News

Thursday, February 26, 2009

SecurityFocus Newsletter #492

SecurityFocus Newsletter #492
----------------------------------------

This issue is sponsored by Sophos Security Threat Report: 2009

Predicting the future in such a rapidly evolving environment is near impossible. One only needs to count the rate at which new malware appears today compared to five years ago to see how quickly the threat has become more serious. Read our security threat report to read about the malware trends we predict will be at the forefront in 2009.

http://dinclinx.com/Redirect.aspx?36;4036;35;189;0;4;259;d0ddf43bf0d4abdd


SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1. Free Market Filtering
2. Don't Blame the Browser
II. BUGTRAQ SUMMARY
1. Newsletter Manager Plus.Attach 'admin/index.asp' Multiple SQL Injection Vulnerabilities
2. OpenSSL 'EVP_VerifyFinal' Function Signature Verification Vulnerability
3. IBM TXSeries for Multiplatforms 'forcepurge' Unspecified Security Vulnerability
4. Adobe RoboHelp Server Multiple Cross Site Scripting Vulnerabilities
5. SquirrelMail Insecure Cookie Disclosure Weakness
6. M5zn Arbitrary File Upload Vulnerability
7. IBM WebSphere Application z/OS CSLv2 Identity Assertion Unspecified Local Vulnerability
8. CS-Partner 'gestion.php' Multiple SQL Injection Vulnerabilities
9. Moodle User Edit Form Unspecified Remote Privilege Escalation Vulnerability
10. Moodle HotPot Module 'report.php' SQL Injection Vulnerability
11. Smarty Template Engine 'Smarty_Compiler.class.php' Security Bypass Vulnerability
12. Sony Network Camera ActiveX Control Unspecified Buffer Overflow Vulnerability
13. Trend Micro InterScan Web Security Suite Multiple Security Bypass Vulnerabilities
14. IBM WebSphere Application Server WSPolicy Information Disclosure Vulnerability
15. Microsoft Windows NoDriveTypeAutoRun Automatic File Execution Vulnerability
16. xGuestbook 'login.php' SQL Injection Vulnerability
17. Vim 'PySys_SetArgv' Remote Command Execution Vulnerability
18. RETIRED: University of Washington IMAP c-client Remote Format String Vulnerability
19. OptiPNG GIF Image Handling Memory Corruption Vulnerability
20. Magento Multiple Cross Site Scripting Vulnerabilities
21. SnippetMaster Webpage Editor Cross Site Scripting and Remote File Include Vulnerabilities
22. GNU Emacs 'python.el' Code Execution Vulnerability
23. GNU Emacs '.flc' File Processing Vulnerability
24. Git gitweb Unspecified Remote Command Execution Vulnerability
25. KTorrent PHP Code Injection And Security Bypass Vulnerabilities
26. Free Arcade Script 'play.php' Local File Include Vulnerability
27. BitDefender Internet Security 2009 File Name Cross Site Scripting Vulnerability
28. Coppermine Photo Gallery 'IMG' BBCode HTML Injection Vulnerability
29. Parsi PHP CMS 'index.php' SQL Injection Vulnerability
30. HP Virtual Rooms Client Unspecified Remote Code Execution Vulnerability
31. Linux Kernel 'dell_rbu' Local Denial of Service Vulnerabilities
32. Linux Kernel Cloned Process 'CLONE_PARENT' Local Origin Validation Weakness
33. Linux Kernel 64 Bit ABI System Call Parameter Privilege Escalation Vulnerability
34. Linux Kernel 'readlink' Local Privilege Escalation Vulnerability
35. Linux Kernel 'keyctl_join_session_keyring()' Denial of Service Vulnerability
36. Linux Kernel 'ib700wdt.c' Buffer Underflow Vulnerability
37. PHP SAPI 'php_getuid()' Safe Mode Restriction-Bypass Vulnerability
38. PHP 'mbstring' Extension Buffer Overflow Vulnerability
39. Linux Kernel 'FWD-TSN' Chunk Remote Buffer Overflow Vulnerability
40. PHP 'error_log' Safe Mode Restriction-Bypass Vulnerability
41. Linux Kernel 'net/atm/proc.c' Local Denial of Service Vulnerability
42. PHP ZipArchive::extractTo() '.zip' Files Directory Traversal Vulnerability
43. OpenSSH CBC Mode Information Disclosure Vulnerability
44. Drupal Content Construction Kit Module HTML Injection Vulnerabilities
45. Squid Web Proxy Cache HTTP Version Number Parsing Denial of Service Vulnerability
46. D-Link TFTP Transporting Mode Remote Buffer Overflow Vulnerability
47. ProFTPD Character Encoding SQL Injection Vulnerability
48. Cisco Unified MeetingPlace Web Conferencing 'E-Mail Address' Field HTML Injection Vulnerability
49. ProFTPD 'mod_sql' Username SQL Injection Vulnerability
50. Apache Tomcat Host Manager Cross Site Scripting Vulnerability
51. Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability
52. Apache Tomcat 'HttpServletResponse.sendError()' Cross Site Scripting Vulnerability
53. Apache Tomcat POST Data Information Disclosure Vulnerability
54. Adobe Flash Player Unspecified Information Disclosure Vulnerability
55. Adobe Flash Player Unspecified Remote Denial of Service Vulnerability
56. Adobe Flash Player Invalid Object Reference Remote Code Execution Vulnerability
57. Epiphany 'PySys_SetArgv' Remote Command Execution Vulnerability
58. Net-SNMP 'snmpUDPDomain.c' Remote Information Disclosure Vulnerability
59. JOnAS 'select' Parameter Error Page Cross Site Scripting Vulnerability
60. Orooj CMS 'news.php' SQL Injection Vulnerability
61. piCal Module for XOOPS 'index.php' Cross Site Scripting Vulnerability
62. ZNC Webadmin Module Remote Privilege Escalation Vulnerability
63. CATIA V5 Unspecified Vulnerability
64. Steamcast Multiple Memory Corruption Vulnerabilities
65. PenPal 'admin/login.asp' Multiple SQL Injection Vulnerabilities
66. Drupal Theme System Template File Local File Include Vulnerability
67. Multiple SkyPortal Modules Multiple Authentication Bypass Vulnerabilities
68. Sopcast SopCore 'SetExternalPlayer()' ActiveX Control Remote Code Execution Vulnerability
69. dradis Multiple Cross Site Scripting Vulnerabilities
70. PyCrypto ARC2 Module Buffer Overflow Vulnerability
71. Microsoft Excel Invalid Object Remote Code Execution Vulnerability
72. FreeBSD i386_get_ldt(2) Local Kernel Memory Disclosure Vulnerability
73. Apple Safari Malformed 'feeds:' URI Null Pointer Dereference Remote Denial Of Service Vulnerability
74. Multiple Cisco ACE Products Multiple Remote Vulnerabilities
75. Cisco Application Network Manager and Application Control Engine Multiple Vulnerabilities
76. HP Quality Center Cached Workflow Scripts Security Bypass Vulnerability
77. SHOUTcast Server DNAS Relay Remote Buffer Overflow Vulnerability
78. Cisco Unified MeetingPlace Web Conferencing Authentication Bypass Vulnerability
79. pPIM Multiple Remote Vulnerabilities
80. ksquirrel-libs 'RGBE' File Parsing Multiple Stack Buffer Overflow Vulnerabilities
81. OpenSite Multiple Security Vulnerabilities
82. OpenGoo User Permissions Security Bypass Vulnerability
83. Orbit Downloader 'Connecting' Log Message Creation Remote Buffer Overflow Vulnerability
84. Audacity 'lib-src/allegro/strparse.cpp' Buffer Overflow Vulnerability
85. NETGEAR WGR614 Administration Interface Remote Denial of Service Vulnerability
86. GStreamer QuickTime Media File Parsing Multiple Buffer Overflow Vulnerabilities
87. Trickle 'LD_PRELOAD' Arbitrary Code Execution Vulnerability
88. Nagios Unspecified Cross-Site Scripting Vulnerability
89. Cambium Group Content Management System Multiple Remote Vulnerabilities
90. Qwerty CMS 'index.php' SQL Injection Vulnerability
91. WOW Raid Manager Unspecified Cross Site Scripting Vulnerability
92. IBM WebSphere Application Server Cluster Configuration File Information Disclosure Vulnerability
93. BarnOwl Prior to 1.0.5 Multiple Buffer Overflow Vulnerabilities
94. Linux Kernel 'inotify' Local Privilege Escalation Vulnerability
95. Linux Kernel '__scm_destroy()' Local Denial of Service Vulnerability
96. Linux Kernel 'sendmsg()' Local Denial of Service Vulnerability
97. Sun Java Runtime Environment Network Access Restriction Security Bypass Vulnerability
98. Sun JSSE SSL/TLS Handshake Processing Denial Of Service Vulnerability
99. Adobe Acrobat and Reader PDF File Handling Remote Code Execution Vulnerability
100. Adobe RoboHelp Multiple Cross Site Scripting Vulnerabilities
III. SECURITYFOCUS NEWS
1. Advisor: U.S. needs policy to defend cyberspace
2. Cabal forms to fight Conficker, offers bounty
3. Group releases list to kill most-dangerous bugs
4. Group attacks flaw in browser crypto security
IV. SECURITY JOBS LIST SUMMARY
V. INCIDENTS LIST SUMMARY
VI. VULN-DEV RESEARCH LIST SUMMARY
VII. MICROSOFT FOCUS LIST SUMMARY
1. SecurityFocus Microsoft Newsletter #432
VIII. SUN FOCUS LIST SUMMARY
IX. LINUX FOCUS LIST SUMMARY
X. UNSUBSCRIBE INSTRUCTIONS
XI. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1.Free Market Filtering
By Mark Rasch
The Australian government is considering requiring that Internet service providers in that country install filters which would prevent citizens from accessing tens of thousands of sites that contain "objectionable" material.
http://www.securityfocus.com/columnists/493

2.Don't Blame the Browser
Melih Abdulhayoglu
There was a time when most diseases were fatal for humans. Intense study and research helped doctors manage diseases better, and subsequently even prevent them altogether.
http://www.securityfocus.com/columnists/492


II. BUGTRAQ SUMMARY
--------------------
1. Newsletter Manager Plus.Attach 'admin/index.asp' Multiple SQL Injection Vulnerabilities
BugTraq ID: 33919
Remote: Yes
Last Updated: 2009-02-26
Relevant URL: http://www.securityfocus.com/bid/33919
Summary:
Newsletter Manager Plus.Attach is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Newsletter Manager Plus.Attach 5.40 is vulnerable; other versions may also be affected.

2. OpenSSL 'EVP_VerifyFinal' Function Signature Verification Vulnerability
BugTraq ID: 33150
Remote: Yes
Last Updated: 2009-02-26
Relevant URL: http://www.securityfocus.com/bid/33150
Summary:
OpenSSL is prone to a signature-verification vulnerability.

An attacker would likely leverage this issue by first carrying out a man-in-the-middle attack. The attacker would most likely exploit this issue to conduct phishing attacks or to impersonate legitimate sites. Other attacks are likely possible.

Releases prior to OpenSSL 0.9.8j are affected.

3. IBM TXSeries for Multiplatforms 'forcepurge' Unspecified Security Vulnerability
BugTraq ID: 33883
Remote: Yes
Last Updated: 2009-02-24
Relevant URL: http://www.securityfocus.com/bid/33883
Summary:
IBM TXSeries for Multiplatforms is prone an unspecified vulnerability.

Very few details are available regarding this issue. We will update this BID as more information emerges.

IBM TXSeries for Multiplatforms 6.2 GA is vulnerable.

4. Adobe RoboHelp Server Multiple Cross Site Scripting Vulnerabilities
BugTraq ID: 33887
Remote: Yes
Last Updated: 2009-02-24
Relevant URL: http://www.securityfocus.com/bid/33887
Summary:
Adobe RoboHelp Server is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

Adobe RoboHelp Server 6 and 7 are vulnerable.

5. SquirrelMail Insecure Cookie Disclosure Weakness
BugTraq ID: 31321
Remote: Yes
Last Updated: 2009-02-24
Relevant URL: http://www.securityfocus.com/bid/31321
Summary:
SquirrelMail is prone to a cookie-disclosure weakness.

An attacker may leverage this issue to obtain sensitive information, steal cookie-based authentication credentials, and carry out session-hijacking attacks; other attacks are also possible.

SquirrelMail 1.4.15 is vulnerable; other versions may also be affected.

6. M5zn Arbitrary File Upload Vulnerability
BugTraq ID: 33874
Remote: Yes
Last Updated: 2009-02-24
Relevant URL: http://www.securityfocus.com/bid/33874
Summary:
M5zn is prone to a vulnerability that lets attackers upload arbitrary files. The issue occurs because the software fails to adequately sanitize user-supplied input.

An attacker can exploit this vulnerability to upload arbitrary code and execute it in the context of the webserver process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible.

M5zn 1.0 is vulnerable; other versions may also be affected.

7. IBM WebSphere Application z/OS CSLv2 Identity Assertion Unspecified Local Vulnerability
BugTraq ID: 33884
Remote: No
Last Updated: 2009-02-24
Relevant URL: http://www.securityfocus.com/bid/33884
Summary:
IBM WebSphere Application Server (WAS) is prone to an unspecified local vulnerability.

Exploiting this issue may allow a local attacker to access sensitive information that may aid in further attacks.

This issue affects WAS 6.0.2 and 5.1 installed on z/OS.

8. CS-Partner 'gestion.php' Multiple SQL Injection Vulnerabilities
BugTraq ID: 31886
Remote: Yes
Last Updated: 2009-02-24
Relevant URL: http://www.securityfocus.com/bid/31886
Summary:
CS-Partner is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied input before using it in an SQL query.

Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

CS-Partner 1.0 is vulnerable; other versions may also be affected.

9. Moodle User Edit Form Unspecified Remote Privilege Escalation Vulnerability
BugTraq ID: 33881
Remote: Yes
Last Updated: 2009-02-24
Relevant URL: http://www.securityfocus.com/bid/33881
Summary:
Moodle is prone to a remote privilege-escalation vulnerability.

Attackers can exploit this issue to gain elevated access to the affected application. Successful exploits may aid in further attacks.

The following Moodle branches and corresponding versions are affected:

1.7.x (prior to 1.7.3)
1.6.x (prior to 1.6.6)
1.5.x

10. Moodle HotPot Module 'report.php' SQL Injection Vulnerability
BugTraq ID: 33878
Remote: Yes
Last Updated: 2009-02-24
Relevant URL: http://www.securityfocus.com/bid/33878
Summary:
The Moodle HotPot module is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

The following versions are affected:

Moodle 1.6.x (prior to 1.6.7)
Moodle 1.7.x (prior to 1.7.5)
Moodle 1.8.x (prior to 1.8.6)
Moodle 1.9.x (prior to 1.9.2)

11. Smarty Template Engine 'Smarty_Compiler.class.php' Security Bypass Vulnerability
BugTraq ID: 31862
Remote: Yes
Last Updated: 2009-02-24
Relevant URL: http://www.securityfocus.com/bid/31862
Summary:
Smarty Template Engine is prone to a security-bypass vulnerability that occurs when embedded variables are processed.

Attackers may exploit the issue to bypass certain security restrictions and execute arbitrary PHP code in the context of the application.

Smarty Template Engine 2.6.19 is vulnerable to the issue; other versions may also be affected.

12. Sony Network Camera ActiveX Control Unspecified Buffer Overflow Vulnerability
BugTraq ID: 33876
Remote: Yes
Last Updated: 2009-02-24
Relevant URL: http://www.securityfocus.com/bid/33876
Summary:
Sony Network Camera ActiveX control is prone to a buffer-overflow vulnerability because it fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.

Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed exploit attempts likely result in denial-of-service conditions.

13. Trend Micro InterScan Web Security Suite Multiple Security Bypass Vulnerabilities
BugTraq ID: 33679
Remote: Yes
Last Updated: 2009-02-24
Relevant URL: http://www.securityfocus.com/bid/33679
Summary:
Trend Micro InterScan Web Security Suite is prone to multiple security-bypass vulnerabilities.

Successful exploits may allow attackers to access sensitive areas and to elevate privileges to perform certain restricted actions, such as modifying system configuration.

These issues affect InterScan Web Security Suite 3.1 for Windows. Reportedly, Linux versions of the application are also affected.

14. IBM WebSphere Application Server WSPolicy Information Disclosure Vulnerability
BugTraq ID: 33879
Remote: No
Last Updated: 2009-02-24
Relevant URL: http://www.securityfocus.com/bid/33879
Summary:
IBM WebSphere Application Server (WAS) is prone to a local information-disclosure vulnerability because it fails to properly recognize a certain access policy.

Exploiting this issue may allow a local attacker to access sensitive information that may aid in further attacks.

This issue affects WAS 7.0.

15. Microsoft Windows NoDriveTypeAutoRun Automatic File Execution Vulnerability
BugTraq ID: 28360
Remote: No
Last Updated: 2009-02-24
Relevant URL: http://www.securityfocus.com/bid/28360
Summary:
Microsoft Windows is prone to a vulnerability that may allow a file to automatically run because the software fails to handle the 'NoDriveTypeAutoRun' registry value.

An attacker may exploit this issue to execute arbitrary code. The attacker must entice a victim into attaching a form of removable media, such as a USB drive or CD-ROM.

16. xGuestbook 'login.php' SQL Injection Vulnerability
BugTraq ID: 33875
Remote: Yes
Last Updated: 2009-02-24
Relevant URL: http://www.securityfocus.com/bid/33875
Summary:
xGuestbook is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

xGuestbook 2.0 is vulnerable; other versions may also be affected.

17. Vim 'PySys_SetArgv' Remote Command Execution Vulnerability
BugTraq ID: 33447
Remote: Yes
Last Updated: 2009-02-24
Relevant URL: http://www.securityfocus.com/bid/33447
Summary:
Vim is prone to a remote command-execution vulnerability.

An attacker could exploit this issue by enticing an unsuspecting victim to execute the vulnerable application in a directory containing a malicious Python file. A successful exploit will allow arbitrary Python commands to run with the privileges of the currently logged-in user.

Versions prior to Vim 7.2.045 are vulnerable.

18. RETIRED: University of Washington IMAP c-client Remote Format String Vulnerability
BugTraq ID: 33795
Remote: Yes
Last Updated: 2009-02-24
Relevant URL: http://www.securityfocus.com/bid/33795
Summary:
University of Washington IMAP 'c-client' is prone to a remote format-string vulnerability because the software fails to adequately sanitize user-supplied input before passing it as the format-specifier to a formatted-printing function.

Attackers can leverage this issue to execute arbitrary code in the context of applications built with the vulnerable library. Failed attacks will likely cause denial-of-service conditions.

IMAP 2007d is vulnerable; other versions may also be affected.

NOTE: This BID is being retired because the application is not vulnerable as described.

19. OptiPNG GIF Image Handling Memory Corruption Vulnerability
BugTraq ID: 33873
Remote: Yes
Last Updated: 2009-02-24
Relevant URL: http://www.securityfocus.com/bid/33873
Summary:
OptiPNG is prone to a memory-corruption vulnerability.

Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.

OptiPNG 0.6.2 and prior versions are vulnerable.

20. Magento Multiple Cross Site Scripting Vulnerabilities
BugTraq ID: 33872
Remote: Yes
Last Updated: 2009-02-24
Relevant URL: http://www.securityfocus.com/bid/33872
Summary:
Magento is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input.

Attacker-supplied HTML and script code would execute in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials.

Magento 1.2.0 is vulnerable; other versions may also be affected.

21. SnippetMaster Webpage Editor Cross Site Scripting and Remote File Include Vulnerabilities
BugTraq ID: 33705
Remote: Yes
Last Updated: 2009-02-24
Relevant URL: http://www.securityfocus.com/bid/33705
Summary:
SnippetMaster Webpage Editor is prone to a cross-site scripting vulnerability and multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data.

An attacker can exploit these issues to execute malicious PHP code in the context of the webserver process. This may allow the attacker to compromise the application and the underlying system. The attacker may also execute script code in an unsuspecting user's browser or steal cookie-based authentication credentials; other attacks are also possible.

SnippetMaster Webpage Editor 2.2.2 is vulnerable; other versions may also be affected.

22. GNU Emacs 'python.el' Code Execution Vulnerability
BugTraq ID: 31052
Remote: No
Last Updated: 2009-02-23
Relevant URL: http://www.securityfocus.com/bid/31052
Summary:
GNU Emacs is prone to a local code-execution vulnerability.

Successful exploits may allow attackers to execute arbitrary code within the context of the user running the affected application.

Versions prior to the following are affected:

GNU Emacs 23.0.60_20080624-22-6
GNU Emacs 22.1-17-17

23. GNU Emacs '.flc' File Processing Vulnerability
BugTraq ID: 29176
Remote: Yes
Last Updated: 2009-02-23
Relevant URL: http://www.securityfocus.com/bid/29176
Summary:
Emacs processes fast-lock files in an insecure manner.

An attacker could exploit this issue to execute arbitrary code with the privileges of the user running the vulnerable application.

This issue affects Emacs 21.3.1; other versions may also be vulnerable.

24. Git gitweb Unspecified Remote Command Execution Vulnerability
BugTraq ID: 33215
Remote: Yes
Last Updated: 2009-02-23
Relevant URL: http://www.securityfocus.com/bid/33215
Summary:
Git gitweb is prone to a remote command-execution vulnerability.

An attacker may exploit this issue to execute arbitrary commands within the context of the affected application; this may aid in further attacks.

Git 1.5.2.4 and 1.5.6.6 are vulnerable; other versions may also be affected

25. KTorrent PHP Code Injection And Security Bypass Vulnerabilities
BugTraq ID: 31927
Remote: Yes
Last Updated: 2009-02-23
Relevant URL: http://www.securityfocus.com/bid/31927
Summary:
KTorrent is prone to a remote PHP code-injection vulnerability and a security-bypass vulnerability. The issues affect the the application's web interface.

An attacker can exploit these issues to perform certain actions without authorization and execute arbitrary malicious PHP code in the context of the webserver process. This may facilitate a compromise of the application and the underlying system; other attacks may also be possible.

The issue affects KTorrent 3.1.3; other versions may also be vulnerable.

26. Free Arcade Script 'play.php' Local File Include Vulnerability
BugTraq ID: 33869
Remote: Yes
Last Updated: 2009-02-23
Relevant URL: http://www.securityfocus.com/bid/33869
Summary:
Free Arcade Script is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.

An attacker can exploit this vulnerability to view and execute arbitrary local files in the context of the webserver process. This may aid in further attacks.

Free Arcade Script 1.0 is vulnerable; other versions may also be affected.

27. BitDefender Internet Security 2009 File Name Cross Site Scripting Vulnerability
BugTraq ID: 33921
Remote: Yes
Last Updated: 2009-02-26
Relevant URL: http://www.securityfocus.com/bid/33921
Summary:
BitDefender Internet Security 2009 is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

28. Coppermine Photo Gallery 'IMG' BBCode HTML Injection Vulnerability
BugTraq ID: 33917
Remote: Yes
Last Updated: 2009-02-26
Relevant URL: http://www.securityfocus.com/bid/33917
Summary:
Coppermine Photo Gallery is prone to an HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied data.

Attacker-supplied HTML or JavaScript code could run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials and to control how the site is rendered to the user; other attacks are also possible.

Coppermine Photo Gallery 1.4.2 is vulnerable; other versions may also be affected.

29. Parsi PHP CMS 'index.php' SQL Injection Vulnerability
BugTraq ID: 33914
Remote: Yes
Last Updated: 2009-02-26
Relevant URL: http://www.securityfocus.com/bid/33914
Summary:
Parsi PHP CMS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Parsi PHP CMS 2.0.0 is vulnerable; other versions may also be affected.

30. HP Virtual Rooms Client Unspecified Remote Code Execution Vulnerability
BugTraq ID: 33918
Remote: Yes
Last Updated: 2009-02-26
Relevant URL: http://www.securityfocus.com/bid/33918
Summary:
HP Virtual Rooms client is prone to a remote code-execution vulnerability caused by an unspecified error.

Successfully exploiting this issue allows an attacker to execute arbitrary code with the privileges of the user running the affected application.

This issue affects Virtual Rooms 7.0 and earlier running on Microsoft Windows.

31. Linux Kernel 'dell_rbu' Local Denial of Service Vulnerabilities
BugTraq ID: 33428
Remote: No
Last Updated: 2009-02-26
Relevant URL: http://www.securityfocus.com/bid/33428
Summary:
Linux Kernel is prone to two denial-of-service vulnerabilities.

A local unprivileged attacker can exploit these issues to cause a vulnerable system to crash, resulting in denial-of-service conditions.

These issues affect versions prior to Linux Kernel 2.6.27.13 and 2.6.28.2.

32. Linux Kernel Cloned Process 'CLONE_PARENT' Local Origin Validation Weakness
BugTraq ID: 33906
Remote: No
Last Updated: 2009-02-26
Relevant URL: http://www.securityfocus.com/bid/33906
Summary:
The Linux kernel is prone to an origin-validation weakness when dealing with signal handling.

This weakness occurs when a privileged process calls attacker-supplied processes as children. Attackers may exploit this to send arbitrary signals to the privileged parent process.

A local attacker may exploit this issue to kill vulnerable processes, resulting in a denial-of-service condition. In some cases, other attacks may also be possible.

Linux kernel 2.6.28 is vulnerable; other versions may also be affected.

33. Linux Kernel 64 Bit ABI System Call Parameter Privilege Escalation Vulnerability
BugTraq ID: 33275
Remote: No
Last Updated: 2009-02-26
Relevant URL: http://www.securityfocus.com/bid/33275
Summary:
The Linux Kernel is prone to a local privilege-escalation vulnerability.

A local attacker may be able to exploit this issue to read or write to unintended address spaces. This may result in denial-of-service conditions, the disclosure of sensitive information, or privilege escalation.

This issue affects versions prior to Linux 2.6.28.6 on some 64-bit architectures, including s390, PowerPC, SPARC64, and MIPS. Additional architectures may also be affected.

34. Linux Kernel 'readlink' Local Privilege Escalation Vulnerability
BugTraq ID: 33412
Remote: No
Last Updated: 2009-02-26
Relevant URL: http://www.securityfocus.com/bid/33412
Summary:
The Linux kernel is prone to a local privilege-escalation vulnerability.

A local attacker can exploit this issue to execute arbitrary code with superuser privileges or crash the affected kernel, denying service to legitimate users.

Versions prior to Linux kernel 2.6.29.1 are vulnerable.

35. Linux Kernel 'keyctl_join_session_keyring()' Denial of Service Vulnerability
BugTraq ID: 33339
Remote: No
Last Updated: 2009-02-26
Relevant URL: http://www.securityfocus.com/bid/33339
Summary:
The Linux kernel is prone to a denial-of-service vulnerability because it fails to manage memory in a proper manner.

Attackers can exploit this issue to cause a crash by exhausting memory resources.

This issue affects Linux kernel 2.6.x.

36. Linux Kernel 'ib700wdt.c' Buffer Underflow Vulnerability
BugTraq ID: 33003
Remote: No
Last Updated: 2009-02-26
Relevant URL: http://www.securityfocus.com/bid/33003
Summary:
The Linux kernel is prone to a buffer-underflow vulnerability because it fails to perform adequate boundary checks on user-supplied data.

A local attacker can exploit this issue to execute arbitrary code with kernel-level privileges or crash the affected computer, denying service to legitimate users.

Versions prior to Linux kernel 2.6.28-rc1 are vulnerable.

37. PHP SAPI 'php_getuid()' Safe Mode Restriction-Bypass Vulnerability
BugTraq ID: 32688
Remote: No
Last Updated: 2009-02-26
Relevant URL: http://www.securityfocus.com/bid/32688
Summary:
PHP is prone to a 'safe_mode' restriction-bypass vulnerability. Successful exploits could allow an attacker to bypass some safe-mode restrictions.

This vulnerability would be an issue in shared-hosting configurations where multiple users can create and execute arbitrary PHP script code, with the 'safe_mode' restrictions assumed to isolate the users from each other.

Versions prior to PHP 5.2.8 are vulnerable.

38. PHP 'mbstring' Extension Buffer Overflow Vulnerability
BugTraq ID: 32948
Remote: Yes
Last Updated: 2009-02-26
Relevant URL: http://www.securityfocus.com/bid/32948
Summary:
PHP is prone to a buffer-overflow vulnerability because it fails to perform boundary checks before copying user-supplied data to insufficiently sized memory buffers. The issue affects the 'mbstring' extension included in the standard distribution.

An attacker can exploit this issue to execute arbitrary machine code in the context of the affected webserver. Failed exploit attempts will likely crash the webserver, denying service to legitimate users.

PHP 4.3.0 through 5.2.6 are vulnerable.

39. Linux Kernel 'FWD-TSN' Chunk Remote Buffer Overflow Vulnerability
BugTraq ID: 33113
Remote: Yes
Last Updated: 2009-02-26
Relevant URL: http://www.securityfocus.com/bid/33113
Summary:
The Linux Kernel is prone to a remote buffer-overflow vulnerability because the software fails to perform adequate boundary checks on user-supplied data.

An attacker can exploit this issue to execute arbitrary code with kernel-level privileges. Successfully exploiting this issue will result in the complete compromise of affected computers. Failed exploit attempts will result in a denial-of-service condition.

The issue affects Linux Kernel 2.6.28; other versions may also be vulnerable.

40. PHP 'error_log' Safe Mode Restriction-Bypass Vulnerability
BugTraq ID: 32383
Remote: No
Last Updated: 2009-02-26
Relevant URL: http://www.securityfocus.com/bid/32383
Summary:
PHP is prone to a 'safe_mode' restriction-bypass vulnerability. Successful exploits could allow an attacker to write files in unauthorized locations.

This vulnerability would be an issue in shared-hosting configurations where multiple users can create and execute arbitrary PHP script code, with the 'safe_mode' restrictions assumed to isolate the users from each other.

Versions prior to PHP 5.2.8 are vulnerable.

41. Linux Kernel 'net/atm/proc.c' Local Denial of Service Vulnerability
BugTraq ID: 32676
Remote: No
Last Updated: 2009-02-26
Relevant URL: http://www.securityfocus.com/bid/32676
Summary:
The Linux kernel is prone to a local denial-of-service vulnerability.

Attackers can exploit this issue to cause the Linux kernel to go into an infinite loop, which may cause a denial-of-service condition.

42. PHP ZipArchive::extractTo() '.zip' Files Directory Traversal Vulnerability
BugTraq ID: 32625
Remote: Yes
Last Updated: 2009-02-26
Relevant URL: http://www.securityfocus.com/bid/32625
Summary:
PHP is prone to a directory-traversal vulnerability because the application fails to adequately sanitize user-supplied input.


A successful attack may allow an attacker to create or overwrite arbitrary files on the system. This may allow arbitrary script code to run in the context of the webserver.

PHP 5.2.6 and prior versions are vulnerable.

43. OpenSSH CBC Mode Information Disclosure Vulnerability
BugTraq ID: 32319
Remote: Yes
Last Updated: 2009-02-26
Relevant URL: http://www.securityfocus.com/bid/32319
Summary:
OpenSSH is prone to an information-disclosure vulnerability.

Successful exploits will allow attackers to obtain four bytes of plaintext from an encrypted session.

Versions prior to OpenSSH 5.2 are vulnerable. Various versions of SSH Tectia are also affected.

44. Drupal Content Construction Kit Module HTML Injection Vulnerabilities
BugTraq ID: 32136
Remote: Yes
Last Updated: 2009-02-26
Relevant URL: http://www.securityfocus.com/bid/32136
Summary:
The Content Construction Kit module for Drupal is prone to HTML-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in dynamically generated content.

Attacker-supplied HTML and script code would run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.

These issues affect versions *prior to* Content Construction Kit 5.x-1.10 and 6.x-2.0.
http://drupal.org/node/207891

45. Squid Web Proxy Cache HTTP Version Number Parsing Denial of Service Vulnerability
BugTraq ID: 33604
Remote: Yes
Last Updated: 2009-02-26
Relevant URL: http://www.securityfocus.com/bid/33604
Summary:
Squid is prone to a remote denial-of-service vulnerability because the proxy server fails to handle certain HTTP requests.

Successfully exploiting this issue allows remote attackers to crash the affected application, denying further service to legitimate users.

This issue affects versions prior to Squid 2.7.STABLE5, Squid 3.0.STABLE12, and Squid 3.1.0.4.

46. D-Link TFTP Transporting Mode Remote Buffer Overflow Vulnerability
BugTraq ID: 22923
Remote: Yes
Last Updated: 2009-02-26
Relevant URL: http://www.securityfocus.com/bid/22923
Summary:
D-Link TFTP is prone to a buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data before storing it in a finite-sized buffer.

A remote attacker can exploit this issue to cause the application to crash, denying further service to legitimate users. Given the nature of this issue, the attacker may presumably be able to execute code.

D-Link TFTP 1.0 is vulnerable; other versions may also be affected.

47. ProFTPD Character Encoding SQL Injection Vulnerability
BugTraq ID: 33650
Remote: Yes
Last Updated: 2009-02-26
Relevant URL: http://www.securityfocus.com/bid/33650
Summary:
ProFTPD is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to manipulate SQL queries, modify data, or exploit latent vulnerabilities in the underlying database. This may result in unauthorized access and a compromise of the application; other attacks are also possible.

The issue affects ProFTPD 1.3.1 and later versions.

48. Cisco Unified MeetingPlace Web Conferencing 'E-Mail Address' Field HTML Injection Vulnerability
BugTraq ID: 33915
Remote: Yes
Last Updated: 2009-02-26
Relevant URL: http://www.securityfocus.com/bid/33915
Summary:
Cisco Unified MeetingPlace Web Conferencing is prone to an HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied data.

Attacker-supplied HTML or JavaScript code could run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials and to control how the site is rendered to the user; other attacks are also possible.

49. ProFTPD 'mod_sql' Username SQL Injection Vulnerability
BugTraq ID: 33722
Remote: Yes
Last Updated: 2009-02-26
Relevant URL: http://www.securityfocus.com/bid/33722
Summary:
ProFTPD is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to manipulate SQL queries, modify data, or exploit latent vulnerabilities in the underlying database. This may result in unauthorized access and a compromise of the application; other attacks are also possible.

ProFTPD 1.3.1 through 1.3.2 rc 2 are vulnerable.

50. Apache Tomcat Host Manager Cross Site Scripting Vulnerability
BugTraq ID: 29502
Remote: Yes
Last Updated: 2009-02-26
Relevant URL: http://www.securityfocus.com/bid/29502
Summary:
Apache Tomcat is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. The issue affects the Host Manager web application.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

The issue affects the following versions:

Tomcat 5.5.9 through 5.5.26
Tomcat 6.0.0 through 6.0.16

51. Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability
BugTraq ID: 30494
Remote: Yes
Last Updated: 2009-02-26
Relevant URL: http://www.securityfocus.com/bid/30494
Summary:
Apache Tomcat is prone to a remote information-disclosure vulnerability.

Remote attackers can exploit this issue to obtain the contents of sensitive files stored on the server. Information obtained may lead to further attacks.

The following versions are affected:

Tomcat 4.1.0 through 4.1.37
Tomcat 5.5.0 through 5.5.26
Tomcat 6.0.0 through 6.0.16

Tomcat 3.x, 4.0.x, and 5.0.x may also be affected.

52. Apache Tomcat 'HttpServletResponse.sendError()' Cross Site Scripting Vulnerability
BugTraq ID: 30496
Remote: Yes
Last Updated: 2009-02-26
Relevant URL: http://www.securityfocus.com/bid/30496
Summary:
Apache Tomcat is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

The issue affects the following versions:

Tomcat 4.1.0 through 4.1.37
Tomcat 5.5.0 through 5.5.26
Tomcat 6.0.0 through 6.0.16

53. Apache Tomcat POST Data Information Disclosure Vulnerability
BugTraq ID: 33913
Remote: Yes
Last Updated: 2009-02-26
Relevant URL: http://www.securityfocus.com/bid/33913
Summary:
Apache Tomcat is prone to a remote information-disclosure vulnerability.

Remote attackers can exploit this issue to obtain sensitive data stored on the server. Information obtained may lead to further attacks.

The following versions are affected:

Apache Tomcat 4.1.32 through 4.1.34
Apache Tomcat 5.5.10 through 5.5.20

NOTE: Apache Tomcat 6.x is not affected.

54. Adobe Flash Player Unspecified Information Disclosure Vulnerability
BugTraq ID: 33889
Remote: Yes
Last Updated: 2009-02-26
Relevant URL: http://www.securityfocus.com/bid/33889
Summary:
Adobe Flash Player is prone to an information-disclosure vulnerability.

Successful exploits will allow an attacker to obtain potentially sensitive information that may be used to elevate privileges.

This issue affects Flash Player on Linux-based operating systems only.

55. Adobe Flash Player Unspecified Remote Denial of Service Vulnerability
BugTraq ID: 33890
Remote: Yes
Last Updated: 2009-02-26
Relevant URL: http://www.securityfocus.com/bid/33890
Summary:
Adobe Flash Player is prone to a remote denial-of-service vulnerability because it fails to properly validate user-supplied input.

Exploiting this issue allows remote attackers to crash the application and possibly to execute code, but this has not been confirmed.

Versions prior to Flash Player 10.0.22.87 are vulnerable.

56. Adobe Flash Player Invalid Object Reference Remote Code Execution Vulnerability
BugTraq ID: 33880
Remote: Yes
Last Updated: 2009-02-26
Relevant URL: http://www.securityfocus.com/bid/33880
Summary:
Adobe Flash Player is prone to a remote code-execution vulnerability.

An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the application. Failed exploit attempts will likely crash the application, denying service to legitimate users.

Versions prior to Flash Player 10.0.12.36 are vulnerable.

57. Epiphany 'PySys_SetArgv' Remote Command Execution Vulnerability
BugTraq ID: 33441
Remote: Yes
Last Updated: 2009-02-26
Relevant URL: http://www.securityfocus.com/bid/33441
Summary:
Epiphany is prone to a remote command-execution vulnerability.

An attacker could exploit this issue by enticing an unsuspecting victim to execute the vulnerable application in a directory containing a malicious Python file. A successful exploit will allow arbitrary Python commands to run with the privileges of the currently logged-in user.

58. Net-SNMP 'snmpUDPDomain.c' Remote Information Disclosure Vulnerability
BugTraq ID: 33755
Remote: Yes
Last Updated: 2009-02-26
Relevant URL: http://www.securityfocus.com/bid/33755
Summary:
Net-SNMP is prone to a remote information-disclosure vulnerability because it fails to properly handle TCP Wrapper authorization rules.

Exploiting this issue will allow attackers to obtain sensitive information that can help them further attacks.

Net-SNMP 5.4.2.1 is vulnerable; other versions are also likely affected.

59. JOnAS 'select' Parameter Error Page Cross Site Scripting Vulnerability
BugTraq ID: 33912
Remote: Yes
Last Updated: 2009-02-26
Relevant URL: http://www.securityfocus.com/bid/33912
Summary:
JOnAS is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

JOnAS 4.10.3 is vulnerable; other versions may also be affected.

60. Orooj CMS 'news.php' SQL Injection Vulnerability
BugTraq ID: 33908
Remote: Yes
Last Updated: 2009-02-26
Relevant URL: http://www.securityfocus.com/bid/33908
Summary:
Orooj CMS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

61. piCal Module for XOOPS 'index.php' Cross Site Scripting Vulnerability
BugTraq ID: 33896
Remote: Yes
Last Updated: 2009-02-26
Relevant URL: http://www.securityfocus.com/bid/33896
Summary:
The piCal module for XOOPS is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

This issue affects piCal 0.91h; other versions may be vulnerable as well.

62. ZNC Webadmin Module Remote Privilege Escalation Vulnerability
BugTraq ID: 33899
Remote: Yes
Last Updated: 2009-02-26
Relevant URL: http://www.securityfocus.com/bid/33899
Summary:
ZNC is prone to a remote privilege-escalation vulnerability.

Attackers can exploit this issue to gain administrative access to the affected application. Successful exploits will compromise the application and may lead to other attacks against the underlying computer.

Versions prior to ZNC 0.066 are affected.

63. CATIA V5 Unspecified Vulnerability
BugTraq ID: 33895
Remote: Yes
Last Updated: 2009-02-26
Relevant URL: http://www.securityfocus.com/bid/33895
Summary:
CATIA V5 is prone to an unspecified vulnerability.

Currently, very little is known about this issue. We will update this BID as more information emerges.

This issue affects versions prior to CATIA V5 Release 18 Service Pack 8.

64. Steamcast Multiple Memory Corruption Vulnerabilities
BugTraq ID: 33898
Remote: Yes
Last Updated: 2009-02-26
Relevant URL: http://www.securityfocus.com/bid/33898
Summary:
Steamcast is prone to multiple memory-corruption vulnerabilities.

Successfully exploiting these issues allows remote attackers to cause denial-of-service conditions or execute arbitrary code in the context of the affected application.

Steamcast 0.9.75 and prior versions are vulnerable.

65. PenPal 'admin/login.asp' Multiple SQL Injection Vulnerabilities
BugTraq ID: 33907
Remote: Yes
Last Updated: 2009-02-26
Relevant URL: http://www.securityfocus.com/bid/33907
Summary:
PenPal is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

PenPal 2.0 is vulnerable; other versions may also be affected.

66. Drupal Theme System Template File Local File Include Vulnerability
BugTraq ID: 33910
Remote: Yes
Last Updated: 2009-02-26
Relevant URL: http://www.securityfocus.com/bid/33910
Summary:
Drupal is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. This issue affects Drupal running under Microsoft Windows.

An attacker can exploit this vulnerability to view files and execute local scripts in the context of the webserver process. This may aid in further attacks.

The following are vulnerable:

Drupal 5.x prior to 5.16
Drupal 6.x prior to 6.10

67. Multiple SkyPortal Modules Multiple Authentication Bypass Vulnerabilities
BugTraq ID: 33911
Remote: Yes
Last Updated: 2009-02-26
Relevant URL: http://www.securityfocus.com/bid/33911
Summary:
Multiple SkyPortal modules are prone to multiple authentication-bypass vulnerabilities because the applications fails to restrict access to certain administration scripts.

An attacker can exploit these issues to gain unauthorized access to the affected applications, which may lead to other attacks.

The following products and versions are affected:

SkyPortal Classifieds System 0.12
SkyPortal Picture Manager 0.11
SkyPortal WebLinks v0.12

68. Sopcast SopCore 'SetExternalPlayer()' ActiveX Control Remote Code Execution Vulnerability
BugTraq ID: 33920
Remote: Yes
Last Updated: 2009-02-26
Relevant URL: http://www.securityfocus.com/bid/33920
Summary:
Sopcast SopCore is prone to a remote code-execution vulnerability.

Attackers can exploit this issue to execute arbitrary code within the context of the application that uses the ActiveX control (typically Internet Explorer). Failed exploit attempts will result in a denial-of-service condition.

69. dradis Multiple Cross Site Scripting Vulnerabilities
BugTraq ID: 33892
Remote: Yes
Last Updated: 2009-02-25
Relevant URL: http://www.securityfocus.com/bid/33892
Summary:
The 'dradis' program is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input.

Attacker-supplied HTML and script code would run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials.

These issues affect versions prior to dradis 2.0.

70. PyCrypto ARC2 Module Buffer Overflow Vulnerability
BugTraq ID: 33674
Remote: Yes
Last Updated: 2009-02-25
Relevant URL: http://www.securityfocus.com/bid/33674
Summary:
PyCrypto (Python Cryptography Toolkit) is prone to a buffer-overflow vulnerability because it fails to adequately verify user-supplied input.

Successful exploits may allow attackers to execute arbitrary code in the context of applications using the vulnerable module. Failed attempts may lead to a denial-of-service condition.

71. Microsoft Excel Invalid Object Remote Code Execution Vulnerability
BugTraq ID: 33870
Remote: Yes
Last Updated: 2009-02-25
Relevant URL: http://www.securityfocus.com/bid/33870
Summary:
Microsoft Excel is prone to a remote code-execution vulnerability.

Attackers may exploit this issue by enticing victims into opening a maliciously crafted Excel file.

Successful exploits may allow attackers to execute arbitrary code with the privileges of the user running the application. Failed exploit attempts will result in a denial-of-service condition.

72. FreeBSD i386_get_ldt(2) Local Kernel Memory Disclosure Vulnerability
BugTraq ID: 13527
Remote: No
Last Updated: 2009-02-25
Relevant URL: http://www.securityfocus.com/bid/13527
Summary:
The 'i386_get_ldt(2)' system call is prone to a memory-disclosure vulnerability.

An attacker can supply a negative or excessive value as an argument to the affected system call and read arbitrary portions of kernel memory.

Information disclosed through this attack may help the attacker launch other attacks against a computer and potentially aid in a complete compromise.

NOTE: Only i386 and amd64 architectures are affected by this issue.

UPDATE (February 25, 2009): Mac OS X 10.5.5 is reported vulnerable.

73. Apple Safari Malformed 'feeds:' URI Null Pointer Dereference Remote Denial Of Service Vulnerability
BugTraq ID: 33909
Remote: Yes
Last Updated: 2009-02-25
Relevant URL: http://www.securityfocus.com/bid/33909
Summary:
Apple Safari is prone to a denial-of-service vulnerability that stems from a NULL-pointer dereference.

Attackers can exploit this issue to crash the affected application, denying service to legitimate users.

Apple Safari 4 Beta is vulnerable; other versions may also be affected.

74. Multiple Cisco ACE Products Multiple Remote Vulnerabilities
BugTraq ID: 33900
Remote: Yes
Last Updated: 2009-02-25
Relevant URL: http://www.securityfocus.com/bid/33900
Summary:
Cisco ACE Application Control Engine Module and Cisco ACE 4710 Application Control Engine are prone to multiple remote vulnerabilities:

- Multiple authentication-bypass issues
- A remote privilege-escalation issue
- Multiple denial-of-service issues

Attackers can exploit these issues to execute arbitrary commands, gain administrative access, and cause denial-of-service conditions. Other attacks are also possible.

75. Cisco Application Network Manager and Application Control Engine Multiple Vulnerabilities
BugTraq ID: 33903
Remote: Yes
Last Updated: 2009-02-25
Relevant URL: http://www.securityfocus.com/bid/33903
Summary:
Cisco Application Network Manager (ANM) and Application Control Engine (ACE) Device Manager are prone to multiple security vulnerabilities, including directory-traversal issues, unauthorized access via default credentials, and a privilege-escalation issue.

A successful exploit may allow attackers to obtain sensitive information, view or modify files, cause denial-of-service conditions, or gain unauthorized access to the affected application. This may aid in the complete compromise of the underlying computer.

76. HP Quality Center Cached Workflow Scripts Security Bypass Vulnerability
BugTraq ID: 33854
Remote: Yes
Last Updated: 2009-02-25
Relevant URL: http://www.securityfocus.com/bid/33854
Summary:
HP Quality Center is prone to a security-bypass vulnerability.

Successful exploits may allow attackers to overwrite content in the database, corrupt data, and carry out other attacks.

HP Quality Center 9.0 and 9.2 are vulnerable; other versions may be affected as well.

NOTE: Reports indicate that an exploit may not gain privileges.

77. SHOUTcast Server DNAS Relay Remote Buffer Overflow Vulnerability
BugTraq ID: 33904
Remote: Yes
Last Updated: 2009-02-25
Relevant URL: http://www.securityfocus.com/bid/33904
Summary:
SHOUTcast Server is prone to a remote buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data.

Attackers may exploit this issue to overwrite the application's web administration password and possibly to execute arbitrary code within the context of the application, but this has not been confirmed. Failed exploit attempts will cause a denial-of-service condition.

SHOUTcast Server 1.9.8 for Windows is vulnerable; other versions may also be affected.

78. Cisco Unified MeetingPlace Web Conferencing Authentication Bypass Vulnerability
BugTraq ID: 33901
Remote: Yes
Last Updated: 2009-02-25
Relevant URL: http://www.securityfocus.com/bid/33901
Summary:
Cisco Unified MeetingPlace Web Conferencing is prone to an unspecified authentication-bypass vulnerability.

An attacker can exploit this issue to gain administrative access to the affected application. This may allow the attacker to compromise the application and the underlying system; other attacks are also possible.

This issue is tracked by Cisco Bug ID CSCsv65815.

Unified MeetingPlace Web Conferencing 6.0 and 7.0 are vulnerable.

79. pPIM Multiple Remote Vulnerabilities
BugTraq ID: 30627
Remote: Yes
Last Updated: 2009-02-25
Relevant URL: http://www.securityfocus.com/bid/30627
Summary:
pPIM is prone to multiple vulnerabilities, including two security-bypass issues, a cross-site scripting issue, and a file-upload issue.

Attackers can exploit these issues to:

- execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site
- steal cookie-based authentication credentials
- delete local files within the context of the webserver process
- upload arbitrary PHP scripts and execute them in the context of the webserver
- change user passwords

These issues affect pPIM 1.0 and prior versions.

80. ksquirrel-libs 'RGBE' File Parsing Multiple Stack Buffer Overflow Vulnerabilities
BugTraq ID: 33902
Remote: Yes
Last Updated: 2009-02-25
Relevant URL: http://www.securityfocus.com/bid/33902
Summary:
The 'ksquirrel-libs' library is prone to multiple stack-based buffer-overflow vulnerabilities because it fails to perform adequate boundary checks on user-supplied input.

Attackers may leverage these issues to execute arbitrary code in the context of an application using the library. Failed attacks will cause denial-of-service conditions.

These issues affect ksquirrel-libs 0.8.0; other versions may also be affected.

81. OpenSite Multiple Security Vulnerabilities
BugTraq ID: 33893
Remote: Yes
Last Updated: 2009-02-25
Relevant URL: http://www.securityfocus.com/bid/33893
Summary:
OpenSite is prone to multiple SQL-injection vulnerabilities and a weakness affecting the authentication routines.

Exploiting these issues could allow an attacker to gain unauthorized access, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

OpenSite 2.1 is vulnerable; other versions may also be affected.

82. OpenGoo User Permissions Security Bypass Vulnerability
BugTraq ID: 33897
Remote: Yes
Last Updated: 2009-02-25
Relevant URL: http://www.securityfocus.com/bid/33897
Summary:
OpenGoo is prone to a security-bypass vulnerability.

Attackers may exploit the issue to bypass certain security restrictions and modify their own permissions.

Versions prior to OpenGoo 1.2.1 are vulnerable.

83. Orbit Downloader 'Connecting' Log Message Creation Remote Buffer Overflow Vulnerability
BugTraq ID: 33894
Remote: Yes
Last Updated: 2009-02-25
Relevant URL: http://www.securityfocus.com/bid/33894
Summary:
Orbit Downloader is prone to a remote buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data.

An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the application. Failed exploit attempts will cause a denial-of-service condition.

This issue affects versions prior to Orbit Downloader 2.8.5.

84. Audacity 'lib-src/allegro/strparse.cpp' Buffer Overflow Vulnerability
BugTraq ID: 33090
Remote: Yes
Last Updated: 2009-02-25
Relevant URL: http://www.securityfocus.com/bid/33090
Summary:
Audacity is prone a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data.

Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the application. Failed exploit attempts likely result in denial-of-service conditions.

Audacity 1.6.2 is vulnerable; other versions may also be affected.

85. NETGEAR WGR614 Administration Interface Remote Denial of Service Vulnerability
BugTraq ID: 32290
Remote: Yes
Last Updated: 2009-02-25
Relevant URL: http://www.securityfocus.com/bid/32290
Summary:
NETGEAR WGR614 is prone to a denial-of-service vulnerability that occurs in the administration web interface.

Successful exploits will cause the affected web interface to crash, denying service to legitimate users.

86. GStreamer QuickTime Media File Parsing Multiple Buffer Overflow Vulnerabilities
BugTraq ID: 33405
Remote: Yes
Last Updated: 2009-02-25
Relevant URL: http://www.securityfocus.com/bid/33405
Summary:
GStreamer is prone to multiple buffer-overflow vulnerabilities because the application fails to perform adequate boundary checks on user-supplied input.

Attackers may leverage these issues to execute arbitrary code in the context of applications that use the affected library. Failed attacks will cause denial-of-service conditions.

Versions prior to GStreamer 'gst-plugins-good' 0.10.12 are vulnerable. Applications using the library, such as Songbird, Totem, and Amarok, may also be affected.

87. Trickle 'LD_PRELOAD' Arbitrary Code Execution Vulnerability
BugTraq ID: 33516
Remote: No
Last Updated: 2009-02-25
Relevant URL: http://www.securityfocus.com/bid/33516
Summary:
Trickle is prone to a vulnerability that lets attackers execute arbitrary code.

An attacker may exploit this issue by enticing a legitimate user into running the affected application from a directory that contains a malicious library file.

88. Nagios Unspecified Cross-Site Scripting Vulnerability
BugTraq ID: 29140
Remote: Yes
Last Updated: 2009-02-25
Relevant URL: http://www.securityfocus.com/bid/29140
Summary:
Nagios is prone to an unspecified cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

The issue affects versions prior to Nagios 2.12.

89. Cambium Group Content Management System Multiple Remote Vulnerabilities
BugTraq ID: 33882
Remote: Yes
Last Updated: 2009-02-25
Relevant URL: http://www.securityfocus.com/bid/33882
Summary:
Cambium Group Content Management System is prone to multiple remote vulnerabilities:

- Multiple information-disclosure issues.
- An SQL-injection issue.
- An authentication-bypass issue.

A successful exploit may allow an attacker to compromise the application, gain unauthorized access to the application, obtain sensitive information, access or modify data, or exploit latent vulnerabilities in the underlying database. Other attacks are also possible.

90. Qwerty CMS 'index.php' SQL Injection Vulnerability
BugTraq ID: 33885
Remote: Yes
Last Updated: 2009-02-25
Relevant URL: http://www.securityfocus.com/bid/33885
Summary:
Qwerty CMS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

91. WOW Raid Manager Unspecified Cross Site Scripting Vulnerability
BugTraq ID: 31661
Remote: Yes
Last Updated: 2009-02-25
Relevant URL: http://www.securityfocus.com/bid/31661
Summary:
WOW Raid Manager is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.

Versions prior to WOW Raid Manager 3.5.1 are vulnerable.

92. IBM WebSphere Application Server Cluster Configuration File Information Disclosure Vulnerability
BugTraq ID: 33905
Remote: Yes
Last Updated: 2009-02-25
Relevant URL: http://www.securityfocus.com/bid/33905
Summary:
IBM WebSphere Application Server (WAS) is prone to an information-disclosure vulnerability because it fails to properly conceal sensitive configuration data.

Exploiting this issue may allow an attacker to access sensitive information that may aid in further attacks.

This issue affects WAS 6.1.2 and 6.2.

93. BarnOwl Prior to 1.0.5 Multiple Buffer Overflow Vulnerabilities
BugTraq ID: 33877
Remote: Yes
Last Updated: 2009-02-25
Relevant URL: http://www.securityfocus.com/bid/33877
Summary:
BarnOwl is prone to multiple buffer-overflow vulnerabilities because it fails to perform adequate boundary-checks on user-supplied data.

Successfully exploiting these issues will allow an attacker to execute arbitrary code within the context of the affected application. Failed exploit attempts will likely crash the application.

Versions prior to BarnOwl 1.0.5 are vulnerable.

94. Linux Kernel 'inotify' Local Privilege Escalation Vulnerability
BugTraq ID: 33503
Remote: No
Last Updated: 2009-02-25
Relevant URL: http://www.securityfocus.com/bid/33503
Summary:
The Linux kernel is prone to a local privilege-escalation vulnerability.

A local attacker can exploit this issue to execute arbitrary code with elevated privileges or crash the affected kernel, denying service to legitimate users.

Versions prior to Linux kernel 2.6.28-rc5 are vulnerable.

95. Linux Kernel '__scm_destroy()' Local Denial of Service Vulnerability
BugTraq ID: 32154
Remote: No
Last Updated: 2009-02-25
Relevant URL: http://www.securityfocus.com/bid/32154
Summary:
The Linux kernel is prone to a local denial-of-service vulnerability.

Attackers can exploit this issue to cause the kernel to crash, denying service to legitimate users.

The Linux kernel 2.6.26 and prior versions are affected.

96. Linux Kernel 'sendmsg()' Local Denial of Service Vulnerability
BugTraq ID: 32516
Remote: No
Last Updated: 2009-02-25
Relevant URL: http://www.securityfocus.com/bid/32516
Summary:
The Linux kernel is prone to a local denial-of-service vulnerability.

Attackers can exploit this issue to create a soft lockup of the vulnerable kernel or to invoke the 'oom-killer' kernel functionality, which may halt unrelated processes. This may result in a denial-of-service condition.

NOTE: This issue was either caused or revealed by the fix for BID 32154 (Linux Kernel '__scm_destroy()' Local Denial of Service Vulnerability).

The Linux kernel 2.6.27 and prior versions are affected.

97. Sun Java Runtime Environment Network Access Restriction Security Bypass Vulnerability
BugTraq ID: 25054
Remote: Yes
Last Updated: 2009-02-25
Relevant URL: http://www.securityfocus.com/bid/25054
Summary:
The Sun Java Runtime Environment is prone to a security-bypass vulnerability.

Successfully exploiting this issue will allow an attacker to connect to services on a remote user's computer without proper authorization. This may lead to other attacks.

98. Sun JSSE SSL/TLS Handshake Processing Denial Of Service Vulnerability
BugTraq ID: 24846
Remote: Yes
Last Updated: 2009-02-25
Relevant URL: http://www.securityfocus.com/bid/24846
Summary:
The Sun JSSE (Java Secure Socket Extension) is prone to a denial-of-service vulnerability.

An attacker can exploit this issue to crash the computer, denying access to legitimate users.

99. Adobe Acrobat and Reader PDF File Handling Remote Code Execution Vulnerability
BugTraq ID: 33751
Remote: Yes
Last Updated: 2009-02-25
Relevant URL: http://www.securityfocus.com/bid/33751
Summary:
Adobe Acrobat and Reader are prone to a remote code-execution vulnerability.

An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the application or crash the application, denying service to legitimate users.

The issue affects Reader and Acrobat 9, 8.1.3 and prior, and 7.

UPDATE (February 24, 2009): Further reports suggest that this issue affects the vulnerable applications running on Apple Mac OS X and various Linux-based operating systems.

100. Adobe RoboHelp Multiple Cross Site Scripting Vulnerabilities
BugTraq ID: 33888
Remote: Yes
Last Updated: 2009-02-24
Relevant URL: http://www.securityfocus.com/bid/33888
Summary:
Adobe RoboHelp is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of a site that includes content generated by the affected application. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

Adobe RoboHelp 6 and 7 are vulnerable.

III. SECURITYFOCUS NEWS ARTICLES
--------------------------------
1. Advisor: U.S. needs policy to defend cyberspace
By: Robert Lemos
An Obama transition-team member argues that any future cyber policy needs to deal with the role of the intelligence community, the militarization of cyberspace and designating a lead disaster agency.
http://www.securityfocus.com/news/11547

2. Cabal forms to fight Conficker, offers bounty
By: Robert Lemos
Microsoft offers $250,000 for information leading to the arrest of the author and, along with security firms and Internet service providers, pledges to work to prevent the prolific worm from spreading further.
http://www.securityfocus.com/news/11546

3. Group releases list to kill most-dangerous bugs
By: Robert Lemos
Software makers, security vendors, and government agencies team up to create a list of the 25 most severe software issues, aiming to get developers to stop making mistakes.
http://www.securityfocus.com/news/11542

4. Group attacks flaw in browser crypto security
By: Robert Lemos
A group of researchers warns browser makers and certificate authorities to drop support for MD5 digital signatures, after successfully creating a fake, but valid, certificate.
http://www.securityfocus.com/news/11541

IV. SECURITY JOBS LIST SUMMARY
-------------------------------
V. INCIDENTS LIST SUMMARY
---------------------------
VI. VULN-DEV RESEARCH LIST SUMMARY
-----------------------------------
VII. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. SecurityFocus Microsoft Newsletter #432
http://www.securityfocus.com/archive/88/501097

VIII. SUN FOCUS LIST SUMMARY
----------------------------
IX. LINUX FOCUS LIST SUMMARY
----------------------------
X. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to sf-news-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.

XI. SPONSOR INFORMATION
------------------------
This issue is sponsored by Sophos Security Threat Report: 2009

Predicting the future in such a rapidly evolving environment is near impossible. One only needs to count the rate at which new malware appears today compared to five years ago to see how quickly the threat has become more serious. Read our security threat report to read about the malware trends we predict will be at the forefront in 2009.

http://dinclinx.com/Redirect.aspx?36;4036;35;189;0;4;259;d0ddf43bf0d4abdd

No comments:

Blog Archive