WINDOWS CENTER: SecurityFocus Newsletter #486

SecurityFocus Newsletter #486
----------------------------------------

This issue is sponsored by the Purewire

NEW! White Paper: "Hackers Announce Open Season on Web 2.0 Users and Browsers"

Learn how hackers are exploiting your employees Web surfing to gain entry into your network. Drive-by Downloads, Click Jacking, AJAX, XSS and Browser vulns are just some of the nasty attack methods hackers are coming up with and it's no longer good enough to block known bad URL's. Download this white paper now to mitigate your online security risks.

SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1.The Drew Verdict Makes Us All Hackers
2.MD5 Hack Interesting, But Not Threatening
II. BUGTRAQ SUMMARY
1. Multiple Browsers JavaScript Engine Cross Domain Information Disclosure Vulnerability
2. Oracle January 2009 Critical Patch Update Multiple Vulnerabilities
3. BlackBerry Attachment Service PDF Distiller 'bitmaps' Remote Buffer Overflow Vulnerability
4. HP Linux Imaging and Printing System 'hplip.postinst' Local Privilege Escalation Vulnerability
5. BlackBerry Attachment Service PDF Distiller Uninitialized Heap Memory Code Execution Vulnerability
6. Joomla! Portfol Component 'vcatid' Parameter SQL Injection Vulnerability
7. Joomla! 'com_xevidmegahd' Component 'catid' Parameter SQL Injection Vulnerability
8. OpenOffice WMF and EMF File Handling Multiple Heap Based Buffer Overflow Vulnerabilities
9. Samba Arbitrary Memory Contents Information Disclosure Vulnerability
10. BlackBerry Attachment Service PDF Distiller Remote Buffer Overflow Vulnerability
11. Microsoft Word RTF Malformed String Remote Code Execution Vulnerability
12. Microsoft Word RTF Multiple Drawing Object Tags Remote Code Execution Vulnerability
13. Microsoft Windows Media Components ISATAP URL Handling Information Disclosure Vulnerability
14. Microsoft Windows Media Components 'Service Principle Name' Remote Code Execution Vulnerability
15. Git gitweb Unspecified Remote Command Execution Vulnerability
16. Office Viewer OCX ActiveX Control 'Open()' Method Arbitrary Command Execution Vulnerability
17. pam_krb5 Existing Ticket Configuration Option Local Privilege Escalation Vulnerability
18. Microsoft Word RTF Malformed Control Word Variant 2 Remote Code Execution Vulnerability
19. Microsoft Word RTF '\do' Drawing Object Remote Heap Memory Corruption Vulnerability
20. Microsoft Word Malformed Record Value Remote Code Execution Vulnerability
21. Microsoft Word RTF Polyline/Polygon Integer Overflow Vulnerability
22. Microsoft Word Malformed Value Remote Code Execution Vulnerability
23. Microsoft Word ' FIB' Value Heap Memory Corruption Vulnerability
24. Linux Kernel 'locks_remove_flock()' Local Race Condition Vulnerability
25. Weight Loss Recipe Book Multiple SQL Injection Vulnerabilities
26. PHP-Fusion Kroax Module 'callcomments.php' SQL Injection Vulnerability
27. tadbook2 Module for XOOPS 'open_book.php' SQL Injection Vulnerability
28. Sun SPARC Enterprise Server Authentication Bypass Vulnerability
29. Apple Safari RSS Feed Information Disclosure Vulnerability
30. Multiple Avira Products RAR Handling Remote Denial Of Service Vulnerability
31. XMPlay Playlist Files Remote Buffer Overflow Vulnerability
32. Massimiliano Montoro Cain & Abel Malformed '.rdp' File Buffer Overflow Vulnerability
33. Multiple Vendor OpenSSL 'DSA_verify' Function Signature Verification Vulnerability
34. Mod_Perl Path_Info Remote Denial Of Service Vulnerability
35. DMXReady Multiple Products 'upload_image_category.asp' SQL Injection Vulnerability
36. VirtualBox 'ipcdUnix.cpp' Insecure Temporary File Creation Vulnerability
37. DMXReady Members Area Manager 'upload_image_security_level.asp' SQL Injection Vulnerability
38. Drupal Internationalizaion Module Security Bypass Vulnerability
39. Drupal Notify Module Security Bypass Vulnerability
40. DMXReady Blog Manager Arbitrary File Deletion Vulnerability
41. PHP Photo Album 'preview' Parameter Local File Include Vulnerability
42. Linux Kernel 64 Bit ABI System Call Parameter Privilege Escalation Vulnerability
43. Multiple Office OCX ActiveX Controls 'OpenWebFile()' Arbitrary Program Execution Vulnerability
44. Avahi Multicast DNS Denial Of Service Vulnerability
45. GnuTLS X.509 Certificate Chain Security Bypass Vulnerability
46. Mozilla Firefox/Thunderbird/SeaMonkey Multiple Remote Vulnerabilities
47. Anope IRC Services 'bs_fantasy_ext' Extension IP Address Information Disclosure Vulnerability
48. Simple Machines Forum Password Reset Security Bypass Vulnerability
49. RealVNC 4.1.2 'vncviewer.exe' RFB Protocol Remote Code Execution Vulnerability
50. jhead Versions Prior to 2.84 Multiple Vulnerabilities
51. mlmmj Unspecified Vulnerability
52. PWP Wiki Processor 'run.php' Arbitrary File Upload Vulnerability
53. Sun Solaris 'lpadmin' and 'ppdmgr' Local Denial Of Service Vulnerability
54. Cisco IronPort Encryption Appliance and PostX Multiple Remote Vulnerabilities
55. Ciansoft PDFBuilderX Control (ActiveX) Arbitrary File Overwrite Vulnerability
56. libxml2 'xmlBufferResize()' Remote Denial of Service Vulnerability
57. Linux Kernel UBIFS Orphan Inode Local Denial of Service Vulnerability
58. Linux Kernel 'sendmsg()' Local Denial of Service Vulnerability
59. Linux Kernel 'ib700wdt.c' Buffer Underflow Vulnerability
60. Linux Kernel 'hfsplus_find_cat()' Local Denial of Service Vulnerability
61. Linux Kernel '__scm_destroy()' Local Denial of Service Vulnerability
62. Linux Kernel 'hfs_cat_find_brec()' Local Denial of Service Vulnerability
63. Microsoft Windows SMB NT Trans2 Remote Code Execution Vulnerability
64. Microsoft Windows SMB NT Trans Request Buffer Overflow Vulnerability
65. Microsoft Windows WRITE_ANDX SMB Processing Remote Denial Of Service Vulnerability
66. Sun Java System Access Manager Information Disclosure Vulnerability
67. Sun OpenSolaris 'posix_fallocate(3C)' System Call Local Denial Of Service Vulnerability
68. Sun Java System Access Manager 'sub-realm' Privilege Escalation Vulnerability
69. Samba 'receive_smb_raw()' Buffer Overflow Vulnerability
70. Cisco IOS HTTP Server Multiple Cross Site Scripting Vulnerabilities
71. Cisco Unified IP Phone 7960G and 7940G RTP Remote Denial of Service Vulnerability
72. Cisco ONS Control Card Remote Denial of Service Vulnerability
73. libmikmod '.XM' File Remote Denial of Service Vulnerability
74. libmikmod Multiple Sound Channel Media Playback Remote Denial of Service Vulnerability
75. QEMU and KVM VNC Server Remote Denial of Service Vulnerability
76. QEMU VNC 'monitor.c' Insecure Password Vulnerability
77. Joomla! 'com_fantasytournament' Component Multiple SQL Injection Vulnerabilities
78. Joomla! and Mambo gigCalendar Component SQL Injection Vulnerability
79. Joomla! 'com_camelcitydb2' Component SQL Injection Vulnerability
80. EDraw Office Viewer Component ActiveX Control Arbitrary File Overwrite Vulnerability
81. IBM DB2 Remote Denial of Service Vulnerabilities
82. OpenSSL 'EVP_VerifyFinal' Function Signature Verification Vulnerability
83. Cisco IOS and CatOS VLAN Trunking Protocol Packet Handling Denial Of Service Vulnerability
84. Audio File Library (libaudiofile) 'msadpcm.c' WAV File Processing Buffer Overflow Vulnerability
85. Silentum Uploader Arbitrary File Deletion Vulnerability
86. VUPlayer '.asx' Playlist File Buffer Overflow Vulnerability
87. Drupal Security Bypass Vulnerability and SQL Injection Weakness
88. DMXReady SDK Arbitrary File Download Vulnerability
89. NetSurf Multiple Memory Corruption Vulnerabilities
90. WowWee Rovio Access Control Multiple Unauthorized Access Vulnerabilities
91. Syzygy CMS 'login.php' SQL Injection Vulnerability
92. phpList 'admin/index.php' Local File Include Vulnerability
93. Easy Grid ActiveX Multiple Arbitrary File Overwrite Vulnerabilities
94. Dark Age CMS 'login.php' SQL Injection Vulnerability
95. Netvolution CMS 'default.asp' SQL Injection Vulnerability
96. Ots Labs OtsTurntables OFL File Buffer Overflow Vulnerability
97. TeamSpeak 'help' Command Directory Traversal Vulnerability
98. Sun Java Web Start and Java Plug-in JAR File Privilege Escalation Vulnerability
99. Sun Java Web Start and Java Plug-in Multiple Privilege Escalation Vulnerabilities
100. Sun Java Runtime Environment and Java Development Kit Multiple Security Vulnerabilities
III. SECURITYFOCUS NEWS
1. Group releases list to kill most-dangerous bugs
2. Group attacks flaw in browser crypto security
3. Commission calls for cybersecurity czar
4. Microsoft hopes free security means less malware
IV. SECURITY JOBS LIST SUMMARY
V. INCIDENTS LIST SUMMARY
VI. VULN-DEV RESEARCH LIST SUMMARY
VII. MICROSOFT FOCUS LIST SUMMARY
VIII. SUN FOCUS LIST SUMMARY
IX. LINUX FOCUS LIST SUMMARY
X. UNSUBSCRIBE INSTRUCTIONS
XI. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1.The Drew Verdict Makes Us All Hackers
Mark Rasch
Last month, Lori Drew - the middle-aged Missouri mother who participated in a plan to deceive a 13-year-old girl that ultimately led to the girl's suicide - was convicted by a Los Angeles federal jury of several misdemeanor counts of unauthorized access to MySpace's computers.
http://www.securityfocus.com/columnists/489

2.MD5 Hack Interesting, But Not Threatening
By Tim Callan
A few days ago at the Chaos Communication Congress in Berlin, researchers presented a paper in which they had used an MD5 collision attack and substantial computing firepower to create a false SSL certificate using the RapidSSL brand of SSL certificate. In the intervening time we have seen a great deal of confusion and misinformation in the press and blogosphere about the specifics of this attack and what it means to the online ecosystem.
http://www.securityfocus.com/columnists/488

II. BUGTRAQ SUMMARY
--------------------
1. Multiple Browsers JavaScript Engine Cross Domain Information Disclosure Vulnerability
BugTraq ID: 33276
Remote: Yes
Last Updated: 2009-01-15
Relevant URL: http://www.securityfocus.com/bid/33276
Summary:
Multiple web browsers are prone to a cross-domain information-disclosure vulnerability because the applications fail to properly enforce the same-origin policy.

An attacker can exploit this issue to determine which sites a user is currently logged in to. Successfully exploiting this issue may lead to other attacks.

The following browsers are vulnerable:

Microsoft Internet Explorer
Mozilla Firefox
Apple Safari
Google Chrome

Other browsers may also be affected.

2. Oracle January 2009 Critical Patch Update Multiple Vulnerabilities
BugTraq ID: 33177
Remote: Yes
Last Updated: 2009-01-15
Relevant URL: http://www.securityfocus.com/bid/33177
Summary:
Oracle has released the January 2009 critical patch update. The update addresses 41 vulnerabilities affecting the following software:

Oracle Database
Oracle Secure Backup
Oracle TimesTen In-Memory Database
Oracle Application Server
Oracle Collaboration Suite
Oracle E-Business Suite Release
Oracle Enterprise Manager Grid Control
PeopleSoft Enterprise HRMS
JD Edwards Tools
Oracle WebLogic Server (formerly BEA WebLogic Server)
Oracle WebLogic Portal (formerly BEA WebLogic Portal)

3. BlackBerry Attachment Service PDF Distiller 'bitmaps' Remote Buffer Overflow Vulnerability
BugTraq ID: 33248
Remote: Yes
Last Updated: 2009-01-13
Relevant URL: http://www.securityfocus.com/bid/33248
Summary:
BlackBerry Attachment Service is prone to a remote heap-based buffer-overflow vulnerability when handling specially crafted PDF files.

Attackers can leverage this issue to execute arbitrary machine code in the context of the vulnerable service, possibly with SYSTEM-level privileges. Successful exploits will compromise the server. Failed attacks will likely result in denial-of-service conditions.

NOTE: This issue was originally included in BID 33224 (BlackBerry Attachment Service PDF Distiller Remote Buffer Overflow Vulnerability), but has been given its own entry to better document the issue.

This issue affects the following:

BlackBerry Enterprise Server 4.1.3 through 4.1.6
BlackBerry Unite! prior to 1.0 SP3 bundle 28
BlackBerry Professional Software 4.1.4

4. HP Linux Imaging and Printing System 'hplip.postinst' Local Privilege Escalation Vulnerability
BugTraq ID: 33249
Remote: No
Last Updated: 2009-01-13
Relevant URL: http://www.securityfocus.com/bid/33249
Summary:
HP Linux Image and Printing System (HPLIP) is prone to a local privilege-escalation vulnerability because an installation script changes ownership and permission on certain files in users' home directories.

Local attackers can exploit this issue to gain elevated privileges on the affected computer. Successful exploits may completely compromise the computer.

5. BlackBerry Attachment Service PDF Distiller Uninitialized Heap Memory Code Execution Vulnerability
BugTraq ID: 33250
Remote: Yes
Last Updated: 2009-01-13
Relevant URL: http://www.securityfocus.com/bid/33250
Summary:
BlackBerry Attachment Service is prone to a remote code-execution vulnerability when handling specially crafted PDF files.

This issue affects the following:

BlackBerry Enterprise Server 4.1.3 through 4.1.6
BlackBerry Unite! prior to 1.0 SP3 bundle 28
BlackBerry Professional Software 4.1.4

6. Joomla! Portfol Component 'vcatid' Parameter SQL Injection Vulnerability
BugTraq ID: 33218
Remote: Yes
Last Updated: 2009-01-13
Relevant URL: http://www.securityfocus.com/bid/33218
Summary:
The Portfol component for Joomla! is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Portfol 1.2 is vulnerable; other versions may also be affected.

7. Joomla! 'com_xevidmegahd' Component 'catid' Parameter SQL Injection Vulnerability
BugTraq ID: 33203
Remote: Yes
Last Updated: 2009-01-13
Relevant URL: http://www.securityfocus.com/bid/33203
Summary:
The 'com_xevidmegahd' component for Joomla! is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

8. OpenOffice WMF and EMF File Handling Multiple Heap Based Buffer Overflow Vulnerabilities
BugTraq ID: 31962
Remote: Yes
Last Updated: 2009-01-13
Relevant URL: http://www.securityfocus.com/bid/31962
Summary:
OpenOffice is prone to multiple remote heap-based buffer-overflow vulnerabilities because of errors in processing certain files.

Remote attackers can exploit these issues by enticing victims into opening maliciously crafted EMF or WMF files.

Successful exploits may allow attackers to execute arbitrary code within the context of the affected application. Failed exploit attempts will likely result in a denial of service.

The issues affect OpenOffice 2 prior to 2.4.2.

9. Samba Arbitrary Memory Contents Information Disclosure Vulnerability
BugTraq ID: 32494
Remote: Yes
Last Updated: 2009-01-13
Relevant URL: http://www.securityfocus.com/bid/32494
Summary:
Samba is prone to an information-disclosure vulnerability.

Successful exploits will allow attackers to obtain arbitrary memory contents.

This issue affects Samba 3.0.29 up to and including 3.2.4.

10. BlackBerry Attachment Service PDF Distiller Remote Buffer Overflow Vulnerability
BugTraq ID: 33224
Remote: Yes
Last Updated: 2009-01-13
Relevant URL: http://www.securityfocus.com/bid/33224
Summary:
BlackBerry Attachment Service is prone to a remote heap-based buffer-overflow vulnerability when handling specially crafted PDF files.

This issue affects the following:

BlackBerry Enterprise Server 4.1.3 through 4.1.6
BlackBerry Unite! prior to 1.0 SP3 bundle 28
BlackBerry Professional Software 4.1.4

11. Microsoft Word RTF Malformed String Remote Code Execution Vulnerability
BugTraq ID: 32594
Remote: Yes
Last Updated: 2009-01-13
Relevant URL: http://www.securityfocus.com/bid/32594
Summary:
Microsoft Word is prone to a remote code-execution vulnerability.

An attacker could exploit this issue by enticing a victim to open a malicious RTF file.

Successfully exploiting this issue would allow the attacker to execute arbitrary code in the context of the currently logged-in user.

12. Microsoft Word RTF Multiple Drawing Object Tags Remote Code Execution Vulnerability
BugTraq ID: 32585
Remote: Yes
Last Updated: 2009-01-13
Relevant URL: http://www.securityfocus.com/bid/32585
Summary:
Microsoft Word is prone to a remote code-execution vulnerability.

An attacker could exploit this issue by enticing a victim to open a malicious RTF file.

Successfully exploiting this issue would allow the attacker to execute arbitrary code in the context of the currently logged-in user.

13. Microsoft Windows Media Components ISATAP URL Handling Information Disclosure Vulnerability
BugTraq ID: 32654
Remote: Yes
Last Updated: 2009-01-13
Relevant URL: http://www.securityfocus.com/bid/32654
Summary:
Microsoft Windows Media Components is prone to an information-disclosure vulnerability when handling 'ISATAP' (Intra-Site Automatic Tunnel Addressing Protocol) URLs.

An attacker can use this vulnerability to obtain information that may aid in further attacks.

14. Microsoft Windows Media Components 'Service Principle Name' Remote Code Execution Vulnerability
BugTraq ID: 32653
Remote: Yes
Last Updated: 2009-01-13
Relevant URL: http://www.securityfocus.com/bid/32653
Summary:
Microsoft Windows Media Components is prone to a remote code-execution vulnerability in the SPN (Service Principle Name) implementation.

A successful exploit of this vulnerability may allow a remote attacker to execute code in the context of the logged-in user.

15. Git gitweb Unspecified Remote Command Execution Vulnerability
BugTraq ID: 33215
Remote: Yes
Last Updated: 2009-01-13
Relevant URL: http://www.securityfocus.com/bid/33215
Summary:
Git gitweb is prone to a remote command-execution vulnerability.

An attacker may exploit this issue to execute arbitrary commands within the context of the affected application; this may aid in further attacks.

Git 1.5.2.4 and 1.5.6.6 are vulnerable to this issue; other versions may also be affected

16. Office Viewer OCX ActiveX Control 'Open()' Method Arbitrary Command Execution Vulnerability
BugTraq ID: 33245
Remote: Yes
Last Updated: 2009-01-13
Relevant URL: http://www.securityfocus.com/bid/33245
Summary:
Office OCX Office Viewer OCX ActiveX control is prone to a vulnerability that lets attackers execute arbitrary commands.

Successfully exploiting this issue allows remote attackers to execute arbitrary commands in the context of the application using the ActiveX control (typically Internet Explorer).

Office Viewer OCX 3.0.1 is vulnerable; other versions may also be affected.

17. pam_krb5 Existing Ticket Configuration Option Local Privilege Escalation Vulnerability
BugTraq ID: 31534
Remote: No
Last Updated: 2009-01-13
Relevant URL: http://www.securityfocus.com/bid/31534
Summary:
The 'pam_krb5' module is prone to a local privilege-escalation vulnerability.

Local attackers can exploit this issue to gain elevated privileges on the affected computer.

18. Microsoft Word RTF Malformed Control Word Variant 2 Remote Code Execution Vulnerability
BugTraq ID: 32642
Remote: Yes
Last Updated: 2009-01-13
Relevant URL: http://www.securityfocus.com/bid/32642
Summary:
Microsoft Word is prone to a remote code-execution vulnerability.

An attacker could exploit this issue by enticing a victim to open a malicious RTF file.

Successfully exploiting this issue would allow the attacker to execute arbitrary code in the context of the currently logged-in user.

19. Microsoft Word RTF '\do' Drawing Object Remote Heap Memory Corruption Vulnerability
BugTraq ID: 32581
Remote: Yes
Last Updated: 2009-01-13
Relevant URL: http://www.securityfocus.com/bid/32581
Summary:
Microsoft Word is prone to a remote heap memory-corruption vulnerability.

An attacker could exploit this issue by enticing a victim to open a malicious RTF file.

Successfully exploiting this issue would allow the attacker to execute arbitrary code in the context of the currently logged-in user.

20. Microsoft Word Malformed Record Value Remote Code Execution Vulnerability
BugTraq ID: 32584
Remote: Yes
Last Updated: 2009-01-13
Relevant URL: http://www.securityfocus.com/bid/32584
Summary:
Microsoft Word is prone to a remote code-execution vulnerability.

An attacker can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts will likely result in denial-of-service conditions.

21. Microsoft Word RTF Polyline/Polygon Integer Overflow Vulnerability
BugTraq ID: 32579
Remote: Yes
Last Updated: 2009-01-13
Relevant URL: http://www.securityfocus.com/bid/32579
Summary:
Microsoft Word is prone to an integer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data.

An attacker could exploit this issue by enticing a victim to open a malicious RTF file.

Successfully exploiting this issue would allow the attacker to execute arbitrary code in the context of the currently logged-in user.

22. Microsoft Word Malformed Value Remote Code Execution Vulnerability
BugTraq ID: 32583
Remote: Yes
Last Updated: 2009-01-13
Relevant URL: http://www.securityfocus.com/bid/32583
Summary:
Microsoft Word is prone to a remote code-execution vulnerability.

An attacker can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts will likely result in denial-of-service conditions.

23. Microsoft Word ' FIB' Value Heap Memory Corruption Vulnerability
BugTraq ID: 32580
Remote: Yes
Last Updated: 2009-01-13
Relevant URL: http://www.securityfocus.com/bid/32580
Summary:
Microsoft Word is prone to a heap-based memory-corruption vulnerability.

An attacker can exploit this issue by sending a specially crafted Word file to an unsuspecting user and enticing them to open it with a vulnerable application. A successful exploit will allow attackers to execute arbitrary code within the context of the user running the affected application.

24. Linux Kernel 'locks_remove_flock()' Local Race Condition Vulnerability
BugTraq ID: 33237
Remote: No
Last Updated: 2009-01-13
Relevant URL: http://www.securityfocus.com/bid/33237
Summary:
The Linux kernel is prone to a local race-condition vulnerability because it fails to properly handle POSIX locks.

A local attacker may exploit this issue to crash the computer or gain elevated privileges.

25. Weight Loss Recipe Book Multiple SQL Injection Vulnerabilities
BugTraq ID: 33193
Remote: Yes
Last Updated: 2009-01-13
Relevant URL: http://www.securityfocus.com/bid/33193
Summary:
Weight Loss Recipe Book is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

These issues affect Weight Loss Recipe Book 3.1; other versions may be vulnerable as well.

26. PHP-Fusion Kroax Module 'callcomments.php' SQL Injection Vulnerability
BugTraq ID: 33191
Remote: Yes
Last Updated: 2009-01-13
Relevant URL: http://www.securityfocus.com/bid/33191
Summary:
The Kroax module for PHP-Fusion is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

27. tadbook2 Module for XOOPS 'open_book.php' SQL Injection Vulnerability
BugTraq ID: 33196
Remote: Yes
Last Updated: 2009-01-15
Relevant URL: http://www.securityfocus.com/bid/33196
Summary:
The tadbook2 module for XOOPS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

28. Sun SPARC Enterprise Server Authentication Bypass Vulnerability
BugTraq ID: 33280
Remote: Yes
Last Updated: 2009-01-15
Relevant URL: http://www.securityfocus.com/bid/33280
Summary:
Sun SPARC Enterprise Server is prone to an authentication-bypass vulnerability caused by a default configuration error.

An attacker can exploit this issue to gain unauthorized access to the affected server.

29. Apple Safari RSS Feed Information Disclosure Vulnerability
BugTraq ID: 33234
Remote: Yes
Last Updated: 2009-01-15
Relevant URL: http://www.securityfocus.com/bid/33234
Summary:
Apple Safari is prone to an information-disclosure vulnerability.

An attacker can exploit this issue by enticing an unsuspecting victim to visit a malicious website.

Successfully exploiting this issue will allow the attacker to obtain information that may lead to further attacks.

30. Multiple Avira Products RAR Handling Remote Denial Of Service Vulnerability
BugTraq ID: 33270
Remote: Yes
Last Updated: 2009-01-15
Relevant URL: http://www.securityfocus.com/bid/33270
Summary:
Multiple Avira products are prone to a remote denial-of-service vulnerability

An attacker can exploit this issue to crash the affected application, denying service to legitimate users.

The following products are affected:

Avira Antivr Free
Avira AntiVir Premium
Avira Premium Security Suite
Avira AntiVir Professional
Avira AntiVir SharePoint
Avira AntiVir Virus Scan Adapter for SAP NetWeaver
Avira AntiVir MailGate
Avira AntiVir Exchange
Avira AntiVir MIMEsweeper
Avira AntiVir Domino
Avira AntiVir WebGate
Avira AntiVir ISA Server

31. XMPlay Playlist Files Remote Buffer Overflow Vulnerability
BugTraq ID: 21206
Remote: Yes
Last Updated: 2009-01-15
Relevant URL: http://www.securityfocus.com/bid/21206
Summary:
XMPlay is prone to a remote buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data prior to loading malformed playlist files.

An attacker can exploit this issue to execute arbitrary code within the context of the application or trigger a denial-of-service condition.

XMPlay 3.3.0.4 is vulnerable to this issue; other versions may also be affected.

32. Massimiliano Montoro Cain & Abel Malformed '.rdp' File Buffer Overflow Vulnerability
BugTraq ID: 32543
Remote: Yes
Last Updated: 2009-01-15
Relevant URL: http://www.securityfocus.com/bid/32543
Summary:
Cain & Abel is prone to a buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.

An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.

This issue affects Cain & Abel 4.9.24 and prior versions.

33. Multiple Vendor OpenSSL 'DSA_verify' Function Signature Verification Vulnerability
BugTraq ID: 33151
Remote: Yes
Last Updated: 2009-01-15
Relevant URL: http://www.securityfocus.com/bid/33151
Summary:
Multiple vendors' products using OpenSSL are prone to a signature-verification vulnerability.

An attacker would likely leverage this issue by first carrying out a man-in-the-middle attack. The attacker would most likely exploit this issue to conduct phishing attacks or to impersonate legitimate sites. Other attacks are likely possible.

34. Mod_Perl Path_Info Remote Denial Of Service Vulnerability
BugTraq ID: 23192
Remote: Yes
Last Updated: 2009-01-15
Relevant URL: http://www.securityfocus.com/bid/23192
Summary:
The 'mod_perl' module is prone to a remote denial-of-service vulnerability.

Successful exploits may allow remote attackers to cause denial-of-service conditions on the webserver running the mod_perl module.

35. DMXReady Multiple Products 'upload_image_category.asp' SQL Injection Vulnerability
BugTraq ID: 33253
Remote: Yes
Last Updated: 2009-01-15
Relevant URL: http://www.securityfocus.com/bid/33253
Summary:
Multiple products by DMXReady are prone to an SQL-injection vulnerability because they fail to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

The following are affected:

DMXReady Classified Listings Manager 1.1 and prior versions
DMXReady Member Directory Manager 1.1 and prior versions
DMXReady Secure Document Library 1.1 and prior versions

36. VirtualBox 'ipcdUnix.cpp' Insecure Temporary File Creation Vulnerability
BugTraq ID: 32444
Remote: No
Last Updated: 2009-01-15
Relevant URL: http://www.securityfocus.com/bid/32444
Summary:
VirtualBox creates temporary files in an insecure manner.

An attacker with local access could perform symbolic-link attacks, overwriting arbitrary files in the context of the affected application.

Successfully mounting a symlink attack may allow the attacker to delete or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.

Versions prior to VirtualBox 2.0.6 are vulnerable.

37. DMXReady Members Area Manager 'upload_image_security_level.asp' SQL Injection Vulnerability
BugTraq ID: 33255
Remote: Yes
Last Updated: 2009-01-15
Relevant URL: http://www.securityfocus.com/bid/33255
Summary:
DMXReady Members Area Manager is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

DMXReady Members Area Manager 1.2 and prior versions are affected.

38. Drupal Internationalizaion Module Security Bypass Vulnerability
BugTraq ID: 33283
Remote: Yes
Last Updated: 2009-01-15
Relevant URL: http://www.securityfocus.com/bid/33283
Summary:
The Drupal Internationalizaion module is prone to a security-bypass vulnerability that may allow attackers to gain access to sensitive areas of the application without the appropriate privileges.

This issue affects versions prior to Drupal Internationalizaion module 5.x-2.5.

39. Drupal Notify Module Security Bypass Vulnerability
BugTraq ID: 33282
Remote: Yes
Last Updated: 2009-01-15
Relevant URL: http://www.securityfocus.com/bid/33282
Summary:
The Drupal Notify module is affected by a security-bypass vulnerability.

Successful attacks may allow an attacker to log in as another user and potentially gain elevated privileges.

Versions of Notify for Drupal 5.x prior to 5.x-1.2 are affected.

40. DMXReady Blog Manager Arbitrary File Deletion Vulnerability
BugTraq ID: 33251
Remote: Yes
Last Updated: 2009-01-14
Relevant URL: http://www.securityfocus.com/bid/33251
Summary:
DMXReady Blog Manager is prone to a vulnerability that lets attackers delete arbitrary files.

Successful exploits may result in data corruption and denial of service.

DMXReady Blog Manager 1.1 and prior versions are vulnerable.

41. PHP Photo Album 'preview' Parameter Local File Include Vulnerability
BugTraq ID: 33277
Remote: Yes
Last Updated: 2009-01-14
Relevant URL: http://www.securityfocus.com/bid/33277
Summary:
PHP Photo Album is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.

An attacker can exploit this vulnerability to view files and execute local scripts in the context of the webserver process. This may aid in further attacks.

PHP Photo Album 0.8 Beta is vulnerable; other versions may also be affected.

42. Linux Kernel 64 Bit ABI System Call Parameter Privilege Escalation Vulnerability
BugTraq ID: 33275
Remote: No
Last Updated: 2009-01-14
Relevant URL: http://www.securityfocus.com/bid/33275
Summary:
The Linux Kernel is prone to a local privilege-escalation vulnerability.

A local attacker may be able to exploit this issue to read or write to unintended address spaces. This may result in denial-of-service conditions, the disclosure of sensitive information, or privilege escalation.

This issue affects Linux 2.6 on some 64-bit architectures, including s390, PowerPC, SPARC64, and MIPS. Additional architectures may also be affected.

43. Multiple Office OCX ActiveX Controls 'OpenWebFile()' Arbitrary Program Execution Vulnerability
BugTraq ID: 33243
Remote: Yes
Last Updated: 2009-01-14
Relevant URL: http://www.securityfocus.com/bid/33243
Summary:
Multiple Office OCX ActiveX controls are prone to a vulnerability that lets attackers execute arbitrary remote files.

An attacker can exploit this issue to execute arbitrary code in the context of an application using the affected ActiveX control (typically Internet Explorer). This may aid in further attacks.

The following ActiveX controls are vulnerable:

Office Viewer OCX 3.0.1
Word Viewer OCX 3.2
PowerPoint Viewer OCX 3.1
Excel Viewer OCX 3.2

44. Avahi Multicast DNS Denial Of Service Vulnerability
BugTraq ID: 32825
Remote: Yes
Last Updated: 2009-01-14
Relevant URL: http://www.securityfocus.com/bid/32825
Summary:
Avahi is prone to a denial-of-service vulnerability when processing multicast DNS data.

A remote attacker may exploit this issue to terminate the application, denying further service to legitimate users.

Versions prior to Avahi 0.6.24 are vulnerable.

45. GnuTLS X.509 Certificate Chain Security Bypass Vulnerability
BugTraq ID: 32232
Remote: Yes
Last Updated: 2009-01-14
Relevant URL: http://www.securityfocus.com/bid/32232
Summary:
GnuTLS is prone to a security-bypass vulnerability because the application fails to properly validate chained X.509 certificates.

Successfully exploiting this issue allows attackers to perform man-in-the-middle attacks by impersonating trusted servers. Unsuspecting users may be under a false sense of security that can aid attackers in launching further attacks.

Versions prior to GnuTLS 2.6.1 are vulnerable.

46. Mozilla Firefox/Thunderbird/SeaMonkey Multiple Remote Vulnerabilities
BugTraq ID: 32882
Remote: Yes
Last Updated: 2009-01-14
Relevant URL: http://www.securityfocus.com/bid/32882
Summary:
The Mozilla Foundation has released multiple security advisories specifying various vulnerabilities in Mozilla Firefox, Thunderbird, and SeaMonkey.

Attackers can exploit these issues to bypass same-origin restrictions, obtain potentially sensitive information, help launch cross-site scripting attacks, and execute arbitrary script code with elevated privileges; other attacks are also possible.

UPDATE (December 18, 2008): Mozilla Firefox 2.0.0.19 for Windows is vulnerable to the cross-domain information-disclosure vulnerability documented by MFSA 2008-65. Firefox 2.0.0.20 is available and addresses this issue.

47. Anope IRC Services 'bs_fantasy_ext' Extension IP Address Information Disclosure Vulnerability
BugTraq ID: 33175
Remote: Yes
Last Updated: 2009-01-14
Relevant URL: http://www.securityfocus.com/bid/33175
Summary:
The 'bs_fantasy_ext' extension for Anope IRC Services is prone to an information-disclosure vulnerability.

Attackers can exploit this issue to obtain sensitive information that may lead to further attacks.

This issue affects bs_fantasy_ext 1.1.16; other versions may also be affected.

48. Simple Machines Forum Password Reset Security Bypass Vulnerability
BugTraq ID: 33219
Remote: Yes
Last Updated: 2009-01-14
Relevant URL: http://www.securityfocus.com/bid/33219
Summary:
Simple Machines Forum is prone to a security-bypass vulnerability because it fails to adequately restrict access to the password-reset feature.

An attacker can exploit this issue to gain administrative access to the application, which may allow the attacker to compromise the application; other attacks are also possible.

Versions up to and including Simple Machines Forum 1.1.7 are vulnerable.

49. RealVNC 4.1.2 'vncviewer.exe' RFB Protocol Remote Code Execution Vulnerability
BugTraq ID: 33263
Remote: Yes
Last Updated: 2009-01-14
Relevant URL: http://www.securityfocus.com/bid/33263
Summary:
RealVNC Viewer is prone to a remote code-execution vulnerability because it fails to adequately handle certain encoding types.

An attacker can exploit this issue to execute arbitrary code in the context of the vulnerable process. Failed exploit attempts are likely to result in denial-of-service conditions.

NOTE: This issue may be related to the vulnerability discussed in BID 30499 (RealVNC 4.1.2 'vncviewer.exe' Remote Denial of Service Vulnerability).

RealVNC 4.1.2 is vulnerable; earlier versions may also be affected.

50. jhead Versions Prior to 2.84 Multiple Vulnerabilities
BugTraq ID: 31770
Remote: No
Last Updated: 2009-01-14
Relevant URL: http://www.securityfocus.com/bid/31770
Summary:
The 'jhead' tool is prone to multiple vulnerabilities:

- Multiple buffer-overflow vulnerabilities
- An insecure-temporary-file-creation vulnerability
- Multiple unspecified vulnerabilities

Attackers can exploit these issues to execute arbitrary code within the context of the affected application, crash the affected application, perform symbolic-link attacks, and overwrite arbitrary files on the affected computer. Other attacks are also possible.

Versions prior to jhead 2.84 are vulnerable.

51. mlmmj Unspecified Vulnerability
BugTraq ID: 33208
Remote: Yes
Last Updated: 2009-01-14
Relevant URL: http://www.securityfocus.com/bid/33208
Summary:
The 'mlmmj' program is prone to an unspecified vulnerability.

Very few details are available regarding this issue. We will update this BID as more information emerges.

This issue affects versions prior to mlmmj 1.2.16; other versions may also be affected.

52. PWP Wiki Processor 'run.php' Arbitrary File Upload Vulnerability
BugTraq ID: 33225
Remote: Yes
Last Updated: 2009-01-14
Relevant URL: http://www.securityfocus.com/bid/33225
Summary:
PWP Wiki Processor is prone to a vulnerability that lets attackers upload arbitrary files. The issue occurs because the application fails to adequately sanitize user-supplied input.

An attacker can exploit this vulnerability to upload arbitrary code and execute it in the context of the webserver process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible.

PWP Wiki Processor 1-5-1 is vulnerable; other versions may also be affected.

53. Sun Solaris 'lpadmin' and 'ppdmgr' Local Denial Of Service Vulnerability
BugTraq ID: 33269
Remote: No
Last Updated: 2009-01-14
Relevant URL: http://www.securityfocus.com/bid/33269
Summary:
Sun Solaris is prone to a local denial-of-service vulnerability.

Local attackers may exploit this issue to cause the vulnerable services, and potentially the underlying system, to become unresponsive, effectively denying service to legitimate users.

54. Cisco IronPort Encryption Appliance and PostX Multiple Remote Vulnerabilities
BugTraq ID: 33268
Remote: Yes
Last Updated: 2009-01-14
Relevant URL: http://www.securityfocus.com/bid/33268
Summary:
Cisco IronPort Encryption Appliance and PostX are prone to multiple information-disclosure and cross-site request-forgery vulnerabilities.

Attackers may exploit these issues to obtain sensitive information, including user passwords, or to modify user information through the web administration interface. This may aid in further attacks.

55. Ciansoft PDFBuilderX Control (ActiveX) Arbitrary File Overwrite Vulnerability
BugTraq ID: 33233
Remote: Yes
Last Updated: 2009-01-14
Relevant URL: http://www.securityfocus.com/bid/33233
Summary:
Ciansoft PDFBuilderX Control (ActiveX) is prone to a vulnerability that lets attackers overwrite files with arbitrary, attacker-controlled content.

Successfully exploiting this issue will allow an attacker to corrupt and overwrite arbitrary files on the victim's computer in the context of the vulnerable application using the ActiveX control (typically Internet Explorer).

Ciansoft PDFBuilderX Control (ActiveX) 2.2.0.1 is vulnerable; other versions may also be affected.

56. libxml2 'xmlBufferResize()' Remote Denial of Service Vulnerability
BugTraq ID: 32331
Remote: Yes
Last Updated: 2009-01-14
Relevant URL: http://www.securityfocus.com/bid/32331
Summary:
The 'libxml2' library is prone to a remote denial-of-service vulnerability.

Attackers can exploit this issue to cause the affected application using the library to fall into an infinite loop, denying service to legitimate users.

This issue affects libxml2-2.7.2; other versions may also be affected.

57. Linux Kernel UBIFS Orphan Inode Local Denial of Service Vulnerability
BugTraq ID: 30647
Remote: No
Last Updated: 2009-01-14
Relevant URL: http://www.securityfocus.com/bid/30647
Summary:
The Linux kernel is prone to a local denial-of-service vulnerability affecting the VFS behavior in UBIFS (UBI File System).

Attackers can exploit this issue to cause the kernel to crash, denying service to legitimate users.

58. Linux Kernel 'sendmsg()' Local Denial of Service Vulnerability
BugTraq ID: 32516
Remote: No
Last Updated: 2009-01-14
Relevant URL: http://www.securityfocus.com/bid/32516
Summary:
The Linux kernel is prone to a local denial-of-service vulnerability.

Attackers can exploit this issue to create a soft lockup of the vulnerable kernel or to invoke the 'oom-killer' kernel functionality, which may halt unrelated processes. This may result in a denial-of-service condition.

NOTE: This issue was either caused or revealed by the fix for BID 32154 (Linux Kernel '__scm_destroy()' Local Denial of Service Vulnerability).

The Linux kernel 2.6.27 and prior versions are affected.

59. Linux Kernel 'ib700wdt.c' Buffer Underflow Vulnerability
BugTraq ID: 33003
Remote: No
Last Updated: 2009-01-14
Relevant URL: http://www.securityfocus.com/bid/33003
Summary:
The Linux kernel is prone to a buffer-underflow vulnerability because it fails to perform adequate boundary checks on user-supplied data.

A local attacker can exploit this issue to execute arbitrary code with kernel-level privileges or crash the affected computer, denying service to legitimate users.

Versions prior to Linux kernel 2.6.28-rc1 are vulnerable.

60. Linux Kernel 'hfsplus_find_cat()' Local Denial of Service Vulnerability
BugTraq ID: 32093
Remote: No
Last Updated: 2009-01-14
Relevant URL: http://www.securityfocus.com/bid/32093
Summary:
The Linux kernel is prone to a local denial-of-service vulnerability because it fails to properly bounds-check data before copying it to an insufficiently sized memory buffer.

Attackers can exploit this issue to cause the kernel to crash, denying service to legitimate users. Given the nature of this issue, attackers may also be able to run arbitrary code, but this has not been confirmed.

This issue affects versions prior to Linux kernel 2.6.28-rc1.

61. Linux Kernel '__scm_destroy()' Local Denial of Service Vulnerability
BugTraq ID: 32154
Remote: No
Last Updated: 2009-01-14
Relevant URL: http://www.securityfocus.com/bid/32154
Summary:
The Linux kernel is prone to a local denial-of-service vulnerability.

Attackers can exploit this issue to cause the kernel to crash, denying service to legitimate users.

The Linux kernel 2.6.26 and prior versions are affected.

62. Linux Kernel 'hfs_cat_find_brec()' Local Denial of Service Vulnerability
BugTraq ID: 32289
Remote: No
Last Updated: 2009-01-14
Relevant URL: http://www.securityfocus.com/bid/32289
Summary:
The Linux kernel is prone to a local denial-of-service vulnerability because it fails to properly bounds-check data before copying it to an insufficiently sized memory buffer.

This issue affects versions prior to Linux kernel 2.6.27.6.

63. Microsoft Windows SMB NT Trans2 Remote Code Execution Vulnerability
BugTraq ID: 33122
Remote: Yes
Last Updated: 2009-01-14
Relevant URL: http://www.securityfocus.com/bid/33122
Summary:
Microsoft Windows is prone to a remote code-execution vulnerability that occurs in the SMB (Server Message Block) protocol implementation.

An attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successful exploits will facilitate in the complete compromise of affected computers. Failed exploit attempts will result in a denial-of-service condition.

64. Microsoft Windows SMB NT Trans Request Buffer Overflow Vulnerability
BugTraq ID: 33121
Remote: Yes
Last Updated: 2009-01-14
Relevant URL: http://www.securityfocus.com/bid/33121
Summary:
Microsoft Windows is prone to a buffer-overflow vulnerability that occurs in the SMB (Server Message Block) protocol implementation.

65. Microsoft Windows WRITE_ANDX SMB Processing Remote Denial Of Service Vulnerability
BugTraq ID: 31179
Remote: Yes
Last Updated: 2009-01-14
Relevant URL: http://www.securityfocus.com/bid/31179
Summary:
Microsoft Windows is prone to a remote denial-of-service vulnerability because it fails to adequately handle specially crafted SMB packets.

Attackers can exploit this issue to cause an affected computer to stop responding, denying service to legitimate users.

66. Sun Java System Access Manager Information Disclosure Vulnerability
BugTraq ID: 33265
Remote: Yes
Last Updated: 2009-01-14
Relevant URL: http://www.securityfocus.com/bid/33265
Summary:
Sun Java System Access Manager is prone to a remote information-disclosure vulnerability.

Attackers can exploit this issue to obtain potentially sensitive information that may aid in further attacks.

67. Sun OpenSolaris 'posix_fallocate(3C)' System Call Local Denial Of Service Vulnerability
BugTraq ID: 33267
Remote: No
Last Updated: 2009-01-14
Relevant URL: http://www.securityfocus.com/bid/33267
Summary:
Sun OpenSolaris is prone to a local denial-of-service vulnerability.

Local attackers may exploit this issue to cause a kernel panic, denying service to legitimate users.

68. Sun Java System Access Manager 'sub-realm' Privilege Escalation Vulnerability
BugTraq ID: 33266
Remote: Yes
Last Updated: 2009-01-14
Relevant URL: http://www.securityfocus.com/bid/33266
Summary:
Sun Java System Access Manager is prone to a privilege-escalation vulnerability.

Attackers can exploit this issue to elevate their privileges. Successfully exploiting this issue may result in the complete compromise of affected applications.

69. Samba 'receive_smb_raw()' Buffer Overflow Vulnerability
BugTraq ID: 29404
Remote: Yes
Last Updated: 2009-01-14
Relevant URL: http://www.securityfocus.com/bid/29404
Summary:
Samba is prone to a remote heap-based buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it to an insufficiently sized memory buffer. The issue occurs when the application processes SMB packets in a client context.

An attacker can exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in a denial of service.

The issue affects Samba 3.0.28a and 3.0.29; other versions may also be affected.

NOTE: This BID was originally titled 'Samba 'lib/util_sock.c' Buffer Overflow Vulnerability'. The title was changed to better identify the issue.

70. Cisco IOS HTTP Server Multiple Cross Site Scripting Vulnerabilities
BugTraq ID: 33260
Remote: Yes
Last Updated: 2009-01-14
Relevant URL: http://www.securityfocus.com/bid/33260
Summary:
Cisco IOS HTTP Server is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

These issues are tracked by Cisco bug IDs CSCsi13344 and CSCsr72301.

71. Cisco Unified IP Phone 7960G and 7940G RTP Remote Denial of Service Vulnerability
BugTraq ID: 33264
Remote: Yes
Last Updated: 2009-01-14
Relevant URL: http://www.securityfocus.com/bid/33264
Summary:
Cisco Unified IP Phone 7960G and 7940G are prone to a denial-of-service vulnerability

An attacker can exploit this issue to cause the affected phones to reboot, denying service to legitimate users. Given the nature of this issue, the attacker may also be able to run arbitrary code, but this has not been confirmed.

72. Cisco ONS Control Card Remote Denial of Service Vulnerability
BugTraq ID: 33261
Remote: Yes
Last Updated: 2009-01-14
Relevant URL: http://www.securityfocus.com/bid/33261
Summary:
Cisco ONS is prone to a denial-of-service vulnerability when handling specially crafted TCP traffic.

An attacker can exploit this issue to cause the control cards in the affected devices to reload, denying service to legitimate users.

The following devices are affected:

Cisco ONS 15310-CL and 15310-MA
Cisco ONS 15327
Cisco ONS 15454 and 15454 SDH
Cisco ONS 15600

This issue is being tracked by Cisco BugID CSCsr41128.

73. libmikmod '.XM' File Remote Denial of Service Vulnerability
BugTraq ID: 33240
Remote: Yes
Last Updated: 2009-01-14
Relevant URL: http://www.securityfocus.com/bid/33240
Summary:
The 'libmikmod' library is prone to a remote denial-of-service vulnerability because it fails to perform adequate boundary checks on user-supplied input.

Attackers can exploit this issue by enticing an unsuspecting victim to open a specially crafted '.XM' file.

Successfully exploiting this issue will cause an affected application to crash, denying service to legitimate users. Attackers may also be able to run arbitrary code, but this has not been confirmed.

This issue affects libmikmod 3.1.9 through 3.2.0; other versions or applications that use the library may also be affected.

74. libmikmod Multiple Sound Channel Media Playback Remote Denial of Service Vulnerability
BugTraq ID: 33235
Remote: Yes
Last Updated: 2009-01-14
Relevant URL: http://www.securityfocus.com/bid/33235
Summary:
The 'libmikmod' library is prone to a remote denial-of-service vulnerability because the software fails to perform adequate boundary checks on user-supplied input.

Attackers can exploit this issue by enticing an unsuspecting victim to open multiple specially crafted media files.

Successfully exploiting this issue will cause an affected application to crash, denying service to legitimate users. Attackers may also be able to run arbitrary code, but this has not been confirmed.

This issue affects libmikmod 3.1.9 through 3.2.0; other versions or applications that use the library may also be affected.

75. QEMU and KVM VNC Server Remote Denial of Service Vulnerability
BugTraq ID: 32910
Remote: Yes
Last Updated: 2009-01-14
Relevant URL: http://www.securityfocus.com/bid/32910
Summary:
QEMU and KVM are prone to a remote denial-of-service vulnerability that affects the included VNC server.

Attackers can exploit this issue to create a denial-of-service condition.

The following are vulnerable:

QEMU 0.9.1 and prior
KVM-79 and prior

76. QEMU VNC 'monitor.c' Insecure Password Vulnerability
BugTraq ID: 33020
Remote: Yes
Last Updated: 2009-01-14
Relevant URL: http://www.securityfocus.com/bid/33020
Summary:
QEMU is prone to an insecure-password vulnerability.

Attackers may exploit this issue to make brute-force attacks against passwords that are weaker than expected.

QEMU 9.1 is vulnerable; other versions may also be affected.

77. Joomla! 'com_fantasytournament' Component Multiple SQL Injection Vulnerabilities
BugTraq ID: 33252
Remote: Yes
Last Updated: 2009-01-14
Relevant URL: http://www.securityfocus.com/bid/33252
Summary:
The 'com_fantasytournament' component for Joomla! is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

78. Joomla! and Mambo gigCalendar Component SQL Injection Vulnerability
BugTraq ID: 33241
Remote: Yes
Last Updated: 2009-01-14
Relevant URL: http://www.securityfocus.com/bid/33241
Summary:
The gigCalendar component for Joomla! and Mambo is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

gigCalendar 1.0 is vulnerable; other versions may also be affected.

79. Joomla! 'com_camelcitydb2' Component SQL Injection Vulnerability
BugTraq ID: 33254
Remote: Yes
Last Updated: 2009-01-14
Relevant URL: http://www.securityfocus.com/bid/33254
Summary:
The 'com_camelcitydb2' component for Joomla! is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

This affects com_camelcitydb2 2.2; other versions may also be affected.

80. EDraw Office Viewer Component ActiveX Control Arbitrary File Overwrite Vulnerability
BugTraq ID: 25344
Remote: Yes
Last Updated: 2009-01-14
Relevant URL: http://www.securityfocus.com/bid/25344
Summary:
The EDraw Office Viewer Component ActiveX Control is prone to a vulnerability that lets attackers overwrite files.

An attacker can exploit this issue to overwrite files with arbitrary, attacker-controlled content. This will aid in further attacks.

Version 5.1 of the control is vulnerable; other versions may also be affected.

81. IBM DB2 Remote Denial of Service Vulnerabilities
BugTraq ID: 33258
Remote: Yes
Last Updated: 2009-01-14
Relevant URL: http://www.securityfocus.com/bid/33258
Summary:
IBM DB2 is prone to multiple denial-of-service vulnerabilities.

An attacker can exploit these issues to crash the server and deny service to legitimate users.

These issues affect versions prior to DB2 9.1 FP6a and 9.5 FP3a.

82. OpenSSL 'EVP_VerifyFinal' Function Signature Verification Vulnerability
BugTraq ID: 33150
Remote: Yes
Last Updated: 2009-01-14
Relevant URL: http://www.securityfocus.com/bid/33150
Summary:
OpenSSL is prone to a signature-verification vulnerability.

83. Cisco IOS and CatOS VLAN Trunking Protocol Packet Handling Denial Of Service Vulnerability
BugTraq ID: 32120
Remote: Yes
Last Updated: 2009-01-14
Relevant URL: http://www.securityfocus.com/bid/32120
Summary:
Cisco IOS and CatOS are prone to a remote denial-of-service vulnerability.

An attacker can exploit this issue to cause affected devices to restart, effectively denying service to legitimate users.

This issue is being tracked by Cisco Bug IDs CSCsv05934 and CSCsv11741.

84. Audio File Library (libaudiofile) 'msadpcm.c' WAV File Processing Buffer Overflow Vulnerability
BugTraq ID: 33066
Remote: Yes
Last Updated: 2009-01-14
Relevant URL: http://www.securityfocus.com/bid/33066
Summary:
Audio File Library ('libaudiofile') is prone to a heap-based buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data.

An attacker can exploit this issue to execute arbitrary machine code in the context of applications using the vulnerable library. Failed exploit attempts will likely cause denial-of-service conditions.

This issue affects libaudiofile 0.2.6; other versions may also be vulnerable.

85. Silentum Uploader Arbitrary File Deletion Vulnerability
BugTraq ID: 33198
Remote: Yes
Last Updated: 2009-01-14
Relevant URL: http://www.securityfocus.com/bid/33198
Summary:
Silentum Uploader is prone to a vulnerability that lets attackers delete arbitrary files.

This vulnerability occurs because the software fails to sufficiently sanitize user-supplied data.

Successful exploits may result in data corruption and denial of service.

Silentum Uploader 1.4.0 is vulnerable; other versions may be affected as well.

86. VUPlayer '.asx' Playlist File Buffer Overflow Vulnerability
BugTraq ID: 33185
Remote: Yes
Last Updated: 2009-01-14
Relevant URL: http://www.securityfocus.com/bid/33185
Summary:
VUPlayer is prone to a buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied input.

Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.

VUPlayer 2.49 is vulnerable; other versions may also be affected.

87. Drupal Security Bypass Vulnerability and SQL Injection Weakness
BugTraq ID: 33285
Remote: Yes
Last Updated: 2009-01-14
Relevant URL: http://www.securityfocus.com/bid/33285
Summary:
Drupal is prone to a security-bypass vulnerability and a weakness that can be used to perform SQL-injection attacks.

Exploiting these issues may allow attackers to gain access to sensitive areas of the application without the appropriate privileges or perform SQL-injection attacks and carry out unauthorized actions on the underlying database.

Versions prior to Drupal 5.15 and 6.9 are vulnerable. Please note that the security-bypass issue affects only Drupal versions 6.x.

88. DMXReady SDK Arbitrary File Download Vulnerability
BugTraq ID: 33281
Remote: Yes
Last Updated: 2009-01-14
Relevant URL: http://www.securityfocus.com/bid/33281
Summary:
DMXReady SDK is prone to an issue that allows an attacker to download arbitrary files.

The attacker can exploit this issue to obtain sensitive information and download arbitrary files from the webserver.

This issue affects versions of DMXReady SDK up to and including 1.1.

89. NetSurf Multiple Memory Corruption Vulnerabilities
BugTraq ID: 33279
Remote: Yes
Last Updated: 2009-01-14
Relevant URL: http://www.securityfocus.com/bid/33279
Summary:
NetSurf is prone to multiple memory-corruption vulnerabilities.

Successfully exploiting these issues allows remote attackers to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely crash the application.

NetSurf 1.2 is vulnerable; other versions may also be affected.

90. WowWee Rovio Access Control Multiple Unauthorized Access Vulnerabilities
BugTraq ID: 33278
Remote: Yes
Last Updated: 2009-01-14
Relevant URL: http://www.securityfocus.com/bid/33278
Summary:
WowWee Rovio is prone to multiple unauthorized access vulnerabilities.

A remote attacker can exploit these issues to gain unauthorized access to the affected device. Successfully exploiting this may lead to other attacks.

91. Syzygy CMS 'login.php' SQL Injection Vulnerability
BugTraq ID: 33274
Remote: Yes
Last Updated: 2009-01-14
Relevant URL: http://www.securityfocus.com/bid/33274
Summary:
Syzygy CMS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Syzygy CMS 0.3 is vulnerable; other versions may also be affected.

92. phpList 'admin/index.php' Local File Include Vulnerability
BugTraq ID: 33273
Remote: Yes
Last Updated: 2009-01-14
Relevant URL: http://www.securityfocus.com/bid/33273
Summary:
phpList is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.

An attacker can exploit this vulnerability to view files and execute local scripts in the context of the webserver process. This may aid in further attacks.

phpList 2.10.8 is affected; earlier versions may also be vulnerable.

93. Easy Grid ActiveX Multiple Arbitrary File Overwrite Vulnerabilities
BugTraq ID: 33272
Remote: Yes
Last Updated: 2009-01-14
Relevant URL: http://www.securityfocus.com/bid/33272
Summary:
Easy Grid ActiveX is prone to multiple vulnerabilities that let attackers overwrite files with arbitrary, attacker-controlled content.

Successful exploits will compromise affected computers and will aid in further attacks.

Easy Grid ActiveX 3.51 is vulnerable; other versions may also be affected.

94. Dark Age CMS 'login.php' SQL Injection Vulnerability
BugTraq ID: 33271
Remote: Yes
Last Updated: 2009-01-14
Relevant URL: http://www.securityfocus.com/bid/33271
Summary:
Dark Age CMS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Dark Age CMS 0.2c beta is vulnerable; other versions may also be affected.

95. Netvolution CMS 'default.asp' SQL Injection Vulnerability
BugTraq ID: 33259
Remote: Yes
Last Updated: 2009-01-14
Relevant URL: http://www.securityfocus.com/bid/33259
Summary:
Netvolution CMS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Netvolution CMS 1.0 is vulnerable; other versions may also be affected.

96. Ots Labs OtsTurntables OFL File Buffer Overflow Vulnerability
BugTraq ID: 33257
Remote: Yes
Last Updated: 2009-01-14
Relevant URL: http://www.securityfocus.com/bid/33257
Summary:
Ots Labs OtsTurntables is prone to a buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input.

Attackers may be able to execute arbitrary machine code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions.

OtsTurntables 1.00.027 is vulnerable; other versions may also be affected.

97. TeamSpeak 'help' Command Directory Traversal Vulnerability
BugTraq ID: 33256
Remote: Yes
Last Updated: 2009-01-14
Relevant URL: http://www.securityfocus.com/bid/33256
Summary:
TeamSpeak is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input data.

Exploiting the issue may allow an attacker to obtain sensitive information that could aid in further attacks.

Versions of TeamSpeak up to and including 2.0.23.17 are vulnerable to this issue.

98. Sun Java Web Start and Java Plug-in JAR File Privilege Escalation Vulnerability
BugTraq ID: 32892
Remote: Yes
Last Updated: 2009-01-13
Relevant URL: http://www.securityfocus.com/bid/32892
Summary:
Sun Java Web Start and Java Plug-in are prone to a privilege-escalation vulnerability.

This issue occurs when the affected applications parse a JAR file that is also a legitimate GIF image file.

An attacker may exploit this issue to obtain sensitive information (such as HTTP session cookies) or to perform actions as legitimate users of a web application. This may aid in further attacks.

NOTE: This issue was previously covered in BID 32620 (Sun Java Web Start and Java Plug-in Multiple Privilege Escalation Vulnerabilities), but has been given its own record to better document the issue.

This issue affects the following versions:

JDK and JRE 6 Update 10 and earlier
JDK and JRE 5.0 Update 16 and earlier
SDK and JRE 1.4.2_18 and earlier
SDK and JRE 1.3.1_23 and earlier

99. Sun Java Web Start and Java Plug-in Multiple Privilege Escalation Vulnerabilities
BugTraq ID: 32620
Remote: Yes
Last Updated: 2009-01-13
Relevant URL: http://www.securityfocus.com/bid/32620
Summary:
Sun Java Web Start and Java Plug-in are prone to multiple privilege-escalation vulnerabilities.

Successful exploits may allow attackers to violate the same-origin policy, obtain sensitive information, bypass security, or read, write, and execute arbitrary files in the context of the user running a vulnerable application. This may result in a compromise of the underlying system.

This issue affects the following versions:

JDK and JRE 6 Update 10 and earlier
JDK and JRE 5.0 Update 16 and earlier
SDK and JRE 1.4.2_18 and earlier
SDK and JRE 1.3.1_23 and earlier

100. Sun Java Runtime Environment and Java Development Kit Multiple Security Vulnerabilities
BugTraq ID: 32608
Remote: Yes
Last Updated: 2009-01-13
Relevant URL: http://www.securityfocus.com/bid/32608
Summary:
Sun Java Runtime Environment and Java Development Kit are prone to multiple security vulnerabilities.

Successful exploits may allow attackers to violate the same-origin policy, obtain sensitive information, bypass security restrictions, run untrusted applets with elevated privileges, and cause denial-of-service conditions. This may result in a compromise of affected computers.

These issues affect versions prior to the following:

JDK and JRE 6 Update 11 or later
JDK and JRE 5.0 Update 17 or later
SDK and JRE 1.4.2_19 or later
SDK and JRE 1.3.1_24 or later

III. SECURITYFOCUS NEWS ARTICLES
--------------------------------
1. Group releases list to kill most-dangerous bugs
By: Robert Lemos
Software makers, security vendors, and government agencies team up to create a list of the 25 most severe software issues, aiming to get developers to stop making mistakes.
http://www.securityfocus.com/news/11542

2. Group attacks flaw in browser crypto security
By: Robert Lemos
A group of researchers warns browser makers and certificate authorities to drop support for MD5 digital signatures, after successfully creating a fake, but valid, certificate.
http://www.securityfocus.com/news/11541

3. Commission calls for cybersecurity czar
By: Robert Lemos
A group of technology and government experts warns that, without significant changes to the U.S. approach to cyberspace, foreign companies and other nations will continue to steal valuable technologies.
http://www.securityfocus.com/news/11540

4. Microsoft hopes free security means less malware
By: Robert Lemos
The software giant says shutting down Windows Live OneCare to release the software as a free tool could make consumers more secure.
http://www.securityfocus.com/news/11538

IV. SECURITY JOBS LIST SUMMARY
-------------------------------
V. INCIDENTS LIST SUMMARY
---------------------------
VI. VULN-DEV RESEARCH LIST SUMMARY
-----------------------------------
VII. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
VIII. SUN FOCUS LIST SUMMARY
----------------------------
IX. LINUX FOCUS LIST SUMMARY
----------------------------
X. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to sf-news-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.

XI. SPONSOR INFORMATION
------------------------
This issue is sponsored by the Purewire

NEW! White Paper: "Hackers Announce Open Season on Web 2.0 Users and Browsers"

News

Thursday, January 15, 2009

SecurityFocus Newsletter #486

No comments:

WINDOWS CENTER

Blog Archive