----------------------------------------
This issue is sponsored by Sponsored by Qualys
On-Demand Vulnerability Management
Learn how to start your own self-auditing process by setting goals and answering key questions about your infrastructure. This podcast examines what to look for in a self-audition solution, how to use vulnerability management to ease the pain and why your software solution really matters.
http://whitepapers.securityfocus.com/option,com_categoryreport/task,viewabstract/title,675/id,/vid,36/cat,/pathway,no/srcid,189/
SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs
------------------------------------------------------------------
I. FRONT AND CENTER
1.Get Off My Cloud
2.An Astonishing Collaboration
II. BUGTRAQ SUMMARY
1. MAFFT Insecure Temporary File Creation Vulnerability
2. Debian lazarus-src 'create_lazarus_export_tgz.sh' Insecure Temporary File Creation Vulnerability
3. Educe ASP Search Engine 'search.asp' Cross-Site Scripting Vulnerability
4. MatterDaddy Market 'admin/login.php' Cross Site Scripting Vulnerability
5. Ipswitch WS_FTP Server Message Response Buffer Overflow Vulnerability
6. Amarok 'MagnatuneBrowser::listDownloadComplete()' Insecure Temporary File Creation Vulnerability
7. IPsec-Tools Multiple Remote Denial Of Service Vulnerabilities
8. Microsoft Windows 'NSlookup.exe' Unspecified Remote Code Execution Vulnerability
9. Apache 'mod_proxy_ftp' Wildcard Characters Cross-Site Scripting Vulnerability
10. Multiple Vendor DNS Protocol Insufficient Transaction ID Randomization DNS Spoofing Vulnerability
11. Thickbox Gallery 'conf/admins.php' Information Disclosure Vulnerability
12. Linux Kernel 'sctp_setsockopt_auth_key()' Remote Denial of Service Vulnerability
13. NetBSD PPPoE Discovery Packet Remote Denial of Service Vulnerability
14. LibTIFF tiff2pdf Remote Buffer Overflow Vulnerability
15. Smart Survey 'surveyresults.asp' Cross Site Scripting Vulnerability
16. Angel Learning Management Suite Default.ASP SQL Injection Vulnerability
17. Kolifa.net Download Script 'indir.php' SQL Injection Vulnerability
18. Civic Website Manager Multiple Cross-Site Scripting Vulnerabilities
19. AN Guestbook Unspecified Cross-Site Scripting Vulnerabilities
20. Xen 'XSM:Flask' Module Multiple Local Buffer Overflow Vulnerabilities
21. mysql-lists Unspecified Cross Site Scripting Vulnerability
22. TIBCO Hawk Multiple Remote Buffer Overflow Vulnerabilities
23. Intel System Management Mode Local Privilege Escalation Vulnerability
24. Samba Group Mappings File Insecure Permissions Local Security Vulnerability
25. JustSystems Ichitaro Document Handling Unspecified Code Execution Vulnerability
26. Crafty Syntax Live Help Multiple SQL Injection Vulnerabilities
27. Anzio Web Print Object ActiveX Control Remote Buffer Overflow Vulnerability
28. Debian 'linux-patch-openswan' Insecure Temporary File Creation Vulnerabilities
29. Debian konwert-filters 'filters/any-UTF8' Insecure Temporary File Creation Vulnerability
30. Debian lustre-tests Insecure Temporary File Creation Vulnerability
31. Novell Forum Unspecified Tcl Command Injection Vulnerability
32. Debian dist Insecure Temporary File Creation Vulnerabilities
33. impose+ Insecure Temporary File Creation Vulnerability
34. Invision Power Board Multiple Remote Security Vulnerabilities
35. GpsDrive Insecure Temporary File Creation Vulnerability
36. NetCitadel Firewall Builder Insecure Temporary File Creation Vulnerability
37. DigitalDJ Insecure Temporary File Creation Vulnerability
38. Debian freeradius-dialupadmin Insecure Temporary File Creation Vulnerabilities
39. Debian Feta 'to-upgrade' Plugin Insecure Temporary File Creation Vulnerability
40. Debian dhis-server Insecure Temporary File Creation Vulnerability
41. Debian FML 'libexec/mead.pl' Insecure Temporary File Creation Vulnerability
42. cman 'fence_egenera' Insecure Temporary File Creation Vulnerability
43. LibTIFF 'tif_lzw.c' Remote Integer Underflow Vulnerability
44. Caudium Insecure Temporary File Creation Vulnerability
45. Apertium Multiple Insecure Temporary File Creation Vulnerabilities
46. ARB Multiple Insecure Temporary File Creation Vulnerabilities
47. Crossfire crossfire-maps Insecure Temporary File Creation Vulnerability
48. Advanced Electron Forum 'username' Parameter Cross Site Scripting Vulnerability
49. gdrae Insecure Temporary File Creation Vulnerability
50. Amanda CDRW-Taper Insecure Temporary File Creation Vulnerability
51. GNU Coreutils 'pam_succeed_if' PAM Local Authentication Bypass Vulnerability
52. Sun Netra T5220 Server Local Denial of Service Vulnerability
53. Sun Solaris 'snoop(1M)' Utility Multiple Remote Vulnerabilities
54. Carmosa PHPCart Order Modification Data Integrity Vulnerability
55. Friendly Technologies 'fwRemoteCfg.dll' ActiveX Control Remote Buffer Overflow Vulnerability
56. Friendly Technologies 'fwRemoteCfg.dll' ActiveX Control Arbitrary Command Execution Vulnerability
57. Microsoft Windows SeImpersonatePrivilege Local Privilege Escalation Vulnerability
58. Acoustica MP3 CD Burner PlayList Files Buffer Overflow Vulnerability
59. CDcontrol Insecure Temporary File Creation Vulnerability
60. Linux Kernel TTY Operations NULL Pointer Dereference Denial of Service Vulnerabilities
61. Linux Kernel UDF Denial of Service Vulnerability
62. Linux Kernel 'ipip6_rcv()' Remote Denial of Service Vulnerability
63. AudioLink Insecure Temporary File Creation Vulnerability
64. Acoustica Mixcraft '.mx4' Image File Name Buffer Overflow Vulnerability
65. Sun Solaris Kernel Covert Channel Creation Security Bypass Vulnerability
66. aview 'asciiview' Insecure Temporary File Creation Vulnerability
67. APTonCD Insecure Temporary File Creation Vulnerability
68. Tiger 'genmsgidx' Insecure Temporary File Creation Vulnerability
69. Carmosa PHPCart 'phpcart.php' Multiple Cross-Site Scripting Vulnerabilities
70. Aegis 'aegis.cgi' Insecure Temporary File Creation Vulnerability
71. R 'javareconf' Insecure Temporary File Creation Vulnerability
72. Citadel Insecure Temporary File Creation Vulnerability
73. Honeyd Insecure Temporary File Creation Vulnerability
74. Red Hat Directory Server LDAP Memory Leak Multiple Remote Denial Of Service Vulnerabilities
75. Red Hat Directory Server Crafted Search Pattern Denial of Service Vulnerability
76. Red Hat Directory Server Multiple Cross Site Scripting Vulnerabilities
77. OpenOffice 'rtl_allocateMemory()' Remote Code Execution Vulnerability
78. Red Hat Directory Server Accept Language HTTP Headers Buffer Overflow Vulnerability
79. YourOwnBux 'memberstats.php' SQL Injection Vulnerability
80. Mono 'System.Web' HTTP Header Injection Vulnerability
81. AbleSpace 'adv_cat.php' Cross-Site Scripting Vulnerability
82. Ultra Office Control 'Save()' Method Arbitrary File Overwrite Vulnerability
83. phpMyRealty Multiple SQL Injection Vulnerabilities
84. IBM DB2 CLR Stored Procedures Deployment Unspecified Vulnerability
85. HP System Management Homepage (SMH) 'message.php' Cross Site Scripting Vulnerability
86. HP Enterprise Discovery Unspecified Remote Privilege Escalation Vulnerability
87. Ultra Office Control 'HttpUpload()' Method Buffer Overflow Vulnerability
88. MiaCMS 'mod_socialbits.php' SQL Injection Vulnerability
89. Sharity Unspecified Security Vulnerability
90. BitlBee Unspecified Security Bypass Vulnerability
91. Kyocera Mita Scanner File Utility File Transfer Directory Traversal Vulnerability
92. Sun Solaris NFS RPC Local Denial of Service Vulnerability
93. iFdate 'members_search.php' SQL Injection Vulnerability
94. ZoneMinder Multiple Input Validation Security Vulnerabilities
95. Pidgin 'msn_slplink_process_msg()' Multiple Integer Overflow Vulnerabilities
96. K-Rate Multiple Input Validation Vulnerabilities
97. Simple PHP Blog 0.5.0 Multiple Remote Vulnerabilities
98. HP OpenVMS 'SMGSHR.EXE' Local Buffer Overflow Vulnerability
99. AWStats Totals 'sort' Parameter Remote Command Execution Vulnerabilities
100. CMME Multiple Remote Security Vulnerabilities
III. SECURITYFOCUS NEWS
1. Online intruders hit Red Hat, Fedora Project
2. Researchers race to zero in record time
3. Gov't charges alleged TJX credit-card thieves
4. Poisoned DNS servers pop up as ISPs patch
IV. SECURITY JOBS LIST SUMMARY
1. [SJ-JOB] Management, Woburn
2. [SJ-JOB] Technical Support Engineer, Sunnyvale
3. [SJ-JOB] Manager, Information Security, Multiple
4. [SJ-JOB] Technical Support Engineer, St. Paul
5. [SJ-JOB] Sr. Security Analyst, Chantilly
6. [SJ-JOB] Customer Support, Columbia
7. [SJ-JOB] Sales Engineer, Hartford
8. [SJ-JOB] Sales Engineer, LA/Orange County
9. [SJ-JOB] Sales Engineer, Providence
10. [SJ-JOB] Sr. Security Analyst, Washington
11. [SJ-JOB] Sr. Security Analyst, Washington
12. [SJ-JOB] Sr. Security Engineer, Cavite
V. INCIDENTS LIST SUMMARY
VI. VULN-DEV RESEARCH LIST SUMMARY
VII. MICROSOFT FOCUS LIST SUMMARY
1. SecurityFocus Microsoft Newsletter #408
VIII. SUN FOCUS LIST SUMMARY
IX. LINUX FOCUS LIST SUMMARY
1. PacSec 2008 CFP (Deadline Sept. 1, Conference Nov. 12/13) and BA-Con 2008 Speakers (Sept. 30/ Oct. 1)
X. UNSUBSCRIBE INSTRUCTIONS
XI. SPONSOR INFORMATION
I. FRONT AND CENTER
---------------------
1.Get Off My Cloud
By Mark Rasch
One of the features of Apple's device that appeals to me is the new MobileMe service, where you can "access and manage your email, contacts, calendar, photos, and files at me.com," according to Apple.
More companies, among them Microsoft and Google, already allow people to store information and use common services online -- or "in the cloud" -- leading analysts to refer to the entire trend as "cloud computing."
http://www.securityfocus.com/columnists/478
2.An Astonishing Collaboration
By Dan Kaminsky
Wow. It's out. It's finally, finally out. Sweet!
http://www.securityfocus.com/columnists/477
II. BUGTRAQ SUMMARY
--------------------
1. MAFFT Insecure Temporary File Creation Vulnerability
BugTraq ID: 30915
Remote: No
Last Updated: 2008-08-29
Relevant URL: http://www.securityfocus.com/bid/30915
Summary:
MAFFT creates temporary files in an insecure manner.
An attacker with local access could potentially exploit this issue to perform symbolic-link attacks, overwriting arbitrary files in the context of the affected application.
Successfully mounting a symlink attack may allow the attacker to delete or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.
MAFFT 6.240 is vulnerable; other versions may also be affected.
2. Debian lazarus-src 'create_lazarus_export_tgz.sh' Insecure Temporary File Creation Vulnerability
BugTraq ID: 30917
Remote: No
Last Updated: 2008-08-29
Relevant URL: http://www.securityfocus.com/bid/30917
Summary:
Debian 'lazarus-src' creates temporary files in an insecure manner.
An attacker with local access could potentially exploit this issue to perform symbolic-link attacks, overwriting arbitrary files in the context of the affected application.
Successfully mounting a symlink attack may allow the attacker to delete or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.
Debian 'lazarus-src' 0.9.24-0-9 is vulnerable; other versions may also be affected.
3. Educe ASP Search Engine 'search.asp' Cross-Site Scripting Vulnerability
BugTraq ID: 30849
Remote: Yes
Last Updated: 2008-08-29
Relevant URL: http://www.securityfocus.com/bid/30849
Summary:
ASP Search Engine is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.
ASP Search Engine 1.5.6 is vulnerable; other versions may also be affected.
4. MatterDaddy Market 'admin/login.php' Cross Site Scripting Vulnerability
BugTraq ID: 30848
Remote: Yes
Last Updated: 2008-08-29
Relevant URL: http://www.securityfocus.com/bid/30848
Summary:
MatterDaddy Market is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.
MatterDaddy Market 1.1 is vulnerable; other versions may also be affected.
5. Ipswitch WS_FTP Server Message Response Buffer Overflow Vulnerability
BugTraq ID: 30728
Remote: Yes
Last Updated: 2008-08-29
Relevant URL: http://www.securityfocus.com/bid/30728
Summary:
Ipswitch WS_FTP is prone to a remote buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.
An attacker may exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.
6. Amarok 'MagnatuneBrowser::listDownloadComplete()' Insecure Temporary File Creation Vulnerability
BugTraq ID: 30662
Remote: No
Last Updated: 2008-08-29
Relevant URL: http://www.securityfocus.com/bid/30662
Summary:
Amarok reportedly creates temporary files in an insecure manner. Note that this has not yet been corroborated.
An attacker with local access could potentially exploit this issue to perform symbolic-link attacks, overwriting arbitrary files in the context of the affected application.
Successfully mounting a symlink attack may allow the attacker to delete or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.
Amarok 1.4.9.1 is affected; other versions may also be vulnerable.
7. IPsec-Tools Multiple Remote Denial Of Service Vulnerabilities
BugTraq ID: 30657
Remote: Yes
Last Updated: 2008-08-29
Relevant URL: http://www.securityfocus.com/bid/30657
Summary:
IPsec-Tools is affected by multiple remote denial-of-service vulnerabilities because the software fails to properly handle certain network packets.
A successful attack allows a remote attacker to crash the software, denying further service to legitimate users.
Versions prior to IPsec-Tools 0.7.1 are vulnerable.
8. Microsoft Windows 'NSlookup.exe' Unspecified Remote Code Execution Vulnerability
BugTraq ID: 30636
Remote: Yes
Last Updated: 2008-08-29
Relevant URL: http://www.securityfocus.com/bid/30636
Summary:
Microsoft Windows is prone to a remote code-execution vulnerability caused by an unspecified error in 'NSlookup.exe'.
Successfully exploiting this issue would allow an attacker to execute arbitrary code on an affected computer. Failed attacks will cause denial-of-service conditions.
Microsoft Windows XP Professional SP2 is vulnerable; other versions and products may also be affected.
9. Apache 'mod_proxy_ftp' Wildcard Characters Cross-Site Scripting Vulnerability
BugTraq ID: 30560
Remote: Yes
Last Updated: 2008-08-29
Relevant URL: http://www.securityfocus.com/bid/30560
Summary:
The Apache 'mod_proxy_ftp' module is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
This issue is reported to affect Apache 2.0.63 and 2.2.9; other versions may also be affected.
10. Multiple Vendor DNS Protocol Insufficient Transaction ID Randomization DNS Spoofing Vulnerability
BugTraq ID: 30131
Remote: Yes
Last Updated: 2008-08-29
Relevant URL: http://www.securityfocus.com/bid/30131
Summary:
Multiple vendors' implementations of the DNS protocol are prone to a DNS-spoofing vulnerability because the software fails to securely implement random values when performing DNS queries.
Successfully exploiting this issue allows remote attackers to spoof DNS replies, allowing them to redirect network traffic and to launch man-in-the-middle attacks.
This issue affects Microsoft Windows DNS Clients and Servers, ISC BIND 8 and 9, and multiple Cisco IOS releases; other DNS implementations may also be vulnerable.
11. Thickbox Gallery 'conf/admins.php' Information Disclosure Vulnerability
BugTraq ID: 30845
Remote: Yes
Last Updated: 2008-08-29
Relevant URL: http://www.securityfocus.com/bid/30845
Summary:
Thickbox Gallery is prone to an information-disclosure vulnerability.
An attacker can exploit this issue to obtain login names and encrypted MD5 password hashes. Information obtained may lead to further attacks.
Thickbox Gallery 2 is vulnerable; other versions may also be affected.
12. Linux Kernel 'sctp_setsockopt_auth_key()' Remote Denial of Service Vulnerability
BugTraq ID: 30847
Remote: Yes
Last Updated: 2008-08-29
Relevant URL: http://www.securityfocus.com/bid/30847
Summary:
The Linux kernel is prone to a remote denial-of-service vulnerability because it fails to properly handle user-supplied input.
Attackers can exploit this issue to cause a kernel panic, denying service to legitimate users.
Versions since Linux kernel 2.6.24-rc1 are vulnerable.
13. NetBSD PPPoE Discovery Packet Remote Denial of Service Vulnerability
BugTraq ID: 30838
Remote: Yes
Last Updated: 2008-08-29
Relevant URL: http://www.securityfocus.com/bid/30838
Summary:
NetBSD is prone to a remote denial-of-service vulnerability.
An attacker can exploit this issue to crash the affected computer, denying service to legitimate users. Given the nature of this issue, remote code execution may be possible, but this has not been confirmed.
14. LibTIFF tiff2pdf Remote Buffer Overflow Vulnerability
BugTraq ID: 18331
Remote: Yes
Last Updated: 2008-08-29
Relevant URL: http://www.securityfocus.com/bid/18331
Summary:
The tiff2pdf utility is prone to a buffer-overflow vulnerability because the application fails to do proper boundary checks before copying user-supplied data into a finite-sized buffer.
Exploiting this issue allows remote attackers to execute arbitrary machine code in the context of the affected application. Failed exploit attempts will likely crash the application, denying service to legitimate users.
15. Smart Survey 'surveyresults.asp' Cross Site Scripting Vulnerability
BugTraq ID: 30841
Remote: Yes
Last Updated: 2008-08-29
Relevant URL: http://www.securityfocus.com/bid/30841
Summary:
Smart Survey is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.
Smart Survey 1.0 is vulnerable; other versions may also be affected.
16. Angel Learning Management Suite Default.ASP SQL Injection Vulnerability
BugTraq ID: 22768
Remote: Yes
Last Updated: 2008-08-29
Relevant URL: http://www.securityfocus.com/bid/22768
Summary:
ANGEL Learning Management Suite is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.
This issue affects version 7.1.
17. Kolifa.net Download Script 'indir.php' SQL Injection Vulnerability
BugTraq ID: 30839
Remote: Yes
Last Updated: 2008-08-29
Relevant URL: http://www.securityfocus.com/bid/30839
Summary:
Kolifa.net Download Script is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Kolifa.Net Download Script 1.2 is vulnerable; other versions may also be affected.
18. Civic Website Manager Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 30833
Remote: Yes
Last Updated: 2008-08-29
Relevant URL: http://www.securityfocus.com/bid/30833
Summary:
Civic Website Manager is prone to multiple unspecified cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
Versions prior to Civic Website Manager 1.0.1 are vulnerable.
19. AN Guestbook Unspecified Cross-Site Scripting Vulnerabilities
BugTraq ID: 30830
Remote: Yes
Last Updated: 2008-08-29
Relevant URL: http://www.securityfocus.com/bid/30830
Summary:
AN Guestbook is prone to multiple unspecified cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
Versions prior to AN Guestbook 0.7.6 are vulnerable.
20. Xen 'XSM:Flask' Module Multiple Local Buffer Overflow Vulnerabilities
BugTraq ID: 30834
Remote: No
Last Updated: 2008-08-29
Relevant URL: http://www.securityfocus.com/bid/30834
Summary:
Xen is prone to multiple local buffer-overflow vulnerabilities because it fails to perform adequate boundary checks on user-supplied input.
Attackers can exploit these issues to execute arbitrary code and elevate privileges. Failed attempts may result in a denial-of-service condition.
These issues affect Xen 3.2.0; other versions may also be affected.
21. mysql-lists Unspecified Cross Site Scripting Vulnerability
BugTraq ID: 30835
Remote: Yes
Last Updated: 2008-08-29
Relevant URL: http://www.securityfocus.com/bid/30835
Summary:
The 'mysql-lists' program is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.
This issue affects mysql-lists 1.2; other versions may also be affected.
22. TIBCO Hawk Multiple Remote Buffer Overflow Vulnerabilities
BugTraq ID: 30836
Remote: Yes
Last Updated: 2008-08-29
Relevant URL: http://www.securityfocus.com/bid/30836
Summary:
TIBCO Hawk is prone to multiple buffer-overflow vulnerabilities because the application fails to perform adequate boundary checks on user-supplied data.
Attackers can exploit these issues to execute arbitrary code in the context of affected applications. Failed exploit attempts will likely result in denial-of-service conditions.
The following products and components are affected:
TIBCO Hawk prior to 4.8.1
TIBCO Runtime Agent (TRA) prior to 5.6.0
TIBCO iProcess Engine 10.3.0 through 10.6.2, and 11.0.0
TIBCO Mainframe Service Tracker prior to 1.1.0
23. Intel System Management Mode Local Privilege Escalation Vulnerability
BugTraq ID: 30823
Remote: No
Last Updated: 2008-08-29
Relevant URL: http://www.securityfocus.com/bid/30823
Summary:
Intel BIOS is prone to an unspecified privilege-escalation vulnerability.
Successfully exploiting this issue will allow programs running with administrative (ring 0) privileges to modify code running in System Management Mode.
Currently very few technical details are available. We will update this BID as more information emerges.
24. Samba Group Mappings File Insecure Permissions Local Security Vulnerability
BugTraq ID: 30837
Remote: No
Last Updated: 2008-08-29
Relevant URL: http://www.securityfocus.com/bid/30837
Summary:
Samba is prone to a local security vulnerability because it sets insecure permissions for a certain configuration file.
Successfully exploiting this issue allows a local attacker to modify Samba group-mapping information and bypass certain security restrictions.
Reportedly, this issue affects Samba 3.2.0; other versions may also be affected.
25. JustSystems Ichitaro Document Handling Unspecified Code Execution Vulnerability
BugTraq ID: 30828
Remote: Yes
Last Updated: 2008-08-29
Relevant URL: http://www.securityfocus.com/bid/30828
Summary:
Ichitaro is prone to an unspecified remote code-execution vulnerability.
Attackers may exploit this issue to execute arbitrary code within the context of the vulnerable application. Failed attempts will result in a denial-of-service condition.
Ichitaro 2008 is vulnerable; other versions may also be affected.
26. Crafty Syntax Live Help Multiple SQL Injection Vulnerabilities
BugTraq ID: 30825
Remote: Yes
Last Updated: 2008-08-29
Relevant URL: http://www.securityfocus.com/bid/30825
Summary:
Crafty Syntax Live Help is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Crafty Syntax Live Help 2.14.6 is vulnerable; prior versions may also be affected.
27. Anzio Web Print Object ActiveX Control Remote Buffer Overflow Vulnerability
BugTraq ID: 30545
Remote: Yes
Last Updated: 2008-08-29
Relevant URL: http://www.securityfocus.com/bid/30545
Summary:
Anzio Web Print Object ActiveX control is prone to a heap-based buffer-overflow vulnerability.
An attacker can exploit this issue to execute arbitrary code in the context of an application using the ActiveX control (typically Internet Explorer). Failed attacks will likely cause denial-of-service conditions.
The following applications are affected:
Anzio Web Print Object 3.2.19
Anzio Web Print Object 3.2.24
Anzio Print Wizard Server Edition 3.2.19
Anzio Print Wizard Personal Edition 3.2.19
28. Debian 'linux-patch-openswan' Insecure Temporary File Creation Vulnerabilities
BugTraq ID: 30918
Remote: No
Last Updated: 2008-08-29
Relevant URL: http://www.securityfocus.com/bid/30918
Summary:
Debian 'linux-patch-openswan' creates temporary files in an insecure manner.
An attacker with local access could potentially exploit these issues to perform symbolic-link attacks, overwriting arbitrary files in the context of the affected application.
Successfully mounting a symlink attack may allow the attacker to delete or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.
Debian 'linux-patch-openswan' 2.4.12+dfsg-1.1 is vulnerable; other versions may also be affected.
29. Debian konwert-filters 'filters/any-UTF8' Insecure Temporary File Creation Vulnerability
BugTraq ID: 30914
Remote: No
Last Updated: 2008-08-29
Relevant URL: http://www.securityfocus.com/bid/30914
Summary:
Debian 'konwert-filters' creates temporary files in an insecure manner.
An attacker with local access could potentially exploit this issue to perform symbolic-link attacks, overwriting arbitrary files in the context of the affected application.
Successfully mounting a symlink attack may allow the attacker to delete or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.
Debian 'konwert-filters' 1.8-11.1 is vulnerable; other versions may also be affected.
30. Debian lustre-tests Insecure Temporary File Creation Vulnerability
BugTraq ID: 30911
Remote: No
Last Updated: 2008-08-29
Relevant URL: http://www.securityfocus.com/bid/30911
Summary:
Debian 'lustre-tests' creates temporary files in an insecure manner.
An attacker with local access could potentially exploit this issue to perform symbolic-link attacks, overwriting arbitrary files in the context of the affected application.
Successfully mounting a symlink attack may allow the attacker to delete or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.
Debian 'lustre-tests' 1.6.5 and 1.6.5.1 are vulnerable; other versions may also be affected.
31. Novell Forum Unspecified Tcl Command Injection Vulnerability
BugTraq ID: 30909
Remote: Yes
Last Updated: 2008-08-29
Relevant URL: http://www.securityfocus.com/bid/30909
Summary:
Novell Forum is prone to a command-injection vulnerability because it fails to adequately sanitize user-supplied input.
Attackers can exploit this issue to execute arbitrary commands in the context of the webserver process. Successful exploits could compromise the application and possibly the underlying system.
Novell Forum 8.0 and prior versions are affected by the issue.
32. Debian dist Insecure Temporary File Creation Vulnerabilities
BugTraq ID: 30908
Remote: No
Last Updated: 2008-08-29
Relevant URL: http://www.securityfocus.com/bid/30908
Summary:
Debian 'dist' creates temporary files in an insecure manner.
An attacker with local access could potentially exploit these issues to perform symbolic-link attacks, overwriting arbitrary files in the context of the affected application.
Successfully mounting a symlink attack may allow the attacker to delete or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.
Debian 'dist' 3.5-17-1 is vulnerable; other versions may also be affected.
33. impose+ Insecure Temporary File Creation Vulnerability
BugTraq ID: 30906
Remote: No
Last Updated: 2008-08-29
Relevant URL: http://www.securityfocus.com/bid/30906
Summary:
The 'impose+' software creates temporary files in an insecure manner.
An attacker with local access could potentially exploit this issue to perform symbolic-link attacks, overwriting arbitrary files in the context of the affected application.
Successfully mounting a symlink attack may allow the attacker to delete or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.
This issue affects impose+ 0.2; other versions may also be affected.
34. Invision Power Board Multiple Remote Security Vulnerabilities
BugTraq ID: 30921
Remote: Yes
Last Updated: 2008-08-29
Relevant URL: http://www.securityfocus.com/bid/30921
Summary:
Invision Power Board is prone to multiple remote vulnerabilities.
Attackers can exploit these issues to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation. Other attacks are also possible.
Invision Power Board 2.3.5 is vulnerable; other versions may also be affected.
35. GpsDrive Insecure Temporary File Creation Vulnerability
BugTraq ID: 30905
Remote: No
Last Updated: 2008-08-29
Relevant URL: http://www.securityfocus.com/bid/30905
Summary:
GpsDrive creates temporary files in an insecure manner.
An attacker with local access could potentially exploit this issue to perform symbolic-link attacks, overwriting arbitrary files in the context of the affected application.
Successfully mounting a symlink attack may allow the attacker to delete or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.
GpsDrive 2.10pre4 is vulnerable; other versions may also be affected.
36. NetCitadel Firewall Builder Insecure Temporary File Creation Vulnerability
BugTraq ID: 30907
Remote: No
Last Updated: 2008-08-29
Relevant URL: http://www.securityfocus.com/bid/30907
Summary:
Firewall Builder creates temporary files in an insecure manner.
An attacker with local access could potentially exploit this issue to perform symbolic-link attacks, overwriting arbitrary files in the context of the affected application.
Successfully mounting a symlink attack may allow the attacker to delete or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.
Firewall Builder 2.1.19 is vulnerable; other versions may also be affected.
37. DigitalDJ Insecure Temporary File Creation Vulnerability
BugTraq ID: 30904
Remote: No
Last Updated: 2008-08-29
Relevant URL: http://www.securityfocus.com/bid/30904
Summary:
DigitalDJ creates temporary files in an insecure manner.
An attacker with local access could potentially exploit this issue to perform symbolic-link attacks, overwriting arbitrary files in the context of the affected application.
Successfully mounting a symlink attack may allow the attacker to delete or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.
DigitalDJ 0.7.5 is vulnerable; other versions may also be affected.
38. Debian freeradius-dialupadmin Insecure Temporary File Creation Vulnerabilities
BugTraq ID: 30901
Remote: No
Last Updated: 2008-08-29
Relevant URL: http://www.securityfocus.com/bid/30901
Summary:
Debian freeradius-dialupadmin creates temporary files in an insecure manner.
An attacker with local access could potentially exploit these issues to perform symbolic-link attacks, overwriting arbitrary files in the context of the affected application.
Successfully mounting a symlink attack may allow the attacker to delete or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.
Debian freeradius-dialupadmin 2.0.4 is vulnerable; other versions may also be affected.
39. Debian Feta 'to-upgrade' Plugin Insecure Temporary File Creation Vulnerability
BugTraq ID: 30899
Remote: No
Last Updated: 2008-08-29
Relevant URL: http://www.securityfocus.com/bid/30899
Summary:
Debian Feta creates temporary files in an insecure manner.
An attacker with local access could potentially exploit this issue to perform symbolic-link attacks, overwriting arbitrary files in the context of the affected application.
Successfully mounting a symlink attack may allow the attacker to delete or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.
Debian Feta 1.4.16 is vulnerable; other versions may also be affected.
40. Debian dhis-server Insecure Temporary File Creation Vulnerability
BugTraq ID: 30900
Remote: No
Last Updated: 2008-08-29
Relevant URL: http://www.securityfocus.com/bid/30900
Summary:
Debian dhis-server creates temporary files in an insecure manner.
An attacker with local access could potentially exploit this issue to perform symbolic-link attacks, overwriting arbitrary files in the context of the affected application.
Successfully mounting a symlink attack may allow the attacker to delete or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.
Debian dhis-server 5.3 is vulnerable; other versions may also be affected.
41. Debian FML 'libexec/mead.pl' Insecure Temporary File Creation Vulnerability
BugTraq ID: 30903
Remote: No
Last Updated: 2008-08-29
Relevant URL: http://www.securityfocus.com/bid/30903
Summary:
Debian FML creates temporary files in an insecure manner.
An attacker with local access could potentially exploit this issue to perform symbolic-link attacks, overwriting arbitrary files in the context of the affected application.
Successfully mounting a symlink attack may allow the attacker to delete or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.
Debian FML 4.0.3 is vulnerable; other versions may also be affected.
42. cman 'fence_egenera' Insecure Temporary File Creation Vulnerability
BugTraq ID: 30898
Remote: No
Last Updated: 2008-08-29
Relevant URL: http://www.securityfocus.com/bid/30898
Summary:
The 'cman' program creates temporary files in an insecure manner.
An attacker with local access could potentially exploit this issue to perform symbolic-link attacks, overwriting arbitrary files in the context of the affected application.
Successfully mounting a symlink attack may allow the attacker to delete or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.
The 'cman' component of cluster2 2.03.07 is vulnerable; other versions may also be affected.
43. LibTIFF 'tif_lzw.c' Remote Integer Underflow Vulnerability
BugTraq ID: 30832
Remote: Yes
Last Updated: 2008-08-29
Relevant URL: http://www.securityfocus.com/bid/30832
Summary:
LibTIFF is prone to an integer-underflow vulnerability because it fails to bounds-check user-supplied input before copying it into an insufficiently sized memory buffer.
An attacker can exploit this issue to execute arbitrary malicious code in the context of the user running an application that uses the affected library. Failed exploit attempts will likely crash applications using the affected library.
LibTIFF 3.7.2 and 3.8.2 are vulnerable.
44. Caudium Insecure Temporary File Creation Vulnerability
BugTraq ID: 30897
Remote: No
Last Updated: 2008-08-29
Relevant URL: http://www.securityfocus.com/bid/30897
Summary:
Caudium creates temporary files in an insecure manner.
An attacker with local access could potentially exploit this issue to perform symbolic-link attacks, overwriting arbitrary files in the context of the affected application.
Successfully mounting a symlink attack may allow the attacker to delete or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.
Caudium 1.4.12 is vulnerable; other versions may also be affected.
45. Apertium Multiple Insecure Temporary File Creation Vulnerabilities
BugTraq ID: 30896
Remote: No
Last Updated: 2008-08-29
Relevant URL: http://www.securityfocus.com/bid/30896
Summary:
Apertium creates temporary files in an insecure manner.
An attacker with local access could potentially exploit these issues to perform symlink attacks, overwriting arbitrary files in the context of the affected application.
Successfully mounting a symlink attack may allow the attacker to delete or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.
Apertium 3.0.7 is vulnerable; other versions may also be affected.
46. ARB Multiple Insecure Temporary File Creation Vulnerabilities
BugTraq ID: 30895
Remote: No
Last Updated: 2008-08-29
Relevant URL: http://www.securityfocus.com/bid/30895
Summary:
ARB creates temporary files in an insecure manner.
An attacker with local access could potentially exploit these issues to perform symlink attacks, overwriting arbitrary files in the context of the affected application.
Successfully mounting a symlink attack may allow the attacker to delete or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.
ARB 0.0.20071207 is vulnerable; other versions may also be affected.
47. Crossfire crossfire-maps Insecure Temporary File Creation Vulnerability
BugTraq ID: 30893
Remote: No
Last Updated: 2008-08-29
Relevant URL: http://www.securityfocus.com/bid/30893
Summary:
Crossfire crossfire-maps creates temporary files in an insecure manner.
An attacker with local access could potentially exploit this issue to perform symbolic-link attacks, overwriting arbitrary files in the context of the affected application.
Successfully mounting a symlink attack may allow the attacker to delete or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.
Crossfire crossfire-maps 0.11.0-1 is vulnerable; other versions may also be affected.
48. Advanced Electron Forum 'username' Parameter Cross Site Scripting Vulnerability
BugTraq ID: 30894
Remote: Yes
Last Updated: 2008-08-29
Relevant URL: http://www.securityfocus.com/bid/30894
Summary:
Advanced Electron Forum (AEF) is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.
AEF 1.0.6 is vulnerable; other versions may also be affected.
49. gdrae Insecure Temporary File Creation Vulnerability
BugTraq ID: 30888
Remote: No
Last Updated: 2008-08-29
Relevant URL: http://www.securityfocus.com/bid/30888
Summary:
The 'gdrae' program creates temporary files in an insecure manner.
An attacker with local access could potentially exploit this issue to perform symbolic-link attacks, overwriting arbitrary files in the context of the affected application.
Successfully mounting a symlink attack may allow the attacker to delete or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.
This issue affects gdrae 0.1; other versions may also be affected.
50. Amanda CDRW-Taper Insecure Temporary File Creation Vulnerability
BugTraq ID: 30890
Remote: No
Last Updated: 2008-08-29
Relevant URL: http://www.securityfocus.com/bid/30890
Summary:
Amanda CDRW-Taper creates temporary files in an insecure manner.
An attacker with local access could potentially exploit this issue to perform symbolic-link attacks, overwriting arbitrary files in the context of the affected application.
Successfully mounting a symlink attack may allow the attacker to delete or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.
Amanda CDRW-Taper 0.4 is vulnerable; other versions may also be affected.
51. GNU Coreutils 'pam_succeed_if' PAM Local Authentication Bypass Vulnerability
BugTraq ID: 30363
Remote: No
Last Updated: 2008-08-29
Relevant URL: http://www.securityfocus.com/bid/30363
Summary:
GNU Coreutils is prone to a local authentication-bypass vulnerability.
A local attacker running the 'su' command can exploit this issue to gain unauthorized access to locked or expired accounts. Successfully exploiting this issue may lead to other attacks.
52. Sun Netra T5220 Server Local Denial of Service Vulnerability
BugTraq ID: 30557
Remote: No
Last Updated: 2008-08-29
Relevant URL: http://www.securityfocus.com/bid/30557
Summary:
Sun Netra T5220 Server is prone to a local denial-of-service vulnerability.
A local unprivileged attacker can exploit this issue to cause a system panic that will result in a denial-of-service condition.
This issue affects Sun Netra T5220 Server with firmware 7.1.3.
UPDATE: This issue also affects Sun SPARC Enterprise T5140 Server and T5240 Server.
53. Sun Solaris 'snoop(1M)' Utility Multiple Remote Vulnerabilities
BugTraq ID: 30556
Remote: Yes
Last Updated: 2008-08-29
Relevant URL: http://www.securityfocus.com/bid/30556
Summary:
The Solaris 'snoop(1M)' network utility is prone to multiple remote vulnerabilities:
- Multiple stack-based buffer-overflow vulnerabilities
- Multiple format-string vulnerabilities
Exploiting these issues will allow attackers to execute arbitrary code with the privileges of the 'nobody' user. Attackers may also exploit these issues to capture network traffic that is visible to the network interface. Since the 'snoop(1M)' utility handles segmentation faults, repeated exploit attempts are also possible.
These issues affect the following versions for SPARC and x86 platforms:
Solaris 10
Solaris 9
Solaris 8
OpenSolaris builds snv_01 to snv_95
54. Carmosa PHPCart Order Modification Data Integrity Vulnerability
BugTraq ID: 30887
Remote: Yes
Last Updated: 2008-08-29
Relevant URL: http://www.securityfocus.com/bid/30887
Summary:
Carmosa PHPCart is prone to a data-integrity vulnerability because it fails to sufficiently validate user-supplied input data.
An attacker may leverage this issue to modify order details during various stages of order processing.
PHPCart 4.6 is vulnerable; other versions may also be affected.
55. Friendly Technologies 'fwRemoteCfg.dll' ActiveX Control Remote Buffer Overflow Vulnerability
BugTraq ID: 30891
Remote: Yes
Last Updated: 2008-08-29
Relevant URL: http://www.securityfocus.com/bid/30891
Summary:
Friendly Technologies 'fwRemoteCfg.dll' ActiveX control is prone to a heap-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input.
An attacker can exploit this issue to execute arbitrary code in the context of an application using the affected ActiveX control (typically Internet Explorer). Failed attacks will likely cause denial-of-service conditions.
56. Friendly Technologies 'fwRemoteCfg.dll' ActiveX Control Arbitrary Command Execution Vulnerability
BugTraq ID: 30889
Remote: Yes
Last Updated: 2008-08-29
Relevant URL: http://www.securityfocus.com/bid/30889
Summary:
Friendly Technologies 'fwRemoteCfg.dll' ActiveX control is prone to a vulnerability that lets attackers execute arbitrary commands.
Successfully exploiting this issue allows remote attackers to execute arbitrary commands in the context of the application using the ActiveX control (typically Internet Explorer).
57. Microsoft Windows SeImpersonatePrivilege Local Privilege Escalation Vulnerability
BugTraq ID: 28833
Remote: No
Last Updated: 2008-08-29
Relevant URL: http://www.securityfocus.com/bid/28833
Summary:
Microsoft Windows is prone to a privilege-escalation vulnerability.
Successful exploits may allow authenticated users to elevate their privileges to LocalSystem. This facilitates the complete compromise of affected computers.
The issue affects Microsoft Windows XP Professional SP2 and all versions and editions of Windows Server 2003, Windows Vista, and Windows Server 2008.
58. Acoustica MP3 CD Burner PlayList Files Buffer Overflow Vulnerability
BugTraq ID: 24247
Remote: Yes
Last Updated: 2008-08-29
Relevant URL: http://www.securityfocus.com/bid/24247
Summary:
Acoustica MP3 CD Burner is prone to a a buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.
Successfully exploiting this issue allows remote attackers to execute arbitrary machine code in the context of the affected user. Failed exploit attempts likely result in application crashes.
59. CDcontrol Insecure Temporary File Creation Vulnerability
BugTraq ID: 30892
Remote: No
Last Updated: 2008-08-29
Relevant URL: http://www.securityfocus.com/bid/30892
Summary:
CDcontrol creates temporary files in an insecure manner.
An attacker with local access could potentially exploit this issue to perform symbolic-link attacks, overwriting arbitrary files in the context of the affected application.
Successfully mounting a symlink attack may allow the attacker to delete or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.
CDcontrol 1.90 is vulnerable; other versions may also be affected.
60. Linux Kernel TTY Operations NULL Pointer Dereference Denial of Service Vulnerabilities
BugTraq ID: 30076
Remote: No
Last Updated: 2008-08-29
Relevant URL: http://www.securityfocus.com/bid/30076
Summary:
The Linux kernel is prone to multiple local denial-of-service vulnerabilities.
Attackers can exploit these issues to crash the affected kernel, denying service to legitimate users. Given the nature of these issues, attackers may also be able to execute arbitrary code, but this has not been confirmed.
These issues affect versions prior to Linux kernel 2.6.25.10.
61. Linux Kernel UDF Denial of Service Vulnerability
BugTraq ID: 19562
Remote: No
Last Updated: 2008-08-29
Relevant URL: http://www.securityfocus.com/bid/19562
Summary:
The Linux kernel UDF file module is prone to a denial-of-service vulnerability.
An attacker can exploit this issue to crash the kernel, denying further service to legitimate users.
62. Linux Kernel 'ipip6_rcv()' Remote Denial of Service Vulnerability
BugTraq ID: 29235
Remote: Yes
Last Updated: 2008-08-29
Relevant URL: http://www.securityfocus.com/bid/29235
Summary:
The Linux Kernel is prone to a remote denial-of-service vulnerability.
An attacker can exploit this issue to crash the affected computer, denying service to legitimate users.
This issue affects the Linux Kernel 2.6.25.2; other versions may also be affected.
63. AudioLink Insecure Temporary File Creation Vulnerability
BugTraq ID: 30886
Remote: No
Last Updated: 2008-08-29
Relevant URL: http://www.securityfocus.com/bid/30886
Summary:
AudioLink creates temporary files in an insecure manner.
An attacker with local access could potentially exploit this issue to perform symbolic-link attacks, overwriting arbitrary files in the context of the affected application.
Successfully mounting a symlink attack may allow the attacker to delete or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.
AudioLink 0.05 is vulnerable; other versions may also be affected.
64. Acoustica Mixcraft '.mx4' Image File Name Buffer Overflow Vulnerability
BugTraq ID: 30879
Remote: Yes
Last Updated: 2008-08-29
Relevant URL: http://www.securityfocus.com/bid/30879
Summary:
Acoustica Mixcraft is prone to a buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.
An attacker could exploit this issue by enticing a victim to load a malicious '.mx4' file. If successful, the attacker can execute arbitrary code in the context of the affected application.
Acoustica Mixcraft 4.2 is vulnerable; other versions may also be affected.
65. Sun Solaris Kernel Covert Channel Creation Security Bypass Vulnerability
BugTraq ID: 30880
Remote: No
Last Updated: 2008-08-29
Relevant URL: http://www.securityfocus.com/bid/30880
Summary:
The Sun Solaris kernel is prone to a security-bypass vulnerability that allows two processes to establish a covert communication channel.
An attacker can exploit this issue to bypass certain security policies.
66. aview 'asciiview' Insecure Temporary File Creation Vulnerability
BugTraq ID: 30885
Remote: No
Last Updated: 2008-08-29
Relevant URL: http://www.securityfocus.com/bid/30885
Summary:
The 'aview' program creates temporary files in an insecure manner.
An attacker with local access could potentially exploit this issue to perform symbolic-link attacks, overwriting arbitrary files in the context of the affected application.
Successfully mounting a symlink attack may allow the attacker to delete or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.
This issue affects aview 1.3.0 RC1; other versions may also be affected.
67. APTonCD Insecure Temporary File Creation Vulnerability
BugTraq ID: 30882
Remote: No
Last Updated: 2008-08-29
Relevant URL: http://www.securityfocus.com/bid/30882
Summary:
APTonCD creates temporary files in an insecure manner.
An attacker with local access could potentially exploit this issue to perform symbolic-link attacks, overwriting arbitrary files in the context of the affected application.
Successfully mounting a symlink attack may allow the attacker to delete or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.
APTonCD 0.1 is vulnerable; other versions may also be affected.
68. Tiger 'genmsgidx' Insecure Temporary File Creation Vulnerability
BugTraq ID: 30876
Remote: No
Last Updated: 2008-08-29
Relevant URL: http://www.securityfocus.com/bid/30876
Summary:
Tiger creates temporary files in an insecure manner.
An attacker with local access could potentially exploit this issue to perform symbolic-link attacks, overwriting arbitrary files in the context of the affected application.
Successfully mounting a symlink attack may allow the attacker to delete or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.
Tiger 3.2.2 is vulnerable; other versions may also be affected.
69. Carmosa PHPCart 'phpcart.php' Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 30884
Remote: Yes
Last Updated: 2008-08-29
Relevant URL: http://www.securityfocus.com/bid/30884
Summary:
Carmosa PHPCart is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input data.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
PHPCart 4.6 is vulnerable; other versions may also be affected.
70. Aegis 'aegis.cgi' Insecure Temporary File Creation Vulnerability
BugTraq ID: 30883
Remote: No
Last Updated: 2008-08-29
Relevant URL: http://www.securityfocus.com/bid/30883
Summary:
Aegis creates temporary files in an insecure manner.
An attacker with local access could potentially exploit this issue to perform symbolic-link attacks, overwriting arbitrary files in the context of the affected application.
Successfully mounting a symlink attack may allow the attacker to delete or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.
Aegis 4.2.4 is vulnerable; other versions may also be affected.
71. R 'javareconf' Insecure Temporary File Creation Vulnerability
BugTraq ID: 30878
Remote: No
Last Updated: 2008-08-29
Relevant URL: http://www.securityfocus.com/bid/30878
Summary:
R creates temporary files in an insecure manner.
An attacker with local access could potentially exploit this issue to perform symbolic-link attacks, overwriting arbitrary files in the context of the affected application.
Successfully mounting a symlink attack may allow the attacker to delete or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.
R 2.7.2 is vulnerable; other versions may also be affected.
72. Citadel Insecure Temporary File Creation Vulnerability
BugTraq ID: 30877
Remote: No
Last Updated: 2008-08-29
Relevant URL: http://www.securityfocus.com/bid/30877
Summary:
Citadel creates temporary files in an insecure manner.
An attacker with local access could potentially exploit this issue to perform symbolic-link attacks, overwriting arbitrary files in the context of the affected application.
Successfully mounting a symlink attack may allow the attacker to delete or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.
Citadel 7.37 is vulnerable; other versions may also be affected.
73. Honeyd Insecure Temporary File Creation Vulnerability
BugTraq ID: 30874
Remote: No
Last Updated: 2008-08-29
Relevant URL: http://www.securityfocus.com/bid/30874
Summary:
Honeyd creates temporary files in an insecure manner.
An attacker with local access could potentially exploit this issue to perform symbolic-link attacks, overwriting arbitrary files in the context of the affected application.
Successfully mounting a symlink attack may allow the attacker to delete or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.
Honeyd 1.5c is vulnerable; other versions may also be affected.
74. Red Hat Directory Server LDAP Memory Leak Multiple Remote Denial Of Service Vulnerabilities
BugTraq ID: 30872
Remote: Yes
Last Updated: 2008-08-29
Relevant URL: http://www.securityfocus.com/bid/30872
Summary:
Red Hat Directory Server is prone to multiple remote denial-of-service vulnerabilities.
An attacker can exploit these issues to crash the server, denying access to legitimate users.
Directory Server 7.1, 8 EL4, and 8 EL5 are vulnerable.
75. Red Hat Directory Server Crafted Search Pattern Denial of Service Vulnerability
BugTraq ID: 30871
Remote: Yes
Last Updated: 2008-08-29
Relevant URL: http://www.securityfocus.com/bid/30871
Summary:
Red Hat Directory Server is prone to a denial-of-service vulnerability because the server fails to handle specially crafted search patterns.
An attacker can exploit this issue to consume CPU resources with one search request, effectively blocking additional search requests from executing. Legitimate users may be prevented from authenticating to network resources that use the affected server for authentication.
Red Hat Directory Server 7.1 and 8 are affected.
76. Red Hat Directory Server Multiple Cross Site Scripting Vulnerabilities
BugTraq ID: 30870
Remote: Yes
Last Updated: 2008-08-29
Relevant URL: http://www.securityfocus.com/bid/30870
Summary:
Red Hat Directory Server is prone to multiple cross-site scripting vulnerabilities because the application fails to sufficiently sanitize user-supplied input.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
77. OpenOffice 'rtl_allocateMemory()' Remote Code Execution Vulnerability
BugTraq ID: 30866
Remote: Yes
Last Updated: 2008-08-29
Relevant URL: http://www.securityfocus.com/bid/30866
Summary:
OpenOffice is prone to a remote code-execution vulnerability because of errors in memory allocation.
Remote attackers can exploit this issue by enticing victims into opening a maliciously crafted OpenOffice document.
Successful exploits may allow attackers to execute arbitrary code within the context of the affected application. Failed exploit attempts will likely result in a denial of service.
OpenOffice 2.41 is vulnerable; other versions may also be affected. This issue is limited to builds on 64-bit platforms.
78. Red Hat Directory Server Accept Language HTTP Headers Buffer Overflow Vulnerability
BugTraq ID: 30869
Remote: Yes
Last Updated: 2008-08-29
Relevant URL: http://www.securityfocus.com/bid/30869
Summary:
Red Hat Directory Server is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data.
Attackers could exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely cause denial-of-service conditions.
NOTE: The Administration Server of Directory Server usually runs with superuser privileges.
The following are affected:
- Red Hat Directory Server 7.1
- Versions prior to 'adminutil' 1.1.7
79. YourOwnBux 'memberstats.php' SQL Injection Vulnerability
BugTraq ID: 30868
Remote: Yes
Last Updated: 2008-08-29
Relevant URL: http://www.securityfocus.com/bid/30868
Summary:
YourOwnBux is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
YourOwnBux 3.1 and 3.2 beta are vulnerable; other versions may also be affected.
80. Mono 'System.Web' HTTP Header Injection Vulnerability
BugTraq ID: 30867
Remote: No
Last Updated: 2008-08-29
Relevant URL: http://www.securityfocus.com/bid/30867
Summary:
Mono is prone to a vulnerability that allows attackers to inject arbitrary HTTP headers because it fails to sanitize input.
By inserting arbitrary headers into an HTTP response, attackers may be able to launch cross-site request-forgery, cross-site scripting, HTTP-request-smuggling, and other attacks.
This issue affects Mono 2.0 and earlier.
81. AbleSpace 'adv_cat.php' Cross-Site Scripting Vulnerability
BugTraq ID: 30864
Remote: Yes
Last Updated: 2008-08-29
Relevant URL: http://www.securityfocus.com/bid/30864
Summary:
AbleSpace is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input data.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
This issue affects AbleSpace 1.0 and earlier.
82. Ultra Office Control 'Save()' Method Arbitrary File Overwrite Vulnerability
BugTraq ID: 30863
Remote: Yes
Last Updated: 2008-08-29
Relevant URL: http://www.securityfocus.com/bid/30863
Summary:
Ultra Office Control is prone to a vulnerability that lets attackers overwrite files with arbitrary, attacker-controlled content. The issue occurs because the control fails to sanitize user-supplied input.
Successful exploits may allow attackers to compromise affected computers.
Ultra Office Control 2.0.2008.501 is vulnerable; other versions may also be affected.
83. phpMyRealty Multiple SQL Injection Vulnerabilities
BugTraq ID: 30862
Remote: Yes
Last Updated: 2008-08-29
Relevant URL: http://www.securityfocus.com/bid/30862
Summary:
phpMyRealty is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
These issues affect phpMyRealty 1.0.7 and 1.0.9; other versions may also be affected.
84. IBM DB2 CLR Stored Procedures Deployment Unspecified Vulnerability
BugTraq ID: 30859
Remote: Yes
Last Updated: 2008-08-29
Relevant URL: http://www.securityfocus.com/bid/30859
Summary:
IBM DB2 is prone to an unspecified security vulnerability that occurs when deploying CLR stored procedures from IBM Database Add-ins for Visual Studio.
Very little is known about this issue at this time. We will update this BID as more information emerges.
Versions prior to IBM DB2 9.5 Fixpak 2 are vulnerable.
85. HP System Management Homepage (SMH) 'message.php' Cross Site Scripting Vulnerability
BugTraq ID: 30846
Remote: Yes
Last Updated: 2008-08-29
Relevant URL: http://www.securityfocus.com/bid/30846
Summary:
HP System Management Homepage (SMH) is prone to a cross-site scripting vulnerability.
Exploiting this vulnerability may allow an attacker to perform cross-site scripting attacks on unsuspecting users in the context of the affected site. As a result, the attacker may be able to steal cookie-based authentication credentials and to launch other attacks.
NOTE: This issue may stem from an incomplete fix for the issues discussed in BIDs 24256 (HP System Management Homepage (SMH) Unspecified Cross Site Scripting Vulnerability) and 25953 (HP System Management Homepage (SMH) for Linux, Windows, and HP-UX Cross Site Scripting Vulnerability), but Symantec has not confirmed this.
86. HP Enterprise Discovery Unspecified Remote Privilege Escalation Vulnerability
BugTraq ID: 30865
Remote: Yes
Last Updated: 2008-08-29
Relevant URL: http://www.securityfocus.com/bid/30865
Summary:
HP Enterprise Discovery is prone to an unspecified remote privilege-escalation vulnerability.
Remote authorized attackers can exploit this issue to gain SYSTEM-level privileges, completely compromising affected computers.
87. Ultra Office Control 'HttpUpload()' Method Buffer Overflow Vulnerability
BugTraq ID: 30861
Remote: Yes
Last Updated: 2008-08-29
Relevant URL: http://www.securityfocus.com/bid/30861
Summary:
Ultra Office Control is prone to a buffer-overflow vulnerability because the application fails to perform adequate boundary-checks on user-supplied data.
An attacker can exploit this issue to execute arbitrary code in the context of an application using the ActiveX control (typically Internet Explorer). Failed attacks will likely cause denial-of-service conditions.
Ultra Office Control 2.0.2008.501 is vulnerable; other versions may also be affected.
88. MiaCMS 'mod_socialbits.php' SQL Injection Vulnerability
BugTraq ID: 30805
Remote: Yes
Last Updated: 2008-08-29
Relevant URL: http://www.securityfocus.com/bid/30805
Summary:
MiaCMS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Versions up to and including MiaCMS 4.6.5 are vulnerable.
89. Sharity Unspecified Security Vulnerability
BugTraq ID: 30860
Remote: Yes
Last Updated: 2008-08-29
Relevant URL: http://www.securityfocus.com/bid/30860
Summary:
Sharity is prone an unspecified vulnerability.
Very few details are available regarding this issue. We will update this BID as more information emerges.
This issue affects Sharity 3.0 to 3.4.
90. BitlBee Unspecified Security Bypass Vulnerability
BugTraq ID: 30858
Remote: Yes
Last Updated: 2008-08-29
Relevant URL: http://www.securityfocus.com/bid/30858
Summary:
BitlBee is prone to an unspecified security-bypass vulnerability.
Successfully exploiting this issue may allow attackers to recreate or hijack user accounts on the system. Gaining access to these accounts may aid in further attacks.
Versions prior to BitlBee 1.2.2 are vulnerable.
91. Kyocera Mita Scanner File Utility File Transfer Directory Traversal Vulnerability
BugTraq ID: 30855
Remote: Yes
Last Updated: 2008-08-29
Relevant URL: http://www.securityfocus.com/bid/30855
Summary:
Kyocera Mita Scanner File Utility is prone to a directory-traversal vulnerability because it fails to adequately sanitize user-supplied input.
Attackers can exploit this issue to create and overwrite arbitrary files on the affected computer.
Kyocera Mita Scanner File Utility 3.3.0.1 is vulnerable; other versions may also be affected.
92. Sun Solaris NFS RPC Local Denial of Service Vulnerability
BugTraq ID: 30853
Remote: No
Last Updated: 2008-08-29
Relevant URL: http://www.securityfocus.com/bid/30853
Summary:
Sun Solaris is prone to a local denial-of-service vulnerability.
A local privileged attacker can exploit this issue to intercept and corrupt traffic destined for other nonglobal zones on the system.
93. iFdate 'members_search.php' SQL Injection Vulnerability
BugTraq ID: 30850
Remote: Yes
Last Updated: 2008-08-29
Relevant URL: http://www.securityfocus.com/bid/30850
Summary:
iFdate is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
94. ZoneMinder Multiple Input Validation Security Vulnerabilities
BugTraq ID: 30843
Remote: Yes
Last Updated: 2008-08-29
Relevant URL: http://www.securityfocus.com/bid/30843
Summary:
ZoneMinder is prone to multiple input-validation vulnerabilities because it fails to adequately sanitize user-supplied input. These vulnerabilities include cross-site scripting, SQL-injection, and command-injection issues.
Exploiting these issues can allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. Other attacks may also be possible.
ZoneMinder 1.23.3 is vulnerable; other versions may also be affected.
95. Pidgin 'msn_slplink_process_msg()' Multiple Integer Overflow Vulnerabilities
BugTraq ID: 29956
Remote: Yes
Last Updated: 2008-08-29
Relevant URL: http://www.securityfocus.com/bid/29956
Summary:
Pidgin is prone to multiple integer-overflow vulnerabilities because it fails to perform adequate boundary checks on user-supplied data.
Successful exploits may allow attackers to execute arbitrary code with the privileges of a user running the software. Failed exploit attempts likely cause denial-of-service conditions.
Versions prior to Pidgin 2.4.3 are vulnerable.
96. K-Rate Multiple Input Validation Vulnerabilities
BugTraq ID: 30842
Remote: Yes
Last Updated: 2008-08-29
Relevant URL: http://www.securityfocus.com/bid/30842
Summary:
K-Rate is prone to multiple input-validation vulnerabilities:
- SQL-injection issues
- Cross-site scripting issues
- HTML-injection issues
Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
97. Simple PHP Blog 0.5.0 Multiple Remote Vulnerabilities
BugTraq ID: 30857
Remote: Yes
Last Updated: 2008-08-29
Relevant URL: http://www.securityfocus.com/bid/30857
Summary:
Simple PHP Blog is prone to multiple remote vulnerabilities:
- An information-disclosure vulnerability
- A PHP code-execution vulnerability
Attackers can exploit these issues to obtain sensitive information or execute arbitrary PHP code within the context of the webserver process.
Simple PHP Blog 0.5.0 is vulnerable; other versions may also be affected.
98. HP OpenVMS 'SMGSHR.EXE' Local Buffer Overflow Vulnerability
BugTraq ID: 30840
Remote: No
Last Updated: 2008-08-29
Relevant URL: http://www.securityfocus.com/bid/30840
Summary:
HP OpenVMS is prone to a local buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input.
Attackers can exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will result in a denial of service.
99. AWStats Totals 'sort' Parameter Remote Command Execution Vulnerabilities
BugTraq ID: 30856
Remote: Yes
Last Updated: 2008-08-29
Relevant URL: http://www.securityfocus.com/bid/30856
Summary:
AWStats Totals is prone to a vulnerability that attackers can leverage to execute arbitrary commands. These issues occur because the application fails to adequately sanitize user-supplied input.
Successful attacks can compromise the affected application and possibly the underlying computer.
This issue affects AWStats Totals 1.14 and earlier versions.
100. CMME Multiple Remote Security Vulnerabilities
BugTraq ID: 30854
Remote: Yes
Last Updated: 2008-08-29
Relevant URL: http://www.securityfocus.com/bid/30854
Summary:
CMME (Content Management Made Easy) is prone to multiple remote vulnerabilities.
An attacker may leverage these issues to obtain potentially sensitive information, to create arbitrary directories within the web root, and to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
CMME 1.12 is vulnerable; other versions may also be affected.
III. SECURITYFOCUS NEWS ARTICLES
--------------------------------
1. Online intruders hit Red Hat, Fedora Project
By: Robert Lemos
A leading Linux company and its open-source distribution acknowledge that attackers breached several systems, including one that manages the Fedora signing process.
http://www.securityfocus.com/news/11532
2. Researchers race to zero in record time
By: Robert Lemos
On the first day, three teams of security professional finished the Race to Zero contest, successfully modifying nine well-known viruses and exploits to escape detection by major antivirus engines.
http://www.securityfocus.com/news/11531
3. Gov't charges alleged TJX credit-card thieves
By: Robert Lemos
U.S. prosecutors charge eleven people with taking part in an identity-theft ring that stole millions of credit-card accounts from major retailers, among them TJX Companies.
http://www.securityfocus.com/news/11530
4. Poisoned DNS servers pop up as ISPs patch
By: Robert Lemos
An online attacker poisons at least one domain-name server at a major Internet service provider to send Google lookups to a pay-per-click ad network.
http://www.securityfocus.com/news/11529
IV. SECURITY JOBS LIST SUMMARY
-------------------------------
1. [SJ-JOB] Management, Woburn
http://www.securityfocus.com/archive/77/495767
2. [SJ-JOB] Technical Support Engineer, Sunnyvale
http://www.securityfocus.com/archive/77/495768
3. [SJ-JOB] Manager, Information Security, Multiple
http://www.securityfocus.com/archive/77/495759
4. [SJ-JOB] Technical Support Engineer, St. Paul
http://www.securityfocus.com/archive/77/495755
5. [SJ-JOB] Sr. Security Analyst, Chantilly
http://www.securityfocus.com/archive/77/495756
6. [SJ-JOB] Customer Support, Columbia
http://www.securityfocus.com/archive/77/495762
7. [SJ-JOB] Sales Engineer, Hartford
http://www.securityfocus.com/archive/77/495763
8. [SJ-JOB] Sales Engineer, LA/Orange County
http://www.securityfocus.com/archive/77/495752
9. [SJ-JOB] Sales Engineer, Providence
http://www.securityfocus.com/archive/77/495753
10. [SJ-JOB] Sr. Security Analyst, Washington
http://www.securityfocus.com/archive/77/495754
11. [SJ-JOB] Sr. Security Analyst, Washington
http://www.securityfocus.com/archive/77/495758
12. [SJ-JOB] Sr. Security Engineer, Cavite
http://www.securityfocus.com/archive/77/495760
V. INCIDENTS LIST SUMMARY
---------------------------
VI. VULN-DEV RESEARCH LIST SUMMARY
-----------------------------------
VII. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. SecurityFocus Microsoft Newsletter #408
http://www.securityfocus.com/archive/88/495736
VIII. SUN FOCUS LIST SUMMARY
----------------------------
IX. LINUX FOCUS LIST SUMMARY
----------------------------
1. PacSec 2008 CFP (Deadline Sept. 1, Conference Nov. 12/13) and BA-Con 2008 Speakers (Sept. 30/ Oct. 1)
http://www.securityfocus.com/archive/91/495774
X. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to sf-news-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.
If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.
XI. SPONSOR INFORMATION
------------------------
This issue is sponsored by Sponsored by Qualys
On-Demand Vulnerability Management
Learn how to start your own self-auditing process by setting goals and answering key questions about your infrastructure. This podcast examines what to look for in a self-audition solution, how to use vulnerability management to ease the pain and why your software solution really matters.
http://whitepapers.securityfocus.com/option,com_categoryreport/task,viewabstract/title,675/id,/vid,36/cat,/pathway,no/srcid,189/
