WINDOWS CENTER: SecurityFocus Newsletter #413

SecurityFocus Newsletter #413
----------------------------------------

This Issue is Sponsored by: Watchfire

As web applications become increasingly complex, tremendous amounts of sensitive data - including personal, medical and financial information - are exchanged, and stored. This paper examines a few vulnerability detection methods - specifically comparing and contrasting manual penetration testing with automated scanning tools. Download Watchfire's "Web Application Security: Automated Scanning or Manual Penetration Testing?" whitepaper today!

https://www.watchfire.com/securearea/whitepapers.aspx?id=701700000008yka

SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1. Delete This!
2. Security conferences versus practical knowledge
II. BUGTRAQ SUMMARY
1. McNews Header.PHP Arbitrary File Include Vulnerability
2. Beautifier Core.PHP Remote File Include Vulnerability
3. PHP MSQL_Connect Buffer Overflow Vulnerability
4. Baidu Soba Search Bar BaiduBar.DLL ActiveX Control Remote Code Execution Vulnerability
5. Business Objects Crystal Reports XI Professional File Handling Buffer Overflow Vulnerability
6. Dersimiz Haber Ekleme Modulu Yorumkaydet.ASP Multiple HTML Injection Vulnerabilities
7. NcasterCMS Archive.PHP Remote File Include Vulnerability
8. Microsoft August 2007 Advance Notification Multiple Vulnerabilities
9. Cisco IOS and Unified Communications Manager Multiple Voice Vulnerabilities
10. Cisco IOS Secure Copy Security Bypass Vulnerability
11. Cisco Unified MeetingPlace Web Conference Multiple Cross Site Scripting Vulnerabilities
12. Microsoft Windows Media Player AU Divide-By-Zero Denial of Service Vulnerability
13. S9Y Serendipity Entries Plugin Security Bypass Vulnerability
14. ZiyaretÃ§i Defteri Save.ASP Multiple HTML Injection Vulnerabilities
15. Asterisk Skinny Channel Driver Remote Denial of Service Vulnerability
16. Sun Solaris IP Implementation Remote Denial of Service Vulnerability
17. ISC BIND 9 Remote Cache Poisoning Vulnerability
18. KnowledgeTree Open Source Multiple Unspecified Cross-Site Scripting Vulnerabilities
19. FrontAccounting Config.PHP Remote File Include Vulnerability
20. Hewlett Packard HP-UX LDCCONN Remote Buffer Overflow Vulnerability
21. Help Center Live Administration Multiple Security Bypass Vulnerabilities
22. VietPHP Multiple Remote File Include Vulnerabilities
23. CreAr.de PHPNews Change_Action.PHP Remote File Include Vulnerability
24. Apple Mac OS X 2007-007 Multiple Security Vulnerabilities
25. KDE Konqueror SetInterval Function Address Bar URI Spoofing Vulnerability
26. Bochs Buffer Overflow and Denial Of Service Vulnerabilities
27. KDE Konqueror KHTML Library Title Cross Site Scripting Vulnerability
28. IMlib2 Library Multiple Arbitrary Code Execution Vulnerabilities
29. tcpdump Print-bgp.C Remote Integer Underflow Vulnerability
30. WinGate SMTP Session Invalid State Remote Denial Of Service Vulnerability
31. OpenAds Lib-RemoteHost.INC.PHP Remote File Include Vulnerability
32. Haudenschilt Family Connections Index.PHP Authentication Bypass Vulnerability
33. Php-Stats WhoIs.PHP Cross-Site Scripting Vulnerability
34. Lib2 PHP Library My_Statistics.PHP Remote File Include Vulnerability
35. IBM AT Command Local Buffer Overflow Vulnerability
36. IBM AIX Fileplace Command Buffer Overflow Vulnerabilities
37. phpMyAdmin Multiple Cross-Site Scripting Vulnerabilities
38. IBM AIX Configuration Commands Multiple Buffer Overflow Vulnerabilities
39. XPDF JPX Stream Reader Remote Heap Buffer Overflow Vulnerability
40. XPDF StreamPredictor Remote Heap Buffer Overflow Vulnerability
41. XPDF DCTStream Progressive Remote Heap Buffer Overflow Vulnerability
42. XPDF DCTStream Baseline Remote Heap Buffer Overflow Vulnerability
43. KDE KPDF/KWord/XPDF StreamPredictor Function Stack Buffer Overflow Vulnerability
44. CUPS Partial SSL Connection Remote Denial of Service Vulnerability
45. AMD ATI ATIDSMXX.SYS Driver Local Privilege Escalation Vulnerability
46. Storesprite Next Parameter Multiple Cross-Site Scripting Vulnerabilities
47. Mozilla Firefox/Thunderbird/SeaMonkey Chrome-Loaded About:Blank Script Execution Vulnerability
48. Multiple Browser URI Handlers Command Injection Vulnerabilities
49. Xine M3U Remote Format String Vulnerability
50. Xine Errors.C Remote Format String Vulnerability
51. TCPDump IEEE802.11 printer Remote Buffer Overflow Vulnerability
52. File Multiple Denial of Service Vulnerabilities
53. OpenSSL Montgomery Exponentiation Side-Channel Local Information Disclosure Vulnerability
54. GD Graphics Library Multiple Vulnerabilities
55. Mutt Mutt_Gecos_Name Function Local Buffer Overflow Vulnerability
56. APOP Protocol Insecure MD5 Hash Weakness
57. Linux Kernel i965 Chipsets Insecure Batchbuffer Local Privilege Escalation Vulnerability
58. ZyXEL ZyWALL 2 Multiple Remote Vulnerabilities
59. WebCart Multiple Unspecified Cross-Site Scripting Vulnerabilities
60. X.Org XDM XSession Script Race Condition Vulnerability
61. PHP SNMPGet Function Local Buffer Overflow Vulnerability
62. Adobe ActionScript SecurityErrorEvent Security Bypass Vulnerability
63. CerbNG Multiple System Call Wrappers Concurrency Vulnerabilities
64. GD Graphics Library PNG File Processing Denial of Service Vulnerability
65. Multiple Vendors RAR Handling Remote Null Pointer Dereference Vulnerability
66. Systrace Multiple System Call Wrappers Concurrency Vulnerabilities
67. Hewlett-Packard OpenView OVTrace Multiple Remote Buffer Overflow Vulnerabilities
68. Mapos-Scripts.de File Uploader Multiple Remote File Include Vulnerabilities
69. BlueCat Networks Adonis TFTP Remote Privilege Escalation Vulnerability
70. Php Blue Dragon Multiple Input Validation Vulnerabilities
71. Mapos-Scripts.de WebNews Multiple Remote File Include Vulnerabilities
72. GSWTK Multiple System Call Wrappers Concurrency Vulnerabilities
73. Mapos-Scripts.de Bilder Galerie Index.PHP Remote File Include Vulnerability
74. Mapos-Scripts.de Gastebuch Index.PHP Remote File Include Vulnerability
75. Mapos-Scripts.de Shoutbox Shoutbox.PHP Remote File Include Vulnerability
76. Borland InterBase IBServer.EXE Remote Stack Based Buffer Overflow Vulnerability
77. ASSP ASSP.PL Unspecified Vulnerability
78. PhpHostBot Login.PHP Remote File Include Vulnerability
79. CISCO IOS NHRP Remote Buffer Overflow Vulnerability
80. Symantec Norton Products NAVCOMUI.DLL ActiveX Control Remote Code Execution Vulnerability
81. SAS Hotel Management System Admin.ASP Multiple SQL Injection Vulnerabilities
82. Linux Kernel CIFS Local Security Bypass Weakness
83. FSPLIB Library Multiple Remote Vulnerabilities
84. Linux Kernel IPv6 TCP Sockets Local Denial of Service Vulnerability
85. Linux Kernel CapiUtil.c Buffer Overflow Vulnerability
86. Linux Kernel L2CAP and HCI Setsockopt Memory Leak Information Disclosure Vulnerability
87. GNOME Display Manager G_Strsplit Function Local Denial Of Service Vulnerability
88. Sun JavaDoc Tool Cross-Site Scripting Vulnerability
89. Sun Java Web Start Unauthorized Access Vulnerability
90. Sun JDK JPG/BMP Parser Multiple Vulnerabilities
91. Sun Java Runtime Environment WebStart JNLP File Stack Buffer Overflw Vulnerability
92. Sun Java Runtime Environment Network Access Restriction Security Bypass Vulnerability
93. FreeBSD LibArchive Multiple Remote Vulnerabilities
94. Retired: C-SAM OneWallet Forget Password Cross-Site Scripting Vulnerability
95. Xvid Avi MBCoding.C Remote Code Execution Vulnerability
96. Opera Web Browser Running Adobe Flash Player Information Disclosure Vulnerability
97. Adobe Flash Player SWF File Handling Remote Code Execution Vulnerability
98. Coppermine Photo Gallery YABBSE.INC.PHP Remote File Include Vulnerability
99. TIBCO Rendezvous RVD Daemon Remote Denial Of Service Vulnerabilities
100. Novell Client NWSPOOL.DLL Unspecified Buffer Overflow Vulnerability
III. SECURITYFOCUS NEWS
1. Retro attack gets new life, worries browser makers
2. Teaching hacking helps students, professors say
3. Will the iPhone be iPwned?
4. Firm finds new danger in dangling pointers
IV. SECURITY JOBS LIST SUMMARY
V. INCIDENTS LIST SUMMARY
VI. VULN-DEV RESEARCH LIST SUMMARY
VII. MICROSOFT FOCUS LIST SUMMARY
VIII. SUN FOCUS LIST SUMMARY
1. SSHD with Secured authentication, using RSA PAM client
IX. LINUX FOCUS LIST SUMMARY
X. UNSUBSCRIBE INSTRUCTIONS
XI. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1. Delete This!
By Mark Rasch
A series of legal events means that companies that have no business reason to retain documents or records may be compelled to create and retain such records just so they can become available for discovery.
http://www.securityfocus.com/columnists/450

2. Security conferences versus practical knowledge
By Don Parker
While the training industry as a whole has evolved rather well to suit the needs of their clients, the computer conference - specifically the computer security conference - has declined in relevance to the everyday sys-admin and network security practitioners.
http://www.securityfocus.com/columnists/449

II. BUGTRAQ SUMMARY
--------------------
1. McNews Header.PHP Arbitrary File Include Vulnerability
BugTraq ID: 12776
Remote: Yes
Last Updated: 2007-08-11
Relevant URL: http://www.securityfocus.com/bid/12776
Summary:
mcNews is reportedly affected by a remote file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.

This issue is reported to affect mcNews version 1.3; earlier versions may also be affected.

2. Beautifier Core.PHP Remote File Include Vulnerability
BugTraq ID: 19873
Remote: Yes
Last Updated: 2007-08-11
Relevant URL: http://www.securityfocus.com/bid/19873
Summary:
Beautifier is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input.

An attacker can exploit this issue to include an arbitrary remote file containing malicious PHP code and execute it in the context of the webserver process. This may allow the attacker to compromise the application and the underlying system; other attacks are also possible.

This issue affects version 0.1; other versions may also be vulnerable.

3. PHP MSQL_Connect Buffer Overflow Vulnerability
BugTraq ID: 25213
Remote: No
Last Updated: 2007-08-09
Relevant URL: http://www.securityfocus.com/bid/25213
Summary:
PHP is prone to a buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input.

Attackers may be able to execute arbitrary machine code in the context of the affected application. Failed exploit attempts will likely result in a denial-of-service condition.

This issue affects PHP 5.2.3; other versions may also be affected.

4. Baidu Soba Search Bar BaiduBar.DLL ActiveX Control Remote Code Execution Vulnerability
BugTraq ID: 25121
Remote: Yes
Last Updated: 2007-08-09
Relevant URL: http://www.securityfocus.com/bid/25121
Summary:
An ActiveX control installed with Baidu Soba search bar is prone to a remote code-execution vulnerability.

An attacker can exploit this issue to execute hostile code on a victim's computer in the context of the vulnerable application using the ActiveX control (typically Internet Explorer). Successful exploits will allow attackers to execute arbitrary code with the privileges of the affected user; other consequences are possible.

This issue affects Baidu Soba 5.4; other versions may also be affected.

5. Business Objects Crystal Reports XI Professional File Handling Buffer Overflow Vulnerability
BugTraq ID: 21261
Remote: Yes
Last Updated: 2007-08-09
Relevant URL: http://www.securityfocus.com/bid/21261
Summary:
Business Objects Crystal Reports XI Professional is prone to a buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer.

An atacker may exploit this issue by enticing a victim user into opening a malicious document file, resulting in the execution of arbitrary code with privileges of the vulnerable application. Failed exploit attemtps will likely result in denial-of-service conditions.

6. Dersimiz Haber Ekleme Modulu Yorumkaydet.ASP Multiple HTML Injection Vulnerabilities
BugTraq ID: 25250
Remote: Yes
Last Updated: 2007-08-09
Relevant URL: http://www.securityfocus.com/bid/25250
Summary:
Dersimiz Haber Ekleme Modulu is prone to multiple HTML-injection vulnerabilities because it fails to sufficiently sanitize user-supplied input.

Exploiting these issues may allow an attacker to execute HTML and script code in the context of the affected site, to steal cookie-based authentication credentials, or to control how the site is rendered to the user; other attacks are also possible.

7. NcasterCMS Archive.PHP Remote File Include Vulnerability
BugTraq ID: 25248
Remote: Yes
Last Updated: 2007-08-09
Relevant URL: http://www.securityfocus.com/bid/25248
Summary:
NcasterCMS is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data.

Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible.

NcasterCMS 1.7.2 is vulnerable; other versions may also be affected.

8. Microsoft August 2007 Advance Notification Multiple Vulnerabilities
BugTraq ID: 25247
Remote: Yes
Last Updated: 2007-08-09
Relevant URL: http://www.securityfocus.com/bid/25247
Summary:
Microsoft has released advance notification that the vendor will be releasing nine security bulletins on August 14, 2007. The highest severity rating for these issues is 'Critical'.

Successful exploits can result in privilege escalation and remote code execution.

Further details about these issues are not currently available. Individual BIDs will be created for each issue; this record will be removed when the security bulletins are released.

9. Cisco IOS and Unified Communications Manager Multiple Voice Vulnerabilities
BugTraq ID: 25239
Remote: Yes
Last Updated: 2007-08-08
Relevant URL: http://www.securityfocus.com/bid/25239
Summary:
Cisco IOS and Unified Communications Manager are prone to multiple denial-of-service and code-execution vulnerabilities.

These issues pertain to the following protocols or features:

Session Initiation Protocol (SIP)
Media Gateway Control Protocol (MGCP)
Signaling protocols H.323, H.254
Real-time Transport Protocol (RTP)
Facsimile reception

A remote attacker can exploit these issues to execute arbitrary code or cause denial-of-service conditions.

10. Cisco IOS Secure Copy Security Bypass Vulnerability
BugTraq ID: 25240
Remote: Yes
Last Updated: 2007-08-08
Relevant URL: http://www.securityfocus.com/bid/25240
Summary:
Cisco IOS secure copy server is prone to a remote security-bypass vulnerability because the application fails to properly validate user privileges during a secure copy.

Exploiting this issue allows remote attackers to retrieve, write, or overwrite arbitrary files on the device's filesystem, including configuration and password files. Successful exploits will result in a complete compromise of affected devices.

This issue affects Cisco 12.2-based IOS with the secure copy server feature enabled. This feature is not enabled by default.

This issue is being tracked by Cisco Bug ID CSCsc19259.

11. Cisco Unified MeetingPlace Web Conference Multiple Cross Site Scripting Vulnerabilities
BugTraq ID: 25237
Remote: Yes
Last Updated: 2007-08-08
Relevant URL: http://www.securityfocus.com/bid/25237
Summary:
Cisco Unified MeetingPlace Web Conference is prone to multiple cross-site scripting vulnerabilities because the application fails to sufficiently sanitize user-supplied data.

Exploiting this issue may help the attacker steal cookie-based authentication credentials and launch other attacks.

These issues are being monitored by Cisco bug ID CSCsi33940.

12. Microsoft Windows Media Player AU Divide-By-Zero Denial of Service Vulnerability
BugTraq ID: 25236
Remote: Yes
Last Updated: 2007-08-08
Relevant URL: http://www.securityfocus.com/bid/25236
Summary:
Microsoft Windows Media Player is prone to a denial-of-service vulnerability when processing a malformed AU file.

A remote attacker can exploit this issue to crash the affected application, denying service to legitimate users.

This issue affects Microsoft Windows Media Player 11; other versions may also be affected.

13. S9Y Serendipity Entries Plugin Security Bypass Vulnerability
BugTraq ID: 25235
Remote: Yes
Last Updated: 2007-08-08
Relevant URL: http://www.securityfocus.com/bid/25235
Summary:
S9Y Serendipity is prone to a security-bypass vulnerability.

An attacker can exploit this issue to change property settings of entries via HTTP requests and perform unauthorized actions.

Versions prior to S9Y Serendipity 1.1.4 and 1.2-Beta5 are reported vulnerable.

NOTE: This issue affects only applications that use the extended properties for the Entries plugin.

14. ZiyaretÃ§i Defteri Save.ASP Multiple HTML Injection Vulnerabilities
BugTraq ID: 25233
Remote: Yes
Last Updated: 2007-08-08
Relevant URL: http://www.securityfocus.com/bid/25233
Summary:
ZiyaretÃ§i Defteri is prone to multiple HTML-injection vulnerabilities because it fails to sufficiently sanitize user-supplied input data.

ZiyaretÃ§i Defteri 1.0 is vulnerable; other versions may also be affected.

15. Asterisk Skinny Channel Driver Remote Denial of Service Vulnerability
BugTraq ID: 25228
Remote: Yes
Last Updated: 2007-08-08
Relevant URL: http://www.securityfocus.com/bid/25228
Summary:
Asterisk is prone to a remote denial-of-service vulnerability because the application fails to properly handle certain specially crafted packets.

Exploiting this issue allows remote attackers to cause the application to crash, effectively denying service to legitimate users.

These versions are vulnerable:

Asterisk Open Source prior to 1.4.10
AsteriskNOW pre-release prior to beta7
Asterisk Appliance Developer Kit prior to 0.7.0
Asterisk s800i (Asterisk Appliance) prior to 1.0.3

16. Sun Solaris IP Implementation Remote Denial of Service Vulnerability
BugTraq ID: 23468
Remote: Yes
Last Updated: 2007-08-08
Relevant URL: http://www.securityfocus.com/bid/23468
Summary:
Sun Solaris is prone to a local and remote denial-of-service vulnerability because the software fails to handle exceptional conditions.

An attacker can exploit this issue to exhaust CPU resources and cause a denial-of-service condition against network services provided by the system or local services.

This issue affects Solaris 8 and Solaris 9.

17. ISC BIND 9 Remote Cache Poisoning Vulnerability
BugTraq ID: 25037
Remote: Yes
Last Updated: 2007-08-08
Relevant URL: http://www.securityfocus.com/bid/25037
Summary:
BIND 9 is prone to a remote cache-poisoning vulnerability because of a weakness in its random number generator.

An attacker may leverage this issue to manipulate cache data, potentially facilitating man-in-the-middle, site-impersonation, or denial-of-service attacks.

Versions up to BIND 9.4.1 are vulnerable to this issue.

18. KnowledgeTree Open Source Multiple Unspecified Cross-Site Scripting Vulnerabilities
BugTraq ID: 25231
Remote: Yes
Last Updated: 2007-08-08
Relevant URL: http://www.securityfocus.com/bid/25231
Summary:
KnowledgeTree Open Source is prone to multiple unspecified cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

Versions prior to KnowledgeTree Open Source 3.4.2 are vulnerable.

19. FrontAccounting Config.PHP Remote File Include Vulnerability
BugTraq ID: 25229
Remote: Yes
Last Updated: 2007-08-08
Relevant URL: http://www.securityfocus.com/bid/25229
Summary:
FrontAccounting is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data.

Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible.

FrontAccounting 1.12 is reported vulnerable; other versions may also be affected.

20. Hewlett Packard HP-UX LDCCONN Remote Buffer Overflow Vulnerability
BugTraq ID: 25227
Remote: Yes
Last Updated: 2007-08-08
Relevant URL: http://www.securityfocus.com/bid/25227
Summary:
HP-UX is prone to a remote buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input.

An attacker can exploit this issue to execute arbitrary code with superuser privileges. Successful attacks will completely compromise affected computers.

HP-UX 11.11i is vulnerable; other versions may also be affected.

21. Help Center Live Administration Multiple Security Bypass Vulnerabilities
BugTraq ID: 25225
Remote: Yes
Last Updated: 2007-08-08
Relevant URL: http://www.securityfocus.com/bid/25225
Summary:
Help Center Live is prone to multiple security-bypass vulnerabilities because the application fails to properly restrict administrative pages from unprivileged users.

Successful exploits will allow attackers to gain access to administrative functionality and compromise a vulnerable application.

Help Center Live 2.1.3a is reported vulnerable; other versions may also be affected.

22. VietPHP Multiple Remote File Include Vulnerabilities
BugTraq ID: 25226
Remote: Yes
Last Updated: 2007-08-08
Relevant URL: http://www.securityfocus.com/bid/25226
Summary:
VietPHP is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data.

Exploiting these issues may allow an attacker to compromise the application and the underlying system; other attacks are also possible.

23. CreAr.de PHPNews Change_Action.PHP Remote File Include Vulnerability
BugTraq ID: 25223
Remote: Yes
Last Updated: 2007-08-08
Relevant URL: http://www.securityfocus.com/bid/25223
Summary:
CreAr.de PHPNews is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data.

Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible.

PHPNews 0.93 is vulnerable; other versions may also be affected.

24. Apple Mac OS X 2007-007 Multiple Security Vulnerabilities
BugTraq ID: 25159
Remote: Yes
Last Updated: 2007-08-08
Relevant URL: http://www.securityfocus.com/bid/25159
Summary:
Apple Mac OS X is prone to multiple security vulnerabilities.

These issues affect Mac OS X and various applications, including CFNetwork, CoreAudio, iChat, mDNSResponder, PDFKit, Quartz Composer, Samba, and WebCore.

Attackers may exploit these issues to execute arbitrary code, trigger denial-of-service conditions, escalate privileges, and potentially compromise vulnerable computers.

Apple Mac OS X 10.4.10 and prior versions are vulnerable to these issues.

25. KDE Konqueror SetInterval Function Address Bar URI Spoofing Vulnerability
BugTraq ID: 25219
Remote: Yes
Last Updated: 2007-08-08
Relevant URL: http://www.securityfocus.com/bid/25219
Summary:
KDE Konqueror is affected by a URI-spoofing vulnerability because it fails to sufficiently sanitize user-supplied input.

An attacker can exploit this issue to display arbitrary content while displaying the URL of a trusted website in the address bar. This may lead to a false sense of trust because the victim may be presented with a source URI of a trusted site while interacting with the attacker's malicious site.

Konqueror 3.5.7 is vulnerable; other versions may also be affected.

26. Bochs Buffer Overflow and Denial Of Service Vulnerabilities
BugTraq ID: 24246
Remote: No
Last Updated: 2007-08-08
Relevant URL: http://www.securityfocus.com/bid/24246
Summary:
Bochs is prone to a heap-based buffer-overflow issue and a denial-of-service issue. The buffer-overflow issue occurs because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized memory buffer. The denial-of-service vulnerability is caused by a divide-by-zero operation.

A local attacker can exploit these issues to execute arbitrary code in the context of the affected application or to cause denial-of-service conditions. Failed exploit attempts of the buffer-overflow vulnerability will also result in denial-of-service conditions.

27. KDE Konqueror KHTML Library Title Cross Site Scripting Vulnerability
BugTraq ID: 22428
Remote: Yes
Last Updated: 2007-08-11
Relevant URL: http://www.securityfocus.com/bid/22428
Summary:
Konquerer is prone to a cross-site scripting vulnerability because the application fails to sufficiently sanitize user-supplied data.

Exploiting this issue may help the attacker steal cookie-based authentication credentials and launch other attacks.

All versions of KDE up to and including KDE 3.5.6 are vulnerable to this issue. Apple Safari web browser is also vulnerable to this issue.

28. IMlib2 Library Multiple Arbitrary Code Execution Vulnerabilities
BugTraq ID: 20903
Remote: Yes
Last Updated: 2007-08-11
Relevant URL: http://www.securityfocus.com/bid/20903
Summary:
The imlib2 library is prone to arbitrary code-execution vulnerabilities.

An attacker can exploit these issues to execute arbitrary machine code with the privileges of the currently logged-in user.

29. tcpdump Print-bgp.C Remote Integer Underflow Vulnerability
BugTraq ID: 24965
Remote: Yes
Last Updated: 2007-08-11
Relevant URL: http://www.securityfocus.com/bid/24965
Summary:
The 'tcpdump' utility is prone to an integer-underflow vulnerability because it fails to bounds-check user-supplied input before copying it into an insufficiently sized memory buffer.

An attacker can exploit this issue to execute arbitrary malicious code in the context of the user running the affected application. Failed exploit attempts will likely crash the affected application.

This issue affects tcpdump 3.9.6 and prior versions.

30. WinGate SMTP Session Invalid State Remote Denial Of Service Vulnerability
BugTraq ID: 25272
Remote: Yes
Last Updated: 2007-08-11
Relevant URL: http://www.securityfocus.com/bid/25272
Summary:
WinGate is prone to a denial-of-service vulnerability because the application fails to sanitize user-supplied input before including it in the format-specifier argument of a formatted-printing function.

An attacker can exploit this issue to crash the affected application, denying service to legitimate users.

This issue affects versions prior to WinGate 6.2.2.

31. OpenAds Lib-RemoteHost.INC.PHP Remote File Include Vulnerability
BugTraq ID: 25277
Remote: Yes
Last Updated: 2007-08-11
Relevant URL: http://www.securityfocus.com/bid/25277
Summary:
OpenAds is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data.

Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible.

OpenAds versions 2.0.11 and prior are vulnerable.

32. Haudenschilt Family Connections Index.PHP Authentication Bypass Vulnerability
BugTraq ID: 25276
Remote: Yes
Last Updated: 2007-08-11
Relevant URL: http://www.securityfocus.com/bid/25276
Summary:
Haudenschilt Family Connections is prone to an authentication-bypass vulnerability.

Attackers can exploit this issue to gain unauthorized access. This may facilitate a compromise of the application and underlying webserver; other attacks are also possible.

Family Connections 0.1.1 is vulnerable; other versions may also be affected.

33. Php-Stats WhoIs.PHP Cross-Site Scripting Vulnerability
BugTraq ID: 25275
Remote: Yes
Last Updated: 2007-08-11
Relevant URL: http://www.securityfocus.com/bid/25275
Summary:
Php-Stats is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

Php-Stats version 0.1.9.2 is vulnerable; other versions may also be affected.

34. Lib2 PHP Library My_Statistics.PHP Remote File Include Vulnerability
BugTraq ID: 25274
Remote: Yes
Last Updated: 2007-08-11
Relevant URL: http://www.securityfocus.com/bid/25274
Summary:
Lib2 PHP Library is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data.

Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible.

Lib2 PHP Library version 0.2 is vulnerable; other versions may also be affected.

35. IBM AT Command Local Buffer Overflow Vulnerability
BugTraq ID: 25273
Remote: No
Last Updated: 2007-08-10
Relevant URL: http://www.securityfocus.com/bid/25273
Summary:
IBM AIX is prone to a local buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input.

Attackers can exploit this issue to execute arbitrary code using superuser privileges. Successful exploits will completely compromise affected computers. Failed exploit attempts will result in a denial of service.

This issue affects AIX 5.3.0.0 through 5.3.0.60.

36. IBM AIX Fileplace Command Buffer Overflow Vulnerabilities
BugTraq ID: 25271
Remote: No
Last Updated: 2007-08-10
Relevant URL: http://www.securityfocus.com/bid/25271
Summary:
IBM AIX is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input.

An attacker can exploit this issue to execute arbitrary code using superuser privileges. Successful exploits will completely compromise affected computers. Failed exploit attempts will result in a denial of service.

These versions are affected:

AIX 5.2.0.85 through 5.2.0.105
AIX 5.3.0.40 through 5.3.0.61

37. phpMyAdmin Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 25268
Remote: Yes
Last Updated: 2007-08-10
Relevant URL: http://www.securityfocus.com/bid/25268
Summary:
phpMyAdmin is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.

38. IBM AIX Configuration Commands Multiple Buffer Overflow Vulnerabilities
BugTraq ID: 25270
Remote: No
Last Updated: 2007-08-10
Relevant URL: http://www.securityfocus.com/bid/25270
Summary:
IBM AIX is prone to multiple buffer-overflow vulnerabilities because it fails to perform adequate boundary checks on user-supplied input.

Attackers who have 'system' group privileges can exploit these issues to execute arbitrary code using superuser privileges. Successful exploits will completely compromise affected computers. Failed exploit attempts will result in a denial of service.

These versions are affected:

AIX 5.2.0.85 through 5.2.0.105
AIX 5.3.0.40 through 5.3.0.61

39. XPDF JPX Stream Reader Remote Heap Buffer Overflow Vulnerability
BugTraq ID: 15721
Remote: Yes
Last Updated: 2007-08-10
Relevant URL: http://www.securityfocus.com/bid/15721
Summary:
The 'xpdf' utility is reported prone to a remote buffer-overflow vulnerability. This issue exists because the application fails to perform proper boundary checks before copying user-supplied data into process buffers. A remote attacker may execute arbitrary code in the context of a user running the application. As a result, the attacker can gain unauthorized access to the vulnerable computer.

Reportedly, this issue presents itself in the 'JPXStream::readCodestream' function residing in the 'xpdf/JPXStream.cc' file.

This issue is reported to affect xpdf 3.01, but earlier versions are likely prone to this vulnerability as well. Applications using embedded xpdf code may also be vulnerable.

The 'kpdf' utility reportedly incorporates vulnerable xpdf code. Version 0.5 of kpdf is prone to this issue, but other versions may also be affected.

40. XPDF StreamPredictor Remote Heap Buffer Overflow Vulnerability
BugTraq ID: 15725
Remote: Yes
Last Updated: 2007-08-10
Relevant URL: http://www.securityfocus.com/bid/15725
Summary:
The 'xpdf' viewer is reported prone to a remote buffer-overflow vulnerability. This issue exists because the application fails to perform proper boundary checks before copying user-supplied data into process buffers. A remote attacker may execute arbitrary code in the context of a user running the application. As a result, the attacker can gain unauthorized access to the vulnerable computer.

This issue is reported to present itself in the 'StreamPredictor::StreamPredictor' function residing in the 'xpdf/Stream.cc' file.

This issue is reported to affect xpdf 3.01, but earlier versions are likely prone to this vulnerability as well. Applications using embedded xpdf code may also be vulnerable.

The 'pdftohtml' utility also includes vulnerable versions of xpdf. This issue affects pdftohtml 0.36; earlier versions may also be affected.

The 'kpdf' viewer reportedly incorporates vulnerable xpdf code. This issue affects kpdf 0.5; other versions may also be affected.

41. XPDF DCTStream Progressive Remote Heap Buffer Overflow Vulnerability
BugTraq ID: 15726
Remote: Yes
Last Updated: 2007-08-10
Relevant URL: http://www.securityfocus.com/bid/15726
Summary:
The 'xpdf' utility is reported prone to a remote buffer-overflow vulnerability. This issue exists because the application fails to perform proper boundary checks before copying user-supplied data into process buffers. A remote attacker may execute arbitrary code in the context of a user running the application. As a result, the attacker can gain unauthorized access to the vulnerable computer.

Reportedly, this issue presents itself in the 'DCTStream::readProgressiveSOF' function residing in the 'xpdf/Stream.cc' file.

This issue is reported to affect xpdf 3.01, but earlier versions are likely vulnerable as well. Applications using embedded xpdf code may also be vulnerable.

The 'pdftohtml' utility also includes vulnerable versions of xpdf. This issue affects pdftohtml 0.36; earlier versions may also be affected.

Th 'kpdf' utility reportedly incorporates vulnerable xpdf code. This issue affects kpdf 0.5; other versions may also be affected.

42. XPDF DCTStream Baseline Remote Heap Buffer Overflow Vulnerability
BugTraq ID: 15727
Remote: Yes
Last Updated: 2007-08-10
Relevant URL: http://www.securityfocus.com/bid/15727
Summary:
The 'xpdf' viewer is reported prone to a remote buffer-overflow vulnerability. This issue exists because the application fails to perform proper boundary checks before copying user-supplied data into process buffers. A remote attacker may execute arbitrary code in the context of a user running the application. This can result in the attacker gaining unauthorized access to the vulnerable computer.

This issue is reported to present itself in the 'CTStream::readBaselineSOF' function residing in the 'xpdf/Stream.cc' file.

This issue is reported to affect xpdf 3.01, but earlier versions are likely prone to this vulnerability as well. Applications using embedded xpdf code may also be vulnerable.

The 'pdftohtml' utility also includes vulnerable versions of xpdf. This issue affects pdftohtml 0.36; earlier versions may also be affected.

Th 'kpdf' utility reportedly incorporates vulnerable xpdf code. This issue affects kpdf 0.5; other versions may also be affected.

43. KDE KPDF/KWord/XPDF StreamPredictor Function Stack Buffer Overflow Vulnerability
BugTraq ID: 25124
Remote: Yes
Last Updated: 2007-08-10
Relevant URL: http://www.securityfocus.com/bid/25124
Summary:
KDE kpdf, kword, and xpdf are prone to a stack-based buffer-overflow vulnerability because the applications fail to bounds-check user-supplied data before copying it into an insufficiently sized buffer.

An attacker can exploit this issue to execute arbitrary code within the context of the affected application or cause the affected application to crash, denying service to legitimate users.

44. CUPS Partial SSL Connection Remote Denial of Service Vulnerability
BugTraq ID: 23127
Remote: Yes
Last Updated: 2007-08-10
Relevant URL: http://www.securityfocus.com/bid/23127
Summary:
CUPS is prone to a remote denial-of-service vulnerability when handling SSL connection requests.

Successfully exploiting this issue allows remote attackers to cause the affected service to stop accepting further requests, denying further service to legitimate users.

NOTE: This issue was originally reported as a vulnerability affecting Apple Mac OS X in BID 22948 (Apple Mac OS X Multiple Applications Multiple Vulnerabilities). Further information indicates that this vulnerability also affects CUPS running on other platforms, so this issue is being assigned a separate BID.

45. AMD ATI ATIDSMXX.SYS Driver Local Privilege Escalation Vulnerability
BugTraq ID: 25265
Remote: No
Last Updated: 2007-08-10
Relevant URL: http://www.securityfocus.com/bid/25265
Summary:
An AMD ATI driver is prone to a local privilege-escalation vulnerability because it is a signed driver and can read/write kernel memory.

Attacker's can exploit this issue to execute arbitrary machine code with SYSTEM-level privileges. Successful attacks will completely compromise affected computers.

This issue affects atidsmxx.sys 3.0.502.0; other versions may also be affected.

46. Storesprite Next Parameter Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 25266
Remote: Yes
Last Updated: 2007-08-10
Relevant URL: http://www.securityfocus.com/bid/25266
Summary:
Storesprite is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.

Storesprite 7 and prior versions are reported vulnerable.

47. Mozilla Firefox/Thunderbird/SeaMonkey Chrome-Loaded About:Blank Script Execution Vulnerability
BugTraq ID: 25142
Remote: Yes
Last Updated: 2007-08-10
Relevant URL: http://www.securityfocus.com/bid/25142
Summary:
Mozilla Firefox, Thunderbird, and SeaMonkey are prone to a vulnerability that allows JavaScript to execute with unintended privileges.

A malicious site may be able to cause the execution of a script with Chrome privileges. Attackers could exploit this issue to execute hostile script code with privileges that exceed those that were intended. Certain Firefox extensions may not intend 'about:blank' to execute script code with Chrome privileges.

NOTE: This issue was introduced by the fix for MFSA 2007-20.

48. Multiple Browser URI Handlers Command Injection Vulnerabilities
BugTraq ID: 25053
Remote: Yes
Last Updated: 2007-08-10
Relevant URL: http://www.securityfocus.com/bid/25053
Summary:
Multiple browsers are prone to vulnerabilities that let attackers inject commands through various protocol handlers.

Exploiting these issues allows remote attackers to pass and execute arbitrary commands and arguments through processes such as 'cmd.exe' by employing various URI handlers.

An attacker can exploit these issues to carry out various attacks by executing arbitrary commands on a vulnerable computer.

Exploiting these issues would permit remote attackers to influence command options that can be called through protocol handlers and to execute commands with the privileges of a user running the application. Successful attacks may result in a variety of consequences, including remote unauthorized access.

Mozilla Firefox 2.0.0.5, 3.0a6 and Netscape Navigator 9 are reported vulnerable to these issues. Other versions of these browsers and other vendors' browsers may also be affected.

49. Xine M3U Remote Format String Vulnerability
BugTraq ID: 22252
Remote: Yes
Last Updated: 2007-08-10
Relevant URL: http://www.securityfocus.com/bid/22252
Summary:
The 'xine' program is prone to a remote format-string vulnerability because the application fails to properly sanitize user-supplied input before including it in the format-specifier argument of a formatted-printing function.

Successfully exploiting this issue allows remote attackers to execute arbitrary machine code in the context of the application and to compromise affected computers.

This issue may be related to the vulnerability discussed in BID 21852 (VideoLan VLC Media Player Remote Format String Vulnerability); this has not been confirmed.

50. Xine Errors.C Remote Format String Vulnerability
BugTraq ID: 22002
Remote: Yes
Last Updated: 2007-08-10
Relevant URL: http://www.securityfocus.com/bid/22002
Summary:
The 'xine' media player is prone to a remote format-string vulnerability because the application fails to properly sanitize user-supplied input before including it in the format-specifier argument of a formatted-printing function.

Successfully exploiting this issue allows remote attackers to execute arbitrary machine code in the context of the application and to compromise affected computers.

The xine-ui branch is vulnerable; other branches may also be affected.

51. TCPDump IEEE802.11 printer Remote Buffer Overflow Vulnerability
BugTraq ID: 22772
Remote: Yes
Last Updated: 2007-08-10
Relevant URL: http://www.securityfocus.com/bid/22772
Summary:
The 'tcpdump' utility is prone to a heap-based buffer-overflow vulnerability because it fails to bounds-check user-supplied input before copying it into an insufficiently sized memory buffer.

52. File Multiple Denial of Service Vulnerabilities
BugTraq ID: 24146
Remote: Yes
Last Updated: 2007-08-10
Relevant URL: http://www.securityfocus.com/bid/24146
Summary:
The 'file' utility is prone to multiple denial-of-service vulnerabilities because it fails to handle exceptional conditions.

An attacker could exploit this issue by enticing a victim to open a specially crafted file. A denial-of-service condition can occur. Arbitrary code execution may be possible, but Symantec has not confirmed this.

53. OpenSSL Montgomery Exponentiation Side-Channel Local Information Disclosure Vulnerability
BugTraq ID: 25163
Remote: No
Last Updated: 2007-08-10
Relevant URL: http://www.securityfocus.com/bid/25163
Summary:
OpenSSL is prone to a local information-disclosure vulnerability because of an implementation flaw in the RSA algorithm.

Successfully exploiting this issue allows local attackers to gain access to private key information of other processes that use the affected library. Information harvested may aid in further attacks.

OpenSSL 0.9.8 is vulnerable to this issue; other versions may also be affected.

54. GD Graphics Library Multiple Vulnerabilities
BugTraq ID: 24651
Remote: Yes
Last Updated: 2007-08-10
Relevant URL: http://www.securityfocus.com/bid/24651
Summary:
The GD graphics library is prone to multiple vulnerabilities.

An attacker can exploit this issue to cause denial-of-service conditions or execute arbitrary code in the context of applications implementing the affected library.

Version prior to GD graphics library 2.0.35 are reported vulnerable.

55. Mutt Mutt_Gecos_Name Function Local Buffer Overflow Vulnerability
BugTraq ID: 24192
Remote: No
Last Updated: 2007-08-10
Relevant URL: http://www.securityfocus.com/bid/24192
Summary:
Mutt is prone to a local buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input before using it in a memory copy operation.

An attacker can exploit this issue to execute arbitrary code with the with the privileges of the victim. Failed exploit attempts will result in a denial of service.

56. APOP Protocol Insecure MD5 Hash Weakness
BugTraq ID: 23257
Remote: Yes
Last Updated: 2007-08-10
Relevant URL: http://www.securityfocus.com/bid/23257
Summary:
Applications that implement the APOP protocol may be vulnerable to a password-hash weakness. This issue occurs because the MD5 hash algorithm fails to properly prevent collisions.

Attackers may exploit this issue in man-in-the-middle attacks to potentially gain access to the first three characters of passwords. This will increase the likelihood of successful brute-force attacks against APOP authentication.

To limit the possibility of successful exploits, applications that implement the APOP protocol should set up safeguards to ensure that message IDs are RFC-compliant.

Mozilla Thunderbird, Evolution, mutt, and fetchmail are reportedly affected by this issue.

57. Linux Kernel i965 Chipsets Insecure Batchbuffer Local Privilege Escalation Vulnerability
BugTraq ID: 25263
Remote: No
Last Updated: 2007-08-10
Relevant URL: http://www.securityfocus.com/bid/25263
Summary:
The Linux kernel is prone to a local privilege-escalation vulnerability.

Exploiting this issue may allow local attackers to gain elevated privileges, facilitating the complete compromise of affected computers.

Versions of Linux kernel prior to 2.6.22.2 are vulnerable to this issue.

58. ZyXEL ZyWALL 2 Multiple Remote Vulnerabilities
BugTraq ID: 25262
Remote: Yes
Last Updated: 2007-08-10
Relevant URL: http://www.securityfocus.com/bid/25262
Summary:
ZyXEL ZyWALL 2 is prone to multiple remote vulnerabilities that affect the management interface.

An attacker can exploit these issues to carry out cross-site request forgery, HTML-injection, and denial-of-service attacks.

ZyWALL 2 running with firmware V3.62(WK.6) is reported vulnerable to this issue.

59. WebCart Multiple Unspecified Cross-Site Scripting Vulnerabilities
BugTraq ID: 25261
Remote: Yes
Last Updated: 2007-08-10
Relevant URL: http://www.securityfocus.com/bid/25261
Summary:
WebCart is prone to multiple unspecified cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.

Versions prior to WebCart 2.30 are considered vulnerable, though this issue was specifically identified in WebCart 2.25.

60. X.Org XDM XSession Script Race Condition Vulnerability
BugTraq ID: 20400
Remote: No
Last Updated: 2007-08-10
Relevant URL: http://www.securityfocus.com/bid/20400
Summary:
The X.org XDM XSession script is prone to a race-condition vulnerability.

Local unprivileged attackers can exploit this issue to gain access to the primary or alternate 'xdm' error log files. Successful exploits will allow attackers to obtain sensitive information.

61. PHP SNMPGet Function Local Buffer Overflow Vulnerability
BugTraq ID: 22893
Remote: No
Last Updated: 2007-08-10
Relevant URL: http://www.securityfocus.com/bid/22893
Summary:
PHP is prone to a local buffer-overflow vulnerability because the application fails to perform boundary checks before copying user-supplied data to insufficiently sized memory buffers.

An attacker can exploit this issue to execute arbitrary machine code in the context of the affected webserver. Failed exploit attempts will likely crash the webserver, denying service to legitimate users.

PHP 4.4.6 for Microsoft Windows is vulnerable; other versions may also be affected.

62. Adobe ActionScript SecurityErrorEvent Security Bypass Vulnerability
BugTraq ID: 25260
Remote: Yes
Last Updated: 2007-08-10
Relevant URL: http://www.securityfocus.com/bid/25260
Summary:
Adobe ActionScript is prone to a security-bypass vulnerability because the application allows Flash movies compiled by ActionScript to connect to arbitrary TCP ports on a host running a vulnerable version of Flash.

Successfully exploiting this issue allows an attacker to bypass the application's sandbox security model and scan other hosts that are connected to the computer running the vulnerable application.

63. CerbNG Multiple System Call Wrappers Concurrency Vulnerabilities
BugTraq ID: 25259
Remote: No
Last Updated: 2007-08-10
Relevant URL: http://www.securityfocus.com/bid/25259
Summary:
CerbNG is prone to multiple concurrency vulnerabilities due to its implementation of system call wrappers. This problem can result in a race condition between a user thread and the kernel.

Attackers can exploit these issues by replacing certain values in system call wrappers with malicious data to elevate privileges or to bypass auditing. Successful attacks can completely compromise affected computers.

64. GD Graphics Library PNG File Processing Denial of Service Vulnerability
BugTraq ID: 24089
Remote: Yes
Last Updated: 2007-08-10
Relevant URL: http://www.securityfocus.com/bid/24089
Summary:
The GD graphics library is prone to a denial-of-service vulnerability.

An attacker can exploit this issue to cause denial-of-service conditions in applications implementing the affected library.

GD graphics library 2.0.34 is reported vulnerable; other versions may be affected as well.

65. Multiple Vendors RAR Handling Remote Null Pointer Dereference Vulnerability
BugTraq ID: 24866
Remote: Yes
Last Updated: 2007-08-10
Relevant URL: http://www.securityfocus.com/bid/24866
Summary:
Multiple applications using RAR are prone to a NULL-pointer dereference vulnerability.

A successful attack will result in denial-of-service conditions. Attackers may also be able to exploit this issue to execute arbitrary code, but this has not been confirmed.

This issue affects the following:

ClamAV prior to 0.91
'UnRAR' 3.70; other versions may also be vulnerable.

Other applications using the vulnerabile 'UnRAR' utility are affected by this issue. We will update this BID as more information emerges.

66. Systrace Multiple System Call Wrappers Concurrency Vulnerabilities
BugTraq ID: 25258
Remote: No
Last Updated: 2007-08-10
Relevant URL: http://www.securityfocus.com/bid/25258
Summary:
Systrace is prone to multiple concurrency vulnerabilities due to its implementation of system call wrappers. This problem can result in a race condition between a user thread and the kernel.

67. Hewlett-Packard OpenView OVTrace Multiple Remote Buffer Overflow Vulnerabilities
BugTraq ID: 25255
Remote: Yes
Last Updated: 2007-08-10
Relevant URL: http://www.securityfocus.com/bid/25255
Summary:
HP OpenView is prone to multiple remote buffer-overflow vulnerabilities because it fails to perform adequate boundary checks on user-supplied input.

Attackers can exploit these issues to execute arbitrary code with superuser privileges.

68. Mapos-Scripts.de File Uploader Multiple Remote File Include Vulnerabilities
BugTraq ID: 25253
Remote: Yes
Last Updated: 2007-08-10
Relevant URL: http://www.securityfocus.com/bid/25253
Summary:
File Uploader is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied input.

Exploiting these issues may allow an attacker to compromise the application and the underlying system; other attacks are also possible.

File Uploader 1.1 is vulnerable; other versions may also be affected.

69. BlueCat Networks Adonis TFTP Remote Privilege Escalation Vulnerability
BugTraq ID: 25214
Remote: Yes
Last Updated: 2007-08-10
Relevant URL: http://www.securityfocus.com/bid/25214
Summary:
BlueCat Networks Adonis devices are prone to a remote privilege-escalation vulnerability. This issue occurs when Proteus appliances are used to upload files to an affected Adonis appliance for TFTP download.

An attacker with administrative privileges can exploit this issue to write arbitrary data with superuser privileges. A successful attack will result in the complete compromise of an affected appliance.

Adonis 5.0.2.8 is vulnerable; other versions may also be affected.

70. Php Blue Dragon Multiple Input Validation Vulnerabilities
BugTraq ID: 25264
Remote: Yes
Last Updated: 2007-08-10
Relevant URL: http://www.securityfocus.com/bid/25264
Summary:
Php Blue Dragon CMS is prone to multiple input-validation vulnerabilities because the application fails to sufficiently sanitize user-supplied input. These issues include an SQL-injection vulnerability, a remote file-include vulnerability, and a local file-include vulnerability.

An attacker can exploit these issues to execute malicious PHP code in the context of the webserver process, access or modify data, or exploit latent vulnerabilities in the underlying database.

Php Blue Dragon CMS 3.0.0 is vulnerable; other versions may also be affected.

71. Mapos-Scripts.de WebNews Multiple Remote File Include Vulnerabilities
BugTraq ID: 25257
Remote: Yes
Last Updated: 2007-08-09
Relevant URL: http://www.securityfocus.com/bid/25257
Summary:
WebNews is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied input.

Exploiting these issues may allow an attacker to compromise the application and the underlying system; other attacks are also possible.

WebNews 1.1 is vulnerable; other versions may also be affected.

72. GSWTK Multiple System Call Wrappers Concurrency Vulnerabilities
BugTraq ID: 25251
Remote: No
Last Updated: 2007-08-09
Relevant URL: http://www.securityfocus.com/bid/25251
Summary:
GSWKT (Generic Software Wrappers Toolkit) is prone to multiple concurrency vulnerabilities because of its implementation of system call wrappers. This problem can result in a race condition between a user thread and the kernel.

GSWKT 1.6.3 is vulnerable; other versions may also be affected.

73. Mapos-Scripts.de Bilder Galerie Index.PHP Remote File Include Vulnerability
BugTraq ID: 25256
Remote: Yes
Last Updated: 2007-08-09
Relevant URL: http://www.securityfocus.com/bid/25256
Summary:
Bilder Galerie is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data.

Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible.

Bilder Galerie 1.0 is vulnerable; other versions may also be affected.

74. Mapos-Scripts.de Gastebuch Index.PHP Remote File Include Vulnerability
BugTraq ID: 25252
Remote: Yes
Last Updated: 2007-08-09
Relevant URL: http://www.securityfocus.com/bid/25252
Summary:
Mapos-Scripts.de Gastebuch is prone to a remote file-include vulnerability because the application fails to properly sanitize user-supplied input.

Gastebuch 1.5 is vulnerable; other versions may also be affected.

75. Mapos-Scripts.de Shoutbox Shoutbox.PHP Remote File Include Vulnerability
BugTraq ID: 25254
Remote: Yes
Last Updated: 2007-08-09
Relevant URL: http://www.securityfocus.com/bid/25254
Summary:
Shoutbox is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data.

Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible.

Shoutbox 1.0 is vulnerable; other versions may also be affected.

76. Borland InterBase IBServer.EXE Remote Stack Based Buffer Overflow Vulnerability
BugTraq ID: 25048
Remote: Yes
Last Updated: 2007-08-09
Relevant URL: http://www.securityfocus.com/bid/25048
Summary:
Borland InterBase is prone to a remote stack-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data.

Attackers can exploit this issue to execute arbitrary code in the context of the application. Failed attacks will likely cause denial-of-service conditions.

77. ASSP ASSP.PL Unspecified Vulnerability
BugTraq ID: 25249
Remote: Yes
Last Updated: 2007-08-09
Relevant URL: http://www.securityfocus.com/bid/25249
Summary:
ASSP (Anti-Spam SMTP Proxy Server) is prone to an unspecified vulnerability.

Very few details are available regarding this issue. We will update this BID as more information emerges.

78. PhpHostBot Login.PHP Remote File Include Vulnerability
BugTraq ID: 25221
Remote: Yes
Last Updated: 2007-08-09
Relevant URL: http://www.securityfocus.com/bid/25221
Summary:
PhpHostBot is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data.

Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible.

PhpHostBot 1.06 is vulnerable; other versions may also be affected.

79. CISCO IOS NHRP Remote Buffer Overflow Vulnerability
BugTraq ID: 25238
Remote: Yes
Last Updated: 2007-08-09
Relevant URL: http://www.securityfocus.com/bid/25238
Summary:
Cisco IOS is prone to a remote buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data.

Attackers can exploit this issue to execute arbitrary code in the context of the affected component. Attackers could also restart the device, resulting in denial-of-service conditions.

Cisco IOS 12.0 through 12.4 are vulnerable.

80. Symantec Norton Products NAVCOMUI.DLL ActiveX Control Remote Code Execution Vulnerability
BugTraq ID: 24983
Remote: Yes
Last Updated: 2007-08-09
Relevant URL: http://www.securityfocus.com/bid/24983
Summary:
Multiple Symantec Norton products are prone to a remote code-execution vulnerability. This issue occurs in ActiveX controls that are shared across multiple products.

Invoking the object from a malicious website or HTML email may trigger this condition. Successful exploits allow remote attackers to execute code and to compromise affected computers. Failed exploit attempts likely result in computer crashes.

The following products are vulnerable to this issue:

Norton Antivirus 2006
Norton Internet Security 2006
Norton Internet Security, Anti Spyware Edition 2005
Norton System Works 2006

81. SAS Hotel Management System Admin.ASP Multiple SQL Injection Vulnerabilities
BugTraq ID: 25246
Remote: Yes
Last Updated: 2007-08-09
Relevant URL: http://www.securityfocus.com/bid/25246
Summary:
SAS Hotel Management System is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

82. Linux Kernel CIFS Local Security Bypass Weakness
BugTraq ID: 25244
Remote: No
Last Updated: 2007-08-09
Relevant URL: http://www.securityfocus.com/bid/25244
Summary:
The Linux kernel is prone to a security-bypass weakness.

A local attacker may exploit this issue to bypass certain security restrictions, which may lead to other attacks.

Linux kernel versions prior to 2.6.23-rc1 are vulnerable.

83. FSPLIB Library Multiple Remote Vulnerabilities
BugTraq ID: 25034
Remote: Yes
Last Updated: 2007-08-09
Relevant URL: http://www.securityfocus.com/bid/25034
Summary:
FSPLIB library is prone to multiple remote vulnerabilities.

An attacker can exploit these issues to execute arbitrary code in the context of an application using the library. Failed attacks will likely cause denial-of-service conditions.

Versions prior to FSPLIB 0.9 are vulnerable.

84. Linux Kernel IPv6 TCP Sockets Local Denial of Service Vulnerability
BugTraq ID: 23104
Remote: No
Last Updated: 2007-08-09
Relevant URL: http://www.securityfocus.com/bid/23104
Summary:
The Linux kernel is prone to a denial-of-service vulnerability.

Exploiting this issue allows local attackers to cause the kernel to crash, effectively denying service to legitimate users. Attackers may also be able to execute arbitrary code with elevated privileges, but this has not been confirmed.

This issue affects the Linux kernel 2.6 series.

85. Linux Kernel CapiUtil.c Buffer Overflow Vulnerability
BugTraq ID: 23333
Remote: No
Last Updated: 2007-08-09
Relevant URL: http://www.securityfocus.com/bid/23333
Summary:
The Linux kernel is prone to a local buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input before using into an insufficiently sized buffer.

An attacker can exploit this issue to execute arbitrary code with kernel-level privileges or cause the affected kernel to crash, denying service to legitimate users.

This issue affects versions 2.6.9 to 2.6.20 and the 'isdn4k-utils' utilities.

86. Linux Kernel L2CAP and HCI Setsockopt Memory Leak Information Disclosure Vulnerability
BugTraq ID: 23594
Remote: No
Last Updated: 2007-08-09
Relevant URL: http://www.securityfocus.com/bid/23594
Summary:
Linux Kernel is prone to an information-disclosure vulnerability because it fails to handle unexpected user-supplied input.

Successful exploits will allow attackers to view portions of kernel memory. Information harvested may be used in further attacks.

Kernel versions 2.4.34.2 and prior are vulnerable to this issue.

87. GNOME Display Manager G_Strsplit Function Local Denial Of Service Vulnerability
BugTraq ID: 25191
Remote: No
Last Updated: 2007-08-09
Relevant URL: http://www.securityfocus.com/bid/25191
Summary:
GNOME Display Manager is prone to a local denial-of-service vulnerability because the application fails to handle specially crafted GDM socket commands.

A local attacker can exploit this issue to crash the affected application, denying service to legitimate users.

Versions prior to GNOME Display Manager 2.14.13, 2.16.7, 2.18.4, and 2.19.5 are vulnerable.

88. Sun JavaDoc Tool Cross-Site Scripting Vulnerability
BugTraq ID: 24690
Remote: Yes
Last Updated: 2007-08-09
Relevant URL: http://www.securityfocus.com/bid/24690
Summary:
Sun JavaDoc Tool is prone to a cross-site scripting vulnerability.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

89. Sun Java Web Start Unauthorized Access Vulnerability
BugTraq ID: 23728
Remote: Yes
Last Updated: 2007-08-09
Relevant URL: http://www.securityfocus.com/bid/23728
Summary:
Sun Java Web Start is prone to a vulnerability that may allow remote attackers to gain unauthorized access to a vulnerable computer.

The vendor has reported that this vulnerability allows untrusted applications to gain read/write privileges to local files on a vulnerable computer.

The following versions for Windows, Solaris and Linux platforms are vulnerable:

Java Web Start in JDK and JRE 5.0 Update 10 and earlier
Java Web Start in SDK and JRE 1.4.2_13 and earlier

90. Sun JDK JPG/BMP Parser Multiple Vulnerabilities
BugTraq ID: 24004
Remote: Yes
Last Updated: 2007-08-09
Relevant URL: http://www.securityfocus.com/bid/24004
Summary:
Sun JDK is prone to a multiple vulnerabilities.

An attacker can exploit these issues to crash the affected application, effectively denying service. The attacker may also be able to execute arbitrary code, which may facilitate a compromise of the underlying system.

Sun JDK 1.5.0_07-b03 is vulnerable to these issues; other versions may also be affected.

91. Sun Java Runtime Environment WebStart JNLP File Stack Buffer Overflw Vulnerability
BugTraq ID: 24832
Remote: Yes
Last Updated: 2007-08-09
Relevant URL: http://www.securityfocus.com/bid/24832
Summary:
Sun Java Runtime Environment is prone to a stack-based buffer-overflow vulnerability because it fails to adequately bounds-check user-supplied input before copying it to an insufficiently sized memory buffer.

An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the affected application. Failed exploit attempts will likely result in a denial-of-service condition.

This issue affects these versions:

Java Runtime Environment 6 update 1
Java Runtime Environment 5 update 11

Prior versions are also affected.

92. Sun Java Runtime Environment Network Access Restriction Security Bypass Vulnerability
BugTraq ID: 25054
Remote: Yes
Last Updated: 2007-08-09
Relevant URL: http://www.securityfocus.com/bid/25054
Summary:
The Sun Java Runtime Environment is prone to a security-bypass vulnerability.

Successfully exploiting this issue will allow an attacker to connect to services on a remote user's computer without proper authorization. This may lead to other attacks.

93. FreeBSD LibArchive Multiple Remote Vulnerabilities
BugTraq ID: 24885
Remote: Yes
Last Updated: 2007-08-09
Relevant URL: http://www.securityfocus.com/bid/24885
Summary:
FreeBSD's libarchive is prone to multiple vulnerabilities because the library fails to properly handle malformed TAR and PAX archives.

Successfully exploiting these issues allows remote attackers to trigger application crashes, consume excessive CPU resources, and potentially execute arbitrary machine code in the context of applications that use the affected library.

These issues affect FreeBSD 5.3 and later (up until releases made after 12 July 2007).

94. Retired: C-SAM OneWallet Forget Password Cross-Site Scripting Vulnerability
BugTraq ID: 25224
Remote: Yes
Last Updated: 2007-08-09
Relevant URL: http://www.securityfocus.com/bid/25224
Summary:
OneWallet is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

This issue affects OneWallet 210_07062007;1.0; other versions may also be vulnerable.

NOTE: This BID is being retired because it was based on incomplete information.

95. Xvid Avi MBCoding.C Remote Code Execution Vulnerability
BugTraq ID: 24561
Remote: Yes
Last Updated: 2007-08-09
Relevant URL: http://www.securityfocus.com/bid/24561
Summary:
Xvid is prone to a remote code-exexcution vulnerability due to an array-indexing error.

Attackers can exploit this issue to execute arbitrary code on an unsuspecting user's computer.

Xvid 1.1.2 is vulnerable; other versions may also be affected.

96. Opera Web Browser Running Adobe Flash Player Information Disclosure Vulnerability
BugTraq ID: 23437
Remote: Yes
Last Updated: 2007-08-09
Relevant URL: http://www.securityfocus.com/bid/23437
Summary:
Opera Web Browser is prone to an information-disclosure vulnerability when running Adobe Flash Player.

An attacker can exploit this issue to access potentially sensitive information.

These versions are vulnerable:

Opera Web Browser prior to 9.20 for Linux, Solaris, and FreeBSD
Adobe Flash Player prior to 9.0.28.0

This issue also affects the Konqueror browser.

97. Adobe Flash Player SWF File Handling Remote Code Execution Vulnerability
BugTraq ID: 24856
Remote: Yes
Last Updated: 2007-08-09
Relevant URL: http://www.securityfocus.com/bid/24856
Summary:
Adobe Flash Player is prone to a remote code-execution vulnerability because it fails to properly sanitize user-supplied input.

An attacker can exploit this issue by tricking an unsuspecting victim into opening a malicious file.

A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the victim running the vulnerable application.

Adobe Flash Player 9.0.45.0 and earlier, 8.0.34.0 and earlier, and 7.0.69.0 and earlier are affected.

98. Coppermine Photo Gallery YABBSE.INC.PHP Remote File Include Vulnerability
BugTraq ID: 25243
Remote: Yes
Last Updated: 2007-08-09
Relevant URL: http://www.securityfocus.com/bid/25243
Summary:
Coppermine Photo Gallery is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data.

Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible.

Coppermine 1.3.1 is vulnerable; other versions may also be affected.

99. TIBCO Rendezvous RVD Daemon Remote Denial Of Service Vulnerabilities
BugTraq ID: 25132
Remote: Yes
Last Updated: 2007-08-09
Relevant URL: http://www.securityfocus.com/bid/25132
Summary:
The RVD daemon in TIBCO Rendezvous is prone to two remote denial-of-service vulnerabilities.

Successfully exploiting these issues allows remote attackers to consume excessive memory or to trigger network instability leading to denial-of-service conditions.

Rendezvous 7.5.2 is vulnerable to these issues; other versions may also be affected.

100. Novell Client NWSPOOL.DLL Unspecified Buffer Overflow Vulnerability
BugTraq ID: 25092
Remote: Yes
Last Updated: 2007-08-09
Relevant URL: http://www.securityfocus.com/bid/25092
Summary:
Novell Client is prone to a unspecified buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.

An attacker may exploit this issue to execute arbitrary code within the context of the affected application or crash the application, denying service to legitimate users.

This issue affects Novell Client 4.91 SP4; other versions may also be vulnerable.

III. SECURITYFOCUS NEWS ARTICLES
--------------------------------
1. Retro attack gets new life, worries browser makers
By: Robert Lemos
Researchers find that browsers and plug-ins could be exploited to turn a victim's computer into a door to the internal network. One study finds an attack could claim 100,000 IP addresses in three days.
http://www.securityfocus.com/news/11481

2. Teaching hacking helps students, professors say
By: Robert Lemos
Universities and colleges could find more students interested in computer-science courses, if the teachers taught practical hacking, educators say.
http://www.securityfocus.com/news/11480

3. Will the iPhone be iPwned?
By: Robert Lemos
Security experts' predictions for the sleek high-end device vary, but they agree that Apple's first phone will be scrutinized closely.
http://www.securityfocus.com/news/11478

4. Firm finds new danger in dangling pointers
By: Robert Lemos
The common software flaw should be considered a security threat, not a quality control issue, researchers say.
http://www.securityfocus.com/news/11477

IV. SECURITY JOBS LIST SUMMARY
-------------------------------
V. INCIDENTS LIST SUMMARY
---------------------------
VI. VULN-DEV RESEARCH LIST SUMMARY
-----------------------------------
VII. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
VIII. SUN FOCUS LIST SUMMARY
----------------------------
1. SSHD with Secured authentication, using RSA PAM client
http://www.securityfocus.com/archive/92/475501

IX. LINUX FOCUS LIST SUMMARY
----------------------------
X. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to sf-news-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.

XI. SPONSOR INFORMATION
------------------------
This Issue is Sponsored by: Watchfire

https://www.watchfire.com/securearea/whitepapers.aspx?id=701700000008yka

News

Sunday, August 12, 2007

SecurityFocus Newsletter #413

No comments:

WINDOWS CENTER

Blog Archive