News

Tuesday, October 16, 2007

SecurityFocus Newsletter #423

SecurityFocus Newsletter #423
----------------------------------------

This issue is Sponsored by: CSI

CSI 2007, November 3-9 in Washington, DC, is the only conference that delivers a business-focused overview of enterprise security.
It will convene 2,000+ delegates, 80 exhibitors and features 100+ sessions/seminars providing a roadmap for integrating policies and procedures with new tools and techniques.
Register now for savings on conference fees and/or free exhibits admission.

http://www.csiannual.com


SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1.Starting up with Aspect-Oriented Programming
2.Of Hackers and Ego
II. BUGTRAQ SUMMARY
1. Microsoft Internet Explorer Script Error Handling Memory Corruption Vulnerability
2. Microsoft Internet Explorer Address Bar Spoofing Vulnerability
3. DB Software Laboratory VImpX ActiveX Control RejectedRecordsFile Buffer Overflow Vulnerability
4. Softbiz Recipes Portal Searchresult.PHP SQL Injection Vulnerability
5. Sylpheed and Sylpheed-Claws POP3 Format String Vulnerability
6. Lighttpd Mod_FastCGI Request Headers Remote Header Overflow Vulnerability
7. Tcl/Tk ReadImage Buffer Overflow Vulnerability
8. Linux Kernel i965 Chipsets Insecure Batchbuffer Local Privilege Escalation Vulnerability
9. Linux Kernel ALSA snd-page-alloc Local Proc File Information Disclosure Vulnerability
10. Live for Speed Skin Name Buffer Overflow Vulnerability
11. Linux PowerPC Kernel Restore_Sigcontext Local Denial of Service Vulnerability
12. Linux Kernel 64-Bit SMP Routing_ioctl() Local Denial of Service Vulnerability
13. IBM DB2 Universal Database Multiple Denial of Service Vulnerabilities
14. Linux Kernel Bluetooth CAPI Packet Remote Buffer Overflow Vulnerability
15. Google Urchin Report.CGI Authorization Bypass Vulnerability
16. PHP File Sharing System Index.PHP Directory Traversal Vulnerability
17. Cisco IOS LPD Remote Buffer Overflow Vulnerability
18. DenyHosts Client Protocol Version Identification Remote Denial of Service Vulnerability
19. Ampache Albums.PHP SQL Injection Vulnerability
20. Linux Kernel EFLAGS NT Local Denial of Service Vulnerability
21. Linux Kernel HugeTLB Local Denial Of Service Vulnerability
22. Linux Kernel USB PWC Driver Local Denial Of Service Vulnerability
23. Joomla! Com_Colorlab Component MosConfig_Live_Site Remote File Include Vulnerability
24. T1lib intT1_Env_GetCompletePath Buffer Overflow Vulnerability
25. X.Org XFS Init Script Insecure Temporary File Creation Vulnerability
26. PBEmail ActiveX Edition SaveSenderToXml Arbitrary File Overwrite Vulnerability
27. Microsoft Windows Kodak Image Viewer Remote Code Execution Vulnerability
28. Apache Tomcat Multiple Remote Information Disclosure Vulnerabilities
29. Apache Tomcat Host Manager Servlet Cross Site Scripting Vulnerability
30. Microsoft Outlook Express And Windows Mail NNTP Protocol Heap Buffer Overflow Vulnerability
31. Microsoft Windows RPC NTLMSSP Remote Denial Of Service Vulnerability
32. Trolltech Qt UTF-8 Sequences Input Validation Vulnerability
33. Trolltech Qt ToUnicode Function Off By One Buffer Overflow Vulnerability
34. HP Select Identity Unspecified Remote Unauthorized Access Vulnerability
35. KDE KPDF/KWord/XPDF StreamPredictor Function Stack Buffer Overflow Vulnerability
36. Cyrus SASL Remote Digest-MD5 Denial of Service Vulnerability
37. IrfanView .PAL Importing Remote Stack Based Buffer Overflow Vulnerability
38. WWWISIS IsisScript Local File Disclosure Vulnerability
39. Adobe Acrobat Mailto Unspecified PDF File Security Vulnerability
40. phpMyAdmin Setup.PHP Cross-Site Scripting Vulnerability
41. WWWISIS Lang Parameter Cross-Site Scripting Vulnerability
42. Kerio Personal Firewall Remote Authentication Packet Buffer Overflow Vulnerability
43. Artmedic CMS Index.PHP Local File Include Vulnerability
44. LibPNG Graphics Library Chunk Error Processing Buffer Overflow Vulnerability
45. Trolltech Qt QTextEdit Multiple Format String Vulnerabilities
46. LibTIFF TIFFFindFieldInfo Remote Buffer Overflow Vulnerability
47. LibPNG Graphics Library PNG_SET_SPLT Remote Denial of Service Vulnerability
48. Libvorbis Denial Of Service And Memory Corruption Vulnerabilities
49. Distributed Checksum Clearinghouse SOCKS Unspecified Denial Of Service Vulnerability
50. WebMod AUTH.W Cross-Site Scripting Vulnerability
51. Microsoft Windows URI Handler Command Execution Vulnerability
52. Sun StorEdge 3510 FC Array FTP Service Denial of Service Vulnerability
53. VirtueMart Unspecified Arbitrary PHP Code Execution Vulnerability
54. Sun Java Runtime Environment Font Parsing Remote Privilege Escalation Vulnerability
55. Sun JavaDoc Tool Cross-Site Scripting Vulnerability
56. Sun Java RunTime Environment GIF Images Buffer Overflow Vulnerability
57. Sun JSSE SSL/TLS Handshake Processing Denial Of Service Vulnerability
58. Sun JDK JPG/BMP Parser Multiple Vulnerabilities
59. OpenSSL SSL_Get_Shared_Ciphers Off-by-One Buffer Overflow Vulnerability
60. ISC BIND 8 Remote Cache Poisoning Vulnerability
61. OpenSSL DTLS Heap Buffer Overflow Vulnerability
62. util-linux mount umount Local Privilege Escalation Vulnerability
63. Linux Kernel Ptrace Local Privilege Escalation Vulnerability
64. Linux Kernel AACRAID Driver Local Security Bypass Vulnerability
65. Linux Kernel USBLCD Memory Consumption Denial Of Service Vulnerability
66. Linux Kernel Parent Process Death Signal Local Security Bypass Weakness
67. Linux Kernel Random Number Generator Local Denial of Service and Privilege Escalation Vulnerability
68. Linux Kernel Decode_Choices Function Remote Denial Of Service Vulnerability
69. Linux Kernel CPUSet Tasks Memory Leak Information Disclosure Vulnerability
70. Linux Kernel SCTP Connection Denial Of Service Vulnerability
71. Linux Kernel PPPoE Socket Local Denial of Service Vulnerability
72. Linux Kernel PRNG Entropy Weakness
73. Linux Kernel Fib_Semantics.C Out Of Bounds Access Vulnerability
74. IPv6 Protocol Type 0 Route Header Denial of Service Vulnerability
75. Linux Kernel Netfilter nf_conntrack IPv6 Packet Reassembly Rule Bypass Vulnerability
76. HP-UX OpenSSL Unspecified Local Denial Of Service Vulnerability
77. TIBCO SmartPGM FX Multiple Remote Vulnerabilities
78. InnovaShop Multiple Cross-Site Scripting Vulnerabilities
79. Stringbeans Portal Projects Script Cross-Site Scripting Vulnerability
80. MIT Kerberos 5 KAdminD Server SVCAuth_GSS_Validate Stack Buffer Overflow Vulnerability
81. Microsoft ActiveSync Weak Password Obfuscation Information Disclosure Vulnerability
82. KwsPHP MG2 Module SQL Injection Vulnerability
83. Counter-Strike 1.6 Multiple Remote Vulnerabilities
84. NSSBoard Multiple HTML Injection Vulnerabilities
85. eXtremail Multiple Remote Buffer Overflow Vulnerabilities
86. dotProject Companies Module Security Bypass Vulnerability
87. IBM WebSphere Application Server Administrative Scripting Tools Unspecified Vulnerability
88. doop Index.php Local File Include Vulnerability
89. Novell SUSE ISC BIND Named LibGSSAPI Denial Of Service Vulnerability
90. TRAMP Extension For Emacs Multiple Insecure Temporary File Creation Vulnerabilities
91. NETGEAR SSL312 PROSAFE SSL VPN-Concentrator 25 Error Page Cross Site Scripting Vulnerability
92. Microsoft Internet Explorer Extension Filter Bypass Arbitrary File Download Vulnerability
93. GNU Tar Dot_Dot Function Remote Directory Traversal Vulnerability
94. Sun Solaris RPC Services Library librpcsvc(3LIB) Denial of Service Vulnerability
95. HP Linux Imaging and Printing System HSSPD.PY Daemon Arbitrary Command Execution Vulnerability
96. Apache Tomcat WebDav Remote Information Disclosure Vulnerability
97. COWON America jetAudio M3U File Processing Remote Buffer Overflow Vulnerability
98. Sun Java WebStart Multiple File Access And Information Disclosure Vulnerabilities
99. Sun Java Runtime Environment Multiple Weaknesses
100. KDE KDM Unspecified Password Authentication Bypass Vulnerability
III. SECURITYFOCUS NEWS
1. Retailers look to exorcise credit-card data
2. DHS, Unisys scrutinized after data breach
3. Customers: TD Ameritrade failed to warn of breach
4. Max Vision charged with hacking -- again
IV. SECURITY JOBS LIST SUMMARY
1. [SJ-JOB] Security Consultant, Hertfordshire
2. [SJ-JOB] Security Researcher, Kolkata
3. [SJ-JOB] Application Security Engineer, London
4. [SJ-JOB] Account Manager, Toronto
5. [SJ-JOB] Information Assurance Analyst, Miami
6. [SJ-JOB] Quality Assurance, Mountain View
7. [SJ-JOB] Sr. Security Analyst, Eden Prairie
8. [SJ-JOB] Security Engineer, Washington
9. [SJ-JOB] Sales Engineer, Herndon
10. [SJ-JOB] Security Engineer, Washington
11. [SJ-JOB] Application Security Engineer, Boston
12. [SJ-JOB] Security Engineer, Baltimore
13. [SJ-JOB] Customer Service, Mountain View
14. [SJ-JOB] Database Security Engineer, King of Prussia
15. [SJ-JOB] Application Security Engineer, Denver
16. [SJ-JOB] Security Engineer, Carpinteria
17. [SJ-JOB] Security Engineer, Atlanta
18. [SJ-JOB] Security Consultant, Charlotte
19. [SJ-JOB] Security Consultant, Charlotte
20. [SJ-JOB] Security Architect, Woodbridge
21. [SJ-JOB] Technical Marketing Engineer, Berkshire
22. [SJ-JOB] Sr. Security Engineer, Edison
23. [SJ-JOB] VP, Information Security, Berkshire
24. [SJ-JOB] Application Security Engineer, Houston
25. [SJ-JOB] Director, Information Security, Fairfax (Metro Area)
26. [SJ-JOB] Director, Information Security, Herndon
27. [SJ-JOB] Security Product Marketing Manager, Hopkinton
28. [SJ-JOB] Security Consultant, Singapore
29. [SJ-JOB] Sales Engineer, Boston
30. [SJ-JOB] Sr. Security Engineer, Chicago Area
31. [SJ-JOB] Security Consultant, Atlanta
32. [SJ-JOB] Information Assurance Analyst, New York
33. [SJ-JOB] Software Engineer, Mountain View
34. [SJ-JOB] Certification & Accreditation Engineer, Chantilly
V. INCIDENTS LIST SUMMARY
VI. VULN-DEV RESEARCH LIST SUMMARY
1. IRM Demonstrates Multiple Cisco IOS Exploitation Techniques
VII. MICROSOFT FOCUS LIST SUMMARY
1. SecurityFocus Microsoft Newsletter #363
VIII. SUN FOCUS LIST SUMMARY
IX. LINUX FOCUS LIST SUMMARY
1. Linux Hardening
X. UNSUBSCRIBE INSTRUCTIONS
XI. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1.Starting up with Aspect-Oriented Programming
By Rohit Sethi
Aspect-oriented programming (AOP) is a paradigm that is quickly gaining traction in the development world. At least partially spurred by the popularity of the Java Spring framework [1], people are beginning to understand the substantial benefits that AOP brings to development.
http://www.securityfocus.com/infocus/1895

2.Of Hackers and Egos
By Don Parker
The world of computer security can often be a strange and compelling one. Many outsiders, or those with little knowledge of computers, just don't understand the whole uproar over various issues, such as whether Microsoft Vista is more secure then Linux or Mac. It's all moot as far as the general population is concerned. But, for those of use who work in the industry, it is just more grist for the mill.

http://www.securityfocus.com/columnists/454


II. BUGTRAQ SUMMARY
--------------------
1. Microsoft Internet Explorer Script Error Handling Memory Corruption Vulnerability
BugTraq ID: 25916
Remote: Yes
Last Updated: 2007-10-16
Relevant URL: http://www.securityfocus.com/bid/25916
Summary:
Microsoft Internet Explorer is prone to a remote code-execution vulnerability.

An attacker may exploit this issue by enticing victims into viewing maliciously crafted HTML content.

Successfully exploiting this issue allows arbitrary machine code to execute in the context of the affected application. This facilitates the remote compromise of affected computers.

2. Microsoft Internet Explorer Address Bar Spoofing Vulnerability
BugTraq ID: 25915
Remote: Yes
Last Updated: 2007-10-16
Relevant URL: http://www.securityfocus.com/bid/25915
Summary:
Microsoft Internet Explorer is prone to a vulnerability that lets attackers spoof the address bar of a trusted site.

Attackers may exploit this vulnerability via a malicious webpage to spoof the contents and origin of a page that the victim may trust. Attackers may find this issue useful in phishing or other attacks that rely on content spoofing.

3. DB Software Laboratory VImpX ActiveX Control RejectedRecordsFile Buffer Overflow Vulnerability
BugTraq ID: 26064
Remote: Yes
Last Updated: 2007-10-15
Relevant URL: http://www.securityfocus.com/bid/26064
Summary:
The 'VImpX.ocx' ActiveX control shipped with the VImpX application is prone to a buffer-overflow vulnerability. The software fails to perform sufficient boundary checks of user-supplied input before copying it to an insufficiently sized memory buffer.

VImpX 4.7.3.0 is reported vulnerable to this issue; other products may be vulnerable as well.

4. Softbiz Recipes Portal Searchresult.PHP SQL Injection Vulnerability
BugTraq ID: 26063
Remote: Yes
Last Updated: 2007-10-15
Relevant URL: http://www.securityfocus.com/bid/26063
Summary:
Softbiz Recipes Portal is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

5. Sylpheed and Sylpheed-Claws POP3 Format String Vulnerability
BugTraq ID: 25430
Remote: Yes
Last Updated: 2007-10-15
Relevant URL: http://www.securityfocus.com/bid/25430
Summary:
Sylpheed and Sylpheed-Claws are prone to a format-string vulnerability.

This issue presents itself because the applications fail to properly sanitize POP3 server error responses that contain format specifiers.

A successful attack may crash the application or possibly lead to arbitrary code execution. This may facilitate unauthorized access or privilege escalation in the context of the user running the application.

Sylpheed 2.4.4, Sylpheed-Claws 1.9.100, and Sylpheed-Claws 'Claws Mail' 2.10.0 are vulnerable to this issue; other versions may also be affected.

6. Lighttpd Mod_FastCGI Request Headers Remote Header Overflow Vulnerability
BugTraq ID: 25622
Remote: Yes
Last Updated: 2007-10-15
Relevant URL: http://www.securityfocus.com/bid/25622
Summary:
Lighttpd is prone to a remote header-overflow vulnerability because the application fails to properly bounds-check user-supplied data before copying it.

An attacker may exploit this issue to overwrite PHP headers such as 'SCRIPT_FILENAME'. This may allow the attacker to execute to script code, obtain sensitive information, and launch other attacks. Exploiting this issue may also aid in the remote compromise of an affected computer.

Lighttpd 1.4.17 is vulnerable; prior versions may also be affected.

7. Tcl/Tk ReadImage Buffer Overflow Vulnerability
BugTraq ID: 25826
Remote: Yes
Last Updated: 2007-10-15
Relevant URL: http://www.securityfocus.com/bid/25826
Summary:
Tcl/Tk is prone to a buffer-overflow vulnerability that resides in the Tk library shipped with Tcl.

An attacker can exploit this issue to execute arbitrary code or cause denial-of-service conditions in applications implementing the affected library.

Versions prior to Tcl/Tk 8.4.16 are vulnerable to this issue.

8. Linux Kernel i965 Chipsets Insecure Batchbuffer Local Privilege Escalation Vulnerability
BugTraq ID: 25263
Remote: No
Last Updated: 2007-10-15
Relevant URL: http://www.securityfocus.com/bid/25263
Summary:
The Linux kernel is prone to a local privilege-escalation vulnerability.

Exploiting this issue may allow local attackers to gain elevated privileges, facilitating the complete compromise of affected computers.

Versions of Linux kernel prior to 2.6.22.2 are vulnerable to this issue.

9. Linux Kernel ALSA snd-page-alloc Local Proc File Information Disclosure Vulnerability
BugTraq ID: 25807
Remote: No
Last Updated: 2007-10-15
Relevant URL: http://www.securityfocus.com/bid/25807
Summary:
The Linux kernel is prone to an information-disclosure vulnerability.

Successful exploits will allow attackers to obtain portions of kernel memory. Information harvested may aid in further attacks.

Versions of the Linux kernel prior to 2.6.22.8 are vulnerable.

10. Live for Speed Skin Name Buffer Overflow Vulnerability
BugTraq ID: 26066
Remote: Yes
Last Updated: 2007-10-15
Relevant URL: http://www.securityfocus.com/bid/26066
Summary:
Live for Speed is prone to a buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data before copying it into an insufficiently sized buffer.

An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the vulnerable application. Successfully exploiting this issue will allow remote attackers to compromise affected computers. Failed exploit attempts will likely cause denial-of-service conditions.

11. Linux PowerPC Kernel Restore_Sigcontext Local Denial of Service Vulnerability
BugTraq ID: 24845
Remote: No
Last Updated: 2007-10-15
Relevant URL: http://www.securityfocus.com/bid/24845
Summary:
The PowerPC Linux kernel is prone to a denial-of-service vulnerability.

Exploiting this issue allows local attackers to corrupt floating-point registers, denying further service to legitimate users.

Note that this issue affects only the Linux kernel on PowerPC architectures.

12. Linux Kernel 64-Bit SMP Routing_ioctl() Local Denial of Service Vulnerability
BugTraq ID: 14902
Remote: No
Last Updated: 2007-10-15
Relevant URL: http://www.securityfocus.com/bid/14902
Summary:
A local denial-of-service vulnerability affects the Linux kernel on 64-bit Symmetric Multi-Processor (SMP) platforms.

Specifically, the vulnerability presents itself due to an omitted call to the 'sockfd_put()' function in the 32-bit-compatible 'routing_ioctl()' function.

The 32-bit-compatible 'tiocgdev ioctl()' function on x86-64 platforms is affected by this issue as well.

13. IBM DB2 Universal Database Multiple Denial of Service Vulnerabilities
BugTraq ID: 26010
Remote: Yes
Last Updated: 2007-10-15
Relevant URL: http://www.securityfocus.com/bid/26010
Summary:
IBM DB2 Universal Database is prone to two denial-of-service vulnerabilities.

Successfully exploiting these issues allows attackers to cause server crashes, denying service to legitimate users.

IBM DB2 Universal Database 8.1 and 8.2 are vulnerable to these issues.

NOTE: Information regarding the buffer-overflow vulnerability previously documented in this BID has been removed. That vulnerability is documented in a separate record: BID 23890 (IBM DB2 Universal Database JDBC Applet Server Unspecified Code Execution Vulnerability).

14. Linux Kernel Bluetooth CAPI Packet Remote Buffer Overflow Vulnerability
BugTraq ID: 21604
Remote: Yes
Last Updated: 2007-10-15
Relevant URL: http://www.securityfocus.com/bid/21604
Summary:
The Linux kernel is prone to a remote buffer-overflow vulnerability because the kernel fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.

An attacker may exploit this issue to execute arbitrary code with kernel-level privileges, facilitating the complete compromise of affected computers. Failed exploit attempts will result in denial-of-service conditions.

Versions prior to 2.4.33.5 are vulnerable to this issue.

15. Google Urchin Report.CGI Authorization Bypass Vulnerability
BugTraq ID: 26037
Remote: Yes
Last Updated: 2007-10-15
Relevant URL: http://www.securityfocus.com/bid/26037
Summary:
Google Urchin is prone to an authentication-bypass vulnerability.

An attacker can exploit this issue to gain administrative access to the vulnerable application. This may lead to other attacks.

Urchin 5.7.03 is vulnerable to this issue; other versions may also be affected.

NOTE: Further reports suggest that this is not a vulnerability, but a documented feature of the application.

16. PHP File Sharing System Index.PHP Directory Traversal Vulnerability
BugTraq ID: 26065
Remote: Yes
Last Updated: 2007-10-15
Relevant URL: http://www.securityfocus.com/bid/26065
Summary:
PHP File Sharing System is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input data.

Exploiting this issue may allow an attacker to access sensitive information, delete files, and create new directories.

This issue affects PHP File Sharing System 1.5.1; other versions may also be vulnerable.

17. Cisco IOS LPD Remote Buffer Overflow Vulnerability
BugTraq ID: 26001
Remote: Yes
Last Updated: 2007-10-15
Relevant URL: http://www.securityfocus.com/bid/26001
Summary:
Cisco IOS is prone to a remote buffer-overflow vulnerability in its LPD service because it fails to perform adequate boundary checks on user-supplied data.

Attackers can exploit this issue to execute arbitrary code in the context of the affected component. Attackers could also restart the device, resulting in denial-of-service conditions.

To exploit this issue, an attacker must be able to change the hostname of affected routers. SNMP write access may allow attackers to change the router's hostname.

Versions prior to Cisco IOS 12.2(18)SXF11, 12.4(16a), and 12.4(2)T6 are vulnerable.

This issue is being tracked by Cisco bug ID CSCsj86725.

NOTE: This issue is related to the vulnerabilities described in BID 25994 (Cisco IOS Multiple Unspecified Stack Overflow Vulnerabilities).

18. DenyHosts Client Protocol Version Identification Remote Denial of Service Vulnerability
BugTraq ID: 26061
Remote: Yes
Last Updated: 2007-10-15
Relevant URL: http://www.securityfocus.com/bid/26061
Summary:
DenyHosts is prone to a remote denial-of-service vulnerability becaus the application fails to properly ensure the source of authentication-failure messages.

Successfully exploiting this issue allows remote attackers to add arbitrary IP addresses to the block list used by the application. Exploiting this allows attackers to deny further SSH network access to arbitrary IP addresses, denying service to legitimate users.

This issue is a variant of the vulnerability discussed in BID 21468 (DenyHosts Remote Denial of Service Vulnerability).

19. Ampache Albums.PHP SQL Injection Vulnerability
BugTraq ID: 25362
Remote: Yes
Last Updated: 2007-10-15
Relevant URL: http://www.securityfocus.com/bid/25362
Summary:
Ampache is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query.

A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.

Versions prior to Ampache 3.3.3.5 are vulnerable.

20. Linux Kernel EFLAGS NT Local Denial of Service Vulnerability
BugTraq ID: 26060
Remote: No
Last Updated: 2007-10-15
Relevant URL: http://www.securityfocus.com/bid/26060
Summary:
The Linux kernel is prone to a local denial-of-service vulnerability.

A local attacker can exploit this issue to crash processes belonging to other users.

Versions prior to 2.6.18 are vulnerable to this issue.

21. Linux Kernel HugeTLB Local Denial Of Service Vulnerability
BugTraq ID: 25904
Remote: No
Last Updated: 2007-10-15
Relevant URL: http://www.securityfocus.com/bid/25904
Summary:
The Linux Kernel is prone to a local denial-of-service vulnerability caused by a design error in the 'hugetlbfs' handling procedures.

This issue affects kernel 2.6.x versions prior to 2.6.18.

22. Linux Kernel USB PWC Driver Local Denial Of Service Vulnerability
BugTraq ID: 25504
Remote: No
Last Updated: 2007-10-15
Relevant URL: http://www.securityfocus.com/bid/25504
Summary:
The Linux Kernel is prone to a local denial-of-service vulnerability because it fails to properly free resources of USB PWC devices.

Attackers can exploit this issue to block the USB subsystem, resulting in denial-of-service conditions.

Versions prior to 2.6.22.6 are vulnerable.

23. Joomla! Com_Colorlab Component MosConfig_Live_Site Remote File Include Vulnerability
BugTraq ID: 26059
Remote: Yes
Last Updated: 2007-10-15
Relevant URL: http://www.securityfocus.com/bid/26059
Summary:
The Joomla! Com_Colorlab component is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied input.

Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible.

24. T1lib intT1_Env_GetCompletePath Buffer Overflow Vulnerability
BugTraq ID: 25079
Remote: Yes
Last Updated: 2007-10-15
Relevant URL: http://www.securityfocus.com/bid/25079
Summary:
T1lib is prone to a buffer-overflow vulnerability because the library fails to perform boundary checks before copying user-supplied data to insufficiently sized memory buffers.

An attacker can exploit this issue to execute arbitrary machine code in the context of applications that use the affected library. Failed exploit attempts will likely trigger crashes, denying service to legitimate users.

We do not know which versions of T1lib are affected.

25. X.Org XFS Init Script Insecure Temporary File Creation Vulnerability
BugTraq ID: 24888
Remote: No
Last Updated: 2007-10-15
Relevant URL: http://www.securityfocus.com/bid/24888
Summary:
The X Font Server (XFS) creates temporary files in an insecure manner.

An attacker with local access could potentially exploit this issue to perform symlink attacks to alter the permissions of an arbitrary attacker-supplied file.

26. PBEmail ActiveX Edition SaveSenderToXml Arbitrary File Overwrite Vulnerability
BugTraq ID: 26058
Remote: Yes
Last Updated: 2007-10-15
Relevant URL: http://www.securityfocus.com/bid/26058
Summary:
PBEmail ActiveX Edition is prone to a vulnerability that lets attackers overwrite arbitrary local files. This may aid in further attacks.

This issue affects PBEmail ActiveX Edition 7; other versions may also be affected.

27. Microsoft Windows Kodak Image Viewer Remote Code Execution Vulnerability
BugTraq ID: 25909
Remote: Yes
Last Updated: 2007-10-16
Relevant URL: http://www.securityfocus.com/bid/25909
Summary:
Microsoft Windows Kodak Image Viewer is prone to a remote code-execution vulnerability because it fails to properly bounds-check user-supplied data.

Remote attackers can exploit this issue to execute arbitrary machine code in the context of a user running the application. Successful exploits will compromise the user's account and possibly the underlying computer. Failed attacks will likely cause denial-of-service conditions.

NOTE: Affected versions of Windows XP are vulnerable only if they have been upgraded from Windows 2000.

28. Apache Tomcat Multiple Remote Information Disclosure Vulnerabilities
BugTraq ID: 25316
Remote: Yes
Last Updated: 2007-10-16
Relevant URL: http://www.securityfocus.com/bid/25316
Summary:
Apache Tomcat is prone to multiple information-disclosure vulnerabilities because it fails to adequately sanitize user-supplied data.

Attackers can exploit these issues to access potentially sensitive data that may aid in further attacks.

Versions prior to Apache Tomcat 6.0.14 are vulnerable.

29. Apache Tomcat Host Manager Servlet Cross Site Scripting Vulnerability
BugTraq ID: 25314
Remote: Yes
Last Updated: 2007-10-16
Relevant URL: http://www.securityfocus.com/bid/25314
Summary:
Apache Tomcat Host Manager Servlet is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

An attacker can exploit this vulnerability to inject HTML and script code into the browser of an unsuspecting victim. The attacker may then steal cookie-based authentication credentials and launch other attacks.

Apache Tomcat 5.5.0 through 5.5.24 and 6.0.0 through 6.0.13 are affected.

30. Microsoft Outlook Express And Windows Mail NNTP Protocol Heap Buffer Overflow Vulnerability
BugTraq ID: 25908
Remote: Yes
Last Updated: 2007-10-16
Relevant URL: http://www.securityfocus.com/bid/25908
Summary:
Microsoft Outlook Express and Windows Mail are prone to a remote heap-based buffer-overflow vulnerability. This issue occurs because the applications fail to perform adequate boundary-checks on user-supplied data.

Successfully exploiting this issue will allow an attacker to execute arbitrary code with the privileges of the currently logged-in user.

31. Microsoft Windows RPC NTLMSSP Remote Denial Of Service Vulnerability
BugTraq ID: 25974
Remote: Yes
Last Updated: 2007-10-16
Relevant URL: http://www.securityfocus.com/bid/25974
Summary:
Microsoft Windows is prone to a remote denial-of-service vulnerability because it fails to adequately handle specially crafted RPC packets.

Attackers can exploit this issue to cause an affected computer to stop responding or to restart. Successful attacks will deny service to legitimate users.

32. Trolltech Qt UTF-8 Sequences Input Validation Vulnerability
BugTraq ID: 23269
Remote: Yes
Last Updated: 2007-10-16
Relevant URL: http://www.securityfocus.com/bid/23269
Summary:
Trolltech Qt is prone to an input-validation vulnerability because the application fails to properly sanitize user-supplied input.

An attacker may leverage this issue to exploit other issues in applications that employ the affected library. A successful attack may allow the attacker to execute arbitrary HTML and script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

Qt 3.3.8 and 4.2.3 are known to be vulnerable to this issue; other versions may be affected as well.

33. Trolltech Qt ToUnicode Function Off By One Buffer Overflow Vulnerability
BugTraq ID: 25657
Remote: Yes
Last Updated: 2007-10-16
Relevant URL: http://www.securityfocus.com/bid/25657
Summary:
Qt is prone to a buffer-overflow vulnerability because the framework fails to perform adequate boundary checks on user-supplied data.

An attacker can exploit this issue to execute arbitrary code within the context of applications that use the affected framework. Failed exploit attempts will result in a denial-of-service condition.

34. HP Select Identity Unspecified Remote Unauthorized Access Vulnerability
BugTraq ID: 26023
Remote: Yes
Last Updated: 2007-10-16
Relevant URL: http://www.securityfocus.com/bid/26023
Summary:
HP Select Identity is prone to an unauthorized-access vulnerability.

An attacker can exploit this issue to gain remote unauthorized access to affected computers.

Select Identity 4.01 to 4.01.010 and 4.10 to 4.13.001 are vulnerable.

35. KDE KPDF/KWord/XPDF StreamPredictor Function Stack Buffer Overflow Vulnerability
BugTraq ID: 25124
Remote: Yes
Last Updated: 2007-10-16
Relevant URL: http://www.securityfocus.com/bid/25124
Summary:
KDE kpdf, kword, and xpdf are prone to a stack-based buffer-overflow vulnerability because the applications fail to bounds-check user-supplied data before copying it into an insufficiently sized buffer.

An attacker can exploit this issue to execute arbitrary code within the context of the affected application or cause the affected application to crash, denying service to legitimate users.

36. Cyrus SASL Remote Digest-MD5 Denial of Service Vulnerability
BugTraq ID: 17446
Remote: Yes
Last Updated: 2007-10-16
Relevant URL: http://www.securityfocus.com/bid/17446
Summary:
Cyrus SASL is affected by a remote denial-of-service vulnerability. This issue occurs before successful authentication, allowing anonymous remote attackers to trigger it.

This vulnerability allows remote attackers to crash services using the affected SASL library, denying service to legitimate users.

This issue reportedly affects version 2.1.18 of Cyrus SASL; other versions may also be affected.

37. IrfanView .PAL Importing Remote Stack Based Buffer Overflow Vulnerability
BugTraq ID: 26089
Remote: Yes
Last Updated: 2007-10-16
Relevant URL: http://www.securityfocus.com/bid/26089
Summary:
IrfanView is prone to a remote stack-based buffer-overflow vulnerability because the software fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer.

Successful exploits allow remote attackers to execute arbitrary machine code in the context of the vulnerable application. Failed exploit attempts likely result in denial-of-service conditions.

IrfanView 4.00 is vulnerable; other versions may also be affected.

38. WWWISIS IsisScript Local File Disclosure Vulnerability
BugTraq ID: 26079
Remote: Yes
Last Updated: 2007-10-16
Relevant URL: http://www.securityfocus.com/bid/26079
Summary:
WWWISIS is prone to a vulnerability that allows remote attackers to display the contents of arbitrary local files in the context of the webserver process.

An attacker may be able to exploit this issue to retrieve potentially sensitive information that may aid in further attacks.

This issue affects WWWISIS 7.1; other versions may also be vulnerable.

39. Adobe Acrobat Mailto Unspecified PDF File Security Vulnerability
BugTraq ID: 25748
Remote: Yes
Last Updated: 2007-10-16
Relevant URL: http://www.securityfocus.com/bid/25748
Summary:
Adobe Acrobat is prone to an unspecified vulnerability when handling malicious PDF files.

No further technical details are currently available. We will update this BID as more information emerges.

This issue reportedly allows remote attackers to compromise affected computers.

40. phpMyAdmin Setup.PHP Cross-Site Scripting Vulnerability
BugTraq ID: 26020
Remote: Yes
Last Updated: 2007-10-16
Relevant URL: http://www.securityfocus.com/bid/26020
Summary:
phpMyAdmin is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal potentially sensitive information and launch other attacks.

This issue affects phpMyAdmin 2.11.1; other versions may also be vulnerable.

41. WWWISIS Lang Parameter Cross-Site Scripting Vulnerability
BugTraq ID: 26067
Remote: Yes
Last Updated: 2007-10-16
Relevant URL: http://www.securityfocus.com/bid/26067
Summary:
WWWISIS is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

42. Kerio Personal Firewall Remote Authentication Packet Buffer Overflow Vulnerability
BugTraq ID: 7180
Remote: Yes
Last Updated: 2007-10-16
Relevant URL: http://www.securityfocus.com/bid/7180
Summary:
A buffer-overflow vulnerability has been discovered in Kerio Personal Firewall. The problem occurs during the administration authentication process. An attacker could exploit this vulnerability by forging a malicious packet containing an excessive data size. The application then reads this data into a static memory buffer without first performing sufficient bounds checking.

Successful exploits of this vulnerability may allow an attacker to execute arbitrary commands on a target system, with the privileges of the firewall.

Note that this vulnerability affects Kerio Personal Firewall 2.1.4 and earlier.

43. Artmedic CMS Index.PHP Local File Include Vulnerability
BugTraq ID: 26090
Remote: Yes
Last Updated: 2007-10-16
Relevant URL: http://www.securityfocus.com/bid/26090
Summary:
Artmedic CMS is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.

Exploiting this issue may allow an unauthorized user to execute local scripts or to view arbitrary files that may contain sensitive information that can aid in further attacks.

Artmedic CMS 3.5 is vulnerable to this issue; other versions may also be affected.

44. LibPNG Graphics Library Chunk Error Processing Buffer Overflow Vulnerability
BugTraq ID: 18698
Remote: Yes
Last Updated: 2007-10-16
Relevant URL: http://www.securityfocus.com/bid/18698
Summary:
LibPNG is reported prone to a buffer-overflow vulnerability. The library fails to perform proper bounds-checking of user-supplied input before copying it to an insufficiently sized memory buffer.

This vulnerability may be exploited to execute attacker-supplied code in the context of an application that relies on the affected library.

45. Trolltech Qt QTextEdit Multiple Format String Vulnerabilities
BugTraq ID: 25154
Remote: Yes
Last Updated: 2007-10-16
Relevant URL: http://www.securityfocus.com/bid/25154
Summary:
Trolltech Qt is prone to multiple format-string vulnerabilities because it fails to securely display error messages.

Exploiting these issues can allow remote attackers to execute arbitrary code in the context of the application using the framework or to cause denial-of-service conditions.

These issues affect only Qt 3; other versions of Qt are not affected. Note that KDE and other applications that use the affected framework are inherently affected.

46. LibTIFF TIFFFindFieldInfo Remote Buffer Overflow Vulnerability
BugTraq ID: 19793
Remote: Yes
Last Updated: 2007-10-16
Relevant URL: http://www.securityfocus.com/bid/19793
Summary:
LibTIFF is prone to a buffer-overflow vulnerability because the library fails to do proper boundary checks before copying user-supplied data into a finite-sized buffer.

This issue allows remote attackers to execute arbitrary machine code in the context of appications using the affected library. Failed exploit attempts will likely crash the application, denying service to legitimate users.

This issue is known to affect versions of LibTIFF included with Sony PSP devices running firmware versions 2.0 through 2.8.

Specific information regarding affected versions of LibTIFF is currently unavailable. We will update this BID as more information emerges.

47. LibPNG Graphics Library PNG_SET_SPLT Remote Denial of Service Vulnerability
BugTraq ID: 21078
Remote: Yes
Last Updated: 2007-10-16
Relevant URL: http://www.securityfocus.com/bid/21078
Summary:
LibPNG is reported prone to a denial-of-service vulnerability. The library fails to perform proper bounds-checking of user-supplied input, which leads to an out-of-bounds read error.

Attackers may exploit this vulnerability to crash an application that relies on the affected library.

48. Libvorbis Denial Of Service And Memory Corruption Vulnerabilities
BugTraq ID: 25082
Remote: Yes
Last Updated: 2007-10-16
Relevant URL: http://www.securityfocus.com/bid/25082
Summary:
Applications that use the libvorbis library are prone to multiple remote vulnerabilities, including multiple denial-of-service issues and memory-corruption issues.

An attacker can exploit these issues to execute arbitrary code within the context of the affected application or cause the application to crash.

These issues affect libvorbis 1.1.2; other versions of the library may also be affected.

49. Distributed Checksum Clearinghouse SOCKS Unspecified Denial Of Service Vulnerability
BugTraq ID: 26088
Remote: Yes
Last Updated: 2007-10-16
Relevant URL: http://www.securityfocus.com/bid/26088
Summary:
Distributed Checksum Clearinghouse (DCC) is prone to an unspecified denial-of-service vulnerability.

An attacker can exploit this issue to deny access to legitimate users.

This issue affects DCC 1.3.65; other versions may also be vulnerable.

50. WebMod AUTH.W Cross-Site Scripting Vulnerability
BugTraq ID: 26087
Remote: Yes
Last Updated: 2007-10-16
Relevant URL: http://www.securityfocus.com/bid/26087
Summary:
WebMod is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

The issue affects WebMod 0.48; other versions may also be vulnerable.

51. Microsoft Windows URI Handler Command Execution Vulnerability
BugTraq ID: 25945
Remote: Yes
Last Updated: 2007-10-16
Relevant URL: http://www.securityfocus.com/bid/25945
Summary:
Microsoft Windows XP and Server 2003 with Internet Explorer 7 is prone to a command-execution vulnerability because it fails to properly sanitize input.

Successfully exploiting this issue allows remote attackers to execute arbitrary commands in the context of users that follow malicious URIs.

Known attack vectors include following URIs in these applications:

- Mozilla Firefox in versions prior to 2.0.0.6
- Skype in versions prior to 3.5.0.239
- Adobe Acrobat Reader 8.1
- Miranda 0.7
- Netscape 7.1
- mIRC.

NOTE: BID 25543 (Mozilla Firefox 2.0.0.6 Unspecified Protocol Handling Command Injection Vulnerability) is an attack vector for this issue.

52. Sun StorEdge 3510 FC Array FTP Service Denial of Service Vulnerability
BugTraq ID: 26086
Remote: Yes
Last Updated: 2007-10-16
Relevant URL: http://www.securityfocus.com/bid/26086
Summary:
Sun StorEdge 3510 FC Array is prone to a denial-of-service vulnerability that stems from an unspecified error in the FTP service. Remote attackers may exploit this issue to deny service to legitimate users.

Sun StorEdge 3510 FC Array with firmware version 4.21 is affected.

53. VirtueMart Unspecified Arbitrary PHP Code Execution Vulnerability
BugTraq ID: 26085
Remote: Yes
Last Updated: 2007-10-16
Relevant URL: http://www.securityfocus.com/bid/26085
Summary:
VirtueMart is prone to a vulnerability that lets attackers execute arbitrary PHP code because the application fails to properly sanitize user-supplied input.

An attacker can exploit this issue to execute arbitrary malicious PHP code in the context of the webserver process. This may help the attacker compromise the application and the underlying system; other attacks are also possible.

This issue affects these versions:

VirtueMart prior to 1.0.13
VirtueMart Joomla! eCommerce Edition prior to 1.0.13

54. Sun Java Runtime Environment Font Parsing Remote Privilege Escalation Vulnerability
BugTraq ID: 25340
Remote: Yes
Last Updated: 2007-10-16
Relevant URL: http://www.securityfocus.com/bid/25340
Summary:
The Sun Java Runtime Environment is prone to a remote privilege-escalation vulnerability.

An attacker can exploit this issue to execute arbitrary code within the context of the user who invoked the Java applet. Successfully exploiting this issue may result in the remote compromise of affected computers.

55. Sun JavaDoc Tool Cross-Site Scripting Vulnerability
BugTraq ID: 24690
Remote: Yes
Last Updated: 2007-10-16
Relevant URL: http://www.securityfocus.com/bid/24690
Summary:
Sun JavaDoc Tool is prone to a cross-site scripting vulnerability.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

56. Sun Java RunTime Environment GIF Images Buffer Overflow Vulnerability
BugTraq ID: 22085
Remote: Yes
Last Updated: 2007-10-16
Relevant URL: http://www.securityfocus.com/bid/22085
Summary:
The Java Runtime Environment is prone to a buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized memory buffer.

An attacker may exploit this issue by enticing a victim into opening a maliciously crafted Java applet.

The attacker can exploit these issues to execute arbitrary code with the privileges of the victim. Failed exploit attempts will likely result in denial-of-service conditions.

This issue is being tracked by BugID: 6445518

57. Sun JSSE SSL/TLS Handshake Processing Denial Of Service Vulnerability
BugTraq ID: 24846
Remote: Yes
Last Updated: 2007-10-16
Relevant URL: http://www.securityfocus.com/bid/24846
Summary:
The Sun JSSE (Java Secure Socket Extension) is prone to a denial-of-service vulnerability.

An attacker can exploit this issue to crash the computer, denying access to legitimate users.

58. Sun JDK JPG/BMP Parser Multiple Vulnerabilities
BugTraq ID: 24004
Remote: Yes
Last Updated: 2007-10-16
Relevant URL: http://www.securityfocus.com/bid/24004
Summary:
Sun JDK is prone to a multiple vulnerabilities.

An attacker can exploit these issues to crash the affected application, effectively denying service. The attacker may also be able to execute arbitrary code, which may facilitate a compromise of the underlying system.

Sun JDK 1.5.0_07-b03 is vulnerable to these issues; other versions may also be affected.

59. OpenSSL SSL_Get_Shared_Ciphers Off-by-One Buffer Overflow Vulnerability
BugTraq ID: 25831
Remote: Yes
Last Updated: 2007-10-16
Relevant URL: http://www.securityfocus.com/bid/25831
Summary:
OpenSSL is prone to an off-by-one buffer-overflow vulnerability because the library fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer.

Successfully exploiting this issue may allow attackers to execute arbitrary machine code in the context of applications that use the affected library, but this has not been confirmed. Failed exploit attempts may crash applications, denying service to legitimate users.

NOTE: This issue was introduced in the fix for the vulnerability described in BID 20249 (OpenSSL SSL_Get_Shared_Ciphers Buffer Overflow Vulnerability).

60. ISC BIND 8 Remote Cache Poisoning Vulnerability
BugTraq ID: 25459
Remote: Yes
Last Updated: 2007-10-16
Relevant URL: http://www.securityfocus.com/bid/25459
Summary:
BIND 8 is prone to a remote cache-poisoning vulnerability because of weaknesses in its random-number generator.

An attacker may leverage this issue to manipulate cache data, potentially facilitating man-in-the-middle, site-impersonation, or denial-of-service attacks.

Versions of BIND from 8.2.0 through to 8.4.7 are vulnerable to this issue.

61. OpenSSL DTLS Heap Buffer Overflow Vulnerability
BugTraq ID: 26055
Remote: Yes
Last Updated: 2007-10-16
Relevant URL: http://www.securityfocus.com/bid/26055
Summary:
OpenSSL is prone to a heap buffer-overflow vulnerability because the library fails to perform adequate boundary checks on user-supplied data.

Successfully exploiting this issue may allow attackers to execute arbitrary machine code in the context of applications that use the affected library, but this has not been confirmed. Failed exploit attempts may crash applications, denying service to legitimate users.

62. util-linux mount umount Local Privilege Escalation Vulnerability
BugTraq ID: 25973
Remote: No
Last Updated: 2007-10-16
Relevant URL: http://www.securityfocus.com/bid/25973
Summary:
The 'util-linux' package is prone to a local privilege-escalation vulnerability that stems from a design error.

Exploiting this issue could allow attackers to execute arbitrary code with elevated privileges by using mount helpers such as the 'mount.nfs' application.

This vulnerability affects util-linux 2.12r; other versions may also be affected.

63. Linux Kernel Ptrace Local Privilege Escalation Vulnerability
BugTraq ID: 25774
Remote: No
Last Updated: 2007-10-16
Relevant URL: http://www.securityfocus.com/bid/25774
Summary:
The Linux kernel is prone to a local privilege-escalation vulnerability.

Exploiting this issue may allow local attackers to gain elevated privileges, facilitating the complete compromise of affected computers.

Versions of Linux kernel prior to 2.4.35.3 and 2.6.22.7 are vulnerable to this issue.

64. Linux Kernel AACRAID Driver Local Security Bypass Vulnerability
BugTraq ID: 25216
Remote: No
Last Updated: 2007-10-16
Relevant URL: http://www.securityfocus.com/bid/25216
Summary:
The Linux kernel is prone to a security-bypass vulnerability.

A local attacker may exploit this vulnerability to issue IOCTL commands to AACRAID devices. This may lead to denial-of-service conditions, including data loss and computer crashes.

Versions prior to 2.6.23-rc2 are vulnerable.

65. Linux Kernel USBLCD Memory Consumption Denial Of Service Vulnerability
BugTraq ID: 24734
Remote: No
Last Updated: 2007-10-16
Relevant URL: http://www.securityfocus.com/bid/24734
Summary:
The Linux Kernel is prone to a denial-of-service vulnerability because it fails to limit memory consumption by 'fast writers'.

Attackers can exploit this issue to consume memory, resulting in denial-of-service conditions.

Versions prior to 2.6.22-rc7 are vulnerable.

66. Linux Kernel Parent Process Death Signal Local Security Bypass Weakness
BugTraq ID: 25387
Remote: No
Last Updated: 2007-10-16
Relevant URL: http://www.securityfocus.com/bid/25387
Summary:
The Linux kernel is prone to a security-bypass weakness when dealing with signal handling.

This issue occurs because the software fails to properly validate access when the parent process tries to deliver its death signal to the child that registered it via 'prctl'.

A local attacker may exploit this issue to bypass certain security restrictions, which may lead to other attacks.

Linux kernel versions prior to 2.6.22.4 are vulnerable.

67. Linux Kernel Random Number Generator Local Denial of Service and Privilege Escalation Vulnerability
BugTraq ID: 25348
Remote: No
Last Updated: 2007-10-16
Relevant URL: http://www.securityfocus.com/bid/25348
Summary:
The Linux kernel is prone to a local vulnerability that may result in a denial of service or privilege escalation. This issue stems from a stack-based overflow in kernel memory.

Successfully exploiting this issue allows local attackers to trigger kernel crashes, denying service to legitimate users. In certain circumstances, attackers may also gain elevated privileges. The attacker may require partial administrative access via granular assignments of superuser privileges.

Linux kernel versions prior to 2.6.22.3 are affected by this issue.

68. Linux Kernel Decode_Choices Function Remote Denial Of Service Vulnerability
BugTraq ID: 24818
Remote: Yes
Last Updated: 2007-10-16
Relevant URL: http://www.securityfocus.com/bid/24818
Summary:
The Linux kernel is prone to a remote denial-of-service vulnerability because it fails to handle certain H.323 data.

Attackers can exploit this issue to crash the affected operating system, denying access to legitimate users.

Versions prior to 2.6.21.6, 2.6.20.15, and 2.6.22 are vulnerable.

69. Linux Kernel CPUSet Tasks Memory Leak Information Disclosure Vulnerability
BugTraq ID: 24389
Remote: No
Last Updated: 2007-10-16
Relevant URL: http://www.securityfocus.com/bid/24389
Summary:
The Linux kernel is prone to an information-disclosure vulnerability because it fails to handle unexpected user-supplied input.

Successful exploits will allow attackers to obtain portions of kernel memory. Information harvested may aid in further attacks.

Versions of the Linux kernel prior to 2.6.21.4 and 2.6.20.13 are vulnerable.

This issue was initially reported in BID 24376 Linux Kernel Multiple Weaknesses and Vulnerabilities, but has been assigned its own record.

70. Linux Kernel SCTP Connection Denial Of Service Vulnerability
BugTraq ID: 24376
Remote: Yes
Last Updated: 2007-10-16
Relevant URL: http://www.securityfocus.com/bid/24376
Summary:
The Linux kernel is prone to a denial-of-service vulnerability.

Linux kernel versions prior to 2.6.21.4 are vulnerable to this issue.

This BID initially discussed three weaknesses/vulnerabilities in the Linux kernel. These issues have been separated into the following individual records:

24389 Linux Kernel CPUSet Tasks Memory Leak Information Disclosure Vulnerability
24390 Linux Kernel PRNG Entropy Weakness
24376 Linux Kernel SCTP Connection Denial Of Service Vulnerability

71. Linux Kernel PPPoE Socket Local Denial of Service Vulnerability
BugTraq ID: 23870
Remote: No
Last Updated: 2007-10-16
Relevant URL: http://www.securityfocus.com/bid/23870
Summary:
The Linux kernel is prone to a denial-of-service vulnerability.

Exploiting this issue allows local attackers to exhaust memory resources and eventually cause the kernel to crash, effectively denying service to legitimate users.

This issue affects the Linux kernel 2.6 series prior to 2.6.21-git8.

72. Linux Kernel PRNG Entropy Weakness
BugTraq ID: 24390
Remote: No
Last Updated: 2007-10-16
Relevant URL: http://www.securityfocus.com/bid/24390
Summary:
The Linux kernel is prone to a weakness that may result in weaker cryptographic security.

Linux kernel versions prior to 2.6.21.4 are vulnerable to this issue.

This weakness was initially discussed in BID 24376 (Linux Kernel Multiple Weaknesses and Vulnerabilities), but has been assigned its own record.

73. Linux Kernel Fib_Semantics.C Out Of Bounds Access Vulnerability
BugTraq ID: 23447
Remote: Yes
Last Updated: 2007-10-16
Relevant URL: http://www.securityfocus.com/bid/23447
Summary:
The Linux kernel is prone to an out-of-bounds-access vulnerability. This issue occurs because the semantics for IPv4 Forwarding Information Base fail to adequately bounds-check user-supplied data before accessing an array.

An attacker can exploit this issue to cause denial-of-service conditions. Arbitrary code execution may also be possible, but this has not been confirmed.

Versions prior to 2.6.21-rc6 are vulnerable.

74. IPv6 Protocol Type 0 Route Header Denial of Service Vulnerability
BugTraq ID: 23615
Remote: Yes
Last Updated: 2007-10-16
Relevant URL: http://www.securityfocus.com/bid/23615
Summary:
IPv6 protocol implementations are prone to a denial-of-service vulnerability due to a design error.

Exploiting this issue allows attackers to cause denial-of-service conditions.

This issue is related to the issue discussed in BID 22210 (Cisco IOS IPv6 Source Routing Remote Memory Corruption Vulnerability).

75. Linux Kernel Netfilter nf_conntrack IPv6 Packet Reassembly Rule Bypass Vulnerability
BugTraq ID: 23976
Remote: Yes
Last Updated: 2007-10-16
Relevant URL: http://www.securityfocus.com/bid/23976
Summary:
The Linux kernel is prone to a vulnerability that lets attackers bypass firewall rules. This issue occurs because the Linux 'netfilter' code fails to properly classify network packets.

Successfully exploiting this issue allows attackers to bypass firewall rules, potentially aiding them in further network-based attacks.

Linux kernel versions in the 2.6 series prior to 2.6.20.3 are vulnerable to this issue.

76. HP-UX OpenSSL Unspecified Local Denial Of Service Vulnerability
BugTraq ID: 26093
Remote: No
Last Updated: 2007-10-16
Relevant URL: http://www.securityfocus.com/bid/26093
Summary:
HP-UX running OpenSSL software is prone to a local denial-of-service vulnerability.

Exploiting this issue allows local attackers to deny service to legitimate users.

This issue affects HP-UX versions B.11.11, B.11.23, B.11.31 when running OpenSSL versions prior to vA.00.09.07l.

77. TIBCO SmartPGM FX Multiple Remote Vulnerabilities
BugTraq ID: 26092
Remote: Yes
Last Updated: 2007-10-16
Relevant URL: http://www.securityfocus.com/bid/26092
Summary:
TIBCO SmartPGM FX is prone to multiple remote vulnerabilities including:

- four unspecified stack-based buffer-overflow vulnerabilities.
- one unspecified format-string vulnerability.
- one unspecified denial-of-service vulnerability.

An attacker can exploit these issues to execute arbitrary code or cause denial-of-service conditions.

78. InnovaShop Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 26084
Remote: Yes
Last Updated: 2007-10-15
Relevant URL: http://www.securityfocus.com/bid/26084
Summary:
InnovaShop is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input.

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

79. Stringbeans Portal Projects Script Cross-Site Scripting Vulnerability
BugTraq ID: 26082
Remote: Yes
Last Updated: 2007-10-15
Relevant URL: http://www.securityfocus.com/bid/26082
Summary:
Stringbeans Portal is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

Stringbeans Portal 3.2 is vulnerable; other versions may also be affected.

80. MIT Kerberos 5 KAdminD Server SVCAuth_GSS_Validate Stack Buffer Overflow Vulnerability
BugTraq ID: 25534
Remote: Yes
Last Updated: 2007-10-15
Relevant URL: http://www.securityfocus.com/bid/25534
Summary:
Kerberos 5 'kadmind' (Kerberos Administration Daemon) server is prone to a stack-based buffer-overflow vulnerability because the software fails to adequately bounds-check user-supplied data before copying it to an insufficiently sized buffer.

An attacker can exploit this issue to execute arbitrary code with superuser privileges. A successful attack can result in the complete compromise of the application. Failed attempts will likely result in denial-of-service conditions.

All 'kadmind' servers run on the master Kerberos server. Since the master server holds the KDC principal and policy database, an attack may not only compromise the affected computer, but could also compromise multiple hosts that use the server for authentication.

Kerberos 5 'kadmind' 1.4 through 1.6.2 are vulnerable; third-party applications using the affected RPC library are also affected.

81. Microsoft ActiveSync Weak Password Obfuscation Information Disclosure Vulnerability
BugTraq ID: 25976
Remote: No
Last Updated: 2007-10-15
Relevant URL: http://www.securityfocus.com/bid/25976
Summary:
Microsoft ActiveSync is prone to an information-disclosure vulnerability because it fails to adequately obfuscate sensitive information.

Attackers can exploit this issue to gain PIN or password data for devices docked via USB.

Software that uses ActiveSync 4.1 is vulnerable; other versions may also be affected.

82. KwsPHP MG2 Module SQL Injection Vulnerability
BugTraq ID: 26083
Remote: Yes
Last Updated: 2007-10-15
Relevant URL: http://www.securityfocus.com/bid/26083
Summary:
KwsPHP is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

KwsPHP 1.0 is vulnerable; other versions may also be affected.

83. Counter-Strike 1.6 Multiple Remote Vulnerabilities
BugTraq ID: 26077
Remote: Yes
Last Updated: 2007-10-15
Relevant URL: http://www.securityfocus.com/bid/26077
Summary:
Counter-Strike is prone to a multiple remote vulnerabilities, including multiple information-disclosure issues and a cross-site scripting issue.

An attacker can exploit these issues to execute arbitrary code, steal cookie-based authentication credentials, and obtain sensitive information.

This issue affects Counter-Strike 1.6; other versions may also be affected.

84. NSSBoard Multiple HTML Injection Vulnerabilities
BugTraq ID: 26081
Remote: Yes
Last Updated: 2007-10-15
Relevant URL: http://www.securityfocus.com/bid/26081
Summary:
NSSBoard is prone to multiple HTML-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in dynamically generated content.

Attacker-supplied HTML and script code could execute in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user; other attacks are also possible.

These issues affect NSSBoard 0.6.1; other versions may also be affected.

85. eXtremail Multiple Remote Buffer Overflow Vulnerabilities
BugTraq ID: 26074
Remote: Yes
Last Updated: 2007-10-15
Relevant URL: http://www.securityfocus.com/bid/26074
Summary:
eXtremail is prone to an integer-underflow vulnerability and multiple remote buffer-overflow vulnerabilities because it fails to perform adequate boundary checks on user-supplied input.

Attackers can exploit these issues to execute arbitrary code with superuser privileges or to cause denial-of-service conditions. Successful attacks will completely compromise affected computers or will deny access to legitimate users.

These issues affect eXtremail 2.1.0 and 2.1.1; other versions may also be affected.

86. dotProject Companies Module Security Bypass Vulnerability
BugTraq ID: 26080
Remote: Yes
Last Updated: 2007-10-15
Relevant URL: http://www.securityfocus.com/bid/26080
Summary:
dotProject is prone to a vulnerability that allows attackers to access a restricted module of the application.

Successful exploits may result in a complete compromise of vulnerable applications.

This issue affects versions prior to dotProject 2.1.

87. IBM WebSphere Application Server Administrative Scripting Tools Unspecified Vulnerability
BugTraq ID: 26078
Remote: Yes
Last Updated: 2007-10-15
Relevant URL: http://www.securityfocus.com/bid/26078
Summary:
IBM WebSphere Application Server is prone to an unspecified vulnerability.

Very little is known about this issue at this time. We will update this BID as more information emerges.

WebSphere Application Server 5.1.1 and 6.0.2 are vulnerable. Other versions may also be affected.

88. doop Index.php Local File Include Vulnerability
BugTraq ID: 26075
Remote: Yes
Last Updated: 2007-10-15
Relevant URL: http://www.securityfocus.com/bid/26075
Summary:
The 'doop' CMS is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.

Exploiting this issue may allow an unauthorized remote user to view files and execute local scripts in the context of the webserver process.

This issue affects doop 1.3.7; other versions may also be affected.

89. Novell SUSE ISC BIND Named LibGSSAPI Denial Of Service Vulnerability
BugTraq ID: 26076
Remote: Yes
Last Updated: 2007-10-15
Relevant URL: http://www.securityfocus.com/bid/26076
Summary:
Novell SUSE Linux Enterprise Server is prone to a denial-of-service vulnerability becuase it fails to adequately handle certain GSS-TSIG requests that require the 'libgssapi' library.

Attackers can exploit this issue to cause denial-of-service conditions.

Versions prior to 'libgssapi' 0.6-13.17 as found in Enterprise Server 10 SP1 are vulnerable.

90. TRAMP Extension For Emacs Multiple Insecure Temporary File Creation Vulnerabilities
BugTraq ID: 26072
Remote: No
Last Updated: 2007-10-15
Relevant URL: http://www.securityfocus.com/bid/26072
Summary:
The TRAMP extension for Emacs creates temporary files in an insecure manner.

An attacker with local access could potentially exploit these issues to perform symlink attacks, overwriting arbitrary files in the context of the affected application.

Successfully mounting a symlink attack may allow the attacker to overwrite or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.

Versions prior to TRAMP 2.1.11 are vulnerable.

91. NETGEAR SSL312 PROSAFE SSL VPN-Concentrator 25 Error Page Cross Site Scripting Vulnerability
BugTraq ID: 26073
Remote: Yes
Last Updated: 2007-10-15
Relevant URL: http://www.securityfocus.com/bid/26073
Summary:
NETGEAR ProSafe SSL VPN Concentrator 25-SSL312 is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.

Exploiting this vulnerability may allow an attacker to perform cross-site scripting attacks on unsuspecting users in the context of the affected website. As a result, the attacker may be able to steal cookie-based authentication credentials and to launch other attacks.

92. Microsoft Internet Explorer Extension Filter Bypass Arbitrary File Download Vulnerability
BugTraq ID: 26062
Remote: Yes
Last Updated: 2007-10-15
Relevant URL: http://www.securityfocus.com/bid/26062
Summary:
Internet Explorer is prone to an arbitrary-file-download vulnerability because it fails to adequately sanitize user-supplied input.

An attacker can exploit this vulnerability to download arbitrary 'exe' files to an unsuspecting victim's computer. This may facilitate a remote compromise of an affected computer.

NOTE: Further investigation suggests that this issue cannot be exploited to cause the malicious file to run. Since the file has an alternate extension, it will be processed only by the application specified for that extension. When the file is processed, an error will likely occur because of an invalid format.

93. GNU Tar Dot_Dot Function Remote Directory Traversal Vulnerability
BugTraq ID: 25417
Remote: Yes
Last Updated: 2007-10-15
Relevant URL: http://www.securityfocus.com/bid/25417
Summary:
GNU Tar is prone to a directory-traversal vulnerability because the application fails to validate user-supplied data.

A successful attack can allow the attacker to overwrite files on a computer in the context of the user running the affected application. Successful exploits may aid in further attacks.

94. Sun Solaris RPC Services Library librpcsvc(3LIB) Denial of Service Vulnerability
BugTraq ID: 26071
Remote: Yes
Last Updated: 2007-10-15
Relevant URL: http://www.securityfocus.com/bid/26071
Summary:
Sun Solaris is prone to a denial-of-service vulnerability that stems from an unspecified error in Solaris RPC Services Library 'librpcsvc(3LIB)'. Remote and local attackers may exploit this issue to deny service to legitimate users.

Sun Solaris 8, 9, and 10 for SPARC and x86 architectures are affected.

95. HP Linux Imaging and Printing System HSSPD.PY Daemon Arbitrary Command Execution Vulnerability
BugTraq ID: 26054
Remote: Yes
Last Updated: 2007-10-15
Relevant URL: http://www.securityfocus.com/bid/26054
Summary:
HP Linux Imaging and Printing System (HPLIP) is prone to an arbitrary command-execution vulnerability because it fails to adequately sanitize user-supplied input.

Attackers can exploit this issue to execute arbitrary commands with superuser privileges. Successful attacks will completely compromise affected computers.

NOTE: By default the application's 'hpssd' daemon listens only on localhost, but it can be configured (via /etc/hp/hplip.conf) to listen to remote requests as well.

HPLIP versions in the 1.0 and 2.0 series are vulnerable.

96. Apache Tomcat WebDav Remote Information Disclosure Vulnerability
BugTraq ID: 26070
Remote: Yes
Last Updated: 2007-10-15
Relevant URL: http://www.securityfocus.com/bid/26070
Summary:
Apache Tomcat is prone to a remote information-disclosure vulnerability

Remote attackers can exploit this issue to obtain the contents of sensitive files stored on the server.

97. COWON America jetAudio M3U File Processing Remote Buffer Overflow Vulnerability
BugTraq ID: 26069
Remote: Yes
Last Updated: 2007-10-15
Relevant URL: http://www.securityfocus.com/bid/26069
Summary:
jetAudio is prone to a remote buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data before copying it to an insufficiently sized buffer while processing M3U files.

Exploiting this issue allows attackers to execute arbitrary machine code in the context of users running the affected application.

jetAudio 7.0.3 is reported vulnerable; prior versions may also be affected.

98. Sun Java WebStart Multiple File Access And Information Disclosure Vulnerabilities
BugTraq ID: 25920
Remote: Yes
Last Updated: 2007-10-15
Relevant URL: http://www.securityfocus.com/bid/25920
Summary:
Sun Java Web Start is prone to multiple local file-access vulnerabilities and an information-disclosure vulnerability.

An attacker could exploit these issues to obtain sensitive information and to read and write arbitrary files on the affected computer with the privileges of the user running the untrusted Java application.

99. Sun Java Runtime Environment Multiple Weaknesses
BugTraq ID: 25918
Remote: Yes
Last Updated: 2007-10-15
Relevant URL: http://www.securityfocus.com/bid/25918
Summary:
Sun Java Runtime Environment is prone to multiple weaknesses that may allow JavaScript code or applets to connect to resources other than the one the scripts or applets were downloaded from. One of the weaknesses may allow an attacker to obscure a Java warning about an untrusted applet from the user.

These issues affect the following packages for Windows, Solaris, and Linux:

JDK and JRE 6 Update 2 and earlier
JDK and JRE 5.0 Update 12 and earlier
SDK and JRE 1.4.2_15 and earlier
SDK and JRE 1.3.1_20 and earlier

100. KDE KDM Unspecified Password Authentication Bypass Vulnerability
BugTraq ID: 25730
Remote: No
Last Updated: 2007-10-15
Relevant URL: http://www.securityfocus.com/bid/25730
Summary:
KDM is prone to an authentication-bypass vulnerability under certain circumstances.

Attackers can exploit this issue to gain superuser privileges, resulting in the complete compromise of affected computers.

This issue affects KDM shipped with KDE 3.3.0 up to and including 3.5.7.

III. SECURITYFOCUS NEWS ARTICLES
--------------------------------
1. Retailers look to exorcise credit-card data
By: Robert Lemos
The National Retail Federation sends a letter asking that its members be allowed to decide what credit-card data to keep.
http://www.securityfocus.com/news/11491

2. DHS, Unisys scrutinized after data breach
By: Robert Lemos
A Congressional committee claims that Unisys allowed malicious code to infect federal systems.
http://www.securityfocus.com/news/11489

3. Customers: TD Ameritrade failed to warn of breach
By: Robert Lemos
Numerous account holders complained over the past year that the consumer brokerage had sold or leaked e-mail addresses to pump-and-dump spammers.
http://www.securityfocus.com/news/11488

4. Max Vision charged with hacking -- again
By: Robert Lemos
Federal prosecutors charge former security consultant Max Butler, better known amongst security researchers as "Max Vision," alleging that he supplied and managed a ring of identity thieves.
http://www.securityfocus.com/news/11487

IV. SECURITY JOBS LIST SUMMARY
-------------------------------
1. [SJ-JOB] Security Consultant, Hertfordshire
http://www.securityfocus.com/archive/77/482289

2. [SJ-JOB] Security Researcher, Kolkata
http://www.securityfocus.com/archive/77/482278

3. [SJ-JOB] Application Security Engineer, London
http://www.securityfocus.com/archive/77/482291

4. [SJ-JOB] Account Manager, Toronto
http://www.securityfocus.com/archive/77/482277

5. [SJ-JOB] Information Assurance Analyst, Miami
http://www.securityfocus.com/archive/77/482279

6. [SJ-JOB] Quality Assurance, Mountain View
http://www.securityfocus.com/archive/77/482177

7. [SJ-JOB] Sr. Security Analyst, Eden Prairie
http://www.securityfocus.com/archive/77/482183

8. [SJ-JOB] Security Engineer, Washington
http://www.securityfocus.com/archive/77/482184

9. [SJ-JOB] Sales Engineer, Herndon
http://www.securityfocus.com/archive/77/482185

10. [SJ-JOB] Security Engineer, Washington
http://www.securityfocus.com/archive/77/482174

11. [SJ-JOB] Application Security Engineer, Boston
http://www.securityfocus.com/archive/77/482175

12. [SJ-JOB] Security Engineer, Baltimore
http://www.securityfocus.com/archive/77/482176

13. [SJ-JOB] Customer Service, Mountain View
http://www.securityfocus.com/archive/77/482173

14. [SJ-JOB] Database Security Engineer, King of Prussia
http://www.securityfocus.com/archive/77/482030

15. [SJ-JOB] Application Security Engineer, Denver
http://www.securityfocus.com/archive/77/482035

16. [SJ-JOB] Security Engineer, Carpinteria
http://www.securityfocus.com/archive/77/482036

17. [SJ-JOB] Security Engineer, Atlanta
http://www.securityfocus.com/archive/77/482029

18. [SJ-JOB] Security Consultant, Charlotte
http://www.securityfocus.com/archive/77/482032

19. [SJ-JOB] Security Consultant, Charlotte
http://www.securityfocus.com/archive/77/482034

20. [SJ-JOB] Security Architect, Woodbridge
http://www.securityfocus.com/archive/77/482037

21. [SJ-JOB] Technical Marketing Engineer, Berkshire
http://www.securityfocus.com/archive/77/481928

22. [SJ-JOB] Sr. Security Engineer, Edison
http://www.securityfocus.com/archive/77/481929

23. [SJ-JOB] VP, Information Security, Berkshire
http://www.securityfocus.com/archive/77/481930

24. [SJ-JOB] Application Security Engineer, Houston
http://www.securityfocus.com/archive/77/481931

25. [SJ-JOB] Director, Information Security, Fairfax (Metro Area)
http://www.securityfocus.com/archive/77/481923

26. [SJ-JOB] Director, Information Security, Herndon
http://www.securityfocus.com/archive/77/481925

27. [SJ-JOB] Security Product Marketing Manager, Hopkinton
http://www.securityfocus.com/archive/77/481926

28. [SJ-JOB] Security Consultant, Singapore
http://www.securityfocus.com/archive/77/481919

29. [SJ-JOB] Sales Engineer, Boston
http://www.securityfocus.com/archive/77/481920

30. [SJ-JOB] Sr. Security Engineer, Chicago Area
http://www.securityfocus.com/archive/77/481922

31. [SJ-JOB] Security Consultant, Atlanta
http://www.securityfocus.com/archive/77/481924

32. [SJ-JOB] Information Assurance Analyst, New York
http://www.securityfocus.com/archive/77/481916

33. [SJ-JOB] Software Engineer, Mountain View
http://www.securityfocus.com/archive/77/481917

34. [SJ-JOB] Certification & Accreditation Engineer, Chantilly
http://www.securityfocus.com/archive/77/481918

V. INCIDENTS LIST SUMMARY
---------------------------
VI. VULN-DEV RESEARCH LIST SUMMARY
-----------------------------------
1. IRM Demonstrates Multiple Cisco IOS Exploitation Techniques
http://www.securityfocus.com/archive/82/481987

VII. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. SecurityFocus Microsoft Newsletter #363
http://www.securityfocus.com/archive/88/482193

VIII. SUN FOCUS LIST SUMMARY
----------------------------
IX. LINUX FOCUS LIST SUMMARY
----------------------------
1. Linux Hardening
http://www.securityfocus.com/archive/91/482082

X. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to sf-news-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.

XI. SPONSOR INFORMATION
------------------------
This issue is Sponsored by: CSI

CSI 2007, November 3-9 in Washington, DC, is the only conference that delivers a business-focused overview of enterprise security.
It will convene 2,000+ delegates, 80 exhibitors and features 100+ sessions/seminars providing a roadmap for integrating policies and procedures with new tools and techniques.
Register now for savings on conference fees and/or free exhibits admission.

http://www.csiannual.com

No comments:

Blog Archive