WINDOWS CENTER: SecurityFocus Newsletter #414

SecurityFocus Newsletter #414
----------------------------------------

This Issue is Sponsored by: SPI Dynamics

ALERT: Web Hacking - Attack Scenarios and Examples- White Paper
Learn how to defend against Web Application Attacks with real-world examples of recent hacking methods such as SQL Injection, Cross Site Scripting and Parameter Manipulation. Learn step-by-step vulnerability testing methods for your own Web Applications and guidelines for establishing best administration and coding practices.
Download *FREE* white paper from SPI Dynamics for a complete guide to protection!

https://download.spidynamics.com/1/ad/web.asp?Campaign_ID=70160000000D0r2

SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1. Delete This!
2. Security conferences versus practical knowledge
II. BUGTRAQ SUMMARY
1. KDE Konqueror SetInterval Function Address Bar URI Spoofing Vulnerability
2. KDE Konqueror Address Bar URI Spoofing Vulnerability
3. EZPhotoSales Multiple Input Validation Vulnerabilities
4. Drupal Content Construction Kit Nodereference Module Multiple HTML-injection Vulnerabilities
5. Diskeeper DKService.EXE Remote Information Disclosure Vulnerability
6. Racer Remote Buffer Overflow Vulnerability
7. OpenSSL Montgomery Exponentiation Side-Channel Local Information Disclosure Vulnerability
8. SkilMatch Systems JobLister3 Index.PHP SQL Injection Vulnerability
9. OWASP Stinger Filter Bypass Weakness
10. Dell Remote Access Card 4/P SSH Remote Denial Of Service Vulnerability
11. Prozilla Webring Website Script Category.PHP SQL Injection Vulnerability
12. Universal Ircd Server Multiple Remote Vulnerabilities
13. Streamripper HTTP Header Parsing Buffer Overflow Vulnerabilities
14. Multiple IRC Client Now Playing Scripts Input Validation Vulnerability
15. Microsoft DirectX Media SDK DXTLIPI.DLL ActiveX Control Buffer Overflow Vulnerability
16. GIMP PSD File Integer Overflow Vulnerability
17. Trolltech Qt QTextEdit Multiple Format String Vulnerabilities
18. Multiple Browser URI Handlers Command Injection Vulnerabilities
19. Microsoft Internet Explorer and Mozilla Firefox URI Handler Command Injection Vulnerability
20. SquirrelMail G/PGP Encryption Plug-in Multiple Remote Command Execution Vulnerabilities
21. Perl Net::DNS Remote Multiple Vulnerabilities
22. Openads Lib-RemoteHost.INC.PHP Remote File Include Vulnerability
23. mcNews Header.PHP Arbitrary File Include Vulnerability
24. Haudenschilt Family Connections Index.PHP Authentication Bypass Vulnerability
25. Lib2 PHP Library My_Statistics.PHP Remote File Include Vulnerability
26. Php-Stats WhoIs.PHP Cross-Site Scripting Vulnerability
27. Lighttpd Multiple Remote Denial of Service and Information Disclosure Vulnerabilities
28. Wireshark Multiple Protocol Denial of Service Vulnerabilities
29. Windows Vista Weather Gadget Remote Code Execution Vulnerability
30. Windows Vista Contacts Gadget Remote Code Execution Vulnerability
31. Windows Vista Feed Headlines Gadget Remote Code Execution Vulnerability
32. MySQL Access Validation and Denial of Service Vulnerabilities
33. Microsoft Visual Basic 6 TBLinf32.DLL ActiveX Control Remote Code Execution Vulnerability
34. Microsoft XML Core Services SubstringData Integer Overflow Vulnerability
35. Cisco VPN Client for Windows Multiple Local Privilege Escalation Vulnerabilities
36. Linux Kernel CapiUtil.c Buffer Overflow Vulnerability
37. Linux Kernel L2CAP and HCI Setsockopt Memory Leak Information Disclosure Vulnerability
38. KDE KPDF/KWord/XPDF StreamPredictor Function Stack Buffer Overflow Vulnerability
39. Linux Kernel Fib_Semantics.C Out Of Bounds Access Vulnerability
40. Linux Kernel Decode_Choices Function Remote Denial Of Service Vulnerability
41. Linux Kernel i965 Chipsets Insecure Batchbuffer Local Privilege Escalation Vulnerability
42. Linux Kernel USBLCD Memory Consumption Denial Of Service Vulnerability
43. Linux Kernel SCTP Connection Denial Of Service Vulnerability
44. Linux Kernel PRNG Entropy Weakness
45. Linux Kernel PPPoE Socket Local Denial of Service Vulnerability
46. Libvorbis Denial Of Service And Memory Corruption Vulnerabilities
47. phpSysInfo Index.php Cross-Site Scripting Vulnerability
48. EDraw Office Viewer Component ActiveX Control Arbitrary File Overwrite Vulnerability
49. Olate Download Admin.PHP Remote Authentication Bypass Vulnerability
50. BlueCat Networks Adonis CLI Remote Privilege Escalation Vulnerability
51. Tomboy LD_LIBRARY_PATH Environment Variable Local Privilege Escalation Vulnerability
52. IBM DB2 Universal Database Multiple Unspecified Vulnerabilities
53. Symantec Enterprise Firewall Username Enumeration Weakness
54. Microsoft Internet Explorer CSS Strings Memory Corruption Vulnerability
55. GD Graphics Library Multiple Vulnerabilities
56. Motive Service Activation Manager And Service Manager Remote Code Execution Vulnerabilities
57. Lenovo Inline Automated Solutions ActiveX Controls Multiple Vulnerabilities
58. Open ISCSI Multiple Local Denial Of Service Vulnerabilities
59. Mozilla Firefox About:Blank IFrame Cross Domain Information Disclosure Vulnerability
60. Mozilla Firefox WYCIWYG:// URI Cache Zone Bypass Vulnerability
61. Mozilla Firefox 2.0.0.4 Multiple Remote Vulnerabilities
62. Mozilla Firefox/Thunderbird/SeaMonkey Chrome-Loaded About:Blank Script Execution Vulnerability
63. Zoidcom Malformed Packet Denial of Service Vulnerability
64. OpenOffice RTF File Parser Buffer Overflow Vulnerability
65. Dovecot ACL Plugin Security Bypass Vulnerability
66. Microsoft OLE Automation SubstringData Function Integer Overflow Vulnerability
67. Hewlett-Packard OpenView OVTrace Multiple Remote Buffer Overflow Vulnerabilities
68. Akamai Download Manager ActiveX Control Multiple Buffer Overflow Vulnerabilities
69. Microsoft Windows Media Player Remote Skin Header Code Execution Vulnerability
70. Microsoft Windows Media Player Remote Skin Decompression Code Execution Vulnerability
71. Microsoft Internet Explorer Vector Markup Language VGX.DLL Remote Buffer Overflow Vulnerability
72. Microsoft Excel Worksheet Index Value Remote Code Execution Vulnerability
73. Microsoft Windows GDI Metafiles AttemptWrite Remote Code Execution Vulnerability
74. Microsoft Virtual PC and Virtual Server Heap Overflow Vulnerability
75. Rsync F_Name Off-By-One Buffer Overflow Vulnerability
76. ESRI ArcSDE Server SPrintf Function Stack Buffer Overflow Vulnerability
77. Opera Web Browser Invalid Pointer Remote Code Execution Vulnerability
78. Yahoo! Messenger KDU_V32M.DLL Remote Denial Of Service Vulnerability
79. SurgeMail IMAP SEARCH Command Remote Buffer Overflow Vulnerability
80. KDE Konqueror KHTML Library Title Cross Site Scripting Vulnerability
81. MS Visual Basic 6 Package and Deployment Wizard ActiveX Control Remote Code Execution Vulnerability
82. SOTEeSKLEP _Files Local File Include Vulnerability
83. Fedora Commons LDAP Authentication Bypass Vulnerability
84. Apache Tomcat Multiple Remote Information Disclosure Vulnerabilities
85. Apache Tomcat Host Manager Servlet Cross Site Scripting Vulnerability
86. Php Blue Dragon Multiple Input Validation Vulnerabilities
87. Article Dashboard Multiple Input Validation Vulnerabilities
88. Qbik WinGate SMTP Service Command Format String Vulnerability
89. Szymon Kosok Best Top List Banner-Upload.PHP Arbitrary File Upload Vulnerability
90. WengoPhone SIP Soft Phone Malformed Packet Denial of Service Vulnerability
91. CounterPath X-Lite SIP Soft Phone Malformed Packet Denial of Service Vulnerability
92. Xfce-Terminal Remote Command Injection Vulnerability
93. Savant Web Server Remote Buffer Overflow Vulnerability
94. LANAI CMS Multiple SQL Injection Vulnerabilities
95. Symantec Altiris Deployment Solution Local Privilege Escalation Vulnerability
96. RndLabs Babo Violent 2 Multiple Vulnerabilities
97. EFS Software Easy Chat Server Authentication Request Handling Remote Denial Of Service Vulnerability
98. Live For Speed Multiple Vulnerabilities
99. DeskPRO Admin Panel Multiple HTML Injection Vulnerabilities
100. IBM Rational ClearQuest Username Parameter SQL Injection Vulnerability
III. SECURITYFOCUS NEWS
1. Universities warned of Storm Worm attacks
2. Retro attack gets new life, worries browser makers
3. Teaching hacking helps students, professors say
4. Will the iPhone be iPwned?
IV. SECURITY JOBS LIST SUMMARY
V. INCIDENTS LIST SUMMARY
VI. VULN-DEV RESEARCH LIST SUMMARY
VII. MICROSOFT FOCUS LIST SUMMARY
1. Password complexity - improvement
2. SecurityFocus Microsoft Newsletter #354
3. SecurityFocus Microsoft Newsletter #352
VIII. SUN FOCUS LIST SUMMARY
IX. LINUX FOCUS LIST SUMMARY
X. UNSUBSCRIBE INSTRUCTIONS
XI. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1. Delete This!
By Mark Rasch
A series of legal events means that companies that have no business reason to retain documents or records may be compelled to create and retain such records just so they can become available for discovery.
http://www.securityfocus.com/columnists/450

2. Security conferences versus practical knowledge
By Don Parker
While the training industry as a whole has evolved rather well to suit the needs of their clients, the computer conference - specifically the computer security conference - has declined in relevance to the everyday sys-admin and network security practitioners.
http://www.securityfocus.com/columnists/449

II. BUGTRAQ SUMMARY
--------------------
1. KDE Konqueror SetInterval Function Address Bar URI Spoofing Vulnerability
BugTraq ID: 25219
Remote: Yes
Last Updated: 2007-08-16
Relevant URL: http://www.securityfocus.com/bid/25219
Summary:
KDE Konqueror is affected by a URI-spoofing vulnerability because it fails to sufficiently sanitize user-supplied input.

An attacker can exploit this issue to display arbitrary content while displaying the URL of a trusted website in the address bar. This may lead to a false sense of trust because the victim may be presented with a source URI of a trusted site while interacting with the attacker's malicious site.

Konqueror 3.5.7 is vulnerable; other versions may also be affected.

2. KDE Konqueror Address Bar URI Spoofing Vulnerability
BugTraq ID: 24912
Remote: Yes
Last Updated: 2007-08-16
Relevant URL: http://www.securityfocus.com/bid/24912
Summary:
KDE Konqueror is affected by a URI-spoofing vulnerability because it fails to adequately handle user-supplied data.

An attacker may leverage this issue by padding the URI and inserting arbitrary content to spoof the source URI of a file presented to an unsuspecting user. This may lead to a false sense of trust because the victim may be presented with a source URI of a trusted site while interacting with the attacker's malicious site.

Konqueror 3.5.7 are vulnerable; other versions may also be affected.

NOTE: This issue also affects the Opera browser. This BID originally tracked the issue for both products but has been split into two separate BIDs. The issue affecting Opera is now being tracked as BID 24917.

3. EZPhotoSales Multiple Input Validation Vulnerabilities
BugTraq ID: 25323
Remote: Yes
Last Updated: 2007-08-14
Relevant URL: http://www.securityfocus.com/bid/25323
Summary:
EZPhotoSales is prone to multiple input-validation vulnerabilities, including an authentication-bypass, multiple information-disclosure, an HTML-injection and an arbitrary file-upload vulnerability. These issues are due to a failure of the application to properly sanitize user-supplied input and protect sensitive information.

Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, execute arbitrary script code in the context of the webserver process, control how the site is rendered to the user, compromise the application, obtain sensitive information, and access or modify data. Successful exploits may facilitate a complete compromise of affected computers.

EZPhotoSales 1.9.3 is reported vulnerable; other versions may also be affected.

4. Drupal Content Construction Kit Nodereference Module Multiple HTML-injection Vulnerabilities
BugTraq ID: 25321
Remote: Yes
Last Updated: 2007-08-14
Relevant URL: http://www.securityfocus.com/bid/25321
Summary:
Drupal Content Construction Kit is prone to multiple HTML-injection vulnerabilities because it fails to sufficiently sanitize user-supplied input before displaying it in dynamically generated content.

An attacker could exploit these vulnerabilities to execute arbitrary script code in the browser of an unsuspecting victim in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

5. Diskeeper DKService.EXE Remote Information Disclosure Vulnerability
BugTraq ID: 25320
Remote: Yes
Last Updated: 2007-08-14
Relevant URL: http://www.securityfocus.com/bid/25320
Summary:
Diskeeper is prone to an information-disclosure vulnerability because it fails to restrict access to a certain RPC function.

This issue can be exploited to gain access to potentially sensitive information stored at arbitrary attacker-supplied memory addresses. Information gained could aid in further attacks. Supplying a bad memory address will cause denial-of-service conditions.

Diskeeper 9 Professional and Diskeeper 2007 Pro Premier are vulnerable; other versions may also be affected.

6. Racer Remote Buffer Overflow Vulnerability
BugTraq ID: 25297
Remote: Yes
Last Updated: 2007-08-13
Relevant URL: http://www.securityfocus.com/bid/25297
Summary:
Racer is prone to a remote buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input.

Attackers can exploit this issue to execute arbitrary code with the privileges of the user running the application. Successful exploits will compromise the computer. Failed exploit attempts will result in a denial of service.

Racer 0.5.3 beta 5 is vulnerable; other versions may also be affected.

7. OpenSSL Montgomery Exponentiation Side-Channel Local Information Disclosure Vulnerability
BugTraq ID: 25163
Remote: No
Last Updated: 2007-08-13
Relevant URL: http://www.securityfocus.com/bid/25163
Summary:
OpenSSL is prone to a local information-disclosure vulnerability because of an implementation flaw in the RSA algorithm.

Successfully exploiting this issue allows local attackers to gain access to private key information of other processes that use the affected library. Information harvested may aid in further attacks.

OpenSSL 0.9.8 is vulnerable to this issue; other versions may also be affected.

8. SkilMatch Systems JobLister3 Index.PHP SQL Injection Vulnerability
BugTraq ID: 25296
Remote: Yes
Last Updated: 2007-08-13
Relevant URL: http://www.securityfocus.com/bid/25296
Summary:
JobLister3 is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query.

A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.

9. OWASP Stinger Filter Bypass Weakness
BugTraq ID: 25294
Remote: Yes
Last Updated: 2007-08-13
Relevant URL: http://www.securityfocus.com/bid/25294
Summary:
OWASP Stinger is prone to a filter-bypass weakness because the application fails to properly handle certain input.

Since the OWASP Stinger project is a software module designed to be incorporated into other applications, this weakness may be exploitable only if applications use it in a vulnerable way.

Successfully exploiting this issue may allow attackers to bypass the filter, aiding them in further attacks.

Versions prior to Stinger 2.5 are vulnerable to this issue.

10. Dell Remote Access Card 4/P SSH Remote Denial Of Service Vulnerability
BugTraq ID: 25291
Remote: Yes
Last Updated: 2007-08-13
Relevant URL: http://www.securityfocus.com/bid/25291
Summary:
Dell Remote Access Card running Monaca SSH is prone to a remote denial-of-service vulnerability.

Attackers can exploit this issue to deny legitimate access to port 22 on affected computers.

Dell Remote Access Card 4/P running firmware 1.50 (Build 02.16) is vulnerable; other versions may also be affected.

11. Prozilla Webring Website Script Category.PHP SQL Injection Vulnerability
BugTraq ID: 25292
Remote: Yes
Last Updated: 2007-08-13
Relevant URL: http://www.securityfocus.com/bid/25292
Summary:
Prozilla Webring Website Script is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query.

A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.

12. Universal Ircd Server Multiple Remote Vulnerabilities
BugTraq ID: 25285
Remote: Yes
Last Updated: 2007-08-13
Relevant URL: http://www.securityfocus.com/bid/25285
Summary:
Universal Ircd is prone to multiple remote vulnerabilities, including denial-of-service issues and privilege-escalation issues.

Successfully exploiting these issues allows remote attackers to crash servers, flood users with messages, gain operator privileges in channels, consume excessive server resources, and possibly launch other attacks.

13. Streamripper HTTP Header Parsing Buffer Overflow Vulnerabilities
BugTraq ID: 25278
Remote: Yes
Last Updated: 2007-08-13
Relevant URL: http://www.securityfocus.com/bid/25278
Summary:
Streamripper is prone to two remote buffer-overflow vulnerabilities because the application fails to bounds-check user-supplied data before copying it into insufficiently sized buffers.

An attacker may exploit these issues to execute arbitrary code within the context of the affected application or crash the application, denying service to legitimate users.

Versions prior to Streamripper 1.62.2 are vulnerable.

14. Multiple IRC Client Now Playing Scripts Input Validation Vulnerability
BugTraq ID: 25281
Remote: Yes
Last Updated: 2007-08-13
Relevant URL: http://www.securityfocus.com/bid/25281
Summary:
Multiple IRC clients are prone to an input-validation vulnerability because they fail to adequately sanitize user-supplied input.

Attackers can exploit this issue to execute arbitrary IRC commands in IRC sessions of a victim user. On some clients, attackers may be able to leverage this issue to execute commands on the client itself.

Successful attacks can elevate attacker privileges, cause denial-of-service conditions, or in some cases (depending on the client) compromise the client. Other attacks are also possible.

The following scripts are vulnerable:

For irssi:
ixmmsa.pl 0.3, l33tmusic.pl 2.00, mpg123.pl 0.01, ogg123.pl 0.01, xmms.pl 2.0, xmms2.pl 1.1.3, and xmmsinfo.pl 1.1.1.1

For Xchat:
xmms-thing 1.0, XMMS Remote Control Script 1.07, Disrok 1.0, a2x 0.0.1, xmms-info script 1.0, and XChat-XMMS0.8.1

For WeeChat:
now-playing.rb, xmms.pl 1.1

For BitchX:
xmms.bx 1.0

Other scripts are also affected.

15. Microsoft DirectX Media SDK DXTLIPI.DLL ActiveX Control Buffer Overflow Vulnerability
BugTraq ID: 25279
Remote: Yes
Last Updated: 2007-08-13
Relevant URL: http://www.securityfocus.com/bid/25279
Summary:
Microsoft DirectX Media SDK 'DXTLIPI.DLL' ActiveX control is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data.

Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed exploit attempts likely result in denial-of-service conditions.

Microsoft DirectX Media SDK 6.0 with DXTLIPI.DLL 6.0.2.827 is reported vulnerable.

16. GIMP PSD File Integer Overflow Vulnerability
BugTraq ID: 24745
Remote: Yes
Last Updated: 2007-08-13
Relevant URL: http://www.securityfocus.com/bid/24745
Summary:
GIMP is prone to an integer-overflow vulnerability because it fails to properly bounds-check user-supplied input data before copying it to an insufficiently sized memory buffer.

Successful exploits of this vulnerability allow remote attackers to execute arbitrary machine code in the context of the affected application.

GIMP 2.2.15 is vulnerable to this issue; other versions may also be affected.

17. Trolltech Qt QTextEdit Multiple Format String Vulnerabilities
BugTraq ID: 25154
Remote: Yes
Last Updated: 2007-08-13
Relevant URL: http://www.securityfocus.com/bid/25154
Summary:
Trolltech Qt is prone to multiple format-string vulnerabilities because it fails to securely display error messages.

Exploiting these issues can allow remote attackers to execute arbitrary code in the context of the application using the application framework or to cause denial-of-service conditions.

This issue affects Qt 3 only. KDE and other application using the affected application framework are inherently affected.

18. Multiple Browser URI Handlers Command Injection Vulnerabilities
BugTraq ID: 25053
Remote: Yes
Last Updated: 2007-08-13
Relevant URL: http://www.securityfocus.com/bid/25053
Summary:
Multiple browsers are prone to vulnerabilities that let attackers inject commands through various protocol handlers.

Exploiting these issues allows remote attackers to pass and execute arbitrary commands and arguments through processes such as 'cmd.exe' by employing various URI handlers.

An attacker can exploit these issues to carry out various attacks by executing arbitrary commands on a vulnerable computer.

Exploiting these issues would permit remote attackers to influence command options that can be called through protocol handlers and to execute commands with the privileges of a user running the application. Successful attacks may result in a variety of consequences, including remote unauthorized access.

Mozilla Firefox 2.0.0.5, 3.0a6 and Netscape Navigator 9 are reported vulnerable to these issues. Other versions of these browsers and other vendors' browsers may also be affected.

19. Microsoft Internet Explorer and Mozilla Firefox URI Handler Command Injection Vulnerability
BugTraq ID: 24837
Remote: Yes
Last Updated: 2007-08-13
Relevant URL: http://www.securityfocus.com/bid/24837
Summary:
Microsoft Internet Explorer, Mozilla Firefox and Netscape Navigator are prone to a vulnerability that lets attackers inject commands through the 'firefoxurl' and 'navigatorurl' protocol handlers.

Exploiting these issues allows remote attackers to pass and execute arbitrary commands and arguments through the 'firefox.exe' and 'navigator.exe' processes by employing the 'firefoxurl' and 'navigatorurl' handlers.

An attacker can also employ these issues to carry out cross-browser scripting attacks by using the '-chrome' argument. This can allow the attacker to run JavaScript code with the privileges of trusted Chrome context and gain full access to Firefox and Netscape Navigator's resources.

Exploiting these issues would permit remote attackers to influence command options that can be called through the 'firefoxurl' and 'navigatorurl' handlers and therefore execute commands and script code with the privileges of a user running the applications. Successful attacks may result in a variety of consequences, including remote unauthorized access.

20. SquirrelMail G/PGP Encryption Plug-in Multiple Remote Command Execution Vulnerabilities
BugTraq ID: 24874
Remote: Yes
Last Updated: 2007-08-13
Relevant URL: http://www.securityfocus.com/bid/24874
Summary:
Vulnerabilities in the SquirrelMail G/PGP encryption plugin may allow attackers to execute shell commands and PHP script code. These issues occur because the application fails to sufficiently sanitize user-supplied data.

Commands and scripts would run in the context of the webserver hosting the vulnerable software.

Three separate shell command-injection vulnerabilities and one local file-include vulnerability are present in various versions of the affected plugin. One of these issues has been addressed in G/PGP Encryption 2.1, but the others are still unfixed.

One or more of these issues may already have been documented in the following BIDs, but sufficient information is not currently available to distinguish between them:

- 24782, SquirrelMail G/PGP Encryption Plug-in Unspecified Remote Command Execution Vulnerability
- 24828, SquirrelMail G/PGP Encryption Plug-in Multiple Unspecified Remote Command Execution Vulnerabilities

All affected BIDs will be updated when more information is released.

21. Perl Net::DNS Remote Multiple Vulnerabilities
BugTraq ID: 24669
Remote: Yes
Last Updated: 2007-08-13
Relevant URL: http://www.securityfocus.com/bid/24669
Summary:
The Perl Net::DNS module is prone to a remote denial-of-service vulnerability and a cache-poisoning issue.

Successful exploits may allow remote attackers to cause denial-of-service conditions or to manipulate cache data, potentially facilitating man-in-the-middle and site-impersonation attacks.

Versions prior to Perl Net::DNS 0.60. are reported vulnerable.

22. Openads Lib-RemoteHost.INC.PHP Remote File Include Vulnerability
BugTraq ID: 25277
Remote: Yes
Last Updated: 2007-08-13
Relevant URL: http://www.securityfocus.com/bid/25277
Summary:
Openads is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data.

Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible.

Openads 2.0.11 and prior versions are vulnerable.

23. mcNews Header.PHP Arbitrary File Include Vulnerability
BugTraq ID: 12776
Remote: Yes
Last Updated: 2007-08-13
Relevant URL: http://www.securityfocus.com/bid/12776
Summary:
mcNews is reportedly affected by a remote file-include vulnerability because the application fails to properly sanitize user-supplied input.

This issue is reported to affect mcNews 1.3; earlier versions may also be affected.

24. Haudenschilt Family Connections Index.PHP Authentication Bypass Vulnerability
BugTraq ID: 25276
Remote: Yes
Last Updated: 2007-08-13
Relevant URL: http://www.securityfocus.com/bid/25276
Summary:
Haudenschilt Family Connections is prone to an authentication-bypass vulnerability.

Attackers can exploit this issue to gain unauthorized access. This may facilitate a compromise of the application and underlying webserver; other attacks are also possible.

Family Connections 0.1.1 is vulnerable; other versions may also be affected.

25. Lib2 PHP Library My_Statistics.PHP Remote File Include Vulnerability
BugTraq ID: 25274
Remote: Yes
Last Updated: 2007-08-13
Relevant URL: http://www.securityfocus.com/bid/25274
Summary:
Lib2 PHP Library is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data.

Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible.

Lib2 PHP Library 0.2 is vulnerable; other versions may also be affected.

26. Php-Stats WhoIs.PHP Cross-Site Scripting Vulnerability
BugTraq ID: 25275
Remote: Yes
Last Updated: 2007-08-13
Relevant URL: http://www.securityfocus.com/bid/25275
Summary:
Php-Stats is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

Php-Stats 0.1.9.2 is vulnerable; other versions may also be affected.

27. Lighttpd Multiple Remote Denial of Service and Information Disclosure Vulnerabilities
BugTraq ID: 24967
Remote: Yes
Last Updated: 2007-08-16
Relevant URL: http://www.securityfocus.com/bid/24967
Summary:
Lighttpd is prone to multiple remote denial-of-service vulnerabilities and an information-disclosure vulnerability.

An attacker can exploit these issues to gain access to sensitive information or crash the affected application, denying service to legitimate users.

These issues affect versions prior to lighttpd 1.4.16.

28. Wireshark Multiple Protocol Denial of Service Vulnerabilities
BugTraq ID: 24662
Remote: Yes
Last Updated: 2007-08-16
Relevant URL: http://www.securityfocus.com/bid/24662
Summary:
Wireshark is prone to multiple denial-of-service vulnerabilities.

Exploiting these issues may permit attackers to cause crashes and deny service to legitimate users of the application.

Versions prior to Wireshark 0.99.6 are affected.

29. Windows Vista Weather Gadget Remote Code Execution Vulnerability
BugTraq ID: 25306
Remote: Yes
Last Updated: 2007-08-16
Relevant URL: http://www.securityfocus.com/bid/25306
Summary:
Windows Vista is prone to a remote code-execution vulnerability because it fails to adequately validate certain HTML attributes.

Attackers can leverage this issue to execute arbitrary code in the context of the currently logged-in user. Successful attacks may facilitate the remote compromise of affected computers.

30. Windows Vista Contacts Gadget Remote Code Execution Vulnerability
BugTraq ID: 25304
Remote: Yes
Last Updated: 2007-08-16
Relevant URL: http://www.securityfocus.com/bid/25304
Summary:
Windows Vista is prone to a remote code-execution vulnerability because it fails to adequately sanitize user-supplied data.

Attackers exploit this issue by coercing unsuspecting users to add or import malicious contact files.

Attackers can leverage this issue to execute arbitrary code in the context of the currently logged-in user. Successful attacks may facilitate the remote compromise of affected computers.

31. Windows Vista Feed Headlines Gadget Remote Code Execution Vulnerability
BugTraq ID: 25287
Remote: Yes
Last Updated: 2007-08-16
Relevant URL: http://www.securityfocus.com/bid/25287
Summary:
Windows Vista is prone to a remote code-execution vulnerability because it fails to adequately sanitize user-supplied data.

Attackers exploit this issue by coercing unsuspecting users to subscribe to a malicious RSS feed using the affected gadget.

Attackers can leverage this issue to execute arbitrary code in the context of the currently logged-in user. Successful attacks may facilitate the remote compromise of affected computers.

32. MySQL Access Validation and Denial of Service Vulnerabilities
BugTraq ID: 25017
Remote: Yes
Last Updated: 2007-08-16
Relevant URL: http://www.securityfocus.com/bid/25017
Summary:
MySQL is prone to a access-validation vulnerability and a denial-of-service vulnerability.

An attacker can exploit these issues to create arbitrary MySQL tables or to crash the affected application, denying service to legitimate users.

This issue affects versions prior to MySQL 5.0.45.

33. Microsoft Visual Basic 6 TBLinf32.DLL ActiveX Control Remote Code Execution Vulnerability
BugTraq ID: 25289
Remote: Yes
Last Updated: 2007-08-16
Relevant URL: http://www.securityfocus.com/bid/25289
Summary:
The Microsoft Visual Basic 6 TypeLib Information Library (TLI) ActiveX control is prone to a remote code-execution vulnerability.

An attacker may exploit this issue by enticing victims into opening a maliciously crafted HTML document.

34. Microsoft XML Core Services SubstringData Integer Overflow Vulnerability
BugTraq ID: 25301
Remote: Yes
Last Updated: 2007-08-16
Relevant URL: http://www.securityfocus.com/bid/25301
Summary:
Microsoft XML Core Services is prone to an integer-overflow vulnerability. This issue occursw because the application fails to ensure that integer values are not overrun.

Attackers can exploit this issue by enticing unsuspecting users to view malicious web content. Specially crafted scripts could issue requests to MSXML that trigger memory corruption.

Successfully exploiting this issue allows remote attackers to corrupt heap-memory and execute arbitrary code in the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.

35. Cisco VPN Client for Windows Multiple Local Privilege Escalation Vulnerabilities
BugTraq ID: 25332
Remote: No
Last Updated: 2007-08-16
Relevant URL: http://www.securityfocus.com/bid/25332
Summary:
Cisco VPN Client for Windows is prone to multiple local privilege-escalation vulnerabilities.

Successfully exploiting these issues allows attackers with local, interactive access to affected computers to gain SYSTEM-level privileges. This facilitates the complete compromise of affected computers.

Versions prior to 4.8.02.0010 and 5.0.01.0600 of Cisco VPN Client for the Microsoft Windows platform are vulnerable to these issues.

These issues are tracked as Cisco Bug IDs CSCse89550 and CSCsj00785.

36. Linux Kernel CapiUtil.c Buffer Overflow Vulnerability
BugTraq ID: 23333
Remote: No
Last Updated: 2007-08-16
Relevant URL: http://www.securityfocus.com/bid/23333
Summary:
The Linux kernel is prone to a local buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input before using into an insufficiently sized buffer.

An attacker can exploit this issue to execute arbitrary code with kernel-level privileges or cause the affected kernel to crash, denying service to legitimate users.

This issue affects versions 2.6.9 to 2.6.20 and the 'isdn4k-utils' utilities.

37. Linux Kernel L2CAP and HCI Setsockopt Memory Leak Information Disclosure Vulnerability
BugTraq ID: 23594
Remote: No
Last Updated: 2007-08-16
Relevant URL: http://www.securityfocus.com/bid/23594
Summary:
Linux Kernel is prone to an information-disclosure vulnerability because it fails to handle unexpected user-supplied input.

Successful exploits will allow attackers to view portions of kernel memory. Information harvested may be used in further attacks.

Kernel versions 2.4.34.2 and prior are vulnerable to this issue.

38. KDE KPDF/KWord/XPDF StreamPredictor Function Stack Buffer Overflow Vulnerability
BugTraq ID: 25124
Remote: Yes
Last Updated: 2007-08-16
Relevant URL: http://www.securityfocus.com/bid/25124
Summary:
KDE kpdf, kword, and xpdf are prone to a stack-based buffer-overflow vulnerability because the applications fail to bounds-check user-supplied data before copying it into an insufficiently sized buffer.

An attacker can exploit this issue to execute arbitrary code within the context of the affected application or cause the affected application to crash, denying service to legitimate users.

39. Linux Kernel Fib_Semantics.C Out Of Bounds Access Vulnerability
BugTraq ID: 23447
Remote: Yes
Last Updated: 2007-08-16
Relevant URL: http://www.securityfocus.com/bid/23447
Summary:
The Linux kernel is prone to an out-of-bounds-access vulnerability. This issue occurs because the semantics for IPv4 Forwarding Information Base fail to adequately bounds-check user-supplied data before accessing an array.

An attacker can exploit this issue to cause denial-of-service conditions. Arbitrary code execution may also be possible, but this has not been confirmed.

Versions prior to 2.6.21-rc6 are vulnerable.

40. Linux Kernel Decode_Choices Function Remote Denial Of Service Vulnerability
BugTraq ID: 24818
Remote: Yes
Last Updated: 2007-08-16
Relevant URL: http://www.securityfocus.com/bid/24818
Summary:
The Linux kernel is prone to a remote denial-of-service vulnerability because it fails to handle certain H.323 data.

Attackers can exploit this issue to crash the affected operating system, denying access to legitimate users.

Versions prior to 2.6.21.6, 2.6.20.15, and 2.6.22 are vulnerable.

41. Linux Kernel i965 Chipsets Insecure Batchbuffer Local Privilege Escalation Vulnerability
BugTraq ID: 25263
Remote: No
Last Updated: 2007-08-16
Relevant URL: http://www.securityfocus.com/bid/25263
Summary:
The Linux kernel is prone to a local privilege-escalation vulnerability.

Exploiting this issue may allow local attackers to gain elevated privileges, facilitating the complete compromise of affected computers.

Versions of Linux kernel prior to 2.6.22.2 are vulnerable to this issue.

42. Linux Kernel USBLCD Memory Consumption Denial Of Service Vulnerability
BugTraq ID: 24734
Remote: No
Last Updated: 2007-08-16
Relevant URL: http://www.securityfocus.com/bid/24734
Summary:
The Linux Kernel is prone to a denial-of-service vulnerability because it fails to limit memory consumption by 'fast writers'.

Attackers can exploit this issue to consume memory, resulting in denial-of-service conditions.

Versions prior to 2.6.22-rc7 are vulnerable.

43. Linux Kernel SCTP Connection Denial Of Service Vulnerability
BugTraq ID: 24376
Remote: Yes
Last Updated: 2007-08-16
Relevant URL: http://www.securityfocus.com/bid/24376
Summary:
The Linux kernel is prone to a denial-of-service vulnerability.

Linux kernel versions prior to 2.6.21.4 are vulnerable to this issue.

This BID initially discussed three weaknesses/vulnerabilities in the Linux kernel. These issues have been separated into the following individual records:

24389 Linux Kernel CPUSet Tasks Memory Leak Information Disclosure Vulnerability
24390 Linux Kernel PRNG Entropy Weakness
24376 Linux Kernel SCTP Connection Denial Of Service Vulnerability

44. Linux Kernel PRNG Entropy Weakness
BugTraq ID: 24390
Remote: No
Last Updated: 2007-08-16
Relevant URL: http://www.securityfocus.com/bid/24390
Summary:
The Linux kernel is prone to a weakness that may result in weaker cryptographic security.

Linux kernel versions prior to 2.6.21.4 are vulnerable to this issue.

This weakness was initially discussed in BID 24376 (Linux Kernel Multiple Weaknesses and Vulnerabilities), but has been assigned its own record.

45. Linux Kernel PPPoE Socket Local Denial of Service Vulnerability
BugTraq ID: 23870
Remote: No
Last Updated: 2007-08-16
Relevant URL: http://www.securityfocus.com/bid/23870
Summary:
The Linux kernel is prone to a denial-of-service vulnerability.

Exploiting this issue allows local attackers to exhaust memory resources and eventually cause the kernel to crash, effectively denying service to legitimate users.

This issue affects the Linux kernel 2.6 series prior to 2.6.21-git8.

46. Libvorbis Denial Of Service And Memory Corruption Vulnerabilities
BugTraq ID: 25082
Remote: Yes
Last Updated: 2007-08-16
Relevant URL: http://www.securityfocus.com/bid/25082
Summary:
Applications that use the libvorbis library are prone to multiple remote vulnerabilities, including a denial-of-service issue and multiple memory-corruption issues.

An attacker can exploit these issues to execute arbitrary code within the context of the application or cause the affected application to crash.

These issues affect libvorbis 1.1.2; other versions of the library may also be affected.

47. phpSysInfo Index.php Cross-Site Scripting Vulnerability
BugTraq ID: 25090
Remote: Yes
Last Updated: 2007-08-16
Relevant URL: http://www.securityfocus.com/bid/25090
Summary:
phpSysInfo is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

phpSysInfo 2.5.3 is reported vulnerable; other versions may be affected as well. Due to a shared codebase phpGroupWare is also affected by this vulnerability

48. EDraw Office Viewer Component ActiveX Control Arbitrary File Overwrite Vulnerability
BugTraq ID: 25344
Remote: Yes
Last Updated: 2007-08-16
Relevant URL: http://www.securityfocus.com/bid/25344
Summary:
The EDraw Office Viewer Component ActiveX Control is prone to an arbitrary file-overwrite vulnerability.

An attacker can exploit this issue to overwrite files with arbitrary, attacker-controlled content. This will aid in further attacks.

Version 5.1 of the control is vulnerable to this issue; other versions may also be affected.

49. Olate Download Admin.PHP Remote Authentication Bypass Vulnerability
BugTraq ID: 25343
Remote: Yes
Last Updated: 2007-08-16
Relevant URL: http://www.securityfocus.com/bid/25343
Summary:
Olate Download is prone to an authentication-bypass vulnerability.

An attacker can exploit this issue gain administrative access to the affected application. Successfully exploiting this issue will result in the remote compromise of the affected application.

Olate Download version 3.4.1 is vulnerable; other versions may also be affected.

50. BlueCat Networks Adonis CLI Remote Privilege Escalation Vulnerability
BugTraq ID: 25342
Remote: Yes
Last Updated: 2007-08-16
Relevant URL: http://www.securityfocus.com/bid/25342
Summary:
BlueCat Networks Adonis devices are prone to a remote privilege-escalation vulnerability. This issue occurs because the software fails to properly sanitize user-supplied input.

An attacker with administrative privileges can exploit this issue to execute arbitrary shell commands with superuser privileges. A successful attack will result in the complete compromise of an affected appliance.

Adonis 5.0.2.8 is vulnerable; other versions may also be affected.

51. Tomboy LD_LIBRARY_PATH Environment Variable Local Privilege Escalation Vulnerability
BugTraq ID: 25341
Remote: No
Last Updated: 2007-08-16
Relevant URL: http://www.securityfocus.com/bid/25341
Summary:
Tomboy is prone to a local privilege-escalation vulnerability.

Exploiting this issue allows local attacker to execute arbitrary code with the privileges of the user running the affected application.

52. IBM DB2 Universal Database Multiple Unspecified Vulnerabilities
BugTraq ID: 25339
Remote: Yes
Last Updated: 2007-08-16
Relevant URL: http://www.securityfocus.com/bid/25339
Summary:
IBM DB2 is prone to multiple vulnerabilities that may allow an attacker to carry out a variety of attacks. It is possible that some of these issues may permit an attacker to completely compromise a vulnerable computer.

These issues affect DB2 9.1 and 8 running on all supported platforms.

53. Symantec Enterprise Firewall Username Enumeration Weakness
BugTraq ID: 25338
Remote: Yes
Last Updated: 2007-08-16
Relevant URL: http://www.securityfocus.com/bid/25338
Summary:
Symantec Enterprise Firewall is prone to a username-enumeration weakness.

An attacker can exploit this issue to enumerate valid user names. This may aid in further attacks.

54. Microsoft Internet Explorer CSS Strings Memory Corruption Vulnerability
BugTraq ID: 25288
Remote: Yes
Last Updated: 2007-08-15
Relevant URL: http://www.securityfocus.com/bid/25288
Summary:
Microsoft Internet Explorer is prone to a remote code-execution vulnerability because the application fails to properly handle certain CSS data.

An attacker may exploit this issue by enticing victims into opening a maliciously crafted HTML document.

Successful exploits may allow an attacker to execute arbitrary code in the context of the user running the vulnerable application.

This issue affects Internet Explorer 5.01 SP4 running on Microsoft Windows 2000 SP4.

55. GD Graphics Library Multiple Vulnerabilities
BugTraq ID: 24651
Remote: Yes
Last Updated: 2007-08-15
Relevant URL: http://www.securityfocus.com/bid/24651
Summary:
The GD graphics library is prone to multiple vulnerabilities.

An attacker can exploit this issue to cause denial-of-service conditions or execute arbitrary code in the context of applications implementing the affected library.

Version prior to GD graphics library 2.0.35 are reported vulnerable.

56. Motive Service Activation Manager And Service Manager Remote Code Execution Vulnerabilities
BugTraq ID: 25312
Remote: Yes
Last Updated: 2007-08-15
Relevant URL: http://www.securityfocus.com/bid/25312
Summary:
Motive Service Activation Manager and Service Manager are prone to multiple remote code-execution vulnerabilities.

An attacker may exploit these issues by enticing victims into opening a maliciously crafted HTML document.

Successfully exploiting these issues allows remote attackers to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed exploit attempts will likely result in denial-of-service conditions.

57. Lenovo Inline Automated Solutions ActiveX Controls Multiple Vulnerabilities
BugTraq ID: 25311
Remote: Yes
Last Updated: 2007-08-15
Relevant URL: http://www.securityfocus.com/bid/25311
Summary:
Lenovo Inline Automated Solutions ActiveX controls are prone to multiple vulnerabilities.

An attacker may exploit these issues by enticing victims into opening a maliciously crafted HTML document.

These issues affects versions prior to 'acpcontroller.dll' ActiveX control 1.2.8.0 and 'acpir.dll' ActiveX control 1.0.0.9.

58. Open ISCSI Multiple Local Denial Of Service Vulnerabilities
BugTraq ID: 24471
Remote: No
Last Updated: 2007-08-15
Relevant URL: http://www.securityfocus.com/bid/24471
Summary:
Open-iSCSI is prone to multiple local denial-of-service vulnerabilities.

A local attacker can exploit these issues to deny legitimate user access to the server daemon.

59. Mozilla Firefox About:Blank IFrame Cross Domain Information Disclosure Vulnerability
BugTraq ID: 24286
Remote: Yes
Last Updated: 2007-08-15
Relevant URL: http://www.securityfocus.com/bid/24286
Summary:
Mozilla Firefox is prone to a cross-domain information-disclosure vulnerability because scripts may persist across navigations.

A malicious site may be able to modify the iframe of a site in an arbitrary external domain. Attackers could exploit this to gain access to sensitive information that is associated with the external domain. Other attacks are also possible, such as executing script code in other browser security zones.

This issue is being tracked by Bugzilla Bug 382686 and is reportedly related to Bug 343168.

Firefox 2.0.0.4 and prior versions are vulnerable.

60. Mozilla Firefox WYCIWYG:// URI Cache Zone Bypass Vulnerability
BugTraq ID: 24831
Remote: Yes
Last Updated: 2007-08-15
Relevant URL: http://www.securityfocus.com/bid/24831
Summary:
Mozilla Firefox is prone to a cache-zone-bypass vulnerability because the application fails to properly block remote access to special internally generated URIs containing cached data.

Exploiting this issue allows remote attackers to access potentially sensitive information and to place markers with similar functionality to cookies onto targeted users' computers, regardless of cookie security settings. Information harvested in successful exploits may aid in further attacks.

Attackers may also potentially exploit this issue to perform cache-poisoning or URL-spoofing attacks.

This issue is being tracked by Mozilla's Bugzilla Bug 387333.

61. Mozilla Firefox 2.0.0.4 Multiple Remote Vulnerabilities
BugTraq ID: 24946
Remote: Yes
Last Updated: 2007-08-15
Relevant URL: http://www.securityfocus.com/bid/24946
Summary:
The Mozilla Foundation has released four security advisories specifying multiple vulnerabilities in Firefox 2.0.0.4.

These vulnerabilities allow attackers to:

- Execute arbitrary code
- Execute code with chrome privileges
- Perform cross-site scripting attacks
- Crash Firefox in a myriad of ways, with evidence of memory corruption.

Other attacks may also be possible.

62. Mozilla Firefox/Thunderbird/SeaMonkey Chrome-Loaded About:Blank Script Execution Vulnerability
BugTraq ID: 25142
Remote: Yes
Last Updated: 2007-08-15
Relevant URL: http://www.securityfocus.com/bid/25142
Summary:
Mozilla Firefox, Thunderbird, and SeaMonkey are prone to a vulnerability that allows JavaScript to execute with unintended privileges.

A malicious site may be able to cause the execution of a script with Chrome privileges. Attackers could exploit this issue to execute hostile script code with privileges that exceed those that were intended. Certain Firefox extensions may not intend 'about:blank' to execute script code with Chrome privileges.

NOTE: This issue was introduced by the fix for MFSA 2007-20.

63. Zoidcom Malformed Packet Denial of Service Vulnerability
BugTraq ID: 25326
Remote: Yes
Last Updated: 2007-08-15
Relevant URL: http://www.securityfocus.com/bid/25326
Summary:
The Zoidcom network library is prone to a denial of service vulnerability when handling malformed packets.

An attacker could exploit this to crash a network service that is implemented with the library.

64. OpenOffice RTF File Parser Buffer Overflow Vulnerability
BugTraq ID: 24450
Remote: Yes
Last Updated: 2007-08-15
Relevant URL: http://www.securityfocus.com/bid/24450
Summary:
OpenOffice is prone to a remote heap-based buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.

Remote attackers may exploit this issue by enticing victims into opening maliciously crafted RTF files.

An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial of service.

65. Dovecot ACL Plugin Security Bypass Vulnerability
BugTraq ID: 25182
Remote: Yes
Last Updated: 2007-08-15
Relevant URL: http://www.securityfocus.com/bid/25182
Summary:
Dovecot ACL plugin is prone to a security-bypass vulnerability.

An attacker can exploit this issue to bypass mailbox restrictions and elevate privileges by altering ACL permission flags.

Versions prior to Dovecot 1.0.3 are vulnerable to this issue.

66. Microsoft OLE Automation SubstringData Function Integer Overflow Vulnerability
BugTraq ID: 25282
Remote: Yes
Last Updated: 2007-08-15
Relevant URL: http://www.securityfocus.com/bid/25282
Summary:
Microsoft OLE Automation is prone to an integer-overflow vulnerability. this issue occurs because the application fails to ensure that integer values are not overrun.

Successfully exploiting this issue allows remote attackers to corrupt heap memory and execute arbitrary in the context of the affeced application. Failed exploit attempts will result in a denial-of-service condition.

67. Hewlett-Packard OpenView OVTrace Multiple Remote Buffer Overflow Vulnerabilities
BugTraq ID: 25255
Remote: Yes
Last Updated: 2007-08-15
Relevant URL: http://www.securityfocus.com/bid/25255
Summary:
HP OpenView applications are prone to multiple remote stack-based buffer-overflow vulnerabilities because it fails to perform adequate boundary checks on input that is supplied to opcode handlers of affected services.

These vulnerabilities affect the 'ovtrcsvc.exe' and the 'OVTrace.exe' service.

Attackers can exploit these issues to execute arbitrary code with superuser privileges.

68. Akamai Download Manager ActiveX Control Multiple Buffer Overflow Vulnerabilities
BugTraq ID: 23522
Remote: Yes
Last Updated: 2007-08-15
Relevant URL: http://www.securityfocus.com/bid/23522
Summary:
Akamai Download Manager is prone to multiple remote buffer-overflow vulnerabilities because the application fails to properly bounds-check user-supplied data before copying it into an insufficiently sized memory buffer.

Exploiting these issues allows remote attackers to execute arbitrary code in the context of applications using the affected ActiveX control and to compromise affected computers. Failed attempts will likely result in denial-of-service conditions.

These issues affect Akamai Download Manager prior to 2.2.1.0; other versions may also be affected.

69. Microsoft Windows Media Player Remote Skin Header Code Execution Vulnerability
BugTraq ID: 25305
Remote: Yes
Last Updated: 2007-08-15
Relevant URL: http://www.securityfocus.com/bid/25305
Summary:
Microsoft Windows Media Player is prone to a remote code-execution vulnerability when handling specially crafted skin files.

Attackers exploit this issue by coercing unsuspecting users to download and open Windows Media Player skin files (WMZ or WMD files). Note that users must attempt to apply the skin files.

Successful exploits allow attackers to execute arbitrary code in the context of the vulnerable application. This facilitates the remote compromise of affected computers.

70. Microsoft Windows Media Player Remote Skin Decompression Code Execution Vulnerability
BugTraq ID: 25307
Remote: Yes
Last Updated: 2007-08-15
Relevant URL: http://www.securityfocus.com/bid/25307
Summary:
Microsoft Windows Media Player is prone to a remote code-execution vulnerability when handling specially crafted compressed skin files.

Attackers exploit this issue by coercing unsuspecting users to download and open Windows Media Player skin files (WMZ or WMD files).

Successful exploits allow attackers to execute arbitrary code in the context of the vulnerable application. This facilitates the remote compromise of affected computers.

71. Microsoft Internet Explorer Vector Markup Language VGX.DLL Remote Buffer Overflow Vulnerability
BugTraq ID: 25310
Remote: Yes
Last Updated: 2007-08-15
Relevant URL: http://www.securityfocus.com/bid/25310
Summary:
Microsoft Internet Explorer is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data.

This issue occurs when rendering VML (Vector Markup Language) grpahics.

Attackers can leverage this issue to execute arbitrary code in the context of the currently logged-in user.

Successful attacks may facilitate the remote compromise of affected computers. Failed attacks will likely cause denial-of-service conditions.

72. Microsoft Excel Worksheet Index Value Remote Code Execution Vulnerability
BugTraq ID: 25280
Remote: Yes
Last Updated: 2007-08-15
Relevant URL: http://www.securityfocus.com/bid/25280
Summary:
Microsoft Excel is prone to a remote code-execution vulnerability.

Attackers may exploit this issue by enticing victims into opening a maliciously crafted Excel file (.xls).

Successful exploits may allow attackers to execute arbitrary code with the privileges of the user running the application. This may facilitate a compromise of vulnerable computers.

73. Microsoft Windows GDI Metafiles AttemptWrite Remote Code Execution Vulnerability
BugTraq ID: 25302
Remote: Yes
Last Updated: 2007-08-15
Relevant URL: http://www.securityfocus.com/bid/25302
Summary:
Microsoft Windows is prone to a remote code-execution vulnerability because it fails to properly bounds-check user-supplied metafile data.

Successfully exploiting this issue allows remote attackers to execute arbitrary machine code in the context of users viewing malicious files. This facilitates the remote compromise of affected computers.

74. Microsoft Virtual PC and Virtual Server Heap Overflow Vulnerability
BugTraq ID: 25298
Remote: No
Last Updated: 2007-08-15
Relevant URL: http://www.securityfocus.com/bid/25298
Summary:
Microsoft Virtual PC and Virtual Server are prone to a local heap-overflow vulnerability.

To exploit this issue, attackers must have administrative privileges for the guest operating system.

Attackers may exploit this issue to execute arbitrary code in the context of the host operating system or another guest operating system. Successful exploits can result in a compromise of vulnerable computers.

75. Rsync F_Name Off-By-One Buffer Overflow Vulnerability
BugTraq ID: 25336
Remote: Yes
Last Updated: 2007-08-15
Relevant URL: http://www.securityfocus.com/bid/25336
Summary:
The rsync utility is prone to an off-by-one buffer-overflow vulnerability. This issue is due to a failure of the application to properly bounds-check user-supplied input.

Successfully exploiting this issue may allow arbitrary code-execution in the context of the affected utility.

Rsync version 2.6.9 is affected by this issue; other versions may also be vulnerable.

76. ESRI ArcSDE Server SPrintf Function Stack Buffer Overflow Vulnerability
BugTraq ID: 25334
Remote: Yes
Last Updated: 2007-08-15
Relevant URL: http://www.securityfocus.com/bid/25334
Summary:
ESRI ArcSDE Server is prone to a stack-based buffer-overflow vulnerability. This issue occurs because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.

An attacker can exploit this issue on an affected computer to execute code in the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.

ArcSDE service version 9.2 is vulnerable; prior versions may also be affected.

77. Opera Web Browser Invalid Pointer Remote Code Execution Vulnerability
BugTraq ID: 25331
Remote: Yes
Last Updated: 2007-08-15
Relevant URL: http://www.securityfocus.com/bid/25331
Summary:
The Opera Web Browser is prone to a remote code-execution vulnerability that occurs when parsing malicious JavaScript code.

Exploiting this issue allows an attacker to execute arbitrary code with the privileges of the user running the affected application. Failed exploit attempts will result in a denial-of-service condition.

This issue affects Opera versions prior to 9.23

78. Yahoo! Messenger KDU_V32M.DLL Remote Denial Of Service Vulnerability
BugTraq ID: 25330
Remote: Yes
Last Updated: 2007-08-15
Relevant URL: http://www.securityfocus.com/bid/25330
Summary:
Yahoo! Messenger is prone to a remote denial-of-service vulnerability.

An attacker can exploit this issue to crash the affected application, denying service to legitimate users.

This issue affects Yahoo! Messenger 8.1.0; other versions may also be affected.

79. SurgeMail IMAP SEARCH Command Remote Buffer Overflow Vulnerability
BugTraq ID: 25318
Remote: Yes
Last Updated: 2007-08-14
Relevant URL: http://www.securityfocus.com/bid/25318
Summary:
SurgeMail is prone to a remote buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input.

Successfully exploiting this issue allows remote attackers to execute arbitrary machine code in the context of the affected service. Failed exploit attempts likely result in denial-of-service conditions.

SurgeMail 38k is vulnerable; other versions may also be affected.

80. KDE Konqueror KHTML Library Title Cross Site Scripting Vulnerability
BugTraq ID: 22428
Remote: Yes
Last Updated: 2007-08-14
Relevant URL: http://www.securityfocus.com/bid/22428
Summary:
Konquerer is prone to a cross-site scripting vulnerability because the application fails to sufficiently sanitize user-supplied data.

Exploiting this issue may help the attacker steal cookie-based authentication credentials and launch other attacks.

All versions of KDE up to and including KDE 3.5.6 are vulnerable to this issue. Apple Safari web browser is also vulnerable to this issue.

81. MS Visual Basic 6 Package and Deployment Wizard ActiveX Control Remote Code Execution Vulnerability
BugTraq ID: 25295
Remote: Yes
Last Updated: 2007-08-14
Relevant URL: http://www.securityfocus.com/bid/25295
Summary:
The Microsoft Visual Basic 6 Package and Deployment Wizard ActiveX control is prone to a remote code-execution vulnerability.

An attacker may exploit this issue by enticing victims into opening a maliciously crafted HTML document.

82. SOTEeSKLEP _Files Local File Include Vulnerability
BugTraq ID: 25286
Remote: Yes
Last Updated: 2007-08-14
Relevant URL: http://www.securityfocus.com/bid/25286
Summary:
SOTEeSKLEP is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.

Exploiting this issue may allow an unauthorized user to view files and execute local scripts.

Versions prior to SOTEeSKLEP 4.0 are vulnerable.

83. Fedora Commons LDAP Authentication Bypass Vulnerability
BugTraq ID: 25317
Remote: Yes
Last Updated: 2007-08-14
Relevant URL: http://www.securityfocus.com/bid/25317
Summary:
Fedora Commons is prone to an authentication-bypass vulnerability because the application fails to properly handle unexpected conditions.

Attackers can exploit this issue to gain unauthorized access. This may facilitate a compromise of the application and underlying webserver; other attacks are also possible.

Versions prior to Fedora Commons 2.2.1 are vulnerable to this issue.

84. Apache Tomcat Multiple Remote Information Disclosure Vulnerabilities
BugTraq ID: 25316
Remote: Yes
Last Updated: 2007-08-14
Relevant URL: http://www.securityfocus.com/bid/25316
Summary:
Apache Tomcat is prone to multiple information-disclosure vulnerabilities because it fails to adequately sanitize user-supplied data.

Attackers can exploit these issues to access potentially sensitive data that may aid in further attacks.

Versions prior to Apache Tomcat 6.0.14 are vulnerable.

85. Apache Tomcat Host Manager Servlet Cross Site Scripting Vulnerability
BugTraq ID: 25314
Remote: Yes
Last Updated: 2007-08-14
Relevant URL: http://www.securityfocus.com/bid/25314
Summary:
Apache Tomcat Host Manager Servlet is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

An attacker can exploit this vulnerability to inject HTML and script code into the browser of an unsuspecting victim. The attacker may then steal cookie-based authentication credentials and launch other attacks.

Apache Tomcat 5.5.0 through 5.5.24 and 6.0.0 through 6.0.13 are affected.

86. Php Blue Dragon Multiple Input Validation Vulnerabilities
BugTraq ID: 25264
Remote: Yes
Last Updated: 2007-08-14
Relevant URL: http://www.securityfocus.com/bid/25264
Summary:
Php Blue Dragon CMS is prone to multiple input-validation vulnerabilities because the application fails to sufficiently sanitize user-supplied input. These issues include an SQL-injection vulnerability, a remote file-include vulnerability, and a local file-include vulnerability.

An attacker can exploit these issues to execute malicious PHP code in the context of the webserver process, access or modify data, or exploit latent vulnerabilities in the underlying database.

Php Blue Dragon CMS 3.0.0 is vulnerable; other versions may also be affected.

87. Article Dashboard Multiple Input Validation Vulnerabilities
BugTraq ID: 25309
Remote: Yes
Last Updated: 2007-08-14
Relevant URL: http://www.securityfocus.com/bid/25309
Summary:
Article Dashboard is prone to multiple input-validation vulnerabilities because the application fails to sanitize user-supplied input. These issues include multiple cross-site scripting vulnerabilities and an SQL-injection vulnerability.

A successful exploit may allow an attacker to steal cookie-based authentication credentials, execute malicious script code in a user's browser, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

These vulnerabilities were found in a version of Article Dashboard that was downloaded from the vendor's site on July 25, 2007. Presumably, all versions of Article Dashboard are vulnerable.

88. Qbik WinGate SMTP Service Command Format String Vulnerability
BugTraq ID: 25303
Remote: Yes
Last Updated: 2007-08-14
Relevant URL: http://www.securityfocus.com/bid/25303
Summary:
Qbik WinGate is prone to a remote format-string vulnerability because the application fails to properly sanitize user-supplied input before including it in the format-specifier argument of a formatted-printing function.

A remote attacker may execute arbitrary code with the privileges of the user running the affected application. Failed exploit attempts will result in a denial of service.

This issue affects Qbik WinGate 6.2.1; other versions may also be affected.

89. Szymon Kosok Best Top List Banner-Upload.PHP Arbitrary File Upload Vulnerability
BugTraq ID: 25293
Remote: Yes
Last Updated: 2007-08-14
Relevant URL: http://www.securityfocus.com/bid/25293
Summary:
Best Top List is prone to an arbitrary file-upload vulnerability because the application fails to sufficiently sanitize user-supplied input.

Exploiting this issue could allow an attacker to upload and execute arbitrary script code in the context of the affected webserver process. This may help the attacker compromise the application; other attacks are possible.

Best Top List 2.11 is vulnerable; other versions may also be affected.

90. WengoPhone SIP Soft Phone Malformed Packet Denial of Service Vulnerability
BugTraq ID: 25300
Remote: Yes
Last Updated: 2007-08-14
Relevant URL: http://www.securityfocus.com/bid/25300
Summary:
WengoPhone is prone to a denial-of-service vulnerability because the application fails to properly handle malformed data.

Successful exploits can allow remote attackers to crash the application, resulting in denial-of-service conditions.

This issue affects WengoPhone 2.1; other versions may also be affected.

91. CounterPath X-Lite SIP Soft Phone Malformed Packet Denial of Service Vulnerability
BugTraq ID: 25299
Remote: Yes
Last Updated: 2007-08-14
Relevant URL: http://www.securityfocus.com/bid/25299
Summary:
CounterPath X-Lite is prone to a denial-of-service vulnerability because the application fails to properly handle malformed data.

Successful exploits can allow remote attackers to crash the application, resulting in denial-of-service conditions.

This issue affects X-Lite 3.0; other versions may also be affected.

92. Xfce-Terminal Remote Command Injection Vulnerability
BugTraq ID: 24889
Remote: Yes
Last Updated: 2007-08-14
Relevant URL: http://www.securityfocus.com/bid/24889
Summary:
Xfce Terminal is prone to a remote command-injection vulnerability because it fails to adequately sanitize user-supplied input data.

Attackers can exploit this issue to execute arbitrary commands in the context of the application, facilitating the remote compromise of affected computers.

Xfce Terminal 0.2.6 is vulnerable; other versions may also be affected.

93. Savant Web Server Remote Buffer Overflow Vulnerability
BugTraq ID: 12429
Remote: Yes
Last Updated: 2007-08-14
Relevant URL: http://www.securityfocus.com/bid/12429
Summary:
A remote buffer-overflow vulnerability affects Savant Web Server. This issue occurs because the application fails to validate the length of user-supplied strings before copying them into finite process buffers.

A remote attacker may leverage this issue to execute arbitrary code with the privileges of the affected webserver. This issue may facilitate unauthorized access or privilege escalation.

94. LANAI CMS Multiple SQL Injection Vulnerabilities
BugTraq ID: 25193
Remote: Yes
Last Updated: 2007-08-14
Relevant URL: http://www.securityfocus.com/bid/25193
Summary:
LANAI CMS is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

LANAI CMS 1.2.14 is vulnerable; other versions may also be affected.

95. Symantec Altiris Deployment Solution Local Privilege Escalation Vulnerability
BugTraq ID: 25232
Remote: No
Last Updated: 2007-08-14
Relevant URL: http://www.securityfocus.com/bid/25232
Summary:
Symantec Altiris Deployment Solution is prone to a local privilege-escalation vulnerability.

An attacker can exploit this issue to execute arbitrary commands with SYSTEM-level privileges. Successfully exploiting this issue will result in the complete compromise of affected computers.

96. RndLabs Babo Violent 2 Multiple Vulnerabilities
BugTraq ID: 25329
Remote: Yes
Last Updated: 2007-08-14
Relevant URL: http://www.securityfocus.com/bid/25329
Summary:
Babo Violent 2 is prone to four vulnerabilities. These vulnerabilities include a format-string and three denial-of-service issues.

Successful attacks could result in execution of arbitrary code or could crash game servers.

97. EFS Software Easy Chat Server Authentication Request Handling Remote Denial Of Service Vulnerability
BugTraq ID: 25328
Remote: Yes
Last Updated: 2007-08-14
Relevant URL: http://www.securityfocus.com/bid/25328
Summary:
Easy Chat Server is prone to a remote denial-of-service vulnerability.

Attackers can exploit this issue to crash the server, denying access to legitimate users.

Easy Chat Server 2.2 is reported to be vulnerable; other versions may also be affected.

98. Live For Speed Multiple Vulnerabilities
BugTraq ID: 25327
Remote: No
Last Updated: 2007-08-14
Relevant URL: http://www.securityfocus.com/bid/25327
Summary:
Live For Speed is prone to four vulnerabilities. These vulnerabilities include buffer overflows and denial of service issues.

Successful exploits could result in execution of arbitrary code or could crash game servers.

99. DeskPRO Admin Panel Multiple HTML Injection Vulnerabilities
BugTraq ID: 25325
Remote: Yes
Last Updated: 2007-08-14
Relevant URL: http://www.securityfocus.com/bid/25325
Summary:
DeskPRO is prone to multiple HTML-injection vulnerabilities because it fails to sufficiently sanitize user-supplied input data.

To exploit this issue the attacker must have administrative privileges.

Exploiting these issues may allow an attacker to execute HTML and script code in the context of the affected site, to steal cookie-based authentication credentials, or to control how the site is rendered to the user; other attacks are also possible.

DeskPRO 3.0.2 is reported vulnerable; other versions may also be affected.

100. IBM Rational ClearQuest Username Parameter SQL Injection Vulnerability
BugTraq ID: 25324
Remote: Yes
Last Updated: 2007-08-14
Relevant URL: http://www.securityfocus.com/bid/25324
Summary:
IBM Rational ClearQuest is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

IBM Rational ClearQuest versions 7.0.0.0 and 7.0.0.1 are vulnerable; other versions may also be affected.

III. SECURITYFOCUS NEWS ARTICLES
--------------------------------
1. Universities warned of Storm Worm attacks
By: Robert Lemos
Scanning a computer infected with the bot software could bring swift retribution, warns the response center for academic networks.
http://www.securityfocus.com/news/11482

2. Retro attack gets new life, worries browser makers
By: Robert Lemos
Researchers find that browsers and plug-ins could be exploited to turn a victim's computer into a door to the internal network. One study finds an attack could claim 100,000 IP addresses in three days.
http://www.securityfocus.com/news/11481

3. Teaching hacking helps students, professors say
By: Robert Lemos
Universities and colleges could find more students interested in computer-science courses, if the teachers taught practical hacking, educators say.
http://www.securityfocus.com/news/11480

4. Will the iPhone be iPwned?
By: Robert Lemos
Security experts' predictions for the sleek high-end device vary, but they agree that Apple's first phone will be scrutinized closely.
http://www.securityfocus.com/news/11478

IV. SECURITY JOBS LIST SUMMARY
-------------------------------
V. INCIDENTS LIST SUMMARY
---------------------------
VI. VULN-DEV RESEARCH LIST SUMMARY
-----------------------------------
VII. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. Password complexity - improvement
http://www.securityfocus.com/archive/88/476610

2. SecurityFocus Microsoft Newsletter #354
http://www.securityfocus.com/archive/88/476463

3. SecurityFocus Microsoft Newsletter #352
http://www.securityfocus.com/archive/88/476453

VIII. SUN FOCUS LIST SUMMARY
----------------------------
IX. LINUX FOCUS LIST SUMMARY
----------------------------
X. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to sf-news-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.

XI. SPONSOR INFORMATION
------------------------
This Issue is Sponsored by: SPI Dynamics

https://download.spidynamics.com/1/ad/web.asp?Campaign_ID=70160000000D0r2

News

Thursday, August 16, 2007

SecurityFocus Newsletter #414

No comments:

WINDOWS CENTER

Blog Archive