WINDOWS CENTER: SecurityFocus Newsletter #406

SecurityFocus Newsletter #406
----------------------------------------

This Issue is Sponsored by: VeriSign

Increase customer confidence at transaction time with the latest breakthrough in online security - Extended Validation SSL from VeriSign. Extended Validation triggers a green address bar in Microsoft IE7, which proves site identity. Learn more at:

http://clk.atdmt.com/SFI/go/srv0890000047sfi/direct/01/

SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1. Embedded Problems
2. Security Analogies
II. BUGTRAQ SUMMARY
1. Nortel Networks PC Client Soft Phone Message Parsing Module Buffer Overflow Vulnerability
2. AOL Instant Messenger SIP Invite Message Denial of Service Vulnerability
3. Linux Kernel MinCore User Space Access Locking Local Denial of Service Vulnerability
4. PostgreSQL SECURITY DEFINER Function Local Privilege Escalation Vulnerability
5. PHPListPro Topsite Entry Page HTML Injection Vulnerability
6. Papoo CMS Multiple HTML Injection Vulnerabilities
7. Novell exteNd Director LocalExec.OCX ActiveX Control Remote Command Execution Vulnerability
8. OpenOffice RTF File Parser Buffer Overflow Vulnerability
9. ClamAV Multiple Unspecified Vulnerabilities
10. Clam AntiVirus ClamAV OLE2 Parser Remote Denial Of Service Vulnerability
11. Clam AntiVirus ClamAV RAR Handling Remote Denial Of Service Vulnerability
12. Apple Safari for Windows Unspecified Remote Code Execution and Denial of Service Vulnerabilities
13. Kaspersky Internet Security 6 SSDT Hooks Multiple Local Vulnerabilities
14. WordPress AndyBlue Theme Searchform.PHP Cross-Site Scripting Vulnerability
15. Novell NetWare XNFS.NLM Remote Denial Of Service Vulnerability
16. Util-linux Login Security Bypass Vulnerability
17. Linux Kernel ATM SkBuff Dereference Remote Denial of Service Vulnerability
18. Linux Kernel Omnikey CardMan 4040 Driver Local Buffer Overflow Vulnerability
19. Linux Kernel IPV6_Getsockopt_Sticky Memory Leak Information Disclosure Vulnerability
20. Linux Kernel Key_Alloc_Serial() Local Denial of Service Vulnerability
21. Linux Kernel NETLINK_FIB_LOOKUP Local Denial of Service Vulnerability
22. Linux Kernel NFSACL Denial of Service Vulnerability
23. Apple Safari for Windows Content and URLBar Spoofing Vulnerability
24. Linux Kernel ISDN PPP Remote Denial of Service Vulnerability
25. Linux Kernel ISDN PPP CCP Reset State Timer Denial of Service Vulnerability
26. Linux Kernel Multiple IPV6 Packet Filtering Bypass Vulnerabilities
27. Snom-320 SIP Phone Remote Phone Dialing Unauthorized Access Vulnerability
28. Snom-320 SIP Remote Unauthorized Access Vulnerability
29. PHPMailer Remote Shell Command Execution Vulnerability
30. MPlayer Multiple CDDB Parsing Buffer Overflow Vulnerabilities
31. IGeneric IG Shop Multiple PHP Code Execution Vulnerabilities
32. Red Hat Sendmail Localhost.Localdomain Email Spoofing Vulnerability
33. F-Secure Multiple Anti-Virus Products LHA and RAR Archives Scan Bypass Vulnerability
34. Libpng Library Remote Denial of Service Vulnerability
35. LibPNG Graphics Library PNG_SET_SPLT Remote Denial of Service Vulnerability
36. Tidylib for PHP Library Remote Buffer Overflow Vulnerability
37. Microsoft Internet Explorer NavCancel.HTM Cross-Site Scripting Vulnerability
38. Microsoft Internet Explorer Prototype Variable Uninitialized Memory Corruption Vulnerability
39. Microsoft Internet Explorer Language Pack Installation Remote Code Execution Vulnerability
40. Microsoft Internet Explorer CSS Tag Memory Corruption Vulnerability
41. Microsoft Internet Explorer URLMON.DLL COM Object Instantiation Remote Code Execution Vulnerability
42. Microsoft Internet Explorer Speech API 4 COM Object Instantiation Buffer Overflow Vulnerabilities
43. Microsoft Windows SChannel Security Remote Code Execution Vulnerability
44. Microsoft Win32 API Parameter Validation Remote Code Execution Vulnerability
45. Vixie Cron ST_Nlink Check Local Denial of Service Vulnerability
46. FuseTalk AuthError.CFM SQL Injection Vulnerability
47. Open ISCSI Multiple Local Denial Of Service Vulnerabilities
48. MaraDNS Multiple Remote Denial of Service Vulnerabilities
49. British Telecommunications Consumer Webhelper Multiple Buffer Overflow Vulnerabilities
50. YABB Multiple Local File Include Vulnerabilities
51. Apache Tomcat Accept-Language Cross Site Scripting Vulnerability
52. STPHP EasyNews PRO Unspecified Script HTML Injection Vulnerability
53. PHPPgAdmin SQLEdit.PHP Cross Site Scripting Vulnerability
54. Cerulean Studios Trillian Word Wrapping UTF-8 Encoded String Heap Buffer Overflow Vulnerability
55. APOP Protocol Insecure MD5 Hash Weakness
56. Avaya 4602SW SIP Phone Security Bypass Vulnerability
57. Avaya One-X Desktop Edition SIP Header Denial Of Service Vulnerability
58. Avaya 4602SW SIP Phone Cnonce Parameter Authentication Spoofing Vulnerability
59. Aastra 9112i SIP Phone SIP Message Denial Of Service Vulnerability
60. Nortel Networks PC Client Soft Phone SIP Message Parsing Module Denial of Service Vulnerability
61. RealNetworks GameHouse GHDLCTL.DLL ActiveX Control Multiple Buffer Overflow Vulnerabilities
62. Avaya One-X Desktop Edition Phone SIP Remote Buffer Overflow Vulnerability
63. ISC BIND Remote DNSSEC Validation Denial of Service Vulnerability
64. Fuzzylime Low.PHP Cross Site Scripting Vulnerability
65. Solar Empire Game_Listing.PHP SQL Injection Vulnerability
66. DKret Search Widget HTML Injection Vulnerability
67. PHP Hosting Biller Index.PHP Cross Site Scripting Vulnerability
68. WIKINDX Localization Module Unspecified Authentication Bypass Vulnerability
69. WebIf OutConfig Parameter Local File Include Vulnerability
70. TDizin Arama.ASP Cross-Site Scripting Vulnerability
71. WSPortal Content.PHP SQL Injection Vulnerability
72. FCKeditor Alternative Data Stream Arbitrary File Upload Vulnerability
73. PHPListPro Addsite.PHP HTML Injection Vulnerability
74. MailWasher Server LDAP Unauthorized Folder Access Vulnerability
75. Utopia News Pro Login.PHP Cross Site Scripting Vulnerability
76. FuseTalk Index.CFM SQL Injection Vulnerability
77. PHPMailer Data() Function Remote Denial of Service Vulnerability
78. Menu Manager Module System Command Remote Command Execution Vulnerability
79. IBM WebSphere Application Server Unspecified Vulnerabilities
80. MIT Kerberos 5 KAdminD Server Stack Buffer Overflow Vulnerability
81. Mozilla Products Multiple Remote Vulnerabilities
82. Mod_Perl Path_Info Remote Denial Of Service Vulnerability
83. WmFrog Insecure Temporary File Creation Vulnerability
84. EXIF Library EXIF File Processing Integer Overflow Vulnerability
85. Apache Tomcat JK Connector Double Encoding Security Bypass Vulnerability
86. MiniBB Language Parameter Local File Include Vulnerability
87. YourFreeScreamer Form.PHP Remote File Include Vulnerability
88. Apple Safari for Windows Document.Location Denial of Service Vulnerability
89. Apple Safari for Windows Corefoundation.DLL Denial of Service Vulnerability
90. PHPMyInventory Global.Inc.PHP Remote File Include Vulnerability
91. Freetype TT_Load_Simple_Glyph() TTF File Integer Overflow Vulnerability
92. Linux Kernel BINFMT_ELF PT_INTERP Local Information Disclosure Vulnerability
93. Linux Kernel AppleTalk ATalk_Sum_SKB Function Denial Of Service Vulnerability
94. Linux Kernel Dev_Queue_XMIT Local Denial of Service Vulnerability
95. Linux Kernel Bluetooth CAPI Packet Remote Buffer Overflow Vulnerability
96. Linux Kernel IPv6 TCP Sockets Local Denial of Service Vulnerability
97. Linux Kernel AIO_Setup_Ring Local Denial of Service Vulnerability
98. Linux Kernel ISO9660 Denial of Service Vulnerability
99. Linux Kernel ListXATTR Local Denial of Service Vulnerability
100. Linux Kernel UnMap_HugePage_Area Local Denial of Service Vulnerability
III. SECURITYFOCUS NEWS
1. Group: Anti-hacking laws can hobble Net security
2. Judge nixes teacher's conviction on porn pop-ups
3. Zero-day sales not "fair" -- to researchers
4. Insecure plug-ins pose danger to Firefox users
IV. SECURITY JOBS LIST SUMMARY
V. INCIDENTS LIST SUMMARY
1. Suspicious files in /tmp
2. send to MAC A, reply from MAC B, same IP. Whats going on ?
VI. VULN-DEV RESEARCH LIST SUMMARY
1. CFP: 3rd European Conference on Computer Network Defense (EC2ND) in Crete, Greece
2. Static Code Analysis - Nuts and Bolts
VII. MICROSOFT FOCUS LIST SUMMARY
1. SecurityFocus Microsoft Newsletter #346
VIII. SUN FOCUS LIST SUMMARY
IX. LINUX FOCUS LIST SUMMARY
X. UNSUBSCRIBE INSTRUCTIONS
XI. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1. Embedded Problems
By Federico Biancuzzi
Federico Biancuzzi interviews Barnaby Jack to discuss the vector rewrite attack, which architectures are vulnerable, how to defend the integrity of the exception vector table, some firmware extraction methods, and what bad things you can do on a cheap SOHO router.
http://www.securityfocus.com/columnists/446

2. Security Analogies
By Scott Granneman
Scott Granneman discusses security analogies and their function in educating the masses on security concepts.
http://www.securityfocus.com/columnists/445

II. BUGTRAQ SUMMARY
--------------------
1. Nortel Networks PC Client Soft Phone Message Parsing Module Buffer Overflow Vulnerability
BugTraq ID: 24531
Remote: Yes
Last Updated: 2007-06-19
Relevant URL: http://www.securityfocus.com/bid/24531
Summary:
Nortel Networks PC Client soft phone is prone to a buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data before copying it to an insufficiently sized memory buffer.

Successful exploits can allow remote attackers to execute arbitrary machine code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions.

2. AOL Instant Messenger SIP Invite Message Denial of Service Vulnerability
BugTraq ID: 24533
Remote: Yes
Last Updated: 2007-06-19
Relevant URL: http://www.securityfocus.com/bid/24533
Summary:
AOL Instant Messenger is prone to a denial-of-service vulnerability because the application fails to handle specially crafted SIP messages.

An attacker can exploit this issue to crash the affected application, denying service to legitimate users.

This issue affects AOL Instant Messenger 6.1.32.1; prior versions may also be affected.

3. Linux Kernel MinCore User Space Access Locking Local Denial of Service Vulnerability
BugTraq ID: 21663
Remote: No
Last Updated: 2007-06-18
Relevant URL: http://www.securityfocus.com/bid/21663
Summary:
The Linux Kernel is prone to a denial-of-service vulnerability due to a design error.

A local attacker can exploit this issue to cause the kernel to become unresponsive, denying further service to legitimate users.

Linux Kernel versions prior to 2.4.33.6 are vulnerable.

4. PostgreSQL SECURITY DEFINER Function Local Privilege Escalation Vulnerability
BugTraq ID: 23618
Remote: No
Last Updated: 2007-06-18
Relevant URL: http://www.securityfocus.com/bid/23618
Summary:
PostgreSQL is prone to a local privilege-escalation vulnerability.

Exploiting this issue allows local attackers to escalate privileges in the context of the 'security_definer' function.

PostgreSQL versions prior to 8.2.4, 8.1.9, 8.0.13, 7.4.17, and 7.3.19 are vulnerable to this issue.

5. PHPListPro Topsite Entry Page HTML Injection Vulnerability
BugTraq ID: 24495
Remote: Yes
Last Updated: 2007-06-16
Relevant URL: http://www.securityfocus.com/bid/24495
Summary:
phpListPro is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content.

Attacker-supplied HTML and script code would run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials and to control how the site is rendered to the user; other attacks are also possible.

This issue affects phpListPro 2.0.1; other versions may also be affected.

6. Papoo CMS Multiple HTML Injection Vulnerabilities
BugTraq ID: 24494
Remote: Yes
Last Updated: 2007-06-16
Relevant URL: http://www.securityfocus.com/bid/24494
Summary:
Papoo CMS is prone to multiple HTML-injection vulnerabilities because it fails to sufficiently sanitize user-supplied input data.

Exploiting these issues may allow an attacker to execute HTML and script code in the context of the affected site, to steal cookie-based authentication credentials, or to control how the site is rendered to the user; other attacks are also possible.

These issues affects Papoo 3.6; prior versions may also be affected.

7. Novell exteNd Director LocalExec.OCX ActiveX Control Remote Command Execution Vulnerability
BugTraq ID: 24493
Remote: Yes
Last Updated: 2007-06-15
Relevant URL: http://www.securityfocus.com/bid/24493
Summary:
Novell exteNd Director is prone to a remote command-execution vulnerability because the application fails to sanitize user-supplied data passed through an unspecified URI parameter.

Attackers can leverage this issue to execute arbitrary code in the context of the application using the affected control (typically Internet Explorer).

8. OpenOffice RTF File Parser Buffer Overflow Vulnerability
BugTraq ID: 24450
Remote: Yes
Last Updated: 2007-06-15
Relevant URL: http://www.securityfocus.com/bid/24450
Summary:
OpenOffice is prone to a remote heap-based buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.

Remote attackers may exploit this issue by enticing victims into opening maliciously crafted RTF files.

An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial of service.

9. ClamAV Multiple Unspecified Vulnerabilities
BugTraq ID: 24358
Remote: Yes
Last Updated: 2007-06-15
Relevant URL: http://www.securityfocus.com/bid/24358
Summary:
ClamAV is prone to multiple unspecified vulnerabilities.

These issues arise because the software incorrectly calculates the end of a buffer and gives improper permissions to temporary files.

Versions prior to ClamAV 0.90.3 are vulnerable to these issues.

10. Clam AntiVirus ClamAV OLE2 Parser Remote Denial Of Service Vulnerability
BugTraq ID: 24316
Remote: Yes
Last Updated: 2007-06-15
Relevant URL: http://www.securityfocus.com/bid/24316
Summary:
ClamAV is prone to a denial-of-service vulnerability when handling malformed OLE2 files.

A successful attack may allow an attacker to cause denial-of-service conditions.

Versions prior to ClamAV 0.90.3 are affected.

11. Clam AntiVirus ClamAV RAR Handling Remote Denial Of Service Vulnerability
BugTraq ID: 24289
Remote: Yes
Last Updated: 2007-06-15
Relevant URL: http://www.securityfocus.com/bid/24289
Summary:
ClamAV is prone to a denial-of-service vulnerability.

A successful attack may allow an attacker to cause denial-of-service conditions.

12. Apple Safari for Windows Unspecified Remote Code Execution and Denial of Service Vulnerabilities
BugTraq ID: 24433
Remote: Yes
Last Updated: 2007-06-15
Relevant URL: http://www.securityfocus.com/bid/24433
Summary:
Apple Safari for Windows is prone to multiple remote code-execution and denial-of-service vulnerabilities.

An attacker may exploit these issues by enticing victims into opening a maliciously crafted HTML document.

Successful exploits can allow attackers to execute arbitrary code in the context of the affected browser or to cause denial-of-service conditions.

Safari 3 public beta for Windows is reported vulnerable.

One of these issues may be related to BID 24431: Apple Safari for Windows Unspecified Denial of Service Vulnerability.

NOTE: Apple has released Safari 3.0.1 Beta for Windows

UPDATE (June 14, 2007): Safari 2.0.4 is vulnerable; prior versions may also be affected.

13. Kaspersky Internet Security 6 SSDT Hooks Multiple Local Vulnerabilities
BugTraq ID: 24491
Remote: No
Last Updated: 2007-06-15
Relevant URL: http://www.securityfocus.com/bid/24491
Summary:
Kaspersky Internet Security 6 is prone to multiple local vulnerabilities.

Exploiting these vulnerabilities allows local attackers to crash affected computers, denying service to legitimate users. Attackers might also be able to gain elevated privileges by executing arbitrary machine code in the context of the kernel, but this has not been confirmed.

Kaspersky Internet Security 6.0.2.614 and 6.0.2.621 are vulnerable; other versions may also be affected.

NOTE: These issues may be related to BID 23326 (Kaspersky Internet Security Suite Klif.SYS Drive Local Heap Overflow Vulnerability), but this has not been confirmed. If we find that this BID is a duplicate, we will retire it and merge its information into BID 23326.

14. WordPress AndyBlue Theme Searchform.PHP Cross-Site Scripting Vulnerability
BugTraq ID: 24490
Remote: Yes
Last Updated: 2007-06-15
Relevant URL: http://www.securityfocus.com/bid/24490
Summary:
The AndyBlue theme for WordPress is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

The AndyBlue theme for WordPress 1.4 is vulnerable; other versions may also be affected.

15. Novell NetWare XNFS.NLM Remote Denial Of Service Vulnerability
BugTraq ID: 24489
Remote: Yes
Last Updated: 2007-06-15
Relevant URL: http://www.securityfocus.com/bid/24489
Summary:
Novell NetWare is prone to a remote denial-of-service vulnerability because of inadequate boundary checks.

A remote attacker can exploit this issue to deny access to legitimate users and possibly to execute code, but this has not been confirmed.

NetWare 6.5 SP6 is vulnerable; other versions may also be affected.

16. Util-linux Login Security Bypass Vulnerability
BugTraq ID: 24321
Remote: Yes
Last Updated: 2007-06-15
Relevant URL: http://www.securityfocus.com/bid/24321
Summary:
The 'login' utility (in 'util-linux') is prone to a security-bypass vulnerability because the utility fails to properly validate user privileges.

Exploiting this issue can allow an attacker to bypass certain security restrictions and potentially gain unauthorized access.

Versions prior to 'util-linux' 2.12 are vulnerable.

17. Linux Kernel ATM SkBuff Dereference Remote Denial of Service Vulnerability
BugTraq ID: 20363
Remote: Yes
Last Updated: 2007-06-15
Relevant URL: http://www.securityfocus.com/bid/20363
Summary:
The Linux kernel is prone to a remote denial-of-service vulnerability.

This issue is triggered when the kernel processes incoming ATM data.

Exploiting this vulnerability may allow remote attackers to crash the affected kernel, resulting in denial-of-service conditions.

This issue affects only systems that have ATM hardware and are configured for ATM kernel support.

Kernel versions from 2.6.0 up to and including 2.6.17 are vulnerable to this issue.

18. Linux Kernel Omnikey CardMan 4040 Driver Local Buffer Overflow Vulnerability
BugTraq ID: 22870
Remote: No
Last Updated: 2007-06-15
Relevant URL: http://www.securityfocus.com/bid/22870
Summary:
The Linux kernel is prone to a local buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input before using it in a memory copy operation.

This issue allows local attackers to overwrite kernel memory with arbitrary data, potentially allowing them to execute malicious machine code in the context of affected kernels. Exploiting this vulnerability facilitates the complete compromise of affected computers.

Linux kernel versions prior to 2.6.21-rc3 are affected by this issue.

19. Linux Kernel IPV6_Getsockopt_Sticky Memory Leak Information Disclosure Vulnerability
BugTraq ID: 22904
Remote: No
Last Updated: 2007-06-15
Relevant URL: http://www.securityfocus.com/bid/22904
Summary:
Linux Kernel is prone to an information-disclosure vulnerability because it fails to handle unexpected user-supplied input.

Successful exploits will allow attackers to obtain portions of kernel memory. Information harvested may be used in further attacks.

Kernel versions 2.6.0 up to 2.6.20.1 are vulnerable to this issue.

20. Linux Kernel Key_Alloc_Serial() Local Denial of Service Vulnerability
BugTraq ID: 22539
Remote: No
Last Updated: 2007-06-15
Relevant URL: http://www.securityfocus.com/bid/22539
Summary:
The Linux Kernel is prone to a denial-of-service vulnerability.

A successful attack can allow local attackers to trigger a crash and deny service to legitimate users.

Kernel versions 2.6.x are vulnerable.

21. Linux Kernel NETLINK_FIB_LOOKUP Local Denial of Service Vulnerability
BugTraq ID: 23677
Remote: No
Last Updated: 2007-06-15
Relevant URL: http://www.securityfocus.com/bid/23677
Summary:
The Linux kernel is prone to a denial-of-service vulnerability. This issue presents itself when a NETLINK message is misrouted.

A local attacker may exploit this issue to trigger an infinite-recursion stack-based overflow in the kernel. This results in a denial of service to legitimate users.

Versions prior to 2.6.20.8 are vulnerable.

22. Linux Kernel NFSACL Denial of Service Vulnerability
BugTraq ID: 22625
Remote: No
Last Updated: 2007-06-15
Relevant URL: http://www.securityfocus.com/bid/22625
Summary:
The Linux kernel is prone to a local denial-of-service vulnerability.

An attacker can exploit this issue to crash the affected computer, denying service to legitimate users.

This issue affects the Linux kernel 2.6 series up to 2.6.20.

23. Apple Safari for Windows Content and URLBar Spoofing Vulnerability
BugTraq ID: 24484
Remote: Yes
Last Updated: 2007-06-15
Relevant URL: http://www.securityfocus.com/bid/24484
Summary:
Apple Safari 3.0.1 Beta for Windows is prone to a vulnerability that lets attackers spoof window titles and URL bars.

Attackers may exploit this vulnerability via a malicious webpage to spoof the contents and origin of a page that the victim may trust. Attackers may find this issue useful in phishing or other attacks that rely on content spoofing.

Safari 3.0.1 (522.12.12) on Windows 2003 SE SP2 is reported vulnerable; other versions may also be affected.

24. Linux Kernel ISDN PPP Remote Denial of Service Vulnerability
BugTraq ID: 21835
Remote: Yes
Last Updated: 2007-06-15
Relevant URL: http://www.securityfocus.com/bid/21835
Summary:
The Linux kernel is prone to a denial-of-service vulnerability.

An attacker can exploit this issue to cause an affected kernel to crash, effectively denying service to legitimate users.

Versions prior to 2.4.34 are vulnerable to this issue.

25. Linux Kernel ISDN PPP CCP Reset State Timer Denial of Service Vulnerability
BugTraq ID: 21883
Remote: No
Last Updated: 2007-06-15
Relevant URL: http://www.securityfocus.com/bid/21883
Summary:
The Linux kernel is prone to a denial-of-service vulnerability because it fails to handle exceptional conditions.

An attacker can exploit this issue to crash the affected kernel, denying service to legitimate users.

26. Linux Kernel Multiple IPV6 Packet Filtering Bypass Vulnerabilities
BugTraq ID: 20955
Remote: Yes
Last Updated: 2007-06-15
Relevant URL: http://www.securityfocus.com/bid/20955
Summary:
The Linux kernel is prone to multiple IPv6 packet-filtering-bypass vulnerabilities because of insufficient handling of fragmented packets.

An attacker could exploit these issues to bypass ip6_table filtering rules. This could result in a false sense of security because filtering rules set up by system administrators can be bypassed in order to access services that are otherwise protected.

27. Snom-320 SIP Phone Remote Phone Dialing Unauthorized Access Vulnerability
BugTraq ID: 24535
Remote: Yes
Last Updated: 2007-06-19
Relevant URL: http://www.securityfocus.com/bid/24535
Summary:
The snom 320 SIP VoIP phone is prone to a remote vulnerability that may allow an attacker to dial a random number.

28. Snom-320 SIP Remote Unauthorized Access Vulnerability
BugTraq ID: 24532
Remote: Yes
Last Updated: 2007-06-19
Relevant URL: http://www.securityfocus.com/bid/24532
Summary:
The snom 320 SIP VoIP phone is prone to a remote unauthorized-access vulnerability that may lead to information disclosure.

A remote attacker can exploit this issue to gain access to potentially sensitive information.

29. PHPMailer Remote Shell Command Execution Vulnerability
BugTraq ID: 24417
Remote: Yes
Last Updated: 2007-06-19
Relevant URL: http://www.securityfocus.com/bid/24417
Summary:
PHPMailer is prone to a vulnerability that allows attackers to execute arbitrary shell commands because the software fails to sanitize user-supplied input.

This issue affects PHPMailer when configured to use sendmail.

An attacker may leverage this issue to execute arbitrary shell commands on an affected computer with the privileges of the application using the affected class utility.

PHPMailer 1.73 and prior versions are vulnerable to this issue.

30. MPlayer Multiple CDDB Parsing Buffer Overflow Vulnerabilities
BugTraq ID: 24339
Remote: Yes
Last Updated: 2007-06-19
Relevant URL: http://www.securityfocus.com/bid/24339
Summary:
MPlayer is prone to multiple buffer-overflow vulnerabilities when it attempts to process malformed album and category titles. These issues occur because the application fails to perform proper bounds-checking on user-supplied data before copying it to an insufficiently sized memory buffer.

An attacker may exploit these issues to execute arbitrary code with the privileges of the user that activated the vulnerable application. This may facilitate unauthorized access or privilege escalation.

MPlayer 1.0rc1 is vulnerable to these issues; other versions may also be affected.

31. IGeneric IG Shop Multiple PHP Code Execution Vulnerabilities
BugTraq ID: 21875
Remote: Yes
Last Updated: 2007-06-19
Relevant URL: http://www.securityfocus.com/bid/21875
Summary:
The iG Shop application is prone to multiple PHP code-execution vulnerabilities.

An attacker can exploit these issues to execute arbitrary malicious PHP code in the context of the webserver process. This may help the attacker compromise the application and the underlying system; other attacks are also possible.

These issues affect iG Shop 1.0 and 1.4; other versions may be vulnerable as well.

32. Red Hat Sendmail Localhost.Localdomain Email Spoofing Vulnerability
BugTraq ID: 23742
Remote: Yes
Last Updated: 2007-06-19
Relevant URL: http://www.securityfocus.com/bid/23742
Summary:
Red Hat Sendmail is prone to a vulnerability that permits an attacker to send spoofed emails.

A successful exploit may allow an attacker to impersonate the localhost when sending an email message.

This issue affects Sendmail on Red Hat systems due to a configuration error. It is not currently known if this issue affects other releases of the software.

33. F-Secure Multiple Anti-Virus Products LHA and RAR Archives Scan Bypass Vulnerability
BugTraq ID: 24525
Remote: Yes
Last Updated: 2007-06-19
Relevant URL: http://www.securityfocus.com/bid/24525
Summary:
Multiple F-Secure Anti-Virus products are prone to a vulnerability that may allow certain compressed archives to bypass the scan engine.

An attacker may exploit this issue by sending maliciously crafted RAR or LHA archives to victims.

Successful exploits will allow attackers to distribute compressed archives containing malicious code that will not be detected by the antivirus application.

34. Libpng Library Remote Denial of Service Vulnerability
BugTraq ID: 24000
Remote: Yes
Last Updated: 2007-06-19
Relevant URL: http://www.securityfocus.com/bid/24000
Summary:
The 'libpng' library is prone to a remote denial-of-service vulnerability because the library fails to handle malicious PNG files.

Successful exploits may allow remote attackers to cause denial-of-service conditions on computers running the affected library.

This issue affects 'libpng' 1.2.16 and prior versions.

35. LibPNG Graphics Library PNG_SET_SPLT Remote Denial of Service Vulnerability
BugTraq ID: 21078
Remote: Yes
Last Updated: 2007-06-19
Relevant URL: http://www.securityfocus.com/bid/21078
Summary:
LibPNG is reported prone to a denial-of-service vulnerability. The library fails to perform proper bounds-checking of user-supplied input, which leads to an out-of-bounds read error.

Attackers may exploit this vulnerability to crash an application that relies on the affected library.

36. Tidylib for PHP Library Remote Buffer Overflow Vulnerability
BugTraq ID: 24527
Remote: Yes
Last Updated: 2007-06-19
Relevant URL: http://www.securityfocus.com/bid/24527
Summary:
Tidylib for PHP is prone to a remote buffer-overflow vulnerability because the library fails to perform boundary checks before copying user-supplied data to insufficiently sized memory buffers.

An attacker can exploit this issue to execute arbitrary machine code in the context of the application using the affected library. Failed exploit attempts will likely cause a crash, denying service to legitimate users.

This issue affects Tidylib for PHP 040603; other versions may also be affected.

37. Microsoft Internet Explorer NavCancel.HTM Cross-Site Scripting Vulnerability
BugTraq ID: 22966
Remote: Yes
Last Updated: 2007-06-19
Relevant URL: http://www.securityfocus.com/bid/22966
Summary:
Microsoft Internet Explorer is prone to a cross-site scripting vulnerability because the application fails to sufficiently sanitize user-supplied data.

An attacker can exploit this issue to spoof the contents of the Navigation canceled page, steal cookie-based authentication credentials, and obtain other sensitive information. Successful exploits may assist in phishing or other attacks that rely on content spoofing.

38. Microsoft Internet Explorer Prototype Variable Uninitialized Memory Corruption Vulnerability
BugTraq ID: 24418
Remote: Yes
Last Updated: 2007-06-19
Relevant URL: http://www.securityfocus.com/bid/24418
Summary:
Microsoft Internet Explorer is prone to a memory-corruption vulnerability when accessing objects that are improperly instantiated or deleted.

An attacker may exploit this issue by enticing victims into opening a maliciously crafted webpage.

Successfully exploiting this issue allows remote attackers to execute arbitrary machine code in the context of the affected application, facilitating the remote compromise of affected computers.

39. Microsoft Internet Explorer Language Pack Installation Remote Code Execution Vulnerability
BugTraq ID: 24429
Remote: Yes
Last Updated: 2007-06-19
Relevant URL: http://www.securityfocus.com/bid/24429
Summary:
Microsoft Internet Explorer is prone to remote code-execution vulnerability because of a race-condition in its language-pack installation support.

A remote attacker can exploit this issue to execute arbitrary code in the context of the user running the vulnerable application.

40. Microsoft Internet Explorer CSS Tag Memory Corruption Vulnerability
BugTraq ID: 24423
Remote: Yes
Last Updated: 2007-06-19
Relevant URL: http://www.securityfocus.com/bid/24423
Summary:
Microsoft Internet Explorer is prone to a remote code-execution vulnerability because the application fails to properly handle certain CSS data.

A remote attacker can exploit this issue to execute arbitrary code in the context of the user running the vulnerable application.

41. Microsoft Internet Explorer URLMON.DLL COM Object Instantiation Remote Code Execution Vulnerability
BugTraq ID: 24372
Remote: Yes
Last Updated: 2007-06-19
Relevant URL: http://www.securityfocus.com/bid/24372
Summary:
Microsoft Internet Explorer is prone to remote code-execution vulnerability.

A remote attacker can exploit this issue to execute arbitrary code in the context of the user running the vulnerable application.

42. Microsoft Internet Explorer Speech API 4 COM Object Instantiation Buffer Overflow Vulnerabilities
BugTraq ID: 24426
Remote: Yes
Last Updated: 2007-06-19
Relevant URL: http://www.securityfocus.com/bid/24426
Summary:
Microsoft Internet Explorer is prone to multiple buffer-overflow vulnerabilities when instantiating certain COM objects.

An attacker may exploit these issues by enticing victims into opening a maliciously crafted webpage.

Successfully exploiting these issues allows remote attackers to execute arbitrary machine code in the context of the affected application, facilitating the remote compromise of affected computers.

43. Microsoft Windows SChannel Security Remote Code Execution Vulnerability
BugTraq ID: 24416
Remote: Yes
Last Updated: 2007-06-19
Relevant URL: http://www.securityfocus.com/bid/24416
Summary:
The Microsoft Windows Schannel security package is prone to a remote code-execution vulnerability.

This vulnerability occurs when processing and validating server-sent digital signatures by the client application.

A remote attacker could exploit this issue by convincing a victim to visit a malicious website. Remote code execution is possible, but may be extremely difficult. In most cases, denial-of-service conditions will occur.

44. Microsoft Win32 API Parameter Validation Remote Code Execution Vulnerability
BugTraq ID: 24370
Remote: Yes
Last Updated: 2007-06-19
Relevant URL: http://www.securityfocus.com/bid/24370
Summary:
The Microsoft Win32 API is prone to remote code execution.

An attacker could exploit this issue to execute code in the context of the user visiting a malicious webpage.

45. Vixie Cron ST_Nlink Check Local Denial of Service Vulnerability
BugTraq ID: 23520
Remote: No
Last Updated: 2007-06-19
Relevant URL: http://www.securityfocus.com/bid/23520
Summary:
Vixie Cron is prone to a local denial-of-service vulnerability.

This issue occurs when attackers create hard file links to cron files belonging to both privileged and normal users.

A local attacker may exploit this issue to prevent cron files owned by privileged and non-privileged users from being executed at startup or on the next reload of the cron database.

Vixie Cron versions prior to 4.1-r10 are vulnerable.

46. FuseTalk AuthError.CFM SQL Injection Vulnerability
BugTraq ID: 24528
Remote: Yes
Last Updated: 2007-06-19
Relevant URL: http://www.securityfocus.com/bid/24528
Summary:
FuseTalk is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query.

A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.

NOTE: Specific vulnerable versions were not disclosed. Reports also indicate that this issue has been addressed in the latest version of the application.

47. Open ISCSI Multiple Local Denial Of Service Vulnerabilities
BugTraq ID: 24471
Remote: No
Last Updated: 2007-06-19
Relevant URL: http://www.securityfocus.com/bid/24471
Summary:
Open-iSCSI is prone to multiple local denial-of-service vulnerabilities.

A local attacker can exploit these issues to deny legitimate user access to the server daemon.

48. MaraDNS Multiple Remote Denial of Service Vulnerabilities
BugTraq ID: 24337
Remote: Yes
Last Updated: 2007-06-19
Relevant URL: http://www.securityfocus.com/bid/24337
Summary:
MaraDNS is prone to multiple remote denial-of-service vulnerabilities because of memory leaks.

Successfully exploiting these issues allows remote attackers to crash affected servers by exhausting memory resources. This will deny further service to legitimate users.

Versions in the 1.2 and 1.3 series prior to 1.2.12.06 and 1.3.05 are vulnerable to these issues.

49. British Telecommunications Consumer Webhelper Multiple Buffer Overflow Vulnerabilities
BugTraq ID: 24219
Remote: Yes
Last Updated: 2007-06-19
Relevant URL: http://www.securityfocus.com/bid/24219
Summary:
The British Telecommunications Consumer Webhelper ActiveX control is prone to multiple buffer-overflow vulnerabilities because it fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.

Successfully exploiting these issues allows remote attackers to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed exploit attempts likely result in denial-of-service conditions.

Versions of British Telecommunications Consumer Webhelper ActiveX Control prior to 2.0.0.8 are vulnerable to these issues.

50. YABB Multiple Local File Include Vulnerabilities
BugTraq ID: 24529
Remote: Yes
Last Updated: 2007-06-19
Relevant URL: http://www.securityfocus.com/bid/24529
Summary:
YaBB is prone to multiple local file-include vulnerabilities because the application fails to adequately sanitize user-supplied input.

Exploiting these issues may allow an attacker to access potentially sensitive information that may aid in further attacks.

This issue affects YaBB 2.1 and prior versions.

51. Apache Tomcat Accept-Language Cross Site Scripting Vulnerability
BugTraq ID: 24524
Remote: Yes
Last Updated: 2007-06-19
Relevant URL: http://www.securityfocus.com/bid/24524
Summary:
Apache Tomcat is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

An attacker can exploit this vulnerability to inject HTML and script code into the browser of an unsuspecting victim. The attacker may then steal cookie-based authentication credentials and launch other attacks.

This issue may have been reported as part of the vulnerabilities described in BID 24058 (Apache Tomcat Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities). Symantec has not been able to confirm this information. We will update this BID when more information emerges.

52. STPHP EasyNews PRO Unspecified Script HTML Injection Vulnerability
BugTraq ID: 24512
Remote: Yes
Last Updated: 2007-06-19
Relevant URL: http://www.securityfocus.com/bid/24512
Summary:
STphp EasyNews PRO is prone to an HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied input data.

Exploiting this issue may allow an attacker to execute HTML and script code in the context of the affected site, to steal cookie-based authentication credentials, or to control how the site is rendered to the user; other attacks are also possible.

STphp EasyNews PRO 4.0 is vulnerable; other versions may also be affected.

53. PHPPgAdmin SQLEdit.PHP Cross Site Scripting Vulnerability
BugTraq ID: 24115
Remote: Yes
Last Updated: 2007-06-19
Relevant URL: http://www.securityfocus.com/bid/24115
Summary:
phpPgAdmin is prone to a cross-site scripting vulnerability.

Exploiting this vulnerability may allow an attacker to perform cross-site scripting attacks on unsuspecting users in the context of the affected website. As a result, the attacker may be able to steal cookie-based authentication credentials and to launch other attacks.

phpPgAdmin 4.1.1 is reported vulnerable; other versions may also be affected.

54. Cerulean Studios Trillian Word Wrapping UTF-8 Encoded String Heap Buffer Overflow Vulnerability
BugTraq ID: 24523
Remote: Yes
Last Updated: 2007-06-19
Relevant URL: http://www.securityfocus.com/bid/24523
Summary:
Trillian is prone to a heap-based buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.

An attacker can exploit this issue to execute arbitrary code with the privileges of the currently logged-in user. Failed exploit attempts will result in a denial of service.

This issue affects Trillian 3.1.5.1; prior versions may also be affected.

55. APOP Protocol Insecure MD5 Hash Weakness
BugTraq ID: 23257
Remote: Yes
Last Updated: 2007-06-19
Relevant URL: http://www.securityfocus.com/bid/23257
Summary:
Applications that implement the APOP protocol may be vulnerable to a password-hash weakness. This issue occurs because the MD5 hash algorithm fails to properly prevent collisions.

Attackers may exploit this issue in man-in-the-middle attacks to potentially gain access to the first three characters of passwords. This will increase the likelihood of successful brute-force attacks against APOP authentication.

To limit the possibility of successful exploits, applications that implement the APOP protocol should set up safeguards to ensure that message IDs are RFC-compliant.

Mozilla Thunderbird, Evolution, mutt, and fetchmail are reportedly affected by this issue.

56. Avaya 4602SW SIP Phone Security Bypass Vulnerability
BugTraq ID: 24544
Remote: Yes
Last Updated: 2007-06-19
Relevant URL: http://www.securityfocus.com/bid/24544
Summary:
The Avaya 4602SW SIP Phone is prone to a security-bypass vulnerability because it accepts SIP requests from random source IP addresses.

An attacker can exploit this issue to bypass security restrictions. The attacker may then be able to transmit malicious messages to the device.

This issue affects The Avaya 4602 SW IP Phone (Model 4602D02A).

57. Avaya One-X Desktop Edition SIP Header Denial Of Service Vulnerability
BugTraq ID: 24541
Remote: Yes
Last Updated: 2007-06-19
Relevant URL: http://www.securityfocus.com/bid/24541
Summary:
Avaya one-X Desktop Edition phone is prone to a remote denial-of-service vulnerability.

An attacker can exploit this issue to crash the phone, denying service to legitimate users.

Versions 2.1.0.70 and prior are vulnerable.

58. Avaya 4602SW SIP Phone Cnonce Parameter Authentication Spoofing Vulnerability
BugTraq ID: 24539
Remote: Yes
Last Updated: 2007-06-19
Relevant URL: http://www.securityfocus.com/bid/24539
Summary:
The Avaya 4602SW SIP Phone and SIP call server is prone to an authentication spoofing vulnerability.

This allows an attacker to impersonate a SIP call server, compromising the confidentiality of a victim's phone conversations.

59. Aastra 9112i SIP Phone SIP Message Denial Of Service Vulnerability
BugTraq ID: 24537
Remote: Yes
Last Updated: 2007-06-19
Relevant URL: http://www.securityfocus.com/bid/24537
Summary:
Aastra 9112i SIP Phone is prone to a denial-of-service vulnerability because, the device fails to handle specially crafted SIP messages.

An attacker can exploit this issue to crash the affected device, denying service to legitimate users.

This issue affects Firmware 1.4.0.1049, Boot version: 1.1.0.10.

60. Nortel Networks PC Client Soft Phone SIP Message Parsing Module Denial of Service Vulnerability
BugTraq ID: 24536
Remote: Yes
Last Updated: 2007-06-19
Relevant URL: http://www.securityfocus.com/bid/24536
Summary:
Nortel Networks PC Client Soft Phone is prone to a remote denial-of-service vulnerability, because the application fails to properly handle malformed data.

Successful exploits can allow remote attackers to crash the affected application, denying further service to legitimate users.

61. RealNetworks GameHouse GHDLCTL.DLL ActiveX Control Multiple Buffer Overflow Vulnerabilities
BugTraq ID: 24534
Remote: Yes
Last Updated: 2007-06-19
Relevant URL: http://www.securityfocus.com/bid/24534
Summary:
The RealNetworks GameHouse dldisplay ActiveX Control is prone to multiple buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.

Successfully exploiting these issues allows remote attackers to execute arbitrary code in the context of the application using the Gamehouse application. Failed exploit attempts will likely result in denial-of-service conditions.

An attacker may exploit these issues by enticing victims into visiting a maliciously crafted web page.

62. Avaya One-X Desktop Edition Phone SIP Remote Buffer Overflow Vulnerability
BugTraq ID: 24530
Remote: Yes
Last Updated: 2007-06-19
Relevant URL: http://www.securityfocus.com/bid/24530
Summary:
Avaya One-X Desktop Edition phone is prone to a remote buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input.

An attacker can exploit this issue to disable the call receiving functionality of affected phones.

Versions 2.1.0.70 and prior are vulnerable.

63. ISC BIND Remote DNSSEC Validation Denial of Service Vulnerability
BugTraq ID: 22231
Remote: Yes
Last Updated: 2007-06-18
Relevant URL: http://www.securityfocus.com/bid/22231
Summary:
ISC BIND is prone to a remote denial-of-service vulnerability because the application fails to properly handle malformed DNSSEC validation requests.

Successfully exploiting this issue allows remote attackers to crash affected DNS servers, denying further service to legitimate users.

64. Fuzzylime Low.PHP Cross Site Scripting Vulnerability
BugTraq ID: 24522
Remote: Yes
Last Updated: 2007-06-18
Relevant URL: http://www.securityfocus.com/bid/24522
Summary:
Fuzzylime is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.

Fuzzylime 1.01b and prior versions are vulnerable to this issue.

65. Solar Empire Game_Listing.PHP SQL Injection Vulnerability
BugTraq ID: 24519
Remote: Yes
Last Updated: 2007-06-18
Relevant URL: http://www.securityfocus.com/bid/24519
Summary:
Solar Empire is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query.

A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.

This issue affects Solar Empire 2.9.1.1; other versions may also be vulnerable.

66. DKret Search Widget HTML Injection Vulnerability
BugTraq ID: 24518
Remote: Yes
Last Updated: 2007-06-18
Relevant URL: http://www.securityfocus.com/bid/24518
Summary:
dKret is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content.

Attacker-supplied HTML and script code would run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials and to control how the site is rendered to the user; other attacks are also possible.

This issue affects versions prior to dKret 2.6.

67. PHP Hosting Biller Index.PHP Cross Site Scripting Vulnerability
BugTraq ID: 24517
Remote: Yes
Last Updated: 2007-06-18
Relevant URL: http://www.securityfocus.com/bid/24517
Summary:
Php Hosting Biller is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.

This issue affects Php Hosting Biller 1.0; other versions may also be vulnerable.

68. WIKINDX Localization Module Unspecified Authentication Bypass Vulnerability
BugTraq ID: 24508
Remote: Yes
Last Updated: 2007-06-18
Relevant URL: http://www.securityfocus.com/bid/24508
Summary:
WIKINDX Localization Module is prone to an unspecified authentication-bypass vulnerability.

Exploiting this issue could allow an attacker to access certain administrative sections of the application. This may facilitate a complete compromise of the vulnerable application.

Versions prior to WIKINDX Localization Module 1.2 are vulnerable to this issue.

69. WebIf OutConfig Parameter Local File Include Vulnerability
BugTraq ID: 24516
Remote: Yes
Last Updated: 2007-06-18
Relevant URL: http://www.securityfocus.com/bid/24516
Summary:
WebIf is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.

Exploiting this issue may allow an unauthorized user to view files and execute local scripts.

70. TDizin Arama.ASP Cross-Site Scripting Vulnerability
BugTraq ID: 24515
Remote: Yes
Last Updated: 2007-06-18
Relevant URL: http://www.securityfocus.com/bid/24515
Summary:
TDizin is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.

71. WSPortal Content.PHP SQL Injection Vulnerability
BugTraq ID: 24513
Remote: Yes
Last Updated: 2007-06-18
Relevant URL: http://www.securityfocus.com/bid/24513
Summary:
WSPortal is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query.

A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.

This issue affects WSPortal 1.0; other versions may also be vulnerable.

72. FCKeditor Alternative Data Stream Arbitrary File Upload Vulnerability
BugTraq ID: 24510
Remote: Yes
Last Updated: 2007-06-18
Relevant URL: http://www.securityfocus.com/bid/24510
Summary:
FCKeditor is prone to an arbitrary file-upload vulnerability because the application fails to sufficiently sanitize user-supplied input.

Attackers can exploit this vulnerability to upload arbitrary PHP files and execute it in the context of the webserver process.

This issue affects FCKeditor 2.4.3; other versions may also be affected.

73. PHPListPro Addsite.PHP HTML Injection Vulnerability
BugTraq ID: 24509
Remote: Yes
Last Updated: 2007-06-18
Relevant URL: http://www.securityfocus.com/bid/24509
Summary:
phpListPro is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content.

Attacker-supplied HTML and script code would run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials and to control how the site is rendered to the user; other attacks are also possible.

This issue affects phpListPro 2.0.1; other versions may also be affected.

NOTE: This record may be a duplicate of the vulnerability discussed in BID 24495 (PHPListPro Topsite Entry Page HTML Injection Vulnerability). As more information emerges, we may update (or possibly retire) this BID.

74. MailWasher Server LDAP Unauthorized Folder Access Vulnerability
BugTraq ID: 24507
Remote: Yes
Last Updated: 2007-06-18
Relevant URL: http://www.securityfocus.com/bid/24507
Summary:
MailWasher Server is prone to a vulnerability that may allow remote attackers to access sensitive data.

This issue affects versions prior to MailWasher Server 2.2.1.

75. Utopia News Pro Login.PHP Cross Site Scripting Vulnerability
BugTraq ID: 24506
Remote: Yes
Last Updated: 2007-06-18
Relevant URL: http://www.securityfocus.com/bid/24506
Summary:
Utopia News Pro is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.

Utopia News Pro 1.4.0 is vulnerable to this issue; other versions may also be vulnerable.

76. FuseTalk Index.CFM SQL Injection Vulnerability
BugTraq ID: 24498
Remote: Yes
Last Updated: 2007-06-18
Relevant URL: http://www.securityfocus.com/bid/24498
Summary:
FuseTalk is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query.

A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.

This issue affects FuseTalk 2.0; other versions may also be vulnerable.

77. PHPMailer Data() Function Remote Denial of Service Vulnerability
BugTraq ID: 13805
Remote: Yes
Last Updated: 2007-06-18
Relevant URL: http://www.securityfocus.com/bid/13805
Summary:
PHPMailer is affected by a remote denial-of-service vulnerability.

An attacker can send an email message with a malformed header field to initiate an infinite loop in the application. This eventually leads to a crash due to resource exhaustion.

PHPMailer 1.72 and prior versions are affected by this issue.

78. Menu Manager Module System Command Remote Command Execution Vulnerability
BugTraq ID: 24453
Remote: Yes
Last Updated: 2007-06-18
Relevant URL: http://www.securityfocus.com/bid/24453
Summary:
The Menu Manager module for WebAPP is prone to a remote command-execution vulnerability because it fails to sufficiently sanitize user-supplied input.

An attacker can exploit this issue to execute arbitrary system commands within the context of the affected webserver.

This issue affects Menu Manager Module 1.5 running on WebAPP prior to 0.9.9.7.

79. IBM WebSphere Application Server Unspecified Vulnerabilities
BugTraq ID: 24505
Remote: Yes
Last Updated: 2007-06-18
Relevant URL: http://www.securityfocus.com/bid/24505
Summary:
IBM WebSphere Application Server is prone to multiple unspecified vulnerabilities.

Although very little information is known about these issues, some of them may lead to denial-of-service conditions and allow attackers to bypass certain restrictions. We will update this BID as more information emerges.

Versions prior to 6.1.0 Fix Pack 9 are vulnerable to these issues.

80. MIT Kerberos 5 KAdminD Server Stack Buffer Overflow Vulnerability
BugTraq ID: 23285
Remote: Yes
Last Updated: 2007-06-18
Relevant URL: http://www.securityfocus.com/bid/23285
Summary:
Kerberos 5 kadmind (Kerberos Administration Daemon) server is prone to a stack-based buffer-overflow vulnerability because the software fails to adequately bounds-check user-supplied data before copying it to an insufficiently sized buffer.

An attacker can exploit this issue to execute arbitrary code with administrative privileges. A successful attack can result in the complete compromise of the application. Failed attempts will likely result in denial-of-service conditions.

All kadmind servers run on the master Kerberos server. Since the master server holds the KDC principal and policy database, an attack may not only compromise the affected computer, but could also compromise multiple hosts that use the server for authentication.

Kerberos 5 kadmind 1.6 and prior versions are vulnerable.

81. Mozilla Products Multiple Remote Vulnerabilities
BugTraq ID: 24242
Remote: Yes
Last Updated: 2007-06-18
Relevant URL: http://www.securityfocus.com/bid/24242
Summary:
The Mozilla Foundation has released six security advisories specifying vulnerabilities in Firefox, SeaMonkey, and Thunderbird.

These vulnerabilities allow attackers to:

- Execute arbitrary code
- Cause denial-of-service conditions
- Perform cross-site scripting attacks
- Obtain potentially sensitive information
- Spoof legitimate content

Other attacks may also be possible.

82. Mod_Perl Path_Info Remote Denial Of Service Vulnerability
BugTraq ID: 23192
Remote: Yes
Last Updated: 2007-06-18
Relevant URL: http://www.securityfocus.com/bid/23192
Summary:
The 'mod_perl' module is prone to a remote denial-of-service vulnerability.

Successful exploits may allow remote attackers to cause denial-of-service conditions on the webserver running the mod_perl module.

83. WmFrog Insecure Temporary File Creation Vulnerability
BugTraq ID: 24504
Remote: No
Last Updated: 2007-06-18
Relevant URL: http://www.securityfocus.com/bid/24504
Summary:
The WmFrog application creates temporary files in an insecure manner.

An attacker with local access could potentially exploit this issue to perform symlink attacks, overwriting arbitrary files in the context of the affected application.

An attacker may leverage this issue to corrupt or overwrite arbitrary files with the privileges of an unsuspecting user that activated the affected application. Reportedly, attackers can exploit this issue to escalate privileges.

Versions prior to WmFrog 0.2.0 are vulnerable to this issue.

84. EXIF Library EXIF File Processing Integer Overflow Vulnerability
BugTraq ID: 24461
Remote: Yes
Last Updated: 2007-06-18
Relevant URL: http://www.securityfocus.com/bid/24461
Summary:
The 'libexif' library is reported prone to an integer-overflow vulnerability. Reportedly, the issue presents itself when the affected library is processing malformed EXIF files.

Attackers may leverage this issue to execute arbitrary code in the context of an application that is linked to the vulnerable library. Failed exploit attempts will likely result in denial-of-service conditions.

This issue affects 'libexif' 0.6.13 to 0.6.15; other versions may also be affected.

85. Apache Tomcat JK Connector Double Encoding Security Bypass Vulnerability
BugTraq ID: 24147
Remote: Yes
Last Updated: 2007-06-18
Relevant URL: http://www.securityfocus.com/bid/24147
Summary:
Apache HTTP server running with the Tomcat JK Web Server Connector is prone to a security-bypass vulnerability because it decodes request URLs multiple times.

Exploiting this issue allows attackers to access restricted files in the Tomcat web directory. This can expose sensitive information that could help attackers launch further attacks.

This issue is present in versions of Apache Tomcat JK Connector prior to 1.2.23.

86. MiniBB Language Parameter Local File Include Vulnerability
BugTraq ID: 24503
Remote: Yes
Last Updated: 2007-06-18
Relevant URL: http://www.securityfocus.com/bid/24503
Summary:
miniBB is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.

Exploiting this issue may allow an unauthorized user to view files and execute local scripts.

miniBB 2.0.5 is vulnerable to this issue; prior versions may also be affected.

87. YourFreeScreamer Form.PHP Remote File Include Vulnerability
BugTraq ID: 24500
Remote: Yes
Last Updated: 2007-06-18
Relevant URL: http://www.securityfocus.com/bid/24500
Summary:
YourFreeScreamer is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied input.

Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible.

This issue affects YourFreeScreamer 1.0; other versions may also be vulnerable.

88. Apple Safari for Windows Document.Location Denial of Service Vulnerability
BugTraq ID: 24499
Remote: Yes
Last Updated: 2007-06-18
Relevant URL: http://www.securityfocus.com/bid/24499
Summary:
Apple Safari for Windows is prone to a denial-of-service vulnerability because it fails to properly handle user-supplied input.

An attacker may exploit this issue by enticing victims into opening a maliciously crafted HTML document.

Successful exploits can allow attackers to crash the affected browser, resulting in denial-of-service conditions.

Safari 3.0 and 3.0.1 public beta for Windows are reported vulnerable.

NOTE: At the time of writing, Symantec was unable to reproduce this vulnerability. We are investigating this issue further and will update this BID as more information emerges.

89. Apple Safari for Windows Corefoundation.DLL Denial of Service Vulnerability
BugTraq ID: 24497
Remote: Yes
Last Updated: 2007-06-18
Relevant URL: http://www.securityfocus.com/bid/24497
Summary:
Apple Safari for Windows is prone to a denial-of-service vulnerability because it fails to properly handle user-supplied input.

An attacker may exploit this issue by enticing victims into opening a maliciously crafted HTML document.

Successful exploits can allow attackers to crash the affected browser, resulting in denial-of-service conditions. Attackers may also be able to execute arbitrary code, but Symantec had not confirmed this.

Safari 3.0.1 public beta for Windows is reported vulnerable.

90. PHPMyInventory Global.Inc.PHP Remote File Include Vulnerability
BugTraq ID: 24496
Remote: Yes
Last Updated: 2007-06-18
Relevant URL: http://www.securityfocus.com/bid/24496
Summary:
phpMyInventory is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied input.

Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible.

This issue affects phpMyInventory 2.8; earlier versions may also be vulnerable.

91. Freetype TT_Load_Simple_Glyph() TTF File Integer Overflow Vulnerability
BugTraq ID: 24074
Remote: Yes
Last Updated: 2007-06-18
Relevant URL: http://www.securityfocus.com/bid/24074
Summary:
FreeType is prone to an integer-overflow vulnerability because it fails to properly validate TTF files.

An attacker may exploit this issue by enticing victims into opening maliciously crafted TTF Files.

Successful exploits will allow attackers to execute arbitrary code in the context in the context of applications that use the affected library. Failed exploit attempts will likely result in denial-of-service conditions.

This issue affects FreeType 2.3.4 and prior versions.

92. Linux Kernel BINFMT_ELF PT_INTERP Local Information Disclosure Vulnerability
BugTraq ID: 22903
Remote: No
Last Updated: 2007-06-18
Relevant URL: http://www.securityfocus.com/bid/22903
Summary:
The Linux kernel is prone to a vulnerability in the Linux ELF binary loader. Exploiting this issue can allow local attackers to gain access to privileged information.

An attacker may be able to obtain sensitive data that can potentially be used to gain elevated privileges.

This issue is a variant of the vulnerability assigned CVE candidate ID CAN-2004-1073, which is documented in BID 11646.

Linux Kernel versions in the 2.6.0 branch prior to 2.6.20 are vulnerable; versions in the 2.4.0 branch may also be affected.

93. Linux Kernel AppleTalk ATalk_Sum_SKB Function Denial Of Service Vulnerability
BugTraq ID: 23376
Remote: Yes
Last Updated: 2007-06-18
Relevant URL: http://www.securityfocus.com/bid/23376
Summary:
The Linux kernel is prone to a denial-of-service vulnerability. This issue presents itself when malformed AppleTalk frames are processed.

An attacker can exploit this issue to crash host computers, effectively denying service to legitimate users.

Versions prior to 2.6.20.5 are vulnerable.

94. Linux Kernel Dev_Queue_XMIT Local Denial of Service Vulnerability
BugTraq ID: 22317
Remote: No
Last Updated: 2007-06-18
Relevant URL: http://www.securityfocus.com/bid/22317
Summary:
The Linux Kernel is prone to a denial-of-service vulnerability.

A local attacker can exploit this issue to corrupt data and cause the kernel to become unresponsive, denying further service to legitimate users.

95. Linux Kernel Bluetooth CAPI Packet Remote Buffer Overflow Vulnerability
BugTraq ID: 21604
Remote: Yes
Last Updated: 2007-06-18
Relevant URL: http://www.securityfocus.com/bid/21604
Summary:
The Linux kernel is prone to a remote buffer-overflow vulnerability because the kernel fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.

An attacker may exploit this issue to execute arbitrary code with kernel-level privileges, facilitating the complete compromise of affected computers. Failed exploit attempts will result in denial-of-service conditions.

Versions prior to 2.4.33.5 are vulnerable to this issue.

96. Linux Kernel IPv6 TCP Sockets Local Denial of Service Vulnerability
BugTraq ID: 23104
Remote: No
Last Updated: 2007-06-18
Relevant URL: http://www.securityfocus.com/bid/23104
Summary:
The Linux kernel is prone to a denial-of-service vulnerability.

Exploiting this issue allows local attackers to cause the kernel to crash, effectively denying service to legitimate users. Attackers may also be able to execute arbitrary code with elevated privileges, but this has not been confirmed.

This issue affects the Linux kernel 2.6 series.

97. Linux Kernel AIO_Setup_Ring Local Denial of Service Vulnerability
BugTraq ID: 22193
Remote: No
Last Updated: 2007-06-18
Relevant URL: http://www.securityfocus.com/bid/22193
Summary:
The Linux kernel is prone to a local denial-of-service vulnerability because the kernel fails to properly initialize a variable.

Exploiting this issue allows local attackers to cause kernel crashes, denying service to legitimate users.

98. Linux Kernel ISO9660 Denial of Service Vulnerability
BugTraq ID: 20920
Remote: No
Last Updated: 2007-06-18
Relevant URL: http://www.securityfocus.com/bid/20920
Summary:
The Linux kernel is prone to a local denial-of-service vulnerability. This issue affects the code that handles the ISO9660 filesystem.

An attacker can exploit this issue to crash the affected computer, denying service to legitimate users.

99. Linux Kernel ListXATTR Local Denial of Service Vulnerability
BugTraq ID: 22316
Remote: No
Last Updated: 2007-06-18
Relevant URL: http://www.securityfocus.com/bid/22316
Summary:
The Linux Kernel is prone to a denial-of-service vulnerability.

Successful exploits will result in denial-of-service conditions or potentially privilege escalation.

100. Linux Kernel UnMap_HugePage_Area Local Denial of Service Vulnerability
BugTraq ID: 20362
Remote: No
Last Updated: 2007-06-18
Relevant URL: http://www.securityfocus.com/bid/20362
Summary:
The Linux kernel is prone to a local denial-of-service vulnerability because the kernel fails to properly handle unexpected errors.

Exploiting this issue allows local, unprivileged attackers to cause kernel crashes, denying service to legitimate users.

Linux kernel versions 2.6.0 through 2.6.12 are vulnerable to this issue.

III. SECURITYFOCUS NEWS ARTICLES
--------------------------------
1. Group: Anti-hacking laws can hobble Net security
By: Robert Lemos
A working group of security researchers, digital-rights activists and government prosecutors discuss whether bug hunters can find vulnerabilities in Web sites without violating laws.
http://www.securityfocus.com/news/11470

2. Judge nixes teacher's conviction on porn pop-ups
By: Robert Lemos
A Connecticut judge grants a new trial for substitute teacher Julie Amero, saying that forensics information discovered after her conviction has direct bearing on her case.
http://www.securityfocus.com/news/11469

3. Zero-day sales not "fair" -- to researchers
By: Robert Lemos
A security analyst tries his hand at selling two vulnerabilities and finds that economics and time are against him.
http://www.securityfocus.com/news/11468

4. Insecure plug-ins pose danger to Firefox users
By: Robert Lemos
A security researcher warns that an insecure update mechanism for some of the open-source browser's third-party add-ons could allow an attacker the ability to install malicious code.
http://www.securityfocus.com/news/11467

IV. SECURITY JOBS LIST SUMMARY
-------------------------------
V. INCIDENTS LIST SUMMARY
---------------------------
1. Suspicious files in /tmp
http://www.securityfocus.com/archive/75/471627

2. send to MAC A, reply from MAC B, same IP. Whats going on ?
http://www.securityfocus.com/archive/75/471263

VI. VULN-DEV RESEARCH LIST SUMMARY
-----------------------------------
1. CFP: 3rd European Conference on Computer Network Defense (EC2ND) in Crete, Greece
http://www.securityfocus.com/archive/82/471677

2. Static Code Analysis - Nuts and Bolts
http://www.securityfocus.com/archive/82/471253

VII. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. SecurityFocus Microsoft Newsletter #346
http://www.securityfocus.com/archive/88/471449

VIII. SUN FOCUS LIST SUMMARY
----------------------------
IX. LINUX FOCUS LIST SUMMARY
----------------------------
X. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to sf-news-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.

XI. SPONSOR INFORMATION
------------------------
This Issue is Sponsored by: VeriSign

http://clk.atdmt.com/SFI/go/srv0890000047sfi/direct/01/

News

Tuesday, June 19, 2007

SecurityFocus Newsletter #406

No comments:

WINDOWS CENTER

Blog Archive