Symantec has not confirmed this.

21. TEC-IT TBarCode OCX ActiveX Control Arbitrary File Overwrite Vulnerability
BugTraq ID: 24440
Remote: Yes
Last Updated: 2007-06-13
Relevant URL: http://www.securityfocus.com/bid/24440
Summary:
TBarCode ActiveX control is prone to a vulnerability that could permit an attacker to overwrite arbitrary files.

The attacker can exploit this issue to overwrite arbitrary files on the victim's computer in the context of the vulnerable application using the ActiveX control (typically Internet Explorer).

22. Sporum Forum Multiple Remote Cross Site Scripting Vulnerabilities
BugTraq ID: 24439
Remote: Yes
Last Updated: 2007-06-13
Relevant URL: http://www.securityfocus.com/bid/24439
Summary:
Sporum Forum is prone to multiple cross-site scripting vulnerabilities.

An attacker may leverage any of these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

Sporum Forum 3.0.9 is vulnerable to these issues; other versions may be affected as well.

23. D-Link DWL-G650 TIM Information Element Wireless Driver Beacon Buffer Overflow Vulnerability
BugTraq ID: 24438
Remote: Yes
Last Updated: 2007-06-13
Relevant URL: http://www.securityfocus.com/bid/24438
Summary:
The D-Link Wireless Device Driver for DWL-G650 devices is prone to a buffer-overflow vulnerability because the driver fails to properly bounds-check user-supplied data before copying it into an insufficiently sized memory buffer.

Exploiting this issue potentially allows attackers to execute arbitrary machine code in the context of the kernel hosting the vulnerable driver. Failed attempts will likely crash the kernel, resulting in denial-of-service conditions.

D-Link DWL-G650 6.0.0.18 (Rev. A1) is reported vulnerable; other versions may also be affected.

24. RETIRED: Microsoft Internet Explorer Navigation Cancel Webpage Spoofing Vulnerability
BugTraq ID: 24448
Remote: Yes
Last Updated: 2007-06-13
Relevant URL: http://www.securityfocus.com/bid/24448
Summary:
Microsoft Internet Explorer is prone to a webpage-spoofing vulnerability.

Attackers may exploit this vulnerability via a malicious webpage to spoof the contents of the Navigation canceled page. This may assist in phishing or other attacks that rely on content spoofing.

NOTE: This BID is being retired because this issue was previously reported in BID 22966: Microsoft Internet Explorer NavCancel.HTM Cross-Site Scripting Vulnerability.

25. 602Pro Lan Suite 2003 Remote Email Message Buffer Overflow Vulnerability
BugTraq ID: 24437
Remote: Yes
Last Updated: 2007-06-12
Relevant URL: http://www.securityfocus.com/bid/24437
Summary:
602Pro Lan Suite 2003 is prone to a remote buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data.

Successfully exploiting this issue may allow remote attackers to execute arbitrary machine code in the context of the vulnerable application; failed exploit attempts will likely crash the application. This may facilitate the remote compromise of affected computers.

26. Microsoft Internet Explorer URLMON.DLL COM Object Instantiation Remote Code Execution Vulnerability
BugTraq ID: 24372
Remote: Yes
Last Updated: 2007-06-12
Relevant URL: http://www.securityfocus.com/bid/24372
Summary:
Microsoft Internet Explorer is prone to remote code-execution vulnerability.

A remote attacker can exploit this issue to execute arbitrary code in the context of the user running the vulnerable application.

27. Linux Kernel ISDN PPP CCP Reset State Timer Denial of Service Vulnerability
BugTraq ID: 21883
Remote: No
Last Updated: 2007-06-14
Relevant URL: http://www.securityfocus.com/bid/21883
Summary:
The Linux kernel is prone to a denial-of-service vulnerability because it fails to handle exceptional conditions.

An attacker can exploit this issue to crash the affected kernel, denying service to legitimate users.

28. Linux Kernel ListXATTR Local Denial of Service Vulnerability
BugTraq ID: 22316
Remote: No
Last Updated: 2007-06-14
Relevant URL: http://www.securityfocus.com/bid/22316
Summary:
The Linux Kernel is prone to a denial-of-service vulnerability.

Successful exploits will result in denial-of-service conditions or potentially privilege escalation.

29. Linux Kernel AppleTalk ATalk_Sum_SKB Function Denial Of Service Vulnerability
BugTraq ID: 23376
Remote: Yes
Last Updated: 2007-06-14
Relevant URL: http://www.securityfocus.com/bid/23376
Summary:
The Linux kernel is prone to a denial-of-service vulnerability. This issue presents itself when malformed AppleTalk frames are processed.

An attacker can exploit this issue to crash host computers, effectively denying service to legitimate users.

Versions prior to 2.6.20.5 are vulnerable.

30. Linux Kernel IPv6 TCP Sockets Local Denial of Service Vulnerability
BugTraq ID: 23104
Remote: No
Last Updated: 2007-06-14
Relevant URL: http://www.securityfocus.com/bid/23104
Summary:
The Linux kernel is prone to a denial-of-service vulnerability.

Exploiting this issue allows local attackers to cause the kernel to crash, effectively denying service to legitimate users. Attackers may also be able to execute arbitrary code with elevated privileges, but this has not been confirmed.

This issue affects the Linux kernel 2.6 series.

31. Linux Kernel L2CAP and HCI Setsockopt Memory Leak Information Disclosure Vulnerability
BugTraq ID: 23594
Remote: No
Last Updated: 2007-06-14
Relevant URL: http://www.securityfocus.com/bid/23594
Summary:
Linux Kernel is prone to an information-disclosure vulnerability because it fails to handle unexpected user-supplied input.

Successful exploits will allow attackers to view portions of kernel memory. Information harvested may be used in further attacks.

Kernel versions 2.4.34.2 and prior are vulnerable to this issue.

32. Microsoft Windows SChannel Security Remote Code Execution Vulnerability
BugTraq ID: 24416
Remote: Yes
Last Updated: 2007-06-14
Relevant URL: http://www.securityfocus.com/bid/24416
Summary:
The Microsoft Windows Schannel security package is prone to a remote code-execution vulnerability.

This vulnerability occurs when processing and validating server-sent digital signatures by the client application.

A remote attacker could exploit this issue by convincing a victim to visit a malicious website. Remote code execution is possible, but may be extremely difficult. In most cases, denial-of-service conditions will occur.

33. X.Org X Window System Xserver XRender Extension Divide by Zero Denial of Service Vulnerability
BugTraq ID: 23741
Remote: Yes
Last Updated: 2007-06-14
Relevant URL: http://www.securityfocus.com/bid/23741
Summary:
X.Org X Window System Xserver is prone to a denial-of-service vulnerabilty because the software fails to properly handle exceptional conditions.

Attackers who can connect to a vulnerable X server may exploit this issue to crash the targeted server, denying futher service to legitimate users.

X.Org X Window System Xserver 1.3.0 is vulnerable to this issue; other versions may also be affected.

34. Mod_Perl Path_Info Remote Denial Of Service Vulnerability
BugTraq ID: 23192
Remote: Yes
Last Updated: 2007-06-14
Relevant URL: http://www.securityfocus.com/bid/23192
Summary:
The 'mod_perl' module is prone to a remote denial-of-service vulnerability.

Successful exploits may allow remote attackers to cause denial-of-service conditions on the webserver running the mod_perl module.

35. Apple Safari for Windows Window.setTimeout Content Spoofing Vulnerability
BugTraq ID: 24457
Remote: Yes
Last Updated: 2007-06-14
Relevant URL: http://www.securityfocus.com/bid/24457
Summary:
Apple Safari 3 Beta for Windows is prone to a content-spoofing vulnerability that allows attackers to steal browser cookie data or to populate a vulnerable Safari browser window with arbitrary malicious content. During such an attack, the originating URL and window title reportedly still display the originating domain rather than the attacking domain.

This issue affects Safari 3.0 (522.11.3) on Windows 2003 SE SP2 and Windows XP SP2.

NOTE: Apple has released Safari 3.0.1 Beta for Windows.

36. Apple Safari for Windows Unspecified Remote Code Execution and Denial of Service Vulnerabilities
BugTraq ID: 24433
Remote: Yes
Last Updated: 2007-06-14
Relevant URL: http://www.securityfocus.com/bid/24433
Summary:
Apple Safari for Windows is prone to multiple remote code-execution and denial-of-service vulnerabilities.

An attacker may exploit these issues by enticing victims into opening a maliciously crafted HTML document.

Successful exploits can allow attackers to execute arbitrary code in the context of the affected browser or to cause denial-of-service conditions.

Safari 3 public beta for Windows is reported vulnerable.

One of these issues may be related to BID 24431: Apple Safari for Windows Unspecified Denial of Service Vulnerability.

NOTE: Apple has released Safari 3.0.1 Beta for Windows

37. XOOPS Multiple Module Spaw_Control.Class.PHP Remote File Include Vulnerability
BugTraq ID: 24302
Remote: Yes
Last Updated: 2007-06-14
Relevant URL: http://www.securityfocus.com/bid/24302
Summary:
Multiple XOOPS modules are prone to a remote file-include vulnerability because they fail to sufficiently sanitize user-supplied input.

Exploiting this issue may allow an attacker to compromise the applications and the underlying system; other attacks are also possible.

38. PHP Prior to 5.2.2/4.4.7 Multiple Remote Buffer Overflow Vulnerabilities
BugTraq ID: 23813
Remote: Yes
Last Updated: 2007-06-14
Relevant URL: http://www.securityfocus.com/bid/23813
Summary:
PHP is prone to three remote buffer-overflow vulnerabilities because the application fails to perform boundary checks before copying user-supplied data to insufficiently sized memory buffers.

An attacker can exploit these issues to execute arbitrary machine code in the context of the affected webserver. Failed exploit attempts will likely crash the webserver, denying service to legitimate users.

All three issues affect PHP 5.2.1 and prior versions; PHP 4.4.6 and prior versions are affected only by one of the issues.

Few details are available at the moment. These issues may have been previously described in other BIDs. This record may be updated or retired if further analysis shows that these issues have been reported in the past.

39. OpenLDAP SLAPD Access Control Circumvention Vulnerability
BugTraq ID: 19832
Remote: Yes
Last Updated: 2007-06-14
Relevant URL: http://www.securityfocus.com/bid/19832
Summary:
OpenLDAP slapd is prone to a vulnerability that allows attackers to circumvent access controls.

An attacker may be able to modify any domain name regardless of the owner.

Versions prior to 2.3.25 are vulnerable.

40. EXIF Library EXIF File Processing Integer Overflow Vulnerability
BugTraq ID: 24461
Remote: Yes
Last Updated: 2007-06-14
Relevant URL: http://www.securityfocus.com/bid/24461
Summary:
The 'libexif' library is reported prone to an integer-overflow vulnerability. Reportedly, the issue presents itself when the affected library is processing malformed EXIF files.

Attackers may leverage this issue to execute arbitrary code in the context of an application that is linked to the vulnerable library. Failed exploit attempts will likely result in denial-of-service conditions.

This issue affects 'libexif' 0.6.13 to 0.6.15; other versions may also be affected.

41. Retired: Sitellite Forge Bug-559668.PHP Remote File Include Vulnerability
BugTraq ID: 24474
Remote: Yes
Last Updated: 2007-06-14
Relevant URL: http://www.securityfocus.com/bid/24474
Summary:
Sitellite Forge is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data.

Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible.

This issue affects version 4.2.12; prior versions are also affected.

Further analysis reveals that this issue is not exploitable. Therefore, this BID is being retired.

42. APOP Protocol Insecure MD5 Hash Weakness
BugTraq ID: 23257
Remote: Yes
Last Updated: 2007-06-14
Relevant URL: http://www.securityfocus.com/bid/23257
Summary:
Applications that implement the APOP protocol may be vulnerable to a password-hash weakness. This issue occurs because the MD5 hash algorithm fails to properly prevent collisions.

Attackers may exploit this issue in man-in-the-middle attacks to potentially gain access to the first three characters of passwords. This will increase the likelihood of successful brute-force attacks against APOP authentication.

To limit the possibility of successful exploits, applications that implement the APOP protocol should set up safeguards to ensure that message IDs are RFC-compliant.

Mozilla Thunderbird, Evolution, mutt, and fetchmail are reportedly affected by this issue.

43. Mozilla Products Multiple Remote Vulnerabilities
BugTraq ID: 24242
Remote: Yes
Last Updated: 2007-06-14
Relevant URL: http://www.securityfocus.com/bid/24242
Summary:
The Mozilla Foundation has released six security advisories specifying vulnerabilities in Firefox, SeaMonkey, and Thunderbird.

These vulnerabilities allow attackers to:

- Execute arbitrary code
- Cause denial-of-service conditions
- Perform cross-site scripting attacks
- Obtain potentially sensitive information
- Spoof legitimate content

Other attacks may also be possible.

44. Xoops XT-Conteudo Module Spaw_Control.Class.PHP Remote File Include Vulnerability
BugTraq ID: 24470
Remote: Yes
Last Updated: 2007-06-14
Relevant URL: http://www.securityfocus.com/bid/24470
Summary:
XT-Conteudo for XOOPS is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data.

Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible.

XT-Conteudo 1.52 is vulnerable; other versions may also be affected.

45. SpamAssassin Long URI Handling Remote Denial of Service Vulnerability
BugTraq ID: 22584
Remote: Yes
Last Updated: 2007-06-14
Relevant URL: http://www.securityfocus.com/bid/22584
Summary:
SpamAssassin is prone to a remote denial-of-service vulnerability.

This issue arises when the application handles excessively long URIs.

SpamAssassin versions prior to 3.1.8 are vulnerable to this issue.

46. Sun Solaris IKED(1M) Denial of Service Vulnerability
BugTraq ID: 24209
Remote: Yes
Last Updated: 2007-06-14
Relevant URL: http://www.securityfocus.com/bid/24209
Summary:
The 'in.iked' service for Sun Solaris is prone to a denial-of-service vulnerability because the application fails to handle exceptional conditions.

An attacker can exploit this issue to crash the affected service, denying service to legitimate users.

47. Sun Java System Directory Server Remote Unauthorized Access Vulnerability
BugTraq ID: 24468
Remote: Yes
Last Updated: 2007-06-14
Relevant URL: http://www.securityfocus.com/bid/24468
Summary:
Sun Java System Directory Server is prone to a remote unauthorized-access vulnerability.

Attackers can exploit this issue to gain unauthorized access and perform certain modifications to the data on the directory server.

48. Samba NDR RPC Request DFSEnum Heap-Based Buffer Overflow Vulnerability
BugTraq ID: 24198
Remote: Yes
Last Updated: 2007-06-14
Relevant URL: http://www.securityfocus.com/bid/24198
Summary:
Samba is prone to a remote heap-based buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it to an insufficiently sized memory buffer.

An attacker can exploit this issue to execute arbitrary code with superuser privileges, facilitating the complete remote compromise of affected computers. Failed exploit attempts will result in a denial of service.

This issue affects Samba 3.0.25rc3 and prior versions.

49. Samba NDR RPC Request RFNPCNEX Heap-Based Buffer Overflow Vulnerability
BugTraq ID: 24197
Remote: Yes
Last Updated: 2007-06-14
Relevant URL: http://www.securityfocus.com/bid/24197
Summary:
Samba is prone to a remote heap-based buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it to an insufficiently sized memory buffer.

An attacker can exploit this issue to execute arbitrary code with superuser privileges, facilitating the complete remote compromise of affected computers. Failed exploit attempts will result in a denial of service.

This issue affects Samba 3.0.25rc3 and prior versions.

50. Apache Tomcat Manager and Host Manager Upload Script Cross-Site Scripting Vulnerability
BugTraq ID: 24475
Remote: Yes
Last Updated: 2007-06-14
Relevant URL: http://www.securityfocus.com/bid/24475
Summary:
Apache Tomcat Manager and Host Manager are prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

51. Samba NDR RPC Request NetSetFileSecurity Heap-Based Buffer Overflow Vulnerability
BugTraq ID: 24196
Remote: Yes
Last Updated: 2007-06-14
Relevant URL: http://www.securityfocus.com/bid/24196
Summary:
Samba is prone to a remote heap-based buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it to an insufficiently sized memory buffer.

An attacker can exploit this issue to execute arbitrary code with superuser privileges, facilitating the complete remote compromise of affected computers. Failed exploit attempts will result in a denial of service.

This issue affects Samba 3.0.25rc3 and prior versions.

52. DotProject Unspecified Parameters Cross-Site Scripting Vulnerability
BugTraq ID: 24472
Remote: Yes
Last Updated: 2007-06-14
Relevant URL: http://www.securityfocus.com/bid/24472
Summary:
dotProject is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.

An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

Versions 2.0.4 and prior are vulnerable.

53. Samba NDR RPC Request LsarLookupSids/LsarLookupSids2 Heap-Based Buffer Overflow Vulnerability
BugTraq ID: 24195
Remote: Yes
Last Updated: 2007-06-14
Relevant URL: http://www.securityfocus.com/bid/24195
Summary:
Samba is prone to a remote heap-based buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it to an insufficiently sized memory buffer.

An attacker can exploit this issue to execute arbitrary code with superuser privileges, facilitating the complete remote compromise of affected computers. Failed exploit attempts will result in a denial of service.

This issue affects Samba 3.0.25rc3 and prior versions.

54. Samba SID Names Local Privilege Escalation Vulnerability
BugTraq ID: 23974
Remote: No
Last Updated: 2007-06-14
Relevant URL: http://www.securityfocus.com/bid/23974
Summary:
Samba is prone to a local privilege-escalation vulnerability due to a logic error in the 'smbd' daemon's internal security stack.

An attacker can exploit this issue to temporarily perform SMB/CIFS operations with superuser privileges. The attacker may leverage this issue to gain superuser access to the server.

Samba 3.0.23d through 3.0.25pre2 are vulnerable.

55. Sun Java System Directory Server Attributes List Information Disclosure Vulnerability
BugTraq ID: 24467
Remote: Yes
Last Updated: 2007-06-14
Relevant URL: http://www.securityfocus.com/bid/24467
Summary:
Sun Java System Directory Server is prone to an information-disclosure vulnerability.

An attacker can exploit this issue to access sensitive information that may lead to other attacks.

This issue affects these versions:

Sun ONE Directory Server 5.2
Sun Java System Directory Server 5
Sun Java Directory Server Enterprise Edition (DSEE) 6.0.

56. Samba NDR RPC Request LsarAddPrivilegesToAccount Heap-Based Buffer Overflow Vulnerability
BugTraq ID: 23973
Remote: Yes
Last Updated: 2007-06-14
Relevant URL: http://www.securityfocus.com/bid/23973
Summary:
Samba is prone to a remote heap-based buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it to an insufficiently sized memory buffer.

An attacker can exploit this issue to execute arbitrary code with superuser privileges, facilitating the complete remote compromise of affected computers. Failed exploit attempts will result in a denial of service.

This issue affects Samba 3.0.25rc3 and prior versions.

This BID previously documented multiple heap-based buffer-overflow vulnerabilities affecting Samba. Each issue has been assigned its own individual record. The issues are covered in this BID and the following records:

BID 24195 - Samba NDR RPC Request LsarLookupSids/LsarLookupSids2 Heap-Based Buffer Overflow Vulnerability
BID 24196 - Samba NDR RPC Request NetSetFileSecurity Heap-Based Buffer Overflow Vulnerability
BID 24197 - Samba NDR RPC Request RFNPCNEX Heap-Based Buffer Overflow Vulnerability
BID 24198 - Samba NDR RPC Request DFSEnum Heap-Based Buffer Overflow Vulnerability

57. Samba MS-RPC Remote Shell Command Execution Vulnerability
BugTraq ID: 23972
Remote: Yes
Last Updated: 2007-06-14
Relevant URL: http://www.securityfocus.com/bid/23972
Summary:
Samba is prone to a vulnerability that allows attackers to execute arbitrary shell commands because the software fails to sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary shell commands on an affected computer with the privileges of the application.

This issue affects Samba 3.0.0 to 3.0.25rc3.

58. Sun Solaris NFS Server XDR Handling Denial of Service Vulnerability
BugTraq ID: 24466
Remote: Yes
Last Updated: 2007-06-14
Relevant URL: http://www.securityfocus.com/bid/24466
Summary:
Sun Solaris is prone to a denial-of-service vulnerability because the operating system fails to handle exceptional conditions.

An attacker can exploit this issue to cause the affected kernel to panic, resulting in a denial-of-service condition.

This issue affects the Solaris 10 operating system.

59. Xoops XFsection Module Dir_Module Parameter Remote File Include Vulnerability
BugTraq ID: 24465
Remote: Yes
Last Updated: 2007-06-14
Relevant URL: http://www.securityfocus.com/bid/24465
Summary:
XFsection for XOOPS is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data.

Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible.

XFsection 1.07 is vulnerable; other versions may also be affected.

60. Corel ActiveCGM Browser ActiveX Control Multiple Buffer Overflow Vulnerabilities
BugTraq ID: 24464
Remote: Yes
Last Updated: 2007-06-14
Relevant URL: http://www.securityfocus.com/bid/24464
Summary:
Corel ActiveCGM Browser ActiveX control is prone to multiple buffer-overflow vulnerabilities because it fails to perform adequate boundary checks on user-supplied data.

Successfully exploiting these issues allow remote attackers to execute arbitrary code in the context of applications that use the affected control (typically Internet Explorer).

Corel ActiveCGM Browser 7.1.4.19 is vulnerable; other versions may also be affected.

61. PHP FTP_Putcmd Function HTTP Response Splitting Vulnerability
BugTraq ID: 23818
Remote: Yes
Last Updated: 2007-06-14
Relevant URL: http://www.securityfocus.com/bid/23818
Summary:
PHP is prone to an HTTP-response-splitting vulnerability because it fails to sanitize user-supplied input.

A remote attacker may exploit this vulnerability to influence or misrepresent how web content is served, cached, or interpreted. This could aid in various attacks that attempt to entice client users into a false sense of trust.

This issue affects these versions:

PHP 5 prior to 5.2.2
PHP 4 prior to 4.4.7.

62. Linux Kernel PRNG Entropy Weakness
BugTraq ID: 24390
Remote: No
Last Updated: 2007-06-14
Relevant URL: http://www.securityfocus.com/bid/24390
Summary:
The Linux kernel is prone to a weakness that may result in weaker cryptographic security.

Linux kernel versions prior to 2.6.21.4 are vulnerable to this issue.

This weakness was initially discussed in BID 24376 (Linux Kernel Multiple Weaknesses and Vulnerabilities), but has been assigned its own record.

63. GD Graphics Library PNG File Processing Denial of Service Vulnerability
BugTraq ID: 24089
Remote: Yes
Last Updated: 2007-06-14
Relevant URL: http://www.securityfocus.com/bid/24089
Summary:
The GD graphics library is prone to a denial-of-service vulnerability.

An attacker can exploit this issue to cause denial-of-service conditions in applications implementing the affected library.

GD graphics library 2.0.34 is reported vulnerable; other versions may be affected as well.

64. Freetype TT_Load_Simple_Glyph() TTF File Integer Overflow Vulnerability
BugTraq ID: 24074
Remote: Yes
Last Updated: 2007-06-14
Relevant URL: http://www.securityfocus.com/bid/24074
Summary:
FreeType is prone to an integer-overflow vulnerability because it fails to properly validate TTF files.

An attacker may exploit this issue by enticing victims into opening maliciously crafted TTF Files.

Successful exploits will allow attackers to execute arbitrary code in the context in the context of applications that use the affected library. Failed exploit attempts will likely result in denial-of-service conditions.

This issue affects FreeType 2.3.4 and prior versions.

65. Microsoft Internet Explorer Speech API 4 COM Object Instantiation Buffer Overflow Vulnerabilities
BugTraq ID: 24426
Remote: Yes
Last Updated: 2007-06-14
Relevant URL: http://www.securityfocus.com/bid/24426
Summary:
Microsoft Internet Explorer is prone to multiple buffer-overflow vulnerabilities when instantiating certain COM objects.

An attacker may exploit these issues by enticing victims into opening a maliciously crafted webpage.

Successfully exploiting these issues allows remote attackers to execute arbitrary machine code in the context of the affected application, facilitating the remote compromise of affected computers.

66. Linux Kernel PPPoE Socket Local Denial of Service Vulnerability
BugTraq ID: 23870
Remote: No
Last Updated: 2007-06-14
Relevant URL: http://www.securityfocus.com/bid/23870
Summary:
The Linux kernel is prone to a denial-of-service vulnerability.

Exploiting this issue allows local attackers to exhaust memory resources and eventually cause the kernel to crash, effectively denying service to legitimate users.

This issue affects the Linux kernel 2.6 series prior to 2.6.21-git8.

67. Blackboard Products Multiple HTML Injection Vulnerabilities
BugTraq ID: 19308
Remote: Yes
Last Updated: 2007-06-14
Relevant URL: http://www.securityfocus.com/bid/19308
Summary:
Blackboard products are prone to multiple HTML-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in dynamically generated content.

Attacker-supplied HTML and script code would execute in the context of the affected website, potentially allowing an attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user; other attacks are also possible.

Blackboard Learning System (Release 6) and Blackboard Learning and Community Portal Suite (Release 6 build 6.2.3.23) are vulnerable; other version may also be affected.

Reports indicate this issue has been addressed in versions 7.0 and 7.1; this has not been confirmed by Symantec.

UPDATE - June 14, 2007: Reports indicate Blackboard Academic Suite - Vista 4 is also vulnerable.

68. Microsoft Internet Explorer NavCancel.HTM Cross-Site Scripting Vulnerability
BugTraq ID: 22966
Remote: Yes
Last Updated: 2007-06-14
Relevant URL: http://www.securityfocus.com/bid/22966
Summary:
Microsoft Internet Explorer is prone to a cross-site scripting vulnerability because the application fails to sufficiently sanitize user-supplied data.

An attacker can exploit this issue to spoof the contents of the Navigation canceled page, steal cookie-based authentication credentials, and obtain other sensitive information. Successful exploits may assist in phishing or other attacks that rely on content spoofing.

69. Microsoft Internet Explorer Prototype Variable Uninitialized Memory Corruption Vulnerability
BugTraq ID: 24418
Remote: Yes
Last Updated: 2007-06-14
Relevant URL: http://www.securityfocus.com/bid/24418
Summary:
Microsoft Internet Explorer is prone to a memory-corruption vulnerability when accessing objects that are improperly instantiated or deleted.

An attacker may exploit this issue by enticing victims into opening a maliciously crafted webpage.

Successfully exploiting this issue allows remote attackers to execute arbitrary machine code in the context of the affected application, facilitating the remote compromise of affected computers.

70. Microsoft Internet Explorer Language Pack Installation Remote Code Execution Vulnerability
BugTraq ID: 24429
Remote: Yes
Last Updated: 2007-06-14
Relevant URL: http://www.securityfocus.com/bid/24429
Summary:
Microsoft Internet Explorer is prone to remote code-execution vulnerability because of a race-condition in its language-pack installation support.

A remote attacker can exploit this issue to execute arbitrary code in the context of the user running the vulnerable application.

71. Microsoft Internet Explorer CSS Tag Memory Corruption Vulnerability
BugTraq ID: 24423
Remote: Yes
Last Updated: 2007-06-14
Relevant URL: http://www.securityfocus.com/bid/24423
Summary:
Microsoft Internet Explorer is prone to a remote code-execution vulnerability because the application fails to properly handle certain CSS data.

A remote attacker can exploit this issue to execute arbitrary code in the context of the user running the vulnerable application.

72. Microsoft Internet Explorer IMJPCKSI COM Object Instantiation Memory Corruption Vulnerability
BugTraq ID: 22486
Remote: Yes
Last Updated: 2007-06-14
Relevant URL: http://www.securityfocus.com/bid/22486
Summary:
Microsoft Internet Explorer is prone to a memory-corruption vulnerability when instantiating certain COM objects.

Successfully exploiting this issue allows remote attackers to execute arbitrary machine code in the context of the affected application. This facilitates the remote compromise of affected computers.

Internet Explorer 7 on Microsoft Vista is not affected by this issue; Internet Explorer 7 on other Windows versions is affected only if COM objects have been enabled by the ActiveX opt-in feature.

This BID is similar to the one described in BID 15827 (Microsoft Internet Explorer COM Object Instantiation Memory Corruption Vulnerability), but it affects a different set of COM objects.

73. Microsoft Outlook Express Content Disposition Parsing Information Disclosure Vulnerability
BugTraq ID: 24410
Remote: Yes
Last Updated: 2007-06-14
Relevant URL: http://www.securityfocus.com/bid/24410
Summary:
Outlook Express is prone to a cross-domain information-disclosure vulnerability.

This vulnerability may let a malicious website access properties of a site in an arbitrary external domain in the context of the victim's browser. Attackers could exploit this issue to access sensitive information (such as cookies or passwords) that is associated with the external domain.

74. Microsoft Outlook Express MHTML URL Parsing Information Disclosure Vulnerability
BugTraq ID: 24392
Remote: Yes
Last Updated: 2007-06-14
Relevant URL: http://www.securityfocus.com/bid/24392
Summary:
Outlook Express is prone to a cross-domain information-disclosure vulnerability.

This vulnerability may let a malicious website access properties of a site in an arbitrary external domain in the context of the victim user's browser. Attackers could exploit this issue to gain access to sensitive information (such as cookies or passwords) that is associated with the external domain.

75. Microsoft Windows Vista Windows Mail Local File Execution Vulnerability
BugTraq ID: 23103
Remote: Yes
Last Updated: 2007-06-14
Relevant URL: http://www.securityfocus.com/bid/23103
Summary:
Microsoft Windows Vista Windows Mail is prone to a local file-execution vulnerability due to a design error.

An attackers may exploit this issue to execute local files. The attacker must entice a victim into opening a maliciously crafted link using the affected application.

The vendor reports this issue can also be exploited through use of UNC navigation to execute arbitrary remote code. This may facilitate a remote compromise of the affected computer.

76. Outlook Express/Windows Mail MHTML URI Handler Information Disclosure Vulnerability
BugTraq ID: 17717
Remote: Yes
Last Updated: 2007-06-14
Relevant URL: http://www.securityfocus.com/bid/17717
Summary:
Outlook Express and Windows Mail are prone to a cross-domain information-disclosure vulnerability.

This vulnerability may let a malicious website access properties of a site in an arbitrary external domain in the context of the victim user's browser. Attackers could exploit this issue to gain access to sensitive information (such as cookies or passwords) that is associated with the external domain.

This issue was previously reported as an Internet Explorer vulnerability, but the affected component is found to be part of Outlook Express and Windows Mail. Microsoft confirmed that this is an Outlook Express/Windows Mail vulnerability that can also be exploited through Internet Explorer.

77. Apple Safari for Windows Protocol Handler Command Injection Vulnerability
BugTraq ID: 24434
Remote: Yes
Last Updated: 2007-06-14
Relevant URL: http://www.securityfocus.com/bid/24434
Summary:
Apple Safari for Windows is prone to a protocol handler command-injection vulnerability.

Exploiting the issue allows remote attackers to pass arbitrary command-line arguments to any application that can be called through a protocol handler.

This specific vulnerability relies on the use of IFRAME elements; attackers can do even more damage by combining it with Mozilla XPCOM components.

Exploiting the issue would permit a remote attacker to influence command options that can be called through Safari protocol handlers and to compromise affected systems in the context of the vulnerable user.

This issue may be related to the vulnerability discussed in BID 10406 (Apple MacOS X SSH URI Handler Remote Code Execution Vulnerability). We will update this BID as more information emerges.

Note: Apple has released Safari for Windows Beta 3.0.1

78. Microsoft Windows CE POP3 Remote Denial of Service Vulnerability
BugTraq ID: 24469
Remote: Yes
Last Updated: 2007-06-14
Relevant URL: http://www.securityfocus.com/bid/24469
Summary:
Microsoft Windows CE is prone to a remote denial-of-service vulnerability.

This issue affects only Windows CE running on Texas Instruments TI 925T CPU (ARMV4).

Successful exploits will crash the affected device running the vulnerable operating system. Users will have to reset the affected device to recover.

Windows CE 4.2 is vulnerable to this issue.

79. Microsoft Windows CE .NET Compact Framework Components Multiple Vulnerabilities
BugTraq ID: 24444
Remote: Yes
Last Updated: 2007-06-14
Relevant URL: http://www.securityfocus.com/bid/24444
Summary:
Components of the .NET Compact Framework for Microsoft Windows CE are prone to multiple vulnerabilities.

Exploiting these issues may allow remote attackers to cause denial-of-service conditions, corrupt memory, or execute arbitrary machine code in the context of the affected application. This facilitates the remote compromise of affected computers. Other attacks are also possible.

80. Subversion Remote Revision Property Information Disclosure Vulnerability
BugTraq ID: 24463
Remote: Yes
Last Updated: 2007-06-14
Relevant URL: http://www.securityfocus.com/bid/24463
Summary:
Subversion is prone to a remote information-disclosure vulnerability because the application fails to properly enforce security restrictions during certain remote SVN operations.

Successfully exploiting this issue potentially allows remote attackers to access sensitive information contained in revision properties, such as log messages. This may aid in further attacks.

Versions prior to Subversion 1.4.4 are vulnerable to this issue.

81. Apache MyFaces Tomahawk JSF Framework Autoscroll Parameter Cross Site Scripting Vulnerability
BugTraq ID: 24480
Remote: Yes
Last Updated: 2007-06-14
Relevant URL: http://www.securityfocus.com/bid/24480
Summary:
Apache Tomahawk MyFaces JSF Framework is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.

Exploiting this vulnerability may allow an attacker to perform cross-site scripting attacks on unsuspecting users in the context of the affected website. As a result, the attacker may be able to steal cookie-based authentication credentials and to launch other attacks.

82. Joomla! Letterman Subscriber Module Mod_Lettermansubscribe.PHP Cross-Site Scripting Vulnerability
BugTraq ID: 24479
Remote: Yes
Last Updated: 2007-06-14
Relevant URL: http://www.securityfocus.com/bid/24479
Summary:
The Joomla! Letterman Subscriber module is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.

An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

Version 1.2.4-RC1 is vulnerable; other versions may also be affected.

83. Elxis CMS Banner Module MB_Tracker SQL Injection Vulnerability
BugTraq ID: 24478
Remote: Yes
Last Updated: 2007-06-14
Relevant URL: http://www.securityfocus.com/bid/24478
Summary:
The Banner Module for Elxis CMS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

This issue affects versions 2006.4 and prior.

84. PHP::HTML HTMLClass_Path Remote File Include Vulnerability
BugTraq ID: 24477
Remote: Yes
Last Updated: 2007-06-14
Relevant URL: http://www.securityfocus.com/bid/24477
Summary:
PHP::HTML is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied input.

Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible.

This issue affects PHP::HTML 0.6.4; other versions may also be vulnerable.

85. Apache Tomcat JSP Example Web Applications Cross Site Scripting Vulnerability
BugTraq ID: 24476
Remote: Yes
Last Updated: 2007-06-14
Relevant URL: http://www.securityfocus.com/bid/24476
Summary:
Apache Tomcat is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.

Exploiting this vulnerability may allow an attacker to perform cross-site scripting attacks on unsuspecting users in the context of the affected website. As a result, the attacker may be able to steal cookie-based authentication credentials and to launch other attacks.

86. Sun Solaris Remote IPv6 IPSec Packet Denial of Service Vulnerability
BugTraq ID: 24473
Remote: Yes
Last Updated: 2007-06-14
Relevant URL: http://www.securityfocus.com/bid/24473
Summary:
Sun Solaris is prone to a denial-of-service vulnerability because the operating system fails to handle exceptional condition.

An attacker can exploit this issue to cause the affected kernel to panic, resulting in a denial-of-service condition.

This issue affects the Solaris 10 operating system.

87. Open ISCSI Multiple Local Denial Of Service Vulnerabilities
BugTraq ID: 24471
Remote: No
Last Updated: 2007-06-14
Relevant URL: http://www.securityfocus.com/bid/24471
Summary:
Open-iSCSI is prone to multiple local denial-of-service vulnerabilities.

A local attacker can exploit these issues to deny legitimate user access to the server daemon.

88. OpenOffice RTF File Parser Buffer Overflow Vulnerability
BugTraq ID: 24450
Remote: Yes
Last Updated: 2007-06-13
Relevant URL: http://www.securityfocus.com/bid/24450
Summary:
OpenOffice is prone to a remote heap-based buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.

Remote attackers may exploit this issue by enticing victims into opening maliciously crafted RTF files.

An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial of service.

89. IPv6 Protocol Type 0 Route Header Denial of Service Vulnerability
BugTraq ID: 23615
Remote: Yes
Last Updated: 2007-06-13
Relevant URL: http://www.securityfocus.com/bid/23615
Summary:
IPv6 protocol implementations are prone to a denial-of-service vulnerability due to a design error.

Exploiting this issue allows attackers to cause denial-of-service conditions.

This issue is related to the issue discussed in BID 22210 (Cisco IOS IPv6 Source Routing Remote Memory Corruption Vulnerability).

90. Microsoft Office MSODataSourceControl ActiveX Control Buffer Overflow Vulnerability
BugTraq ID: 24462
Remote: Yes
Last Updated: 2007-06-13
Relevant URL: http://www.securityfocus.com/bid/24462
Summary:
Microsoft Office MSODataSourceControl ActiveX Control is prone to a buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.

Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed exploit attempts will likely result in denial-of-service conditions.

91. Ruby on Rails To_JSON Script Injection Vulnerability
BugTraq ID: 24161
Remote: Yes
Last Updated: 2007-06-13
Relevant URL: http://www.securityfocus.com/bid/24161
Summary:
Ruby on Rails is prone to a script-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content.

Attacker-supplied script code would run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials and to control how the site is rendered to the user; other attacks are also possible.

This issue affects Ruby on Rails 1.2.3; other versions may also be affected.

92. Opera Web Browser Running Adobe Flash Player Information Disclosure Vulnerability
BugTraq ID: 23437
Remote: Yes
Last Updated: 2007-06-13
Relevant URL: http://www.securityfocus.com/bid/23437
Summary:
Opera Web Browser is prone to an information-disclosure vulnerability when running Adobe Flash Player.

An attacker can exploit this issue to access potentially sensitive information.

These versions are vulnerable:

Opera Web Browser prior to 9.20 for Linux, Solaris, and FreeBSD
Adobe Flash Player prior to 9.0.28.0

This issue also affects the Konqueror web browser.

93. Microsoft MFC Embedded OLE Object Remote Code Execution Vulnerability
BugTraq ID: 22476
Remote: Yes
Last Updated: 2007-06-13
Relevant URL: http://www.securityfocus.com/bid/22476
Summary:
The Microsoft MFC component for Microsoft Windows and Microsoft Visual Studio .NET is prone to a remote code-execution vulnerability. This issue occurs when the application using the component attempts to parse malformed Rich Text Files (RTF).

An attacker could exploit this issue by enticing a victim to load a malicious RTF file. A successful exploit could result in the execution of arbitrary code in the context of the currently logged-in user.

94. HP Help and Support Center Unspecified Buffer Overflow Vulnerability
BugTraq ID: 24459
Remote: Yes
Last Updated: 2007-06-13
Relevant URL: http://www.securityfocus.com/bid/24459
Summary:
HP Help and Support Center is prone to an unspecified remote buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.

An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial of service.

95. Cellosoft Tokens Removechr() Stack Buffer Overflow Vulnerability
BugTraq ID: 24458
Remote: Yes
Last Updated: 2007-06-13
Relevant URL: http://www.securityfocus.com/bid/24458
Summary:
Cellosoft Tokens object extension is prone to a stack-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data.

Successfully exploiting this issue allows remote attackers to execute arbitrary code on systems that use the affected browser plugin and may also allow attackers to crash the application or browser, but this has not been confirmed.

Cellosoft Tokens 2.0.0.6 is vulnerable; other versions may also be affected.

96. Microsoft Content Management Server Cross-Site Scripting Vulnerability
BugTraq ID: 22860
Remote: Yes
Last Updated: 2007-06-13
Relevant URL: http://www.securityfocus.com/bid/22860
Summary:
Microsoft Content Management Server (MCMS) is prone to an unspecified cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials, spoof content, or perform actions on behalf of the victim user; this could aid in further attacks.

97. Apple Safari Feed URI Denial Of Service Vulnerability
BugTraq ID: 24460
Remote: Yes
Last Updated: 2007-06-13
Relevant URL: http://www.securityfocus.com/bid/24460
Summary:
Apple Safari is prone to a denial-of-service vulnerability because it fails to adequately sanitize user-supplied input.

Attackers can exploit this issue to cause denial-of-service conditions on a user's computer.

Apple Safari for Windows 3 Beta is vulnerable; other versions may also be affected.

98. Microsoft Content Management Server Remote Code Execution Vulnerability
BugTraq ID: 22861
Remote: Yes
Last Updated: 2007-06-13
Relevant URL: http://www.securityfocus.com/bid/22861
Summary:
Microsoft Content Management Server (MCMS) is prone to an arbitrary code-execution vulnerability because the software fails to properly validate user-supplied input.

Exploiting this issue allows remote attackers to execute arbitrary machine code on affected computers with the privileges of the vulnerable application.

99. Sun Solaris Management Console HTTP TRACE Information Disclosure Vulnerability
BugTraq ID: 15222
Remote: Yes
Last Updated: 2007-06-13
Relevant URL: http://www.securityfocus.com/bid/15222
Summary:
Sun Solaris Management Console is prone to an information-disclosure vulnerability.

The issue presents itself because the server responds to the HTTP TRACE request by default.

With HTTP TRACE functionality enabled by default, an attacker can compromise user accounts by gaining access to sensitive header information. The attacker may exploit this issue along with other attacks, such as cross-site scripting, to steal cookie-based authentication credentials.

100. Mbedthis AppWeb HTTP TRACE Information Disclosure Vulnerability
BugTraq ID: 24456
Remote: Yes
Last Updated: 2007-06-13
Relevant URL: http://www.securityfocus.com/bid/24456
Summary:
Mbedthis AppWeb is prone to an information-disclosure vulnerability.

The vulnerability presents itself because the server responds to the HTTP TRACE request by default.

With HTTP TRACE functionality enabled by default, an attacker can compromise user accounts by gaining access to sensitive header information. The attacker may exploit this issue along with other attacks, such as cross-site scripting, to steal cookie-based authentication credentials.

III. SECURITYFOCUS NEWS ARTICLES
--------------------------------
1. Judge nixes teacher's conviction on porn pop-ups
By: Robert Lemos
A Connecticut judge grants a new trial for substitute teacher Julie Amero, saying that forensics information discovered after her conviction has direct bearing on her case.
http://www.securityfocus.com/news/11469

2. Zero-day sales not "fair" -- to researchers
By: Robert Lemos
A security analyst tries his hand at selling two vulnerabilities and finds that economics and time are against him.
http://www.securityfocus.com/news/11468

3. Insecure plug-ins pose danger to Firefox users
By: Robert Lemos
A security researcher warns that an insecure update mechanism for some of the open-source browser's third-party add-ons could allow an attacker the ability to install malicious code.
http://www.securityfocus.com/news/11467

4. Peer-to-peer networks co-opted for DOS attacks
By: Robert Lemos
Attackers compromise the hub servers of the DC++ peer-to-peer network, turning hundreds of thousands of clients into hard-to-stop distributed denial-of-service attacks.
http://www.securityfocus.com/news/11466

IV. SECURITY JOBS LIST SUMMARY
-------------------------------
1. [SJ-JOB] Security Consultant, Palo Alto
http://www.securityfocus.com/archive/77/471142

2. [SJ-JOB] Security Consultant, New York
http://www.securityfocus.com/archive/77/471151

3. [SJ-JOB] Security Engineer, Pittsburgh
http://www.securityfocus.com/archive/77/471152

4. [SJ-JOB] Software Engineer, San Diego
http://www.securityfocus.com/archive/77/471140

5. [SJ-JOB] Security Consultant, Palo Alto
http://www.securityfocus.com/archive/77/471143

6. [SJ-JOB] Certification & Accreditation Engineer, Washington DC
http://www.securityfocus.com/archive/77/471145

7. [SJ-JOB] Sr. Security Analyst, Chicago
http://www.securityfocus.com/archive/77/471147

8. [SJ-JOB] Sales Representative, Atlanta
http://www.securityfocus.com/archive/77/471148

9. [SJ-JOB] Jr. Security Analyst, Irvine
http://www.securityfocus.com/archive/77/471150

10. [SJ-JOB] Sr. Security Engineer, Bangalore
http://www.securityfocus.com/archive/77/471141

11. [SJ-JOB] Security Consultant, Overland Park
http://www.securityfocus.com/archive/77/471144

12. [SJ-JOB] Security Consultant, Ottawa
http://www.securityfocus.com/archive/77/471146

13. [SJ-JOB] Security Consultant, Dover
http://www.securityfocus.com/archive/77/471149

14. [SJ-JOB] Security Consultant, New York City
http://www.securityfocus.com/archive/77/471122

15. [SJ-JOB] Chief Security Strategist, Cotonou
http://www.securityfocus.com/archive/77/471135

16. [SJ-JOB] Security Consultant, Chicago
http://www.securityfocus.com/archive/77/471136

17. [SJ-JOB] Sr. Security Analyst, Cairo
http://www.securityfocus.com/archive/77/471121

18. [SJ-JOB] Jr. Security Analyst, Washington DC
http://www.securityfocus.com/archive/77/471137

19. [SJ-JOB] Penetration Engineer, Worcester
http://www.securityfocus.com/archive/77/471138

20. [SJ-JOB] Security System Administrator, Canberra
http://www.securityfocus.com/archive/77/471105

21. [SJ-JOB] Security Consultant, Groton
http://www.securityfocus.com/archive/77/471111

22. [SJ-JOB] Security Architect, Canberra
http://www.securityfocus.com/archive/77/471120

23. [SJ-JOB] VP of Regional Sales, Chicago
http://www.securityfocus.com/archive/77/471124

24. [SJ-JOB] Manager, Information Security, London
http://www.securityfocus.com/archive/77/471116

25. [SJ-JOB] Security Consultant, Houston
http://www.securityfocus.com/archive/77/471118

26. [SJ-JOB] Sr. Security Engineer, Fort Lauderdale
http://www.securityfocus.com/archive/77/471119

27. [SJ-JOB] Security Engineer, Canberra
http://www.securityfocus.com/archive/77/471123

28. [SJ-JOB] Security Engineer, Canberra
http://www.securityfocus.com/archive/77/471134

29. [SJ-JOB] Security Consultant, Denver
http://www.securityfocus.com/archive/77/471110

30. [SJ-JOB] Technology Risk Consultant, London
http://www.securityfocus.com/archive/77/471112

31. [SJ-JOB] Application Security Engineer, Los Angeles
http://www.securityfocus.com/archive/77/471113

32. [SJ-JOB] Security Consultant, Bedminster
http://www.securityfocus.com/archive/77/471117

33. [SJ-JOB] Security System Administrator, Winston Salem
http://www.securityfocus.com/archive/77/471094

34. [SJ-JOB] Security System Administrator, Foster City
http://www.securityfocus.com/archive/77/471097

35. [SJ-JOB] Security Consultant, Chicago
http://www.securityfocus.com/archive/77/471104

36. [SJ-JOB] Security Consultant, Mountain View
http://www.securityfocus.com/archive/77/471106

37. [SJ-JOB] Application Security Engineer, Broomfield
http://www.securityfocus.com/archive/77/471083

38. [SJ-JOB] Software Engineer, Mountain View
http://www.securityfocus.com/archive/77/471084

39. [SJ-JOB] Security Engineer, London
http://www.securityfocus.com/archive/77/471096

40. [SJ-JOB] Software Engineer, Columbia
http://www.securityfocus.com/archive/77/471107

41. [SJ-JOB] Sr. Security Analyst, Warren
http://www.securityfocus.com/archive/77/471109

42. [SJ-JOB] Software Engineer, Mountain VIew
http://www.securityfocus.com/archive/77/471115

43. [SJ-JOB] Auditor, Jacksonville
http://www.securityfocus.com/archive/77/471076

44. [SJ-JOB] Security Engineer, Saint Louis
http://www.securityfocus.com/archive/77/471077

45. [SJ-JOB] Disaster Recovery Coordinator, Saint Louis
http://www.securityfocus.com/archive/77/471085

46. [SJ-JOB] Software Engineer, Redwood Shores
http://www.securityfocus.com/archive/77/471095

47. [SJ-JOB] Security Product Manager, Berkshire
http://www.securityfocus.com/archive/77/471074

48. [SJ-JOB] Management, New York City
http://www.securityfocus.com/archive/77/471075

49. [SJ-JOB] Account Manager, New York
http://www.securityfocus.com/archive/77/471081

50. [SJ-JOB] Sr. Security Analyst, Cupertino
http://www.securityfocus.com/archive/77/471098

51. [SJ-JOB] Manager, Information Security, Baltimore
http://www.securityfocus.com/archive/77/471103

52. [SJ-JOB] Technical Support Engineer, Palo Alto
http://www.securityfocus.com/archive/77/471073

53. [SJ-JOB] Sr. Security Engineer, Phoenix
http://www.securityfocus.com/archive/77/471082

54. [SJ-JOB] Sales Representative, Baltimore
http://www.securityfocus.com/archive/77/470951

55. [SJ-JOB] Sales Representative, Reston
http://www.securityfocus.com/archive/77/470952

56. [SJ-JOB] Compliance Officer, London
http://www.securityfocus.com/archive/77/470953

57. [SJ-JOB] Application Security Engineer, Aba city
http://www.securityfocus.com/archive/77/470955

58. [SJ-JOB] Principal Software Engineer, Boston
http://www.securityfocus.com/archive/77/470944

59. [SJ-JOB] Sales Representative, Washington
http://www.securityfocus.com/archive/77/470949

60. [SJ-JOB] Security Engineer, DC
http://www.securityfocus.com/archive/77/470943

61. [SJ-JOB] Senior Software Engineer, Fort Lauderdale
http://www.securityfocus.com/archive/77/470945

62. [SJ-JOB] Security Engineer, Raleigh
http://www.securityfocus.com/archive/77/470946

63. [SJ-JOB] Security Engineer, Norcross/Lawrenceville
http://www.securityfocus.com/archive/77/470950

64. [SJ-JOB] VP, Information Security, Jersey City
http://www.securityfocus.com/archive/77/470932

65. [SJ-JOB] Sr. Security Analyst, New York
http://www.securityfocus.com/archive/77/470935

66. [SJ-JOB] Sr. Security Engineer, DC suburb outside Beltway
http://www.securityfocus.com/archive/77/470930

67. [SJ-JOB] Security Engineer, Southfield
http://www.securityfocus.com/archive/77/470931

68. [SJ-JOB] Sr. Security Analyst, Santa Clara
http://www.securityfocus.com/archive/77/470936

69. [SJ-JOB] Sr. Security Analyst, New York
http://www.securityfocus.com/archive/77/470937

70. [SJ-JOB] Manager, Information Security, Jersey City
http://www.securityfocus.com/archive/77/470939

71. [SJ-JOB] Sales Representative, Washington
http://www.securityfocus.com/archive/77/470920

72. [SJ-JOB] Disaster Recovery Coordinator, Anywhere within EMEA
http://www.securityfocus.com/archive/77/470929

73. [SJ-JOB] Sales Representative, Minneapolis
http://www.securityfocus.com/archive/77/470933

74. [SJ-JOB] Security Researcher, San Antonio
http://www.securityfocus.com/archive/77/470942

75. [SJ-JOB] Security Consultant, Montreal
http://www.securityfocus.com/archive/77/470917

76. [SJ-JOB] Auditor, Riyadh
http://www.securityfocus.com/archive/77/470923

77. [SJ-JOB] Information Assurance Analyst, Cleveland
http://www.securityfocus.com/archive/77/470925

78. [SJ-JOB] Security Engineer, Denver
http://www.securityfocus.com/archive/77/470926

79. [SJ-JOB] Security Consultant, New York
http://www.securityfocus.com/archive/77/470938

80. [SJ-JOB] Account Manager, Myrtle Beach
http://www.securityfocus.com/archive/77/470909

81. [SJ-JOB] Security Architect, Edison
http://www.securityfocus.com/archive/77/470913

82. [SJ-JOB] Security Consultant, Chicago, Milwaukee and Minneapolis
http://www.securityfocus.com/archive/77/470915

83. [SJ-JOB] Account Manager, Atlanta
http://www.securityfocus.com/archive/77/470919

84. [SJ-JOB] Sr. Product Manager, Atlanta
http://www.securityfocus.com/archive/77/470927

85. [SJ-JOB] Security Engineer, Jersey City
http://www.securityfocus.com/archive/77/470918

86. [SJ-JOB] Technical Support Engineer, Irving
http://www.securityfocus.com/archive/77/470905

87. [SJ-JOB] Information Assurance Analyst, Springfield
http://www.securityfocus.com/archive/77/470916

88. [SJ-JOB] Sales Engineer, Atlanta
http://www.securityfocus.com/archive/77/470921

89. [SJ-JOB] Sales Engineer, Chicago
http://www.securityfocus.com/archive/77/470924

90. [SJ-JOB] Security Consultant, Northern California
http://www.securityfocus.com/archive/77/470898

91. [SJ-JOB] Manager, Information Security, Dallas
http://www.securityfocus.com/archive/77/470901

92. [SJ-JOB] Sr. Security Analyst, Framingham
http://www.securityfocus.com/archive/77/470902

93. [SJ-JOB] Security Consultant, London
http://www.securityfocus.com/archive/77/470912

94. [SJ-JOB] Application Security Architect, New York
http://www.securityfocus.com/archive/77/470914

95. [SJ-JOB] Forensics Engineer, Munich
http://www.securityfocus.com/archive/77/470891

96. [SJ-JOB] Security Consultant, London
http://www.securityfocus.com/archive/77/470896

97. [SJ-JOB] Technical Writer, Mountain View
http://www.securityfocus.com/archive/77/470897

98. [SJ-JOB] Security Researcher, San Jose/Silicon Valley/Bay Area
http://www.securityfocus.com/archive/77/470904

99. [SJ-JOB] Quality Assurance, New York
http://www.securityfocus.com/archive/77/470894

100. [SJ-JOB] Auditor, Denver
http://www.securityfocus.com/archive/77/470895

101. [SJ-JOB] Management, Chandler
http://www.securityfocus.com/archive/77/470906

102. [SJ-JOB] Sr. Security Engineer, San Francisco
http://www.securityfocus.com/archive/77/470908

103. [SJ-JOB] Sr. Security Analyst, New York
http://www.securityfocus.com/archive/77/470883

104. [SJ-JOB] Security Architect, New York
http://www.securityfocus.com/archive/77/470886

105. [SJ-JOB] Sales Representative, Sydney
http://www.securityfocus.com/archive/77/470890

106. [SJ-JOB] Application Security Engineer, Pune
http://www.securityfocus.com/archive/77/470903

107. [SJ-JOB] Security System Administrator, Brooklyn (Metrotech)
http://www.securityfocus.com/archive/77/470878

108. [SJ-JOB] Security Engineer, Chicago
http://www.securityfocus.com/archive/77/470879

109. [SJ-JOB] Security Engineer, Atlanta
http://www.securityfocus.com/archive/77/470882

110. [SJ-JOB] Security Engineer, Myrtle Beach
http://www.securityfocus.com/archive/77/470892

111. [SJ-JOB] Sales Engineer, New York
http://www.securityfocus.com/archive/77/470900

112. [SJ-JOB] Sr. Security Engineer, Westlake Village
http://www.securityfocus.com/archive/77/470877

113. [SJ-JOB] Technology Risk Consultant, San Jose
http://www.securityfocus.com/archive/77/470885

114. [SJ-JOB] Security Researcher, Any
http://www.securityfocus.com/archive/77/470888

115. [SJ-JOB] Security Consultant, Woonsocket, RI
http://www.securityfocus.com/archive/77/470889

116. [SJ-JOB] Application Security Engineer, Calabasas
http://www.securityfocus.com/archive/77/470907

117. [SJ-JOB] Jr. Security Analyst, Toronto
http://www.securityfocus.com/archive/77/470869

118. [SJ-JOB] Sr. Security Analyst, Ft. Meade
http://www.securityfocus.com/archive/77/470876

119. [SJ-JOB] Developer, Toronto
http://www.securityfocus.com/archive/77/470884

120. [SJ-JOB] Jr. Security Analyst, Moscow
http://www.securityfocus.com/archive/77/470867

121. [SJ-JOB] Security Researcher, Toronto
http://www.securityfocus.com/archive/77/470868

122. [SJ-JOB] Sr. Security Analyst, Woonsocket
http://www.securityfocus.com/archive/77/470870

123. [SJ-JOB] Jr. Security Analyst, Braintree
http://www.securityfocus.com/archive/77/470871

124. [SJ-JOB] Security Engineer, York
http://www.securityfocus.com/archive/77/470875

V. INCIDENTS LIST SUMMARY
---------------------------
1. send to MAC A, reply from MAC B, same IP. Whats going on ?
http://www.securityfocus.com/archive/75/471263

VI. VULN-DEV RESEARCH LIST SUMMARY
-----------------------------------
1. Static Code Analysis - Nuts and Bolts
http://www.securityfocus.com/archive/82/471253

2. non-process-terminating shellcode
http://www.securityfocus.com/archive/82/471180

3. Seh over write
http://www.securityfocus.com/archive/82/471047

4. GDI+ and Internet Explorer question
http://www.securityfocus.com/archive/82/471006

5. Second Call for Papers: DeepSec IDSC 2007 Europe/Vienna: 20-23 Nov 2007
http://www.securityfocus.com/archive/82/470820

VII. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
VIII. SUN FOCUS LIST SUMMARY
----------------------------
IX. LINUX FOCUS LIST SUMMARY
----------------------------
X. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to sf-news-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.

XI. SPONSOR INFORMATION
------------------------
This Issue is Sponsored by: SPI Dynamics

ALERT: "How A Hacker Launches A Cross-Site Scripting Attack"- White Paper
Cross-site scripting vulnerabilities in web apps allow hackers to compromise confidential information, steal cookies and create requests that can be mistaken for those of a valid user!! Download this *FREE* white paper from SPI Dynamics for a complete guide to protection!

https://download.spidynamics.com/1/ad/xss.asp?Campaign_ID=70160000000CsFU

No comments:

Blog Archive