WINDOWS CENTER: SecurityFocus Newsletter #493

SecurityFocus Newsletter #493
----------------------------------------

This issue is sponsored by Qualys

Choosing a solution for Vulnerability Management (VM) is a critical step toward protecting your organization's network and data. Without proven, automated technology for precise detection and remediation, no network can withstand the daily onslaught of new vulnerabilities that threaten security.

http://dinclinx.com/Redirect.aspx?36;4164;35;189;0;6;259;456696438e431ea1

SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1. Free Market Filtering
2. Don't Blame the Browser
II. BUGTRAQ SUMMARY
1. RETIRED: iDefense COMRaider 'DeleteFile()' Method Arbitrary File Deletion Vulnerability
2. Mozilla Firefox/Thunderbird/SeaMonkey MFSA 2009 -07 -08 -09 and -11 Multiple Remote Vulnerabilities
3. Vim Vim Script Multiple Command Execution Vulnerabilities
4. Netrw Vim Script Multiple Command Execution Vulnerabilities
5. Vim 'zip.vim' Plugin Arbitrary Command Execution Vulnerability
6. Vim 'tar.vim' Plugin Arbitrary Command Execution Vulnerability
7. ProFTPD 'mod_sql' Username SQL Injection Vulnerability
8. ProFTPD Character Encoding SQL Injection Vulnerability
9. GStreamer QuickTime Media File Parsing Multiple Buffer Overflow Vulnerabilities
10. PHP 'error_log' Safe Mode Restriction-Bypass Vulnerability
11. PHP ZipArchive::extractTo() '.zip' Files Directory Traversal Vulnerability
12. PHP 5 'posix_access()' Function 'safe_mode' Bypass Directory Traversal Vulnerability
13. PHP FastCGI Module File Extension Denial Of Service Vulnerabilities
14. PHP Multiple Buffer Overflow Vulnerabilities
15. PHP 'mbstring' Extension Buffer Overflow Vulnerability
16. PHP 'chdir()' and 'ftok()' 'safe_mode' Multiple Security Bypss Vulnerabilities
17. PHP 'rfc822_write_address()' Function Buffer Overflow Vulnerability
18. PHP SAPI 'php_getuid()' Safe Mode Restriction-Bypass Vulnerability
19. eXtplorer 'include/init.php' Local File Include Vulnerability
20. Linux Kernel 'ndiswrapper' Remote Buffer Overflow Vulnerability
21. Multiple Linux Distributions 'login' Local Privilege Escalation Vulnerability
22. Linux Kernel Audit System 'audit_syscall_entry()' System Call Security Bypass Vulnerability
23. Linux Kernel 'seccomp' System Call Security Bypass Vulnerability
24. Opera Web Browser prior to 9.64 Multiple Security Vulnerabilities
25. MPFR Library 'printf.c' Multiple Buffer Overflow Vulnerabilities
26. Afian 'includer.php' Directory Traversal Vulnerability
27. IBM DB2 Remote Denial of Service Vulnerabilities
28. Media Commands Multiple Media File Multiple Heap Buffer Overflow Vulnerabilities
29. IBM WebSphere Application Server for z/OS Unspecified Cross Site Scripting Vulnerability
30. Sun Solaris Crypto Driver Local Denial Of Service Vulnerability
31. OpenSC PKCS#11 Implementation Unauthorized Access Vulnerability
32. Libra File Manager 'fileadmin.php' Local File Include Vulnerability
33. Libpng Library Uninitialized Pointer Arrays Memory Corruption Vulnerabilities
34. Samhain SRP Authentication Bypass Vulnerability
35. TYPO3 Flat Manager Unspecified SQL Injection Vulnerability
36. TYPO3 Accessibility Glossary Extension Unspecified SQL Injection Vulnerability
37. TYPO3 Calendar Base Search Parameters Unspecified Cross Site Scripting Vulnerability
38. WikyBlog Arbitrary File Upload Vulnerability
39. NovaBoard HTML Injection and Cross-Site Scripting Vulnerabilities
40. RitsBlog SQL Injection and HTML Injection Vulnerabilities
41. Venalsur Booking Centre SQL Injection and Cross Site Scripting Vulnerabilities
42. Little CMS Buffer Overflow and Integer Signedness Vulnerabilities
43. Red Hat SBLIM Insecure Library Path Local Privilege Escalation Vulnerability
44. Ruby Multiple Libraries SSL Multiple Insecure Certificate Validation Weaknesses
45. Blogsa 'Widgets.aspx' Cross Site Scripting Vulnerability
46. Red Hat Certificate System Multiple Local Information Disclosure Vulnerabilities
47. Red Hat Certificate System rhpki-common Security Bypass Weakness
48. Multiple Cisco ACE Products Multiple Remote Vulnerabilities
49. AREVA e-terrahabitat Multiple Security Vulnerabilities
50. Mole Group Airline Ticket Script 'info.php' SQL Injection Vulnerability
51. TPTEST 'pwd' Remote Stack Buffer Overflow Vulnerability
52. Libpng Library Unknown Chunk Handler Vulnerability
53. Multiple Laptop Face Recognition Authentication Bypass Vulnerability
54. Wireshark 1.0.4 SMTP Denial of Service Vulnerability
55. Wireshark 1.0.5 Multiple Denial Of Service Vulnerabilities
56. Wireshark 1.0.3 Multiple Denial Of Service Vulnerabilities
57. Multiple China-on-site.com Products Username and Password SQL Injection Vulnerabilities
58. access2asp 'default_Image.asp' Arbitrary File Upload Vulnerability
59. Graugon PHP Article Publisher SQL Injection and Cookie Authentication Bypass Vulnerabilities
60. Cisco Session Border Controller (SBC) Remote Denial Of Service Vulnerability
61. 3Com Switch 4500G SFTP Authentication Bypass Vulnerability
62. PHP 'popen()' Function Buffer Overflow Vulnerability
63. cURL/libcURL HTTP 'Location:' Redirect Security Bypass Vulnerability
64. EFS Software Easy Chat Server Authentication Request Handling Remote Buffer Overflow Vulnerability
65. VUPlayer '.CUE' File Buffer Overflow Vulnerability
66. Microsoft Internet Explorer Uninitialized Memory Remote Code Execution Vulnerability
67. Samba Arbitrary Memory Contents Information Disclosure Vulnerability
68. BlogMan Multiple Input Validation Vulnerabilities
69. NovaStor NovaNET 'DtbClsLogin()' Remote Stack Buffer Overflow Vulnerability
70. Joomla! and Mambo DigiStore Component 'pid' Parameter SQL Injection Vulnerability
71. RavenNuke Multiple Input Validation Vulnerabilities
72. eog 'PySys_SetArgv' Remote Command Execution Vulnerability
73. MediaWiki 'config/index.php' Multiple Cross Site Scripting Vulnerabilities
74. PHP 5.2.8 and Prior Versions Multiple Vulnerabilities
75. PHP 'imageRotate()' Uninitialized Memory Information Disclosure Vulnerability
76. EFS Software Easy Chat Server 'registresult.htm' Authentication Bypass Vulnerability
77. KwsPHP Eskuel Module Arbitrary File Upload Vulnerability
78. Xomol CMS 'index.php' SQL Injection Vulnerability
79. ZABBIX 'locales.php' Local File Include and Remote Code Execution Vulnerability
80. Sun Management Center Performance Reporting Module Cross Site Scripting Vulnerability
81. phpBB 'ucp.php' Cross Site Scripting Vulnerability
82. JProfile Gold 'index.php' SQL Injection Vulnerability
83. Arno's IPTables Firewall Script Restart Security Bypass Vulnerability
84. BlindBlog Multiple Local File Include and SQL Injection Vulnerabilities
85. Easy Web Password '.ewp' File Buffer Overflow Vulnerability
86. Webformatique Car Manager Joomla! Component 'ItemID' Parameter SQL Injection Vulnerability
87. Webformatique Reservation Manager Joomla! Component 'ItemID' Parameter SQL Injection Vulnerability
88. Easy File Sharing Web Server 'thumbnail.php' File Disclosure Vulnerability
89. Multiple HTTP Proxy HTTP Host Header Incorrect Relay Behavior Vulnerability
90. Mozilla Firefox Nested 'window.print()' Denial of Service Vulnerability
91. Harlandscripts Pro Traffic One 'id' Parameter SQL Injection Vulnerability
92. GForge Multiple SQL Injection Vulnerabilities
93. Yaws Multiple Header Request Denial of Service Vulnerability
94. Squid Web Proxy Cache HTTP Version Number Parsing Denial of Service Vulnerability
95. Ubuntu network-manager-applet Permission Enforcement Multiple Local Vulnrabilities
96. Orbit Downloader 'Connecting' Log Message Creation Remote Buffer Overflow Vulnerability
97. libsndfile CAF Processing Buffer Overflow Vulnerability
98. ClearBudget Invalid '.htaccess' Unauthorized Access Vulnerability
99. University of Washington IMAP 'tmail' and 'dmail' Local Buffer Overflow Vulnerabilities
100. Adobe Acrobat and Reader PDF File Handling JBIG2 Image Remote Code Execution Vulnerability
III. SECURITYFOCUS NEWS
1. Advisor: U.S. needs policy to defend cyberspace
2. Cabal forms to fight Conficker, offers bounty
3. Group releases list to kill most-dangerous bugs
4. Group attacks flaw in browser crypto security
IV. SECURITY JOBS LIST SUMMARY
V. INCIDENTS LIST SUMMARY
VI. VULN-DEV RESEARCH LIST SUMMARY
VII. MICROSOFT FOCUS LIST SUMMARY
1. SecurityFocus Microsoft Newsletter #433
VIII. SUN FOCUS LIST SUMMARY
IX. LINUX FOCUS LIST SUMMARY
X. UNSUBSCRIBE INSTRUCTIONS
XI. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1.Free Market Filtering
By Mark Rasch
The Australian government is considering requiring that Internet service providers in that country install filters which would prevent citizens from accessing tens of thousands of sites that contain "objectionable" material.
http://www.securityfocus.com/columnists/493

2.Don't Blame the Browser
Melih Abdulhayoglu
There was a time when most diseases were fatal for humans. Intense study and research helped doctors manage diseases better, and subsequently even prevent them altogether.
http://www.securityfocus.com/columnists/492

II. BUGTRAQ SUMMARY
--------------------
1. RETIRED: iDefense COMRaider 'DeleteFile()' Method Arbitrary File Deletion Vulnerability
BugTraq ID: 33867
Remote: Yes
Last Updated: 2009-03-05
Relevant URL: http://www.securityfocus.com/bid/33867
Summary:
iDefense COMRaider is prone to a vulnerability that lets attackers delete arbitrary files on the affected computer in the context of the application using the ActiveX control (typically Internet Explorer). Successful attacks can result in denial-of-service conditions.

NOTE: This issue is being retired. Further information from the vendor indicates that the application is not vulnerable.

2. Mozilla Firefox/Thunderbird/SeaMonkey MFSA 2009 -07 -08 -09 and -11 Multiple Remote Vulnerabilities
BugTraq ID: 33990
Remote: Yes
Last Updated: 2009-03-05
Relevant URL: http://www.securityfocus.com/bid/33990
Summary:
The Mozilla Foundation has released multiple security advisories specifying various vulnerabilities in Firefox, Thunderbird, and SeaMonkey.

Attackers can exploit these issues to bypass same-origin restrictions, obtain potentially sensitive information, and execute arbitrary script code with elevated privileges; other attacks are also possible.

3. Vim Vim Script Multiple Command Execution Vulnerabilities
BugTraq ID: 29715
Remote: Yes
Last Updated: 2009-03-03
Relevant URL: http://www.securityfocus.com/bid/29715
Summary:
Vim is prone to multiple command-execution vulnerabilities because the application fails to sufficiently sanitize user-supplied data.

Successfully exploiting these issues can allow an attacker to execute arbitrary commands with the privileges of the user running the affected application.

Vim 7.1.298 is vulnerable; other versions may also be affected.

4. Netrw Vim Script Multiple Command Execution Vulnerabilities
BugTraq ID: 30115
Remote: Yes
Last Updated: 2009-03-03
Relevant URL: http://www.securityfocus.com/bid/30115
Summary:
Netrw is prone to multiple command-execution vulnerabilities because the application fails to sufficiently sanitize user-supplied data.

Successfully exploiting these issues can allow an attacker to execute arbitrary commands with the privileges of the user running the affected application.

Netrw 125 is vulnerable; other versions may also be affected.

5. Vim 'zip.vim' Plugin Arbitrary Command Execution Vulnerability
BugTraq ID: 32463
Remote: Yes
Last Updated: 2009-03-03
Relevant URL: http://www.securityfocus.com/bid/32463
Summary:
The 'zip.vim' plugin for Vim is prone to a command-execution vulnerability because the application fails to sufficiently sanitize user-supplied data.

Successfully exploiting this issue can allow an attacker to execute arbitrary commands with the privileges of the user running the affected application.

Vim 7.0 and 7.1 are vulnerable.

6. Vim 'tar.vim' Plugin Arbitrary Command Execution Vulnerability
BugTraq ID: 32462
Remote: Yes
Last Updated: 2009-03-03
Relevant URL: http://www.securityfocus.com/bid/32462
Summary:
The 'tar.vim' plugin for Vim is prone to a command-execution vulnerability because the application fails to sufficiently sanitize user-supplied data.

Successfully exploiting this issue can allow an attacker to execute arbitrary commands with the privileges of the user running the affected application.

Vim 7.0 and 7.1 are vulnerable.

7. ProFTPD 'mod_sql' Username SQL Injection Vulnerability
BugTraq ID: 33722
Remote: Yes
Last Updated: 2009-03-03
Relevant URL: http://www.securityfocus.com/bid/33722
Summary:
ProFTPD is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to manipulate SQL queries, modify data, or exploit latent vulnerabilities in the underlying database. This may result in unauthorized access and a compromise of the application; other attacks are also possible.

ProFTPD 1.3.1 through 1.3.2 rc 2 are vulnerable.

8. ProFTPD Character Encoding SQL Injection Vulnerability
BugTraq ID: 33650
Remote: Yes
Last Updated: 2009-03-03
Relevant URL: http://www.securityfocus.com/bid/33650
Summary:
ProFTPD is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

The issue affects ProFTPD 1.3.1 and later versions.

9. GStreamer QuickTime Media File Parsing Multiple Buffer Overflow Vulnerabilities
BugTraq ID: 33405
Remote: Yes
Last Updated: 2009-03-03
Relevant URL: http://www.securityfocus.com/bid/33405
Summary:
GStreamer is prone to multiple buffer-overflow vulnerabilities because the application fails to perform adequate boundary checks on user-supplied input.

Attackers may leverage these issues to execute arbitrary code in the context of applications that use the affected library. Failed attacks will cause denial-of-service conditions.

Versions prior to GStreamer 'gst-plugins-good' 0.10.12 are vulnerable. Applications using the library, such as Songbird, Totem, and Amarok, may also be affected.

10. PHP 'error_log' Safe Mode Restriction-Bypass Vulnerability
BugTraq ID: 32383
Remote: No
Last Updated: 2009-03-03
Relevant URL: http://www.securityfocus.com/bid/32383
Summary:
PHP is prone to a 'safe_mode' restriction-bypass vulnerability. Successful exploits could allow an attacker to write files in unauthorized locations.

This vulnerability would be an issue in shared-hosting configurations where multiple users can create and execute arbitrary PHP script code, with the 'safe_mode' restrictions assumed to isolate the users from each other.

Versions prior to PHP 5.2.8 are vulnerable.

11. PHP ZipArchive::extractTo() '.zip' Files Directory Traversal Vulnerability
BugTraq ID: 32625
Remote: Yes
Last Updated: 2009-03-03
Relevant URL: http://www.securityfocus.com/bid/32625
Summary:
PHP is prone to a directory-traversal vulnerability because the application fails to adequately sanitize user-supplied input.

A successful attack may allow an attacker to create or overwrite arbitrary files on the system. This may allow arbitrary script code to run in the context of the webserver.

PHP 5.2.6 and prior versions are vulnerable.

12. PHP 5 'posix_access()' Function 'safe_mode' Bypass Directory Traversal Vulnerability
BugTraq ID: 29797
Remote: Yes
Last Updated: 2009-03-03
Relevant URL: http://www.securityfocus.com/bid/29797
Summary:
PHP is prone to a directory-traversal vulnerability because it fails to adequately sanitize user-supplied data.

Attackers can leverage this issue to bypass security restrictions enforced by 'safe_mode' to access data outside of the root webserver directory. Successful attacks may allow an attacker to access sensitive information that could aid in further attacks.

PHP 5.2.6 is vulnerable; other versions may also be affected.

13. PHP FastCGI Module File Extension Denial Of Service Vulnerabilities
BugTraq ID: 31612
Remote: Yes
Last Updated: 2009-03-03
Relevant URL: http://www.securityfocus.com/bid/31612
Summary:
PHP is prone to a denial-of-service vulnerability because the application fails to handle certain file requests.

Attackers can exploit this issue to crash the affected application, denying service to legitimate users.

PHP 4.4 prior to 4.4.9 and PHP 5.2 through 5.2.6 are vulnerable.

14. PHP Multiple Buffer Overflow Vulnerabilities
BugTraq ID: 30649
Remote: Yes
Last Updated: 2009-03-03
Relevant URL: http://www.securityfocus.com/bid/30649
Summary:
PHP is prone to multiple buffer-overflow vulnerabilities.

Successful exploits may allow attackers to execute arbitrary code in the context of applications using the vulnerable PHP functions. This may result in a compromise of the underlying system. Failed attempts may lead to a denial-of-service condition.

Versions prior to PHP 4.4.9 and PHP 5.2.8 are vulnerable.

15. PHP 'mbstring' Extension Buffer Overflow Vulnerability
BugTraq ID: 32948
Remote: Yes
Last Updated: 2009-03-03
Relevant URL: http://www.securityfocus.com/bid/32948
Summary:
PHP is prone to a buffer-overflow vulnerability because it fails to perform boundary checks before copying user-supplied data to insufficiently sized memory buffers. The issue affects the 'mbstring' extension included in the standard distribution.

An attacker can exploit this issue to execute arbitrary machine code in the context of the affected webserver. Failed exploit attempts will likely crash the webserver, denying service to legitimate users.

PHP 4.3.0 through 5.2.6 are vulnerable.

16. PHP 'chdir()' and 'ftok()' 'safe_mode' Multiple Security Bypss Vulnerabilities
BugTraq ID: 29796
Remote: Yes
Last Updated: 2009-03-03
Relevant URL: http://www.securityfocus.com/bid/29796
Summary:
PHP is prone to multiple 'safe_mode' restriction-bypass vulnerabilities. Successful exploits could allow an attacker to determine the presence of files in unauthorized locations; other attacks are also possible.

Exploiting these issues allows attackers to obtain sensitive data that could be used in other attacks.

These vulnerabilities would be an issue in shared-hosting configurations where multiple users can create and execute arbitrary PHP script code; in such cases, the 'safe_mode' restriction is expected to isolate users from each other.

PHP 5.2.6 is vulnerable; other versions may also be affected.

17. PHP 'rfc822_write_address()' Function Buffer Overflow Vulnerability
BugTraq ID: 29829
Remote: Yes
Last Updated: 2009-03-03
Relevant URL: http://www.securityfocus.com/bid/29829
Summary:
PHP is prone to a buffer-overflow vulnerability because it fails to perform boundary checks before copying user-supplied data to insufficiently sized memory buffers.

PHP 5.2.6 and prior versions are vulnerable.

18. PHP SAPI 'php_getuid()' Safe Mode Restriction-Bypass Vulnerability
BugTraq ID: 32688
Remote: No
Last Updated: 2009-03-03
Relevant URL: http://www.securityfocus.com/bid/32688
Summary:
PHP is prone to a 'safe_mode' restriction-bypass vulnerability. Successful exploits could allow an attacker to bypass some safe-mode restrictions.

Versions prior to PHP 5.2.8 are vulnerable.

19. eXtplorer 'include/init.php' Local File Include Vulnerability
BugTraq ID: 33955
Remote: Yes
Last Updated: 2009-03-03
Relevant URL: http://www.securityfocus.com/bid/33955
Summary:
eXtplorer is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.

An attacker can exploit this vulnerability to view and execute arbitrary local files in the context of the webserver process. This may aid in further attacks.

eXtplorer 2.0.0 is vulnerable; prior versions may also be affected.

20. Linux Kernel 'ndiswrapper' Remote Buffer Overflow Vulnerability
BugTraq ID: 32118
Remote: Yes
Last Updated: 2009-03-03
Relevant URL: http://www.securityfocus.com/bid/32118
Summary:
The Linux Kernel is prone to a remote buffer-overflow vulnerability because the software fails to perform adequate boundary checks on user-supplied data.

An attacker can exploit this issue to execute arbitrary code with kernel-level privileges. Successfully exploiting this issue will result in the complete compromise of affected computers. Failed exploit attempts will result in a denial-of-service condition.

The issue affects Linux Kernel 2.6.27; other versions may also be vulnerable.

21. Multiple Linux Distributions 'login' Local Privilege Escalation Vulnerability
BugTraq ID: 32552
Remote: No
Last Updated: 2009-03-03
Relevant URL: http://www.securityfocus.com/bid/32552
Summary:
Multiple Linux distributions a local privilege-escalation vulnerability because of an error in the 'login' program.

Local attackers in the UTMP group could exploit this issue to take ownership of arbitrary files on the vulnerable system. This may lead to a complete compromise of the system.

22. Linux Kernel Audit System 'audit_syscall_entry()' System Call Security Bypass Vulnerability
BugTraq ID: 33951
Remote: No
Last Updated: 2009-03-03
Relevant URL: http://www.securityfocus.com/bid/33951
Summary:
The Linux kernel is prone to a local security-bypass vulnerability.

A local attacker may be able to exploit this issue to bypass audit mechanisms imposed on system calls. This may allow malicious behavior to escape notice.

23. Linux Kernel 'seccomp' System Call Security Bypass Vulnerability
BugTraq ID: 33948
Remote: No
Last Updated: 2009-03-03
Relevant URL: http://www.securityfocus.com/bid/33948
Summary:
The Linux kernel is prone to a local security-bypass vulnerability.

A local attacker may be able to exploit this issue to bypass access control and make restricted system calls, which may result in an elevation of privileges.

24. Opera Web Browser prior to 9.64 Multiple Security Vulnerabilities
BugTraq ID: 33961
Remote: Yes
Last Updated: 2009-03-03
Relevant URL: http://www.securityfocus.com/bid/33961
Summary:
Opera Web Browser is prone to multiple security vulnerabilities.

Successful exploits may allow attackers to:
- execute arbitrary code in the context of the application
- execute arbitrary script code in the browser of an unsuspecting user in the context of certain sites
- cause denial-of-service conditions
- steal cookie-based authentication credentials
- obtain sensitive information
- carry out other attacks

Versions prior to Opera 9.64 are vulnerable.

25. MPFR Library 'printf.c' Multiple Buffer Overflow Vulnerabilities
BugTraq ID: 33945
Remote: Yes
Last Updated: 2009-03-03
Relevant URL: http://www.securityfocus.com/bid/33945
Summary:
The MPFR library is prone to multiple buffer-overflow vulnerabilities because it fails to properly bounds-check user-supplied data before copying it into an insufficiently sized buffer.

An attacker can exploit these issues to execute arbitrary code in the context of applications using the vulnerable library. Failed exploit attempts will likely cause denial-of-service conditions.

Versions prior to MPFR 2.4.1 are vulnerable.

26. Afian 'includer.php' Directory Traversal Vulnerability
BugTraq ID: 33943
Remote: Yes
Last Updated: 2009-03-03
Relevant URL: http://www.securityfocus.com/bid/33943
Summary:
Afian is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input data.

Exploiting the issue may allow an attacker to obtain sensitive information that could aid in further attacks.

27. IBM DB2 Remote Denial of Service Vulnerabilities
BugTraq ID: 33258
Remote: Yes
Last Updated: 2009-03-05
Relevant URL: http://www.securityfocus.com/bid/33258
Summary:
IBM DB2 is prone to multiple denial-of-service vulnerabilities.

An attacker can exploit these issues to crash the server and deny service to legitimate users.

These issues affect versions prior to DB2 9.1 FP6a, 9.5 FP3a, and 8.1 FP17a.

28. Media Commands Multiple Media File Multiple Heap Buffer Overflow Vulnerabilities
BugTraq ID: 33958
Remote: Yes
Last Updated: 2009-03-05
Relevant URL: http://www.securityfocus.com/bid/33958
Summary:
Media Commands is prone to multiple heap-based buffer-overflow vulnerabilities because it fails to perform adequate boundary checks on user-supplied input.

Successfully exploiting these issues may allow remote attackers to execute arbitrary code in the context of the application. Failed exploit attempts will cause denial-of-service conditions.

Media Commands 1.0 is vulnerable; other versions may also be affected.

29. IBM WebSphere Application Server for z/OS Unspecified Cross Site Scripting Vulnerability
BugTraq ID: 34001
Remote: Yes
Last Updated: 2009-03-05
Relevant URL: http://www.securityfocus.com/bid/34001
Summary:
IBM WebSphere Application Server (WAS) for z/OS is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.

This issue affects versions prior to WAS 6.1.0.23 for z/OS.

30. Sun Solaris Crypto Driver Local Denial Of Service Vulnerability
BugTraq ID: 34000
Remote: No
Last Updated: 2009-03-05
Relevant URL: http://www.securityfocus.com/bid/34000
Summary:
Sun Solaris is prone to a local denial-of-service vulnerability.

Attackers may exploit this issue to panic a system, denying service to legitimate users.

This issue affects the following:

Solaris 10
OpenSolaris based on builds snv_88 through snv_102.

31. OpenSC PKCS#11 Implementation Unauthorized Access Vulnerability
BugTraq ID: 33922
Remote: No
Last Updated: 2009-03-05
Relevant URL: http://www.securityfocus.com/bid/33922
Summary:
OpenSC is prone to an unauthorized-access vulnerability.

Attackers can exploit this issue to gain unauthorized access to private data, which may lead to other attacks.

Versions prior to OpenSC 0.11.7 are vulnerable.

32. Libra File Manager 'fileadmin.php' Local File Include Vulnerability
BugTraq ID: 31403
Remote: Yes
Last Updated: 2009-03-05
Relevant URL: http://www.securityfocus.com/bid/31403
Summary:
Libra File Manager is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.

An attacker can exploit this vulnerability using directory-traversal strings to view local files within the context of the webserver process. Information harvested may aid in further attacks.

Libra File Manager 2.0 and prior versions are available.

33. Libpng Library Uninitialized Pointer Arrays Memory Corruption Vulnerabilities
BugTraq ID: 33827
Remote: Yes
Last Updated: 2009-03-05
Relevant URL: http://www.securityfocus.com/bid/33827
Summary:
The 'libpng' library is prone to multiple memory-corruption vulnerabilities because it fails to properly initialize data structures.

Successful exploits may allow remote attackers to cause denial-of-service conditions or potentially execute arbitrary code on computers running the affected library.

These issues affect versions prior to 'libpng' 1.0.43 and 1.2.35.

34. Samhain SRP Authentication Bypass Vulnerability
BugTraq ID: 34003
Remote: Yes
Last Updated: 2009-03-05
Relevant URL: http://www.securityfocus.com/bid/34003
Summary:
Samhain is prone to a vulnerability that allows an attacker to bypass authentication and gain unauthorized access to the affected application.

Attackers may exploit this issue to connect to the vulnerable application without proper authentication. This may lead to a compromise of the affected application or aid in further attacks.

Versions prior to Samhain 2.5.4 are vulnerable.

35. TYPO3 Flat Manager Unspecified SQL Injection Vulnerability
BugTraq ID: 33998
Remote: Yes
Last Updated: 2009-03-05
Relevant URL: http://www.securityfocus.com/bid/33998
Summary:
TYPO3 Flat Manager ('flatmgr') extension is prone to an unspecified SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

This issue affects Flat Manager 1.9.15 and prior versions.

36. TYPO3 Accessibility Glossary Extension Unspecified SQL Injection Vulnerability
BugTraq ID: 33997
Remote: Yes
Last Updated: 2009-03-05
Relevant URL: http://www.securityfocus.com/bid/33997
Summary:
TYPO3 Accessibility Glossary ('a21glossary') extension is prone to an unspecified SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

This issue affects Accessibility Glossary 0.4.10 and prior versions.

37. TYPO3 Calendar Base Search Parameters Unspecified Cross Site Scripting Vulnerability
BugTraq ID: 33996
Remote: Yes
Last Updated: 2009-03-05
Relevant URL: http://www.securityfocus.com/bid/33996
Summary:
Calendar Base for TYPO3 is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.

Versions prior to Calendar Base 1.1.1 are vulnerable.

38. WikyBlog Arbitrary File Upload Vulnerability
BugTraq ID: 33964
Remote: Yes
Last Updated: 2009-03-04
Relevant URL: http://www.securityfocus.com/bid/33964
Summary:
WikyBlog is prone to a vulnerability that lets attackers upload arbitrary files. The issue occurs because the software fails to adequately sanitize user-supplied input.

An attacker can exploit this vulnerability to upload arbitrary code and execute it in the context of the webserver process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible.

WikyBlog 1.7.1 is vulnerable; other versions may also be affected.

39. NovaBoard HTML Injection and Cross-Site Scripting Vulnerabilities
BugTraq ID: 33968
Remote: Yes
Last Updated: 2009-03-04
Relevant URL: http://www.securityfocus.com/bid/33968
Summary:
NovaBoard is prone to an HTML-injection vulnerability and a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.

An attacker may leverage the issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials, control how the site is rendered to the user, or launch other attacks.

NovaBoard 1.0.1 is vulnerable; other versions may also be affected.

40. RitsBlog SQL Injection and HTML Injection Vulnerabilities
BugTraq ID: 33959
Remote: Yes
Last Updated: 2009-03-04
Relevant URL: http://www.securityfocus.com/bid/33959
Summary:
RitsBlog is prone to multiple HTML-injection vulnerabilities and an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied input.

An attacker may leverage the HTML-injection issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials, control how the site is viewed, and launch other attacks.

The attacker may exploit the SQL-injection issue to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

RitsBlog 0.4.2 is vulnerable; other versions may also be affected.

41. Venalsur Booking Centre SQL Injection and Cross Site Scripting Vulnerabilities
BugTraq ID: 31990
Remote: Yes
Last Updated: 2009-03-04
Relevant URL: http://www.securityfocus.com/bid/31990
Summary:
Venalsur Booking Centre is prone to an SQL-injection vulnerability and a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.

Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

42. Little CMS Buffer Overflow and Integer Signedness Vulnerabilities
BugTraq ID: 32708
Remote: Yes
Last Updated: 2009-03-04
Relevant URL: http://www.securityfocus.com/bid/32708
Summary:
Little CMS is prone to a buffer-overflow vulnerability because it fails to perform adequate checks on user-supplied input. The application is also prone to an integer-signedness issue.

Attackers may leverage one of these issues to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.

The buffer-overflow issue affects all versions prior to Little CMS 1.16. The integer-signedness affects all versions prior to 1.17.

43. Red Hat SBLIM Insecure Library Path Local Privilege Escalation Vulnerability
BugTraq ID: 29913
Remote: No
Last Updated: 2009-03-04
Relevant URL: http://www.securityfocus.com/bid/29913
Summary:
Red Hat Linux SBLIM packages are prone to a local privilege-escalation vulnerability because they were built with insecure library search paths.

Exploiting this issue allows local attackers to execute arbitrary code with the privileges of the user running the affected application.

SBLIM packages built and shipped with the following versions of Red Hat are affected:

Red Hat Enterprise Linux Workstation 5
Red Hat Desktop 4
Red Hat Enterprise Linux 5 server
Red Hat Enterprise Linux AS 4
Red Hat Enterprise Linux Desktop 5 client
Red Hat Enterprise Linux ES 4
Red Hat Enterprise Linux WS 4

44. Ruby Multiple Libraries SSL Multiple Insecure Certificate Validation Weaknesses
BugTraq ID: 26421
Remote: Yes
Last Updated: 2009-03-04
Relevant URL: http://www.securityfocus.com/bid/26421
Summary:
Ruby is prone to multiple weaknesses related to its validation of certificates. The problem is that multiple libraries fail to properly perform validity checks on X.509 certificates.

Successfully exploiting these issues may allow attackers to perform man-in-the-middle attacks against applications that insecurely use an affected library. Other attacks may also be possible.

NOTE: These issues are related to a weakness covered by BID 25847 (Ruby Net::HTTP SSL Insecure Certificate Validation Weakness).

45. Blogsa 'Widgets.aspx' Cross Site Scripting Vulnerability
BugTraq ID: 33957
Remote: Yes
Last Updated: 2009-03-04
Relevant URL: http://www.securityfocus.com/bid/33957
Summary:
Blogsa is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

Blogsa 1.0 Beta 3 is vulnerable; other versions may also be affected.

46. Red Hat Certificate System Multiple Local Information Disclosure Vulnerabilities
BugTraq ID: 33288
Remote: No
Last Updated: 2009-03-04
Relevant URL: http://www.securityfocus.com/bid/33288
Summary:
Red Hat Certificate System is prone to multiple information-disclosure vulnerabilities because it stores authentication credentials in an insecure manner.

An unprivileged local attacker may exploit these issues to obtain sensitive information that can aid in further attacks.

47. Red Hat Certificate System rhpki-common Security Bypass Weakness
BugTraq ID: 30062
Remote: Yes
Last Updated: 2009-03-04
Relevant URL: http://www.securityfocus.com/bid/30062
Summary:
Red Hat Certificate System (RHCS) is prone to a security-bypass weakness because of a flaw in 'rhpki-common' (Red Hat PKI Common Framework) when handling certificate signing requests (CSR). Attackers can leverage this flaw to bypass security policies.

Successful exploits will aid in man-in-the-middle attacks against users that trust RHCS-managed Certificate Authorities.

48. Multiple Cisco ACE Products Multiple Remote Vulnerabilities
BugTraq ID: 33900
Remote: Yes
Last Updated: 2009-03-04
Relevant URL: http://www.securityfocus.com/bid/33900
Summary:
Cisco ACE Application Control Engine Module and Cisco ACE 4710 Application Control Engine are prone to multiple remote vulnerabilities:

- Multiple authentication-bypass issues
- A remote privilege-escalation issue
- Multiple denial-of-service issues

Attackers can exploit these issues to execute arbitrary commands, gain administrative access, and cause denial-of-service conditions. Other attacks are also possible.

49. AREVA e-terrahabitat Multiple Security Vulnerabilities
BugTraq ID: 33637
Remote: Yes
Last Updated: 2009-03-04
Relevant URL: http://www.securityfocus.com/bid/33637
Summary:
AREVA e-terrahabitat is prone to the following vulnerabilities:

1. A buffer-overflow vulnerability affects the MLF application.

2. Two denial-of-service vulnerabilities affect the WebFGServer application.

3. A denial-of-service vulnerability affects the NETIO application.

4. A privilege-escalation vulnerability affects the WebFGServer application.

AREVA e-terrahabitat 5.7 and prior versions are vulnerable.

50. Mole Group Airline Ticket Script 'info.php' SQL Injection Vulnerability
BugTraq ID: 32138
Remote: Yes
Last Updated: 2009-03-04
Relevant URL: http://www.securityfocus.com/bid/32138
Summary:
Mole Group Airline Ticket Script is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

51. TPTEST 'pwd' Remote Stack Buffer Overflow Vulnerability
BugTraq ID: 33785
Remote: Yes
Last Updated: 2009-03-04
Relevant URL: http://www.securityfocus.com/bid/33785
Summary:
TPTEST is prone to a remote stack-based buffer-overflow vulnerability.

An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.

TPTEST 3.1.7 is vulnerable; other versions may also be affected.

52. Libpng Library Unknown Chunk Handler Vulnerability
BugTraq ID: 28770
Remote: Yes
Last Updated: 2009-03-04
Relevant URL: http://www.securityfocus.com/bid/28770
Summary:
The 'libpng' library is prone to a vulnerability that causes denial-of-service conditions or may allow code to run. The issue occurs because the software fails to properly handle unexpected chunk data in PNG files.

Successfully exploiting this issue allows remote attackers to trigger denial-of-service conditions or to possibly execute arbitrary machine code in the context of applications that use the library.

The following versions are affected:

libpng 1.0.6 through 1.0.32
libpng 1.2.0 through 1.2.26
libpng 1.4.0beta01 through 1.4.0beta19

53. Multiple Laptop Face Recognition Authentication Bypass Vulnerability
BugTraq ID: 32700
Remote: No
Last Updated: 2009-03-04
Relevant URL: http://www.securityfocus.com/bid/32700
Summary:
Face-recognition applications for multiple laptops are prone to an authentication-bypass vulnerability.

An attacker can exploit this issue to gain unauthorized access to the affected device.

This issue affects the following face-recognition applications:

Lenovo Veriface III
Asus SmartLogon 1.0.0005
Toshiba Face Recognition 2.0.2.32

54. Wireshark 1.0.4 SMTP Denial of Service Vulnerability
BugTraq ID: 32422
Remote: Yes
Last Updated: 2009-03-04
Relevant URL: http://www.securityfocus.com/bid/32422
Summary:
Wireshark is prone to a denial-of-service vulnerability.

Exploiting this issue may allow attackers to cause the application to hang, which may aid in other attacks.

This issue affects Wireshark 1.0.4; other versions may also be vulnerable.

55. Wireshark 1.0.5 Multiple Denial Of Service Vulnerabilities
BugTraq ID: 33690
Remote: Yes
Last Updated: 2009-03-04
Relevant URL: http://www.securityfocus.com/bid/33690
Summary:
Wireshark is prone to multiple denial-of-service vulnerabilities.

Exploiting these issues may allow attackers to crash the application, denying service to legitimate users. Attackers may be able to leverage some of these vulnerabilities to execute arbitrary code, but this has not been confirmed.

These issues affect Wireshark 0.99.6 through 1.0.5.

56. Wireshark 1.0.3 Multiple Denial Of Service Vulnerabilities
BugTraq ID: 31838
Remote: Yes
Last Updated: 2009-03-04
Relevant URL: http://www.securityfocus.com/bid/31838
Summary:
Wireshark is prone to multiple denial-of-service vulnerabilities.

Exploiting these issue may allow attackers to crash the application or cause the application to crash, denying service to legitimate users. Attackers may be able to leverage some of these vulnerabilities to execute arbitrary code, but this has not been confirmed.

These issues affect Wireshark 0.10.3 up to and including 1.0.3.

57. Multiple China-on-site.com Products Username and Password SQL Injection Vulnerabilities
BugTraq ID: 32810
Remote: Yes
Last Updated: 2009-03-04
Relevant URL: http://www.securityfocus.com/bid/32810
Summary:
Multiple China-on-site.com Products are prone to multiple SQL-injection vulnerabilities because they fail to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

The following products are affected; other versions may also be affected:

FlexPHPNews 0.0.6
FlexPHPNews Pro 0.0.6
FlexPHPDirectory 0.0.1
FlexPHPSite 0.0.1
FlexPHPLink Pro 0.0.7
Flexcustomer 0.0.6
FlexPHPic 0.0.4
FlexPHPic Pro 0.0.3

58. access2asp 'default_Image.asp' Arbitrary File Upload Vulnerability
BugTraq ID: 33956
Remote: Yes
Last Updated: 2009-03-04
Relevant URL: http://www.securityfocus.com/bid/33956
Summary:
The 'access2asp' tool is prone to a vulnerability that lets attackers upload arbitrary files. The issue occurs because the software fails to adequately sanitize user-supplied input.

This issue affects access2asp 4.6; other versions may also be affected.

59. Graugon PHP Article Publisher SQL Injection and Cookie Authentication Bypass Vulnerabilities
BugTraq ID: 33952
Remote: Yes
Last Updated: 2009-03-04
Relevant URL: http://www.securityfocus.com/bid/33952
Summary:
Graugon PHP Article Publisher is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. The application is also prone to an authentication-bypass vulnerability because it fails to adequately verify user-supplied input used for cookie-based authentication.

Exploiting the SQL-injection issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. The attacker can leverage the authentication-bypass vulnerability to gain administrative access to the affected application.

Graugon PHP Article Publisher 1.0 is vulnerable; other versions may also be affected.

60. Cisco Session Border Controller (SBC) Remote Denial Of Service Vulnerability
BugTraq ID: 33975
Remote: Yes
Last Updated: 2009-03-04
Relevant URL: http://www.securityfocus.com/bid/33975
Summary:
Cisco Session Border Controller (SBC) is prone to a remote denial-of-service vulnerability when handling specially crafted TCP packets.

A remote attacker may exploit this issue to cause the affected device to reload. Repeated attacks can result in a denial-of-service condition.

This issue is documented in Cisco Bug ID CSCsq18958.

Versions prior to Cisco SBC software 3.0(2) are vulnerable. This issue affects SBC for Cisco 7600 series routers.

61. 3Com Switch 4500G SFTP Authentication Bypass Vulnerability
BugTraq ID: 33974
Remote: Yes
Last Updated: 2009-03-04
Relevant URL: http://www.securityfocus.com/bid/33974
Summary:
3Com Switch 4500G is prone to an unspecified authentication-bypass vulnerability affecting SFTP users.

Very few technical details are currently available. We will update this BID as more information emerges.

3Com Switch 4500G versions prior to s3q05_02_00s56(s168) are vulnerable.

62. PHP 'popen()' Function Buffer Overflow Vulnerability
BugTraq ID: 33216
Remote: Yes
Last Updated: 2009-03-04
Relevant URL: http://www.securityfocus.com/bid/33216
Summary:
PHP is prone to a buffer-overflow vulnerability because it fails to perform boundary checks before copying user-supplied data to insufficiently sized memory buffers.

PHP 5.2.8 and prior versions are vulnerable.

Update (Mar.4, 2009): Further reports indicate this issue may not be exploitable as described. This BID will be updated pending further investigation.

63. cURL/libcURL HTTP 'Location:' Redirect Security Bypass Vulnerability
BugTraq ID: 33962
Remote: Yes
Last Updated: 2009-03-04
Relevant URL: http://www.securityfocus.com/bid/33962
Summary:
cURL/libcURL is prone to a security-bypass vulnerability.

Remote attackers can exploit this issue to bypass certain security restrictions and carry out various attacks.

This issue affects cURL/libcURL 5.11 through 7.19.3. Other versions may also be vulnerable.

64. EFS Software Easy Chat Server Authentication Request Handling Remote Buffer Overflow Vulnerability
BugTraq ID: 25328
Remote: Yes
Last Updated: 2009-03-04
Relevant URL: http://www.securityfocus.com/bid/25328
Summary:
Easy Chat Server is prone to a remote buffer-overflow vulnerability.

Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.

Easy Chat Server 2.2 is reported vulnerable; other versions may also be affected.

65. VUPlayer '.CUE' File Buffer Overflow Vulnerability
BugTraq ID: 33960
Remote: Yes
Last Updated: 2009-03-04
Relevant URL: http://www.securityfocus.com/bid/33960
Summary:
VUPlayer is prone to a buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied input.

Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.

VUPlayer 2.49 is vulnerable; other versions may also be affected.

66. Microsoft Internet Explorer Uninitialized Memory Remote Code Execution Vulnerability
BugTraq ID: 33627
Remote: Yes
Last Updated: 2009-03-04
Relevant URL: http://www.securityfocus.com/bid/33627
Summary:
Microsoft Internet Explorer is prone to a remote code-execution vulnerability.

Attackers can exploit this issue to execute arbitrary code in the context of the user running the application. Successful exploits will compromise the application and possibly the underlying computer. Failed attacks will cause denial-of-service conditions.

67. Samba Arbitrary Memory Contents Information Disclosure Vulnerability
BugTraq ID: 32494
Remote: Yes
Last Updated: 2009-03-04
Relevant URL: http://www.securityfocus.com/bid/32494
Summary:
Samba is prone to an information-disclosure vulnerability.

Successful exploits will allow attackers to obtain arbitrary memory contents.

This issue affects Samba 3.0.29 through 3.2.4.

68. BlogMan Multiple Input Validation Vulnerabilities
BugTraq ID: 33950
Remote: Yes
Last Updated: 2009-03-04
Relevant URL: http://www.securityfocus.com/bid/33950
Summary:
BlogMan is prone to multiple input-validation vulnerabilities:

- Multiple SQL-injection vulnerabilities
- An authentication-bypass vulnerability

A successful exploit may allow an attacker to compromise the application, gain unauthorized access to the affected application, access or modify data, or exploit latent vulnerabilities in the underlying database.

BlogMan 0.45 is vulnerable; other versions may also be affected.

69. NovaStor NovaNET 'DtbClsLogin()' Remote Stack Buffer Overflow Vulnerability
BugTraq ID: 33954
Remote: Yes
Last Updated: 2009-03-04
Relevant URL: http://www.securityfocus.com/bid/33954
Summary:
NovaStor NovaNET is prone to a stack-based buffer-overflow vulnerability because it fails to adequately bounds-check user-supplied data before copying it to an insufficiently sized buffer.

Attackers can exploit this issue to execute arbitrary code within the context of the affected application or cause a denial-of-service condition.

NovaNET 12 is vulnerable; other versions may also be affected.

70. Joomla! and Mambo DigiStore Component 'pid' Parameter SQL Injection Vulnerability
BugTraq ID: 33953
Remote: Yes
Last Updated: 2009-03-04
Relevant URL: http://www.securityfocus.com/bid/33953
Summary:
Joomla! and Mambo DigiStore component is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

71. RavenNuke Multiple Input Validation Vulnerabilities
BugTraq ID: 33787
Remote: Yes
Last Updated: 2009-03-04
Relevant URL: http://www.securityfocus.com/bid/33787
Summary:
RavenNuke is prone to the following input-validation vulnerabilities:

- Multiple remote code-execution vulnerabilities
- An SQL-injection vulnerability
- Multiple cross-site scripting vulnerabilities

An attacker can exploit these issues to execute arbitrary code within the context of the webserver, steal cookie-based authentication credentials, compromise the application, access or modify data, exploit latent vulnerabilities in the underlying database, or obtain sensitive information. Other attacks are also possible.

Versions prior to RavenNuke 2.30.01 are vulnerable.

72. eog 'PySys_SetArgv' Remote Command Execution Vulnerability
BugTraq ID: 33443
Remote: Yes
Last Updated: 2009-03-04
Relevant URL: http://www.securityfocus.com/bid/33443
Summary:
The 'eog' (Eye of GNOME) program is prone to a remote command-execution vulnerability.

An attacker could exploit this issue by enticing an unsuspecting victim to execute the vulnerable application in a directory containing a malicious Python file. A successful exploit will allow arbitrary Python commands to run with the privileges of the currently logged-in user.

73. MediaWiki 'config/index.php' Multiple Cross Site Scripting Vulnerabilities
BugTraq ID: 33681
Remote: Yes
Last Updated: 2009-03-04
Relevant URL: http://www.securityfocus.com/bid/33681
Summary:
MediaWiki is prone to multiple cross site scripting vulnerabilities because the application fails to sufficiently sanitize user-supplied data.

Attacker-supplied HTML or JavaScript code could run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials; other attacks are also possible.

Versions prior to MediaWiki 1.13.3, 1.12.1, and 1.6.11 are vulnerable.

74. PHP 5.2.8 and Prior Versions Multiple Vulnerabilities
BugTraq ID: 33927
Remote: Yes
Last Updated: 2009-03-04
Relevant URL: http://www.securityfocus.com/bid/33927
Summary:
PHP is prone to multiple security vulnerabilities. Successful exploits could allow an attacker to cause a denial-of-service condition. An unspecified issue with an unknown impact was also reported.

These issues affect PHP 5.2.8 and prior versions.

75. PHP 'imageRotate()' Uninitialized Memory Information Disclosure Vulnerability
BugTraq ID: 33002
Remote: Yes
Last Updated: 2009-03-04
Relevant URL: http://www.securityfocus.com/bid/33002
Summary:
PHP is prone to an information-disclosure vulnerability.

Attackers can exploit this issue to obtain sensitive information that may lead to further attacks.

PHP 5.2.8 and prior versions are vulnerable.

76. EFS Software Easy Chat Server 'registresult.htm' Authentication Bypass Vulnerability
BugTraq ID: 33967
Remote: Yes
Last Updated: 2009-03-04
Relevant URL: http://www.securityfocus.com/bid/33967
Summary:
EFS Software Easy Chat Server is prone to an authentication-bypass vulnerability because it fails to perform adequate authentication checks.

Attackers can exploit this vulnerability to gain unauthorized access to the affected application, which may aid in further attacks.

Easy Chat Server 2.2 is vulnerable; other versions may also be affected.

77. KwsPHP Eskuel Module Arbitrary File Upload Vulnerability
BugTraq ID: 28788
Remote: Yes
Last Updated: 2009-03-04
Relevant URL: http://www.securityfocus.com/bid/28788
Summary:
The Eskuel module for KwsPHP is prone to a vulnerability that lets remote attackers upload and execute arbitrary code because the application fails to sanitize user-supplied input.

An attacker can leverage this issue to execute arbitrary code on an affected computer with the privileges of the webserver process.

Note that to exploit this issue, the attacker may require valid login credentials.

This issue affects KwsPHP 1.3.456; prior versions may also be affected.

78. Xomol CMS 'index.php' SQL Injection Vulnerability
BugTraq ID: 29358
Remote: Yes
Last Updated: 2009-03-04
Relevant URL: http://www.securityfocus.com/bid/29358
Summary:
Xomol CMS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Xomol CMS 1 is vulnerable; other versions may also be affected.

79. ZABBIX 'locales.php' Local File Include and Remote Code Execution Vulnerability
BugTraq ID: 33965
Remote: Yes
Last Updated: 2009-03-04
Relevant URL: http://www.securityfocus.com/bid/33965
Summary:
ZABBIX is prone to a local-file include vulnerability and a remote code-execution vulnerability that occurs in the front end web interface.

Attackers can exploit these issues to execute arbitrary code within the context of the webserver or gain access to sensitive information. Other attacks are also possible.

ZABBIX 1.6.2 is vulnerable; prior versions may also be affected.

80. Sun Management Center Performance Reporting Module Cross Site Scripting Vulnerability
BugTraq ID: 33999
Remote: Yes
Last Updated: 2009-03-04
Relevant URL: http://www.securityfocus.com/bid/33999
Summary:
Sun Management Center Performance Reporting module is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.

81. phpBB 'ucp.php' Cross Site Scripting Vulnerability
BugTraq ID: 33995
Remote: Yes
Last Updated: 2009-03-04
Relevant URL: http://www.securityfocus.com/bid/33995
Summary:
phpBB is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.

phpBB 3.x versions are vulnerable; other versions may also be affected.

82. JProfile Gold 'index.php' SQL Injection Vulnerability
BugTraq ID: 33986
Remote: Yes
Last Updated: 2009-03-04
Relevant URL: http://www.securityfocus.com/bid/33986
Summary:
JProfile Gold is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

83. Arno's IPTables Firewall Script Restart Security Bypass Vulnerability
BugTraq ID: 33981
Remote: Yes
Last Updated: 2009-03-04
Relevant URL: http://www.securityfocus.com/bid/33981
Summary:
Arno's IPTables Firewall Script is prone to a security-bypass vulnerability because it fails to properly restrict network traffic following a restart of the application.

An attacker can exploit this issue to bypass intended security restrictions and send network packets to an affected computer.

Versions prior to Arno's IPTables Firewall Script 1.9.0b are vulnerable.

84. BlindBlog Multiple Local File Include and SQL Injection Vulnerabilities
BugTraq ID: 33980
Remote: Yes
Last Updated: 2009-03-04
Relevant URL: http://www.securityfocus.com/bid/33980
Summary:
BlindBlog is prone to a local file-include vulnerability and multiple SQL-injection vulnerabilities because it fails to properly sanitize user-supplied input.

An attacker can exploit the local file-include vulnerability using directory-traversal strings to view and execute arbitrary local files within the context of the webserver process. Information harvested may aid in further attacks.

The attacker can exploit the SQL-injection vulnerabilities to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

BlindBlog 1.3.1 is vulnerable; other versions may also be affected.

85. Easy Web Password '.ewp' File Buffer Overflow Vulnerability
BugTraq ID: 33979
Remote: No
Last Updated: 2009-03-04
Relevant URL: http://www.securityfocus.com/bid/33979
Summary:
Easy Web Password is prone to a buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied input.

Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.

Easy Web Password 1.2 is vulnerable; other versions may also be affected.

86. Webformatique Car Manager Joomla! Component 'ItemID' Parameter SQL Injection Vulnerability
BugTraq ID: 33978
Remote: Yes
Last Updated: 2009-03-04
Relevant URL: http://www.securityfocus.com/bid/33978
Summary:
The Webformatique Car Manager component for Joomla! and Mambo is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Car Manager 2.1.0 is vulnerable; other versions may also be affected.

87. Webformatique Reservation Manager Joomla! Component 'ItemID' Parameter SQL Injection Vulnerability
BugTraq ID: 33976
Remote: Yes
Last Updated: 2009-03-04
Relevant URL: http://www.securityfocus.com/bid/33976
Summary:
The Webformatique Reservation Manager component for Joomla! and Mambo is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

88. Easy File Sharing Web Server 'thumbnail.php' File Disclosure Vulnerability
BugTraq ID: 33973
Remote: Yes
Last Updated: 2009-03-04
Relevant URL: http://www.securityfocus.com/bid/33973
Summary:
Easy File Sharing Web Server is prone to a vulnerability that lets attackers obtain potentially sensitive information because it fails to properly sanitize user-supplied input.

An attacker can exploit this issue to download arbitrary files with the privileges of the webserver process. Information obtained may aid in further attacks.

Easy File Sharing Web Server 4.8 is vulnerable; other versions may also be affected.

89. Multiple HTTP Proxy HTTP Host Header Incorrect Relay Behavior Vulnerability
BugTraq ID: 33858
Remote: Yes
Last Updated: 2009-03-03
Relevant URL: http://www.securityfocus.com/bid/33858
Summary:
Multiple HTTP proxy implementations are prone to an information-disclosure vulnerability related to the interpretation of the 'Host' HTTP header. Specifically, this issue occurs when the proxy makes a forwarding decision based on the 'Host' HTTP header instead of the destination IP address.

Attackers may exploit this issue to obtain sensitive information such as internal intranet webpages. Additional attacks may also be possible.

The following products are vulnerable; additional applications or devices may also be affected:

Ziproxy 2.6.0
Smoothwall SmoothGuardian
QBIK WinGate 6.5.2
Squid 2.7 and 3.0

90. Mozilla Firefox Nested 'window.print()' Denial of Service Vulnerability
BugTraq ID: 33969
Remote: Yes
Last Updated: 2009-03-03
Relevant URL: http://www.securityfocus.com/bid/33969
Summary:
Mozilla Firefox is prone to a remote denial-of-service vulnerability.

Successful exploits can allow attackers to crash the affected browser, resulting in denial-of-service conditions.

Firefox 2.0.0.20 is vulnerable; other versions may also be affected.

91. Harlandscripts Pro Traffic One 'id' Parameter SQL Injection Vulnerability
BugTraq ID: 31994
Remote: Yes
Last Updated: 2009-03-03
Relevant URL: http://www.securityfocus.com/bid/31994
Summary:
Harlandscripts Pro Traffic One is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data.

A successful exploit may allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

92. GForge Multiple SQL Injection Vulnerabilities
BugTraq ID: 31674
Remote: Yes
Last Updated: 2009-03-03
Relevant URL: http://www.securityfocus.com/bid/31674
Summary:
GForge is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied input before using it in an SQL query.

Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

GForge 4.5.19 and 4.6 b1 are vulnerable; other versions may also be affected.

93. Yaws Multiple Header Request Denial of Service Vulnerability
BugTraq ID: 33834
Remote: Yes
Last Updated: 2009-03-03
Relevant URL: http://www.securityfocus.com/bid/33834
Summary:
Yaws is prone to a remote denial-of-service vulnerability because it fails to handle infinite header requests.

Successfully exploiting this issue will allow attackers to cause the affected application to consume memory, eventually denying service to legitimate users.

Versions prior to Yaws 1.80 are vulnerable.

94. Squid Web Proxy Cache HTTP Version Number Parsing Denial of Service Vulnerability
BugTraq ID: 33604
Remote: Yes
Last Updated: 2009-03-03
Relevant URL: http://www.securityfocus.com/bid/33604
Summary:
Squid is prone to a remote denial-of-service vulnerability because the proxy server fails to handle certain HTTP requests.

Successfully exploiting this issue allows remote attackers to crash the affected application, denying further service to legitimate users.

This issue affects versions prior to Squid 2.7.STABLE5, Squid 3.0.STABLE12, and Squid 3.1.0.4.

95. Ubuntu network-manager-applet Permission Enforcement Multiple Local Vulnrabilities
BugTraq ID: 33966
Remote: No
Last Updated: 2009-03-03
Relevant URL: http://www.securityfocus.com/bid/33966
Summary:
The 'network-manager-applet' package is prone to multiple local vulnerabilities because the software fails to properly enforce permissions.

Local attackers can exploit these issue to perform dbus queries to view network connection passwords and pre-shared keys and to modify or delete network connections. Other attacks may also be possible.

96. Orbit Downloader 'Connecting' Log Message Creation Remote Buffer Overflow Vulnerability
BugTraq ID: 33894
Remote: Yes
Last Updated: 2009-03-03
Relevant URL: http://www.securityfocus.com/bid/33894
Summary:
Orbit Downloader is prone to a remote buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data.

An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the application. Failed exploit attempts will cause a denial-of-service condition.

This issue affects versions prior to Orbit Downloader 2.8.5.

97. libsndfile CAF Processing Buffer Overflow Vulnerability
BugTraq ID: 33963
Remote: Yes
Last Updated: 2009-03-03
Relevant URL: http://www.securityfocus.com/bid/33963
Summary:
The 'libsndfile' library is prone to a heap-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data.

Attackers can exploit this issue to execute arbitrary code in the context of an application using the library. This can compromise the affected application and possibly the underlying computer. Failed attacks will likely cause denial-of-service conditions.

This issue affects libsndfile 1.0.18; previous versions may also be vulnerable.

98. ClearBudget Invalid '.htaccess' Unauthorized Access Vulnerability
BugTraq ID: 33643
Remote: Yes
Last Updated: 2009-03-03
Relevant URL: http://www.securityfocus.com/bid/33643
Summary:
ClearBudget is prone to an unauthorized-access vulnerability because it fails to properly restrict access to certain directories.

An attacker can exploit this vulnerability to gain access to database contents. Information harvested can lead to further attacks.

ClearBudget 0.6.1 is vulnerable; other versions may also be affected.

99. University of Washington IMAP 'tmail' and 'dmail' Local Buffer Overflow Vulnerabilities
BugTraq ID: 32072
Remote: No
Last Updated: 2009-03-03
Relevant URL: http://www.securityfocus.com/bid/32072
Summary:
University of Washington IMAP 'tmail' and 'dmail' are prone to local buffer-overflow vulnerabilities because they fail to perform adequate boundary checks on user-supplied data.

The attacker can exploit this issue to execute arbitrary code within the context of the vulnerable application, possibly resulting in elevated privileges. Since 'tmail' is installed setuid root by default, this may result in a complete compromise of the vulnerable computer.

The following applications are vulnerable:

University of Washington imap-2007c and earlier
University of Washington Alpine 2.00
Panda Programming imap

100. Adobe Acrobat and Reader PDF File Handling JBIG2 Image Remote Code Execution Vulnerability
BugTraq ID: 33751
Remote: Yes
Last Updated: 2009-03-03
Relevant URL: http://www.securityfocus.com/bid/33751
Summary:
Adobe Acrobat and Reader are prone to a remote code-execution vulnerability.

An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the application or crash the application, denying service to legitimate users.

The issue affects Reader and Acrobat 9, 8.1.3 and prior, and 7.

UPDATE (February 24, 2009): Further reports suggest that this issue affects the vulnerable applications running on Apple Mac OS X and various Linux-based operating systems.

III. SECURITYFOCUS NEWS ARTICLES
--------------------------------
1. Advisor: U.S. needs policy to defend cyberspace
By: Robert Lemos
An Obama transition-team member argues that any future cyber policy needs to deal with the role of the intelligence community, the militarization of cyberspace and designating a lead disaster agency.
http://www.securityfocus.com/news/11547

2. Cabal forms to fight Conficker, offers bounty
By: Robert Lemos
Microsoft offers $250,000 for information leading to the arrest of the author and, along with security firms and Internet service providers, pledges to work to prevent the prolific worm from spreading further.
http://www.securityfocus.com/news/11546

3. Group releases list to kill most-dangerous bugs
By: Robert Lemos
Software makers, security vendors, and government agencies team up to create a list of the 25 most severe software issues, aiming to get developers to stop making mistakes.
http://www.securityfocus.com/news/11542

4. Group attacks flaw in browser crypto security
By: Robert Lemos
A group of researchers warns browser makers and certificate authorities to drop support for MD5 digital signatures, after successfully creating a fake, but valid, certificate.
http://www.securityfocus.com/news/11541

IV. SECURITY JOBS LIST SUMMARY
-------------------------------
V. INCIDENTS LIST SUMMARY
---------------------------
VI. VULN-DEV RESEARCH LIST SUMMARY
-----------------------------------
VII. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. SecurityFocus Microsoft Newsletter #433
http://www.securityfocus.com/archive/88/501284

VIII. SUN FOCUS LIST SUMMARY
----------------------------
IX. LINUX FOCUS LIST SUMMARY
----------------------------
X. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to sf-news-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.

XI. SPONSOR INFORMATION
------------------------
This issue is sponsored by Qualys

http://dinclinx.com/Redirect.aspx?36;4164;35;189;0;6;259;456696438e431ea1

News

Thursday, March 05, 2009

SecurityFocus Newsletter #493

No comments:

WINDOWS CENTER

Blog Archive