News

Loading...

Thursday, October 09, 2008

SecurityFocus Newsletter #474

SecurityFocus Newsletter #474
----------------------------------------

This issue is Sponsored by IBM® Rational® AppScan

Failure to properly secure Web applications significantly impacts your ability to protect sensitive client and corporate data. IBM Rational AppScan is an automated scanner that monitors, identifies and helps remediate vulnerabilities. Download a free trial of AppScan and see how it can help prevent against the threat of attack.
https://www.watchfire.com/securearea/appscan.aspx?id=701700000009T0r


SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1.The Vice of Vice Presidential E-Mail
2.Blaming the Good Samaritan
II. BUGTRAQ SUMMARY
1. Graphviz Graph Parser Remote Stack Buffer Overflow Vulnerability
2. Cisco Unity Remote Administration Authentication Bypass Vulnerability
3. IBM Quickr Denial of Service and Security Bypass Vulnerabilities
4. Lighttpd 'mod_userdir' Case Sensitive Comparison Security Bypass Vulnerability
5. Lighttpd URI Rewrite/Redirect Information Disclosure Vulnerability
6. MetaGauge Web Server Directory Traversal Vulnerability
7. PHP Web Explorer Multiple Local File Include Vulnerabilities
8. Simple Machines Forum HTTP POST Request Filter Security Bypass Vulnerability
9. Apple Mail S/MIME Draft Message Encryption Weakness
10. Galerie 'pic' Parameter SQL Injection Vulnerability
11. OpenNMS HTTP Response Splitting Vulnerability
12. AmpJuke 'index.php' SQL Injection Vulnerability
13. Nucleus CMS EUC-JP Cross-Site Scripting Vulnerability
14. Phorum Image Tag HTML Injection Vulnerability
15. MediaWiki 'useskin' Cross-Site Scripting Vulnerability
16. Multiple Vendors IPv6 Neighbor Discovery Protocol Implementation Address Spoofing Vulnerability
17. PHP Multiple Buffer Overflow Vulnerabilities
18. Squid Web Proxy Cache 'arrayShrink()' Remote Denial of Service Vulnerability
19. FOSS Gallery Arbitrary File Upload Vulnerability
20. AyeView GIF Image Handling Denial of Service Vulnerability
21. Dovecot ACL Plugin Multiple Security Bypass Vulnerabilities
22. geccBBlite 'leggi.php' Parameter SQL Injection Vulnerability
23. K9 Web Protection Authentication Bypass Vulnerabilities
24. phpAbook Cookie Local File Include Vulnerability
25. Lighttpd Duplicate Request Header Denial of Service Vulnerability
26. iFoto Index.PHP Directory Traversal Vulnerability
27. Opera Cached Java Applet Security Bypass Vulnerability
28. Opera Web Browser URI Redirection Remote Code Execution Vulnerability
29. Avaya Communication Manager Web Administration Multiple Security Vulnerabilities
30. WikyBlog Multiple Cross-Site Scripting Vulnerabilities
31. GIMP RAS File Buffer Overflow Vulnerability
32. GIMP PSD File Integer Overflow Vulnerability
33. LibTIFF 'tif_lzw.c' Remote Buffer Underflow Vulnerability
34. Mozilla SeaMonkey/Thunderbird Newsgroup Cancel Message Handling Buffer Overflow Vulnerability
35. Debian mon 'alert.d/test.alert' Insecure Temporary File Creation Vulnerability
36. Wireshark 1.0.0 Multiple Vulnerabilities
37. Wireshark 1.0.2 Multiple Vulnerabilities
38. Wireshark 0.99.8 Multiple Denial of Service Vulnerabilities
39. Wireshark 0.99.7 Multiple Denial of Service Vulnerabilities
40. Wireshark 1.0.1 Denial of Service Vulnerability
41. Novell eDirectory Multiple Buffer Overflow Vulnerabilities
42. Microsoft Windows SeImpersonatePrivilege Local Privilege Escalation Vulnerability
43. RETIRED: Adobe Flash Player Unspecified Clickjacking Vulnerability
44. Cisco Unity 7.0 Multiple Remote Vulnerabilities
45. Mozilla Firefox/SeaMonkey UTF-8 Stack-Based Buffer Overflow Vulnerability
46. Mozilla Firefox/SeaMonkey/Thunderbird Multiple Remote Vulnerabilities
47. KDE PCX Image File Handling Buffer Overflow Vulnerability
48. Nortel Networks Multimedia Communications Server Authentication Bypass Vulnerability
49. Avaya Communication Manager Web Server Configuration Unauthorized Access Vulnerability
50. Linux Kernel SCTP INIT-ACK AUTH Extension Remote Denial of Service Vulnerability
51. Avaya one-X Desktop Edition SIP Remote Denial Of Service Vulnerability
52. Avaya IP Softphone Remote Denial Of Service Vulnerability
53. Built2Go Real Estate Listings 'event_detail.php' SQL Injection Vulnerability
54. Nortel MCS 5100 UFTP Multiple Denial of Service Vulnerabilities
55. GEAR Software CD DVD Filter Driver 'GEARAspiWDM.sys' Local Privilege Escalation Vulnerability
56. Hero DVD Player '.m3u' File Buffer Overflow Vulnerability
57. PC Tools Spyware Doctor Unspecified Denial of Service Vulnerability
58. TorrentTrader Classic Edition 'completed-advance.php' SQL Injection Vulnerability
59. Microsoft PicturePusher 'PipPPush.dll' ActiveX Control Arbitrary File Download Vulnerability
60. YourOwnBux 'usNick' Cookie Parameter SQL Injection Vulnerability
61. Select Development Solutions Multiple Products 'view_cat.php' SQL Injection Vulnerability
62. PHP Auto's 'searchresults.php' SQL Injection Vulnerability
63. Condor Prior to 7.0.5 Multiple Security Vulnerabilities
64. Debian freeradius-dialupadmin Insecure Temporary File Creation Vulnerabilities
65. Linux Kernel UBIFS Orphan Inode Local Denial of Service Vulnerability
66. Linux kernel NFSv4 ACL Buffer Overflow Vulnerability
67. Linux Kernel 'iov_iter_advance()' Page Fault Local Denial of Service Vulnerability
68. Linux Kernel 'shmem_delete_inode()' Local Denial of Service Vulnerability
69. Linux Kernel 'sctp_setsockopt_auth_key()' Remote Denial of Service Vulnerability
70. Linux Kernel 'dccp_setsockopt_change()' Remote Denial of Service Vulnerability
71. Drupal Multiple Modules Security Bypass Vulnerabilities
72. Drupal SIOC Module Security Bypass Vulnerability
73. Drupal EveryBlog Module Multiple Unspecified Vulnerabilities
74. WebBiscuits Modules Controller Multiple Local and Remote File Include Vulnerabilities
75. HispaH Text Link ADS 'index.php' SQL Injection Vulnerability
76. Brain Book Software AdMan 'editCampaign.php' SQL Injection Vulnerability
77. DFFFrameworkAPI 'DFF_config[dir_include]' Parameter Multiple Remote File Include Vulnerabilities
78. Linux Kernel 'snd_seq_oss_synth_make_info()' Information Disclosure Vulnerability
79. Linux Kernel 'SCTP' Module Multiple vulnerabilities
80. Yerba SACphp 6.3 Multliple Remote Vulnerabilities
81. PHP FastCGI Module File Extension Denial Of Service Vulnerabilities
82. Atarone Version 1.2.0 Multiple Input Validation Vulnerabilities
83. Skype Toolbars Extension for Firefox BETA Clipboard Security Weakness
84. OpenX 'bannerid' SQL Injection Vulnerability
85. Mercurial hgweb 'allowpull' Information Disclosure Vulnerability
86. Portable OpenSSH GSSAPI Remote Code Execution Vulnerability
87. WordNet Multiple Buffer Overflow Vulnerabilities
88. WordNet Multiple Buffer Overflow Vulnerabilities
89. GraphicsMagick Multiple Denial Of Service Vulnerabilities
90. Mozilla Firefox Internet Shortcut Same Origin Policy Violation Vulnerability
91. HP-UX NFS/ONCplus Unspecified Remote Denial Of Service Vulnerability
92. KDE Konqueror Font Color Assertion Denial of Service Vulnerability
93. Yerba 'mod' Local File Include Vulnerability
94. iseemedia 'LPControl.dll' LPViewer ActiveX Control Multiple Buffer Overflow Vulnerabilities
95. Internet Download Manager File Parsing Buffer Overflow Vulnerability
96. D-Bus 'dbus_signature_validate()' Type Signature Denial of Service Vulnerability
97. asiCMS '_ENV[asicms][path]' Parameter Multiple Remote File Include Vulnerabilities
98. Dovecot 'Tab' Character Password Check Security Bypass Vulnerability
99. Dovecot Authentication Cache Security Bypass Vulnerability
100. Dovecot 'mail_extra_groups' Insecure Settings Local Unauthorized Access Vulnerability
III. SECURITYFOCUS NEWS
1. Researchers weigh "clickjacking" threat
2. Security of Google's browser gets mixed marks
3. Online intruders hit Red Hat, Fedora Project
4. Researchers race to zero in record time
IV. SECURITY JOBS LIST SUMMARY
1. [SJ-JOB] Sales Representative, Linthicum
2. [SJ-JOB] Software Engineer, Alpharetta
3. [SJ-JOB] Security Engineer, Cupertino
4. [SJ-JOB] Sales Representative, Mississauga
V. INCIDENTS LIST SUMMARY
VI. VULN-DEV RESEARCH LIST SUMMARY
VII. MICROSOFT FOCUS LIST SUMMARY
1. SecurityFocus Microsoft Newsletter #414
VIII. SUN FOCUS LIST SUMMARY
IX. LINUX FOCUS LIST SUMMARY
X. UNSUBSCRIBE INSTRUCTIONS
XI. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1.The Vice of Vice Presidential E-Mail
By Mark Rasch
Seems like a simple question, but the law is not so clear. In mid-September 2008, a hacker using the handle "Rubico" claim credit for breaking into the Yahoo! e-mail account of Governor Sarah Palin, the Republican Vice Presidential candidate. In a post online, Rubico wrote that he had been following news reports that claimed Palin had been using her personal Yahoo e-mail account for official government business.
http://www.securityfocus.com/columnists/482

2.Blaming the Good Samaritan
By Houston Carr
In the early 90's, I attended an academic conference in Hawaii. At one presentation, a colleague from the University of California at Berkeley whom I'll refer to as "the supervisor," told a story of young hackers, who he referred to as the Urchins
http://www.securityfocus.com/columnists/481


II. BUGTRAQ SUMMARY
--------------------
1. Graphviz Graph Parser Remote Stack Buffer Overflow Vulnerability
BugTraq ID: 31648
Remote: Yes
Last Updated: 2008-10-09
Relevant URL: http://www.securityfocus.com/bid/31648
Summary:
Graphviz is prone to a remote stack-based buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied input.

Attackers can leverage this issue to execute arbitrary code in the context of an application. Successful exploits will compromise the application and possibly the underlying computer. Failed attacks will cause denial-of-service conditions.

Graphviz 2.20.2 is vulnerable; other versions may also be affected.

2. Cisco Unity Remote Administration Authentication Bypass Vulnerability
BugTraq ID: 31638
Remote: Yes
Last Updated: 2008-10-09
Relevant URL: http://www.securityfocus.com/bid/31638
Summary:
Cisco Unity is prone to an authentication-bypass vulnerability.

Exploiting this issue can allow remote attackers to gain unauthorized administrative privileges. This issue is being tracked by Cisco Bug ID CSCsr86943.

Versions prior to the following are vulnerable:

Cisco Unity 4.0 ES161 for the 4.x release
Cisco Unity 5.0 ES53 for the 5.x release
Cisco Unity 7.0 ES8 for the 7.x release

3. IBM Quickr Denial of Service and Security Bypass Vulnerabilities
BugTraq ID: 31608
Remote: Yes
Last Updated: 2008-10-07
Relevant URL: http://www.securityfocus.com/bid/31608
Summary:
IBM Quickr is prone to a denial-of-service vulnerability and security-bypass vulnerabilities.

Exploiting these issues can allow attackers to delete pages created by different authors, demote or delete 'place superuser' groups, or crash the affected application, resulting in denial-of-service conditions.

Versions prior to IBM Quickr 8.1.0.1 are vulnerable.

4. Lighttpd 'mod_userdir' Case Sensitive Comparison Security Bypass Vulnerability
BugTraq ID: 31600
Remote: Yes
Last Updated: 2008-10-07
Relevant URL: http://www.securityfocus.com/bid/31600
Summary:
The 'lighttpd' program is prone to a security-bypass vulnerability that occurs in the 'mod_userdir' module.

Attackers can exploit this issue to bypass certain security restrictions and obtain sensitive information. This may lead to other attacks.

Versions prior to 'lighttpd' 1.4.20 are vulnerable.

5. Lighttpd URI Rewrite/Redirect Information Disclosure Vulnerability
BugTraq ID: 31599
Remote: Yes
Last Updated: 2008-10-07
Relevant URL: http://www.securityfocus.com/bid/31599
Summary:
Lighttpd is prone to an information-disclosure vulnerability because it performs redirect operations on URIs before decoding them.

Attackers can exploit this issue to bypass expected filters or rewrite rules and may gain unauthorized access to certain resources. Other attacks may also be possible.

Versions prior to Lighttpd 1.4.20 are vulnerable.

6. MetaGauge Web Server Directory Traversal Vulnerability
BugTraq ID: 31596
Remote: Yes
Last Updated: 2008-10-07
Relevant URL: http://www.securityfocus.com/bid/31596
Summary:
MetaGauge is prone to a directory-traversal vulnerability because the application fails to sufficiently sanitize user-supplied input.

Exploiting this issue will allow an attacker to view arbitrary local files within the context of the webserver. Information harvested may aid in launching further attacks.

Versions prior to MetaGauge 1.0.3.38 are vulnerable.

7. PHP Web Explorer Multiple Local File Include Vulnerabilities
BugTraq ID: 31595
Remote: Yes
Last Updated: 2008-10-07
Relevant URL: http://www.securityfocus.com/bid/31595
Summary:
PHP Web Explorer is prone to multiple local file-include vulnerabilities because it fails to properly sanitize user-supplied input.

An attacker can exploit these vulnerabilities using directory-traversal strings to view local files and execute local scripts within the context of the webserver process. A successful attack can allow the attacker to obtain sensitive information or gain unauthorized access to an affected computer in the context of the vulnerable server.

PHP Web Explorer 0.99b is vulnerable; other versions may also be affected.

8. Simple Machines Forum HTTP POST Request Filter Security Bypass Vulnerability
BugTraq ID: 31594
Remote: Yes
Last Updated: 2008-10-07
Relevant URL: http://www.securityfocus.com/bid/31594
Summary:
Simple Machines Forum (SMF) is prone to a security-bypass vulnerability because the application fails to sufficiently sanitize user-supplied input.

Attackers can exploit this issue to bypass filter restrictions and post spam content onto the affected site. Other attacks are also possible.

SMF 1.1.6 is vulnerable; other versions may also be affected.

9. Apple Mail S/MIME Draft Message Encryption Weakness
BugTraq ID: 31598
Remote: Yes
Last Updated: 2008-10-07
Relevant URL: http://www.securityfocus.com/bid/31598
Summary:
Apple Mail is prone to a weakness in its implementation of S/MIME encryption. An attacker with access to an IMAP or Exchange email server may be able to take advantage of this issue to obtain sensitive information.

Mail 3.5 (929.4/929.2) is vulnerable; other versions may also be affected.

10. Galerie 'pic' Parameter SQL Injection Vulnerability
BugTraq ID: 31593
Remote: Yes
Last Updated: 2008-10-07
Relevant URL: http://www.securityfocus.com/bid/31593
Summary:
Galerie is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Galerie 3.2 is vulnerable; other versions may also be affected.

11. OpenNMS HTTP Response Splitting Vulnerability
BugTraq ID: 31577
Remote: Yes
Last Updated: 2008-10-07
Relevant URL: http://www.securityfocus.com/bid/31577
Summary:
OpenNMS is prone to an HTTP response-splitting vulnerability because it fails to sufficiently sanitize user-supplied data.

Attackers can leverage this issue to influence or misrepresent how web content is served, cached, or interpreted. This could aid in various attacks that try to entice client users into a false sense of trust.

Versions prior to OpenNMS 1.5.94 are vulnerable.

12. AmpJuke 'index.php' SQL Injection Vulnerability
BugTraq ID: 31592
Remote: Yes
Last Updated: 2008-10-07
Relevant URL: http://www.securityfocus.com/bid/31592
Summary:
AmpJuke is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

AmpJuke 0.7.5 is vulnerable; other versions may also be affected.

13. Nucleus CMS EUC-JP Cross-Site Scripting Vulnerability
BugTraq ID: 31590
Remote: Yes
Last Updated: 2008-10-07
Relevant URL: http://www.securityfocus.com/bid/31590
Summary:
Nucleus CMS is prone to an unspecified cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

The issue affects Nucleus 3.31 SP1 EUC-JP. The English versions and Nucleus UTF-8 Japanese Edition are not affected.

NOTE: Reports indicate that this issue occurs only when using Internet Explorer.

14. Phorum Image Tag HTML Injection Vulnerability
BugTraq ID: 31589
Remote: Yes
Last Updated: 2008-10-07
Relevant URL: http://www.securityfocus.com/bid/31589
Summary:
Phorum is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input.

Attacker-supplied HTML and script code would execute in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user; other attacks are also possible.

Phorum 5.2.8 is vulnerable; other versions may also be affected.

15. MediaWiki 'useskin' Cross-Site Scripting Vulnerability
BugTraq ID: 31540
Remote: Yes
Last Updated: 2008-10-07
Relevant URL: http://www.securityfocus.com/bid/31540
Summary:
MediaWiki is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

16. Multiple Vendors IPv6 Neighbor Discovery Protocol Implementation Address Spoofing Vulnerability
BugTraq ID: 31529
Remote: Yes
Last Updated: 2008-10-07
Relevant URL: http://www.securityfocus.com/bid/31529
Summary:
Multiple vendors' IPv6 Neighbor Discovery Protocol (NDP) implementations are prone to a security vulnerability.

Exploiting the issue may allow attackers to intercept network traffic, perform man-in-the-middle attacks, or cause congested links to become overloaded.

17. PHP Multiple Buffer Overflow Vulnerabilities
BugTraq ID: 30649
Remote: Yes
Last Updated: 2008-10-07
Relevant URL: http://www.securityfocus.com/bid/30649
Summary:
PHP is prone to multiple buffer-overflow vulnerabilities.

Successful exploits may allow attackers to execute arbitrary code in the context of applications using the vulnerable PHP functions. This may result in a compromise of the underlying system. Failed attempts may lead to a denial-of-service condition.

Versions prior to PHP 4.4.9 are vulnerable.

18. Squid Web Proxy Cache 'arrayShrink()' Remote Denial of Service Vulnerability
BugTraq ID: 28693
Remote: Yes
Last Updated: 2008-10-07
Relevant URL: http://www.securityfocus.com/bid/28693
Summary:
Squid is prone to a remote denial-of-service vulnerability because of a flaw when processing HTTP headers for cached objects.

Successfully exploiting this issue allows remote attackers to crash the affected application, denying further service to legitimate users.

NOTE: This vulnerability was caused by an incorrect fix for the issue described in BID 26687 (Squid Proxy Cache Update Reply Processing Remote Denial of Service Vulnerability; CVE-2007-6239).

This issue affects Squid 2.6 prior to 2.6.STABLE18.

19. FOSS Gallery Arbitrary File Upload Vulnerability
BugTraq ID: 31574
Remote: Yes
Last Updated: 2008-10-06
Relevant URL: http://www.securityfocus.com/bid/31574
Summary:
FOSS Gallery is prone to a vulnerability that lets remote attackers upload and execute arbitrary script code on an affected computer with the privileges of the webserver process. The issue occurs because the application fails to enforce authentication and to check file extensions in a proper manner.

FOSS Gallery 1.0 and prior are vulnerable. Both Admin and Public versions are affected.

20. AyeView GIF Image Handling Denial of Service Vulnerability
BugTraq ID: 31572
Remote: Yes
Last Updated: 2008-10-06
Relevant URL: http://www.securityfocus.com/bid/31572
Summary:
AyeView is prone to a remote denial-of-service vulnerability.

Successful exploits can allow attackers to crash the affected application, resulting in denial-of-service conditions.

AyeView 2.20 is vulnerable; other versions may also be affected.

21. Dovecot ACL Plugin Multiple Security Bypass Vulnerabilities
BugTraq ID: 31587
Remote: Yes
Last Updated: 2008-10-06
Relevant URL: http://www.securityfocus.com/bid/31587
Summary:
Dovecot is prone to multiple security-bypass vulnerabilities affecting the ACL plugin.

Attackers can exploit these issues to bypass certain mailbox restrictions and obtain potentially sensitive data; other attacks are also possible.

These issues affect versions prior to Dovecot 1.1.4.

22. geccBBlite 'leggi.php' Parameter SQL Injection Vulnerability
BugTraq ID: 31585
Remote: Yes
Last Updated: 2008-10-06
Relevant URL: http://www.securityfocus.com/bid/31585
Summary:
geccBBlite is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

geccBBlite 2.0 is vulnerable; other versions may also be affected.

23. K9 Web Protection Authentication Bypass Vulnerabilities
BugTraq ID: 31584
Remote: No
Last Updated: 2008-10-06
Relevant URL: http://www.securityfocus.com/bid/31584
Summary:
K9 Web Protection is prone to multiple authentication-bypass vulnerabilities.

An attacker can exploit these issues to gain unauthorized access to the affected application; other attacks are also possible.

K9 Web Protection 4.0.230 Beta is vulnerable; other versions may also be affected.

24. phpAbook Cookie Local File Include Vulnerability
BugTraq ID: 31581
Remote: Yes
Last Updated: 2008-10-06
Relevant URL: http://www.securityfocus.com/bid/31581
Summary:
phpAbook is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.

An attacker can exploit this vulnerability to access potentially sensitive information and execute arbitrary scripts or PHP code in the context of the webserver process. This may allow the attacker to compromise the application and the underlying computer; other attacks are also possible.

Versions up to and including phpAbook 0.8.8b are vulnerable.

25. Lighttpd Duplicate Request Header Denial of Service Vulnerability
BugTraq ID: 31434
Remote: Yes
Last Updated: 2008-10-06
Relevant URL: http://www.securityfocus.com/bid/31434
Summary:
The 'lighttpd' program is prone to a remote denial-of-service vulnerability because it fails to handle exceptional conditions.

Successfully exploiting this issue will allow attackers to cause the affected computer to leak memory, eventually denying service to legitimate users.

Versions prior to lighttpd 1.4.20 are vulnerable.

26. iFoto Index.PHP Directory Traversal Vulnerability
BugTraq ID: 25065
Remote: Yes
Last Updated: 2008-10-06
Relevant URL: http://www.securityfocus.com/bid/25065
Summary:
iFoto is prone to a directory-traversal vulnerability because it fails to properly sanitize user-supplied input.

A remote attacker can exploit this issue to view the directory structure of the affected computer within the context of the webserver.

This issue affects iFoto 1.0; other versions may also be affected.

27. Opera Cached Java Applet Security Bypass Vulnerability
BugTraq ID: 31643
Remote: Yes
Last Updated: 2008-10-09
Relevant URL: http://www.securityfocus.com/bid/31643
Summary:
Opera is prone to a security bypass vulnerability that may allow attackers to execute a cached Java applet with elevated privileges.

Versions prior to Opera 9.60 are vulnerable.

NOTE: This issue was previously covered in BID 31631 (Opera Web Browser Remote Code Execution And Security Bypass Vulnerabilities), but has been assigned its own BID to better document it.

28. Opera Web Browser URI Redirection Remote Code Execution Vulnerability
BugTraq ID: 31631
Remote: Yes
Last Updated: 2008-10-09
Relevant URL: http://www.securityfocus.com/bid/31631
Summary:
Opera Web Browser is prone to a remote code-execution vulnerability.

Successfully exploiting this issue will allow attackers to execute arbitrary code within the context of the affected application or cause a denial-of-service condition.

NOTE: The security-bypass issue has been reassigned to BID 31643 (Opera Cached Java Applet Privilege Escalation Vulnerability).

Versions prior to Opera 9.60 are vulnerable.

29. Avaya Communication Manager Web Administration Multiple Security Vulnerabilities
BugTraq ID: 31645
Remote: Yes
Last Updated: 2008-10-09
Relevant URL: http://www.securityfocus.com/bid/31645
Summary:
Avaya Communication Manager is prone to multiple remote security vulnerabilities because it fails to adequately sanitize user-supplied input. These issues include a command-injection issue and a privilege-escalation issue.

Remote attackers can exploit these issues to execute arbitrary code with elevated privileges. Successful exploits can result in the complete compromise of affected computers.

30. WikyBlog Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 31525
Remote: Yes
Last Updated: 2008-10-09
Relevant URL: http://www.securityfocus.com/bid/31525
Summary:
WikyBlog is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

WikyBlog 1.7.1 is vulnerable; other versions may also be affected.

31. GIMP RAS File Buffer Overflow Vulnerability
BugTraq ID: 23680
Remote: Yes
Last Updated: 2008-10-09
Relevant URL: http://www.securityfocus.com/bid/23680
Summary:
GIMP is prone to a buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input data before copying it to an insufficiently sized memory buffer.

Successful exploits of this vulnerability allow remote attackers to execute arbitrary machine code in the context of the affected application.

GIMP 2.2.14 is vulnerable to this issue; other versions may also be affected.

32. GIMP PSD File Integer Overflow Vulnerability
BugTraq ID: 24745
Remote: Yes
Last Updated: 2008-10-09
Relevant URL: http://www.securityfocus.com/bid/24745
Summary:
GIMP is prone to an integer-overflow vulnerability because it fails to properly bounds-check user-supplied input data before copying it to an insufficiently sized memory buffer.

Successful exploits of this vulnerability allow remote attackers to execute arbitrary machine code in the context of the affected application.

GIMP 2.2.15 is vulnerable to this issue; other versions may also be affected.

33. LibTIFF 'tif_lzw.c' Remote Buffer Underflow Vulnerability
BugTraq ID: 30832
Remote: Yes
Last Updated: 2008-10-09
Relevant URL: http://www.securityfocus.com/bid/30832
Summary:
LibTIFF is prone to a remote buffer-underflow vulnerability because it fails to perform adequate boundary checks on user-supplied data.

An attacker can exploit this issue to execute arbitrary malicious code in the context of the user running an application that uses the affected library. Failed exploit attempts will likely crash applications using the affected library.

LibTIFF 3.7.2 and 3.8.2 are vulnerable.

34. Mozilla SeaMonkey/Thunderbird Newsgroup Cancel Message Handling Buffer Overflow Vulnerability
BugTraq ID: 31411
Remote: Yes
Last Updated: 2008-10-09
Relevant URL: http://www.securityfocus.com/bid/31411
Summary:
Mozilla SeaMonkey and Thunderbird are prone to a remote heap-based buffer-overflow vulnerability because they fail to properly bounds-check user-supplied data.

Successfully exploiting this issue may allow remote attackers to execute arbitrary machine code in the context of the vulnerable application; failed exploit attempts will likely crash the application. This may facilitate the remote compromise of affected computers.

The issue affects versions prior to Mozilla Thunderbird 2.0.0.17 and prior to Mozilla SeaMonkey 1.1.12.

35. Debian mon 'alert.d/test.alert' Insecure Temporary File Creation Vulnerability
BugTraq ID: 31597
Remote: No
Last Updated: 2008-10-09
Relevant URL: http://www.securityfocus.com/bid/31597
Summary:
Debian 'mon' creates temporary files in an insecure manner.

An attacker with local access could potentially exploit this issue to perform symbolic-link attacks, overwriting arbitrary files in the context of the affected application.

Successfully mounting a symlink attack may allow the attacker to delete or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.

36. Wireshark 1.0.0 Multiple Vulnerabilities
BugTraq ID: 30020
Remote: Yes
Last Updated: 2008-10-09
Relevant URL: http://www.securityfocus.com/bid/30020
Summary:
Wireshark is prone to multiple vulnerabilities, including an information-disclosure issue and denial-of-service issues.

Exploiting these issues may allow attackers to obtain potentially sensitive information, cause crashes, and deny service to legitimate users of the application. Attackers may be able to leverage some of these vulnerabilities to execute arbitrary code, but this has not been confirmed.

These issues affect Wireshark 0.9.5 up to and including 1.0.0.

37. Wireshark 1.0.2 Multiple Vulnerabilities
BugTraq ID: 31009
Remote: Yes
Last Updated: 2008-10-09
Relevant URL: http://www.securityfocus.com/bid/31009
Summary:
Wireshark is prone to multiple vulnerabilities, including buffer-overflow and denial-of-service issues.

Exploiting these issues may allow attackers to crash the application and deny service to legitimate users. Attackers may be able to leverage some of these vulnerabilities to execute arbitrary code, but this has not been confirmed.

These issues affect Wireshark 0.9.7 up to and including 1.0.2.

38. Wireshark 0.99.8 Multiple Denial of Service Vulnerabilities
BugTraq ID: 28485
Remote: Yes
Last Updated: 2008-10-09
Relevant URL: http://www.securityfocus.com/bid/28485
Summary:
Wireshark is prone to multiple denial-of-service vulnerabilities.

Exploiting these issues may allow attackers to cause crashes and deny service to legitimate users of the application. Attackers may be able to leverage some of these vulnerabilities to execute arbitrary code, but this has not been confirmed.

These issues affect Wireshark 0.99.2 up to and including 0.99.8.

39. Wireshark 0.99.7 Multiple Denial of Service Vulnerabilities
BugTraq ID: 28025
Remote: Yes
Last Updated: 2008-10-09
Relevant URL: http://www.securityfocus.com/bid/28025
Summary:
Wireshark is prone to multiple denial-of-service vulnerabilities.

Exploiting these issues may allow attackers to cause crashes and deny service to legitimate users of the application. Attackers may be able to leverage some of these vulnerabilities to execute arbitrary code, but this has not been confirmed.

Wireshark 0.6.0 to 0.99.7 are affected.

40. Wireshark 1.0.1 Denial of Service Vulnerability
BugTraq ID: 30181
Remote: Yes
Last Updated: 2008-10-09
Relevant URL: http://www.securityfocus.com/bid/30181
Summary:
Wireshark is prone to a denial-of-service vulnerability.

Exploiting this issue may allow attackers to cause crashes and deny service to legitimate users of the application.

This issue affects Wireshark 0.8.19 to 1.0.1.

41. Novell eDirectory Multiple Buffer Overflow Vulnerabilities
BugTraq ID: 31553
Remote: Yes
Last Updated: 2008-10-09
Relevant URL: http://www.securityfocus.com/bid/31553
Summary:
Novell eDirectory is prone to multiple buffer-overflow vulnerabilities.

Successful exploits may allow attackers to execute arbitrary code within the context of the affected application or to cause denial-of-service conditions.

These issues affect eDirectory 8.7.3 SP10 prior to 8.7.3 SP10 FTF1.

42. Microsoft Windows SeImpersonatePrivilege Local Privilege Escalation Vulnerability
BugTraq ID: 28833
Remote: No
Last Updated: 2008-10-09
Relevant URL: http://www.securityfocus.com/bid/28833
Summary:
Microsoft Windows is prone to a privilege-escalation vulnerability.

Successful exploits may allow authenticated users to elevate their privileges to LocalSystem. This facilitates the complete compromise of affected computers.

The issue affects Microsoft Windows XP Professional SP2 and all versions and editions of Windows Server 2003, Windows Vista, and Windows Server 2008.

43. RETIRED: Adobe Flash Player Unspecified Clickjacking Vulnerability
BugTraq ID: 31625
Remote: Yes
Last Updated: 2008-10-09
Relevant URL: http://www.securityfocus.com/bid/31625
Summary:
Adobe Flash Player is prone to a vulnerability that may allow an attacker to trick a victim into unknowingly clicking on a link or dialog.

An attacker may exploit this issue by creating a malicious web page embedding a flash control used to modify privacy settings. It's possible to have an unsuspecting user click on this control and modify their settings without further notification or prompting.

NOTE: This BID is being retired because the issue described affects a specific flash control hosted by Adobe; it is not a specific fault in Flash Player itself.

44. Cisco Unity 7.0 Multiple Remote Vulnerabilities
BugTraq ID: 31642
Remote: Yes
Last Updated: 2008-10-09
Relevant URL: http://www.securityfocus.com/bid/31642
Summary:
Cisco Unity is prone to multiple remote vulnerabilities, including:

- An information-disclosure vulnerability in the web interface
- A denial-of-service vulnerability in the administration interface
- A script-injection vulnerability in the web interface
- Multiple denial-of-service vulnerabilities in unspecified services

These issues are reported in Cisco Unity 7.0; other versions may also be affected.

45. Mozilla Firefox/SeaMonkey UTF-8 Stack-Based Buffer Overflow Vulnerability
BugTraq ID: 31397
Remote: Yes
Last Updated: 2008-10-09
Relevant URL: http://www.securityfocus.com/bid/31397
Summary:
Mozilla Firefox and SeaMonkey are prone to a stack-based buffer-overflow vulnerability.

An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.

Versions prior to Firefox 2.0.0.17 and prior to SeaMonkey 1.1.12 are vulnerable.

NOTE: This issue was originally documented in BID 31346 (Mozilla Firefox/SeaMonkey/Thunderbird Multiple Remote Vulnerabilities). It has been given its own record to better document the details.

46. Mozilla Firefox/SeaMonkey/Thunderbird Multiple Remote Vulnerabilities
BugTraq ID: 31346
Remote: Yes
Last Updated: 2008-10-09
Relevant URL: http://www.securityfocus.com/bid/31346
Summary:
The Mozilla Foundation has released multiple security advisories specifying various vulnerabilities in Firefox 2.0.0.16 and prior versions, Firefox 3.0.1 and prior versions, Thunderbird 2.0.0.16 and prior versions, and SeaMonkey 1.1.11 and prior versions.

Exploiting these issues can allow attackers to:

- traverse directories
- obtain potentially sensitive information
- execute scripts with elevated privileges
- execute arbitrary code
- cause denial-of-service conditions
- carry out cross-site scripting attacks
- steal authentication credentials
- force users to download files
- violate the same-origin policy

Other attacks are also possible.

47. KDE PCX Image File Handling Buffer Overflow Vulnerability
BugTraq ID: 13096
Remote: Yes
Last Updated: 2008-10-08
Relevant URL: http://www.securityfocus.com/bid/13096
Summary:
KDE is reported prone to a buffer-overflow vulnerability when handling PCX image files because the 'kimgio' image library fails to properly validate PCX image data.

This vulnerability was reported to reside in PCX image-handling routines, but the vendor has patched other image handlers, which may mean that other image formats may also be affected by similar problems.

Attackers may exploit this vulnerability to crash applications using the affected library or possibly to execute arbitrary machine code in the context of the affected application.

48. Nortel Networks Multimedia Communications Server Authentication Bypass Vulnerability
BugTraq ID: 31640
Remote: Yes
Last Updated: 2008-10-08
Relevant URL: http://www.securityfocus.com/bid/31640
Summary:
Nortel Networks Multimedia Communications Server is prone to an unspecified authentication-bypass vulnerability that can allow attackers to spoof and to redirect calls.

Very few technical details are currently available. We will update this BID as more information emerges.

Nortel Networks Multimedia Communications Server 5100 3.0.13 is vulnerable.

49. Avaya Communication Manager Web Server Configuration Unauthorized Access Vulnerability
BugTraq ID: 31639
Remote: Yes
Last Updated: 2008-10-08
Relevant URL: http://www.securityfocus.com/bid/31639
Summary:
Avaya Communication Manager is prone to an unauthorized-access vulnerability.

Attackers can exploit this issue to gain access to the application's configuration files, log files, binary image files, and help files. Successfully exploiting this issue may lead to further attacks.

50. Linux Kernel SCTP INIT-ACK AUTH Extension Remote Denial of Service Vulnerability
BugTraq ID: 31634
Remote: Yes
Last Updated: 2008-10-08
Relevant URL: http://www.securityfocus.com/bid/31634
Summary:
The Linux kernel is prone to a remote denial-of-service vulnerability because it fails to handle mismatched SCTP AUTH extension settings between peers.

Attackers can exploit this issue to cause a kernel panic, denying service to legitimate users.

Versions prior to Linux kernel 2.6.27-rc6-git6 are vulnerable.

51. Avaya one-X Desktop Edition SIP Remote Denial Of Service Vulnerability
BugTraq ID: 31636
Remote: Yes
Last Updated: 2008-10-08
Relevant URL: http://www.securityfocus.com/bid/31636
Summary:
Avaya one-X Desktop Edition phone is prone to a remote denial-of-service vulnerability.

An attacker can exploit this issue to crash the affected application, denying service to legitimate users.

Avaya one-X Desktop Edition 2.1 is vulnerable; other versions may also be affected.

52. Avaya IP Softphone Remote Denial Of Service Vulnerability
BugTraq ID: 31635
Remote: Yes
Last Updated: 2008-10-08
Relevant URL: http://www.securityfocus.com/bid/31635
Summary:
Avaya IP Softphone is prone to a remote denial-of-service vulnerability.

An attacker can exploit this issue to crash the affected device, denying service to legitimate users.
Given the nature of this issue, the attacker may also be able to run arbitrary code, but this has not been confirmed.

Avaya IP Softphone 6.0 SP4 is vulnerable; other versions may also be affected.

53. Built2Go Real Estate Listings 'event_detail.php' SQL Injection Vulnerability
BugTraq ID: 31628
Remote: Yes
Last Updated: 2008-10-08
Relevant URL: http://www.securityfocus.com/bid/31628
Summary:
Built2Go Real Estate Listings is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Built2Go Real Estate Listings 1.5 is vulnerable; other versions may also be affected.

54. Nortel MCS 5100 UFTP Multiple Denial of Service Vulnerabilities
BugTraq ID: 31633
Remote: Yes
Last Updated: 2008-10-08
Relevant URL: http://www.securityfocus.com/bid/31633
Summary:
Nortel Multimedia Communications Server (MCS) 5100 is prone to multiple denial-of-service vulnerabilities because it fails to handle certain UNIStem File Transfer Protocol (UFTP) data.

Versions of MCS 5100 in the 3.0 series are vulnerable.

55. GEAR Software CD DVD Filter Driver 'GEARAspiWDM.sys' Local Privilege Escalation Vulnerability
BugTraq ID: 31089
Remote: No
Last Updated: 2008-10-08
Relevant URL: http://www.securityfocus.com/bid/31089
Summary:
GEAR Software CD DVD Filter driver ('GEARAspiWDM.sys') is prone to a local privilege-escalation vulnerability caused by an integer-overflow issue.

Local attackers can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successfully exploiting this issue will result in the complete compromise of affected computers. Failed exploit attempts will cause a denial-of-service condition.

GEAR Software CD DVD filter driver is used by the following products:

Apple ITunes prior to 8.0
Norton 360 2.0 and prior
Norton Ghost 14 and prior
Norton Save and Restore 2.0 and prior
Backup Exec System Recovery 6, 7, and 8
Symantec LiveState Recovery

NOTE: This BID was previously titled 'Apple iTunes Third Party Driver Local Privilege Escalation Vulnerability', but new information has allowed us to update the BID to better reflect the root cause of the issue.

56. Hero DVD Player '.m3u' File Buffer Overflow Vulnerability
BugTraq ID: 31627
Remote: Yes
Last Updated: 2008-10-08
Relevant URL: http://www.securityfocus.com/bid/31627
Summary:
Hero DVD Player is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input.

Successfully exploiting this issue may allow remote attackers to execute arbitrary code in the context of the application. Failed exploit attempts will cause denial-of-service conditions.

Hero DVD Player 3.0.8 is vulnerable; other versions may also be affected.

57. PC Tools Spyware Doctor Unspecified Denial of Service Vulnerability
BugTraq ID: 31630
Remote: Yes
Last Updated: 2008-10-08
Relevant URL: http://www.securityfocus.com/bid/31630
Summary:
Spyware Doctor is prone to an unspecified denial-of-service vulnerability.

Attackers can exploit this issue to crash the system, denying service to legitimate users.

Spyware Doctor 6.0 is vulnerable; other versions may also be affected.

58. TorrentTrader Classic Edition 'completed-advance.php' SQL Injection Vulnerability
BugTraq ID: 31626
Remote: Yes
Last Updated: 2008-10-08
Relevant URL: http://www.securityfocus.com/bid/31626
Summary:
TorrentTrader Classic Edition is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Versions up to and including TorrentTrader Classic Edition 1.04 are vulnerable.

59. Microsoft PicturePusher 'PipPPush.dll' ActiveX Control Arbitrary File Download Vulnerability
BugTraq ID: 31632
Remote: Yes
Last Updated: 2008-10-08
Relevant URL: http://www.securityfocus.com/bid/31632
Summary:
Microsoft PicturePusher ActiveX control in 'PipPPush.dll' is prone to a vulnerability that lets attackers download arbitrary files.

Attackers may exploit this issue by enticing victims into visiting a maliciously crafted webpage.

Successful exploits will allow remote attackers to download files from arbitrary locations to the affected computer.

The affected ActiveX control may be a component of Microsoft Digital Image 2006 Starter Edition.

'PipPPush.dll' 7.00.0709 is vulnerable; other versions may also be affected.

60. YourOwnBux 'usNick' Cookie Parameter SQL Injection Vulnerability
BugTraq ID: 31624
Remote: Yes
Last Updated: 2008-10-08
Relevant URL: http://www.securityfocus.com/bid/31624
Summary:
YourOwnBux is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

YourOwnBux 4.0 is vulnerable; other versions may also be affected.

61. Select Development Solutions Multiple Products 'view_cat.php' SQL Injection Vulnerability
BugTraq ID: 31623
Remote: Yes
Last Updated: 2008-10-08
Relevant URL: http://www.securityfocus.com/bid/31623
Summary:
Multiple Select Development Solutions products are prone to an SQL-injection vulnerability because they fail to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise an application, access or modify data, or exploit latent vulnerabilities in the underlying database.

The following applications are vulnerable:

PHP Realtor 1.5.0
PHP Auto Dealer 2.7.0

62. PHP Auto's 'searchresults.php' SQL Injection Vulnerability
BugTraq ID: 31622
Remote: Yes
Last Updated: 2008-10-08
Relevant URL: http://www.securityfocus.com/bid/31622
Summary:
PHP Auto's is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

PHP Auto's 2.9.1 is vulnerable; other versions may also be affected.

63. Condor Prior to 7.0.5 Multiple Security Vulnerabilities
BugTraq ID: 31621
Remote: Yes
Last Updated: 2008-10-08
Relevant URL: http://www.securityfocus.com/bid/31621
Summary:
Condor is prone to multiple vulnerabilities, including:

- A privilege-escalation issue related to job submission
- A stack-based buffer-overflow vulnerability in 'cron-schedd'
- A denial-of-service vulnerability in 'cron-schedd'
- An access-validation vulnerability

These issues affect versions prior to Condor 7.0.5.

64. Debian freeradius-dialupadmin Insecure Temporary File Creation Vulnerabilities
BugTraq ID: 30901
Remote: No
Last Updated: 2008-10-08
Relevant URL: http://www.securityfocus.com/bid/30901
Summary:
Debian freeradius-dialupadmin creates temporary files in an insecure manner.

An attacker with local access could potentially exploit these issues to perform symbolic-link attacks, overwriting arbitrary files in the context of the affected application.

Successfully mounting a symlink attack may allow the attacker to delete or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.

Debian freeradius-dialupadmin 2.0.4 is vulnerable; other versions may also be affected.

65. Linux Kernel UBIFS Orphan Inode Local Denial of Service Vulnerability
BugTraq ID: 30647
Remote: No
Last Updated: 2008-10-08
Relevant URL: http://www.securityfocus.com/bid/30647
Summary:
The Linux kernel is prone to a local denial-of-service vulnerability affecting the VFS behavior in UBIFS (UBI File System).

Attackers can exploit this issue to cause the kernel to crash, denying service to legitimate users.

66. Linux kernel NFSv4 ACL Buffer Overflow Vulnerability
BugTraq ID: 31133
Remote: Yes
Last Updated: 2008-10-08
Relevant URL: http://www.securityfocus.com/bid/31133
Summary:
The Linux kernel is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data.

Attackers can exploit this issue to execute arbitrary code or cause a denial-of-service condition.

Versions prior to Linux kernel 2.6.26.4 are vulnerable.

67. Linux Kernel 'iov_iter_advance()' Page Fault Local Denial of Service Vulnerability
BugTraq ID: 31132
Remote: No
Last Updated: 2008-10-08
Relevant URL: http://www.securityfocus.com/bid/31132
Summary:
The Linux kernel is prone to a local denial-of-service vulnerability caused by an error in the 'iov_iter_advance()' function.

Attackers can exploit this issue to cause the kernel to crash, denying service to legitimate users.

This issue occurs in the Linux 2.6 kernel prior to version 2.6.27-rc2.

68. Linux Kernel 'shmem_delete_inode()' Local Denial of Service Vulnerability
BugTraq ID: 31134
Remote: No
Last Updated: 2008-10-08
Relevant URL: http://www.securityfocus.com/bid/31134
Summary:
The Linux kernel is prone to a local denial-of-service vulnerability.

Attackers can exploit this issue to cause the kernel to crash, denying service to legitimate users.

This issue affects the Linux kernel prior to 2.6.21.1.

69. Linux Kernel 'sctp_setsockopt_auth_key()' Remote Denial of Service Vulnerability
BugTraq ID: 30847
Remote: Yes
Last Updated: 2008-10-08
Relevant URL: http://www.securityfocus.com/bid/30847
Summary:
The Linux kernel is prone to a remote denial-of-service vulnerability because it fails to properly handle user-supplied input.

Attackers can exploit this issue to cause a kernel panic, denying service to legitimate users.

Versions since Linux kernel 2.6.24-rc1 are vulnerable.

70. Linux Kernel 'dccp_setsockopt_change()' Remote Denial of Service Vulnerability
BugTraq ID: 30704
Remote: Yes
Last Updated: 2008-10-08
Relevant URL: http://www.securityfocus.com/bid/30704
Summary:
The Linux kernel is prone to a remote denial-of-service vulnerability because it fails to properly handle user-supplied input.

Attackers can exploit this issue to cause a kernel panic, denying service to legitimate users.

This issue affects Linux kernel 2.6.17-rc1 and later.

71. Drupal Multiple Modules Security Bypass Vulnerabilities
BugTraq ID: 31660
Remote: Yes
Last Updated: 2008-10-08
Relevant URL: http://www.securityfocus.com/bid/31660
Summary:
Multiple Drupal Modules are prone to security-bypass vulnerabilities that may allow attackers to gain access to administrative or sensitive areas of the application without the appropriate privileges

This issue affects version prior to the following packages:

- Live module 6.x before version 6.x-1.0
- AJAX Picture Preview module 6.x before version 6.x-1.2
- Admin:hover module 6.x-1.x-dev before 2008-Oct-08
- Banner Rotor Module before version 6.x-1.3
- Creative Commons Lite module 6.x before version 6.x-1.1
- Keyboard shortcut utilty module 6.x before version 6.x-1.1
- LiveJournal CrossPoster module 6.x before version 6.x-1.4
- Taxonomy import/export via XML module 6.x before version 6.x-1.2
- User Referral module 6.x-1.x-dev before 2008-Oct-08

72. Drupal SIOC Module Security Bypass Vulnerability
BugTraq ID: 31658
Remote: Yes
Last Updated: 2008-10-08
Relevant URL: http://www.securityfocus.com/bid/31658
Summary:
The Drupal SIOC Module is prone to a security bypass vulnerability that may allow attackers to gain access to sensitive areas of the application without the appropriate privileges

This issue affects version of Drupal SIOC Module prior to 5.x-1.2 and 6.x-1.1.

73. Drupal EveryBlog Module Multiple Unspecified Vulnerabilities
BugTraq ID: 31656
Remote: Yes
Last Updated: 2008-10-08
Relevant URL: http://www.securityfocus.com/bid/31656
Summary:
The EveryBlog module for Drupal is prone to multiple vulnerabilities because it fails to sufficiently sanitize user-supplied input data.

These vulnerabilities may allow attackers to:

- Execute HTML and script code in the context of the affected site, to steal cookie-based authentication credentials, or to control how the site is rendered to the user.

- Manipulate the SQL query logic to carry out unauthorized actions on the underlying database.

- Gain access to sensitive areas of the application without the appropriate privileges.

Versions of EveryBlog up to and including 2.0 are vulnerable to these issues.

74. WebBiscuits Modules Controller Multiple Local and Remote File Include Vulnerabilities
BugTraq ID: 31655
Remote: Yes
Last Updated: 2008-10-08
Relevant URL: http://www.securityfocus.com/bid/31655
Summary:
WebBiscuits Modules Controller is prone to a local file-include vulnerability and a remote file-include vulnerability because the application fails to sufficiently sanitize user-supplied input.

Exploiting these issues may allow a remote attacker to obtain sensitive information or compromise the application and the underlying computer; other attacks are also possible.

WebBiscuits Modules Controller 1.1 is vulnerable; other versions may also be affected.

75. HispaH Text Link ADS 'index.php' SQL Injection Vulnerability
BugTraq ID: 31649
Remote: Yes
Last Updated: 2008-10-08
Relevant URL: http://www.securityfocus.com/bid/31649
Summary:
HispaH Text Link ADS is prone to an SQL-injection vulnerability because it fails to properly sanitize user-supplied input before using it in an SQL query.

A successful attack could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.

76. Brain Book Software AdMan 'editCampaign.php' SQL Injection Vulnerability
BugTraq ID: 31646
Remote: Yes
Last Updated: 2008-10-08
Relevant URL: http://www.securityfocus.com/bid/31646
Summary:
Brain Book Software AdMan is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

AdMan 1.1.20070907 is vulnerable; other versions may also be affected.

77. DFFFrameworkAPI 'DFF_config[dir_include]' Parameter Multiple Remote File Include Vulnerabilities
BugTraq ID: 31644
Remote: Yes
Last Updated: 2008-10-08
Relevant URL: http://www.securityfocus.com/bid/31644
Summary:
DFFFrameworkAPI is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data.

Exploiting these issues may allow an attacker to compromise the application and the underlying system; other attacks are also possible.

78. Linux Kernel 'snd_seq_oss_synth_make_info()' Information Disclosure Vulnerability
BugTraq ID: 30559
Remote: No
Last Updated: 2008-10-07
Relevant URL: http://www.securityfocus.com/bid/30559
Summary:
The Linux kernel is prone to an information-disclosure vulnerability.

Successful exploits will allow attackers to obtain sensitive information that may aid in further attacks.

Versions prior to Linux kernel 2.6.27-rc2 are vulnerable.

79. Linux Kernel 'SCTP' Module Multiple vulnerabilities
BugTraq ID: 31121
Remote: No
Last Updated: 2008-10-07
Relevant URL: http://www.securityfocus.com/bid/31121
Summary:
Linux Kernel 'SCTP' module is prone to multiple vulnerabilities.

The issues allow local attackers to obtain sensitive information or cause kernel crashes, denying service to legitimate users.

Linux Kernel 2.6.26.3 and prior versions are affected.

80. Yerba SACphp 6.3 Multliple Remote Vulnerabilities
BugTraq ID: 31619
Remote: Yes
Last Updated: 2008-10-07
Relevant URL: http://www.securityfocus.com/bid/31619
Summary:
Yerba SACphp is prone to a multiple remote vulnerabilities, including:

- An authentication-bypass vulnerability
- A remote privilege-escalation vulnerability
- A vulnerability that may allow attackers to gain access to the content contained in the database
- An unauthorized-access vulnerability

Attackers can exploit these issues to gain unauthorized administrative access to the affected application, compromise the application, and obtain sensitive information. Other attacks are also possible.

Yerba SACphp 6.3 is vulnerable; other versions may also be affected.

81. PHP FastCGI Module File Extension Denial Of Service Vulnerabilities
BugTraq ID: 31612
Remote: Yes
Last Updated: 2008-10-07
Relevant URL: http://www.securityfocus.com/bid/31612
Summary:
PHP is prone to a denial-of-service vulnerability because the application fails to handle certain file requests.

Attackers can exploit this issue to crash the affected application, denying service to legitimate users.

PHP 4.4 prior to 4.4.9 and PHP 5.2 through 5.2.6 are vulnerable.

82. Atarone Version 1.2.0 Multiple Input Validation Vulnerabilities
BugTraq ID: 31610
Remote: Yes
Last Updated: 2008-10-07
Relevant URL: http://www.securityfocus.com/bid/31610
Summary:
Atarone is prone to multiple input-validation vulnerabilities because it fails to adequately sanitize user-supplied input. These vulnerabilities include multiple cross-site scripting issues, multiple SQL-injection issues, and a local file-include issue.

Exploiting these issues can allow an attacker to steal cookie-based authentication credentials, view local files within the context of the webserver, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. Other attacks may also be possible.

Atarone 1.2.0 is vulnerable; other versions may also be affected.

83. Skype Toolbars Extension for Firefox BETA Clipboard Security Weakness
BugTraq ID: 31613
Remote: Yes
Last Updated: 2008-10-07
Relevant URL: http://www.securityfocus.com/bid/31613
Summary:
Skype Toolbars Extension for Firefox is prone to a security weakness that allows attackers to inject arbitrary content onto a user's clipboard.

Attackers can exploit this issue to write content to a victim's clipboard. As a result, attacker-supplied URIs can persist in the victim's clipboard.

Skype Toolbars Extension for Firefox BETA 2.2.0.95 is vulnerable; other versions of the extension may also be affected.

84. OpenX 'bannerid' SQL Injection Vulnerability
BugTraq ID: 31549
Remote: Yes
Last Updated: 2008-10-07
Relevant URL: http://www.securityfocus.com/bid/31549
Summary:
OpenX is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

OpenX 2.4.8 and 2.6.1 are vulnerable; other versions may also be affected.

85. Mercurial hgweb 'allowpull' Information Disclosure Vulnerability
BugTraq ID: 31223
Remote: Yes
Last Updated: 2008-10-07
Relevant URL: http://www.securityfocus.com/bid/31223
Summary:
Mercurial is prone to an information-disclosure vulnerability because it fails to honor specific configuration options.

Attackers can exploit this issue to view files contained in the vulnerable repository.

Mercurial 1.0.1 is vulnerable; other versions may also be affected.

86. Portable OpenSSH GSSAPI Remote Code Execution Vulnerability
BugTraq ID: 20241
Remote: Yes
Last Updated: 2008-10-07
Relevant URL: http://www.securityfocus.com/bid/20241
Summary:
Portable OpenSSH is prone to a remote code-execution vulnerability. The issue derives from a race condition in a vulnerable signal handler.

Reportedly, under specific conditions, it is theoretically possible to execute code remotely prior to authentication when GSSAPI authentication is enabled. This has not been confirmed; the chance of a successful exploit of this nature is considered minimal.

On non-Portable OpenSSH implementations, this same race condition can be exploited to cause a pre-authentication denial of service.

This issue occurs when OpenSSH and Portable OpenSSH are configured to accept GSSAPI authentication.

87. WordNet Multiple Buffer Overflow Vulnerabilities
BugTraq ID: 29208
Remote: Yes
Last Updated: 2008-10-07
Relevant URL: http://www.securityfocus.com/bid/29208
Summary:
WordNet is prone to multiple buffer-overflow vulnerabilities because the application fails to properly bounds-check user-supplied input.

Successful exploits may allow attackers to execute arbitrary code within the context of the affected application. Failed exploit attempts will likely result in a denial of service.

Note that these vulnerabilities occur when WordNet is used as a backend in web applications. The issues can be exploited through a web application that supplies input to WordNet.

The issues affect WordNet 2.0, 2.1, and 3.0; other versions may also be vulnerable.

88. WordNet Multiple Buffer Overflow Vulnerabilities
BugTraq ID: 30958
Remote: Yes
Last Updated: 2008-10-07
Relevant URL: http://www.securityfocus.com/bid/30958
Summary:
WordNet is prone to multiple buffer-overflow vulnerabilities because the application fails to properly bounds-check user-supplied input. Specifically, the issues arise from handling command-line arguments, environment variables, and data read from user-supplied dictionaries.

Successful exploits may allow attackers to execute arbitrary code within the context of the affected application. Failed exploit attempts will likely result in a denial of service.

The issues affect WordNet 3.0; other versions may also be vulnerable.

89. GraphicsMagick Multiple Denial Of Service Vulnerabilities
BugTraq ID: 30055
Remote: Yes
Last Updated: 2008-10-07
Relevant URL: http://www.securityfocus.com/bid/30055
Summary:
GraphicsMagick is prone to multiple denial-of-service vulnerabilities.

Successfully exploiting these issues will allow an attacker to crash the affected application.

The vulnerabilities affect versions prior to GraphicsMagick 1.2.4.

90. Mozilla Firefox Internet Shortcut Same Origin Policy Violation Vulnerability
BugTraq ID: 31611
Remote: Yes
Last Updated: 2008-10-07
Relevant URL: http://www.securityfocus.com/bid/31611
Summary:
Mozilla Firefox is prone to a vulnerability that allows attackers to violate the same-origin policy. This issue occurs because the application fails to properly enforce the same-origin policy when handling internet shortcut files.

An attacker may create a malicious webpage that can access the properties of another domain. This may allow the attacker to obtain sensitive information or launch other attacks against a user of the browser.

Firefox 3.0.1 through 3.0.3 for Microsoft Windows are vulnerable; other versions may also be affected.

91. HP-UX NFS/ONCplus Unspecified Remote Denial Of Service Vulnerability
BugTraq ID: 31607
Remote: Yes
Last Updated: 2008-10-07
Relevant URL: http://www.securityfocus.com/bid/31607
Summary:
HP-UX is prone to a remote denial-of-service vulnerability caused by an unspecified error related to NFS/ONCplus.

Exploiting this issue allows remote attackers to trigger denial-of-service conditions.

The issue affects HP-UX B.11.31 running NFS/ONCplus B.11.31_04 or earlier.

92. KDE Konqueror Font Color Assertion Denial of Service Vulnerability
BugTraq ID: 31605
Remote: Yes
Last Updated: 2008-10-07
Relevant URL: http://www.securityfocus.com/bid/31605
Summary:
KDE Konqueror is prone to a remote denial-of-service vulnerability because it fails to handle specially crafted HTML '<font>' tags.

An attacker may exploit this vulnerability to cause Konqueror to crash, resulting in denial-of-service conditions.

The issue affects Konqueror 3.5.9; other versions may also be affected.

93. Yerba 'mod' Local File Include Vulnerability
BugTraq ID: 31606
Remote: Yes
Last Updated: 2008-10-07
Relevant URL: http://www.securityfocus.com/bid/31606
Summary:
Yerba is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.

An attacker can exploit this vulnerability to access potentially sensitive information and execute arbitrary local scripts in the context of the webserver process. This may allow the attacker to compromise the application and the underlying computer; other attacks are also possible.

Versions up to and including Yerba 6.3 are vulnerable.

94. iseemedia 'LPControl.dll' LPViewer ActiveX Control Multiple Buffer Overflow Vulnerabilities
BugTraq ID: 31604
Remote: Yes
Last Updated: 2008-10-07
Relevant URL: http://www.securityfocus.com/bid/31604
Summary:
iseemedia LPViewer ActiveX control is prone to multiple buffer-overflow vulnerabilities because it fails to properly bounds-check user-supplied data before copying it into an insufficiently sized memory buffer.

An attacker can exploit these issues to execute arbitrary code within the context of the application that invoked the ActiveX control (typically Internet Explorer). Failed exploit attempts will result in a denial-of-service condition.

95. Internet Download Manager File Parsing Buffer Overflow Vulnerability
BugTraq ID: 31603
Remote: Yes
Last Updated: 2008-10-07
Relevant URL: http://www.securityfocus.com/bid/31603
Summary:
Internet Download Manager (IDM) is prone to a remote buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.

An attacker may exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.

NOTE: This vulnerability may be related to the issue described in BID 14159 (Internet Download Manager Buffer Overflow Vulnerability), but this has not been confirmed.

We don't know which versions of IDM are affected. We will update this BID when more information emerges.

96. D-Bus 'dbus_signature_validate()' Type Signature Denial of Service Vulnerability
BugTraq ID: 31602
Remote: No
Last Updated: 2008-10-07
Relevant URL: http://www.securityfocus.com/bid/31602
Summary:
D-Bus is prone to a local denial-of-service vulnerability because it fails to handle malformed signatures contained in messages.

Local attackers can exploit this issue to crash an application that uses the affected library, denying service to legitimate users.

This issue affects D-BUS 1.2.1; other versions may also be affected.

97. asiCMS '_ENV[asicms][path]' Parameter Multiple Remote File Include Vulnerabilities
BugTraq ID: 31601
Remote: Yes
Last Updated: 2008-10-07
Relevant URL: http://www.securityfocus.com/bid/31601
Summary:
asiCMS is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data.

Exploiting these issues may allow an attacker to compromise the application and the underlying system; other attacks are also possible.

asiCMS 0.208 is vulnerable; other versions may also be affected.

98. Dovecot 'Tab' Character Password Check Security Bypass Vulnerability
BugTraq ID: 28181
Remote: Yes
Last Updated: 2008-10-07
Relevant URL: http://www.securityfocus.com/bid/28181
Summary:
Dovecot is prone to a security-bypass vulnerability because the application fails to adequately sanitize user-supplied input.

An attacker may exploit this issue to gain unauthorized access the affected application. Successful exploits will compromise the application.

Versions prior to Dovecot 1.0.13 and 1.1.rc3 are vulnerable. The vendor states that this issue affects only password databases that have blocking enabled.

NOTE: Reports indicate that this issue can be exploited only on versions after Dovecot 1.0.10, which introduced the 'skip_password_check' field.

99. Dovecot Authentication Cache Security Bypass Vulnerability
BugTraq ID: 27093
Remote: Yes
Last Updated: 2008-10-07
Relevant URL: http://www.securityfocus.com/bid/27093
Summary:
Dovecot is prone to a security-bypass vulnerability.

An attacker may exploit this condition to bypass certain security restrictions and obtain potentially sensitive data; other attacks are also possible.

Please note that default configurations of Dovecot are not affected by this issue. The chances of attack are further reduced because Dovecot must be configured in a specific way, making exploits highly circumstantial.

Versions higher than Dovecot 1.0.rc11 and prior to Dovecot 1.0.10 are vulnerable to this issue.

100. Dovecot 'mail_extra_groups' Insecure Settings Local Unauthorized Access Vulnerability
BugTraq ID: 28092
Remote: No
Last Updated: 2008-10-07
Relevant URL: http://www.securityfocus.com/bid/28092
Summary:
Dovecot is prone to a vulnerability that can result in unauthorized access to arbitrary data.

This occurs when the 'mail_extra_groups' setting is enabled.

Attackers can leverage this issue to write or delete certain files or to harvest data that may aid in further attacks.

Dovecot 0.99.10.6 through 1.0.10 are vulnerable.

III. SECURITYFOCUS NEWS ARTICLES
--------------------------------
1. Researchers weigh "clickjacking" threat
By: Robert Lemos
A canceled presentation at a Web security summit attracts attention to the danger of overlaying Web pages with graphics to persuade a victim to click where an attacker wants.
http://www.securityfocus.com/news/11534

2. Security of Google's browser gets mixed marks
By: Robert Lemos
The search giant uses process isolation, least privilege rules, and sandboxing as the security foundation for its Chrome browser, but security experts say more is needed.
http://www.securityfocus.com/news/11533

3. Online intruders hit Red Hat, Fedora Project
By: Robert Lemos
A leading Linux company and its open-source distribution acknowledge that attackers breached several systems, including one that manages the Fedora signing process.
http://www.securityfocus.com/news/11532

4. Researchers race to zero in record time
By: Robert Lemos
On the first day, three teams of security professional finished the Race to Zero contest, successfully modifying nine well-known viruses and exploits to escape detection by major antivirus engines.
http://www.securityfocus.com/news/11531

IV. SECURITY JOBS LIST SUMMARY
-------------------------------
1. [SJ-JOB] Sales Representative, Linthicum
http://www.securityfocus.com/archive/77/497121

2. [SJ-JOB] Software Engineer, Alpharetta
http://www.securityfocus.com/archive/77/497122

3. [SJ-JOB] Security Engineer, Cupertino
http://www.securityfocus.com/archive/77/497123

4. [SJ-JOB] Sales Representative, Mississauga
http://www.securityfocus.com/archive/77/497120

V. INCIDENTS LIST SUMMARY
---------------------------
VI. VULN-DEV RESEARCH LIST SUMMARY
-----------------------------------
VII. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. SecurityFocus Microsoft Newsletter #414
http://www.securityfocus.com/archive/88/496934

VIII. SUN FOCUS LIST SUMMARY
----------------------------
IX. LINUX FOCUS LIST SUMMARY
----------------------------
X. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to sf-news-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.

XI. SPONSOR INFORMATION
------------------------
This issue is Sponsored by IBM® Rational® AppScan

Failure to properly secure Web applications significantly impacts your ability to protect sensitive client and corporate data. IBM Rational AppScan is an automated scanner that monitors, identifies and helps remediate vulnerabilities. Download a free trial of AppScan and see how it can help prevent against the threat of attack.
https://www.watchfire.com/securearea/appscan.aspx?id=701700000009T0r

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Blog Archive