WINDOWS CENTER: SecurityFocus Newsletter #438

SecurityFocus Newsletter #438
----------------------------------------

This issue is Sponsored by: Black Hat Europe

Attend Black Hat Europe, March 25-28, Amsterdam, Europe's premier technical event for ICT security experts. Featuring hands-on training courses and Briefings presentations with lots of new content. Network with 400+ delegates from 30 nations and review products by leading vendors in a relaxed setting. Black Hat Europe is supported by most leading European infosec associations.

www.blackhat.com

SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1. Mother May I?
2. Finding a Cure for Data Loss
II. BUGTRAQ SUMMARY
1. 2Wire Routers 'H04_POST' Access Validation Vulnerability
2. Savant Webserver Buffer Overflow Vulnerability
3. Drupal OpenID Module 'claimed_id' Provider Spoofing Vulnerability
4. Drupal Secure Site Module Authentication Bypass Vulnerability
5. Chilkat FTP 'ChilkatCert.dll' ActiveX Control Insecure Method Vulnerability
6. QuickTicket QTI_CheckName.PHP Local File Include Vulnerability
7. Skype Web Content Zone Remote Code Execution Vulnerability
8. 2Wire Routers Cross-Site Request Forgery Vulnerability
9. Gnumeric XLS HLINK Opcode Handling Remote Arbitrary Code Execution Vulnerability
10. OpenBSD bgplg 'cmd' Parameter Cross-Site Scripting Vulnerability
11. VirtueMart Information Disclosure Vulnerability
12. ELOG 'logbook' HTML Injection Vulnerability
13. SwiftView ActiveX Control and Browser Plugin Stack Buffer Overflow Vulnerability
14. ChronoEngine ChronoForms mosConfig_Absolute_Path Multiple Remote File Include Vulnerabilities
15. DeltaScripts PHP Links 'vote.php' SQL Injection Vulnerability
16. DeltaScripts PHP Links 'smarty.php' Remote File Include Vulnerability
17. Ruby Net::HTTP SSL Insecure Certificate Validation Weakness
18. Ruby Multiple Libraries SSL Multiple Insecure Certificate Validation Weaknesses
19. QuickTalk Forum Lang Parameter Multiple Local File Include Vulnerabilities
20. RETIRED: Endian Firewall 'userlist.php' Cross Site Scripting Vulnerability
21. BitDefender Products Update Server HTTP Daemon Directory Traversal Vulnerability
22. WordPress WassUp Plugin 'spy.php' SQL Injection Vulnerability
23. Logitech VideoCall Multiple ActiveX Controls Multiple Buffer Overflow Vulnerabilities
24. PeerCast HandshakeHTTP Multiple Buffer Overflow Vulnerabilities
25. LanDesk Management Suite Alert Service AOLSRVR.EXE Buffer Overflow Vulnerability
26. libxml2 'xmlCurrentChar()' UTF-8 Parsing Remote Denial of Service Vulnerability
27. Alt-N WebAdmin Remote File Disclosure Vulnerability
28. Alt-N WebAdmin Remote File Viewing Vulnerability
29. 'distcc' Access Control Bypass Vulnerability
30. IrfanView FPX File Remote Memory Corruption Vulnerability
31. Citrix Presentation Server IMA Service Buffer Overflow Vulnerability
32. Corel WordPerfect Office PRS Stack Buffer Overflow Vulnerability
33. Joomla! and Mambo NeoReferences Component 'catid' Parameter SQL Injection Vulnerability
34. Archimede Net 2000 'E-Guest_show.php' SQL Injection Vulnerability
35. eIQnetworks Enterprise Security Analyzer Topology Server Remote Buffer Overflow Vulnerability
36. RETIRED: Solaris in.telnetd TTYPROMPT Buffer Overflow Vulnerability
37. AskJeeves Toolbar Settings Plugin ActiveX Control Remote Heap Based Buffer Overflow Vulnerability
38. IMLib/IMLib2 Multiple BMP Image Decoding Buffer Overflow Vulnerabilities
39. Ipswitch WhatsUp Gold Remote Buffer Overflow Vulnerability
40. GAMSoft Telsrv DoS Vulnerability
41. Hummingbird Connectivity 10 LPD Daemon Stack Overflow Vulnerability
42. iTinySoft Studio Total Video Player M3U Playlist Buffer Overflow Vulnerability
43. IASystemInfo.DLL ActiveX Control Remote Buffer Overflow Vulnerabilities
44. Trend Micro ServerProtect SpntSvc.EXE Remote Stack Based Buffer Overflow Vulnerability
45. Trend Micro OfficeScan Client ActiveX Control Remote Buffer Overflow Vulnerability
46. Trend Micro ServerProtect EarthAgent.EXE Remote Stack Based Buffer Overflow Vulnerability
47. Novell NetWare CIFS.NLM Denial of Service Vulnerability
48. Novell NetMail IMAP Unspecified Buffer Overflow Vulnerability
49. Novell Netmail NMAP STOR Buffer Overflow Vulnerability
50. Novell Netmail IMAP SUBSCRIBE Buffer Overflow Vulnerability
51. Sun Solaris NFS 'netgroups' Security Bypass Vulnerability
52. PCRE Regular Expression Library Multiple Security Vulnerabilities
53. PCRE Regular Expression Library UTF-8 Options Multiple Remote Denial of Service Vulnerabilities
54. PCRE Regular Expression Library Multiple Integer and Buffer Overflow Vulnerabilities
55. PCRE Perl Compatible Regular Expression Subpattern Memory Allocation Denial Of Service Vulnerability
56. PCRE Perl Compatible Regular Expressions Library POSIX Denial Of Service Vulnerability
57. Novell Netmail IMAP APPEND Buffer Overflow Vulnerability
58. PostgreSQL Multiple Privilege Escalation and Denial of Service Vulnerabilities
59. LightBlog 'cp_upload_image.php' Arbitrary File Upload Vulnerability
60. LiveCart Multiple Cross-Site Scripting Vulnerabilities
61. SunGard Banner Student 'add1' Parameter Cross-Site Scripting Vulnerability
62. UltraVNC VNCViewer 'ClientConnection.cpp' Remote Buffer Overflow Vulnerability
63. Uniwin eCart Professional 'rp' Cross-Site Scripting Vulnerabilities
64. xdg-utils 'xdg-open' and 'xdg-email' Multiple Remote Command Execution Vulnerabilities
65. MySpace Uploader 'MySpaceUploader.ocx' ActiveX Control Buffer Overflow Vulnerability
66. Facebook Photo Uploader 4 'ImageUploader4.1.ocx' ActiveX Control Buffer Overflow Vulnerability
67. Aurigma Image Uploader 'ImageUploader4.ocx' ActiveX Control Buffer Overflow Vulnerability
68. X.Org X Server 'MIT-SHM' Local Privilege Escalation Vulnerability
69. X.Org X Server 'TOG-CUP' Extension Local Privilege Escalation Vulnerability
70. X.Org X Server 'PassMessage' Request Local Privilege Escalation Vulnerability
71. X.Org X Server 'EVI' Extension Local Privilege Escalation Vulnerability
72. X.Org X Server 'Xinput' Extension Local Privilege Escalation Vulnerability
73. X.Org X Server PCF Font Parser Buffer Overflow Vulnerability
74. VideoLAN VLC Multiple Remote Code Execution Vulnerabilities
75. Invision Gallery Index.PHP SQL Injection Vulnerability
76. Nilson's Blogger 'comments.php' Local File Include Vulnerability
77. Joomla! and Mambo CatalogShop Component 'id' Parameter SQL Injection Vulnerability
78. Joomla! and Mambo AkoGallery Component 'id' Parameter SQL Injection Vulnerability
79. PulseAudio Local Privilege Escalation Vulnerability
80. Sun Java RunTime Environment XML Parsing Unspecified Vulnerability
81. Linux Kernel Page Faults Using NUMA Local Denial of Service Vulnerability
82. Linux Kernel PowerPC 'chrp/setup.c' NULL Pointer Dereference Denial of Serviced Vulnerability
83. Linux Kernel VFS Unauthorized File Access Vulnerability
84. Linux Kernel DO_COREDUMP Local Information Disclosure Vulnerability
85. Liferay Enterprise Portal Admin Portlet Shutdown Message HTML Injection Vulnerability
86. Joomla! and Mambo com_restaurant Component 'id' Parameter SQL Injection Vulnerability
87. Liferay Enterprise Portal 'User-Agent' HTTP Header Script Injection Vulnerability
88. Liferay Enterprise Portal User-Agent HTTP Header Cross Site Scripting Vulnerability
89. Liferay Enterprise Portal User Profile Greeting HTML Injection Vulnerability
90. Linux Kernel 'isdn_common.c' Local Buffer Overflow Vulnerability
91. Linux Kernel ISDN_Net.C Local Buffer Overflow Vulnerability
92. Linux Kernel wait_task_stopped Local Denial of Service Vulnerability
93. ImageMagick Image Filename Remote Command Execution Vulnerability
94. ImageMagick File Name Handling Remote Format String Vulnerability
95. Sun Java System Access Manager Multiple Vulnerabilities
96. sflog! 'index.php' Multiple Local File Include Vulnerabilities
97. Livelink ECM UTF-7 Cross Site Scripting Vulnerability
98. Mindmeld 'MM_GLOBALS['home']' Multiple Remote File Include Vulnerabilities
99. Drupal Project Issue Tracking Module Multiple Input Validation Vulnerabilities
100. Drupal Comment Upload Module Upload Validation Function Arbitrary File Upload Vulnerability
III. SECURITYFOCUS NEWS
1. Universities fend off phishing attacks
2. Antivirus firms, test labs to form standards group
3. Legitimate sites serving up stealthy attacks
4. Malware hitches a ride on digital devices
IV. SECURITY JOBS LIST SUMMARY
1. [SJ-JOB] Security Engineer, Cleveland
2. [SJ-JOB] Customer Service, Atlanta
3. [SJ-JOB] Account Manager, Columbia
4. [SJ-JOB] Auditor, New York
5. [SJ-JOB] Certification & Accreditation Engineer, Washington DC
6. [SJ-JOB] Sales Engineer, Sunnyvale
7. [SJ-JOB] Jr. Security Analyst, London
8. [SJ-JOB] Security Engineer, Washington DC
9. [SJ-JOB] Jr. Security Analyst, London
10. [SJ-JOB] Forensics Engineer, London
11. [SJ-JOB] Sr. Security Analyst, Cupertino
12. [SJ-JOB] Sr. Security Engineer, Long Island
13. [SJ-JOB] Sales Representative, Chicago
14. [SJ-JOB] Security Researcher, San Jose
15. [SJ-JOB] Security Engineer, Bethlehem
V. INCIDENTS LIST SUMMARY
1. DNS CACHE POISONING? - Our Portal is redirecting to our first competition
VI. VULN-DEV RESEARCH LIST SUMMARY
VII. MICROSOFT FOCUS LIST SUMMARY
1. Fwd: Centralizing Event Viewer Logs
2. Centralizing Event Viewer Logs
3. Under the hood question about Remote Desktop Connection
4. FTP on IIS
VIII. SUN FOCUS LIST SUMMARY
IX. LINUX FOCUS LIST SUMMARY
X. UNSUBSCRIBE INSTRUCTIONS
XI. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1. Mother May I?
By Mark Rasch
"Sure, you can have a cookie, but you may not."We all have had that discussion before -- either with our parents or our kids. A recent case from North Dakota reveals that the difference between those two concepts may lead not only to civil liability, but could land you in jail.
http://www.securityfocus.com/columnists/463

2.Finding a Cure for Data Loss
By Jamie Reid
Despite missteps in protecting customer information, companies have largely escaped the wrath of consumers.

http://www.securityfocus.com/columnists/462

II. BUGTRAQ SUMMARY
--------------------
1. 2Wire Routers 'H04_POST' Access Validation Vulnerability
BugTraq ID: 27516
Remote: Yes
Last Updated: 2008-02-01
Relevant URL: http://www.securityfocus.com/bid/27516
Summary:
Multiple 2Wire routers are prone to an access-validation vulnerability because they fail to adequately authenticate users before performing certain actions.

Unauthenticated attackers can leverage this issue to change the password of arbitrary user accounts on the router. Successful attacks will completely compromise affected devices.

2Wire routers that have the 'H04_POST' page are affected by this issue.

UPDATE: This BID has been retired because it has been found to be a duplicate of BID 27246 (2Wire Routers Cross-Site Request Forgery Vulnerability).

UPDATE (February 1, 2008): This BID is being reinstated. Further investigation and new information reveal that this vulnerability differs from the one described in BID 27246.

2. Savant Webserver Buffer Overflow Vulnerability
BugTraq ID: 5686
Remote: Yes
Last Updated: 2008-02-01
Relevant URL: http://www.securityfocus.com/bid/5686
Summary:
A buffer-overflow vulnerability has been reported in Savant webserver. If the argument to a GET request exceeds 291 bytes in length, a stack overrun will occur. Remote attackers may be exploit this condition to execute arbitrary instructions on the affected host.

3. Drupal OpenID Module 'claimed_id' Provider Spoofing Vulnerability
BugTraq ID: 27542
Remote: Yes
Last Updated: 2008-01-31
Relevant URL: http://www.securityfocus.com/bid/27542
Summary:
The OpenID module for Drupal is prone to a vulnerability that allows attackers to set up malicious OpenID Providers to spoof a legitimate OpenID Authority.

Attackers can exploit this issue to gain unauthorized access to websites that rely on OpenID authentication.

Versions prior to OpenID 5.x-1.1 are vulnerable.

4. Drupal Secure Site Module Authentication Bypass Vulnerability
BugTraq ID: 27543
Remote: Yes
Last Updated: 2008-01-31
Relevant URL: http://www.securityfocus.com/bid/27543
Summary:
The Secure Site module for Drupal is prone to an authentication-bypass vulnerability because of an error in the IP-authentication feature.

An attacker can exploit this issue to gain unauthorized access to the affected application. This may lead to further attacks.

This issue affects Secure Site for Drupal 5.x and 4.7.x. Note that Drupal Core without this module is not affected by this issue.

5. Chilkat FTP 'ChilkatCert.dll' ActiveX Control Insecure Method Vulnerability
BugTraq ID: 27540
Remote: Yes
Last Updated: 2008-01-31
Relevant URL: http://www.securityfocus.com/bid/27540
Summary:
Chilkat FTP ActiveX control is prone to a vulnerability that allows attackers to create or overwrite arbitrary data with the privileges of the application using the control (typically Internet Explorer).

Successful exploits can compromise affected computers or cause denial-of-service conditions; other attacks are possible.

This issue affects Chilkat FTP ActiveX 2.0; other versions may also be affected.

6. QuickTicket QTI_CheckName.PHP Local File Include Vulnerability
BugTraq ID: 24670
Remote: Yes
Last Updated: 2008-01-31
Relevant URL: http://www.securityfocus.com/bid/24670
Summary:
QuickTicket is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.

Exploiting this issue may allow an unauthorized user to view files and execute local scripts.

This issue affects QuickTicket versions prior to 1.5.

7. Skype Web Content Zone Remote Code Execution Vulnerability
BugTraq ID: 27338
Remote: Yes
Last Updated: 2008-01-31
Relevant URL: http://www.securityfocus.com/bid/27338
Summary:
Skype is prone to a vulnerability that allows arbitrary code to run. The issue occurs because the application uses Windows 'Web content Zones' in an insecure manner.

Attackers can leverage the issue by enticing an unsuspecting user to use a Skype dialog on a malicious web object. Successful exploits will allow arbitrary code to run in the context of the user running the application.

Skype 3.5 and 3.6 series are vulnerable.

8. 2Wire Routers Cross-Site Request Forgery Vulnerability
BugTraq ID: 27246
Remote: Yes
Last Updated: 2008-01-31
Relevant URL: http://www.securityfocus.com/bid/27246
Summary:
Multiple 2Wire routers are prone to a cross-site request-forgery vulnerability.

Exploiting this issue may allow a remote attacker to execute arbitrary actions on an affected device.

9. Gnumeric XLS HLINK Opcode Handling Remote Arbitrary Code Execution Vulnerability
BugTraq ID: 27536
Remote: Yes
Last Updated: 2008-01-31
Relevant URL: http://www.securityfocus.com/bid/27536
Summary:
Gnumeric is prone to a vulnerability that lets remote attakers execute arbitrary code.

Attackers may exploit this issue to corrupt memory and execute machine code in the context of the affected application. Failed exploit attempts will result in denial-of-service conditions.

The issue affects Gnumeric 1.6.3; other versions may also be vulnerable.

10. OpenBSD bgplg 'cmd' Parameter Cross-Site Scripting Vulnerability
BugTraq ID: 27535
Remote: Yes
Last Updated: 2008-01-31
Relevant URL: http://www.securityfocus.com/bid/27535
Summary:
OpenBSD bgplg is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

bgplg shipped with OpenBSD 4.1 is vulnerable; other versions may also be affected.

11. VirtueMart Information Disclosure Vulnerability
BugTraq ID: 27532
Remote: Yes
Last Updated: 2008-01-31
Relevant URL: http://www.securityfocus.com/bid/27532
Summary:
VirtueMart is prone to an information-disclosure vulnerability because it fails to properly sanitize user-supplied input.

Attackers can exploit this issue to view arbitrary files and obtain potentially sensitive information in the context of the webserver process. Information obtained could aid in further attacks.

The issue affects VirtueMart 1.0.13a and prior versions.

12. ELOG 'logbook' HTML Injection Vulnerability
BugTraq ID: 27526
Remote: Yes
Last Updated: 2008-01-31
Relevant URL: http://www.securityfocus.com/bid/27526
Summary:
ELOG is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content.

Attacker-supplied HTML and script code would execute in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user; other attacks are also possible.

This issue affects versions prior to ELOG 2.7.2.

13. SwiftView ActiveX Control and Browser Plugin Stack Buffer Overflow Vulnerability
BugTraq ID: 27527
Remote: Yes
Last Updated: 2008-01-31
Relevant URL: http://www.securityfocus.com/bid/27527
Summary:
SwiftView is prone to a stack-based buffer-overflow vulnerability. This issue affects both the SwiftView ActiveX control and the browser plugin.

Attackers can exploit this issue to execute arbitrary code in the context of the application using the affected application. Successful attacks can compromise the application and possibly the underlying computer. Failed attacks will likely cause denial-of-service conditions.

14. ChronoEngine ChronoForms mosConfig_Absolute_Path Multiple Remote File Include Vulnerabilities
BugTraq ID: 27531
Remote: Yes
Last Updated: 2008-01-31
Relevant URL: http://www.securityfocus.com/bid/27531
Summary:
ChronoEngine ChronoForms component for Joomla! is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied input.

An attacker can exploit these issues to execute malicious PHP code in the context of the webserver process. This may allow the attacker to compromise the application and the underlying system; other attacks are also possible.

These issues affect ChronoForms 2.3.5; other versions may also be vulnerable.

15. DeltaScripts PHP Links 'vote.php' SQL Injection Vulnerability
BugTraq ID: 27530
Remote: Yes
Last Updated: 2008-01-31
Relevant URL: http://www.securityfocus.com/bid/27530
Summary:
DeltaScripts PHP Links is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

This issue affects PHP Links 1.3 and prior versions.

16. DeltaScripts PHP Links 'smarty.php' Remote File Include Vulnerability
BugTraq ID: 27529
Remote: Yes
Last Updated: 2008-01-31
Relevant URL: http://www.securityfocus.com/bid/27529
Summary:
DeltaScripts PHP Links is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input.

An attacker can exploit this issue to include an arbitrary remote file containing malicious PHP code and execute it in the context of the webserver process. This may facilitate a compromise of the application and the underlying system; other attacks are also possible.

This issue affects PHP Links 1.3 and prior versions.

17. Ruby Net::HTTP SSL Insecure Certificate Validation Weakness
BugTraq ID: 25847
Remote: Yes
Last Updated: 2008-01-31
Relevant URL: http://www.securityfocus.com/bid/25847
Summary:
Ruby's Net::HTTP library is prone to an insecure-certificate-validation weakness because the library fails to properly perform validity checks on X.509 certificates.

Successfully exploiting this issue may allow attackers to perform man-in-the-middle attacks against applications that insecurely use the affected library. Other attacks may also be possible.

NOTE: This issue is related to multiple weaknesses covered by BID 26421 - Ruby Multiple Libraries SSL Multiple Insecure Certificate Validation Weaknesses.

18. Ruby Multiple Libraries SSL Multiple Insecure Certificate Validation Weaknesses
BugTraq ID: 26421
Remote: Yes
Last Updated: 2008-01-31
Relevant URL: http://www.securityfocus.com/bid/26421
Summary:
Ruby is prone to multiple weaknesses related to its validation of certificates. The problem is that multiple libraries fail to properly perform validity checks on X.509 certificates.

Successfully exploiting these issues may allow attackers to perform man-in-the-middle attacks against applications that insecurely use an affected library. Other attacks may also be possible.

NOTE: These issues are related to a weakness covered by BID 25847 (Ruby Net::HTTP SSL Insecure Certificate Validation Weakness).

19. QuickTalk Forum Lang Parameter Multiple Local File Include Vulnerabilities
BugTraq ID: 24671
Remote: Yes
Last Updated: 2008-01-31
Relevant URL: http://www.securityfocus.com/bid/24671
Summary:
QuickTalk Forum is prone to multiple local file-include vulnerabilities because it fails to properly sanitize user-supplied input.

Exploiting these issues may allow an unauthorized user to view files and execute local scripts.

These issues affect QuickTalk Forum 1.3; other versions may also be vulnerable.

20. RETIRED: Endian Firewall 'userlist.php' Cross Site Scripting Vulnerability
BugTraq ID: 27477
Remote: Yes
Last Updated: 2008-01-31
Relevant URL: http://www.securityfocus.com/bid/27477
Summary:
Endian Firewall is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input.

Exploiting this vulnerability could allow an attacker to perform cross-site scripting attacks on unsuspecting users in the context of the affected website. As a result, the attacker may be able to steal cookie-based authentication credentials and to launch other attacks.

Endian Firewall 2.1.2 is reported vulnerable; other versions may also be affected.

NOTE: This BID is being retired because information from the vendor indicates that the device is not prone to this issue.

21. BitDefender Products Update Server HTTP Daemon Directory Traversal Vulnerability
BugTraq ID: 27358
Remote: Yes
Last Updated: 2008-01-31
Relevant URL: http://www.securityfocus.com/bid/27358
Summary:
BitDefender Update Server is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input data.

Exploiting this issue allows an attacker to access potentially sensitive information that could aid in further attacks.

BitDefender Security for File Servers, BitDefender Enterprise Manger, and other BitDefender products that include the Update Server are vulnerable. This issue affects Update Server when running on Windows; Linux and UNIX variants may also be affected.

22. WordPress WassUp Plugin 'spy.php' SQL Injection Vulnerability
BugTraq ID: 27525
Remote: Yes
Last Updated: 2008-01-31
Relevant URL: http://www.securityfocus.com/bid/27525
Summary:
WordPress WassUp plugin is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

The issue affects WassUp 1.4.3; other versions may also be vulnerable.

23. Logitech VideoCall Multiple ActiveX Controls Multiple Buffer Overflow Vulnerabilities
BugTraq ID: 24254
Remote: Yes
Last Updated: 2008-01-31
Relevant URL: http://www.securityfocus.com/bid/24254
Summary:
Multiple Logitech VideoCall ActiveX controls are prone to multiple buffer-overflow vulnerabilities because they fail to bounds-check user-supplied data before copying it into an insufficiently sized buffer.

Successfully exploiting these issues allows remote attackers to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed exploit attempts likely result in denial-of-service conditions.

24. PeerCast HandshakeHTTP Multiple Buffer Overflow Vulnerabilities
BugTraq ID: 26899
Remote: Yes
Last Updated: 2008-01-31
Relevant URL: http://www.securityfocus.com/bid/26899
Summary:
PeerCast is prone to multiple buffer-overflow vulnerabilities because it fails to adequately bounds-check user-supplied input before copying it to an insufficiently sized buffer.

Successfully exploiting these issues will allow an attacker to execute arbitrary code with the privileges of the user running the affected application. Failed exploit attempts will likely crash the application.

These issues affect PeerCast 0.12.17, SVN 334 and prior versions.

25. LanDesk Management Suite Alert Service AOLSRVR.EXE Buffer Overflow Vulnerability
BugTraq ID: 23483
Remote: Yes
Last Updated: 2008-01-31
Relevant URL: http://www.securityfocus.com/bid/23483
Summary:
LANDesk Management Suite is prone to a remote stack-based buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.

An attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successfully exploiting this issue would result in the complete compromise of affected computers. Failed exploit attempts will result in a denial of service.

This issue affects LANDesk Management Suite 8.7; prior versions may also be affected.

26. libxml2 'xmlCurrentChar()' UTF-8 Parsing Remote Denial of Service Vulnerability
BugTraq ID: 27248
Remote: Yes
Last Updated: 2008-01-31
Relevant URL: http://www.securityfocus.com/bid/27248
Summary:
The libxml2 library is prone to a denial-of-service vulnerability because of an infinite-loop flaw.

Exploiting this issue allows remote attackers to cause denial-of-service conditions in the context of an application using the vulnerable library.

Versions prior to libxml2 2.6.31 are affected by this issue.

27. Alt-N WebAdmin Remote File Disclosure Vulnerability
BugTraq ID: 7439
Remote: Yes
Last Updated: 2008-02-01
Relevant URL: http://www.securityfocus.com/bid/7439
Summary:
Reportedly, remote users can discover the installation directory of certain software on the underlying system by submitting an HTTP request to the WebAdmin server. This could allow an attacker to obtain sensitive information.

28. Alt-N WebAdmin Remote File Viewing Vulnerability
BugTraq ID: 7438
Remote: Yes
Last Updated: 2008-02-01
Relevant URL: http://www.securityfocus.com/bid/7438
Summary:
Alt-N WebAdmin allows a remote user to access files that they should not be able to access. The remote user can submit an HTTP request that will return the contents of any webserver-readable file on the system.

NOTE: The user must have administrative privileges in WebAdmin to access these files.

29. 'distcc' Access Control Bypass Vulnerability
BugTraq ID: 11319
Remote: Yes
Last Updated: 2008-02-01
Relevant URL: http://www.securityfocus.com/bid/11319
Summary:
The access controls for the 'distcc' program may malfunction under certain circumstances and may not be enforced.

A remote attacker may potentially exploit this vulnerability to access the affected 'distcc' service, regardless of access-control rules that are set in place.

This vulnerability is addressed in 'distcc' 2.16.

30. IrfanView FPX File Remote Memory Corruption Vulnerability
BugTraq ID: 27479
Remote: Yes
Last Updated: 2008-02-01
Relevant URL: http://www.securityfocus.com/bid/27479
Summary:
IrfanView is prone to a remote memory-corruption vulnerability.

An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the affected application. Failed exploit attempts will result in a denial-of-service condition.

This issue affects IrfanView 4.10; other versions may also be affected.

31. Citrix Presentation Server IMA Service Buffer Overflow Vulnerability
BugTraq ID: 27329
Remote: Yes
Last Updated: 2008-02-01
Relevant URL: http://www.securityfocus.com/bid/27329
Summary:
Citrix Presentation Server is prone to a buffer-overflow vulnerability because the IMA service fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer.

Successfully exploiting this issue may allow attackers to execute arbitrary machine code in the context of the IMA server process. Failed exploit attempts will likely result in denial-of-service conditions.

The issue affects the following versions:

Citrix MetaFrame and Presentation Server 4.5 (and earlier)
Citrix Access Essentials 2.0 (and earlier)
Citrix Desktop Server 1.0 (and earlier)

32. Corel WordPerfect Office PRS Stack Buffer Overflow Vulnerability
BugTraq ID: 23177
Remote: Yes
Last Updated: 2008-02-01
Relevant URL: http://www.securityfocus.com/bid/23177
Summary:
Corel WordPerfect Office is prone to a stack-based buffer-overflow vulnerability because the software fails to adequately bounds-check user-supplied data before copying it to an insufficiently sized buffer.

An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the application. A successful attack can result in the compromise of the application. Failed attempts will likely result in denial-of-service conditions.

WordPerfect X3 version 13.0.0.565 is vulnerable to this issue; other versions may also be affected.

33. Joomla! and Mambo NeoReferences Component 'catid' Parameter SQL Injection Vulnerability
BugTraq ID: 27564
Remote: Yes
Last Updated: 2008-02-01
Relevant URL: http://www.securityfocus.com/bid/27564
Summary:
The NeoReferences component for Joomla! and Mambo is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

This issue affects NeoReferences 1.3.1; other versions may also be affected.

34. Archimede Net 2000 'E-Guest_show.php' SQL Injection Vulnerability
BugTraq ID: 27563
Remote: Yes
Last Updated: 2008-02-01
Relevant URL: http://www.securityfocus.com/bid/27563
Summary:
Archimede Net 2000 is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

35. eIQnetworks Enterprise Security Analyzer Topology Server Remote Buffer Overflow Vulnerability
BugTraq ID: 19164
Remote: Yes
Last Updated: 2008-02-01
Relevant URL: http://www.securityfocus.com/bid/19164
Summary:
eIQnetworks Enterprise Security Analyzer Topology Server is prone to a remote buffer-overflow vulnerability.

This issue can facilitate a remote compromise due to arbitrary code execution.

Enterprise Security Analyzer versions prior to 2.5.0 are vulnerable. OEM vendors' versions prior to 4.6 are also vulnerable.

36. RETIRED: Solaris in.telnetd TTYPROMPT Buffer Overflow Vulnerability
BugTraq ID: 5531
Remote: Yes
Last Updated: 2008-02-01
Relevant URL: http://www.securityfocus.com/bid/5531
Summary:
The telnet server shipped with Sun Microsystem's Solaris operating system is vulnerable to a buffer-overflow condition. Remote attackers may exploit this vulnerability to gain root access on target hosts.

**RETRACTION NOTE: It has been determined that this report was sent out in error and that the listed patches likely correct BID 3064 ("Multiple Vendor Telnetd Buffer Overflow Vulnerability"). This alert was originally published after the discovery of functional exploit code that appeared to exploit telnetd. It has since been determined that the code, an exploit for BID 3681 ("Multiple Vendor System V Derived 'login' Buffer Overflow Vulnerability"), was leaked from Internet Security Systems. It has been removed from the SecurityFocus archives. This BID will be retired.

37. AskJeeves Toolbar Settings Plugin ActiveX Control Remote Heap Based Buffer Overflow Vulnerability
BugTraq ID: 25785
Remote: Yes
Last Updated: 2008-02-01
Relevant URL: http://www.securityfocus.com/bid/25785
Summary:
AskJeeves Toolbar Settings Plugin ActiveX control is prone to a remote heap-based buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data before copying it to an insufficiently sized buffer.

Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed exploit attempts likely result in denial-of-service conditions.

38. IMLib/IMLib2 Multiple BMP Image Decoding Buffer Overflow Vulnerabilities
BugTraq ID: 11084
Remote: Yes
Last Updated: 2008-02-01
Relevant URL: http://www.securityfocus.com/bid/11084
Summary:
Multiple buffer-overflow vulnerabilities are reported to reside in the Iimlib/Imlib2 libraries. These issues may be triggered when handling malformed bitmap images.

A remote attacker could exploit these vulnerabilities to cause a denial of service in applications that use the vulnerable library to render images. Reportedly, attackers may also exploit these vulnerabilities to execute arbitrary code.

39. Ipswitch WhatsUp Gold Remote Buffer Overflow Vulnerability
BugTraq ID: 11043
Remote: Yes
Last Updated: 2008-02-01
Relevant URL: http://www.securityfocus.com/bid/11043
Summary:
Ipswitch WhatsUp Gold is affected by a remote buffer-overflow vulnerability because the application fails to properly validate user-supplied string lengths before copying them into static process buffers.

An attacker might leverage this issue to execute arbitrary code on the affected computer with the privileges of the user that started the vulnerable application.

40. GAMSoft Telsrv DoS Vulnerability
BugTraq ID: 1478
Remote: Yes
Last Updated: 2008-02-01
Relevant URL: http://www.securityfocus.com/bid/1478
Summary:
GAMSoft Telsrv telnet server is prone to a trivial denial-of-service attack. If a malicious user were to connect to port 23 and supply a username of approximately 4550 characters, the telnet application would crash. Restarting the service is required to regain normal functionality.

In some cases, Telsrv will return an error message that contains a valid username and password in plain-text format. This can be used to gain unauthorized access to the telnet server.

41. Hummingbird Connectivity 10 LPD Daemon Stack Overflow Vulnerability
BugTraq ID: 13788
Remote: Yes
Last Updated: 2008-02-01
Relevant URL: http://www.securityfocus.com/bid/13788
Summary:
Hummingbird Connectivity 10 LPD daemon is prone to a remote stack-based buffer-overflow vulnerability because the software fails to perform sufficient boundary checks on user-supplied data.

A successful exploit will allow an unauthenticated attacker to obtain SYSTEM-level access to a vulnerable computer.

42. iTinySoft Studio Total Video Player M3U Playlist Buffer Overflow Vulnerability
BugTraq ID: 22553
Remote: Yes
Last Updated: 2008-02-01
Relevant URL: http://www.securityfocus.com/bid/22553
Summary:
Total Video Player is prone to a buffer-overflow vulnerability because the application fails to properly verify the size of user-supplied data before copying it into an insufficiently sized process buffer.

Exploiting this issue allows remote attackers to execute arbitrary machine code in the context of the user running the affected application. Failed exploit attempts will likely crash applications, denying service to legitimate users.

This issue affects Total Video Player 1.03; other versions may also be vulnerable.

43. IASystemInfo.DLL ActiveX Control Remote Buffer Overflow Vulnerabilities
BugTraq ID: 23071
Remote: Yes
Last Updated: 2008-02-01
Relevant URL: http://www.securityfocus.com/bid/23071
Summary:
The IASystemInfo.dll ActiveX control of InterActual Player and CinePlayer is prone to buffer-overflow vulnerabilities. This software fails to sufficiently check boundaries of user-supplied input before copying it to an insufficiently sized memory buffer.

InterActual Player version 2.60.12.0717 is vulnerable to these issues; other versions may also be affected.

CinePlayer version 3.2 is vulnerable to these issues; other versions may also be affected.

44. Trend Micro ServerProtect SpntSvc.EXE Remote Stack Based Buffer Overflow Vulnerability
BugTraq ID: 23868
Remote: Yes
Last Updated: 2008-02-01
Relevant URL: http://www.securityfocus.com/bid/23868
Summary:
Trend Micro ServerProtect is prone to a stack-based buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer.

Exploiting this issue allows attackers to execute arbitrary machine code with SYSTEM-level privileges and to completely compromise affected computers. Failed exploit attempts will result in a denial of service.

45. Trend Micro OfficeScan Client ActiveX Control Remote Buffer Overflow Vulnerability
BugTraq ID: 22585
Remote: Yes
Last Updated: 2008-02-01
Relevant URL: http://www.securityfocus.com/bid/22585
Summary:
Trend Micro OfficeScan Client is prone to a remote buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data before copying it into an insufficiently sized memory buffer.

Exploiting this issue allows remote attackers to execute arbitrary code in the context of applications using the affected ActiveX control and to compromise affected computers. Failed attempts will likely result in denial-of-service conditions.

46. Trend Micro ServerProtect EarthAgent.EXE Remote Stack Based Buffer Overflow Vulnerability
BugTraq ID: 23866
Remote: Yes
Last Updated: 2008-02-01
Relevant URL: http://www.securityfocus.com/bid/23866
Summary:
Trend Micro ServerProtect is prone to a stack-based buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer.

47. Novell NetWare CIFS.NLM Denial of Service Vulnerability
BugTraq ID: 14701
Remote: Yes
Last Updated: 2008-02-01
Relevant URL: http://www.securityfocus.com/bid/14701
Summary:
NetWare CIFS.NLM is prone to a remote denial-of-service vulnerability.

Reportedly, the W32.Randex.CCC worm can trigger this issue resulting in a denial-of-service condition due to an ABEND.

The following versions are vulnerable:

NetWare 5.1
NetWare 6.0
NetWare 6.5 SP2
NetWare 6.5 SP3

48. Novell NetMail IMAP Unspecified Buffer Overflow Vulnerability
BugTraq ID: 15491
Remote: Yes
Last Updated: 2008-02-01
Relevant URL: http://www.securityfocus.com/bid/15491
Summary:
Novell NetMail is prone to a buffer-overflow vulnerability in an unspecified IMAP command. Successful exploits may result in a denial of service or arbitrary code execution.

NetMail 3.52D is affected, but earlier versions may also be vulnerable.

Details regarding the precise nature of this vulnerability are not currently available. We will update this BID as more information emerges.

49. Novell Netmail NMAP STOR Buffer Overflow Vulnerability
BugTraq ID: 21725
Remote: Yes
Last Updated: 2008-02-01
Relevant URL: http://www.securityfocus.com/bid/21725
Summary:
Novell Netmail is prone to a remotely exploitable buffer overflow vulnerability because it fails to do proper bounds checking on NMAP (Network Messaging Application Protocol) STOR command parameters.

A successful exploit could let an authenticated remote attacker execute arbitrary code in the context of the affected program.

50. Novell Netmail IMAP SUBSCRIBE Buffer Overflow Vulnerability
BugTraq ID: 21728
Remote: Yes
Last Updated: 2008-02-01
Relevant URL: http://www.securityfocus.com/bid/21728
Summary:
Novell Netmail is prone to a remotely exploitable buffer-overflow vulnerability because it fails to do proper bounds checking on arguments for IMAP SUBSCRIBE commands.

A successful exploit could let an authenticated remote attacker execute arbitrary code in the context of the affected program.

51. Sun Solaris NFS 'netgroups' Security Bypass Vulnerability
BugTraq ID: 26872
Remote: Yes
Last Updated: 2008-02-01
Relevant URL: http://www.securityfocus.com/bid/26872
Summary:
Sun Solaris is prone to a security-bypass vulnerability due to an unspecified error.

A successful attack will allow an unauthorized remote user to gain superuser access to shared NFS resources on the vulnerable system with 'netgroups' access configured.

This issue affects Sun Solaris 10 with the following kernel patches:

- kernel patches 120011-04 (and later) that are prior to 127111-05 on SPARC platforms
- kernel patches 120012-04 (and later) that are prior to 127954-03 on x86 platforms

52. PCRE Regular Expression Library Multiple Security Vulnerabilities
BugTraq ID: 26346
Remote: Yes
Last Updated: 2008-02-01
Relevant URL: http://www.securityfocus.com/bid/26346
Summary:
PCRE regular-expression library is prone to multiple security vulnerabilities.

Attackers can exploit these issues to execute arbitrary code, cause denial-of-service conditions, or launch other attacks in the context of the application using the affected library.

53. PCRE Regular Expression Library UTF-8 Options Multiple Remote Denial of Service Vulnerabilities
BugTraq ID: 26550
Remote: Yes
Last Updated: 2008-02-01
Relevant URL: http://www.securityfocus.com/bid/26550
Summary:
PCRE regular-expression library is prone to multiple remote denial-of-service vulnerabilities because a memory-calculation error occurs for certain regular expressions.

Successful exploits may allow remote attackers to cause denial-of-service conditions on computers running the affected library.

These issues affect versions prior to PCRE 7.0.

54. PCRE Regular Expression Library Multiple Integer and Buffer Overflow Vulnerabilities
BugTraq ID: 26462
Remote: Yes
Last Updated: 2008-02-01
Relevant URL: http://www.securityfocus.com/bid/26462
Summary:
PCRE regular-expression library is prone to multiple integer- and buffer-overflow vulnerabilities.

Attackers can exploit these issues to execute arbitrary code, cause denial-of-service conditions, or launch other attacks in the context of the application using the affected library.

55. PCRE Perl Compatible Regular Expression Subpattern Memory Allocation Denial Of Service Vulnerability
BugTraq ID: 26727
Remote: Yes
Last Updated: 2008-02-01
Relevant URL: http://www.securityfocus.com/bid/26727
Summary:
PCRE (Perl Compatible Regular Expressions) is prone to a denial-of-service vulnerability. The library fails to allocate sufficient memory for quantified subpatterns that contain certain data.

A successful attack can cause an application using the library to crash, denying service to legitimate users.

Versions prior to PCRE 6.7 are vulnerable.

56. PCRE Perl Compatible Regular Expressions Library POSIX Denial Of Service Vulnerability
BugTraq ID: 26725
Remote: Yes
Last Updated: 2008-02-01
Relevant URL: http://www.securityfocus.com/bid/26725
Summary:
PCRE (Perl Compatible Regular Expressions) is prone to a denial-of-service vulnerability because it fails to adequately sanitize user-supplied regular expressions.

A successful attack will cause an application using the library to crash, denying service to legitimate users.

Versions prior to PCRE 6.7 are vulnerable.

57. Novell Netmail IMAP APPEND Buffer Overflow Vulnerability
BugTraq ID: 21723
Remote: Yes
Last Updated: 2008-02-01
Relevant URL: http://www.securityfocus.com/bid/21723
Summary:
Novell Netmail is prone to a remotely exploitable buffer-overflow vulnerability because it fails to do proper bounds checking on a client-supplied IMAP APPEND parameter.

A successful exploit could let an authenticated remote attacker execute arbitrary code in the context of the affected program.

58. PostgreSQL Multiple Privilege Escalation and Denial of Service Vulnerabilities
BugTraq ID: 27163
Remote: Yes
Last Updated: 2008-02-01
Relevant URL: http://www.securityfocus.com/bid/27163
Summary:
PostgreSQL is prone to multiple remote vulnerabilities, including:

- Three privilege-escalation vulnerabilities
- Three denial-of-service vulnerabilities

An attacker can exploit these issues to gain complete control of the affected application or to cause a denial-of-service condition.

These issues affect PostgreSQL 8.2, 8.1, 8.0, 7.4, and 7.3; other versions may also be affected.

59. LightBlog 'cp_upload_image.php' Arbitrary File Upload Vulnerability
BugTraq ID: 27562
Remote: Yes
Last Updated: 2008-02-01
Relevant URL: http://www.securityfocus.com/bid/27562
Summary:
LightBlog is prone to a vulnerability that lets attackers upload arbitrary files because it fails to adequately sanitize user-supplied input.

An attacker can exploit this vulnerability to upload arbitrary code and execute it in the context of the webserver process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible.

LightBlog 9.5 is affected; other versions may also be vulnerable.

60. LiveCart Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 27087
Remote: Yes
Last Updated: 2008-02-01
Relevant URL: http://www.securityfocus.com/bid/27087
Summary:
LiveCart is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

LiveCart 1.0.1 is vulnerable to these issues; other versions may also be affected.

61. SunGard Banner Student 'add1' Parameter Cross-Site Scripting Vulnerability
BugTraq ID: 27490
Remote: Yes
Last Updated: 2008-02-01
Relevant URL: http://www.securityfocus.com/bid/27490
Summary:
Banner Student is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input data.

62. UltraVNC VNCViewer 'ClientConnection.cpp' Remote Buffer Overflow Vulnerability
BugTraq ID: 27561
Remote: Yes
Last Updated: 2008-02-01
Relevant URL: http://www.securityfocus.com/bid/27561
Summary:
UltraVNC VNCViewer is affected by a remote buffer-overflow vulnerability because the application fails to properly validate user-supplied string lengths before copying them into static process buffers.

An attacker might leverage this issue to execute arbitrary code on the affected computer with the privileges of the user running the vulnerable application.

UltraVNC 1.0.2 and UltraVNC 104 release candidates released prior to January 25, 2008 are vulnerable to this issue.

NOTE: This issue affects only VNCViewer. The UltraVNC server is not affected.

63. Uniwin eCart Professional 'rp' Cross-Site Scripting Vulnerabilities
BugTraq ID: 27560
Remote: Yes
Last Updated: 2008-02-01
Relevant URL: http://www.securityfocus.com/bid/27560
Summary:
Uniwin eCart Professional is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input data.

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

These issues affect versions prior to Uniwin eCart Professional 2.0.16.

64. xdg-utils 'xdg-open' and 'xdg-email' Multiple Remote Command Execution Vulnerabilities
BugTraq ID: 27528
Remote: Yes
Last Updated: 2008-02-01
Relevant URL: http://www.securityfocus.com/bid/27528
Summary:
The 'xdg-utils' package is prone to a remote command-execution vulnerabilities.

An attacker could exploit this issue by enticing an unsuspecting victim to open a malicious file.

Successful exploits will allow attackers to execute arbitrary commands with the privileges of the user running the affected application.

65. MySpace Uploader 'MySpaceUploader.ocx' ActiveX Control Buffer Overflow Vulnerability
BugTraq ID: 27533
Remote: Yes
Last Updated: 2008-02-01
Relevant URL: http://www.securityfocus.com/bid/27533
Summary:
MySpace Uploader ActiveX control is prone to a buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data.

The Symantec DeepSight team has confirmed that this issue can be used to execute code or crash the vulnerable application using 'MySpaceUploader.ocx' 1.0.0.4 and 1.0.0.5; other versions may also be vulnerable.

66. Facebook Photo Uploader 4 'ImageUploader4.1.ocx' ActiveX Control Buffer Overflow Vulnerability
BugTraq ID: 27534
Remote: Yes
Last Updated: 2008-02-01
Relevant URL: http://www.securityfocus.com/bid/27534
Summary:
Facebook Photo Uploader ActiveX control is prone to a buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data.

Successfully exploiting this issue may allow remote attackers to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed exploit attempts will result in denial-of-service conditions.

The Symantec DeepSight team has confirmed that this issue leads to a crash in 'ImageUploader4.1.ocx' 4.5.57.0; other versions may also be vulnerable. We will update this BID as more information emerges.

67. Aurigma Image Uploader 'ImageUploader4.ocx' ActiveX Control Buffer Overflow Vulnerability
BugTraq ID: 27539
Remote: Yes
Last Updated: 2008-02-01
Relevant URL: http://www.securityfocus.com/bid/27539
Summary:
Aurigma Image Uploader ActiveX control is prone to a buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data.

Image Uploader 4.5.70.0 is vulnerable; other versions may also be affected.

NOTE: This issue may be related to the issues covered in BID 27533 (MySpace Uploader 'MySpaceUploader.ocx' ActiveX Control Buffer Overflow) and BID 27534 (Facebook Photo Uploader 4 'ImageUploader4.1.ocx' ActiveX Control Buffer Overflow Vulnerability).

68. X.Org X Server 'MIT-SHM' Local Privilege Escalation Vulnerability
BugTraq ID: 27350
Remote: No
Last Updated: 2008-02-01
Relevant URL: http://www.securityfocus.com/bid/27350
Summary:
X.Org X Server is prone to a local privilege-escalation vulnerability.

Attackers can exploit this issue to execute arbitrary code with superuser privileges or to crash the affected computer.

NOTE: This vulnerability was previously covered in BID 27336 (X.Org X Server Multiple Local Privilege Escalation and Information Disclosure Vulnerabilities), but has been given its own record to better document the issue.

69. X.Org X Server 'TOG-CUP' Extension Local Privilege Escalation Vulnerability
BugTraq ID: 27355
Remote: No
Last Updated: 2008-02-01
Relevant URL: http://www.securityfocus.com/bid/27355
Summary:
X.Org X Server is prone to a local privilege-escalation vulnerability.

Attackers can exploit this issue to execute arbitrary code with superuser privileges or to crash the affected computer.

70. X.Org X Server 'PassMessage' Request Local Privilege Escalation Vulnerability
BugTraq ID: 27354
Remote: No
Last Updated: 2008-02-01
Relevant URL: http://www.securityfocus.com/bid/27354
Summary:
X.Org X Server is prone to a local privilege-escalation vulnerability.

Attackers can exploit this issue to execute arbitrary code with superuser privileges. Successfully exploiting this issue will result in the complete compromise of an affected computer. Failed exploit attempts will likely crash the computer.

71. X.Org X Server 'EVI' Extension Local Privilege Escalation Vulnerability
BugTraq ID: 27353
Remote: No
Last Updated: 2008-02-01
Relevant URL: http://www.securityfocus.com/bid/27353
Summary:
X.Org X Server is prone to a local privilege-escalation vulnerability.

Attackers can exploit this issue to execute arbitrary code with superuser privileges or to crash the affected computer.

72. X.Org X Server 'Xinput' Extension Local Privilege Escalation Vulnerability
BugTraq ID: 27351
Remote: No
Last Updated: 2008-02-01
Relevant URL: http://www.securityfocus.com/bid/27351
Summary:
X.Org X Server is prone to a local privilege-escalation vulnerability.

Attackers can exploit this issue to execute arbitrary code with superuser privileges or to crash the affected computer.

73. X.Org X Server PCF Font Parser Buffer Overflow Vulnerability
BugTraq ID: 27352
Remote: No
Last Updated: 2008-02-01
Relevant URL: http://www.securityfocus.com/bid/27352
Summary:
X.Org X Server is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input.

Attackers can exploit this issue to execute arbitrary code with the privileges of the server. Failed attacks will cause denial-of-service conditions.

74. VideoLAN VLC Multiple Remote Code Execution Vulnerabilities
BugTraq ID: 27015
Remote: Yes
Last Updated: 2008-02-01
Relevant URL: http://www.securityfocus.com/bid/27015
Summary:
VideoLAN VLC media player is prone to multiple remote code-execution vulnerabilities, including multiple buffer-overflow issues and a format-string issue.

Exploiting these issues allows remote attackers to execute arbitrary machine code in the context of the affected application.

VLC 0.8.6d is vulnerable to these issues; other versions may also be affected.

75. Invision Gallery Index.PHP SQL Injection Vulnerability
BugTraq ID: 20327
Remote: Yes
Last Updated: 2008-02-01
Relevant URL: http://www.securityfocus.com/bid/20327
Summary:
Invision Gallery is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query.

A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.

This issue affects versions prior to Invision Gallery 2.1.0.

76. Nilson's Blogger 'comments.php' Local File Include Vulnerability
BugTraq ID: 27559
Remote: Yes
Last Updated: 2008-02-01
Relevant URL: http://www.securityfocus.com/bid/27559
Summary:
Nilson's Blogger is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.

An attacker can exploit this vulnerability using directory-traversal strings to include local files in the context of the webserver process. This may allow the attacker to obtain potentially sensitive information; other attacks are also possible.

This issue affects Nilson's Blogger 0.11; other versions may also be vulnerable.

77. Joomla! and Mambo CatalogShop Component 'id' Parameter SQL Injection Vulnerability
BugTraq ID: 27558
Remote: Yes
Last Updated: 2008-02-01
Relevant URL: http://www.securityfocus.com/bid/27558
Summary:
The CatalogShop component for Mambo and Joomla! is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

This issue affects CatalogShop 1.0 b1; other versions may also be affected.

78. Joomla! and Mambo AkoGallery Component 'id' Parameter SQL Injection Vulnerability
BugTraq ID: 27557
Remote: Yes
Last Updated: 2008-02-01
Relevant URL: http://www.securityfocus.com/bid/27557
Summary:
The AkoGallery component for Joomla! and Mambo is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

79. PulseAudio Local Privilege Escalation Vulnerability
BugTraq ID: 27449
Remote: No
Last Updated: 2008-02-01
Relevant URL: http://www.securityfocus.com/bid/27449
Summary:
PulseAudio is prone to a local privilege-escalation vulnerability because the application fails to properly ensure that it has dropped its privileges.

Exploiting this issue could allow attackers to perform certain actions with superuser privileges.

This vulnerability affects versions prior to PulseAudio 0.9.9.

80. Sun Java RunTime Environment XML Parsing Unspecified Vulnerability
BugTraq ID: 27553
Remote: Yes
Last Updated: 2008-02-01
Relevant URL: http://www.securityfocus.com/bid/27553
Summary:
Sun Java Runtime Environment (JRE) is prone to an unspecified vulnerability that can occur when parsing malicious XML content.

Exploiting this issue will allow JRE to process external references even if it has been configured not to do so. Attackers can leverage this issue to launch further attacks or to cause denial-of-service conditions.

This issue affects JDK and JRE 6 Update 3 and earlier.

81. Linux Kernel Page Faults Using NUMA Local Denial of Service Vulnerability
BugTraq ID: 27556
Remote: No
Last Updated: 2008-01-31
Relevant URL: http://www.securityfocus.com/bid/27556
Summary:
The Linux kernel is prone to a local denial-of-service vulnerability because it fails to properly handle certain page faults when using NUMA (Non-Uniform Memory Access) methods.

Attackers can exploit this issue to trigger kernel crashes, denying service to legitimate users.

Linux kernel 2.6.9 and prior versions are vulnerable. This issue affects the Itanium architecture; other architectures may also be vulnerable.

82. Linux Kernel PowerPC 'chrp/setup.c' NULL Pointer Dereference Denial of Serviced Vulnerability
BugTraq ID: 27555
Remote: No
Last Updated: 2008-01-31
Relevant URL: http://www.securityfocus.com/bid/27555
Summary:
The Linux kernel is prone to a local denial-of-service vulnerability.

Attackers can exploit this issue to crash the affected kernel, denying service to legitimate users.

This issue affects Linux kernel 2.4.21 through 2.6.18-53 running on the PowerPC architecture.

83. Linux Kernel VFS Unauthorized File Access Vulnerability
BugTraq ID: 27280
Remote: No
Last Updated: 2008-01-31
Relevant URL: http://www.securityfocus.com/bid/27280
Summary:
The Linux kernel is prone to an unauthorized file-access vulnerability affecting the VFS (Virtual Filesystem) module.

A local attacker can exploit this issue to access arbitrary files on the affected computer. Successfully exploiting this issue may grant the attacker elevated privileges on affected computers. Other attacks are also possible.

This issue affects kernel versions prior to 2.6.23.14.

84. Linux Kernel DO_COREDUMP Local Information Disclosure Vulnerability
BugTraq ID: 26701
Remote: No
Last Updated: 2008-01-31
Relevant URL: http://www.securityfocus.com/bid/26701
Summary:
The Linux kernel is prone to an information-disclosure vulnerability.

Successful exploits will allow attackers to obtain sensitive information that may aid in further attacks.

Versions of the Linux kernel prior to 2.6.24-rc4 are vulnerable.

85. Liferay Enterprise Portal Admin Portlet Shutdown Message HTML Injection Vulnerability
BugTraq ID: 27554
Remote: Yes
Last Updated: 2008-01-31
Relevant URL: http://www.securityfocus.com/bid/27554
Summary:
Liferay Enterprise Portal is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content.

This issue affects versions prior to Liferay Enterprise Portal 4.4.0 and 4.3.7.

86. Joomla! and Mambo com_restaurant Component 'id' Parameter SQL Injection Vulnerability
BugTraq ID: 27551
Remote: Yes
Last Updated: 2008-01-31
Relevant URL: http://www.securityfocus.com/bid/27551
Summary:
The Joomla! and Mambo 'com_restaurant' component is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

87. Liferay Enterprise Portal 'User-Agent' HTTP Header Script Injection Vulnerability
BugTraq ID: 27550
Remote: Yes
Last Updated: 2008-01-31
Relevant URL: http://www.securityfocus.com/bid/27550
Summary:
Liferay Enterprise Portal is prone to a script-code-injection vulnerability because the application fails to properly sanitize user-supplied input.

An attacker may leverage this issue to inject arbitrary script code into 'Forgot Password' emails sent by the affected application. This may help the attacker obtain potentially sensitive information that can aid in other attacks.

Versions prior to Liferay Enterprise Portal 4.4.0 and 4.3.7 are vulnerable.

88. Liferay Enterprise Portal User-Agent HTTP Header Cross Site Scripting Vulnerability
BugTraq ID: 27547
Remote: Yes
Last Updated: 2008-01-31
Relevant URL: http://www.securityfocus.com/bid/27547
Summary:
Liferay Enterprise Portal is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.

This issue affects Liferay Enterprise Portal 4.3.6.

89. Liferay Enterprise Portal User Profile Greeting HTML Injection Vulnerability
BugTraq ID: 27546
Remote: Yes
Last Updated: 2008-01-31
Relevant URL: http://www.securityfocus.com/bid/27546
Summary:
Liferay Enterprise Portal is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content.

This issue affects versions prior to Liferay Enterprise Portal 4.4.0 and 4.3.7.

90. Linux Kernel 'isdn_common.c' Local Buffer Overflow Vulnerability
BugTraq ID: 27497
Remote: No
Last Updated: 2008-01-31
Relevant URL: http://www.securityfocus.com/bid/27497
Summary:
The Linux kernel is prone to a local buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input before copying it into an insufficiently sized buffer.

An attacker can exploit this issue to cause denial-of-service conditions. Given the nature of this issue, the attacker may also be able to execute arbitrary code, but this has not been confirmed.

This issue affects versions prior to Linux kernel 2.6.25.

91. Linux Kernel ISDN_Net.C Local Buffer Overflow Vulnerability
BugTraq ID: 26605
Remote: No
Last Updated: 2008-01-31
Relevant URL: http://www.securityfocus.com/bid/26605
Summary:
The Linux kernel is prone to a local buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input before copying it into an insufficiently sized buffer.

An attacker can exploit this issue to cause denial-of-service conditions. Given the nature of this issue, the attacker may also be able to execute arbitrary code, but this has not been confirmed.

This issue affects the Linux kernel versions prior to 2.6.23.10.

92. Linux Kernel wait_task_stopped Local Denial of Service Vulnerability
BugTraq ID: 26477
Remote: No
Last Updated: 2008-01-31
Relevant URL: http://www.securityfocus.com/bid/26477
Summary:
The Linux kernel is prone to a local denial-of-service vulnerability because it fails to properly handle certain process-exit conditions.

Attackers can exploit this issue to trigger kernel crashes, denying service to legitimate users.

Linux kernel versions prior to 2.6.23.8 as well as 2.6.24-rc1 and 2.6.24-rc1 are vulnerable.

93. ImageMagick Image Filename Remote Command Execution Vulnerability
BugTraq ID: 16093
Remote: Yes
Last Updated: 2008-01-31
Relevant URL: http://www.securityfocus.com/bid/16093
Summary:
ImageMagick is prone to a remote shell command-execution vulnerability.

Successful exploitation can allow arbitrary commands to be executed in the context of the affected user. Note that attackers could exploit this issue through other applications that use ImageMagick as the default image viewer.

ImageMagick 6.2.4.5 is reportedly vulnerable. Other versions may be affected as well.

94. ImageMagick File Name Handling Remote Format String Vulnerability
BugTraq ID: 12717
Remote: Yes
Last Updated: 2008-01-31
Relevant URL: http://www.securityfocus.com/bid/12717
Summary:
ImageMagick is reported prone to a remote format-string vulnerability.

Reportedly, this issue arises when the application handles malformed filenames. An attacker can exploit this vulnerability by crafting a malicious file with a name that contains format specifiers and sending the file to an unsuspecting user.

Note that there are other attack vectors that may not require user interaction, since the application can be used with custom printing systems and web applications.

A successful attack may crash the application or lead to arbitrary code execution.

All versions of ImageMagick are considered vulnerable at the moment.

95. Sun Java System Access Manager Multiple Vulnerabilities
BugTraq ID: 25842
Remote: Yes
Last Updated: 2008-01-31
Relevant URL: http://www.securityfocus.com/bid/25842
Summary:
Sun Java System Access Manager is prone to multiple remote vulnerabilities that result from configuration errors.

Exploiting these issues can allow remote attackers to gain unauthorized access to the application or execute arbitrary code in the context of the application.

Sun Java System Access Manager 7.1 is affected by these issues.

96. sflog! 'index.php' Multiple Local File Include Vulnerabilities
BugTraq ID: 27541
Remote: Yes
Last Updated: 2008-01-31
Relevant URL: http://www.securityfocus.com/bid/27541
Summary:
The 'sflog!' program is prone to multiple local file-include vulnerabilities because it fails to properly sanitize user-supplied input.

Exploiting these issues may allow an attacker to access potentially sensitive information in the context of the affected application.

These issues affect sflog! 0.96; other versions may also be affected.

97. Livelink ECM UTF-7 Cross Site Scripting Vulnerability
BugTraq ID: 27537
Remote: Yes
Last Updated: 2008-01-31
Relevant URL: http://www.securityfocus.com/bid/27537
Summary:
Livelink ECM is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.

This issue affects versions up to and including Livelink ECM 9.7.0.

98. Mindmeld 'MM_GLOBALS['home']' Multiple Remote File Include Vulnerabilities
BugTraq ID: 27538
Remote: Yes
Last Updated: 2008-01-31
Relevant URL: http://www.securityfocus.com/bid/27538
Summary:
Mindmeld is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data.

Exploiting these issues may allow an attacker to compromise the application and the underlying system; other attacks are also possible.

This issue affects Mindmeld 1.2.0.10; other versions may also be affected.

99. Drupal Project Issue Tracking Module Multiple Input Validation Vulnerabilities
BugTraq ID: 27545
Remote: Yes
Last Updated: 2008-01-31
Relevant URL: http://www.securityfocus.com/bid/27545
Summary:
The Project Issue Tracking module for Drupal is prone to multiple input-validation vulnerabilities because it fails to adequately sanitize user-supplied input. These issues include a cross-site scripting vulnerability as well as a vulnerability that allows attacker to upload arbitrary code.

Successfully exploiting these issues can allow an attacker to upload and execute arbitrary code in the context of the application. This may help the attacker steal cookie-based authentication credentials, and launch additional attacks.

Note that Drupal Core without this module is not affected by these issues.

100. Drupal Comment Upload Module Upload Validation Function Arbitrary File Upload Vulnerability
BugTraq ID: 27544
Remote: Yes
Last Updated: 2008-01-31
Relevant URL: http://www.securityfocus.com/bid/27544
Summary:
The Drupal Comment Upload module is prone to an arbitrary-file-upload vulnerability because the application fails to sufficiently sanitize user-supplied input.

Exploiting this issue could allow an attacker to upload and execute arbitrary script code in the context of the affected webserver process.

III. SECURITYFOCUS NEWS ARTICLES
--------------------------------
1. Universities fend off phishing attacks
By: Robert Lemos
Online fraudsters send e-mail messages that masquerade as help-desk requests for usernames and passwords.
http://www.securityfocus.com/news/11504

2. Antivirus firms, test labs to form standards group
By: Robert Lemos
The makers of antivirus software as well as independent and media-sponsored testing labs have agreed to create an industry group to standardize on methods of evaluating anti-malware programs.
http://www.securityfocus.com/news/11502

3. Legitimate sites serving up stealthy attacks
By: Robert Lemos
The Random JS infection kit serves up malicious code that hides itself by attempting to compromise each visitor only once and using a different file name each time.
http://www.securityfocus.com/news/11501

4. Malware hitches a ride on digital devices
By: Robert Lemos
Some consumers reported that their holiday gifts came with an unwelcome passenger, a Trojan horse. Infections at the factory and in retail stores will likely become more common.
http://www.securityfocus.com/news/11499

IV. SECURITY JOBS LIST SUMMARY
-------------------------------
1. [SJ-JOB] Security Engineer, Cleveland
http://www.securityfocus.com/archive/77/487201

2. [SJ-JOB] Customer Service, Atlanta
http://www.securityfocus.com/archive/77/487211

3. [SJ-JOB] Account Manager, Columbia
http://www.securityfocus.com/archive/77/487212

4. [SJ-JOB] Auditor, New York
http://www.securityfocus.com/archive/77/487214

5. [SJ-JOB] Certification & Accreditation Engineer, Washington DC
http://www.securityfocus.com/archive/77/487198

6. [SJ-JOB] Sales Engineer, Sunnyvale
http://www.securityfocus.com/archive/77/487199

7. [SJ-JOB] Jr. Security Analyst, London
http://www.securityfocus.com/archive/77/487200

8. [SJ-JOB] Security Engineer, Washington DC
http://www.securityfocus.com/archive/77/487202

9. [SJ-JOB] Jr. Security Analyst, London
http://www.securityfocus.com/archive/77/487213

10. [SJ-JOB] Forensics Engineer, London
http://www.securityfocus.com/archive/77/487188

11. [SJ-JOB] Sr. Security Analyst, Cupertino
http://www.securityfocus.com/archive/77/487189

12. [SJ-JOB] Sr. Security Engineer, Long Island
http://www.securityfocus.com/archive/77/487190

13. [SJ-JOB] Sales Representative, Chicago
http://www.securityfocus.com/archive/77/487179

14. [SJ-JOB] Security Researcher, San Jose
http://www.securityfocus.com/archive/77/487185

15. [SJ-JOB] Security Engineer, Bethlehem
http://www.securityfocus.com/archive/77/487215

V. INCIDENTS LIST SUMMARY
---------------------------
1. DNS CACHE POISONING? - Our Portal is redirecting to our first competition
http://www.securityfocus.com/archive/75/486799

VI. VULN-DEV RESEARCH LIST SUMMARY
-----------------------------------
VII. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. Fwd: Centralizing Event Viewer Logs
http://www.securityfocus.com/archive/88/487366

2. Centralizing Event Viewer Logs
http://www.securityfocus.com/archive/88/487262

3. Under the hood question about Remote Desktop Connection
http://www.securityfocus.com/archive/88/487023

4. FTP on IIS
http://www.securityfocus.com/archive/88/486644

VIII. SUN FOCUS LIST SUMMARY
----------------------------
IX. LINUX FOCUS LIST SUMMARY
----------------------------
X. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to sf-news-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.

XI. SPONSOR INFORMATION
------------------------
This issue is Sponsored by: Black Hat Europe

News

Friday, February 01, 2008

SecurityFocus Newsletter #438

No comments:

WINDOWS CENTER

Blog Archive