SecurityFocus Newsletter #425
----------------------------------------
This issue is Sponsored by: CSI
CSI 2007, November 3-9 in Washington, DC, is the only conference that delivers a business-focused overview of enterprise security.
It will convene 2,000+ delegates, 80 exhibitors and features 100+ sessions/seminars providing a roadmap for integrating policies and procedures with new tools and techniques.
Register now for savings on conference fees and/or free exhibits admission.
www.csiannual.com
SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs
------------------------------------------------------------------
I. FRONT AND CENTER
1.Rebinding attacks unbound
2.Aspect-Oriented Programming and Security
II. BUGTRAQ SUMMARY
1. CUPS IPP Tag Handling Remote Buffer Overflow Vulnerability
2. Libvorbis Denial Of Service And Memory Corruption Vulnerabilities
3. MySpace Resource Script Breadcrumb.PHP Remote File Include Vulnerability
4. Saxon Menu.PHP Cross-Site Scripting Vulnerability
5. Gretech GOM Player GomWeb3.DLL Remote Buffer Overflow Vulnerability
6. vobcopy vobcopy.bla Insecure Temporary File Creation Vulnerability
7. Saxon Example.PHP SQL Injection Vulnerability
8. Omnistar Live KB.PHP Cross-Site Scripting Vulnerability
9. SMART-SHOP Index.PHP Multiple Cross Site Scripting Vulnerabilities
10. Teatro pub08_comments.php Remote File Include Vulnerability
11. Sige Sige_Init.PHP Remote File Include Vulnerability
12. RealNetworks RealPlayer File Parsing Routines Multiple Vulnerabilities
13. ISC DHCPD Server Remote Stack Corruption Vulnerability
14. FireConfig DL.PHP Local File Include Vulnerability
15. emagiC CMS.Net EMC.ASP SQL Injection Vulnerability
16. WordPress Edit-Post-Rows.PHP Cross-Site Scripting Vulnerability
17. Sun Solaris SCTP Init Processing Remote Denial of Service Vulnerability
18. JobSite Professional File.PHP SQL injection Vulnerability
19. IBM Tivoli Storage Manager Client CAD Service HTML Injection Vulnerability
20. TikiWiki Tiki-Graph_Formula.PHP White-List Check Code Injection Vulnerability
21. GoSamba Include_Path Parameter Multiple Remote File Include Vulnerabilities
22. Microsoft Visual Basic 6.0 VBP_Open Project File Handling Buffer Overflow Vulnerability
23. Multiple Vendor Web Browser JavaScript Key Filtering Vulnerability
24. Mozilla Firefox OnUnload Javascript Browser Entrapment Vulnerability
25. Multiple Web Browsers Digest Authentication HTTP Response Splitting Vulnerability
26. Mozilla Firefox OnKeyDown Event File Upload Vulnerability
27. T1lib intT1_Env_GetCompletePath Buffer Overflow Vulnerability
28. ImageMagick Blob.C Off-By-One Buffer Overflow Vulnerability
29. ImageMagick ReadBlob Multiple Remote Denial Of Service Vulnerabilities
30. ImageMagick ReadDIBImage Integer Overflow Vulnerability
31. ImageMagick DCM, DIB, XBM, XCF, and XWD Image Files Multiple Integer Overflow Vulnerabilities
32. TIBCO Rendezvous RVD Daemon Remote Denial Of Service Vulnerabilities
33. Symantec Altiris Deployment Solution Local Privilege Escalation Vulnerability
34. Adobe Flash Player On Opera Browser For Mac OSX Unspecified Vulnerability
35. TIBCO SmartPGM FX Multiple Remote Vulnerabilities
36. Cisco Unified Communications Management Applications Privilege Escalation Vulneraiblity
37. Cisco Unified Communications Manager Remote Denial of Service and Buffer Overflow Vulnerabilities
38. Hitachi Collaboration Portal Schedule Component Information Disclosure Vulnerability
39. GNU BinUtils Buffer Overflow Vulnerability
40. Sun Fire X2100 M2 And X2200 M2 ELOM Unauthorized Access Vulnerability
41. HP-UX OpenSSL Unspecified Local Denial Of Service Vulnerability
42. RunCMS NewBB_Plus Unspecified Security Vulnerability
43. Oracle XML DB FTP Service Login Audit Vulnerability
44. Oracle Database Server DBMS_AQADM_SYS.DBLINK_INFO Buffer Overflow Vulnerability
45. Okul Otomasyon Portal Default.ASP SQL Injection Vulnerability
46. Artmedic CMS Index.PHP Local File Include Vulnerability
47. Perdition IMAPD __STR_VWRITE Remote Format String Vulnerability
48. McAfee E-Business Server Authentication Packet Handling Integer Overflow Vulnerability
49. Apache Geronimo Management EJB Security Bypass Vulnerability
50. Light FMan PHP Multiple Unspecified Security Vulnerabilities
51. Mozilla Products Multiple Remote Vulnerabilities
52. Django i18n Remote Denial Of Service Vulnerability
53. Symantec Altiris Deployment Solution Aclient Local Privilege Escalation Vulnerability
54. Apple Xcode OpenBase Multiple Privilege Escalation Vulnerabilities
55. GlobalLink ConnectAndEnterRoom ActiveX Control Stack Buffer Overflow Vulnerability
56. PHP-AGTC Membership System Adduser.PHP Unauthorized Access Vulnerability
57. ILIAS Multiple HTML Injection Vulnerabilities
58. QEMU Multiple Local Vulnerabilities
59. Bochs Buffer Overflow and Denial Of Service Vulnerabilities
60. IBM AIX crontab Local Privilege Escalation Vulnerability
61. IBM AIX Swcons Arbitrary File Access Vulnerability
62. IBM AIX dig Local Privilege Escalation Vulnerability
63. Opera Web Browser External Applications Arbitrary Code Execution Vulnerability
64. Opera Web Browser Frame Functions Same Origin Policy Bypass Vulnerability
65. phpFaber URLInn Config.PHP Remote File Include Vulnerability
66. IBM AIX lquerypv Local Privilege Escalation Vulnerability
67. IBM AIX ftp Local Privilege Escalation Vulnerability
68. Symantec Altiris Deployment Solution Directory Traversal Vulnerability
69. Mono System.Math BigInteger Buffer Overflow Vulnerability
70. phpMyConferences PageTraiteDownload.PHP Local File Include Vulnerability
71. ISPworker Download.PHP Multiple Local File Include Vulnerabilities
72. IBM WebSphere Application Server UDDI Console Multiple Input Validation Vulnerabilities
73. Yarssr GUI.PM Remote Code Injection Vulnerability
74. Hitachi Web Server HTML Injection Vulnerability and Signature Forgery Vulnerability
75. IBM AIX lqueryvg Local Privilege Escalation Vulnerability
76. OpenSSL DTLS Heap Buffer Overflow Vulnerability
77. ISC BIND 8 Remote Cache Poisoning Vulnerability
78. IBM AIX bellmail Local Privilege Escalation Vulnerability
79. Microsoft Windows Kodak Image Viewer Remote Code Execution Vulnerability
80. X.Org X Font Server Multiple Memory Corruption Vulnerabilities
81. Liferea Feedlist.OPML Local Information Disclosure Vulnerability
82. NuFW SAMP_SEND Heap Based Buffer Overflow Vulnerability
83. Sun Fire X2100 M2 And X2200 M2 ELOM Unspecified Remote Arbitrary Command Execution Vulnerability
84. IBM Lotus Notes Attachment Viewer Multiple Buffer Overflow Vulnerabilities
85. Python ImageOP Module Multiple Integer Overflow Vulnerabilities
86. GNU Tar Dot_Dot Function Remote Directory Traversal Vulnerability
87. Ruby Net::HTTP SSL Insecure Certificate Validation Weakness
88. miniBB BB_FUNC_SEARCH.PHP SQL Injection Vulnerability
89. Sun Solaris 10 Internet Protocol ip(7P) Unspecified Local Denial Of Service Vulnerability
90. Micro Login System UserPWD.TXT Information Disclosure Vulnerability
91. OpenLDAP Multiple Remote Denial of Service Vulnerabilities
92. Sun Java Runtime Environment Network Access Restriction Security Bypass Vulnerability
93. Sun Java Runtime Environment Font Parsing Remote Privilege Escalation Vulnerability
94. Zlib Compression Library Buffer Overflow Vulnerability
95. Xunlei Web Thunder ActiveX Control DownURL2 Method Remote Buffer Overflow Vulnerability
96. Oracle Database Server MDSYS.SDO_CS Buffer Overflow Vulnerability
97. Ipswitch IMail SMTP Server IMail Client Remote Buffer Overflow Vulnerability
98. ProfileCMS Profile Creation Arbitrary File Upload Vulnerability
99. Sony CONNECT SonicStage Player M3U Playlist Processing Buffer Overflow Vulnerability
100. CaupoShop Pro Index.PHP Remote File Include Vulnerability
III. SECURITYFOCUS NEWS
1. Court filings double estimate of TJX breach
2. Identity thieves likely to be first-timers, strangers
3. Retailers look to exorcise credit-card data
4. DHS, Unisys scrutinized after data breach
IV. SECURITY JOBS LIST SUMMARY
1. [SJ-JOB] Security Engineer, Washington DC area
2. [SJ-JOB] Sr. Security Engineer, San Antonio
3. [SJ-JOB] Security Engineer, San Antonio
4. [SJ-JOB] Information Assurance Engineer, Herndon
5. [SJ-JOB] Sr. Security Engineer, Washington DC area
6. [SJ-JOB] Security System Administrator, Stanford
7. [SJ-JOB] Threat Analyst, Washington DC area
8. [SJ-JOB] Security Engineer, Washington DC area
9. [SJ-JOB] Security Engineer, Stanford
10. [SJ-JOB] Security System Administrator, Stanford
11. [SJ-JOB] Threat Analyst, San Antonio
12. [SJ-JOB] Security Engineer, Washington DC area
13. [SJ-JOB] Director, Information Security, Bergen County
14. [SJ-JOB] Security System Administrator, San Antonio or Austin
15. [SJ-JOB] Security Engineer, San Antonio
16. [SJ-JOB] Security Engineer, San Antonio
17. [SJ-JOB] Application Security Engineer, St. Lousi
18. [SJ-JOB] Security Consultant, NY
19. [SJ-JOB] Account Manager, Atlanta
20. [SJ-JOB] Sales Engineer, Austin/Dallas/Houston
21. [SJ-JOB] Sales Engineer, Herndon
22. [SJ-JOB] Account Manager, San Francisco
23. [SJ-JOB] Security Researcher, San Jose
24. [SJ-JOB] Security Engineer, New York
25. [SJ-JOB] Director, Information Security, Philadelphia
26. [SJ-JOB] Account Manager, Glendale
27. [SJ-JOB] Sales Engineer, Chicago
28. [SJ-JOB] Security Auditor, West Port
29. [SJ-JOB] Sr. Security Analyst, Providence
30. [SJ-JOB] Security Architect, Arlington
31. [SJ-JOB] Security System Administrator, McLean
32. [SJ-JOB] Sales Engineer, Any US location
33. [SJ-JOB] Compliance Officer, Reading, Berkshire
34. [SJ-JOB] Sales Engineer, London
35. [SJ-JOB] Software Engineer, Atlanta
36. [SJ-JOB] Technical Support Engineer, Fort Lauderdale
37. [SJ-JOB] Security Engineer, West Port
38. [SJ-JOB] Security Engineer, West Port
39. [SJ-JOB] Developer, Columbia
V. INCIDENTS LIST SUMMARY
VI. VULN-DEV RESEARCH LIST SUMMARY
1. In Memoriam: Jun-ichiro Hagino
2. DeepSec 2007 Registration: hurry up, seats are filling fast
VII. MICROSOFT FOCUS LIST SUMMARY
1. SecurityFocus Microsoft Newsletter #365
VIII. SUN FOCUS LIST SUMMARY
IX. LINUX FOCUS LIST SUMMARY
X. UNSUBSCRIBE INSTRUCTIONS
XI. SPONSOR INFORMATION
I. FRONT AND CENTER
---------------------
1.Rebinding attacks unbound
By Federico Biancuzzi
DNS rebinding was discovered in 1996 and affected the Java Virtual Machine (VM). Recently a group of researchers at Stanford found out that this vulnerability is still present in browsers and that the common solution, known as DNS pinning, is not effective anymore.
http://www.securityfocus.com/columnists/455
2.Aspect-Oriented Programming
By Rohit Sethi
Aspect-oriented programming (AOP) is a paradigm that is quickly gaining traction in the development world. At least partially spurred by the popularity of the Java Spring framework [1], people are beginning to understand the substantial benefits that AOP brings to development.
http://www.securityfocus.com/infocus/1895
II. BUGTRAQ SUMMARY
--------------------
1. CUPS IPP Tag Handling Remote Buffer Overflow Vulnerability
BugTraq ID: 26268
Remote: Yes
Last Updated: 2007-10-31
Relevant URL: http://www.securityfocus.com/bid/26268
Summary:
CUPS is prone to a remote buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it to an insufficiently sized memory buffer.
An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial of service.
CUPS 1.3.3 is reported vulnerable; other versions may be affected as well.
2. Libvorbis Denial Of Service And Memory Corruption Vulnerabilities
BugTraq ID: 25082
Remote: Yes
Last Updated: 2007-10-31
Relevant URL: http://www.securityfocus.com/bid/25082
Summary:
Applications that use the libvorbis library are prone to multiple remote vulnerabilities, including multiple denial-of-service issues and memory-corruption issues.
An attacker can exploit these issues to execute arbitrary code within the context of the affected application or cause the application to crash.
These issues affect libvorbis 1.1.2; other versions of the library may also be affected.
3. MySpace Resource Script Breadcrumb.PHP Remote File Include Vulnerability
BugTraq ID: 26240
Remote: Yes
Last Updated: 2007-10-29
Relevant URL: http://www.securityfocus.com/bid/26240
Summary:
MySpace Resource Script (MSRS) is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied input.
Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible.
This issue affects MSRS 1.21; other versions may also be vulnerable.
4. Saxon Menu.PHP Cross-Site Scripting Vulnerability
BugTraq ID: 26237
Remote: Yes
Last Updated: 2007-10-29
Relevant URL: http://www.securityfocus.com/bid/26237
Summary:
Saxon is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
This issue affects Saxon 5.4; earlier versions may also be vulnerable.
5. Gretech GOM Player GomWeb3.DLL Remote Buffer Overflow Vulnerability
BugTraq ID: 26236
Remote: Yes
Last Updated: 2007-10-29
Relevant URL: http://www.securityfocus.com/bid/26236
Summary:
GOM Player is prone to a remote buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input.
Successfully exploiting this issue will allow an attacker to execute arbitrary code within the context of the application using the ActiveX control (typically Internet Explorer). Failed exploit attempts will result in a denial-of-service condition.
This issue affects GOM Player 2.1.6.3499; other versions may also be vulnerable.
6. vobcopy vobcopy.bla Insecure Temporary File Creation Vulnerability
BugTraq ID: 26233
Remote: No
Last Updated: 2007-10-29
Relevant URL: http://www.securityfocus.com/bid/26233
Summary:
The 'vobcopy' tool creates temporary files in an insecure manner.
An attacker with local access could potentially exploit this issue to perform symlink attacks, overwriting arbitrary files in the context of the affected application.
Successfully mounting a symlink attack may allow the attacker to overwrite or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.
7. Saxon Example.PHP SQL Injection Vulnerability
BugTraq ID: 26238
Remote: Yes
Last Updated: 2007-10-29
Relevant URL: http://www.securityfocus.com/bid/26238
Summary:
Saxon is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
This issue affects Saxon 5.4; earlier versions may also be affected.
8. Omnistar Live KB.PHP Cross-Site Scripting Vulnerability
BugTraq ID: 26234
Remote: Yes
Last Updated: 2007-10-29
Relevant URL: http://www.securityfocus.com/bid/26234
Summary:
Omnistar Live is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
9. SMART-SHOP Index.PHP Multiple Cross Site Scripting Vulnerabilities
BugTraq ID: 26232
Remote: Yes
Last Updated: 2007-10-29
Relevant URL: http://www.securityfocus.com/bid/26232
Summary:
SMART-SHOP is prone to multiple cross-site scripting vulnerabilities because the application fails to sufficiently sanitize user-supplied input.
Exploiting these vulnerabilities may allow an attacker to perform cross-site scripting attacks on unsuspecting users in the context of the affected website. As a result, the attacker may be able to steal cookie-based authentication credentials and to launch other attacks.
10. Teatro pub08_comments.php Remote File Include Vulnerability
BugTraq ID: 26231
Remote: Yes
Last Updated: 2007-10-29
Relevant URL: http://www.securityfocus.com/bid/26231
Summary:
Teatro is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied input.
Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible.
This issue affects Teatro 1.6; other versions may also be vulnerable.
11. Sige Sige_Init.PHP Remote File Include Vulnerability
BugTraq ID: 26230
Remote: Yes
Last Updated: 2007-10-29
Relevant URL: http://www.securityfocus.com/bid/26230
Summary:
Sige is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied input.
Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible.
This issue affects Sige 0.1.
12. RealNetworks RealPlayer File Parsing Routines Multiple Vulnerabilities
BugTraq ID: 26214
Remote: Yes
Last Updated: 2007-10-29
Relevant URL: http://www.securityfocus.com/bid/26214
Summary:
RealNetworks RealPlayer is prone to multiple memory-corruption vulnerabilities that arise when the application processes specially crafted files.
Successfully exploiting these issues will allow remote attackers to execute arbitrary code within the context of the affected application. Failed exploit attempts will cause a denial-of-service condition.
13. ISC DHCPD Server Remote Stack Corruption Vulnerability
BugTraq ID: 25984
Remote: Yes
Last Updated: 2007-10-29
Relevant URL: http://www.securityfocus.com/bid/25984
Summary:
ISC DHCPD is prone to a remote stack-corruption vulnerability because the software fails to properly bounds-check user-supplied input.
Successfully exploiting this issue allows attackers in the same LAN segment of the vulnerable DHCP server to corrupt the application's stack. This may allow attackers to run arbitrary machine code and to compromise affected computers.
ISC DHCP versions in the 2.x series are vulnerable to this issue. OpenBSD's 'dhcpd' is a fork of ISC DHCPD and is also vulnerable.
14. FireConfig DL.PHP Local File Include Vulnerability
BugTraq ID: 26222
Remote: Yes
Last Updated: 2007-10-29
Relevant URL: http://www.securityfocus.com/bid/26222
Summary:
FireConfig is prone to a local file-include vulnerability because it fails to adequately sanitize user-supplied input for requests to restricted files that reside outside of the web document root directory.
A remote attacker can exploit this issue to retrieve potentially sensitive information that may aid in further attacks.
This issue affects FireConfig 0.5; other versions may also be affected.
15. emagiC CMS.Net EMC.ASP SQL Injection Vulnerability
BugTraq ID: 26229
Remote: Yes
Last Updated: 2007-10-29
Relevant URL: http://www.securityfocus.com/bid/26229
Summary:
emagiC CMS.Net is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
This issue affects emagiC CMS.Net 4.0; other versions may also be affected.
16. WordPress Edit-Post-Rows.PHP Cross-Site Scripting Vulnerability
BugTraq ID: 26228
Remote: Yes
Last Updated: 2007-10-29
Relevant URL: http://www.securityfocus.com/bid/26228
Summary:
WordPress is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
This issue affects WordPress 2.3; other versions may also be vulnerable.
17. Sun Solaris SCTP Init Processing Remote Denial of Service Vulnerability
BugTraq ID: 26224
Remote: Yes
Last Updated: 2007-10-29
Relevant URL: http://www.securityfocus.com/bid/26224
Summary:
Sun Solaris is prone to a denial-of-service vulnerability because the operating system fails to handle exceptional conditions.
A remote attacker can exploit this issue to cause the affected kernel to panic, resulting in a denial-of-service condition.
This issue affects the Solaris 10 operating system.
18. JobSite Professional File.PHP SQL injection Vulnerability
BugTraq ID: 26225
Remote: Yes
Last Updated: 2007-10-29
Relevant URL: http://www.securityfocus.com/bid/26225
Summary:
JobSite Professional is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query.
Exploiting this vulnerability could permit remote attackers to pass malicious input to database queries, resulting in the modification of query logic or other attacks.
JobSite Professional 2.0 is vulnerable; other versions may also be affected.
19. IBM Tivoli Storage Manager Client CAD Service HTML Injection Vulnerability
BugTraq ID: 26221
Remote: Yes
Last Updated: 2007-10-29
Relevant URL: http://www.securityfocus.com/bid/26221
Summary:
IBM Tivoli Storage Manager Client is prone to an HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied input data.
Exploiting this issue may allow an attacker to execute HTML and script code in the context of the affected site, to steal cookie-based authentication credentials, or to control how the site is rendered to the user; other attacks are also possible.
IBM Tivoli Storage Manager Client 5.3.5.3 and 5.4.1.2 are vulnerable; other versions may also be affected.
20. TikiWiki Tiki-Graph_Formula.PHP White-List Check Code Injection Vulnerability
BugTraq ID: 26220
Remote: Yes
Last Updated: 2007-10-29
Relevant URL: http://www.securityfocus.com/bid/26220
Summary:
TikiWiki is prone to a remote PHP code-injection vulnerability because the application fails to sufficiently sanitize user-supplied input.
An attacker can exploit this issue to inject and execute arbitrary malicious PHP code in the context of the webserver process. This may facilitate a compromise of the application and the underlying system; other attacks are also possible.
TikiWiki 1.9.8.1 and prior versions are vulnerable.
21. GoSamba Include_Path Parameter Multiple Remote File Include Vulnerabilities
BugTraq ID: 26223
Remote: Yes
Last Updated: 2007-10-29
Relevant URL: http://www.securityfocus.com/bid/26223
Summary:
GoSamba is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data.
Exploiting these issues may allow an attacker to compromise the application and the underlying system; other attacks are also possible.
GoSamba 1.0.1 is vulnerable; other versions may also be affected.
22. Microsoft Visual Basic 6.0 VBP_Open Project File Handling Buffer Overflow Vulnerability
BugTraq ID: 25629
Remote: Yes
Last Updated: 2007-10-29
Relevant URL: http://www.securityfocus.com/bid/25629
Summary:
Microsoft Visual Basic 6.0 is prone to a buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.
An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial of service.
23. Multiple Vendor Web Browser JavaScript Key Filtering Vulnerability
BugTraq ID: 18308
Remote: Yes
Last Updated: 2007-10-29
Relevant URL: http://www.securityfocus.com/bid/18308
Summary:
Multiple web browsers are prone to a JavaScript key-filtering vulnerability because the browsers fail to securely handle keystroke input from users.
This issue is demonstrated to allow attackers to divert keystrokes from one input form in a webpage to a hidden file-upload dialog in the same page. This may allow remote attackers to initiate file uploads from unsuspecting users. Other attacks may also be possible.
Exploiting this issue requires that users manually type the full path of files that attackers wish to download. This may require substantial typing from targeted users, so attackers will likely use keyboard-based games, blogs, or other similar pages to entice users to enter the required keyboard input to exploit this issue.
Reportedly, Mozilla Suite, Mozilla Firefox, Mozilla SeaMonkey, Netscape Navigator, and Microsoft Internet Explorer are all vulnerable to this issue.
24. Mozilla Firefox OnUnload Javascript Browser Entrapment Vulnerability
BugTraq ID: 22688
Remote: Yes
Last Updated: 2007-10-29
Relevant URL: http://www.securityfocus.com/bid/22688
Summary:
Mozilla Firefox is prone to a vulnerability that allows attackers to trap users at a particular webpage and spoof page transitions.
Attackers may exploit this via a malicious page to spoof the contents and origin of a page that the victim may trust. This vulnerability may be useful in phishing or other attacks that rely on content spoofing.
25. Multiple Web Browsers Digest Authentication HTTP Response Splitting Vulnerability
BugTraq ID: 23668
Remote: Yes
Last Updated: 2007-10-29
Relevant URL: http://www.securityfocus.com/bid/23668
Summary:
Multiple browsers are prone to an HTTP-response-splitting vulnerability because the software fails to properly sanitize user-supplied input.
A remote attacker may exploit this vulnerability to influence or misrepresent how web content is served, cached, or interpreted. This could aid in various attacks that try to entice client users into a false sense of trust.
This issue affects Microsoft Internet Explorer 7.0.5730.11 and Mozilla Firefox 2.0.0.3; other versions and browsers may also be affected.
26. Mozilla Firefox OnKeyDown Event File Upload Vulnerability
BugTraq ID: 24725
Remote: Yes
Last Updated: 2007-10-29
Relevant URL: http://www.securityfocus.com/bid/24725
Summary:
Mozilla Firefox is prone to an information-disclosure vulnerability that can allow an attacker to access sensitive files.
This issue stems from a design error resulting from the improper handling of form fields.
All versions of Firefox are considered vulnerable.
27. T1lib intT1_Env_GetCompletePath Buffer Overflow Vulnerability
BugTraq ID: 25079
Remote: Yes
Last Updated: 2007-10-31
Relevant URL: http://www.securityfocus.com/bid/25079
Summary:
T1lib is prone to a buffer-overflow vulnerability because the library fails to perform boundary checks before copying user-supplied data to insufficiently sized memory buffers.
An attacker can exploit this issue to execute arbitrary machine code in the context of applications that use the affected library. Failed exploit attempts will likely trigger crashes, denying service to legitimate users.
We do not know which versions of T1lib are affected.
28. ImageMagick Blob.C Off-By-One Buffer Overflow Vulnerability
BugTraq ID: 25766
Remote: Yes
Last Updated: 2007-10-31
Relevant URL: http://www.securityfocus.com/bid/25766
Summary:
ImageMagick is prone to an off-by-one buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input.
Successfully exploiting this issue allows attackers to execute arbitrary code with the privileges of a user running the application.
Versions prior to ImageMagick 6.3.5-9 are vulnerable.
29. ImageMagick ReadBlob Multiple Remote Denial Of Service Vulnerabilities
BugTraq ID: 25764
Remote: Yes
Last Updated: 2007-10-31
Relevant URL: http://www.securityfocus.com/bid/25764
Summary:
ImageMagick is prone to multiple remote denial-of-service vulnerabilities.
An attacker could exploit these issues by enticing an unsuspecting victim to open a malicious image file.
Successfully exploiting these issues will allow the attacker to consume excessive amounts of CPU resources on affected computers, denying service to legitimate users.
These issues affect ImageMagick 6.3.4; prior versions are also affected.
30. ImageMagick ReadDIBImage Integer Overflow Vulnerability
BugTraq ID: 25765
Remote: Yes
Last Updated: 2007-10-31
Relevant URL: http://www.securityfocus.com/bid/25765
Summary:
ImageMagick is prone to an integer-overflow vulnerability because it fails to properly validate user-supplied data.
An attacker can exploit this issue to execute arbitrary code in the context of the application. Failed exploit attempts will likely cause denial-of-service conditions.
Versions prior to ImageMagick 6.3.5-9 are vulnerable to this issue.
31. ImageMagick DCM, DIB, XBM, XCF, and XWD Image Files Multiple Integer Overflow Vulnerabilities
BugTraq ID: 25763
Remote: Yes
Last Updated: 2007-10-31
Relevant URL: http://www.securityfocus.com/bid/25763
Summary:
ImageMagick is prone to multiple integer-overflow vulnerabilities because it fails to adequately handle user-supplied data.
An attacker can exploit these issues to execute arbitrary code in the context of the application. Failed exploit attempts will likely cause denial-of-service conditions.
These issues affect versions prior to ImageMagick 6.3.5-9.
32. TIBCO Rendezvous RVD Daemon Remote Denial Of Service Vulnerabilities
BugTraq ID: 25132
Remote: Yes
Last Updated: 2007-10-31
Relevant URL: http://www.securityfocus.com/bid/25132
Summary:
The RVD daemon in TIBCO Rendezvous is prone to two remote denial-of-service vulnerabilities.
Successfully exploiting these issues allows remote attackers to consume excessive memory or to trigger network instability leading to denial-of-service conditions.
Rendezvous 7.5.2 is vulnerable to these issues; other versions may also be affected.
33. Symantec Altiris Deployment Solution Local Privilege Escalation Vulnerability
BugTraq ID: 25232
Remote: No
Last Updated: 2007-10-31
Relevant URL: http://www.securityfocus.com/bid/25232
Summary:
Symantec Altiris Deployment Solution is prone to a local privilege-escalation vulnerability.
An attacker can exploit this issue to execute arbitrary commands with SYSTEM-level privileges. Successfully exploiting this issue will result in the complete compromise of affected computers.
34. Adobe Flash Player On Opera Browser For Mac OSX Unspecified Vulnerability
BugTraq ID: 26274
Remote: Yes
Last Updated: 2007-10-31
Relevant URL: http://www.securityfocus.com/bid/26274
Summary:
Adobe Flash Player is prone to an unspecified vulnerability.
This issue occurs when Flash Player is running on Opera Browser for the Mac OS X operating system.
Very few technical details are currently available. We will update this BID as more information emerges.
Flash Player 9.0.47.0 and prior versions are vulnerable when running on Mac OS X.
35. TIBCO SmartPGM FX Multiple Remote Vulnerabilities
BugTraq ID: 26092
Remote: Yes
Last Updated: 2007-10-31
Relevant URL: http://www.securityfocus.com/bid/26092
Summary:
TIBCO SmartPGM FX is prone to multiple remote vulnerabilities, including:
- Four unspecified stack-based buffer-overflow issues.
- One unspecified format-string issue.
- One unspecified denial-of-service issue.
An attacker can exploit these issues to execute arbitrary code or cause denial-of-service conditions.
36. Cisco Unified Communications Management Applications Privilege Escalation Vulneraiblity
BugTraq ID: 26106
Remote: Yes
Last Updated: 2007-10-31
Relevant URL: http://www.securityfocus.com/bid/26106
Summary:
Cisco Unified Communications Management Applications are prone to a privilege-escalation vulnerability.
Attackers can exploit this issue to gain unauthorized access to the web-based reporting and script-monitoring tool and the web-based configuration tool.
Attackers can gain access to potentially sensitive information and change the application configuration (including application rights). Information harvested may aid in further attacks.
37. Cisco Unified Communications Manager Remote Denial of Service and Buffer Overflow Vulnerabilities
BugTraq ID: 26105
Remote: Yes
Last Updated: 2007-10-31
Relevant URL: http://www.securityfocus.com/bid/26105
Summary:
Cisco Unified Communications Manager is prone to a denial-of-service vulnerability and a buffer-overflow vulnerability.
Successfully exploiting these issues allows remote attackers to crash affected devices by triggering kernel panics or to execute arbitrary machine code. These issues facilitate the complete remote compromise of affected devices.
Versions of Cisco Unified Communications Manager in the 5 and 6 series prior to 6.0(1) are affected by these issues.
38. Hitachi Collaboration Portal Schedule Component Information Disclosure Vulnerability
BugTraq ID: 26272
Remote: Yes
Last Updated: 2007-10-31
Relevant URL: http://www.securityfocus.com/bid/26272
Summary:
Hitachi Collaboration Portal is prone to an unspecified information-disclosure vulnerability.
Attackers can exploit this issue to access potentially sensitive information that could aid in further attacks.
39. GNU BinUtils Buffer Overflow Vulnerability
BugTraq ID: 17950
Remote: Yes
Last Updated: 2007-10-31
Relevant URL: http://www.securityfocus.com/bid/17950
Summary:
GNU 'binutils' is prone to a buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer.
Remote attackers may crash the 'strings' utility, potentially making analysis of malicious binaries more difficult. Attackers may also execute arbitrary machine code in the context of applications that use the affected library.
40. Sun Fire X2100 M2 And X2200 M2 ELOM Unauthorized Access Vulnerability
BugTraq ID: 25863
Remote: Yes
Last Updated: 2007-10-31
Relevant URL: http://www.securityfocus.com/bid/25863
Summary:
Sun Fire X2100 M2 and X2200 M2 servers are prone to a vulnerability that allows unauthorized access.
This issue affects the Embedded Lights Out Manager (ELOM).
Remote attackers can leverage this issue to use a vulnerable server as a proxy for sending spam email messages.
41. HP-UX OpenSSL Unspecified Local Denial Of Service Vulnerability
BugTraq ID: 26093
Remote: No
Last Updated: 2007-10-31
Relevant URL: http://www.securityfocus.com/bid/26093
Summary:
HP-UX running OpenSSL software is prone to a local denial-of-service vulnerability.
Exploiting this issue allows local attackers to deny service to legitimate users.
This issue affects HP-UX B.11.11, B.11.23, B.11.31 when running versions of OpenSSL prior to vA.00.09.07l.
42. RunCMS NewBB_Plus Unspecified Security Vulnerability
BugTraq ID: 26099
Remote: Yes
Last Updated: 2007-10-31
Relevant URL: http://www.securityfocus.com/bid/26099
Summary:
RunCMS is prone to an unspecified vulnerability.
Very few details are available regarding this issue. We will update this BID as more information emerges.
This issue affects versions prior to RunCMS 1.5.3.
43. Oracle XML DB FTP Service Login Audit Vulnerability
BugTraq ID: 26107
Remote: Yes
Last Updated: 2007-10-31
Relevant URL: http://www.securityfocus.com/bid/26107
Summary:
Oracle XML DB FTP service may incorrectly perform login audit trails in some circumstances. Attackers may exploit this issue to hide or obfuscate actual attack traces.
This issue affects Oracle 9ir2 and Oracle 10g Release 1.
NOTE: This issue was previously documented in BID 26039 (Oracle October 2007 Critical Patch Update Multiple Vulnerabilities) and has been given its own BID because further technical details are now available.
44. Oracle Database Server DBMS_AQADM_SYS.DBLINK_INFO Buffer Overflow Vulnerability
BugTraq ID: 26235
Remote: Yes
Last Updated: 2007-10-31
Relevant URL: http://www.securityfocus.com/bid/26235
Summary:
Oracle Database Server is prone to a remote buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it to an insufficiently sized memory buffer.
An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial of service.
NOTE: This issue can be exploited only by users with 'EXECUTE' privileges on the 'SYS.DBMS_AQADM_SYS' package. By default, only SYSDBA users have this privilege.
This issue was previously tracked by BID 26039 (Oracle vulnerability number DB25) but has been given its own BID because more information has emerged.
45. Okul Otomasyon Portal Default.ASP SQL Injection Vulnerability
BugTraq ID: 26094
Remote: Yes
Last Updated: 2007-10-31
Relevant URL: http://www.securityfocus.com/bid/26094
Summary:
Okul Otomasyon Portal is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
This issue affects Okul Otomasyon Portal 2.0; other versions may also be affected.
46. Artmedic CMS Index.PHP Local File Include Vulnerability
BugTraq ID: 26090
Remote: Yes
Last Updated: 2007-10-31
Relevant URL: http://www.securityfocus.com/bid/26090
Summary:
Artmedic CMS is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.
Exploiting this issue may allow an unauthorized user to execute local scripts or to view arbitrary files that may contain sensitive information that can aid in further attacks.
Artmedic CMS 3.5 is vulnerable to this issue; other versions may also be affected.
47. Perdition IMAPD __STR_VWRITE Remote Format String Vulnerability
BugTraq ID: 26270
Remote: Yes
Last Updated: 2007-10-31
Relevant URL: http://www.securityfocus.com/bid/26270
Summary:
Perdition IMAP proxy server is prone to a remote format-string vulnerability because it fails to properly sanitize user-supplied input before passing it as the format specifier to a formatted-printing function.
An attacker can exploit this issue to execute arbitrary machine code in the context of the affected application. A successful attack will compromise the application. Failed attempts may cause denial-of-service conditions.
This issue affects Perdition 1.17 and prior versions.
48. McAfee E-Business Server Authentication Packet Handling Integer Overflow Vulnerability
BugTraq ID: 26269
Remote: Yes
Last Updated: 2007-10-31
Relevant URL: http://www.securityfocus.com/bid/26269
Summary:
The application is prone to an integer-overflow vulnerability because it fails to ensure that integer values aren't overrun.
Successfully exploiting this issue may allow attackers to execute arbitrary code within the context of the affected application. This is turn may result in a complete compromise of the affected system. Failed exploit attempts will result in a denial of service.
The issue affects McAfee E-Business Server 8.1.1 for Linux and 8.5.2 for Solaris. Versions for Windows are not affected.
49. Apache Geronimo Management EJB Security Bypass Vulnerability
BugTraq ID: 25804
Remote: Yes
Last Updated: 2007-10-31
Relevant URL: http://www.securityfocus.com/bid/25804
Summary:
Apache Geronimo is prone to a security-bypass vulnerability. This issue occurs in the management EJB (MEJB).
An attacker could exploit this issue to gain unauthorized access to the affected application. This may lead to further attacks.
This issue affects Apache Geronimo 2.0.1; other versions may also be affected.
50. Light FMan PHP Multiple Unspecified Security Vulnerabilities
BugTraq ID: 26267
Remote: Yes
Last Updated: 2007-10-31
Relevant URL: http://www.securityfocus.com/bid/26267
Summary:
Light FMan PHP (lfman) is prone to multiple unspecified vulnerabilities.
Very few details are available regarding these issues. We will update this BID as more information emerges.
These issues affect versions prior to Light FMan PHP 2.0rc1.
51. Mozilla Products Multiple Remote Vulnerabilities
BugTraq ID: 24242
Remote: Yes
Last Updated: 2007-10-31
Relevant URL: http://www.securityfocus.com/bid/24242
Summary:
The Mozilla Foundation has released six security advisories specifying vulnerabilities in Firefox, SeaMonkey, and Thunderbird.
These vulnerabilities allow attackers to:
- Execute arbitrary code
- Cause denial-of-service conditions
- Perform cross-site scripting attacks
- Obtain potentially sensitive information
- Spoof legitimate content
Other attacks may also be possible.
52. Django i18n Remote Denial Of Service Vulnerability
BugTraq ID: 26227
Remote: Yes
Last Updated: 2007-10-31
Relevant URL: http://www.securityfocus.com/bid/26227
Summary:
Django is prone to a remote denial-of-service vulnerability because it fails to adequately handle user-supplied input.
Attackers can exploit this issue to exhaust large amounts of memory, resulting in denial-of-service conditions.
Django 0.91, 0.95, 0.95.1, and 0.96 are vulnerable; other versions may also be affected.
NOTE: The application is affected by this issue only if both the 'USE_I18N' option and the 'i18n' middleware component are enabled.
53. Symantec Altiris Deployment Solution Aclient Local Privilege Escalation Vulnerability
BugTraq ID: 26265
Remote: No
Last Updated: 2007-10-31
Relevant URL: http://www.securityfocus.com/bid/26265
Summary:
Symantec Altiris Deployment Solution is prone to a local privilege-escalation vulnerability.
Attackers can exploit this issue to execute arbitrary files with 'System' privileges. Successful exploits will completely compromise affected computers.
54. Apple Xcode OpenBase Multiple Privilege Escalation Vulnerabilities
BugTraq ID: 20562
Remote: No
Last Updated: 2007-10-31
Relevant URL: http://www.securityfocus.com/bid/20562
Summary:
The OpenBase application shipped with Apple Xcode is prone to multiple privilege-escalation issues because the application fails to handle exceptional conditions when executing setuid programs.
A local attacker can exploit these issues to gain superuser privileges. A successful exploit would lead to the complete compromise of affected computers.
This issue affects Apple Xcode 2.2 and earlier versions.
55. GlobalLink ConnectAndEnterRoom ActiveX Control Stack Buffer Overflow Vulnerability
BugTraq ID: 26244
Remote: Yes
Last Updated: 2007-10-31
Relevant URL: http://www.securityfocus.com/bid/26244
Summary:
GlobalLink is prone to a stack-based buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it into an insufficiently sized memory buffer.
An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in denial-of-service conditions.
GlobalLink 2.7.0.8 is affected by this issue; other versions may also be vulnerable.
56. PHP-AGTC Membership System Adduser.PHP Unauthorized Access Vulnerability
BugTraq ID: 26255
Remote: Yes
Last Updated: 2007-10-31
Relevant URL: http://www.securityfocus.com/bid/26255
Summary:
PHP-AGTC membership system is prone to an unauthorized-access vulnerability.
An attacker can exploit this issue to gain administrative access to the affected application.
This issue affects PHP-AGTC membership system 1.1a; other versions may also be affected.
57. ILIAS Multiple HTML Injection Vulnerabilities
BugTraq ID: 26264
Remote: Yes
Last Updated: 2007-10-31
Relevant URL: http://www.securityfocus.com/bid/26264
Summary:
ILIAS is prone to multiple HTML-injection vulnerabilities because it fails to sufficiently sanitize user-supplied input data.
Exploiting these issues may allow an attacker to execute HTML and script code in the context of the affected site, to steal cookie-based authentication credentials, or to control how the site is rendered to the user; other attacks are also possible.
These issues affect ILIAS 3.8.3 and prior versions.
58. QEMU Multiple Local Vulnerabilities
BugTraq ID: 23731
Remote: No
Last Updated: 2007-10-31
Relevant URL: http://www.securityfocus.com/bid/23731
Summary:
QEMU is prone to multiple locally exploitable buffer-overflow and denial-of-service vulnerabilities. The buffer-overflow issues occur because the software fails to properly check boundaries of user-supplied input when copying it to insufficiently sized memory buffers. The denial-of-service issues stem from design errors.
Attackers may be able to exploit these issues to escalate privileges or trigger denial-of-service conditions.
59. Bochs Buffer Overflow and Denial Of Service Vulnerabilities
BugTraq ID: 24246
Remote: No
Last Updated: 2007-10-31
Relevant URL: http://www.securityfocus.com/bid/24246
Summary:
Bochs is prone to a heap-based buffer-overflow issue and a denial-of-service issue. The buffer-overflow issue occurs because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized memory buffer. The denial-of-service vulnerability is caused by a divide-by-zero operation.
A local attacker can exploit these issues to execute arbitrary code in the context of the affected application or to cause denial-of-service conditions. Failed exploit attempts of the buffer-overflow vulnerability will also result in denial-of-service conditions.
60. IBM AIX crontab Local Privilege Escalation Vulnerability
BugTraq ID: 26263
Remote: No
Last Updated: 2007-10-31
Relevant URL: http://www.securityfocus.com/bid/26263
Summary:
IBM AIX 'crontab' is prone to a local privilege-escalation vulnerability because it fails to perform adequate length checks on user-supplied input.
Attackers can exploit this issue to execute arbitrary code using superuser privileges. Successful exploits will completely compromise affected computers.
61. IBM AIX Swcons Arbitrary File Access Vulnerability
BugTraq ID: 26258
Remote: No
Last Updated: 2007-10-31
Relevant URL: http://www.securityfocus.com/bid/26258
Summary:
AIX 'swcons' is prone to a vulnerability that lets attackers access arbitrary files because the utility fails to adequately verify user-supplied input.
A local attacker can exploit this issue to execute arbitrary code with superuser privileges. Note that to run the 'swcons' utility, local users must belong to the 'system' group.
This issue affects AIX 5.2 and 5.3; fixes are available.
62. IBM AIX dig Local Privilege Escalation Vulnerability
BugTraq ID: 26262
Remote: No
Last Updated: 2007-10-31
Relevant URL: http://www.securityfocus.com/bid/26262
Summary:
IBM AIX is prone to a local privilege-escalation vulnerability because it fails to perform adequate boundary checks on user-supplied input.
Attackers can exploit this issue to execute arbitrary code using superuser privileges. Successful exploits will completely compromise affected computers.
63. Opera Web Browser External Applications Arbitrary Code Execution Vulnerability
BugTraq ID: 26100
Remote: Yes
Last Updated: 2007-10-31
Relevant URL: http://www.securityfocus.com/bid/26100
Summary:
Opera Web Browser is prone to a vulnerability that lets attackers execute arbitrary code when the browser is configured to run external news readers or email clients.
Attackers can exploit this issue to execute arbitrary code with the privileges of the user running the affected application.
Versions prior to Opera for Desktop 9.24 are vulnerable.
64. Opera Web Browser Frame Functions Same Origin Policy Bypass Vulnerability
BugTraq ID: 26102
Remote: Yes
Last Updated: 2007-10-31
Relevant URL: http://www.securityfocus.com/bid/26102
Summary:
Opera Web Browser is prone to a vulnerability that lets attackers bypass the same-origin policy.
Attackers can exploit this issue to execute arbitrary JavaScript in the context of another domain.
Versions prior to Opera for Desktop 9.24 are vulnerable.
65. phpFaber URLInn Config.PHP Remote File Include Vulnerability
BugTraq ID: 26261
Remote: Yes
Last Updated: 2007-10-31
Relevant URL: http://www.securityfocus.com/bid/26261
Summary:
URLInn is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied input.
Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible.
This issue affects URLInn 2.0.5; other versions may also be affected.
66. IBM AIX lquerypv Local Privilege Escalation Vulnerability
BugTraq ID: 26259
Remote: No
Last Updated: 2007-10-31
Relevant URL: http://www.securityfocus.com/bid/26259
Summary:
IBM AIX is prone to a local privilege-escalation vulnerability because it fails to perform adequate boundary checks on user-supplied input.
Attackers can exploit this issue to execute arbitrary code using superuser privileges. Successful exploits will completely compromise affected computers.
67. IBM AIX ftp Local Privilege Escalation Vulnerability
BugTraq ID: 26260
Remote: No
Last Updated: 2007-10-31
Relevant URL: http://www.securityfocus.com/bid/26260
Summary:
IBM AIX is prone to a local privilege-escalation vulnerability because it fails to perform adequate boundary checks on user-supplied input.
Attackers can exploit this issue to execute arbitrary code using superuser privileges. Successful exploits will completely compromise affected computers.
68. Symantec Altiris Deployment Solution Directory Traversal Vulnerability
BugTraq ID: 26266
Remote: No
Last Updated: 2007-10-31
Relevant URL: http://www.securityfocus.com/bid/26266
Summary:
Symantec Altiris Deployment Solution is prone to a directory traversal vulnerability.
Attackers can exploit this issue to gain access to potentially sensitive information. Information obtained may aid in further attacks.
69. Mono System.Math BigInteger Buffer Overflow Vulnerability
BugTraq ID: 26279
Remote: Yes
Last Updated: 2007-10-31
Relevant URL: http://www.securityfocus.com/bid/26279
Summary:
Mono is prone to a buffer-overflow vulnerability because the application fails to adequately perform boundary checks on user-supplied data.
Successfully exploiting this issue could allow attackers to execute arbitrary code in the context of the user running an affected application. Failed exploit attempts will likely result in a denial-of-service condition.
70. phpMyConferences PageTraiteDownload.PHP Local File Include Vulnerability
BugTraq ID: 26278
Remote: Yes
Last Updated: 2007-10-31
Relevant URL: http://www.securityfocus.com/bid/26278
Summary:
phpMyConferences is prone to a local file-include vulnerability because it fails to adequately sanitize user-supplied input for requests to restricted files that reside outside of the web document root directory.
A remote attacker can exploit this issue to retrieve potentially sensitive information that may aid in further attacks.
This issue affects phpMyConferences 8.0.2; other versions may also be affected.
71. ISPworker Download.PHP Multiple Local File Include Vulnerabilities
BugTraq ID: 26277
Remote: Yes
Last Updated: 2007-10-31
Relevant URL: http://www.securityfocus.com/bid/26277
Summary:
ISPworker is prone to multiple local file-include vulnerabilities because it fails to sufficiently sanitize user-supplied input.
Exploiting these issues may allow an attacker to access potentially sensitive information and execute arbitrary local scripts within the context of the webserver process.
These issues affect ISPworker 1.21; other versions may also be affected.
72. IBM WebSphere Application Server UDDI Console Multiple Input Validation Vulnerabilities
BugTraq ID: 26276
Remote: Yes
Last Updated: 2007-10-31
Relevant URL: http://www.securityfocus.com/bid/26276
Summary:
WebSphere Application Server is prone to multiple cross-site request-forgery and cross-site scripting vulnerabilities.
Attackers can exploit these issues to steal cookie-based authentication credentials, execute arbitrary script code, and use a victim's currently active session to perform actions with the application.
WebSphere Application Server versions 6.0 and 6.1 are vulnerable; other versions may also be affected.
73. Yarssr GUI.PM Remote Code Injection Vulnerability
BugTraq ID: 26273
Remote: Yes
Last Updated: 2007-10-31
Relevant URL: http://www.securityfocus.com/bid/26273
Summary:
Yarssr is prone to a remote code-injection vulnerability because it fails to properly sanitize user-supplied input.
An attacker can exploit this issue to inject and execute arbitrary malicious Perl code with the privileges of the user running the application. Successful exploits can compromise the application and possibly the underlying computer; other attacks are also possible.
Yarssr 0.2.2 is vulnerable; other versions may also be affected.
74. Hitachi Web Server HTML Injection Vulnerability and Signature Forgery Vulnerability
BugTraq ID: 26271
Remote: Yes
Last Updated: 2007-10-31
Relevant URL: http://www.securityfocus.com/bid/26271
Summary:
Hitachi Web Server is prone to a HTML-injection vulnerability and a vulnerability that allow attackers to forge digital signatures in an SSL certificate.
An attacker could exploit these issues to execute arbitrary code within the context of the webserver process, steal cookie-based authentication credentials, sign digital certificates and take advantage of trust relationships that may depend on these credentials.
75. IBM AIX lqueryvg Local Privilege Escalation Vulnerability
BugTraq ID: 26256
Remote: No
Last Updated: 2007-10-30
Relevant URL: http://www.securityfocus.com/bid/26256
Summary:
IBM AIX is prone to a local privilege-escalation vulnerability because it fails to perform adequate boundary checks on user-supplied input.
Attackers can exploit this issue to execute arbitrary code using superuser privileges. Successful exploits will completely compromise affected computers.
76. OpenSSL DTLS Heap Buffer Overflow Vulnerability
BugTraq ID: 26055
Remote: Yes
Last Updated: 2007-10-30
Relevant URL: http://www.securityfocus.com/bid/26055
Summary:
OpenSSL is prone to a heap buffer-overflow vulnerability because the library fails to perform adequate boundary checks on user-supplied data.
Successfully exploiting this issue may allow attackers to execute arbitrary machine code in the context of applications that use the affected library, but this has not been confirmed. Failed exploit attempts may crash applications, denying service to legitimate users.
77. ISC BIND 8 Remote Cache Poisoning Vulnerability
BugTraq ID: 25459
Remote: Yes
Last Updated: 2007-10-30
Relevant URL: http://www.securityfocus.com/bid/25459
Summary:
BIND 8 is prone to a remote cache-poisoning vulnerability because of weaknesses in its random-number generator.
An attacker may leverage this issue to manipulate cache data, potentially facilitating man-in-the-middle, site-impersonation, or denial-of-service attacks.
Versions of BIND from 8.2.0 through to 8.4.7 are vulnerable to this issue.
78. IBM AIX bellmail Local Privilege Escalation Vulnerability
BugTraq ID: 26257
Remote: No
Last Updated: 2007-10-30
Relevant URL: http://www.securityfocus.com/bid/26257
Summary:
IBM AIX is prone to a local privilege-escalation vulnerability because it fails to perform adequate boundary checks on user-supplied input.
Attackers can exploit this issue to execute arbitrary code using superuser privileges. Successful exploits will completely compromise affected computers.
79. Microsoft Windows Kodak Image Viewer Remote Code Execution Vulnerability
BugTraq ID: 25909
Remote: Yes
Last Updated: 2007-10-30
Relevant URL: http://www.securityfocus.com/bid/25909
Summary:
Microsoft Windows Kodak Image Viewer is prone to a remote code-execution vulnerability because it fails to properly bounds-check user-supplied data.
Remote attackers can exploit this issue to execute arbitrary machine code in the context of a user running the application. Successful exploits will compromise the user's account and possibly the underlying computer. Failed attacks will likely cause denial-of-service conditions.
NOTE: Affected versions of Windows XP are vulnerable only if they have been upgraded from Windows 2000.
80. X.Org X Font Server Multiple Memory Corruption Vulnerabilities
BugTraq ID: 25898
Remote: Yes
Last Updated: 2007-10-30
Relevant URL: http://www.securityfocus.com/bid/25898
Summary:
X.Org X Font Server (XFS) is prone to multiple memory-corruption vulnerabilities, including an integer-overflow issue and a heap-based memory-corruption issue.
An attacker could exploit this issue to execute arbitrary code with the privileges of the X Font Server. Failed exploit attempts will likely result in a denial-of-service condition.
NOTE: These issues are exploitable remotely only on Solaris operating systems; by default the server is listening on TCP port 7100. For other UNIX-like operating systems, an attacker can exploit these issues only locally.
These issues affect X Font Server 1.0.4; prior versions may also be affected.
81. Liferea Feedlist.OPML Local Information Disclosure Vulnerability
BugTraq ID: 26254
Remote: No
Last Updated: 2007-10-30
Relevant URL: http://www.securityfocus.com/bid/26254
Summary:
Liferea is prone to a local information-disclosure vulnerability because the application fails to set file permissions correctly on a backup file.
Attackers can leverage this issue to obtain sensitive information used to construct valid login credentials.
This issue affects versions prior to Liferea 1.4.6.
82. NuFW SAMP_SEND Heap Based Buffer Overflow Vulnerability
BugTraq ID: 26251
Remote: Yes
Last Updated: 2007-10-30
Relevant URL: http://www.securityfocus.com/bid/26251
Summary:
NuFW is prone to a heap-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data.
Attackers can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial of service.
This issue affects NuFW 2.2.6; other versions may also be vulnerable.
83. Sun Fire X2100 M2 And X2200 M2 ELOM Unspecified Remote Arbitrary Command Execution Vulnerability
BugTraq ID: 26250
Remote: Yes
Last Updated: 2007-10-30
Relevant URL: http://www.securityfocus.com/bid/26250
Summary:
Sun Fire X2100 M2 and X2200 M2 servers are prone to a vulnerability that allows remote attackers to execute arbitrary commands with superuser privileges. Successful attacks may completely compromise affected servers.
This issue affects the Embedded Lights Out Manager (ELOM) for x86 architecture; no other systems are affected.
84. IBM Lotus Notes Attachment Viewer Multiple Buffer Overflow Vulnerabilities
BugTraq ID: 26175
Remote: Yes
Last Updated: 2007-10-30
Relevant URL: http://www.securityfocus.com/bid/26175
Summary:
IBM Lotus Notes is prone to multiple buffer-overflow vulnerabilities.
Successfully exploiting these issues could allow an attacker to execute arbitrary code in the context of the user running the application.
Lotus Notes 7.0.2 is prone to these issues; other versions may also be vulnerable.
NOTE: Reports suggest that Symantec Mail Security for Domino, SMTP, and Exchange are also vulnerable to these issues; Symantec has not confirmed this. We will update this BID pending further investigation.
85. Python ImageOP Module Multiple Integer Overflow Vulnerabilities
BugTraq ID: 25696
Remote: Yes
Last Updated: 2007-10-30
Relevant URL: http://www.securityfocus.com/bid/25696
Summary:
Python's imageop module is prone to multiple integer-overflow vulnerabilities because it fails to properly bounds-check user-supplied input to ensure that integer operations do not overflow.
To successfully exploit these issues, an attacker must be able to control the arguments to imageop functions. Remote attackers may be able to do this, depending on the nature of applications that use the vulnerable functions.
Attackers would likely submit invalid or specially crafted images to applications that perform imageop operations on the data.
A successful exploit may allow attacker-supplied machine code to run in the context of affected applications, facilitating the remote compromise of computers.
86. GNU Tar Dot_Dot Function Remote Directory Traversal Vulnerability
BugTraq ID: 25417
Remote: Yes
Last Updated: 2007-10-30
Relevant URL: http://www.securityfocus.com/bid/25417
Summary:
GNU Tar is prone to a directory-traversal vulnerability because the application fails to validate user-supplied data.
A successful attack can allow the attacker to overwrite files on a computer in the context of the user running the affected application. Successful exploits may aid in further attacks.
87. Ruby Net::HTTP SSL Insecure Certificate Validation Weakness
BugTraq ID: 25847
Remote: Yes
Last Updated: 2007-10-30
Relevant URL: http://www.securityfocus.com/bid/25847
Summary:
Ruby's Net::HTTP library is prone to an insecure-certificate-validation weakness because the library fails to properly perform validity checks on X.509 certificates.
Successfully exploiting this issue may allow attackers to perform man-in-the-middle attacks against applications that insecurely use the affected library. Other attacks may also be possible.
88. miniBB BB_FUNC_SEARCH.PHP SQL Injection Vulnerability
BugTraq ID: 26249
Remote: Yes
Last Updated: 2007-10-30
Relevant URL: http://www.securityfocus.com/bid/26249
Summary:
miniBB is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
This issue affects miniBB 2.1; other versions may also be vulnerable.
89. Sun Solaris 10 Internet Protocol ip(7P) Unspecified Local Denial Of Service Vulnerability
BugTraq ID: 26248
Remote: No
Last Updated: 2007-10-30
Relevant URL: http://www.securityfocus.com/bid/26248
Summary:
Sun Solaris 10 is prone to an unspecified local denial-of-service vulnerability.
An unprivileged local user can exploit this issue on an affected computer to cause a system panic, resulting in a denial-of-service condition.
This issue affects Sun Solaris 10 for SPARC and x86 architectures.
90. Micro Login System UserPWD.TXT Information Disclosure Vulnerability
BugTraq ID: 26246
Remote: Yes
Last Updated: 2007-10-30
Relevant URL: http://www.securityfocus.com/bid/26246
Summary:
Micro Login System is prone to an information-disclosure vulnerability.
An attacker can exploit this issue to access sensitive information that may lead to further attacks.
Micro Login System 1.0 is vulnerable; other versions may also be affected.
91. OpenLDAP Multiple Remote Denial of Service Vulnerabilities
BugTraq ID: 26245
Remote: Yes
Last Updated: 2007-10-30
Relevant URL: http://www.securityfocus.com/bid/26245
Summary:
OpenLDAP is prone to multiple remote denial-of-service vulnerabilities because of an incorrect NULL-termination issue and a double-free issue.
Attackers can exploit these issues to deny service to legitimate users.
Versions prior to OpenLDAP 2.3.39 are vulnerable.
92. Sun Java Runtime Environment Network Access Restriction Security Bypass Vulnerability
BugTraq ID: 25054
Remote: Yes
Last Updated: 2007-10-30
Relevant URL: http://www.securityfocus.com/bid/25054
Summary:
The Sun Java Runtime Environment is prone to a security-bypass vulnerability.
Successfully exploiting this issue will allow an attacker to connect to services on a remote user's computer without proper authorization. This may lead to other attacks.
93. Sun Java Runtime Environment Font Parsing Remote Privilege Escalation Vulnerability
BugTraq ID: 25340
Remote: Yes
Last Updated: 2007-10-30
Relevant URL: http://www.securityfocus.com/bid/25340
Summary:
The Sun Java Runtime Environment is prone to a remote privilege-escalation vulnerability.
An attacker can exploit this issue to execute arbitrary code within the context of the user who invoked the Java applet. Successfully exploiting this issue may result in the remote compromise of affected computers.
94. Zlib Compression Library Buffer Overflow Vulnerability
BugTraq ID: 14162
Remote: Yes
Last Updated: 2007-10-30
Relevant URL: http://www.securityfocus.com/bid/14162
Summary:
Zlib is prone to a buffer-overflow vulnerability because the application fails to properly validate input data before using it in a memory copy operation.
In certain circumstances, malformed input data during decompression may cause a memory buffer to overflow. This may result in denial-of-service conditions or may allow remote code to execute in the context of applications that use the affected library.
95. Xunlei Web Thunder ActiveX Control DownURL2 Method Remote Buffer Overflow Vulnerability
BugTraq ID: 25751
Remote: Yes
Last Updated: 2007-10-30
Relevant URL: http://www.securityfocus.com/bid/25751
Summary:
Xunlei Web Thunder is prone to a remote buffer-overflow vulnerability because the application fails to perform adequate boundary-checks on user-supplied data.
An attacker may exploit this issue by enticing victims into visiting a maliciously crafted webpage.
Successfully exploiting this issue will allow the attacker to execute arbitrary code within the context of the application using the ActiveX control (typically Microsoft Internet Explorer). Failed exploit attempts will result in a denial-of-service condition.
This issue affects Xunlei Web Thunder 5.6.8.344; other versions may also be affected.
96. Oracle Database Server MDSYS.SDO_CS Buffer Overflow Vulnerability
BugTraq ID: 26243
Remote: Yes
Last Updated: 2007-10-30
Relevant URL: http://www.securityfocus.com/bid/26243
Summary:
Oracle Database Server is prone to a remote buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it to an insufficiently sized memory buffer.
An authenticated attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial of service.
NOTE: This issue was previously tracked by BID 26039 but has been given its own BID because more information has emerged.
97. Ipswitch IMail SMTP Server IMail Client Remote Buffer Overflow Vulnerability
BugTraq ID: 26252
Remote: Yes
Last Updated: 2007-10-30
Relevant URL: http://www.securityfocus.com/bid/26252
Summary:
IMail Client, which is included in Ipswitch IMail Server, is prone to a buffer-overflow vulnerability because the software fails to properly bounds-check user-supplied input before copying it into an insufficiently sized memory buffer.
Attackers may exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions.
This issue affects IMail Client 9.22, which is included with IMail Server 2006.22; other versions may also be affected.
98. ProfileCMS Profile Creation Arbitrary File Upload Vulnerability
BugTraq ID: 26242
Remote: Yes
Last Updated: 2007-10-29
Relevant URL: http://www.securityfocus.com/bid/26242
Summary:
ProfileCMS is prone to a vulnerability that lets attackers upload PHP script code and execute it in the context of the webserver process. This issue occurs because the application fails to sufficiently sanitize user-supplied input.
ProfileCMS 1.0 is vulnerable; other versions may also be affected.
99. Sony CONNECT SonicStage Player M3U Playlist Processing Buffer Overflow Vulnerability
BugTraq ID: 26241
Remote: Yes
Last Updated: 2007-10-29
Relevant URL: http://www.securityfocus.com/bid/26241
Summary:
Sony CONNECT SonicStage player is prone to a buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer.
Remote attackers may crash the application or execute arbitrary machine code in the context of the user running the affected application.
This issue affects SonicStage 4.3; other versions may also be vulnerable.
100. CaupoShop Pro Index.PHP Remote File Include Vulnerability
BugTraq ID: 26239
Remote: Yes
Last Updated: 2007-10-29
Relevant URL: http://www.securityfocus.com/bid/26239
Summary:
CaupoShop Pro is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied input.
Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible.
III. SECURITYFOCUS NEWS ARTICLES
--------------------------------
1. Court filings double estimate of TJX breach
By: Robert Lemos
Online attackers stole information on more than 94 million credit- and debit-card accounts, more than double the original estimates, according to court documents.
http://www.securityfocus.com/news/11493
2. Identity thieves likely to be first-timers, strangers
By: Robert Lemos
Six years of U.S. Secret Service cases reveal that the majority of identity thieves do not know their victims and do not have a prior criminal record.
http://www.securityfocus.com/news/11492
3. Retailers look to exorcise credit-card data
By: Robert Lemos
The National Retail Federation sends a letter asking that its members be allowed to decide what credit-card data to keep.
http://www.securityfocus.com/news/11491
4. DHS, Unisys scrutinized after data breach
By: Robert Lemos
A Congressional committee claims that Unisys allowed malicious code to infect federal systems.
http://www.securityfocus.com/news/11489
IV. SECURITY JOBS LIST SUMMARY
-------------------------------
1. [SJ-JOB] Security Engineer, Washington DC area
http://www.securityfocus.com/archive/77/482966
2. [SJ-JOB] Sr. Security Engineer, San Antonio
http://www.securityfocus.com/archive/77/482969
3. [SJ-JOB] Security Engineer, San Antonio
http://www.securityfocus.com/archive/77/482962
4. [SJ-JOB] Information Assurance Engineer, Herndon
http://www.securityfocus.com/archive/77/482967
5. [SJ-JOB] Sr. Security Engineer, Washington DC area
http://www.securityfocus.com/archive/77/482968
6. [SJ-JOB] Security System Administrator, Stanford
http://www.securityfocus.com/archive/77/482973
7. [SJ-JOB] Threat Analyst, Washington DC area
http://www.securityfocus.com/archive/77/482958
8. [SJ-JOB] Security Engineer, Washington DC area
http://www.securityfocus.com/archive/77/482959
9. [SJ-JOB] Security Engineer, Stanford
http://www.securityfocus.com/archive/77/482961
10. [SJ-JOB] Security System Administrator, Stanford
http://www.securityfocus.com/archive/77/482965
11. [SJ-JOB] Threat Analyst, San Antonio
http://www.securityfocus.com/archive/77/482970
12. [SJ-JOB] Security Engineer, Washington DC area
http://www.securityfocus.com/archive/77/482954
13. [SJ-JOB] Director, Information Security, Bergen County
http://www.securityfocus.com/archive/77/482957
14. [SJ-JOB] Security System Administrator, San Antonio or Austin
http://www.securityfocus.com/archive/77/482963
15. [SJ-JOB] Security Engineer, San Antonio
http://www.securityfocus.com/archive/77/482964
16. [SJ-JOB] Security Engineer, San Antonio
http://www.securityfocus.com/archive/77/482955
17. [SJ-JOB] Application Security Engineer, St. Lousi
http://www.securityfocus.com/archive/77/482845
18. [SJ-JOB] Security Consultant, NY
http://www.securityfocus.com/archive/77/482827
19. [SJ-JOB] Account Manager, Atlanta
http://www.securityfocus.com/archive/77/482843
20. [SJ-JOB] Sales Engineer, Austin/Dallas/Houston
http://www.securityfocus.com/archive/77/482846
21. [SJ-JOB] Sales Engineer, Herndon
http://www.securityfocus.com/archive/77/482847
22. [SJ-JOB] Account Manager, San Francisco
http://www.securityfocus.com/archive/77/482849
23. [SJ-JOB] Security Researcher, San Jose
http://www.securityfocus.com/archive/77/482803
24. [SJ-JOB] Security Engineer, New York
http://www.securityfocus.com/archive/77/482805
25. [SJ-JOB] Director, Information Security, Philadelphia
http://www.securityfocus.com/archive/77/482842
26. [SJ-JOB] Account Manager, Glendale
http://www.securityfocus.com/archive/77/482844
27. [SJ-JOB] Sales Engineer, Chicago
http://www.securityfocus.com/archive/77/482848
28. [SJ-JOB] Security Auditor, West Port
http://www.securityfocus.com/archive/77/482802
29. [SJ-JOB] Sr. Security Analyst, Providence
http://www.securityfocus.com/archive/77/482804
30. [SJ-JOB] Security Architect, Arlington
http://www.securityfocus.com/archive/77/482806
31. [SJ-JOB] Security System Administrator, McLean
http://www.securityfocus.com/archive/77/482822
32. [SJ-JOB] Sales Engineer, Any US location
http://www.securityfocus.com/archive/77/482831
33. [SJ-JOB] Compliance Officer, Reading, Berkshire
http://www.securityfocus.com/archive/77/482828
34. [SJ-JOB] Sales Engineer, London
http://www.securityfocus.com/archive/77/482820
35. [SJ-JOB] Software Engineer, Atlanta
http://www.securityfocus.com/archive/77/482823
36. [SJ-JOB] Technical Support Engineer, Fort Lauderdale
http://www.securityfocus.com/archive/77/482824
37. [SJ-JOB] Security Engineer, West Port
http://www.securityfocus.com/archive/77/482829
38. [SJ-JOB] Security Engineer, West Port
http://www.securityfocus.com/archive/77/482830
39. [SJ-JOB] Developer, Columbia
http://www.securityfocus.com/archive/77/482821
V. INCIDENTS LIST SUMMARY
---------------------------
VI. VULN-DEV RESEARCH LIST SUMMARY
-----------------------------------
1. In Memoriam: Jun-ichiro Hagino
http://www.securityfocus.com/archive/82/483017
2. DeepSec 2007 Registration: hurry up, seats are filling fast
http://www.securityfocus.com/archive/82/483013
VII. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. SecurityFocus Microsoft Newsletter #365
http://www.securityfocus.com/archive/88/482796
VIII. SUN FOCUS LIST SUMMARY
----------------------------
IX. LINUX FOCUS LIST SUMMARY
----------------------------
X. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to sf-news-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.
If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.
XI. SPONSOR INFORMATION
------------------------
This issue is Sponsored by: CSI
CSI 2007, November 3-9 in Washington, DC, is the only conference that delivers a business-focused overview of enterprise security.
It will convene 2,000+ delegates, 80 exhibitors and features 100+ sessions/seminars providing a roadmap for integrating policies and procedures with new tools and techniques.
Register now for savings on conference fees and/or free exhibits admission.
www.csiannual.com
