News

Thursday, December 18, 2008

SecurityFocus Newsletter #483

SecurityFocus Newsletter #483
----------------------------------------

This issue is sponsored by Purewire

NEW! White Paper:
"Hackers Announce Open Season on Web 2.0 Users and Browsers"

Learn how hackers are exploiting your employees Web surfing to gain entry into your network. Drive-by Downloads, Click Jacking, AJAX, XSS and Browser vulns are just some of the nasty attack methods hackers are coming up with and it's no longer good enough to block known bad URL's.
Download this white paper now to mitigate your online security risks.
http://www.purewire.com/lp/sec


SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1.Time to Exclude Bad ISPs
2.Standing on Other's Shoulders
II. BUGTRAQ SUMMARY
1. Wireshark 1.0.4 SMTP Denial of Service Vulnerability
2. Mercury Mail Transport System Concatenated Data Buffer Overflow Vulnerability
3. I-RATER Basic 'messages.php' SQL Injection Vulnerability
4. 2532designs 2532|Gigs Local File Include and Arbitrary File Upload Vulnerabilities
5. EasySiteNetwork Jokes Complete Website 'joke.php' SQL Injection Vulnerability
6. Irrlicht B3D loader Buffer Overflow Vulnerability
7. DO-CMS 'p' Parameter Multiple SQL Injection Vulnerabilities
8. Ubuntu 'libvirt' Local Security Bypass Vulnerability
9. Mozilla Thunderbird Malformed MIME Message Denial Of Service Vulnerability
10. Mozilla Firefox MathML XHTML Null Pointer Dereference Denial of Service Vulnerability
11. Opera Web Browser 'file://' Heap Based Buffer Overflow Vulnerability
12. Opera Web Browser prior to 9.63 Multiple Security Vulnerabilities
13. Opera Web Browser HTML Parsing Heap-Based Remote Code Execution Vulnerability
14. Linux Kernel TTY Operations NULL Pointer Dereference Denial of Service Vulnerabilities
15. Linux Kernel 'ipip6_rcv()' Remote Denial of Service Vulnerability
16. Linux Kernel 'truncate()' Local Privilege Escalation Vulnerability
17. Linux Kernel 32-bit/64bit Emulation Local Information Disclosure Vulnerability
18. Linux Kernel UBIFS Orphan Inode Local Denial of Service Vulnerability
19. Linux Kernel ISDN_Net.C Local Buffer Overflow Vulnerability
20. Apple Podcast Producer Authentication-Bypass Vulnerability
21. Apple Mac OS X 'inet_net_pton' API Integer Overflow Vulnerability
22. Apple Mac OS X BOM CPIO Header Stack Buffer Overflow Vulnerability
23. Apple Mac OS X 'i386_set_ldt' and '1386_get_ldt' Multiple Integer Overflow Vulnerabilities
24. Apple Mac OS X 'natd' Remote Denial of Service Vulnerability
25. Apple Mac OS X Managed Client Screen Saver Lock Bypass Vulnerability
26. Apple Mac OS X UDF ISO File Handling Denial of Service Vulnerability
27. Multiple BSD Platforms 'strfmon()' Function Integer Overflow Weakness
28. The Rat CMS Admin Security Bypass Vulnerability
29. Mediatheka 'index.php' Local File Include Vulnerability
30. Evans FTP 'EvansFTP.ocx' ActiveX Control Multiple Remote Buffer Overflow Vulnerabilities
31. Multiple ASP SiteWare Products SQL Injection Vulnerabilities
32. FLDS Free Links Directory Script 'redir.php' SQL Injection Vulnerability
33. PHP Weather Local File Include and Cross Site Scripting Vulnerabilities
34. Mozilla Firefox/Thunderbird/SeaMonkey Multiple Remote Vulnerabilities
35. JasPer 1.900.1 Multiple Vulnerabilities
36. MPlayer TwinVQ Handling Stack Buffer Overflow Vulnerability
37. icash Click&Rank 'user.asp' Cross Site Scripting Vulnerability
38. icash ClickAndEmail SQL Injection and Cross Site Scripting Vulnerabilities
39. icash Click&BaneX Multiple SQL Injection Vulnerabilities
40. icash Click&Rank Multiple SQL Injection Vulnerabilities
41. Flatnux 'photo.php' Multiple Cross Site Scripting Vulnerabilities
42. Flatnux 'index.php' HTML Injection Vulnerability
43. BadBlue Directory Traversal and Buffer Overflow Vulnerability
44. Apache Tomcat UTF-8 Directory Traversal Vulnerability
45. Apache 'mod_proxy_ftp' Wildcard Characters Cross-Site Scripting Vulnerability
46. Sun Java Runtime Environment Font Processing Buffer Overflow Vulnerability
47. Apache HTTP Server 2.2.6, 2.0.61 and 1.3.39 'mod_status' Cross-Site Scripting Vulnerability
48. Apache 'mod_proxy_http' Interim Response Denial of Service Vulnerability
49. Sun Solaris IP Tunnel Param Local Code Execution Vulnerability
50. Vinagre 'vinarge_utils_show_error()' Function Format String Vulnerability
51. Simple Text-File Login script 'slogin_lib.inc.php' Remote File Include Vulnerability
52. Citrix Broadcast Server Unspecified SQL Injection Vulnerability
53. Microsoft Word Malformed Record Value Remote Code Execution Vulnerability
54. Sun Java Runtime Environment Multiple Security Vulnerabilities
55. Sun Java Runtime Environment Multiple Unspecified Same Origin Policy Violation Vulnerabilities
56. Sun Java SE Java Management Extensions (JMX) Unspecified Unauthorized Access Vulnerability
57. Sun Java Runtime Environment XML Data Processing Multiple Vulnerabilities
58. Quassel Core CTCP Ping Input Validation Vulnerability
59. TYPO3 Core Multiple Cross Site Scripting Vulnerabilities
60. MyioSoft EasyBookMarker 'bookmarker_backend.php' SQL Injection Vulnerability
61. Multiple MyioSoft Products Login Screen SQL Injection Vulnerability
62. AlstraSoft Web Host Directory 'Password' Parameter SQL Injection Vulnerability
63. Lito Lite 'cate.php' SQL Injection Vulnerability
64. PHP ZipArchive::extractTo() '.zip' Files Directory Traversal Vulnerability
65. ActiveWebSoftwares Active Bids 'bidhistory.asp' SQL Injection Vulnerability
66. ActiveWebSoftwares Active Price Comparison 'links.asp' SQL Injection Vulnerability
67. Multiple ActiveWebSoftwares Products Login Parameters SQL Injection Vulnerabilities
68. Sun Solaris IPv4 Forwarding Denial of Service Vulnerability
69. Multiple Vendor DNS Protocol Insufficient Transaction ID Randomization DNS Spoofing Vulnerability
70. SquirrelMail Insecure Cookie Disclosure Weakness
71. CUPS PNG Filter '_cupsImageReadPNG()' Integer Overflow Vulnerability
72. FlexPHPNews Username and Password SQL Injection Vulnerabilities
73. Joomla Live Chat Multiple SQL Injection and Open Proxy Vulnerabilities
74. Tmax Soft JEUS Alternate Data Stream Source Code Information Disclosure Vulnerability
75. Moodle 'texed.php' Remote Command Execution Vulnerability
76. chuggnutt.com HTML to Plain Text Conversion Remote Code Execution Vulnerability
77. Sun Java Web Start and Java Plug-in Multiple Privilege Escalation Vulnerabilities
78. Sun Java Web Start and Java Plug-in JAR File Privilege Escalation Vulnerability
79. r.cms Multiple SQL Injection Vulnerabilities
80. IBM Tivoli Provisioning Manager Security Bypass Vulnerability
81. Ruby 'regex.c' Remote Denial Of Service Vulnerability
82. Ruby REXML Remote Denial Of Service Vulnerability
83. Ruby Multiple Security Bypass and Denial of Service Vulnerabilities
84. Ruby 'resolv.rb' Predictable Transaction ID and Source Port DNS Spoofing Vulnerability
85. ClamAV 'cli_check_jpeg_exploit' Function Malformed JPEG File Remote Denial Of Service Vulnerability
86. Little CMS Buffer Overflow and Integer Signedness Vulnerabilities
87. unscripts UN Webmaster Marketplace 'member.php' SQL Injection Vulnerability
88. phpMyAdmin 'table' Parameter SQL Injection Vulnerability
89. Drupal Deleted Input Format HTML Injection Vulnerability
90. Realtek Media Player Playlist Buffer Overflow Vulnerability
91. Hitachi JP1/Integrated Management - Service Support Unspecified Cross-Site Scripting Vulnerability
92. Hitachi Web Server Multiple Vulnerabilities
93. F-PROT Antivirus for Linux ELF File Scanning Denial of Service Vulnerability
94. Multiple Linux Distributions 'login' Local Privilege Escalation Vulnerability
95. Adobe Flash Player Multiple Security Vulnerabilities
96. Adobe Flash Player Unspecified Remote Security Vulnerability
97. Microsoft SQL Server 'sp_replwritetovarbin' Remote Memory Corruption Vulnerability
98. libgadu Contact Description Remote Buffer Overflow Vulnerability
99. MySQL Calendar Cookie Authentication Bypass Vulnerability
100. 2532|Gigs 'index.php' SQL Injection Vulnerability
III. SECURITYFOCUS NEWS
1. Commission calls for cybersecurity czar
2. Microsoft hopes free security means less malware
3. Researchers find more flaws in wireless security
4. Secure hash competition kicks off
IV. SECURITY JOBS LIST SUMMARY
V. INCIDENTS LIST SUMMARY
VI. VULN-DEV RESEARCH LIST SUMMARY
VII. MICROSOFT FOCUS LIST SUMMARY
1. SecurityFocus Microsoft Newsletter #423
VIII. SUN FOCUS LIST SUMMARY
IX. LINUX FOCUS LIST SUMMARY
X. UNSUBSCRIBE INSTRUCTIONS
XI. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1. Time to Exclude Bad ISPs
By Oliver Day
In recent months, three questionable Internet service providers - EstDomains, Atrivo, and McColo - were effectively taken offline resulting in noticeable drops of malware and spam.
http://www.securityfocus.com/columnists/487

2. Standing on Other's Shoulders
By Chris Wysopal
"If I have seen a little further it is by standing on the shoulders of Giants," Issac Netwon once wrote to describe how he felt that his scientific work was an extension of the work of those who went before him. In the scientific realm it is dishonorable not to credit those upon whose work you build.
http://www.securityfocus.com/columnists/486


II. BUGTRAQ SUMMARY
--------------------
1. Wireshark 1.0.4 SMTP Denial of Service Vulnerability
BugTraq ID: 32422
Remote: Yes
Last Updated: 2008-12-18
Relevant URL: http://www.securityfocus.com/bid/32422
Summary:
Wireshark is prone to a denial-of-service vulnerability.

Exploiting this issue may allow attackers to cause the application to hang, which may aid in other attacks.

This issue affects Wireshark 1.0.4; other versions may also be vulnerable.

2. Mercury Mail Transport System Concatenated Data Buffer Overflow Vulnerability
BugTraq ID: 21110
Remote: Yes
Last Updated: 2008-12-18
Relevant URL: http://www.securityfocus.com/bid/21110
Summary:
Mercury Mail Transport System is prone to a remote buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data before copying it to an insufficiently sized memory buffer.

An attacker may exploit this issue to execute arbitrary machine code in the context of the user running the application. Failed exploit attempts will likely result in denial-of-service conditions.

Version 4.01b is vulnerable; other versions may also be affected.

3. I-RATER Basic 'messages.php' SQL Injection Vulnerability
BugTraq ID: 32912
Remote: Yes
Last Updated: 2008-12-18
Relevant URL: http://www.securityfocus.com/bid/32912
Summary:
I-RATER Basic is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

4. 2532designs 2532|Gigs Local File Include and Arbitrary File Upload Vulnerabilities
BugTraq ID: 32911
Remote: Yes
Last Updated: 2008-12-18
Relevant URL: http://www.securityfocus.com/bid/32911
Summary:
2532|Gigs is prone to multiple local file-include vulnerabilities and an arbitrary file-upload vulnerability.

An attacker can exploit these issues to upload arbitrary files onto the webserver, execute arbitrary local files within the context of the webserver and obtain sensitive information.

2532|Gigs 1.2.2 is vulnerable; other versions may also be affected.

5. EasySiteNetwork Jokes Complete Website 'joke.php' SQL Injection Vulnerability
BugTraq ID: 32908
Remote: Yes
Last Updated: 2008-12-18
Relevant URL: http://www.securityfocus.com/bid/32908
Summary:
EasySiteNetwork Jokes Complete Website is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

6. Irrlicht B3D loader Buffer Overflow Vulnerability
BugTraq ID: 32907
Remote: Yes
Last Updated: 2008-12-18
Relevant URL: http://www.securityfocus.com/bid/32907
Summary:
Irrlicht is prone to a buffer-overflow vulnerability because it fails to perform adequate checks on user-supplied input.

Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.

Versions prior to Irrlicht 1.5 are vulnerable.

7. DO-CMS 'p' Parameter Multiple SQL Injection Vulnerabilities
BugTraq ID: 32906
Remote: Yes
Last Updated: 2008-12-18
Relevant URL: http://www.securityfocus.com/bid/32906
Summary:
DO-CMS is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

DO-CMS 3.0 is vulnerable; other versions may also be affected.

8. Ubuntu 'libvirt' Local Security Bypass Vulnerability
BugTraq ID: 32905
Remote: No
Last Updated: 2008-12-18
Relevant URL: http://www.securityfocus.com/bid/32905
Summary:
Ubuntu 'libvirt' is prone to a local security-bypass vulnerability.

Successful exploitation of this issue may give attackers access to privileged operations.

This issue affects the following releases:

Ubuntu 7.10
Ubuntu 8.04 LTS
Ubuntu 8.10

9. Mozilla Thunderbird Malformed MIME Message Denial Of Service Vulnerability
BugTraq ID: 32869
Remote: Yes
Last Updated: 2008-12-17
Relevant URL: http://www.securityfocus.com/bid/32869
Summary:
Mozilla Thunderbird is prone to a denial-of-service vulnerability because the application fails to properly handle malformed multipart MIME messages.

An attacker can exploit this issue to crash the application during delivery.

10. Mozilla Firefox MathML XHTML Null Pointer Dereference Denial of Service Vulnerability
BugTraq ID: 32878
Remote: Yes
Last Updated: 2008-12-17
Relevant URL: http://www.securityfocus.com/bid/32878
Summary:
Mozilla Firefox is prone to a remote denial-of-service vulnerability.

Successful exploits can allow attackers to crash the affected browser, resulting in denial-of-service conditions.

Firefox 3.0.4 is vulnerable; other versions may also be affected.

11. Opera Web Browser 'file://' Heap Based Buffer Overflow Vulnerability
BugTraq ID: 32323
Remote: Yes
Last Updated: 2008-12-17
Relevant URL: http://www.securityfocus.com/bid/32323
Summary:
Opera Web Browser is prone to a heap-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input before copying it to an insufficiently sized buffer.

Attackers can exploit this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.

Opera Web Browser 9.62 is vulnerable; other versions may also be affected.

12. Opera Web Browser prior to 9.63 Multiple Security Vulnerabilities
BugTraq ID: 32864
Remote: Yes
Last Updated: 2008-12-17
Relevant URL: http://www.securityfocus.com/bid/32864
Summary:
Opera Web Browser is prone to multiple security vulnerabilities.

Successful exploits may allow attackers to:
- execute arbitrary code in the context of the application
- cause denial-of-service conditions
- execute arbitrary script code in the browser of an unsuspecting user in the context of certain sites
- steal cookie-based authentication credentials
- obtain sensitive information
- carry out other attacks

Versions prior to Opera 9.63 are vulnerable.

13. Opera Web Browser HTML Parsing Heap-Based Remote Code Execution Vulnerability
BugTraq ID: 32891
Remote: Yes
Last Updated: 2008-12-17
Relevant URL: http://www.securityfocus.com/bid/32891
Summary:
Opera Web Browser is a browser that runs on multiple operating systems.

Opera Web Browser is prone to a heap-based memory-corruption vulnerability because of a flaw in parsing certain HTML constructs.

Attackers can exploit this issue to execute arbitrary code or crash the affected application.

NOTE: This issue was previously covered in BID 32864 (Opera Web Browser prior to 9.63 Multiple Security Vulnerabilities), but has been given its own record to better document the issue.

Versions prior to Opera 9.63 are vulnerable.

14. Linux Kernel TTY Operations NULL Pointer Dereference Denial of Service Vulnerabilities
BugTraq ID: 30076
Remote: No
Last Updated: 2008-12-17
Relevant URL: http://www.securityfocus.com/bid/30076
Summary:
The Linux kernel is prone to multiple local denial-of-service vulnerabilities.

Attackers can exploit these issues to crash the affected kernel, denying service to legitimate users. Given the nature of these issues, attackers may also be able to execute arbitrary code, but this has not been confirmed.

These issues affect versions prior to Linux kernel 2.6.25.10.

15. Linux Kernel 'ipip6_rcv()' Remote Denial of Service Vulnerability
BugTraq ID: 29235
Remote: Yes
Last Updated: 2008-12-17
Relevant URL: http://www.securityfocus.com/bid/29235
Summary:
The Linux Kernel is prone to a remote denial-of-service vulnerability.

An attacker can exploit this issue to crash the affected computer, denying service to legitimate users.

This issue affects the Linux Kernel 2.6.25.2; other versions may also be affected.

16. Linux Kernel 'truncate()' Local Privilege Escalation Vulnerability
BugTraq ID: 31368
Remote: No
Last Updated: 2008-12-17
Relevant URL: http://www.securityfocus.com/bid/31368
Summary:
The Linux kernel is prone to a local privilege-escalation vulnerability related to the 'truncate()' and 'ftruncate()' functions.

Versions prior to Linux kernel 2.6.22-rc1 are vulnerable.

17. Linux Kernel 32-bit/64bit Emulation Local Information Disclosure Vulnerability
BugTraq ID: 29942
Remote: No
Last Updated: 2008-12-17
Relevant URL: http://www.securityfocus.com/bid/29942
Summary:
The Linux kernel is prone to an information-disclosure vulnerability.

Successfully exploiting this issue may allow attackers to gain access to uninitialized and potentially sensitive data. Information obtained may lead to other attacks.

18. Linux Kernel UBIFS Orphan Inode Local Denial of Service Vulnerability
BugTraq ID: 30647
Remote: No
Last Updated: 2008-12-17
Relevant URL: http://www.securityfocus.com/bid/30647
Summary:
The Linux kernel is prone to a local denial-of-service vulnerability affecting the VFS behavior in UBIFS (UBI File System).

Attackers can exploit this issue to cause the kernel to crash, denying service to legitimate users.

19. Linux Kernel ISDN_Net.C Local Buffer Overflow Vulnerability
BugTraq ID: 26605
Remote: No
Last Updated: 2008-12-17
Relevant URL: http://www.securityfocus.com/bid/26605
Summary:
The Linux kernel is prone to a local buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input before copying it into an insufficiently sized buffer.

An attacker can exploit this issue to cause denial-of-service conditions. Given the nature of this issue, the attacker may also be able to execute arbitrary code, but this has not been confirmed.

This issue affects the Linux kernel versions prior to 2.6.23.10.

20. Apple Podcast Producer Authentication-Bypass Vulnerability
BugTraq ID: 32870
Remote: No
Last Updated: 2008-12-17
Relevant URL: http://www.securityfocus.com/bid/32870
Summary:
Podcast Producer is prone to an authentication-bypass vulnerability. An attacker can exploit this issue to gain access to certain administrative functions. This may result in an elevation of privilege and may aid in further attacks.

This issue affects Podcast Producer for Mac OS X Server 10.5 through 10.5.5.

NOTE: This issue was previously covered in BID 32839 (Apple Mac OS X 2008-008 Multiple Security Vulnerabilities), but has been given its own record to better document the issue.

21. Apple Mac OS X 'inet_net_pton' API Integer Overflow Vulnerability
BugTraq ID: 32877
Remote: Yes
Last Updated: 2008-12-17
Relevant URL: http://www.securityfocus.com/bid/32877
Summary:
The Apple Mac OS X 'Libsystem' is prone to an integer-overflow vulnerability in the 'inet_net_pton' API because it fails to adequately bounds-check input data.

The affected function itself is not directly exploitable; successful exploits may allow attackers to execute arbitrary code or cause denial-of service conditions in applications that use the vulnerable API.

NOTE: This issue was previously covered in BID 32839 (Apple Mac OS X 2008-008 Multiple Security Vulnerabilities), but has been given its own record to better document the issue.

22. Apple Mac OS X BOM CPIO Header Stack Buffer Overflow Vulnerability
BugTraq ID: 32876
Remote: Yes
Last Updated: 2008-12-17
Relevant URL: http://www.securityfocus.com/bid/32876
Summary:
Apple Mac OS X BOM is prone to a remote stack-based buffer-overflow vulnerability because it fails to perform adequate boundary-checks on user-supplied data.

Successfully exploiting this issue will allow attackers to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.

NOTE: This issue was previously covered in BID 32839 (Apple Mac OS X 2008-008 Multiple Security Vulnerabilities), but has been given its own record to better document the issue.

23. Apple Mac OS X 'i386_set_ldt' and '1386_get_ldt' Multiple Integer Overflow Vulnerabilities
BugTraq ID: 32879
Remote: No
Last Updated: 2008-12-17
Relevant URL: http://www.securityfocus.com/bid/32879
Summary:
Apple Mac OS X is prone to multiple integer-overflow vulnerabilities because the software fails to perform adequate boundary checks on integer values.

Local attackers can exploit these issues to execute arbitrary code with SYSTEM-level privileges. Successfully exploiting these issues will completely compromise an affected computer. Failed exploit attempts will likely crash the affected computer.

Apple Mac OS X 10.5 through 10.5.5 and Mac OS X Server 10.5 through 10.5.5 are vulnerable.

NOTE: This issue was previously covered in BID 32839 (Apple Mac OS X 2008-008 Multiple Security Vulnerabilities), but has been given its own record to better document the issue.

24. Apple Mac OS X 'natd' Remote Denial of Service Vulnerability
BugTraq ID: 32874
Remote: Yes
Last Updated: 2008-12-17
Relevant URL: http://www.securityfocus.com/bid/32874
Summary:
Apple Mac OS X is prone to a remote denial-of-service vulnerability affecting the 'natd' Network Address Translation daemon.

NOTE: This issue was previously covered in BID 32839 (Apple Mac OS X 2008-008 Multiple Security Vulnerabilities), but has been given its own record to better document the issue.

This issue affects Mac OS X 10.4.11, 10.5 through 10.5.5, Server 10.4.11, and Server 10.5 through 10.5.5.

25. Apple Mac OS X Managed Client Screen Saver Lock Bypass Vulnerability
BugTraq ID: 32880
Remote: No
Last Updated: 2008-12-17
Relevant URL: http://www.securityfocus.com/bid/32880
Summary:
Apple Mac OS X is prone to a security-bypass vulnerability affecting managed client systems.

An attacker with physical access to affected computers may take advantage of this issue to bypass expected security measures. This may allow the attacker to obtain sensitive information or may aid in further attacks.

NOTE: This issue was previously covered in BID 32839 (Apple Mac OS X 2008-008 Multiple Security Vulnerabilities), but has been given its own record to better document the issue.

This issue affects Mac OS X 10.5 through 10.5.5 and Server 10.5 through 10.5.5.

26. Apple Mac OS X UDF ISO File Handling Denial of Service Vulnerability
BugTraq ID: 32872
Remote: Yes
Last Updated: 2008-12-17
Relevant URL: http://www.securityfocus.com/bid/32872
Summary:
Apple Mac OS X is prone to a denial-of-service vulnerability.

Attackers can exploit this issue to cause the computer to shut down, denying service to legitimate users.

This issue affects Mac OS X 10.4.11, Server 10.4.11, 10.5 through 10.5.5, and Server 10.5 through 10.5.5; earlier versions may also be vulnerable.

NOTE: This issue was previously covered in BID 32839 (Apple Mac OS X 2008-008 Multiple Security Vulnerabilities), but has been given its own record to better document the issue.

27. Multiple BSD Platforms 'strfmon()' Function Integer Overflow Weakness
BugTraq ID: 28479
Remote: Yes
Last Updated: 2008-12-18
Relevant URL: http://www.securityfocus.com/bid/28479
Summary:
Multiple BSD platforms are prone to an integer-overflow weakness.

An attacker can exploit this issue through other applications such as PHP to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.

This issue affects FreeBSD 6, 7 and NetBSD 4; other platforms may also be affected.

28. The Rat CMS Admin Security Bypass Vulnerability
BugTraq ID: 32816
Remote: Yes
Last Updated: 2008-12-18
Relevant URL: http://www.securityfocus.com/bid/32816
Summary:
The Rat CMS is prone to a security-bypass vulnerability.

An attacker can exploit this issue to bypass certain security restrictions and perform administrative tasks.

The Rat CMS Pre-Alpha 2 is affected; other versions may also be vulnerable.

29. Mediatheka 'index.php' Local File Include Vulnerability
BugTraq ID: 32815
Remote: Yes
Last Updated: 2008-12-18
Relevant URL: http://www.securityfocus.com/bid/32815
Summary:
Mediatheka is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.

An attacker can exploit this vulnerability to view files and execute local scripts in the context of the webserver process. This may aid in further attacks.

The issue affects Mediatheka 4.2; other versions may also be affected.

30. Evans FTP 'EvansFTP.ocx' ActiveX Control Multiple Remote Buffer Overflow Vulnerabilities
BugTraq ID: 32814
Remote: Yes
Last Updated: 2008-12-18
Relevant URL: http://www.securityfocus.com/bid/32814
Summary:
Evans FTP ActiveX control is prone to multiple remote buffer-overflow vulnerabilities because the application fails to perform adequate boundary checks on user-supplied data.

Successfully exploiting these issues allows remote attackers to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed exploit attempts will likely result in denial-of-service conditions.

31. Multiple ASP SiteWare Products SQL Injection Vulnerabilities
BugTraq ID: 32812
Remote: Yes
Last Updated: 2008-12-18
Relevant URL: http://www.securityfocus.com/bid/32812
Summary:
Multiple ASP SiteWare products are prone to SQL-injection vulnerabilities because they fail to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

The following applications are vulnerable:

RealtyListings 1
RealtyListings 2
AutoDealer 1
AutoDealer 2
HomeBuilder 1
HomeBuilder 2

32. FLDS Free Links Directory Script 'redir.php' SQL Injection Vulnerability
BugTraq ID: 32813
Remote: Yes
Last Updated: 2008-12-18
Relevant URL: http://www.securityfocus.com/bid/32813
Summary:
FLDS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

The issue affects FLDS 1.2a; other versions may also be affected.

33. PHP Weather Local File Include and Cross Site Scripting Vulnerabilities
BugTraq ID: 32820
Remote: Yes
Last Updated: 2008-12-18
Relevant URL: http://www.securityfocus.com/bid/32820
Summary:
PHP Weather is prone to a local file-include vulnerability and a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.

An attacker can exploit the local file-include vulnerability using directory-traversal strings to view and execute local files within the context of the webserver process. Information harvested may aid in further attacks.

The attacker may leverage the cross-site scripting issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.

PHP Weather 2.2.2 is vulnerable; other versions may also be affected.

34. Mozilla Firefox/Thunderbird/SeaMonkey Multiple Remote Vulnerabilities
BugTraq ID: 32882
Remote: Yes
Last Updated: 2008-12-18
Relevant URL: http://www.securityfocus.com/bid/32882
Summary:
The Mozilla Foundation has released multiple security advisories specifying various vulnerabilities in Mozilla Firefox, Thunderbird, and SeaMonkey.

Attackers can exploit these issues to bypass same-origin restrictions, obtain potentially sensitive information, help launch cross-site scripting attacks, and execute arbitrary script code with elevated privileges; other attacks are also possible.

35. JasPer 1.900.1 Multiple Vulnerabilities
BugTraq ID: 31470
Remote: Yes
Last Updated: 2008-12-18
Relevant URL: http://www.securityfocus.com/bid/31470
Summary:
JasPer is prone to multiple vulnerabilities, including a buffer-overflow vulnerability, a temporary file race condition, and multiple integer-overflow vulnerabilities.

Successful exploits may allow attackers to execute arbitrary code with the privileges of a user running the software. Failed exploit attempts are likely to cause denial-of-service conditions.

JasPer 1.900.1 is vulnerable; other versions may also be affected.

36. MPlayer TwinVQ Handling Stack Buffer Overflow Vulnerability
BugTraq ID: 32822
Remote: Yes
Last Updated: 2008-12-18
Relevant URL: http://www.securityfocus.com/bid/32822
Summary:
MPlayer is prone to a stack-based buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied input.

Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.

This issue affects MPlayer 1.0rc2; other versions may also be affected.

37. icash Click&Rank 'user.asp' Cross Site Scripting Vulnerability
BugTraq ID: 32855
Remote: Yes
Last Updated: 2008-12-18
Relevant URL: http://www.securityfocus.com/bid/32855
Summary:
Click&Rank from icash is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

38. icash ClickAndEmail SQL Injection and Cross Site Scripting Vulnerabilities
BugTraq ID: 32857
Remote: Yes
Last Updated: 2008-12-18
Relevant URL: http://www.securityfocus.com/bid/32857
Summary:
ClickAndEmail from icash is prone to multiple SQL-injection vulnerabilities and a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.

Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

39. icash Click&BaneX Multiple SQL Injection Vulnerabilities
BugTraq ID: 32856
Remote: Yes
Last Updated: 2008-12-18
Relevant URL: http://www.securityfocus.com/bid/32856
Summary:
Click&BaneX from icash is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

40. icash Click&Rank Multiple SQL Injection Vulnerabilities
BugTraq ID: 32854
Remote: Yes
Last Updated: 2008-12-18
Relevant URL: http://www.securityfocus.com/bid/32854
Summary:
Click&Rank from icash is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

41. Flatnux 'photo.php' Multiple Cross Site Scripting Vulnerabilities
BugTraq ID: 32828
Remote: Yes
Last Updated: 2008-12-18
Relevant URL: http://www.securityfocus.com/bid/32828
Summary:
Flatnux is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

42. Flatnux 'index.php' HTML Injection Vulnerability
BugTraq ID: 32826
Remote: Yes
Last Updated: 2008-12-18
Relevant URL: http://www.securityfocus.com/bid/32826
Summary:
Flatnux is prone to a HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied data.

Attacker-supplied HTML or JavaScript code could run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials and to control how the site is rendered to the user; other attacks are also possible.

43. BadBlue Directory Traversal and Buffer Overflow Vulnerability
BugTraq ID: 26803
Remote: Yes
Last Updated: 2008-12-18
Relevant URL: http://www.securityfocus.com/bid/26803
Summary:
BadBlue is prone to a directory-traversal vulnerability and a buffer-overflow vulnerability.

An attacker can exploit these issues to upload arbitrary files outside the destination folder (and potentially overwrite existing files), execute arbitrary code within the context of the affected application, or crash the affected application.

BadBlue 2.72b is vulnerable; prior versions may also be affected.

44. Apache Tomcat UTF-8 Directory Traversal Vulnerability
BugTraq ID: 30633
Remote: Yes
Last Updated: 2008-12-18
Relevant URL: http://www.securityfocus.com/bid/30633
Summary:
Apache Tomcat is prone to a directory-traversal vulnerability because the application fails to sufficiently sanitize user-supplied input.

Exploiting this issue will allow an attacker to view arbitrary local files within the context of the webserver. Information harvested may aid in launching further attacks.

UPDATE (December, 18, 2008): Reports indicate that this issue may affect additional, unspecified Java Virtual Machine (JVM) implementations distributed by Sun, HP, IBM, Apple, and Apache. We will update this BID as more information becomes available.

The following versions are affected:

Tomcat 4.1.0 to 4.1.37
Tomcat 5.5.0 to 5.5.26
Tomcat 6.0.0 to 6.0.17

45. Apache 'mod_proxy_ftp' Wildcard Characters Cross-Site Scripting Vulnerability
BugTraq ID: 30560
Remote: Yes
Last Updated: 2008-12-18
Relevant URL: http://www.securityfocus.com/bid/30560
Summary:
The Apache 'mod_proxy_ftp' module is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

This issue is reported to affect Apache 2.0.63 and 2.2.9; other versions may also be affected.

46. Sun Java Runtime Environment Font Processing Buffer Overflow Vulnerability
BugTraq ID: 30147
Remote: Yes
Last Updated: 2008-12-18
Relevant URL: http://www.securityfocus.com/bid/30147
Summary:
Sun Java Runtime Environment is prone to a buffer-overflow vulnerability when running untrusted applications or applets.

Successful exploits may allow attackers to read, write, or execute arbitrary local files in the context of the user running an untrusted application. This may result in a compromise of the underlying system.

This issue affects the following versions on Solaris, Windows, and Linux:

JDK and JRE 5.0 Update 9 and earlier
SDK and JRE 1.4.2_17 and earlier
SDK and JRE 1.3.1_22 and earlier

47. Apache HTTP Server 2.2.6, 2.0.61 and 1.3.39 'mod_status' Cross-Site Scripting Vulnerability
BugTraq ID: 27237
Remote: Yes
Last Updated: 2008-12-18
Relevant URL: http://www.securityfocus.com/bid/27237
Summary:
The Apache HTTP Server 'mod_status' module is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. Reportedly, attackers can also use this issue to redirect users' browsers to arbitrary locations, which may aid in phishing attacks.

The issue affects versions prior to Apache 2.2.7-dev, 2.0.62-dev, and 1.3.40-dev.

48. Apache 'mod_proxy_http' Interim Response Denial of Service Vulnerability
BugTraq ID: 29653
Remote: Yes
Last Updated: 2008-12-18
Relevant URL: http://www.securityfocus.com/bid/29653
Summary:
The Apache 'mod_proxy_http' module is prone to a denial-of-service vulnerability that affects the processing of interim responses.

Attackers may exploit this issue to cause denial-of-service conditions.

Reportedly, the issue affects Apache 2.2.8 and 2.0.63; other versions may also be affected.

49. Sun Solaris IP Tunnel Param Local Code Execution Vulnerability
BugTraq ID: 32904
Remote: No
Last Updated: 2008-12-18
Relevant URL: http://www.securityfocus.com/bid/32904
Summary:
Sun Solaris is prone to a local code-execution vulnerability.

Attackers can exploit this issue to execute arbitrary code within the context of the kernel on x86 systems. Successful exploits may completely compromise the vulnerable system.

On all architectures, attackers can exploit this issue to create a denial-of-service condition.

This issue affects the following on both x86 and SPARC platforms:

Solaris 10
OpenSolaris based on builds snv_01 through snv_76

50. Vinagre 'vinarge_utils_show_error()' Function Format String Vulnerability
BugTraq ID: 32682
Remote: Yes
Last Updated: 2008-12-18
Relevant URL: http://www.securityfocus.com/bid/32682
Summary:
Vinagre is prone to a remote format-string vulnerability because it fails to sufficiently sanitize user-supplied input before using it in a formatted-printing function.

An attacker can exploit this issue by enticing an unsuspecting victim to open a malicious '.vnc' file.

Successfully exploiting this issue will allow attackers to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely crash the application.

51. Simple Text-File Login script 'slogin_lib.inc.php' Remote File Include Vulnerability
BugTraq ID: 32811
Remote: Yes
Last Updated: 2008-12-18
Relevant URL: http://www.securityfocus.com/bid/32811
Summary:
Simple Text-File Login script (SiTeFiLo) is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied input.

Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible.

SiTeFiLo 1.0.6 is vulnerable; other versions may also be affected.

52. Citrix Broadcast Server Unspecified SQL Injection Vulnerability
BugTraq ID: 32832
Remote: Yes
Last Updated: 2008-12-18
Relevant URL: http://www.securityfocus.com/bid/32832
Summary:
Citrix Broadcast Server is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Versions prior to the following are vulnerable:

Broadcast Server 6.1 for Citrix Application Gateway
Broadcast Server 2.0 for Avaya AG250

53. Microsoft Word Malformed Record Value Remote Code Execution Vulnerability
BugTraq ID: 32584
Remote: Yes
Last Updated: 2008-12-18
Relevant URL: http://www.securityfocus.com/bid/32584
Summary:
Microsoft Word is prone to a remote code-execution vulnerability.

An attacker can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts will likely result in denial-of-service conditions.

54. Sun Java Runtime Environment Multiple Security Vulnerabilities
BugTraq ID: 30144
Remote: Yes
Last Updated: 2008-12-18
Relevant URL: http://www.securityfocus.com/bid/30144
Summary:
A privilege-escalation issue and an information-disclosure issue affect multiple implementations of Java Runtime Environment (JRE).

Sun has released an advisory addressing these vulnerabilities in the following software:

JDK and JRE 6 Update 6 and earlier.

55. Sun Java Runtime Environment Multiple Unspecified Same Origin Policy Violation Vulnerabilities
BugTraq ID: 30140
Remote: Yes
Last Updated: 2008-12-18
Relevant URL: http://www.securityfocus.com/bid/30140
Summary:
Sun Java Runtime Environment is prone to multiple unspecified vulnerabilities that allow attackers to bypass the same-origin policy. This issue occurs because the application fails to properly enforce the same-origin policy for Java applets.

An attacker may create a malicious applet that is loaded from a remote system to circumvent network access restrictions.

The following are affected:

JDK and JRE 6 Update 6 and earlier
JDK and JRE 5.0 Update 15 and earlier
SDK and JRE 1.4.2_17 and earlier
SDK and JRE 1.3.x_22 and earlier

56. Sun Java SE Java Management Extensions (JMX) Unspecified Unauthorized Access Vulnerability
BugTraq ID: 30146
Remote: Yes
Last Updated: 2008-12-18
Relevant URL: http://www.securityfocus.com/bid/30146
Summary:
JMX is prone to an unspecified unauthorized-access vulnerability.

The vulnerability allows a JMX client to perform unauthorized actions on a computer running JMX with local monitoring enabled.

The issue affects the following versions for Windows, Solaris, and Linux:

JDK and JRE 6 Update 6 and earlier
JDK and JRE 5.0 Update 15 and earlier

57. Sun Java Runtime Environment XML Data Processing Multiple Vulnerabilities
BugTraq ID: 30143
Remote: Yes
Last Updated: 2008-12-18
Relevant URL: http://www.securityfocus.com/bid/30143
Summary:
Sun Java Runtime Environment is prone to multiple remote vulnerabilities.

An attacker can exploit these issues to obtain sensitive information or crash the affected application, denying service to legitimate users.

These issues affect the following versions on Solaris, Linux, and Windows platforms:

JDK and JRE 6 Update 6 and earlier
JDK and JRE 5.0 Update 15 and earlier

58. Quassel Core CTCP Ping Input Validation Vulnerability
BugTraq ID: 31973
Remote: Yes
Last Updated: 2008-12-18
Relevant URL: http://www.securityfocus.com/bid/31973
Summary:
Quassel Core is prone to an input-validation issue that lets attackers hijack

An attacker may exploit this issue to execute arbitrary IRC commands as a user of the vulnerable application. This may aid in further attacks.

This issue exists in versions prior to Quassel Core 3.0.3.

59. TYPO3 Core Multiple Cross Site Scripting Vulnerabilities
BugTraq ID: 32284
Remote: Yes
Last Updated: 2008-12-18
Relevant URL: http://www.securityfocus.com/bid/32284
Summary:
TYPO3 is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input.

Attacker-supplied HTML and script code would execute in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials.

TYPO3 4.2.0 up to and including 4.2.2 are affected.

60. MyioSoft EasyBookMarker 'bookmarker_backend.php' SQL Injection Vulnerability
BugTraq ID: 32200
Remote: Yes
Last Updated: 2008-12-18
Relevant URL: http://www.securityfocus.com/bid/32200
Summary:
EasyBookMarker is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

EasyBookMarker 4.0 is vulnerable; other versions may also be affected.

61. Multiple MyioSoft Products Login Screen SQL Injection Vulnerability
BugTraq ID: 32199
Remote: Yes
Last Updated: 2008-12-18
Relevant URL: http://www.securityfocus.com/bid/32199
Summary:
Multiple MyioSoft products are prone to an SQL-injection vulnerability because they fail to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

The following products are affected:

Ajax Portal 3.0
EasyBookMarker
EasyCalendar

Other products and versions may also be affected.

62. AlstraSoft Web Host Directory 'Password' Parameter SQL Injection Vulnerability
BugTraq ID: 32298
Remote: Yes
Last Updated: 2008-12-18
Relevant URL: http://www.securityfocus.com/bid/32298
Summary:
AlstraSoft Web Host Directory is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

This issue affects Web Host Directory 1.2; other versions may also be vulnerable.

63. Lito Lite 'cate.php' SQL Injection Vulnerability
BugTraq ID: 32538
Remote: Yes
Last Updated: 2008-12-18
Relevant URL: http://www.securityfocus.com/bid/32538
Summary:
Lito Lite is prone to an SQL-injection vulnerability because it fails to adequately sanitize user-supplied data.

A successful exploit may allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

64. PHP ZipArchive::extractTo() '.zip' Files Directory Traversal Vulnerability
BugTraq ID: 32625
Remote: Yes
Last Updated: 2008-12-18
Relevant URL: http://www.securityfocus.com/bid/32625
Summary:
PHP is prone to a directory-traversal vulnerability because the application fails to adequately sanitize user-supplied input.


A successful attack may allow an attacker to create or overwrite arbitrary files on the system. This may allow arbitrary script code to run in the context of the webserver.

PHP 5.2.6 and prior versions are vulnerable.

65. ActiveWebSoftwares Active Bids 'bidhistory.asp' SQL Injection Vulnerability
BugTraq ID: 32544
Remote: Yes
Last Updated: 2008-12-18
Relevant URL: http://www.securityfocus.com/bid/32544
Summary:
ActiveWebSoftwares Active Bids is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data.

A successful exploit may allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Active Bids 3.5 is vulnerable; other versions may also be affected.

66. ActiveWebSoftwares Active Price Comparison 'links.asp' SQL Injection Vulnerability
BugTraq ID: 32550
Remote: Yes
Last Updated: 2008-12-18
Relevant URL: http://www.securityfocus.com/bid/32550
Summary:
ActiveWebSoftwares Active Price Comparison is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data.

A successful exploit may allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Active Price Comparison 4 is vulnerable; other versions may also be affected.

67. Multiple ActiveWebSoftwares Products Login Parameters SQL Injection Vulnerabilities
BugTraq ID: 32533
Remote: Yes
Last Updated: 2008-12-18
Relevant URL: http://www.securityfocus.com/bid/32533
Summary:
Multiple ActiveWebSoftwares products are prone to SQL-injection vulnerabilities because they fail to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

The following applications are vulnerable:

ActiveVotes 2.2
Active Force Matrix 2
Active Trade 2
Active Price Comparison 4
Active Test 2.1
eWebQuiz 8
Active Newsletter 4.3
Active Web Mail 4
Active Websurvey 9.1
Active Membership 2
Active Web Helpdesk 2
Active Photo Gallery 6.2
Active Time Billing 3.2

68. Sun Solaris IPv4 Forwarding Denial of Service Vulnerability
BugTraq ID: 32861
Remote: Yes
Last Updated: 2008-12-18
Relevant URL: http://www.securityfocus.com/bid/32861
Summary:
Sun Solaris is prone to a denial-of-service vulnerability.

A remote attacker can exploit this issue to panic the system, denying service to legitimate users.

The following versions are affected:

Solaris 10 with patch 120011-14(SPARC) or 120012-14 (x86)
OpenSolaris based on builds snv_47 through snv_82

69. Multiple Vendor DNS Protocol Insufficient Transaction ID Randomization DNS Spoofing Vulnerability
BugTraq ID: 30131
Remote: Yes
Last Updated: 2008-12-18
Relevant URL: http://www.securityfocus.com/bid/30131
Summary:
Multiple vendors' implementations of the DNS protocol are prone to a DNS-spoofing vulnerability because the software fails to securely implement random values when performing DNS queries.

Successfully exploiting this issue allows remote attackers to spoof DNS replies, allowing them to redirect network traffic and to launch man-in-the-middle attacks.

This issue affects Microsoft Windows DNS Clients and Servers, ISC BIND 8 and 9, and multiple Cisco IOS releases; other DNS implementations may also be vulnerable.

70. SquirrelMail Insecure Cookie Disclosure Weakness
BugTraq ID: 31321
Remote: Yes
Last Updated: 2008-12-18
Relevant URL: http://www.securityfocus.com/bid/31321
Summary:
SquirrelMail is prone to a cookie-disclosure weakness.

An attacker may leverage this issue to obtain sensitive information, steal cookie-based authentication credentials, and carry out session-hijacking attacks; other attacks are also possible.

SquirrelMail 1.4.15 is vulnerable; other versions may also be affected.

71. CUPS PNG Filter '_cupsImageReadPNG()' Integer Overflow Vulnerability
BugTraq ID: 32518
Remote: Yes
Last Updated: 2008-12-18
Relevant URL: http://www.securityfocus.com/bid/32518
Summary:
CUPS is prone to an integer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied PNG image sizes before using them to allocate memory buffers.

Successful exploits may allow attackers to execute arbitrary code with the privileges of a user running the utilities. Failed exploit attempts likely cause denial-of-service conditions.

Versions prior to CUPS 1.3.10 are vulnerable.

72. FlexPHPNews Username and Password SQL Injection Vulnerabilities
BugTraq ID: 32810
Remote: Yes
Last Updated: 2008-12-18
Relevant URL: http://www.securityfocus.com/bid/32810
Summary:
FlexPHPNews is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

FlexPHPNews 0.0.6 and FlexPHPNews Pro 0.0.6 are vulnerable; other versions may also be affected.

73. Joomla Live Chat Multiple SQL Injection and Open Proxy Vulnerabilities
BugTraq ID: 32803
Remote: Yes
Last Updated: 2008-12-18
Relevant URL: http://www.securityfocus.com/bid/32803
Summary:
Joomla Live Chat is prone to multiple SQL-injection vulnerabilities and an open-proxy vulnerability because the application fails to sufficiently sanitize user-supplied input.

Exploiting these issues could allow attackers to perform certain proxy actions, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

74. Tmax Soft JEUS Alternate Data Stream Source Code Information Disclosure Vulnerability
BugTraq ID: 32804
Remote: Yes
Last Updated: 2008-12-18
Relevant URL: http://www.securityfocus.com/bid/32804
Summary:
Tmax Soft JEUS is prone to a vulnerability that allows attackers to access source code because the application fails to properly sanitize user-supplied input.

An attacker can exploit this vulnerability to retrieve arbitrary files from the vulnerable computer in the context of the webserver process. Information obtained may aid in further attacks.

Versions prior to JEUS 6 are vulnerable.

75. Moodle 'texed.php' Remote Command Execution Vulnerability
BugTraq ID: 32801
Remote: Yes
Last Updated: 2008-12-18
Relevant URL: http://www.securityfocus.com/bid/32801
Summary:
Moodle s prone to a vulnerability that attackers can leverage to execute arbitrary commands. This issue occurs because the application fails to adequately sanitize user-supplied input.

Successful attacks can compromise the affected application and possibly the underlying computer.

Moodle 1.9.3 is vulnerable; other versions may also be affected.

76. chuggnutt.com HTML to Plain Text Conversion Remote Code Execution Vulnerability
BugTraq ID: 32799
Remote: Yes
Last Updated: 2008-12-18
Relevant URL: http://www.securityfocus.com/bid/32799
Summary:
The HTML to Plain Text Conversion class from chuggnutt.com is prone to a remote code-execution vulnerability.

Attackers can exploit this issue to inject and execute malicious server-side script in the context of the application using the vulnerable class. Successful exploits will compromise the affected application and possibly the underlying computer.

The issue affects version 1.0 of the class; other versions may also be affected.

Note that this issue was initially reported in Roundcube Webmail. RoundCube Webmail 0.2-1 alpha, 0.2-2 beta, and possibly other versions are vulnerable because they use the vulnerable HTML to Plain Text Conversion class.

77. Sun Java Web Start and Java Plug-in Multiple Privilege Escalation Vulnerabilities
BugTraq ID: 32620
Remote: Yes
Last Updated: 2008-12-18
Relevant URL: http://www.securityfocus.com/bid/32620
Summary:
Sun Java Web Start and Java Plug-in are prone to multiple privilege-escalation vulnerabilities.

Successful exploits may allow attackers to violate the same-origin policy, obtain sensitive information, bypass security, or read, write, and execute arbitrary files in the context of the user running a vulnerable application. This may result in a compromise of the underlying system.

This issue affects the following versions:

JDK and JRE 6 Update 10 and earlier
JDK and JRE 5.0 Update 16 and earlier
SDK and JRE 1.4.2_18 and earlier
SDK and JRE 1.3.1_23 and earlier

78. Sun Java Web Start and Java Plug-in JAR File Privilege Escalation Vulnerability
BugTraq ID: 32892
Remote: Yes
Last Updated: 2008-12-18
Relevant URL: http://www.securityfocus.com/bid/32892
Summary:
Sun Java Web Start and Java Plug-in are prone to a privilege-escalation vulnerability.

This issue occurs when the affected applications parse a JAR file that is also a legitimate GIF image file.

An attacker may exploit this issue to obtain sensitive information (such as HTTP session cookies) or to perform actions as legitimate users of a web application. This may aid in further attacks.

NOTE: This issue was previously covered in BID 32620 (Sun Java Web Start and Java Plug-in Multiple Privilege Escalation Vulnerabilities), but has been given its own record to better document the issue.

This issue affects the following versions:

JDK and JRE 6 Update 10 and earlier
JDK and JRE 5.0 Update 16 and earlier
SDK and JRE 1.4.2_18 and earlier
SDK and JRE 1.3.1_23 and earlier

79. r.cms Multiple SQL Injection Vulnerabilities
BugTraq ID: 32900
Remote: Yes
Last Updated: 2008-12-18
Relevant URL: http://www.securityfocus.com/bid/32900
Summary:
r.cms is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

r.cms 2 is vulnerable to the issue; other versions may also be affected.

80. IBM Tivoli Provisioning Manager Security Bypass Vulnerability
BugTraq ID: 32824
Remote: Yes
Last Updated: 2008-12-18
Relevant URL: http://www.securityfocus.com/bid/32824
Summary:
IBM Tivoli Provisioning Manager is prone to an unspecified security-bypass vulnerability.

Attackers may be able to exploit this vulnerability to bypass the SOAP authentication mechanism and run SOAP commands.

This issue affects versions prior to Tivoli Provisioning Manager 5.1.1.1 with Interim Fix IF0006 applied.

81. Ruby 'regex.c' Remote Denial Of Service Vulnerability
BugTraq ID: 30682
Remote: Yes
Last Updated: 2008-12-18
Relevant URL: http://www.securityfocus.com/bid/30682
Summary:
Ruby is prone to a remote denial-of-service vulnerability.

Successful exploits may allow remote attackers to cause denial-of-service conditions in applications that use the vulnerable library or functions.

Versions up to and including Ruby 1.9.0-3 are vulnerable.

82. Ruby REXML Remote Denial Of Service Vulnerability
BugTraq ID: 30802
Remote: Yes
Last Updated: 2008-12-18
Relevant URL: http://www.securityfocus.com/bid/30802
Summary:
Ruby is prone to a remote denial-of-service vulnerability in its REXML module.

Successful exploits may allow remote attackers to cause denial-of-service conditions in applications that use the vulnerable module.

Versions up to and including Ruby 1.9.0-3 are vulnerable.

83. Ruby Multiple Security Bypass and Denial of Service Vulnerabilities
BugTraq ID: 30644
Remote: Yes
Last Updated: 2008-12-18
Relevant URL: http://www.securityfocus.com/bid/30644
Summary:
Ruby is prone to multiple vulnerabilities that can be leveraged to bypass security restrictions or cause a denial of service:

- Multiple security-bypass vulnerabilities occur because of errors in the 'safe level' restriction implementation. Attackers can leverage these issues to make insecure function calls and perform 'Syslog' operations.

- An error affecting 'WEBrick::HHTP::DefaultFileHandler' can exhaust system resources and deny service to legitimate users.

- A flaw in 'dl' can allow attackers to call unauthorized functions.

Attackers can exploit these issues to perform unauthorized actions on affected applications. This may aid in compromising the application and possibly the underlying computers. Attackers can also cause denial-of-service conditions.

These issues affect Ruby 1.8.5, 1.8.6-p286, 1.8.7-p71, and 1.9 r18423. Prior versions are also vulnerable.

84. Ruby 'resolv.rb' Predictable Transaction ID and Source Port DNS Spoofing Vulnerability
BugTraq ID: 31699
Remote: Yes
Last Updated: 2008-12-18
Relevant URL: http://www.securityfocus.com/bid/31699
Summary:
Ruby is prone to a DNS-spoofing vulnerability because the software fails to securely implement random values when performing DNS queries.

Successfully exploiting this issue allows remote attackers to spoof DNS replies, allowing them to redirect network traffic and to launch man-in-the-middle attacks.

The following versions of Ruby are affected:

1.8.5 and prior
1.8.6-p286 and prior
1.8.7-p71 and prior
1.9 r18423 and prior

85. ClamAV 'cli_check_jpeg_exploit' Function Malformed JPEG File Remote Denial Of Service Vulnerability
BugTraq ID: 32555
Remote: Yes
Last Updated: 2008-12-18
Relevant URL: http://www.securityfocus.com/bid/32555
Summary:
ClamAV is prone to a denial-of-service vulnerability.

Attackers can exploit this issue to cause denial-of-service conditions. Given the nature of this issue, attackers may also be able to run arbitrary code, but this has not been confirmed.

Versions prior to ClamAV 0.94.2 are vulnerable.

86. Little CMS Buffer Overflow and Integer Signedness Vulnerabilities
BugTraq ID: 32708
Remote: Yes
Last Updated: 2008-12-18
Relevant URL: http://www.securityfocus.com/bid/32708
Summary:
Little CMS is prone to a buffer-overflow vulnerability because it fails to perform adequate checks on user-supplied input. The application is also prone to an integer-signedness issue.

Attackers may leverage one of these issues to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.

The buffer-overflow issue affects all versions prior to Little CMS 1.16. The integer-signedness affects all versions prior to 1.17.

87. unscripts UN Webmaster Marketplace 'member.php' SQL Injection Vulnerability
BugTraq ID: 32756
Remote: Yes
Last Updated: 2008-12-18
Relevant URL: http://www.securityfocus.com/bid/32756
Summary:
UN Webmaster Marketplace from unscripts is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

88. phpMyAdmin 'table' Parameter SQL Injection Vulnerability
BugTraq ID: 32720
Remote: Yes
Last Updated: 2008-12-18
Relevant URL: http://www.securityfocus.com/bid/32720
Summary:
phpMyAdmin is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Authentication is required to access these scripts, but attackers may also make use of cross-site-request-forgery attacks to exploit this issue.

This issue affects versions prior to phpMyAdmin 2.11.9.4 and 3.1.1.0.

89. Drupal Deleted Input Format HTML Injection Vulnerability
BugTraq ID: 32778
Remote: Yes
Last Updated: 2008-12-18
Relevant URL: http://www.securityfocus.com/bid/32778
Summary:
Drupal is prone to an HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied input data before using it in dynamically generated content.

Attacker-supplied HTML and script code would run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.

Versions prior to Drupal 5.13 and 6.7 are affected.

90. Realtek Media Player Playlist Buffer Overflow Vulnerability
BugTraq ID: 32860
Remote: Yes
Last Updated: 2008-12-18
Relevant URL: http://www.securityfocus.com/bid/32860
Summary:
Realtek Media Player(RtlRack) is prone to a buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied input.

Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.

This issue affects Realtek Media Player A4.06; other versions may also be affected.

91. Hitachi JP1/Integrated Management - Service Support Unspecified Cross-Site Scripting Vulnerability
BugTraq ID: 32834
Remote: Yes
Last Updated: 2008-12-18
Relevant URL: http://www.securityfocus.com/bid/32834
Summary:
Hitachi JP1/Integrated Management - Service Support is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

This issue affects Hitachi JP1/Integrated Management - Service Support for Windows platforms.

92. Hitachi Web Server Multiple Vulnerabilities
BugTraq ID: 22234
Remote: Yes
Last Updated: 2008-12-18
Relevant URL: http://www.securityfocus.com/bid/22234
Summary:
Hitachi Web Server is prone to multiple vulnerabilities.

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user or to bypass certain security restrictions. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

93. F-PROT Antivirus for Linux ELF File Scanning Denial of Service Vulnerability
BugTraq ID: 32753
Remote: Yes
Last Updated: 2008-12-18
Relevant URL: http://www.securityfocus.com/bid/32753
Summary:
F-PROT Antivirus for Linux is a virus scanning application for the Linux operating system.

The application is prone to a denial-of-service vulnerability because it fails to handle malformed files.

Successfully exploits will crash the affected application, resulting in a denial-of-service condition. Given the nature of this issue, code execution may be possible, but this has not been confirmed.

F-PROT Antivirus for Linux 4.6.8 is vulnerable; other versions may also be affected.

94. Multiple Linux Distributions 'login' Local Privilege Escalation Vulnerability
BugTraq ID: 32552
Remote: No
Last Updated: 2008-12-18
Relevant URL: http://www.securityfocus.com/bid/32552
Summary:
Multiple Linux distributions a local privilege-escalation vulnerability because of an error in the 'login' program.

Local attackers in the UTMP group could exploit this issue to take ownership of arbitrary files on the vulnerable system. This may lead to a complete compromise of the system.

95. Adobe Flash Player Multiple Security Vulnerabilities
BugTraq ID: 32129
Remote: Yes
Last Updated: 2008-12-18
Relevant URL: http://www.securityfocus.com/bid/32129
Summary:
Adobe Flash Player is prone to multiple security vulnerabilities.

Attackers can exploit these issues to obtain sensitive information, steal cookie-based authentication credentials, control how webpages are rendered, execute arbitrary script code in the context of the application, and execute arbitrary code in the context of the application. Other attacks may also be possible.

These issues affect Flash Player 9.0.124.0 and prior versions.

96. Adobe Flash Player Unspecified Remote Security Vulnerability
BugTraq ID: 32896
Remote: Yes
Last Updated: 2008-12-18
Relevant URL: http://www.securityfocus.com/bid/32896
Summary:
Adobe Flash Player is prone to an unspecified security vulnerability.

Remote attackers may exploit this vulnerability to compromise an affected computer.

No further technical details are currently available. We will update this BID as more information emerges.

This issue affects Flash Player on Linux platforms.

Versions prior to Flash Player 10.0.15.3 and 9.0.152.0 are vulnerable.

97. Microsoft SQL Server 'sp_replwritetovarbin' Remote Memory Corruption Vulnerability
BugTraq ID: 32710
Remote: Yes
Last Updated: 2008-12-18
Relevant URL: http://www.securityfocus.com/bid/32710
Summary:
Microsoft SQL Server is prone to a remote memory-corruption vulnerability because it fails to properly handle user-supplied input.

Authenticated attackers can exploit this issue to execute arbitrary code and completely compromise affected computers. Failed attacks will likely cause denial-of-service conditions.

The issue affects the following:

Microsoft SQL Server 2000
Microsoft SQL Server 2005

98. libgadu Contact Description Remote Buffer Overflow Vulnerability
BugTraq ID: 31951
Remote: Yes
Last Updated: 2008-12-18
Relevant URL: http://www.securityfocus.com/bid/31951
Summary:
The 'libgadu' library is prone to a remote buffer-overflow vulnerability.

An attacker can exploit this issue by enticing an unsuspecting user into connecting to a malicious Gadu-Gadu server. Successful attacks will allow arbitrary code to run within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.

Versions prior to libgadu 1.8.2 are vulnerable. Additional applications that use this library may also be vulnerable.

99. MySQL Calendar Cookie Authentication Bypass Vulnerability
BugTraq ID: 32914
Remote: Yes
Last Updated: 2008-12-18
Relevant URL: http://www.securityfocus.com/bid/32914
Summary:
MySQL Calendar is prone to an authentication-bypass vulnerability because it fails to adequately verify user-supplied input used for cookie-based authentication.

Attackers can exploit this vulnerability to gain unauthorized access to the affected application, which may aid in further attacks.

MySQL Calendar 1.1 is vulnerable; other versions may also be affected.

100. 2532|Gigs 'index.php' SQL Injection Vulnerability
BugTraq ID: 32913
Remote: Yes
Last Updated: 2008-12-18
Relevant URL: http://www.securityfocus.com/bid/32913
Summary:
2532|Gigs is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

2532|Gigs 1.2.2 is vulnerable; other versions may also be affected.

III. SECURITYFOCUS NEWS ARTICLES
--------------------------------
1. Commission calls for cybersecurity czar
By: Robert Lemos
A group of technology and government experts warns that, without significant changes to the U.S. approach to cyberspace, foreign companies and other nations will continue to steal valuable technologies.
http://www.securityfocus.com/news/11540

2. Microsoft hopes free security means less malware
By: Robert Lemos
The software giant says shutting down Windows Live OneCare to release the software as a free tool could make consumers more secure.
http://www.securityfocus.com/news/11538

3. Researchers find more flaws in wireless security
By: Robert Lemos
Two security experts plan to show a limited attack against the popular Wi-Fi Protected Access (WPA) -- a replacement for insecure WEP -- at a conference in Tokyo.
http://www.securityfocus.com/news/11537

4. Secure hash competition kicks off
By: Robert Lemos
Dozens of amateur and professional cryptographers have joined the United States' first open competition for creating an uncrackable algorithm for generating hashes -- the digital fingerprints widely used in a variety of security functions.
http://www.securityfocus.com/news/11536

IV. SECURITY JOBS LIST SUMMARY
-------------------------------
V. INCIDENTS LIST SUMMARY
---------------------------
VI. VULN-DEV RESEARCH LIST SUMMARY
-----------------------------------
VII. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. SecurityFocus Microsoft Newsletter #423
http://www.securityfocus.com/archive/88/499173

VIII. SUN FOCUS LIST SUMMARY
----------------------------
IX. LINUX FOCUS LIST SUMMARY
----------------------------
X. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to sf-news-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.

XI. SPONSOR INFORMATION
------------------------
This issue is sponsored by Purewire

NEW! White Paper:
"Hackers Announce Open Season on Web 2.0 Users and Browsers"

Learn how hackers are exploiting your employees Web surfing to gain entry into your network. Drive-by Downloads, Click Jacking, AJAX, XSS and Browser vulns are just some of the nasty attack methods hackers are coming up with and it's no longer good enough to block known bad URL's.
Download this white paper now to mitigate your online security risks.
http://www.purewire.com/lp/sec

No comments:

Blog Archive