WINDOWS CENTER: SecurityFocus Newsletter #415

SecurityFocus Newsletter #415
----------------------------------------

This Issue is Sponsored by: EMC

Register for live VMWare Management Webcast by EMC
Learn best practices for leveraging and optimizing a VMware infrastructure with EMC ControlCenter.

http://newsletter.industrybrains.com/c?fe;1;6dfcc;1a084;3c3;0;da4

SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1. Virtualized rootkits - Part 1
2. Delete This!
II. BUGTRAQ SUMMARY
1. Microsoft Windows Media Player Remote Skin Decompression Code Execution Vulnerability
2. Microsoft Windows Media Player Remote Skin Header Code Execution Vulnerability
3. Open ISCSI Multiple Local Denial Of Service Vulnerabilities
4. Perl Net::DNS Remote Multiple Vulnerabilities
5. Apache HTTP Server Mod_Status Cross-Site Scripting Vulnerability
6. AlstraSoft Video Share Enterprise MyajaxPHP.PHP Remote File Include Vulnerability
7. Apache HTTP Server Worker Process Multiple Denial of Service Vulnerabilities
8. Apache HTTP Server Mod_Cache Denial of Service Vulnerability
9. Linux Kernel i965 Chipsets Insecure Batchbuffer Local Privilege Escalation Vulnerability
10. RealPlayer/HelixPlayer ParseWallClockValue Function Buffer Overflow Vulnerability
11. IBM DB2 Universal Database Multiple Unspecified Vulnerabilities
12. Apple Safari Beta Same Origin Policy Violation Vulnerability
13. Sun Solaris 8 RBAC Remote Privilege Escalation Vulnerabilities
14. Cisco IOS Show IP BGP Regexp Remote Denial of Service Vulnerability
15. Lhaz Unspecified Remote Code Execution Vulnerability
16. Text File Search Classic TextFileSearch.ASP Cross-Site Scripting Vulnerability
17. Text File Search TextFileSearch.ASPX Cross-Site Scripting Vulnerability
18. Linux Kernel Random Number Generator Local Denial of Service and Privilege Escalation Vulnerability
19. GetMyOwnArcade Search.PHP SQL Injection Vulnerability
20. KDE Konqueror SetInterval Function Address Bar URI Spoofing Vulnerability
21. KDE Konqueror Address Bar URI Spoofing Vulnerability
22. Lighttpd Multiple Remote Denial of Service and Information Disclosure Vulnerabilities
23. Wireshark Multiple Protocol Denial of Service Vulnerabilities
24. Windows Vista Weather Gadget Remote Code Execution Vulnerability
25. Windows Vista Contacts Gadget Remote Code Execution Vulnerability
26. Windows Vista Feed Headlines Gadget Remote Code Execution Vulnerability
27. Microsoft Visual Basic 6 TBLinf32.DLL ActiveX Control Remote Code Execution Vulnerability
28. MS Visual Basic 6 Package and Deployment Wizard ActiveX Control Remote Code Execution Vulnerability
29. Microsoft Internet Explorer CSS Strings Memory Corruption Vulnerability
30. Mercury Mail Transport System AUTH CRAM-MD5 Buffer Overflow Vulnerability
31. LiteCommerce Multiple SQL Injection Vulnerabilities
32. Systrace Multiple System Call Wrappers Concurrency Vulnerabilities
33. Adobe ActionScript SecurityErrorEvent Security Bypass Vulnerability
34. GNOME Display Manager G_Strsplit Function Local Denial Of Service Vulnerability
35. Vim HelpTags Command Remote Format String Vulnerability
36. Ripe Website Manager Multiple SQL and HTML Injection Vulnerabilities
37. phUploader phUploader.PHP Arbitrary File Upload Vulnerability
38. American Financing eMail Image Upload Output.PHP Arbitrary File Upload Vulnerability
39. po4a GetTextization.Failed.PO Local Privilege Escalation Vulnerability
40. IBM Lotus Notes NTMulti.EXE Local Privilege Escalation Vulnerability
41. Sun Java System Application Server Administrative Console Encryption Protocol Selection Weakness
42. Grandstream GXV-3000 Phone Remote Denial of Service Vulnerability
43. Cisco 7940/7960 Phones SIP Message Handling Remote Denial of Service Vulnerabilities
44. WordPress PHP_Self Cross-Site Scripting Vulnerability
45. E-Gads! Common.PHP Remote File Include Vulnerability
46. Olate Download Environment.PHP Arbitrary Script Code Execution Vulnerability
47. J! Reactions comPath Remote File Include Vulnerability
48. Olate Download Admin.PHP Remote Authentication Bypass Vulnerability
49. ISC BIND 9 Remote Cache Poisoning Vulnerability
50. JasPer JPC_QCX_GetCompParm Function JP2 File Handling Remote Denial of Service Vulnerability
51. Rsync F_Name Off-By-One Buffer Overflow Vulnerability
52. Microsoft DirectX Media SDK DXTLIPI.DLL ActiveX Control Buffer Overflow Vulnerability
53. Clam AntiVirus ClamAV Multiple Remote Denial of Service Vulnerabilities
54. Trend Micro ServerProtect RPCFN_SYNC_TASK Remote Integer Vulnerability
55. Trend Micro ServerProtect Multiple RPC Remote Buffer Overflow Vulnerabilities
56. m-phorum Index.PHP Cross-Site Scripting Vulnerability
57. coWiki Index.PHP Cross-Site Scripting Vulnerability
58. Asterisk SIP Dialog History Resource Exhaustion Remote Denial of Service Vulnerability
59. ALeadSoft Search Engine Builder Search.HTML Cross-Site Scripting Vulnerability
60. Planet VC-200M VDSL2 Router Administration Interface Remote Denial Of Service Vulnerability
61. Sun Solaris x86 ATA(7D) Disk Driver Multiple Local Denial Of Service Vulnerabilities
62. Trend Micro Anti-Spyware And PC-cillin SSAPI Engine Local Stack Buffer Overflow Vulnerability
63. Linux Kernel Parent Process Death Signal Local Security Bypass Weakness
64. Olate Download Admin.PHP SQL Injection Vulnerability
65. eCentrex VOIP Client UACOMX.OCX ActiveX Control Buffer Overflow Vulnerability
66. Squirrelcart Popup_Window.PHP Remote File Include Vulnerability
67. Sysstat Insecure Temporary File Creation Vulnerability
68. BlueCat Networks Adonis CLI Remote Privilege Escalation Vulnerability
69. Libvorbis Denial Of Service And Memory Corruption Vulnerabilities
70. RETIRED: Zenturi ProgramChecker SASATL.DLL ActiveX Control Buffer Overflow Vulnerability
71. Cisco IOS and Unified Communications Manager Multiple Voice Vulnerabilities
72. Microsoft Internet Explorer Vector Markup Language VGX.DLL Remote Buffer Overflow Vulnerability
73. Sun Java Runtime Environment Font Parsing Remote Privilege Escalation Vulnerability
74. tcpdump Print-bgp.C Remote Integer Underflow Vulnerability
75. KDE KPDF/KWord/XPDF StreamPredictor Function Stack Buffer Overflow Vulnerability
76. Apache Tomcat JK Connector Double Encoding Security Bypass Vulnerability
77. NuFW Time Based Filtering Rule Bypass Vulnerability
78. SimpleFAQ Index.PHP SQL Injection Vulnerability
79. EMC Legato Networker Remote Exec Service Stack Buffer Overflow Vulnerability
80. Epic Games Unreal Engine Logging Function Remote Denial of Service Vulnerability
81. Total Commander FileInfo Plugin Multiple PE File Denial of Service Vulnerabilities
82. id3lib Insecure Temporary File Creation Vulnerability
83. TorrentTrader Multiple Unspecified SQL Injection Vulnerabilities
84. Gurur Haber Uyeler2.PHP SQL Injection Vulnerability
85. Firesoft Class_TPL.PHP Remote File Include Vulnerability
86. Check Point Zone Labs Multiple Products Local Privilege Escalation Vulnerabilities
87. Drupal Project and Project Issue Tracking Modules Insecure Permissions Security Bypass Vulnerability
88. Ampache Albums.PHP SQL Injection Vulnerability
89. Dalai Forum Forumreply.PHP Local File Include Vulnerability
90. Palm OS Treo Smartphone Remote Denial of Service Vulnerability
91. Gentoo Linux NVIDIA Drivers Local Denial of Service Vulnerability
92. Gentoo Linux NVIDIA Drivers Local Denial of Service Vulnerability
93. ISC BIND 9 Default ACL Settings Recursive Queries And Cached Content Security Bypass Vulnerability
94. Toribash Multiple Vulnerabilities
95. rFactor Multiple Vulnerabilities
96. Hewlett-Packard OpenView OVTrace Multiple Remote Buffer Overflow Vulnerabilities
97. HP Serviceguard for Linux Unspecified Local Privilege Escalation Vulnerability
98. Diskeeper DKService.EXE Remote Information Disclosure Vulnerability
99. Microsoft Windows GDI Metafiles AttemptWrite Remote Code Execution Vulnerability
100. Microsoft Virtual PC and Virtual Server Heap Overflow Vulnerability
III. SECURITYFOCUS NEWS
1. Universities warned of Storm Worm attacks
2. Retro attack gets new life, worries browser makers
3. Teaching hacking helps students, professors say
4. Will the iPhone be iPwned?
IV. SECURITY JOBS LIST SUMMARY
V. INCIDENTS LIST SUMMARY
1. 0day linux 2.6 /dev/mem rootkit found
VI. VULN-DEV RESEARCH LIST SUMMARY
1. No cON Name 2007 - CALL FOR PAPERS
2. ToorCon 9 CFP
VII. MICROSOFT FOCUS LIST SUMMARY
1. SecurityFocus Microsoft Newsletter #355
2. Password complexity - improvement
VIII. SUN FOCUS LIST SUMMARY
IX. LINUX FOCUS LIST SUMMARY
X. UNSUBSCRIBE INSTRUCTIONS
XI. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1. Virtualized rootkits - Part 1
By Federico Biancuzzi
There has been a lot of buzz around the topic of virtualized rootkits. Joanna Rutkowska has been working on a new version of Blue-Pill, her proof of concept invisible rootkit, while a team made by three prominent security experts (Thomas Ptacek, Nate Lawson, Peter Ferrie) challenged her that there is not an "invisible" rootkit, and that they were going to present at BlackHat conference various techniques to detect Blue-Pill. Federico Biancuzzi interviewed both sides to learn more. Part 1 of 2
http://www.securityfocus.com/columnists/451

2. Delete This!
By Mark Rasch
A series of legal events means that companies that have no business reason to retain documents or records may be compelled to create and retain such records just so they can become available for discovery.
http://www.securityfocus.com/columnists/450

II. BUGTRAQ SUMMARY
--------------------
1. Microsoft Windows Media Player Remote Skin Decompression Code Execution Vulnerability
BugTraq ID: 25307
Remote: Yes
Last Updated: 2007-08-22
Relevant URL: http://www.securityfocus.com/bid/25307
Summary:
Microsoft Windows Media Player is prone to a remote code-execution vulnerability when handling specially crafted compressed skin files.

Attackers exploit this issue by coercing unsuspecting users to download and open Windows Media Player skin files (WMZ or WMD files).

Successful exploits allow attackers to execute arbitrary code in the context of the vulnerable application. This facilitates the remote compromise of affected computers.

2. Microsoft Windows Media Player Remote Skin Header Code Execution Vulnerability
BugTraq ID: 25305
Remote: Yes
Last Updated: 2007-08-22
Relevant URL: http://www.securityfocus.com/bid/25305
Summary:
Microsoft Windows Media Player is prone to a remote code-execution vulnerability when handling specially crafted skin files.

Attackers exploit this issue by coercing unsuspecting users to download and open Windows Media Player skin files (WMZ or WMD files). Note that users must attempt to apply the skin files.

Successful exploits allow attackers to execute arbitrary code in the context of the vulnerable application. This facilitates the remote compromise of affected computers.

3. Open ISCSI Multiple Local Denial Of Service Vulnerabilities
BugTraq ID: 24471
Remote: No
Last Updated: 2007-08-17
Relevant URL: http://www.securityfocus.com/bid/24471
Summary:
Open-iSCSI is prone to multiple local denial-of-service vulnerabilities.

A local attacker can exploit these issues to deny legitimate user access to the server daemon.

4. Perl Net::DNS Remote Multiple Vulnerabilities
BugTraq ID: 24669
Remote: Yes
Last Updated: 2007-08-17
Relevant URL: http://www.securityfocus.com/bid/24669
Summary:
The Perl Net::DNS module is prone to a remote denial-of-service vulnerability and a cache-poisoning issue.

Successful exploits may allow remote attackers to cause denial-of-service conditions or to manipulate cache data, potentially facilitating man-in-the-middle and site-impersonation attacks.

Versions prior to Perl Net::DNS 0.60. are reported vulnerable.

5. Apache HTTP Server Mod_Status Cross-Site Scripting Vulnerability
BugTraq ID: 24645
Remote: Yes
Last Updated: 2007-08-17
Relevant URL: http://www.securityfocus.com/bid/24645
Summary:
The Apache HTTP Server mod_status module is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

6. AlstraSoft Video Share Enterprise MyajaxPHP.PHP Remote File Include Vulnerability
BugTraq ID: 19724
Remote: Yes
Last Updated: 2007-08-17
Relevant URL: http://www.securityfocus.com/bid/19724
Summary:
AlstraSoft Video Share Enterprise is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input.

An attacker can exploit this issue to include an arbitrary remote file containing malicious PHP code and execute it in the context of the webserver process. This may allow the attacker to compromise the application and the underlying system; other attacks are also possible.

Video Share Enterprise versions prior to 4.4 are vulnerable.

7. Apache HTTP Server Worker Process Multiple Denial of Service Vulnerabilities
BugTraq ID: 24215
Remote: Yes
Last Updated: 2007-08-17
Relevant URL: http://www.securityfocus.com/bid/24215
Summary:
Apache is prone to multiple denial-of-service vulnerabilities.

An attacker with the ability to execute arbitrary server-side script-code can exploit these issues to stop arbitrary services on the affected computer in the context of the master webserver process; other attacks may also be possible.

8. Apache HTTP Server Mod_Cache Denial of Service Vulnerability
BugTraq ID: 24649
Remote: Yes
Last Updated: 2007-08-17
Relevant URL: http://www.securityfocus.com/bid/24649
Summary:
The Apache mod_cache module is prone to a denial-of-service vulnerability.

A remote attacker may be able to exploit this issue to crash the child process. This could lead to denial-of-service conditions if the server is using a multithreaded Multi-Processing Module (MPM).

9. Linux Kernel i965 Chipsets Insecure Batchbuffer Local Privilege Escalation Vulnerability
BugTraq ID: 25263
Remote: No
Last Updated: 2007-08-17
Relevant URL: http://www.securityfocus.com/bid/25263
Summary:
The Linux kernel is prone to a local privilege-escalation vulnerability.

Exploiting this issue may allow local attackers to gain elevated privileges, facilitating the complete compromise of affected computers.

Versions of Linux kernel prior to 2.6.22.2 are vulnerable to this issue.

10. RealPlayer/HelixPlayer ParseWallClockValue Function Buffer Overflow Vulnerability
BugTraq ID: 24658
Remote: Yes
Last Updated: 2007-08-17
Relevant URL: http://www.securityfocus.com/bid/24658
Summary:
RealPlayer and HelixPlayer are prone to a buffer-overflow vulnerability because the applications fail to bounds-check user-supplied data before copying it into an insufficiently sized buffer.

Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed exploit attempts likely result in denial-of-service conditions.

This issue affects RealPlayer 10.5-GOLD and HelixPlayer 10.5-GOLD; other versions may also be affected.

11. IBM DB2 Universal Database Multiple Unspecified Vulnerabilities
BugTraq ID: 25339
Remote: Yes
Last Updated: 2007-08-17
Relevant URL: http://www.securityfocus.com/bid/25339
Summary:
IBM DB2 is prone to multiple vulnerabilities that may allow an attacker to carry out a variety of attacks. It is possible that some of these issues may permit an attacker to completely compromise a vulnerable computer.

These issues affect DB2 9.1 and 8 running on all supported platforms.

12. Apple Safari Beta Same Origin Policy Violation Vulnerability
BugTraq ID: 25355
Remote: Yes
Last Updated: 2007-08-17
Relevant URL: http://www.securityfocus.com/bid/25355
Summary:
Apple Safari is susceptible to a same-origin policy violation vulnerability. This issue is due to the application's failure to properly enforce same-origin policy for JavaScript remote data access.

An attacker may create a malicious webpage that can access the properties of another domain. This may lead to disclosure of sensitive information or may facilitate other attacks against a user of the browser.

Safari version 3 beta is vulnerable to this issue.

13. Sun Solaris 8 RBAC Remote Privilege Escalation Vulnerabilities
BugTraq ID: 25353
Remote: Yes
Last Updated: 2007-08-17
Relevant URL: http://www.securityfocus.com/bid/25353
Summary:
Sun Solaris 8 is prone to two remote privilege-escalation vulnerabilities.

Successfully exploiting these issues may allow remote attackers to gain elevated privileges on vulnerable computers. This facilitates the complete compromise of affected computers.

Attackers require knowledge of role passwords to successfully exploit these issues.

14. Cisco IOS Show IP BGP Regexp Remote Denial of Service Vulnerability
BugTraq ID: 25352
Remote: Yes
Last Updated: 2007-08-17
Relevant URL: http://www.securityfocus.com/bid/25352
Summary:
Cisco IOS is prone to a remote denial-of-service vulnerability. This issue is due to a failure of the software to properly handle certain CLI commands.

Attackers must be able to successfully authenticate to vulnerable devices in order to issue commands that trigger this vulnerability. This may be achieved through remote anonymous means, or by sending specially-crafted input to web interfaces such as 'Looking Glass' web applications.

Successfully exploiting this issue allows attackers to trigger device reboots, denying service to legitimate users.

Information regarding affected software versions is currently unavailable. This BID will be updated as more information is disclosed.

15. Lhaz Unspecified Remote Code Execution Vulnerability
BugTraq ID: 25351
Remote: Yes
Last Updated: 2007-08-17
Relevant URL: http://www.securityfocus.com/bid/25351
Summary:
Lhaz is prone to an unspecified remote code-execution vulnerability.

An attacker can exploit this issue to execute arbitrary code within the context of the affected application.

This issue affects Lhaz version 1.33; other versions may also be affected.

16. Text File Search Classic TextFileSearch.ASP Cross-Site Scripting Vulnerability
BugTraq ID: 25350
Remote: Yes
Last Updated: 2007-08-17
Relevant URL: http://www.securityfocus.com/bid/25350
Summary:
Text File Search Classic is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

17. Text File Search TextFileSearch.ASPX Cross-Site Scripting Vulnerability
BugTraq ID: 25349
Remote: Yes
Last Updated: 2007-08-17
Relevant URL: http://www.securityfocus.com/bid/25349
Summary:
Text File Search is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

18. Linux Kernel Random Number Generator Local Denial of Service and Privilege Escalation Vulnerability
BugTraq ID: 25348
Remote: No
Last Updated: 2007-08-17
Relevant URL: http://www.securityfocus.com/bid/25348
Summary:
The Linux kernel is prone to a local vulnerability that may result in a denial-of-service or privilege-escalation. This issue is due to a stack-based overflow in kernel memory.

Successfully exploiting this issue allows local attackers to trigger kernel crashes, denying service to legitimate users. In certain circumstances, attackers may also gain elevated privileges. The attacker may require partial administrative access via granular assignments of superuser privileges.

Linux kernel versions prior to 2.6.22.3 are affected by this issue.

19. GetMyOwnArcade Search.PHP SQL Injection Vulnerability
BugTraq ID: 25345
Remote: Yes
Last Updated: 2007-08-17
Relevant URL: http://www.securityfocus.com/bid/25345
Summary:
GetMyOwnArcade is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query.

A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.

20. KDE Konqueror SetInterval Function Address Bar URI Spoofing Vulnerability
BugTraq ID: 25219
Remote: Yes
Last Updated: 2007-08-16
Relevant URL: http://www.securityfocus.com/bid/25219
Summary:
KDE Konqueror is affected by a URI-spoofing vulnerability because it fails to sufficiently sanitize user-supplied input.

An attacker can exploit this issue to display arbitrary content while displaying the URL of a trusted website in the address bar. This may lead to a false sense of trust because the victim may be presented with a source URI of a trusted site while interacting with the attacker's malicious site.

Konqueror 3.5.7 is vulnerable; other versions may also be affected.

21. KDE Konqueror Address Bar URI Spoofing Vulnerability
BugTraq ID: 24912
Remote: Yes
Last Updated: 2007-08-16
Relevant URL: http://www.securityfocus.com/bid/24912
Summary:
KDE Konqueror is affected by a URI-spoofing vulnerability because it fails to adequately handle user-supplied data.

An attacker may leverage this issue by padding the URI and inserting arbitrary content to spoof the source URI of a file presented to an unsuspecting user. This may lead to a false sense of trust because the victim may be presented with a source URI of a trusted site while interacting with the attacker's malicious site.

Konqueror 3.5.7 are vulnerable; other versions may also be affected.

NOTE: This issue also affects the Opera browser. This BID originally tracked the issue for both products but has been split into two separate BIDs. The issue affecting Opera is now being tracked as BID 24917.

22. Lighttpd Multiple Remote Denial of Service and Information Disclosure Vulnerabilities
BugTraq ID: 24967
Remote: Yes
Last Updated: 2007-08-16
Relevant URL: http://www.securityfocus.com/bid/24967
Summary:
Lighttpd is prone to multiple remote denial-of-service vulnerabilities and an information-disclosure vulnerability.

An attacker can exploit these issues to gain access to sensitive information or crash the affected application, denying service to legitimate users.

These issues affect versions prior to lighttpd 1.4.16.

23. Wireshark Multiple Protocol Denial of Service Vulnerabilities
BugTraq ID: 24662
Remote: Yes
Last Updated: 2007-08-16
Relevant URL: http://www.securityfocus.com/bid/24662
Summary:
Wireshark is prone to multiple denial-of-service vulnerabilities.

Exploiting these issues may permit attackers to cause crashes and deny service to legitimate users of the application.

Versions prior to Wireshark 0.99.6 are affected.

24. Windows Vista Weather Gadget Remote Code Execution Vulnerability
BugTraq ID: 25306
Remote: Yes
Last Updated: 2007-08-16
Relevant URL: http://www.securityfocus.com/bid/25306
Summary:
Windows Vista is prone to a remote code-execution vulnerability because it fails to adequately validate certain HTML attributes.

Attackers can leverage this issue to execute arbitrary code in the context of the currently logged-in user. Successful attacks may facilitate the remote compromise of affected computers.

25. Windows Vista Contacts Gadget Remote Code Execution Vulnerability
BugTraq ID: 25304
Remote: Yes
Last Updated: 2007-08-16
Relevant URL: http://www.securityfocus.com/bid/25304
Summary:
Windows Vista is prone to a remote code-execution vulnerability because it fails to adequately sanitize user-supplied data.

Attackers exploit this issue by coercing unsuspecting users to add or import malicious contact files.

Attackers can leverage this issue to execute arbitrary code in the context of the currently logged-in user. Successful attacks may facilitate the remote compromise of affected computers.

26. Windows Vista Feed Headlines Gadget Remote Code Execution Vulnerability
BugTraq ID: 25287
Remote: Yes
Last Updated: 2007-08-16
Relevant URL: http://www.securityfocus.com/bid/25287
Summary:
Windows Vista is prone to a remote code-execution vulnerability because it fails to adequately sanitize user-supplied data.

Attackers exploit this issue by coercing unsuspecting users to subscribe to a malicious RSS feed using the affected gadget.

Attackers can leverage this issue to execute arbitrary code in the context of the currently logged-in user. Successful attacks may facilitate the remote compromise of affected computers.

27. Microsoft Visual Basic 6 TBLinf32.DLL ActiveX Control Remote Code Execution Vulnerability
BugTraq ID: 25289
Remote: Yes
Last Updated: 2007-08-22
Relevant URL: http://www.securityfocus.com/bid/25289
Summary:
The Microsoft Visual Basic 6 TypeLib Information Library (TLI) ActiveX control is prone to a remote code-execution vulnerability.

An attacker may exploit this issue by enticing victims into opening a maliciously crafted HTML document.

28. MS Visual Basic 6 Package and Deployment Wizard ActiveX Control Remote Code Execution Vulnerability
BugTraq ID: 25295
Remote: Yes
Last Updated: 2007-08-22
Relevant URL: http://www.securityfocus.com/bid/25295
Summary:
The Microsoft Visual Basic 6 Package and Deployment Wizard ActiveX control is prone to a remote code-execution vulnerability.

An attacker may exploit this issue by enticing victims into opening a maliciously crafted HTML document.

29. Microsoft Internet Explorer CSS Strings Memory Corruption Vulnerability
BugTraq ID: 25288
Remote: Yes
Last Updated: 2007-08-22
Relevant URL: http://www.securityfocus.com/bid/25288
Summary:
Microsoft Internet Explorer is prone to a remote code-execution vulnerability because the application fails to properly handle certain CSS data.

An attacker may exploit this issue by enticing victims into opening a maliciously crafted HTML document.

Successful exploits may allow an attacker to execute arbitrary code in the context of the user running the vulnerable application.

This issue affects Internet Explorer 5.01 SP4 running on Microsoft Windows 2000 SP4.

30. Mercury Mail Transport System AUTH CRAM-MD5 Buffer Overflow Vulnerability
BugTraq ID: 25357
Remote: Yes
Last Updated: 2007-08-22
Relevant URL: http://www.securityfocus.com/bid/25357
Summary:
Mercury Mail Transport System is prone to a remote stack-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on when handling AUTH CRAM-MD5 requests.

Attackers can exploit this issue to execute arbitrary code with the privileges of the user running the application. Successful exploits will compromise the computer. Failed exploit attempts will result in a denial of service.

Versions prior to Mercury/32 v4.52 and Mercury/NLM v1.49 are vulnerable.

31. LiteCommerce Multiple SQL Injection Vulnerabilities
BugTraq ID: 13044
Remote: Yes
Last Updated: 2007-08-22
Relevant URL: http://www.securityfocus.com/bid/13044
Summary:
LiteCommerce is reportedly affected by multiple SQL injection vulnerabilities.

These vulnerabilities could permit remote attackers to pass malicious input to database queries, resulting in modification of query logic or other attacks.

Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.

All versions of LiteCommerce are considered to be affected at the moment.

32. Systrace Multiple System Call Wrappers Concurrency Vulnerabilities
BugTraq ID: 25258
Remote: No
Last Updated: 2007-08-22
Relevant URL: http://www.securityfocus.com/bid/25258
Summary:
Systrace is prone to multiple concurrency vulnerabilities due to its implementation of system call wrappers. This problem can result in a race condition between a user thread and the kernel.

Attackers can exploit these issues by replacing certain values in system call wrappers with malicious data to elevate privileges or to bypass auditing. Successful attacks can completely compromise affected computers.

33. Adobe ActionScript SecurityErrorEvent Security Bypass Vulnerability
BugTraq ID: 25260
Remote: Yes
Last Updated: 2007-08-22
Relevant URL: http://www.securityfocus.com/bid/25260
Summary:
Adobe ActionScript is prone to a security-bypass vulnerability because the application allows Flash movies compiled by ActionScript to connect to arbitrary TCP ports on a host running a vulnerable version of Flash.

Successfully exploiting this issue allows an attacker to bypass the application's sandbox security model and scan other hosts that are connected to the computer running the vulnerable application.

34. GNOME Display Manager G_Strsplit Function Local Denial Of Service Vulnerability
BugTraq ID: 25191
Remote: No
Last Updated: 2007-08-22
Relevant URL: http://www.securityfocus.com/bid/25191
Summary:
GNOME Display Manager is prone to a local denial-of-service vulnerability because the application fails to handle specially crafted GDM socket commands.

A local attacker can exploit this issue to crash the affected application, denying service to legitimate users.

Versions prior to GNOME Display Manager 2.14.13, 2.16.7, 2.18.4, and 2.19.5 are vulnerable.

35. Vim HelpTags Command Remote Format String Vulnerability
BugTraq ID: 25095
Remote: Yes
Last Updated: 2007-08-22
Relevant URL: http://www.securityfocus.com/bid/25095
Summary:
Vim is prone to a remote format-string vulnerability because the application fails to properly sanitize user-supplied input before including it in the format-specifier argument of a formatted-printing function.

A remote attacker may execute arbitrary code with the privileges of the user running the affected application. Failed exploit attempts may cause denial-of-service conditions.

Vim 6.4 and 7.1 are vulnerable; other versions may also be affected.

36. Ripe Website Manager Multiple SQL and HTML Injection Vulnerabilities
BugTraq ID: 25406
Remote: Yes
Last Updated: 2007-08-22
Relevant URL: http://www.securityfocus.com/bid/25406
Summary:
Ripe Website Manager is prone to multiple input-validation vulnerabilities, including HTML- and SQL-injection issues.

Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.

These issues affect Ripe Website Manager versions prior to 0.8.10.

37. phUploader phUploader.PHP Arbitrary File Upload Vulnerability
BugTraq ID: 25405
Remote: Yes
Last Updated: 2007-08-22
Relevant URL: http://www.securityfocus.com/bid/25405
Summary:
phUploader is prone to an arbitrary file-upload vulnerability because the application fails to sufficiently sanitize user-supplied input.

Exploiting this issue could allow an attacker to upload and execute arbitrary script code in the context of the affected webserver process. This may help the attacker compromise the application; other attacks are possible.

phUploader 1.2 is vulnerable; other versions may also be affected.

38. American Financing eMail Image Upload Output.PHP Arbitrary File Upload Vulnerability
BugTraq ID: 25404
Remote: Yes
Last Updated: 2007-08-22
Relevant URL: http://www.securityfocus.com/bid/25404
Summary:
eMail Image Upload is prone to an arbitrary file-upload vulnerability because the application fails to sufficiently sanitize user-supplied input.

eMail Image Upload version 4.1 is vulnerable; prior versions may also be affected.

39. po4a GetTextization.Failed.PO Local Privilege Escalation Vulnerability
BugTraq ID: 25402
Remote: No
Last Updated: 2007-08-22
Relevant URL: http://www.securityfocus.com/bid/25402
Summary:
po4a is prone to a local privilege-escalation vulnerability because it creates a temporary file insecurely.

Attackers can leverage this issue to launch symbolic link attacks. This may facilitate the compromise of affected computers.

po4a versions prior to 0.32 are vulnerable.

40. IBM Lotus Notes NTMulti.EXE Local Privilege Escalation Vulnerability
BugTraq ID: 25401
Remote: No
Last Updated: 2007-08-22
Relevant URL: http://www.securityfocus.com/bid/25401
Summary:
IBM Lotus Notes is prone to a local privilege-escalation vulnerability because it fails to assigned proper file permissions during installation.

Attackers can exploit this issue to run arbitrary applications with SYSTEM-level privileges. Successful attacks will completely compromise affected computers.

NOTE: This issue may be related to the one covered under BID 20612. This has not been confirmed. This BID will be updated as further information becomes available.

41. Sun Java System Application Server Administrative Console Encryption Protocol Selection Weakness
BugTraq ID: 25400
Remote: Yes
Last Updated: 2007-08-22
Relevant URL: http://www.securityfocus.com/bid/25400
Summary:
Sun Java System Application Server is prone to an encryption protocol selection weakness.

If a vulnerability were to exist in a cipher, an attacker could exploit this issue to gain access to sensitive information or gain unauthorized access to the affected application.

This issue affects Sun Java System Application Server 9.0_0.1; other versions may also be affected.

42. Grandstream GXV-3000 Phone Remote Denial of Service Vulnerability
BugTraq ID: 25399
Remote: Yes
Last Updated: 2007-08-22
Relevant URL: http://www.securityfocus.com/bid/25399
Summary:
Grandstream GXV-3000 phones are prone to a remote denial-of-service vulnerability.

Exploiting this issue allows remote attackers to cause the device to accept a phone while being unable to hang up. This effectively denies service to legitimate users as further calls will not be accepted by the device.

43. Cisco 7940/7960 Phones SIP Message Handling Remote Denial of Service Vulnerabilities
BugTraq ID: 25378
Remote: Yes
Last Updated: 2007-08-21
Relevant URL: http://www.securityfocus.com/bid/25378
Summary:
Cisco 7940/7960 phones are prone to multiple denial-of-service vulnerabilities.

A successful attack can allow remote attackers to crash or reboot an affected device.

Cisco 7940/7960 devices running firmware P0S3-08-6-00 and prior are reported to be vulnerable.

44. WordPress PHP_Self Cross-Site Scripting Vulnerability
BugTraq ID: 23027
Remote: Yes
Last Updated: 2007-08-21
Relevant URL: http://www.securityfocus.com/bid/23027
Summary:
WordPress is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

45. E-Gads! Common.PHP Remote File Include Vulnerability
BugTraq ID: 23817
Remote: Yes
Last Updated: 2007-08-21
Relevant URL: http://www.securityfocus.com/bid/23817
Summary:
E-GADS! is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data.

Exploiting these issues may allow an attacker to compromise the application and the underlying system; other attacks are also possible.

E-GADS! 2.2.6 is vulnerable to this issue.

46. Olate Download Environment.PHP Arbitrary Script Code Execution Vulnerability
BugTraq ID: 25356
Remote: Yes
Last Updated: 2007-08-21
Relevant URL: http://www.securityfocus.com/bid/25356
Summary:
Olate Download is prone to an arbitrary script code-execution vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied input prior to utilizing it in a PHP 'eval' statement.

Successfully exploiting this issue allows remote attackers to execute arbitrary PHP script code in the context of the web server hosting the vulnerable application. This facilitates the remote compromise of affected computers.

Olate Download versions prior to 3.4.2 are vulnerable.

47. J! Reactions comPath Remote File Include Vulnerability
BugTraq ID: 25198
Remote: Yes
Last Updated: 2007-08-21
Relevant URL: http://www.securityfocus.com/bid/25198
Summary:
J! Reactions is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied input.

Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible.

This issue affects J! Reactions 1.8.1; other versions may also be vulnerable.

48. Olate Download Admin.PHP Remote Authentication Bypass Vulnerability
BugTraq ID: 25343
Remote: Yes
Last Updated: 2007-08-21
Relevant URL: http://www.securityfocus.com/bid/25343
Summary:
Olate Download is prone to an authentication-bypass vulnerability.

An attacker can exploit this issue to gain administrative access to the affected application. Successfully exploiting this issue will result in the remote compromise of the affected application.

Olate Download versions prior to 3.4.2 are vulnerable.

49. ISC BIND 9 Remote Cache Poisoning Vulnerability
BugTraq ID: 25037
Remote: Yes
Last Updated: 2007-08-21
Relevant URL: http://www.securityfocus.com/bid/25037
Summary:
BIND 9 is prone to a remote cache-poisoning vulnerability because of a weakness in its random number generator.

An attacker may leverage this issue to manipulate cache data, potentially facilitating man-in-the-middle, site-impersonation, or denial-of-service attacks.

Versions up to BIND 9.4.1 are vulnerable to this issue.

50. JasPer JPC_QCX_GetCompParm Function JP2 File Handling Remote Denial of Service Vulnerability
BugTraq ID: 24052
Remote: Yes
Last Updated: 2007-08-21
Relevant URL: http://www.securityfocus.com/bid/24052
Summary:
JasPer is prone to a remote denial-of-service vulnerability because the application fails to handle specially crafted JP2 files.

An attacker may exploit this issue by enticing victims to open a maliciously crafted file.

Exploiting this issue allows remote attackers to crash the application, denying further service to legitimate users.

This issue affects JasPer 1.900 and 1.900.1; other versions may also be affected.

51. Rsync F_Name Off-By-One Buffer Overflow Vulnerability
BugTraq ID: 25336
Remote: Yes
Last Updated: 2007-08-21
Relevant URL: http://www.securityfocus.com/bid/25336
Summary:
The rsync utility is prone to an off-by-one buffer-overflow vulnerability. This issue is due to a failure of the application to properly bounds-check user-supplied input.

Successfully exploiting this issue may allow arbitrary code-execution in the context of the affected utility.

Rsync version 2.6.9 is affected by this issue; other versions may also be vulnerable.

52. Microsoft DirectX Media SDK DXTLIPI.DLL ActiveX Control Buffer Overflow Vulnerability
BugTraq ID: 25279
Remote: Yes
Last Updated: 2007-08-21
Relevant URL: http://www.securityfocus.com/bid/25279
Summary:
Microsoft DirectX Media SDK 'DXTLIPI.DLL' ActiveX control is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data.

Microsoft DirectX Media SDK 6.0 with DXTLIPI.DLL 6.0.2.827 is reported vulnerable.

53. Clam AntiVirus ClamAV Multiple Remote Denial of Service Vulnerabilities
BugTraq ID: 25398
Remote: Yes
Last Updated: 2007-08-21
Relevant URL: http://www.securityfocus.com/bid/25398
Summary:
ClamAV is prone to multiple denial-of-service vulnerabilities.

A successful attack may allow an attacker to crash the application and deny service to users.

ClamAV versions prior to 0.91.2 are vulnerable to these issues.

54. Trend Micro ServerProtect RPCFN_SYNC_TASK Remote Integer Vulnerability
BugTraq ID: 25396
Remote: Yes
Last Updated: 2007-08-21
Relevant URL: http://www.securityfocus.com/bid/25396
Summary:
Trend Micro ServerProtect is prone to an interger overflow vulnerability that is exploitable over RPC.

Exploiting this issue allows attackers to execute arbitrary machine code with SYSTEM-level privileges and to completely compromise affected computers. Failed exploit attempts will result in a denial of service.

This issue was reported to affect ServerProtect 5.58 Build 1176 (Security Patch 3). Earlier versions may also be affected.

55. Trend Micro ServerProtect Multiple RPC Remote Buffer Overflow Vulnerabilities
BugTraq ID: 25395
Remote: Yes
Last Updated: 2007-08-21
Relevant URL: http://www.securityfocus.com/bid/25395
Summary:
Trend Micro ServerProtect is prone to multiple remote buffer-overflow vulnerabilities because the application fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer.

There are nine buffer-overflow vulnerabilities that affect the 'SpntSvc.exe' and agent services that listen on TCP ports 5168 and 3628. These vulnerabilities may be exploited over RPC interfaces that are exposed by the vulnerable application.

These issues were reported to affect ServerProtect 5.58 Build 1176 (Security Patch 3). Earlier versions may also be affected.

56. m-phorum Index.PHP Cross-Site Scripting Vulnerability
BugTraq ID: 25394
Remote: Yes
Last Updated: 2007-08-21
Relevant URL: http://www.securityfocus.com/bid/25394
Summary:
m-phorum is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

m-phorum version 0.3 is vulnerable; other versions may also be affected.

57. coWiki Index.PHP Cross-Site Scripting Vulnerability
BugTraq ID: 25393
Remote: Yes
Last Updated: 2007-08-21
Relevant URL: http://www.securityfocus.com/bid/25393
Summary:
coWiki is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

58. Asterisk SIP Dialog History Resource Exhaustion Remote Denial of Service Vulnerability
BugTraq ID: 25392
Remote: Yes
Last Updated: 2007-08-21
Relevant URL: http://www.securityfocus.com/bid/25392
Summary:
Asterisk is prone to a remote denial-of-service vulnerability.

Successfully exploiting this issue allows remote attackers to consume all system resources, denying service to legitimate users.

59. ALeadSoft Search Engine Builder Search.HTML Cross-Site Scripting Vulnerability
BugTraq ID: 25391
Remote: Yes
Last Updated: 2007-08-21
Relevant URL: http://www.securityfocus.com/bid/25391
Summary:
ALeadSoft Search Engine Builder is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

60. Planet VC-200M VDSL2 Router Administration Interface Remote Denial Of Service Vulnerability
BugTraq ID: 25390
Remote: Yes
Last Updated: 2007-08-21
Relevant URL: http://www.securityfocus.com/bid/25390
Summary:
The Planet VC-200M VDSL2 Router is prone to a remote denial-of-service vulnerability because it fails to handle malicious HTTP requests.

Attackers can exploit this issue to deny legitimate access to the device's administration interface.

The Planet VC-200M VDSL2 Router is vulnerable; other devices may also be affected.

61. Sun Solaris x86 ATA(7D) Disk Driver Multiple Local Denial Of Service Vulnerabilities
BugTraq ID: 25389
Remote: No
Last Updated: 2007-08-21
Relevant URL: http://www.securityfocus.com/bid/25389
Summary:
Sun Solaris is prone to multiple local denial-of-service vulnerabilities.

An attacker can exploit these issues on an affected computer to cause a kernel panic, resulting in a denial-of-service condition.

These issues affect Solaris 8, 9 and 10 running on x86 platforms.

62. Trend Micro Anti-Spyware And PC-cillin SSAPI Engine Local Stack Buffer Overflow Vulnerability
BugTraq ID: 25388
Remote: No
Last Updated: 2007-08-21
Relevant URL: http://www.securityfocus.com/bid/25388
Summary:
Trend Micro Anti-Spyware and PC-cillin Internet Security are prone to a local stack buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it into an insufficiently sized memory buffer.

This issue affects a library in Trend Micro's SSAPI Engine.

Successful exploits may allow an attacker to execute arbitrary code with SYSTEM-level privileges. This may facilitate a complete compromise of vulnerable servers. Failed exploit attempts will likely result in denial-of-service conditions.

Trend Micro Anti-Spyware for Consumer version 3.5 and PC-cillin Internet Security 2007 are vulnerable.

63. Linux Kernel Parent Process Death Signal Local Security Bypass Weakness
BugTraq ID: 25387
Remote: No
Last Updated: 2007-08-21
Relevant URL: http://www.securityfocus.com/bid/25387
Summary:
The Linux kernel is prone to a security-bypass weakness when dealing with signal handling.

This issue is due to a lack of proper access-validation when the parent process attempts to deliver its death signal to the child that registered it via 'prctl'.

A local attacker may exploit this issue to bypass certain security restrictions, which may lead to other attacks.

Linux kernel versions prior to 2.6.22.4 are vulnerable.

64. Olate Download Admin.PHP SQL Injection Vulnerability
BugTraq ID: 25384
Remote: Yes
Last Updated: 2007-08-21
Relevant URL: http://www.securityfocus.com/bid/25384
Summary:
Olate Download is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Olate Download versions prior to 3.4.2 are vulnerable.

65. eCentrex VOIP Client UACOMX.OCX ActiveX Control Buffer Overflow Vulnerability
BugTraq ID: 25383
Remote: Yes
Last Updated: 2007-08-21
Relevant URL: http://www.securityfocus.com/bid/25383
Summary:
eCentrex VOIP Client ActiveX control is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data.

eCentrex VOIP Client ActiveX control version 2.0.1 is vulnerable to this issue; other versions may also be affected.

66. Squirrelcart Popup_Window.PHP Remote File Include Vulnerability
BugTraq ID: 25382
Remote: Yes
Last Updated: 2007-08-21
Relevant URL: http://www.securityfocus.com/bid/25382
Summary:
Squirrelcart is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data.

Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible.

67. Sysstat Insecure Temporary File Creation Vulnerability
BugTraq ID: 25380
Remote: No
Last Updated: 2007-08-21
Relevant URL: http://www.securityfocus.com/bid/25380
Summary:
Sysstat creates temporary files in an insecure manner.

An attacker with local access could potentially exploit this issue to perform symlink attacks, overwriting arbitrary files in the context of applications utilizing the affected library.

Successfully mounting a symbolic link attack may allow the attacker to overwrite or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.

Sysstat 7.1.6 is reported to be vulnerable. Other versions may be affected as well.

68. BlueCat Networks Adonis CLI Remote Privilege Escalation Vulnerability
BugTraq ID: 25342
Remote: Yes
Last Updated: 2007-08-20
Relevant URL: http://www.securityfocus.com/bid/25342
Summary:
BlueCat Networks Adonis devices are prone to a remote privilege-escalation vulnerability. This issue occurs because the software fails to properly sanitize user-supplied input.

An attacker with administrative privileges can exploit this issue to execute arbitrary shell commands with superuser privileges. A successful attack will result in the complete compromise of an affected appliance.

Adonis 5.0.2.8 is vulnerable; other versions may also be affected.

69. Libvorbis Denial Of Service And Memory Corruption Vulnerabilities
BugTraq ID: 25082
Remote: Yes
Last Updated: 2007-08-20
Relevant URL: http://www.securityfocus.com/bid/25082
Summary:
Applications that use the libvorbis library are prone to multiple remote vulnerabilities, including a denial-of-service issue and multiple memory-corruption issues.

An attacker can exploit these issues to execute arbitrary code within the context of the application or cause the affected application to crash.

These issues affect libvorbis 1.1.2; other versions of the library may also be affected.

70. RETIRED: Zenturi ProgramChecker SASATL.DLL ActiveX Control Buffer Overflow Vulnerability
BugTraq ID: 24883
Remote: Yes
Last Updated: 2007-08-20
Relevant URL: http://www.securityfocus.com/bid/24883
Summary:
The Zenturi ProgramChecker 'sasatl.dll' ActiveX control is prone to a buffer-overflow vulnerability because it fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.

RETIRED: This BID is being retired because the issue is already tracked under BID 24274.

71. Cisco IOS and Unified Communications Manager Multiple Voice Vulnerabilities
BugTraq ID: 25239
Remote: Yes
Last Updated: 2007-08-20
Relevant URL: http://www.securityfocus.com/bid/25239
Summary:
Cisco IOS and Unified Communications Manager are prone to multiple denial-of-service and code-execution vulnerabilities.

These issues pertain to the following protocols or features:

Session Initiation Protocol (SIP)
Media Gateway Control Protocol (MGCP)
Signaling protocols H.323, H.254
Real-time Transport Protocol (RTP)
Facsimile reception

A remote attacker can exploit these issues to execute arbitrary code or cause denial-of-service conditions.

72. Microsoft Internet Explorer Vector Markup Language VGX.DLL Remote Buffer Overflow Vulnerability
BugTraq ID: 25310
Remote: Yes
Last Updated: 2007-08-20
Relevant URL: http://www.securityfocus.com/bid/25310
Summary:
Microsoft Internet Explorer is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data.

This issue occurs when rendering VML (Vector Markup Language) graphics.

Attackers can leverage this issue to execute arbitrary code in the context of the currently logged-in user.

Successful attacks may facilitate the remote compromise of affected computers. Failed attacks will likely cause denial-of-service conditions.

73. Sun Java Runtime Environment Font Parsing Remote Privilege Escalation Vulnerability
BugTraq ID: 25340
Remote: Yes
Last Updated: 2007-08-20
Relevant URL: http://www.securityfocus.com/bid/25340
Summary:
The Sun Java Runtime Environment is prone to a remote privilege-escalation vulnerability.

An attacker can exploit this issue to execute arbitrary code within the context of the user who invoked the Java applet. Successfully exploiting this issue may result in the remote compromise of affected computers.

74. tcpdump Print-bgp.C Remote Integer Underflow Vulnerability
BugTraq ID: 24965
Remote: Yes
Last Updated: 2007-08-20
Relevant URL: http://www.securityfocus.com/bid/24965
Summary:
The 'tcpdump' utility is prone to an integer-underflow vulnerability because it fails to bounds-check user-supplied input before copying it into an insufficiently sized memory buffer.

An attacker can exploit this issue to execute arbitrary malicious code in the context of the user running the affected application. Failed exploit attempts will likely crash the affected application.

This issue affects tcpdump 3.9.6 and prior versions.

75. KDE KPDF/KWord/XPDF StreamPredictor Function Stack Buffer Overflow Vulnerability
BugTraq ID: 25124
Remote: Yes
Last Updated: 2007-08-20
Relevant URL: http://www.securityfocus.com/bid/25124
Summary:
KDE kpdf, kword, and xpdf are prone to a stack-based buffer-overflow vulnerability because the applications fail to bounds-check user-supplied data before copying it into an insufficiently sized buffer.

An attacker can exploit this issue to execute arbitrary code within the context of the affected application or cause the affected application to crash, denying service to legitimate users.

76. Apache Tomcat JK Connector Double Encoding Security Bypass Vulnerability
BugTraq ID: 24147
Remote: Yes
Last Updated: 2007-08-20
Relevant URL: http://www.securityfocus.com/bid/24147
Summary:
Apache HTTP server running with the Tomcat JK Web Server Connector is prone to a security-bypass vulnerability because it decodes request URLs multiple times.

Exploiting this issue allows attackers to access restricted files in the Tomcat web directory. This can expose sensitive information that could help attackers launch further attacks.

This issue is present in versions prior to Apache Tomcat JK Connector 1.2.23.

77. NuFW Time Based Filtering Rule Bypass Vulnerability
BugTraq ID: 25379
Remote: Yes
Last Updated: 2007-08-20
Relevant URL: http://www.securityfocus.com/bid/25379
Summary:
NuFW is prone to a rule-bypass vulnerability that affects time based filtering rules.

Successful exploits may allow attackers to bypass firewall filtering rules and carry out attacks against computers protected by the firewall.

Versions of NuFW prior to 2.2.4 are vulnerable to this issue.

78. SimpleFAQ Index.PHP SQL Injection Vulnerability
BugTraq ID: 25376
Remote: Yes
Last Updated: 2007-08-20
Relevant URL: http://www.securityfocus.com/bid/25376
Summary:
SimpleFAQ is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

SimpleFAQ version 2.11 is vulnerable; other versions may also be affected.

79. EMC Legato Networker Remote Exec Service Stack Buffer Overflow Vulnerability
BugTraq ID: 25375
Remote: Yes
Last Updated: 2007-08-20
Relevant URL: http://www.securityfocus.com/bid/25375
Summary:
EMC Legato Networker is prone to a remote stack-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input.

This issue affects the Networker Remote Exec Service (nsrexecd.exe).

Attackers can exploit this issue to execute arbitrary code with the privileges of the user running the application.

Successful exploits may compromise affected computers. Failed attacks will likely cause denial-of-service conditions.

EMC Legato Networker versions in the 7.0.0 series are vulnerable.

80. Epic Games Unreal Engine Logging Function Remote Denial of Service Vulnerability
BugTraq ID: 25374
Remote: Yes
Last Updated: 2007-08-20
Relevant URL: http://www.securityfocus.com/bid/25374
Summary:
The Unreal Engine is prone to a remote denial-of-service vulnerability. This issue is due to a failure of the application to properly bounds-check user-supplied input.

Successfully exploiting this issue allows remote attackers to corrupt application memory in a manner that crashes it. Remote code execution may potentially be possible, but this has not been confirmed.

Unreal Engine versions as included in Unreal Tournament 2003 and 2004 are vulnerable. Due to the reuse of the engine in multiple other products, other games and versions are also likely vulnerable.

81. Total Commander FileInfo Plugin Multiple PE File Denial of Service Vulnerabilities
BugTraq ID: 25373
Remote: Yes
Last Updated: 2007-08-20
Relevant URL: http://www.securityfocus.com/bid/25373
Summary:
The FileInfo plugin for Total Commander is prone to multiple PE file denial-of-service vulnerabilities. These issues are due to a failure of the plugin to properly handle malformed input.

Successfully exploiting these issues allows remote attackers to crash the affected application.

FileInfo version 2.09 is vulnerable; other versions may also be affected.

82. id3lib Insecure Temporary File Creation Vulnerability
BugTraq ID: 25372
Remote: No
Last Updated: 2007-08-20
Relevant URL: http://www.securityfocus.com/bid/25372
Summary:
The id3lib library creates temporary files in an insecure manner.

An attacker with local access could potentially exploit this issue to perform symlink attacks, overwriting arbitrary files in the context of applications utilizing the affected library.

Successfully mounting a symbolic link attack may allow the attacker to overwrite or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.

83. TorrentTrader Multiple Unspecified SQL Injection Vulnerabilities
BugTraq ID: 25369
Remote: Yes
Last Updated: 2007-08-20
Relevant URL: http://www.securityfocus.com/bid/25369
Summary:
TorrentTrader is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.

TorrentTrader versions prior to 1.07 are vulnerable.

84. Gurur Haber Uyeler2.PHP SQL Injection Vulnerability
BugTraq ID: 25368
Remote: Yes
Last Updated: 2007-08-20
Relevant URL: http://www.securityfocus.com/bid/25368
Summary:
Gurur Haber is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

85. Firesoft Class_TPL.PHP Remote File Include Vulnerability
BugTraq ID: 25366
Remote: Yes
Last Updated: 2007-08-20
Relevant URL: http://www.securityfocus.com/bid/25366
Summary:
Firesoft is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data.

Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible.

86. Check Point Zone Labs Multiple Products Local Privilege Escalation Vulnerabilities
BugTraq ID: 25365
Remote: No
Last Updated: 2007-08-20
Relevant URL: http://www.securityfocus.com/bid/25365
Summary:
Multiple Check Point ZoneLabs products are prone to multiple local privilege-escalation vulnerabilities.

Successfully exploiting these issues allows local attackers to execute arbitrary code with elevated privileges, facilitating the complete compromise of affected computers.

ZoneAlarm versions prior to 7.0.362 are vulnerable, as well as ZoneLabs products that include 'vsdatant.sys' version 6.5.737.0.

87. Drupal Project and Project Issue Tracking Modules Insecure Permissions Security Bypass Vulnerability
BugTraq ID: 25364
Remote: Yes
Last Updated: 2007-08-20
Relevant URL: http://www.securityfocus.com/bid/25364
Summary:
The Drupal Project and Project issue-tracking modules are prone to a security-bypass vulnerability because of an access-validation error in the affected modules.

An attacker can exploit this issue to bypass security restrictions and gain access to sensitive information that may lead to other attacks.

88. Ampache Albums.PHP SQL Injection Vulnerability
BugTraq ID: 25362
Remote: Yes
Last Updated: 2007-08-20
Relevant URL: http://www.securityfocus.com/bid/25362
Summary:
Ampache is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query.

A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.

Ampache versions prior to 3.3.3.5 are vulnerable.

89. Dalai Forum Forumreply.PHP Local File Include Vulnerability
BugTraq ID: 25361
Remote: Yes
Last Updated: 2007-08-20
Relevant URL: http://www.securityfocus.com/bid/25361
Summary:
Dalai Forum is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.

Exploiting this issue may allow an unauthorized user to view files and execute local scripts.

90. Palm OS Treo Smartphone Remote Denial of Service Vulnerability
BugTraq ID: 25074
Remote: Yes
Last Updated: 2007-08-20
Relevant URL: http://www.securityfocus.com/bid/25074
Summary:
Treo Smartphones running the Palm OS are prone to a denial-of-service vulnerability because they fail to handle excessive amounts of specially crafted ICMP requests.

Attackers can exploit this issue to cause denial-of-service conditions on affected devices.

NOTE: This issue can only be exploited on Smartphones connected to data networks that allow inbound ICMP traffic.

Palm Treo 650 and 700p Smartphones are vulnerable. Treo 680 Smartphones may also be affected but this has not been confirmed.

91. Gentoo Linux NVIDIA Drivers Local Denial of Service Vulnerability
BugTraq ID: 25363
Remote: No
Last Updated: 2007-08-19
Relevant URL: http://www.securityfocus.com/bid/25363
Summary:
Gentoo Linux NVIDIA drivers are prone to a denial-of-service vulnerability.

Exploiting this issue allows local attackers to cause the application to crash or possibly cause hardware damage to a graphics card.

92. Gentoo Linux NVIDIA Drivers Local Denial of Service Vulnerability
BugTraq ID: 25360
Remote: No
Last Updated: 2007-08-19
Relevant URL: http://www.securityfocus.com/bid/25360
Summary:
Gentoo Linux NVIDIA drivers are prone to a denial-of-service vulnerability.

Exploiting this issue allows local attackers to cause the application to crash or possibly cause hardware damage to a graphics card.

93. ISC BIND 9 Default ACL Settings Recursive Queries And Cached Content Security Bypass Vulnerability
BugTraq ID: 25076
Remote: Yes
Last Updated: 2007-08-18
Relevant URL: http://www.securityfocus.com/bid/25076
Summary:
ISC's BIND 9 is prone to a security-bypass vulnerability.

An attacker can exploit this issue to query cached content from a DNS server or make recursive queries to a DNS server, thus obtaining sensitive information.

Versions up to BIND 9.4.1 are vulnerable to this issue.

94. Toribash Multiple Vulnerabilities
BugTraq ID: 25359
Remote: Yes
Last Updated: 2007-08-18
Relevant URL: http://www.securityfocus.com/bid/25359
Summary:
Toribash is prone to multiple remote code execution and denial of service vulnerabilities that affect game servers and clients. A total of seven vulnerabilties were reported.

These vulnerabilities may be exploited to execute arbitrary code in the content of the game server and game client or deny service to both servers and clients.

95. rFactor Multiple Vulnerabilities
BugTraq ID: 25358
Remote: Yes
Last Updated: 2007-08-18
Relevant URL: http://www.securityfocus.com/bid/25358
Summary:
rFactor is prone to multiple code execution and denial of service vulnerabilities. Four vulnerabilities were reported.

This vulnerabilities may be triggered by malicious client requests. Successful exploits could crash the game server or let remote attackers execute arbitrary code on the computer hosting the affected software.

96. Hewlett-Packard OpenView OVTrace Multiple Remote Buffer Overflow Vulnerabilities
BugTraq ID: 25255
Remote: Yes
Last Updated: 2007-08-17
Relevant URL: http://www.securityfocus.com/bid/25255
Summary:
HP OpenView applications are prone to multiple remote stack-based buffer-overflow vulnerabilities because it fails to perform adequate boundary checks on input that is supplied to opcode handlers of affected services.

These vulnerabilities affect the 'ovtrcsvc.exe' and the 'OVTrace.exe' service.

Attackers can exploit these issues to execute arbitrary code with superuser privileges.

97. HP Serviceguard for Linux Unspecified Local Privilege Escalation Vulnerability
BugTraq ID: 24920
Remote: No
Last Updated: 2007-08-17
Relevant URL: http://www.securityfocus.com/bid/24920
Summary:
HP Serviceguard for Linux is prone to an unspecified privilege-escalation vulnerability.

A local attacker can gain unauthorized access or escalated privileges on a vulnerable computer.

Very few technical details are currently available. We will update this BID as more information emerges.

98. Diskeeper DKService.EXE Remote Information Disclosure Vulnerability
BugTraq ID: 25320
Remote: Yes
Last Updated: 2007-08-17
Relevant URL: http://www.securityfocus.com/bid/25320
Summary:
Diskeeper is prone to an information-disclosure vulnerability because it fails to restrict access to a certain RPC function.

This issue can be exploited to gain access to potentially sensitive information stored at arbitrary attacker-supplied memory addresses. Information gained could aid in further attacks. Supplying a bad memory address will cause denial-of-service conditions.

Diskeeper 9 Professional, Diskeeper 10 Professional and Diskeeper 2007 Pro Premier are vulnerable; other versions may also be affected.

99. Microsoft Windows GDI Metafiles AttemptWrite Remote Code Execution Vulnerability
BugTraq ID: 25302
Remote: Yes
Last Updated: 2007-08-17
Relevant URL: http://www.securityfocus.com/bid/25302
Summary:
Microsoft Windows is prone to a remote code-execution vulnerability because it fails to properly bounds-check user-supplied metafile data.

Successfully exploiting this issue allows remote attackers to execute arbitrary machine code in the context of users viewing malicious files. This facilitates the remote compromise of affected computers.

100. Microsoft Virtual PC and Virtual Server Heap Overflow Vulnerability
BugTraq ID: 25298
Remote: No
Last Updated: 2007-08-17
Relevant URL: http://www.securityfocus.com/bid/25298
Summary:
Microsoft Virtual PC and Virtual Server are prone to a local heap-overflow vulnerability.

To exploit this issue, attackers must have administrative privileges for the guest operating system.

Attackers may exploit this issue to execute arbitrary code in the context of the host operating system or another guest operating system. Successful exploits can result in a compromise of vulnerable computers.

III. SECURITYFOCUS NEWS ARTICLES
--------------------------------
1. Universities warned of Storm Worm attacks
By: Robert Lemos
Scanning a computer infected with the bot software could bring swift retribution, warns the response center for academic networks.
http://www.securityfocus.com/news/11482

2. Retro attack gets new life, worries browser makers
By: Robert Lemos
Researchers find that browsers and plug-ins could be exploited to turn a victim's computer into a door to the internal network. One study finds an attack could claim 100,000 IP addresses in three days.
http://www.securityfocus.com/news/11481

3. Teaching hacking helps students, professors say
By: Robert Lemos
Universities and colleges could find more students interested in computer-science courses, if the teachers taught practical hacking, educators say.
http://www.securityfocus.com/news/11480

4. Will the iPhone be iPwned?
By: Robert Lemos
Security experts' predictions for the sleek high-end device vary, but they agree that Apple's first phone will be scrutinized closely.
http://www.securityfocus.com/news/11478

IV. SECURITY JOBS LIST SUMMARY
-------------------------------
V. INCIDENTS LIST SUMMARY
---------------------------
1. 0day linux 2.6 /dev/mem rootkit found
http://www.securityfocus.com/archive/75/473510

VI. VULN-DEV RESEARCH LIST SUMMARY
-----------------------------------
1. No cON Name 2007 - CALL FOR PAPERS
http://www.securityfocus.com/archive/82/477344

2. ToorCon 9 CFP
http://www.securityfocus.com/archive/82/476943

VII. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. SecurityFocus Microsoft Newsletter #355
http://www.securityfocus.com/archive/88/477096

2. Password complexity - improvement
http://www.securityfocus.com/archive/88/476610

VIII. SUN FOCUS LIST SUMMARY
----------------------------
IX. LINUX FOCUS LIST SUMMARY
----------------------------
X. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to sf-news-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.

XI. SPONSOR INFORMATION
------------------------
This Issue is Sponsored by: EMC

Register for live VMWare Management Webcast by EMC
Learn best practices for leveraging and optimizing a VMware infrastructure with EMC ControlCenter.

http://newsletter.industrybrains.com/c?fe;1;6dfcc;1a084;3c3;0;da4

News

Wednesday, August 22, 2007

SecurityFocus Newsletter #415

No comments:

WINDOWS CENTER

Blog Archive