News

Wednesday, March 18, 2009

SecurityFocus Newsletter #495

SecurityFocus Newsletter #495
----------------------------------------

This issue is sponsored by Tripwire

Configuration Assessment: Choosing the Right Solution
Configuration assessment lets businesses proactively secure their IT infrastructure and achieve compliance with important industry standards and regulations. Learn why configuration assessment is so important, why organizations find it difficult to control system configurations, and what types of configuration assessment solutions are available.

http://dinclinx.com/Redirect.aspx?36;3065;32;189;0;3;259;458f725ab218caf9


SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1. Contracting For Secure Code
2. Free Market Filtering
II. BUGTRAQ SUMMARY
1. Chasys Media Player Playlist File Remote Buffer Overflow Vulnerability
2. Umbraco CMS Administrative Pages Unauthorized Access Vulnerability
3. Sun xVM VirtualBox Local Privilege Escalation Vulnerability
4. Serv-U 'SMNT' Command Remote Denial of Service Vulnerabilities
5. Serv-U FTP Server 'MKD' Command Directory Traversal Vulnerability
6. Multiple VNC Clients Multiple Integer Overflow Vulnerabilities
7. VLC Media Player Web Interface 'input' Parameter Remote Buffer Overflow Vulnerability
8. Rosoft Media Player 'rml' File Buffer Overflow Vulnerability
9. libxml2 'xmlBufferResize()' Remote Denial of Service Vulnerability
10. libxml2 'xmlSAX2Characters()' Integer Overflow Vulnerability
11. Google Chrome Single Thread Alert Out of Bounds Memory Access Vulnerability
12. Mozilla Firefox 'designMode' Null Pointer Dereference Denial of Service Vulnerability
13. Access Analyzer CGI Unspecified Cross Site Scripting Vulnerability
14. OpenCart 'order' Parameter SQL Injection Vulnerability
15. Rapid Leech Upload Function Multiple Remote Input Validation Vulnerabilities
16. Libpng Library Uninitialized Pointer Arrays Memory Corruption Vulnerabilities
17. ModSecurity Multiple Remote Denial of Service Vulnerabilities
18. PDFjam Multiple Insecure Temporary File Creation Vulnerabilities
19. Cryptographp 'index.php' Local File Include Vulnerability
20. libsndfile CAF Processing Buffer Overflow Vulnerability
21. BLOG:CMS Unspecified Cross Site Scripting Vulnerability
22. Multiple EditeurScripts Products 'msg' Parameter Cross Site Scripting Vulnerability
23. PTK Arbitrary Command Execution and Cross Site Scripting Vulnerabilities
24. Bricolage Unspecified SQL Injection Vulnerability
25. Dagger 'skins/default.php' Remote File Include Vulnerability
26. Multiple Vendor OpenSSL 'DSA_verify' Function Signature Verification Vulnerability
27. Adobe Acrobat and Reader 8.1.2 Multiple Security Vulnerabilities
28. Autonomy KeyView Module 'wp6sr.dll' Buffer Overflow Vulnerability
29. Adobe Acrobat Reader Unspecified Remote Denial Of Service Vulnerability
30. Adobe Acrobat and Reader PDF File Handling JBIG2 Image Remote Code Execution Vulnerability
31. CDex 'ogg' File Buffer Overflow Vulnerability
32. Sitecore CMS Security Databases Information Disclosure Vulnerability
33. system-config-printer Package Romanian Translation Insecure Configuration Weakness
34. Pivot 'refkey' Arbitrary File Deletion Vulnerability
35. AWStats 'awstats.pl' Multiple Path Disclosure Vulnerability
36. WeeChat IRC Message Remote Denial Of Service Vulnerability
37. JustSystems Ichitaro Unspecified Code Execution Vulnerability
38. OpenTTD Multiple Buffer Overflow Vulnerabilities
39. phpMyRealty Multiple SQL Injection Vulnerabilities
40. Mega File Hosting Script 'cross.php' Remote File Include Vulnerability
41. IETF RFC 3279 X.509 Certificate MD5 Signature Collision Vulnerability
42. MTCMS WYSIWYG Editor 'install.cgi' Cross Site Scripting Vulnerability
43. libcdaudio 'cddb.c' Remote Heap Buffer Overflow Vulnerability
44. OpenSSL 'EVP_VerifyFinal' Function Signature Verification Vulnerability
45. F5 BIG-IP Web Management Interface 'NEW_VALUE' Parameter Remote Code Injection Vulnerability
46. Joomla! and Mambo myContent Component 'id' Parameter SQL Injection VulnerabilitY
47. IBM Rational AppScan Enterprise Exported Report Information Disclosure Vulnerability
48. Symantec pcAnywhere Local Format String Vulnerability
49. Sun Java Runtime Environment and Java Development Kit Multiple Security Vulnerabilities
50. Sun Java Web Start and Java Plug-in JAR File Privilege Escalation Vulnerability
51. Sun Java Web Start and Java Plug-in Multiple Privilege Escalation Vulnerabilities
52. GNOME glib Base64 Encoding and Decoding Multiple Integer Overflow Vulnerabilities
53. GNOME Evolution S/MIME Email Signature Verification Vulnerability
54. Evolution Data Server 'ntlm_challenge()' Memory Contents Information Disclosure Vulnerability
55. Tasklist Drupal Module Unspecified SQL Injection Vulnerability
56. Tasklist Drupal Module Multiple Unspecified Cross Site Scripting Vulnerabilities
57. Adobe Acrobat and Reader Unspecified JavaScript Method Remote Code Execution Vulnerability
58. Drupal Plus 1 Module Cross-Site Request Forgery Vulnerability
59. Icarus 'PGN' File Remote Stack Buffer Overflow Vulnerability
60. Social Site Generator Multiple Information Disclosure Vulnerabilities
61. TangoCMS 'listeners.php' Cross Site Scripting Vulnerability
62. BitDefender Internet Security 2009 File Name Cross Site Scripting Vulnerability
63. PHP Pro Bid 'includes/class_image.php' Remote File Include Vulnerability
64. GDL 'node' Parameter SQL Injection Vulnerability
65. Kipper Local File Include and Cross Site Scripting Vulnerabilities
66. PHPRunner 'SearchField' Parameter SQL Injection Vulnerability
67. cPanel Legacy File Manager File Name HTML Injection Vulnerability
68. Talkative IRC 'PRIVMSG' Buffer Overflow Vulnerability
69. Amarok 'audible.cpp' Audible File Multiple Integer Overflow and Memory Allocation Vulnerabilities
70. D-Bus 'send_requested_reply' and 'receive_requested_reply' Security Bypass Vulnerability
71. BlueZ SDP Payload Processing Multiple Buffer Overflow Vulnerabilities
72. GStreamer QuickTime Media File Parsing Multiple Buffer Overflow Vulnerabilities
73. WinAsm Studio '.wap' Project File Heap-Based Buffer Overflow Vulnerability
74. Gretech GOM Encoder '.srt' File Remote Buffer Overflow Vulnerability
75. phpComasy 'index.php' SQL Injection Vulnerability
76. Beerwin's PhpLinkAdmin Remote File Include and Multiple SQL Injection Vulnerabilities
77. WordPress fMoblog Plugin 'id' Parameter SQL Injection Vulnerability
78. MLdonkey HTTP Request Arbitrary File Download Vulnerability
79. HP Multiple LaserJet Printers Cross Site Request Forgery Vulnerability
80. Tcl/Tk Tk Toolkit 'ReadImage()' GIF File Buffer Overflow Vulnerability
81. Tcl/Tk ReadImage Buffer Overflow Vulnerability
82. Tcl/Tk Tk Toolkit TKIMGGIF.C Buffer Overflow Vulnerability
83. FFmpeg 'libavformat/4xm.c' Remote Code Execution Vulnerability
84. FFmpeg File Parsing Multiple Buffer Overflow Vulnerabilities
85. Orbit Downloader 'Connecting' Log Message Creation Remote Buffer Overflow Vulnerability
86. ejabberd MUC Logs Cross Site Scripting Vulnerability
87. PPLive URI Handlers 'LoadModule' Parameter Multiple Remote Code Execution Vulnerabilities
88. Linux Kernel 'sock.c' SO_BSDCOMPAT Option Information Disclosure Vulnerability
89. OpenSSH Duplicated Block Remote Denial of Service Vulnerability
90. Sun Java System Messenger Express 'error' Parameter Cross-Site Scripting Vulnerability
91. WorkSimple Information Disclosure Vulnerability and Remote File Include Vulnerability
92. MPlayer Multiple Remote Denial of Service Vulnerabilities
93. Wireshark 1.0.5 Multiple Denial Of Service Vulnerabilities
94. Adobe Flash Player Unspecified Remote Denial of Service Vulnerability
95. Adobe Flash Player Invalid Object Reference Remote Code Execution Vulnerability
96. Opera Web Browser HTML Parsing Heap-Based Remote Code Execution Vulnerability
97. Opera Web Browser 'file://' Heap Based Buffer Overflow Vulnerability
98. Opera Web Browser prior to 9.63 Multiple Security Vulnerabilities
99. Sun Solaris Kerberos Incremental Propagation Remote Denial Of Service Vulnerability
100. Sun Solaris UFS File System Multiple Local Denial Of Service Vulnerabilities
III. SECURITYFOCUS NEWS
1. Experts: U.S. needs to defend its "cyber turf"
2. Advisor: U.S. needs policy to defend cyberspace
3. Cabal forms to fight Conficker, offers bounty
4. Group releases list to kill most-dangerous bugs
IV. SECURITY JOBS LIST SUMMARY
V. INCIDENTS LIST SUMMARY
VI. VULN-DEV RESEARCH LIST SUMMARY
VII. MICROSOFT FOCUS LIST SUMMARY
1. SecurityFocus Microsoft Newsletter #435
VIII. SUN FOCUS LIST SUMMARY
IX. LINUX FOCUS LIST SUMMARY
X. UNSUBSCRIBE INSTRUCTIONS
XI. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1. Contracting For Secure Code
By Chris Wysopal
Forcing suppliers to attest to the security of provided software is gaining adherents: Just ask Kaspersky Lab.
http://www.securityfocus.com/columnists/494

2. Free Market Filtering
By Mark Rasch
The Australian government is considering requiring that Internet service providers in that country install filters which would prevent citizens from accessing tens of thousands of sites that contain "objectionable" material.
http://www.securityfocus.com/columnists/493


II. BUGTRAQ SUMMARY
--------------------
1. Chasys Media Player Playlist File Remote Buffer Overflow Vulnerability
BugTraq ID: 34165
Remote: Yes
Last Updated: 2009-03-18
Relevant URL: http://www.securityfocus.com/bid/34165
Summary:
Chasys Media Player is prone to a remote buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied input.

Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.

Chasys Media Player 1.1 is vulnerable; other versions may also be affected.

2. Umbraco CMS Administrative Pages Unauthorized Access Vulnerability
BugTraq ID: 34166
Remote: Yes
Last Updated: 2009-03-18
Relevant URL: http://www.securityfocus.com/bid/34166
Summary:
Umbraco CMS is prone to an access-validation vulnerability.

An attacker can exploit this issue to gain unauthorized access to unspecified administrative pages of the affected application. Successful attacks may aid the attacker in further attacks.

Umbraco CMS 3 is vulnerable; other versions may also be affected.

3. Sun xVM VirtualBox Local Privilege Escalation Vulnerability
BugTraq ID: 34080
Remote: No
Last Updated: 2009-03-16
Relevant URL: http://www.securityfocus.com/bid/34080
Summary:
Sun xVM VirtualBox is prone to a local privilege-escalation vulnerability.

An attacker can exploit this vulnerability to run arbitrary code with superuser privileges.

The following versions for the Linux platform are vulnerable:

Sun xVM VirtualBox 2.0
Sun xVM VirtualBox 2.1

4. Serv-U 'SMNT' Command Remote Denial of Service Vulnerabilities
BugTraq ID: 34127
Remote: Yes
Last Updated: 2009-03-16
Relevant URL: http://www.securityfocus.com/bid/34127
Summary:
Serv-U is prone to a remote denial-of-service vulnerability.

Successfully exploiting this issue will allow attackers to deny service to legitimate users. Given the nature of this issue, attackers may also be able to run arbitrary code, but this has not been confirmed.

Serv-U 7.4.0.1 is vulnerable; other versions may also be affected.

5. Serv-U FTP Server 'MKD' Command Directory Traversal Vulnerability
BugTraq ID: 34125
Remote: Yes
Last Updated: 2009-03-16
Relevant URL: http://www.securityfocus.com/bid/34125
Summary:
Serv-U FTP Server is prone to a directory-traversal vulnerability because the application fails to sufficiently sanitize user-supplied input.

Exploiting this issue allows an authenticated user to create directories outside the FTP root directory, which may lead to other attacks.

Serv-U FTP Server 7.4.0.1 is vulnerable; other versions may also be affected.

6. Multiple VNC Clients Multiple Integer Overflow Vulnerabilities
BugTraq ID: 33568
Remote: Yes
Last Updated: 2009-03-16
Relevant URL: http://www.securityfocus.com/bid/33568
Summary:
Multiple VNC clients are prone to integer-overflow vulnerabilities because they fail to properly validate data supplied by the VNC server.

An attacker can exploit these issues to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in denial-of-service conditions.

The following are vulnerable to these issues;

UltraVNC prior to 1.0.5.4
TightVNC prior to 1.3.10

Other VNC applications may also be affected.

7. VLC Media Player Web Interface 'input' Parameter Remote Buffer Overflow Vulnerability
BugTraq ID: 34126
Remote: Yes
Last Updated: 2009-03-16
Relevant URL: http://www.securityfocus.com/bid/34126
Summary:
VLC Media Player is prone to a remote stack-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data.

Attackers could exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely cause denial-of-service conditions.

VLC Media Player 0.9.8a is vulnerable; other versions may also be affected.

8. Rosoft Media Player 'rml' File Buffer Overflow Vulnerability
BugTraq ID: 34124
Remote: Yes
Last Updated: 2009-03-16
Relevant URL: http://www.securityfocus.com/bid/34124
Summary:
Rosoft Media Player is prone to a buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied input.

Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.

9. libxml2 'xmlBufferResize()' Remote Denial of Service Vulnerability
BugTraq ID: 32331
Remote: Yes
Last Updated: 2009-03-16
Relevant URL: http://www.securityfocus.com/bid/32331
Summary:
The 'libxml2' library is prone to a remote denial-of-service vulnerability.

Attackers can exploit this issue to cause the affected application using the library to fall into an infinite loop, denying service to legitimate users.

This issue affects libxml2-2.7.2; other versions may also be affected.

10. libxml2 'xmlSAX2Characters()' Integer Overflow Vulnerability
BugTraq ID: 32326
Remote: Yes
Last Updated: 2009-03-16
Relevant URL: http://www.securityfocus.com/bid/32326
Summary:
The 'libxml2' library is prone to an integer-overflow vulnerability because it fails to properly verify user-supplied data when handling XML files.

Successful exploits of this vulnerability allow remote attackers to execute arbitrary machine code in the context of an affected application. Failed exploits may crash the application.

This issue affects libxml2-2.7.2; other versions may also be affected.

11. Google Chrome Single Thread Alert Out of Bounds Memory Access Vulnerability
BugTraq ID: 34130
Remote: Yes
Last Updated: 2009-03-16
Relevant URL: http://www.securityfocus.com/bid/34130
Summary:
Google Chrome is prone to a vulnerability that allows access to out-of-bounds memory. The problem occurs because the application fails to perform adequate boundary checks on user-supplied data.

An attacker can exploit this issue to cause the affected browser to stop responding and possibly to disclose potentially sensitive information. The attacker may also be able to execute arbitrary code, but this has not been confirmed.

Google Chrome 1.0.154.48 is vulnerable; other versions may also be affected.

12. Mozilla Firefox 'designMode' Null Pointer Dereference Denial of Service Vulnerability
BugTraq ID: 33154
Remote: Yes
Last Updated: 2009-03-16
Relevant URL: http://www.securityfocus.com/bid/33154
Summary:
Mozilla Firefox is prone to a remote denial-of-service vulnerability.

Successful exploits can allow attackers to crash the affected browser, resulting in denial-of-service conditions.

Firefox 3.0.5, 3.0.6, and 3.0.7 are vulnerable; other versions may also be affected.

13. Access Analyzer CGI Unspecified Cross Site Scripting Vulnerability
BugTraq ID: 34123
Remote: Yes
Last Updated: 2009-03-16
Relevant URL: http://www.securityfocus.com/bid/34123
Summary:
Access Analyzer CGI is prone to a cross-site scripting vulnerability.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site and to steal cookie-based authentication credentials.

Access Analyzer CGI 3.8.1 is vulnerable; other versions may also be affected.

14. OpenCart 'order' Parameter SQL Injection Vulnerability
BugTraq ID: 34121
Remote: Yes
Last Updated: 2009-03-16
Relevant URL: http://www.securityfocus.com/bid/34121
Summary:
OpenCart is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

OpenCart 1.1.8 is vulnerable; other versions may also be affected.

15. Rapid Leech Upload Function Multiple Remote Input Validation Vulnerabilities
BugTraq ID: 34119
Remote: Yes
Last Updated: 2009-03-16
Relevant URL: http://www.securityfocus.com/bid/34119
Summary:
Rapid Leech is prone to multiple input-validation vulnerabilities, including an arbitrary-file-download issue, a local file-include issue, and a cross-site scripting issue.

Exploiting these issues could allow an attacker to view and execute arbitrary local files within the context of the webserver and to steal cookie-based authentication credentials, which may aid in further attacks.

16. Libpng Library Uninitialized Pointer Arrays Memory Corruption Vulnerabilities
BugTraq ID: 33827
Remote: Yes
Last Updated: 2009-03-16
Relevant URL: http://www.securityfocus.com/bid/33827
Summary:
The 'libpng' library is prone to multiple memory-corruption vulnerabilities because it fails to properly initialize data structures.

Successful exploits may allow remote attackers to cause denial-of-service conditions or potentially execute arbitrary code on computers running the affected library.

These issues affect versions prior to 'libpng' 1.0.43 and 1.2.35.

17. ModSecurity Multiple Remote Denial of Service Vulnerabilities
BugTraq ID: 34096
Remote: Yes
Last Updated: 2009-03-16
Relevant URL: http://www.securityfocus.com/bid/34096
Summary:
ModSecurity is prone to multiple denial-of-service vulnerabilities.

An attacker can exploit these issues to crash the Apache webserver and deny service to legitimate users.

These issues affect versions prior to ModSecurity 2.5.9.

18. PDFjam Multiple Insecure Temporary File Creation Vulnerabilities
BugTraq ID: 32931
Remote: No
Last Updated: 2009-03-16
Relevant URL: http://www.securityfocus.com/bid/32931
Summary:
Multiple PDFjam scripts create temporary files in an insecure manner.

An attacker with local access could potentially exploit these issues to perform symbolic-link attacks, overwriting arbitrary files in the context of the affected application.

Successfully mounting a symlink attack may allow the attacker to delete or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.

PDFjam 1.20 is vulnerable; other versions may also be affected.

19. Cryptographp 'index.php' Local File Include Vulnerability
BugTraq ID: 34122
Remote: Yes
Last Updated: 2009-03-16
Relevant URL: http://www.securityfocus.com/bid/34122
Summary:
Cryptographp is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.

An attacker can exploit this vulnerability to view files and execute local scripts from the Cryptographp directory in the context of the webserver process. This may aid in further attacks.

Cryptographp 1.4 is vulnerable; other versions may also be affected.

20. libsndfile CAF Processing Buffer Overflow Vulnerability
BugTraq ID: 33963
Remote: Yes
Last Updated: 2009-03-16
Relevant URL: http://www.securityfocus.com/bid/33963
Summary:
The 'libsndfile' library is prone to a heap-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data.

Attackers can exploit this issue to execute arbitrary code in the context of an application using the library. This can compromise the affected application and possibly the underlying computer. Failed attacks will likely cause denial-of-service conditions.

This issue affects libsndfile 1.0.18; previous versions may also be vulnerable.

21. BLOG:CMS Unspecified Cross Site Scripting Vulnerability
BugTraq ID: 34113
Remote: Yes
Last Updated: 2009-03-16
Relevant URL: http://www.securityfocus.com/bid/34113
Summary:
BLOG:CMS is prone to a cross-site scripting vulnerability.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site and to steal cookie-based authentication credentials.

Versions prior to BLOG:CMS 4.2.0 are vulnerable.

22. Multiple EditeurScripts Products 'msg' Parameter Cross Site Scripting Vulnerability
BugTraq ID: 34112
Remote: Yes
Last Updated: 2009-03-16
Relevant URL: http://www.securityfocus.com/bid/34112
Summary:
Multiple EditeurScripts products are prone to a cross-site scripting vulnerability because they fail to sufficiently sanitize user-supplied data.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

The following are affected:

EsBaseAdmin 2.1
EsPartenaires 1.0

Other versions may also be affected.

23. PTK Arbitrary Command Execution and Cross Site Scripting Vulnerabilities
BugTraq ID: 34111
Remote: Yes
Last Updated: 2009-03-16
Relevant URL: http://www.securityfocus.com/bid/34111
Summary:
PTK is prone to a vulnerability that lets attackers execute arbitrary commands because it fails to properly sanitize user-supplied input. In addition, the application is prone to multiple unspecified cross-site scripting vulnerabilities.

An attacker may exploit these issues to execute arbitrary commands in the context of the vulnerable application. An attacker may also exploit some of these issues to execute arbitrary script code in the browser of a vulnerable user. Other attacks may also be possible.

PTK 1.0.1 through 1.0.4 are vulnerable.

24. Bricolage Unspecified SQL Injection Vulnerability
BugTraq ID: 34110
Remote: Yes
Last Updated: 2009-03-16
Relevant URL: http://www.securityfocus.com/bid/34110
Summary:
Bricolage is prone to an unspecified SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Versions prior to Bricolage 1.10.7 are vulnerable.

25. Dagger 'skins/default.php' Remote File Include Vulnerability
BugTraq ID: 29906
Remote: Yes
Last Updated: 2009-03-16
Relevant URL: http://www.securityfocus.com/bid/29906
Summary:
Dagger is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data.

An attacker can exploit this issue to execute malicious PHP code in the context of the webserver process. This may facilitate a compromise of the application and the underlying computer; other attacks are also possible.

26. Multiple Vendor OpenSSL 'DSA_verify' Function Signature Verification Vulnerability
BugTraq ID: 33151
Remote: Yes
Last Updated: 2009-03-16
Relevant URL: http://www.securityfocus.com/bid/33151
Summary:
Multiple vendors' products using OpenSSL are prone to a signature-verification vulnerability.

An attacker would likely leverage this issue by first carrying out a man-in-the-middle attack. The attacker would most likely exploit this issue to conduct phishing attacks or to impersonate legitimate sites. Other attacks are likely possible.

27. Adobe Acrobat and Reader 8.1.2 Multiple Security Vulnerabilities
BugTraq ID: 32100
Remote: Yes
Last Updated: 2009-03-18
Relevant URL: http://www.securityfocus.com/bid/32100
Summary:
Adobe Acrobat and Reader are prone to multiple security vulnerabilities:

1. Multiple remote code-execution vulnerabilities.
2. A privilege-escalation vulnerability affecting computers running Unix-like operating systems.
3. An input-validation issue in a JavaScript method may lead to remote code execution.

Attackers can exploit these issues to execute arbitrary code, elevate privileges, or cause a denial-of-service condition.

28. Autonomy KeyView Module 'wp6sr.dll' Buffer Overflow Vulnerability
BugTraq ID: 34086
Remote: Yes
Last Updated: 2009-03-18
Relevant URL: http://www.securityfocus.com/bid/34086
Summary:
Autonomy KeyView module is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data before copying it to insufficiently sized buffers.

Exploiting this issue will allow an attacker to corrupt memory and to cause denial-of-service conditions or potentially to execute arbitrary code in the context of the application using the module.

Multiple products using the KeyView module are affected.

29. Adobe Acrobat Reader Unspecified Remote Denial Of Service Vulnerability
BugTraq ID: 29420
Remote: Yes
Last Updated: 2009-03-18
Relevant URL: http://www.securityfocus.com/bid/29420
Summary:
Acrobat Reader is prone to a remote denial-of-service vulnerability. The cause of this issue is unknown.

Exploiting this issue allows remote attackers to crash the application and trigger denial-of-service conditions, denying further service to legitimate users. Given the nature of this issue, code execution may be possible, but this has not been confirmed.

30. Adobe Acrobat and Reader PDF File Handling JBIG2 Image Remote Code Execution Vulnerability
BugTraq ID: 33751
Remote: Yes
Last Updated: 2009-03-18
Relevant URL: http://www.securityfocus.com/bid/33751
Summary:
Adobe Acrobat and Reader are prone to a remote code-execution vulnerability.

An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the application or crash the application, denying service to legitimate users.

The issue affects Reader and Acrobat 9, 8.1.3 and prior, and 7.

UPDATE (February 24, 2009): Further reports suggest that this issue affects the vulnerable applications running on Apple Mac OS X and various Linux-based operating systems.

31. CDex 'ogg' File Buffer Overflow Vulnerability
BugTraq ID: 34164
Remote: Yes
Last Updated: 2009-03-18
Relevant URL: http://www.securityfocus.com/bid/34164
Summary:
CDex is prone to a buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied input.

Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.

CDex 1.70 (Beta 2) is vulnerable; other versions may also be affected.

32. Sitecore CMS Security Databases Information Disclosure Vulnerability
BugTraq ID: 34162
Remote: Yes
Last Updated: 2009-03-18
Relevant URL: http://www.securityfocus.com/bid/34162
Summary:
Sitecore CMS is prone to an unspecified information-disclosure vulnerability.

Attackers can exploit this issue to harvest sensitive information that may lead to further attacks.

Versions prior to Sitecore CMS 5.3.2 rev. 090212 are vulnerable.

33. system-config-printer Package Romanian Translation Insecure Configuration Weakness
BugTraq ID: 34161
Remote: No
Last Updated: 2009-03-18
Relevant URL: http://www.securityfocus.com/bid/34161
Summary:
The 'system-config-printer' package is prone to a security weakness that may result in unsafe printer access configurations.

This weakness may cause unsuspecting users to set up unsafe printer configurations, resulting in a false sense of security. This may lead to other attacks.

34. Pivot 'refkey' Arbitrary File Deletion Vulnerability
BugTraq ID: 34160
Remote: Yes
Last Updated: 2009-03-18
Relevant URL: http://www.securityfocus.com/bid/34160
Summary:
Pivot is prone to a vulnerability that lets attackers delete arbitrary files.

Successful exploits may corrupt data and deny service to legitimate users.

35. AWStats 'awstats.pl' Multiple Path Disclosure Vulnerability
BugTraq ID: 34159
Remote: Yes
Last Updated: 2009-03-18
Relevant URL: http://www.securityfocus.com/bid/34159
Summary:
AWStats is prone to a path-disclosure vulnerability.

Exploiting this issue can allow an attacker to access sensitive data that may be used to launch further attacks against a vulnerable computer.

The following are vulnerable:

AWStats 6.5 (build 1.857) and prior
WebGUI Runtime Environment 0.8.x and prior

36. WeeChat IRC Message Remote Denial Of Service Vulnerability
BugTraq ID: 34148
Remote: Yes
Last Updated: 2009-03-18
Relevant URL: http://www.securityfocus.com/bid/34148
Summary:
WeeChat is prone to a remote denial-of-service vulnerability.

An attacker may exploit this issue crash the application, resulting in a denial-of-service condition.

Versions prior to WeeChat 0.2.6.1 are vulnerable.

37. JustSystems Ichitaro Unspecified Code Execution Vulnerability
BugTraq ID: 34138
Remote: Yes
Last Updated: 2009-03-18
Relevant URL: http://www.securityfocus.com/bid/34138
Summary:
Ichitaro is prone to an unspecified remote code-execution vulnerability.

Attackers may exploit this issue to execute arbitrary code within the context of the vulnerable application. Failed attempts will result in a denial-of-service condition.

Ichitaro 2008 and prior versions are vulnerable.

38. OpenTTD Multiple Buffer Overflow Vulnerabilities
BugTraq ID: 30525
Remote: Yes
Last Updated: 2009-03-18
Relevant URL: http://www.securityfocus.com/bid/30525
Summary:
OpenTTD is prone to multiple buffer-overflow vulnerabilities because it fails to adequately bounds-check user-supplied input before copying it to insufficiently sized buffers.

Successfully exploiting these issues may allow an attacker to execute arbitrary code with the privileges of the user running the affected application. Failed exploit attempts will likely crash the application.

These issues affect versions prior to OpenTTD 0.6.2.

39. phpMyRealty Multiple SQL Injection Vulnerabilities
BugTraq ID: 30862
Remote: Yes
Last Updated: 2009-03-18
Relevant URL: http://www.securityfocus.com/bid/30862
Summary:
phpMyRealty is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

These issues affect phpMyRealty 1.0.7 and 1.0.9; other versions may also be affected.

40. Mega File Hosting Script 'cross.php' Remote File Include Vulnerability
BugTraq ID: 34157
Remote: Yes
Last Updated: 2009-03-18
Relevant URL: http://www.securityfocus.com/bid/34157
Summary:
Mega File Hosting Script is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data.

Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible.

Mega File Hosting Script 1.2 is vulnerable; other versions may also be affected.

41. IETF RFC 3279 X.509 Certificate MD5 Signature Collision Vulnerability
BugTraq ID: 33065
Remote: Yes
Last Updated: 2009-03-18
Relevant URL: http://www.securityfocus.com/bid/33065
Summary:
X.509 certificates are prone to a signature-collision attack when signed with the MD5 algorithm. Attackers may take advantage of this issue to generate pairs of different, valid X.509 certificates that share a common signature.

An attacker is most likely to exploit this issue to conduct phishing attacks or to impersonate legitimate sites by taking advantage of malicious certificates. Other attacks are likely possible.

NOTE: This attack is an extension of the weakness covered in BID 11849 (MD5 Message Digest Algorithm Hash Collision Weakness).

42. MTCMS WYSIWYG Editor 'install.cgi' Cross Site Scripting Vulnerability
BugTraq ID: 34151
Remote: Yes
Last Updated: 2009-03-18
Relevant URL: http://www.securityfocus.com/bid/34151
Summary:
MTCMS WYSIWYG Editor is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

43. libcdaudio 'cddb.c' Remote Heap Buffer Overflow Vulnerability
BugTraq ID: 32122
Remote: Yes
Last Updated: 2009-03-18
Relevant URL: http://www.securityfocus.com/bid/32122
Summary:
The 'libcdaudio' library is prone to a remote heap buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input before copying it to an insufficiently sized buffer.

Attackers can exploit this issue to execute arbitrary code in the context of an application that uses the library. Failed attacks will cause denial-of-service conditions.

This issue affects libcdaudio 0.99.12p2; other versions may also be affected. Additional applications that use this library may also be vulnerable.

44. OpenSSL 'EVP_VerifyFinal' Function Signature Verification Vulnerability
BugTraq ID: 33150
Remote: Yes
Last Updated: 2009-03-18
Relevant URL: http://www.securityfocus.com/bid/33150
Summary:
OpenSSL is prone to a signature-verification vulnerability.

An attacker would likely leverage this issue by first carrying out a man-in-the-middle attack. The attacker would most likely exploit this issue to conduct phishing attacks or to impersonate legitimate sites. Other attacks are likely possible.

Releases prior to OpenSSL 0.9.8j are affected.

45. F5 BIG-IP Web Management Interface 'NEW_VALUE' Parameter Remote Code Injection Vulnerability
BugTraq ID: 28639
Remote: Yes
Last Updated: 2009-03-18
Relevant URL: http://www.securityfocus.com/bid/28639
Summary:
F5 BIG-IP Web Management Interface is prone to a remote code-injection vulnerability because the application fails to properly sanitize user-supplied input.

Exploiting this issue allows attackers to execute arbitrary code with the privileges of the user running the affected application.

This issue affects F5 BIG-IP 9.4.3; other versions may also be affected.

46. Joomla! and Mambo myContent Component 'id' Parameter SQL Injection VulnerabilitY
BugTraq ID: 29468
Remote: Yes
Last Updated: 2009-03-18
Relevant URL: http://www.securityfocus.com/bid/29468
Summary:
The myContent component for Joomla! and Mambo is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

myContent 1.1.13 is vulnerable; other versions may also be affected.

47. IBM Rational AppScan Enterprise Exported Report Information Disclosure Vulnerability
BugTraq ID: 34163
Remote: Yes
Last Updated: 2009-03-18
Relevant URL: http://www.securityfocus.com/bid/34163
Summary:
IBM Rational AppScan Enterprise is prone to an unspecified information-disclosure vulnerability.

Attackers can exploit this issue to obtain sensitive information that may aid in further attacks.

Versions prior to Rational AppScan Enterprise 5.5 Fix Pack 1 are vulnerable.

48. Symantec pcAnywhere Local Format String Vulnerability
BugTraq ID: 33845
Remote: No
Last Updated: 2009-03-18
Relevant URL: http://www.securityfocus.com/bid/33845
Summary:
Symantec pcAnywhere is prone to a local format-string vulnerability.

A local attacker may exploit this issue to crash the affected application, resulting in a denial-of-service condition. The attacker may also be able to execute arbitrary code within the context of the application, but this has not been confirmed.

pcAnywhere 12.0, 12.1, and 12.5 are vulnerable; other versions may also be affected.

49. Sun Java Runtime Environment and Java Development Kit Multiple Security Vulnerabilities
BugTraq ID: 32608
Remote: Yes
Last Updated: 2009-03-18
Relevant URL: http://www.securityfocus.com/bid/32608
Summary:
Sun Java Runtime Environment and Java Development Kit are prone to multiple security vulnerabilities.

Successful exploits may allow attackers to violate the same-origin policy, obtain sensitive information, bypass security restrictions, run untrusted applets with elevated privileges, and cause denial-of-service conditions. This may result in a compromise of affected computers.

These issues affect versions *prior to* the following:

JDK and JRE 6 Update 11 and later
JDK and JRE 5.0 Update 17 and later
SDK and JRE 1.4.2_19 and later
SDK and JRE 1.3.1_24 and later

50. Sun Java Web Start and Java Plug-in JAR File Privilege Escalation Vulnerability
BugTraq ID: 32892
Remote: Yes
Last Updated: 2009-03-18
Relevant URL: http://www.securityfocus.com/bid/32892
Summary:
Sun Java Web Start and Java Plug-in are prone to a privilege-escalation vulnerability.

This issue occurs when the affected applications parse a JAR file that is also a legitimate GIF image file.

An attacker may exploit this issue to obtain sensitive information (such as HTTP session cookies) or to perform actions as legitimate users of a web application. This may aid in further attacks.

NOTE: This issue was previously covered in BID 32620 (Sun Java Web Start and Java Plug-in Multiple Privilege Escalation Vulnerabilities), but has been given its own record to better document the issue.

The following versions are affected:

JDK and JRE 6 Update 10 and earlier
JDK and JRE 5.0 Update 16 and earlier
SDK and JRE 1.4.2_18 and earlier
SDK and JRE 1.3.1_23 and earlier

51. Sun Java Web Start and Java Plug-in Multiple Privilege Escalation Vulnerabilities
BugTraq ID: 32620
Remote: Yes
Last Updated: 2009-03-18
Relevant URL: http://www.securityfocus.com/bid/32620
Summary:
Sun Java Web Start and Java Plug-in are prone to multiple privilege-escalation vulnerabilities.

Successful exploits may allow attackers to violate the same-origin policy, obtain sensitive information, bypass security, or read, write, and execute arbitrary files in the context of the user running a vulnerable application. This may result in a compromise of the underlying system.

The following versions are affected:

JDK and JRE 6 Update 10 and earlier
JDK and JRE 5.0 Update 16 and earlier
SDK and JRE 1.4.2_18 and earlier
SDK and JRE 1.3.1_23 and earlier

52. GNOME glib Base64 Encoding and Decoding Multiple Integer Overflow Vulnerabilities
BugTraq ID: 34100
Remote: Yes
Last Updated: 2009-03-18
Relevant URL: http://www.securityfocus.com/bid/34100
Summary:
The GNOME glib library is prone to multiple integer-overflow vulnerabilities related to encoding and decoding Base64 data.

Successful exploits may allow remote attackers to cause denial-of-service conditions or potentially execute arbitrary code on computers running the affected library.

The following are vulnerable:

GNOME glib 2.11
GNOME glib 2.12
GStreamer gst-plugins-base prior to 0.10.23
GNOME libsoup prior to 2.2.0
GNOME libsoup prior to 2.24
Evolution Data Server prior to 2.24.5

Additional applications and versions may also be affected.

53. GNOME Evolution S/MIME Email Signature Verification Vulnerability
BugTraq ID: 33720
Remote: Yes
Last Updated: 2009-03-18
Relevant URL: http://www.securityfocus.com/bid/33720
Summary:
GNOME Evolution is prone to a signature-verification vulnerability.

Attackers can exploit this issue through man-in-the-middle attacks to modify signed messages undetected.

54. Evolution Data Server 'ntlm_challenge()' Memory Contents Information Disclosure Vulnerability
BugTraq ID: 34109
Remote: Yes
Last Updated: 2009-03-18
Relevant URL: http://www.securityfocus.com/bid/34109
Summary:
Evolution Data Server is prone to an information-disclosure vulnerability.

Successful exploits will allow attackers to obtain the contents of a portion of memory or crash the application.

This issue affects Evolution Data Server 2.45.5; other versions may also be affected.

55. Tasklist Drupal Module Unspecified SQL Injection Vulnerability
BugTraq ID: 34171
Remote: Yes
Last Updated: 2009-03-18
Relevant URL: http://www.securityfocus.com/bid/34171
Summary:
Tasklist is prone to an unspecified SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

56. Tasklist Drupal Module Multiple Unspecified Cross Site Scripting Vulnerabilities
BugTraq ID: 34170
Remote: Yes
Last Updated: 2009-03-18
Relevant URL: http://www.securityfocus.com/bid/34170
Summary:
Tasklist is prone to multiple unspecified cross-site scripting vulnerabilities.

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site and to steal cookie-based authentication credentials.

57. Adobe Acrobat and Reader Unspecified JavaScript Method Remote Code Execution Vulnerability
BugTraq ID: 34169
Remote: Yes
Last Updated: 2009-03-18
Relevant URL: http://www.securityfocus.com/bid/34169
Summary:
Adobe Acrobat and Reader are prone to a remote code-execution vulnerability because the software fails to sufficiently sanitize user-supplied input.

An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the application or crash the application, denying service to legitimate users.

The issue affects Reader and Acrobat 7.1 and prior, 8.1.2 and prior, and 9.

58. Drupal Plus 1 Module Cross-Site Request Forgery Vulnerability
BugTraq ID: 34168
Remote: Yes
Last Updated: 2009-03-18
Relevant URL: http://www.securityfocus.com/bid/34168
Summary:
The Plus 1 module for Drupal is prone to a cross-site request-forgery vulnerability.

Attackers may exploit this issue to cause victims to unknowingly vote for attacker-specified content.

Plus 1 versions prior to 6.x-2.6 are vulnerable.

59. Icarus 'PGN' File Remote Stack Buffer Overflow Vulnerability
BugTraq ID: 34167
Remote: Yes
Last Updated: 2009-03-18
Relevant URL: http://www.securityfocus.com/bid/34167
Summary:
Icarus is prone to a remote stack-based buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied input.

Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.

Icarus 2.0 is vulnerable; other versions may also be affected.

60. Social Site Generator Multiple Information Disclosure Vulnerabilities
BugTraq ID: 34149
Remote: Yes
Last Updated: 2009-03-17
Relevant URL: http://www.securityfocus.com/bid/34149
Summary:
Social Site Generator is prone to multiple information-disclosure vulnerabilities because it fails to properly sanitize user-supplied input.

An attacker can exploit these vulnerabilities to view arbitrary files in the context of the webserver process. This may aid in further attacks.

61. TangoCMS 'listeners.php' Cross Site Scripting Vulnerability
BugTraq ID: 33833
Remote: Yes
Last Updated: 2009-03-17
Relevant URL: http://www.securityfocus.com/bid/33833
Summary:
TangoCMS is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

Versions prior to TangoCMS 2.2.4 are vulnerable.

62. BitDefender Internet Security 2009 File Name Cross Site Scripting Vulnerability
BugTraq ID: 33921
Remote: Yes
Last Updated: 2009-03-17
Relevant URL: http://www.securityfocus.com/bid/33921
Summary:
BitDefender Internet Security 2009 is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

63. PHP Pro Bid 'includes/class_image.php' Remote File Include Vulnerability
BugTraq ID: 34145
Remote: Yes
Last Updated: 2009-03-17
Relevant URL: http://www.securityfocus.com/bid/34145
Summary:
PHP Pro Bid is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data.

Exploiting this issue can allow an attacker to compromise the application and the underlying computer; other attacks are also possible.

PHP Pro Bid 6.05 is vulnerable; other versions may also be affected.

64. GDL 'node' Parameter SQL Injection Vulnerability
BugTraq ID: 34144
Remote: Yes
Last Updated: 2009-03-17
Relevant URL: http://www.securityfocus.com/bid/34144
Summary:
GDL (Ganesha Digital Library) is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

GDL 4.0 and 4.2 are vulnerable; other versions may also be affected.

65. Kipper Local File Include and Cross Site Scripting Vulnerabilities
BugTraq ID: 33640
Remote: Yes
Last Updated: 2009-03-17
Relevant URL: http://www.securityfocus.com/bid/33640
Summary:
Kipper is prone to a local file-include vulnerability and a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.

An attacker can exploit the local file-include vulnerability using directory-traversal strings to view and execute local files within the context of the webserver process.

The attacker may leverage the cross-site scripting issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.

Kipper 2.01 is vulnerable; other versions may also be affected.

66. PHPRunner 'SearchField' Parameter SQL Injection Vulnerability
BugTraq ID: 34146
Remote: Yes
Last Updated: 2009-03-17
Relevant URL: http://www.securityfocus.com/bid/34146
Summary:
PHPRunner generates scripts that are prone to an SQL-injection vulnerability because they fail to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

PHPRunner 4.2 is vulnerable; other versions may also be affected.

67. cPanel Legacy File Manager File Name HTML Injection Vulnerability
BugTraq ID: 34142
Remote: Yes
Last Updated: 2009-03-17
Relevant URL: http://www.securityfocus.com/bid/34142
Summary:
cPanel is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content.

Attacker-supplied HTML and script code would run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.

cPanel 11.24.4 is vulnerable; other versions may also be affected.

68. Talkative IRC 'PRIVMSG' Buffer Overflow Vulnerability
BugTraq ID: 34141
Remote: Yes
Last Updated: 2009-03-17
Relevant URL: http://www.securityfocus.com/bid/34141
Summary:
Talkative IRC is prone to a stack-based buffer-overflow vulnerability because it fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.

An attacker can exploit this issue by enticing an unsuspecting user into connecting to a malicious IRC server. Successful attacks will allow arbitrary code to run within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.

Talkative IRC 0.4.4.16 is vulnerable; other versions may also be affected.

69. Amarok 'audible.cpp' Audible File Multiple Integer Overflow and Memory Allocation Vulnerabilities
BugTraq ID: 33210
Remote: Yes
Last Updated: 2009-03-17
Relevant URL: http://www.securityfocus.com/bid/33210
Summary:
Amarok is prone to multiple integer-overflow and memory-allocation vulnerabilities because it fails to perform adequate boundary checks on user-supplied data.

Successful exploits may allow attackers to execute arbitrary code with the privileges of a user running the application. Failed exploit attempts likely cause denial-of-service conditions.

Versions prior to Amarok 2.0.1.1 are vulnerable.

70. D-Bus 'send_requested_reply' and 'receive_requested_reply' Security Bypass Vulnerability
BugTraq ID: 32674
Remote: Yes
Last Updated: 2009-03-17
Relevant URL: http://www.securityfocus.com/bid/32674
Summary:
D-Bus is prone to a security-bypass vulnerability because of an issue with the default configuration.

Attackers may be able to bypass certain security restrictions, which may allow attackers to send and receive messages that were supposed to be blocked.

This issue has been addressed in D-Bus 1.2.6.

71. BlueZ SDP Payload Processing Multiple Buffer Overflow Vulnerabilities
BugTraq ID: 30105
Remote: Yes
Last Updated: 2009-03-17
Relevant URL: http://www.securityfocus.com/bid/30105
Summary:
BlueZ is prone to multiple buffer-overflow vulnerabilities.

Successfully exploiting these issues may allow remote attackers to execute arbitrary code in the context of the application. Failed attempts will result in a denial-of-service condition.

BlueZ 3.34 and prior versions are affected.

72. GStreamer QuickTime Media File Parsing Multiple Buffer Overflow Vulnerabilities
BugTraq ID: 33405
Remote: Yes
Last Updated: 2009-03-17
Relevant URL: http://www.securityfocus.com/bid/33405
Summary:
GStreamer is prone to multiple buffer-overflow vulnerabilities because the application fails to perform adequate boundary checks on user-supplied input.

Attackers may leverage these issues to execute arbitrary code in the context of applications that use the affected library. Failed attacks will cause denial-of-service conditions.

Versions prior to GStreamer 'gst-plugins-good' 0.10.12 are vulnerable. Applications using the library, such as Songbird, Totem, and Amarok, may also be affected.

73. WinAsm Studio '.wap' Project File Heap-Based Buffer Overflow Vulnerability
BugTraq ID: 34132
Remote: Yes
Last Updated: 2009-03-17
Relevant URL: http://www.securityfocus.com/bid/34132
Summary:
WinAsm Studio is prone to a heap-based buffer-overflow vulnerability because it fails to perform adequate checks on user-supplied input.

Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.

WinAsm Studio 5.1.5.0 is vulnerable; other versions may also be affected.

74. Gretech GOM Encoder '.srt' File Remote Buffer Overflow Vulnerability
BugTraq ID: 34120
Remote: Yes
Last Updated: 2009-03-17
Relevant URL: http://www.securityfocus.com/bid/34120
Summary:
Gretech GOM Encoder is prone to a remote buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied input.

Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.

GOM Encoder 1.0.0.11 and prior are vulnerable; other versions may also be affected.

75. phpComasy 'index.php' SQL Injection Vulnerability
BugTraq ID: 34131
Remote: Yes
Last Updated: 2009-03-17
Relevant URL: http://www.securityfocus.com/bid/34131
Summary:
phpComasy is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

phpComasy 0.9 is vulnerable; other versions may also be affected.

76. Beerwin's PhpLinkAdmin Remote File Include and Multiple SQL Injection Vulnerabilities
BugTraq ID: 34129
Remote: Yes
Last Updated: 2009-03-17
Relevant URL: http://www.securityfocus.com/bid/34129
Summary:
Beerwin's PhpLinkAdmin is prone to multiple input-validation vulnerabilities, including a remote file-include issue and multiple SQL-injection issues.

A successful exploit may allow an attacker to execute malicious code within the context of the webserver process, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Beerwin's PhpLinkAdmin 1.0 is vulnerable; other versions may also be affected.

77. WordPress fMoblog Plugin 'id' Parameter SQL Injection Vulnerability
BugTraq ID: 34147
Remote: Yes
Last Updated: 2009-03-17
Relevant URL: http://www.securityfocus.com/bid/34147
Summary:
The WordPress fMoblog plugin is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

The issue affects fMoblog 2.1; other versions may also be affected.

78. MLdonkey HTTP Request Arbitrary File Download Vulnerability
BugTraq ID: 33865
Remote: Yes
Last Updated: 2009-03-17
Relevant URL: http://www.securityfocus.com/bid/33865
Summary:
MLdonkey is prone to a vulnerability that lets attackers download arbitrary files. The issue occurs because the application fails to sufficiently sanitize user-supplied input.

Exploiting this issue will allow an attacker to view arbitrary files within the context of the application. Information harvested may aid in launching further attacks.

MLdonkey 2.9.7 is vulnerable; other versions may also be affected.

79. HP Multiple LaserJet Printers Cross Site Request Forgery Vulnerability
BugTraq ID: 34143
Remote: Yes
Last Updated: 2009-03-17
Relevant URL: http://www.securityfocus.com/bid/34143
Summary:
Multiple HP printers are prone to a cross-site request-forgery vulnerability.

Exploiting this issue may allow a remote attacker to change a device's configuration and perform other unauthorized actions.

This issue affects HP LaserJet M1522n MFP and HP Color LaserJet 2605dtn. Other models in the LaserJet Printer, Edgeline Printer, and Digital Sender lines are also expected to be affected.

80. Tcl/Tk Tk Toolkit 'ReadImage()' GIF File Buffer Overflow Vulnerability
BugTraq ID: 27655
Remote: Yes
Last Updated: 2009-03-17
Relevant URL: http://www.securityfocus.com/bid/27655
Summary:
TCL/TK Tk Toolkit is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied GIF image data before copying it to an insufficiently sized buffer.

Successful exploits may allow attackers to execute arbitrary code in the context of applications that use the affected toolkit. Failed exploit attempts likely result in denial-of-service conditions.

Versions prior to Tcl/Tk 8.5.1 are vulnerable to this issue.

81. Tcl/Tk ReadImage Buffer Overflow Vulnerability
BugTraq ID: 25826
Remote: Yes
Last Updated: 2009-03-17
Relevant URL: http://www.securityfocus.com/bid/25826
Summary:
Tcl/Tk is prone to a buffer-overflow vulnerability that resides in the Tk library shipped with Tcl.

An attacker can exploit this issue to execute arbitrary code or cause denial-of-service conditions in applications implementing the affected library.

Versions prior to Tcl/Tk 8.4.16 are vulnerable to this issue.

82. Tcl/Tk Tk Toolkit TKIMGGIF.C Buffer Overflow Vulnerability
BugTraq ID: 26056
Remote: Yes
Last Updated: 2009-03-17
Relevant URL: http://www.securityfocus.com/bid/26056
Summary:
Tcl/Tk Tk Toolkit is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data before copying it to an insufficiently sized buffer.

An attacker can exploit this issue to cause denial-of-service conditions. Given the nature of this issue, remote code execution may also be possible but has not been confirmed.

Versions prior to Tcl/Tk 8.4.13 are vulnerable.

83. FFmpeg 'libavformat/4xm.c' Remote Code Execution Vulnerability
BugTraq ID: 33502
Remote: Yes
Last Updated: 2009-03-17
Relevant URL: http://www.securityfocus.com/bid/33502
Summary:
FFmpeg is prone to a remote code-execution vulnerability because it fails to adequately validate user-supplied input.

An attacker can exploit this issue to execute arbitrary code in the context of the application. Failed exploit attempts will result in a denial-of-service condition.

Versions prior to FFmpeg trunk revision 16846 are vulnerable.

84. FFmpeg File Parsing Multiple Buffer Overflow Vulnerabilities
BugTraq ID: 33308
Remote: Yes
Last Updated: 2009-03-17
Relevant URL: http://www.securityfocus.com/bid/33308
Summary:
FFmpeg is prone to multiple buffer-overflow vulnerabilities because the application fails to perform adequate boundary checks on user-supplied input.

Attackers may leverage these issues to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.

FFmpeg 0.4.9 is affected; other versions may also be vulnerable.

85. Orbit Downloader 'Connecting' Log Message Creation Remote Buffer Overflow Vulnerability
BugTraq ID: 33894
Remote: Yes
Last Updated: 2009-03-17
Relevant URL: http://www.securityfocus.com/bid/33894
Summary:
Orbit Downloader is prone to a remote buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data.

An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the application. Failed exploit attempts will cause a denial-of-service condition.

This issue affects versions prior to Orbit Downloader 2.8.5.

86. ejabberd MUC Logs Cross Site Scripting Vulnerability
BugTraq ID: 34133
Remote: Yes
Last Updated: 2009-03-17
Relevant URL: http://www.securityfocus.com/bid/34133
Summary:
The 'ejabberd' application is prone to a cross-site scripting vulnerability.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site and to steal cookie-based authentication credentials.

Versions prior to ejabberd 2.0.4 are vulnerable.

87. PPLive URI Handlers 'LoadModule' Parameter Multiple Remote Code Execution Vulnerabilities
BugTraq ID: 34128
Remote: Yes
Last Updated: 2009-03-17
Relevant URL: http://www.securityfocus.com/bid/34128
Summary:
PPLive is prone to multiple remote code-execution vulnerabilities because the application fails to sufficiently sanitize user-supplied input.

Exploiting these issues can allow an attacker to execute arbitrary code within the context of the affected application.

PPLive 1.9.21 is vulnerable; other versions may also be affected.

88. Linux Kernel 'sock.c' SO_BSDCOMPAT Option Information Disclosure Vulnerability
BugTraq ID: 33846
Remote: No
Last Updated: 2009-03-17
Relevant URL: http://www.securityfocus.com/bid/33846
Summary:
The Linux Kernel is prone to an information-disclosure vulnerability because it fails to properly initialize certain memory before using using it in a user-accessible operation.

Successful exploits will allow attackers to view portions of kernel memory. Information harvested may be used in further attacks.

Versions prior to Linux Kernel 2.6.28.8 are vulnerable.

89. OpenSSH Duplicated Block Remote Denial of Service Vulnerability
BugTraq ID: 20216
Remote: Yes
Last Updated: 2009-03-17
Relevant URL: http://www.securityfocus.com/bid/20216
Summary:
OpenSSH is prone to a remote denial-of-service vulnerability because it fails to properly handle incoming duplicate blocks.

Remote attackers may exploit this issue to consume excessive CPU resources, potentially denying service to legitimate users.

This issue occurs only when OpenSSH is configured to accept SSH Version One traffic.

90. Sun Java System Messenger Express 'error' Parameter Cross-Site Scripting Vulnerability
BugTraq ID: 34140
Remote: Yes
Last Updated: 2009-03-17
Relevant URL: http://www.securityfocus.com/bid/34140
Summary:
Sun Java System Messenger Express is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

Sun Java System Messenger Express 6.3-0.15 is vulnerable; other versions may also be affected.

91. WorkSimple Information Disclosure Vulnerability and Remote File Include Vulnerability
BugTraq ID: 32849
Remote: Yes
Last Updated: 2009-03-17
Relevant URL: http://www.securityfocus.com/bid/32849
Summary:
WorkSimple is prone to two remote security vulnerabilities:

1. An information-disclosure vulnerability occurs because the application fails to protect sensitive information.

2. A remote file-include vulnerability occurs because the application fails to sufficiently sanitize user-supplied data.

Exploiting these issues may allow an attacker to compromise the application and the underlying computer; other attacks are also possible.

WorkSimple 1.2.1 is vulnerable; other versions may also be affected.

92. MPlayer Multiple Remote Denial of Service Vulnerabilities
BugTraq ID: 34136
Remote: Yes
Last Updated: 2009-03-17
Relevant URL: http://www.securityfocus.com/bid/34136
Summary:
MPlayer is prone to multiple denial-of-service vulnerabilities when handling malformed media files.

Successfully exploiting this issue allows remote attackers to deny service to legitimate users.

93. Wireshark 1.0.5 Multiple Denial Of Service Vulnerabilities
BugTraq ID: 33690
Remote: Yes
Last Updated: 2009-03-17
Relevant URL: http://www.securityfocus.com/bid/33690
Summary:
Wireshark is prone to multiple denial-of-service vulnerabilities.

Exploiting these issues may allow attackers to crash the application, denying service to legitimate users. Attackers may be able to leverage some of these vulnerabilities to execute arbitrary code, but this has not been confirmed.

These issues affect Wireshark 0.99.6 through 1.0.5.

94. Adobe Flash Player Unspecified Remote Denial of Service Vulnerability
BugTraq ID: 33890
Remote: Yes
Last Updated: 2009-03-17
Relevant URL: http://www.securityfocus.com/bid/33890
Summary:
Adobe Flash Player is prone to a remote denial-of-service vulnerability because it fails to properly validate user-supplied input.

Exploiting this issue allows remote attackers to crash the application and possibly to execute code, but this has not been confirmed.

Versions prior to Flash Player 10.0.22.87 are vulnerable.

95. Adobe Flash Player Invalid Object Reference Remote Code Execution Vulnerability
BugTraq ID: 33880
Remote: Yes
Last Updated: 2009-03-17
Relevant URL: http://www.securityfocus.com/bid/33880
Summary:
Adobe Flash Player is prone to a remote code-execution vulnerability.

An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the application. Failed exploit attempts will likely crash the application, denying service to legitimate users.

Versions prior to Flash Player 10.0.12.36 are vulnerable.

96. Opera Web Browser HTML Parsing Heap-Based Remote Code Execution Vulnerability
BugTraq ID: 32891
Remote: Yes
Last Updated: 2009-03-17
Relevant URL: http://www.securityfocus.com/bid/32891
Summary:
Opera Web Browser is a browser that runs on multiple operating systems.

Opera Web Browser is prone to a heap-based memory-corruption vulnerability because of a flaw in parsing certain HTML constructs.

Attackers can exploit this issue to execute arbitrary code or crash the affected application.

NOTE: This issue was previously covered in BID 32864 (Opera Web Browser prior to 9.63 Multiple Security Vulnerabilities), but has been given its own record to better document the issue.

Versions prior to Opera 9.63 are vulnerable.

97. Opera Web Browser 'file://' Heap Based Buffer Overflow Vulnerability
BugTraq ID: 32323
Remote: Yes
Last Updated: 2009-03-17
Relevant URL: http://www.securityfocus.com/bid/32323
Summary:
Opera Web Browser is prone to a heap-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input before copying it to an insufficiently sized buffer.

Attackers can exploit this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.

Opera Web Browser 9.62 is vulnerable; other versions may also be affected.

98. Opera Web Browser prior to 9.63 Multiple Security Vulnerabilities
BugTraq ID: 32864
Remote: Yes
Last Updated: 2009-03-17
Relevant URL: http://www.securityfocus.com/bid/32864
Summary:
Opera Web Browser is prone to multiple security vulnerabilities.

Successful exploits may allow attackers to:
- execute arbitrary code in the context of the application
- cause denial-of-service conditions
- execute arbitrary script code in the browser of an unsuspecting user in the context of certain sites
- steal cookie-based authentication credentials
- obtain sensitive information
- carry out other attacks

Versions prior to Opera 9.63 are vulnerable.

99. Sun Solaris Kerberos Incremental Propagation Remote Denial Of Service Vulnerability
BugTraq ID: 34139
Remote: Yes
Last Updated: 2009-03-17
Relevant URL: http://www.securityfocus.com/bid/34139
Summary:
Sun Solaris Kerberos is prone to a remote denial-of-service vulnerability.

An attacker may exploit this issue to prevent incremental propagation of messages from master to slave Key Distribution Center (KDC) servers, resulting in denial-of-service conditions.

The issue affects Solaris 10 and OpenSolaris based on builds snv_01 through snv_110.

100. Sun Solaris UFS File System Multiple Local Denial Of Service Vulnerabilities
BugTraq ID: 34137
Remote: No
Last Updated: 2009-03-17
Relevant URL: http://www.securityfocus.com/bid/34137
Summary:
Sun Solaris is prone to multiple local denial-of-service vulnerabilities.

A local privileged attacker can exploit these issues to cause a system panic or make the system unresponsive, denying service to legitimate users.

III. SECURITYFOCUS NEWS ARTICLES
--------------------------------
1. Experts: U.S. needs to defend its "cyber turf"
By: Robert Lemos
The United States must develop a Monroe Doctrine for the Internet, defining what constitutes its cyberspace and pledging to defend its virtual borders, security experts told Congress.
http://www.securityfocus.com/news/11548

2. Advisor: U.S. needs policy to defend cyberspace
By: Robert Lemos
An Obama transition-team member argues that any future cyber policy needs to deal with the role of the intelligence community, the militarization of cyberspace and designating a lead disaster agency.
http://www.securityfocus.com/news/11547

3. Cabal forms to fight Conficker, offers bounty
By: Robert Lemos
Microsoft offers $250,000 for information leading to the arrest of the author and, along with security firms and Internet service providers, pledges to work to prevent the prolific worm from spreading further.
http://www.securityfocus.com/news/11546

4. Group releases list to kill most-dangerous bugs
By: Robert Lemos
Software makers, security vendors, and government agencies team up to create a list of the 25 most severe software issues, aiming to get developers to stop making mistakes.
http://www.securityfocus.com/news/11542

IV. SECURITY JOBS LIST SUMMARY
-------------------------------
V. INCIDENTS LIST SUMMARY
---------------------------
VI. VULN-DEV RESEARCH LIST SUMMARY
-----------------------------------
VII. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. SecurityFocus Microsoft Newsletter #435
http://www.securityfocus.com/archive/88/501694

VIII. SUN FOCUS LIST SUMMARY
----------------------------
IX. LINUX FOCUS LIST SUMMARY
----------------------------
X. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to sf-news-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.

XI. SPONSOR INFORMATION
------------------------
This issue is sponsored by Tripwire

Configuration Assessment: Choosing the Right Solution
Configuration assessment lets businesses proactively secure their IT infrastructure and achieve compliance with important industry standards and regulations. Learn why configuration assessment is so important, why organizations find it difficult to control system configurations, and what types of configuration assessment solutions are available.

http://dinclinx.com/Redirect.aspx?36;3065;32;189;0;3;259;458f725ab218caf9

No comments:

Blog Archive