SecurityFocus Newsletter #503
----------------------------------------
This issue is sponsored by Thawte
SExtended Validation SSL Certificates: Inspire Trust, Improve Confidence and Increase Sales
Extended Validation SSL delivers the acknowledged industry standard for the highest level of online identity assurance processes for SSL certificate issuance. Find out how the EV standard increases the visibility of authentication status through the use of a green address bar in the latest high security web browsers.
http://www.dinclinx.com/Redirect.aspx?36;5004;25;1371;0;3;946;54442f0f214c470a
SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs
------------------------------------------------------------------
I. FRONT AND CENTER
1.A Botnet by Any Other Name
2.Projecting Borders into Cyberspace
II. BUGTRAQ SUMMARY
1. Novell GroupWise WebAccess Multiple Security Vulnerabilities
2. Apple Mac OS X PICT Image Handling Integer Overflow Vulnerability
3. NTP 'ntpq' Stack Buffer Overflow Vulnerability
4. vbPlaza 'name' Parameter SQL Injection Vulnerability
5. BlackBerry Attachment Service PDF Distiller Multiple Unspecified Security Vulnerabilities
6. Gallarific Cross Site Scripting and Authentication Bypass Vulnerabilities
7. Red Hat Certificate System Agent Group Security Bypass Vulnerability
8. WP-Lytebox 'main.php' Local File Include Vulnerability
9. libxml XML Entity Name Heap Buffer Overflow Vulnerability
10. Multiple SlySoft Products Driver IOCTL Request Multiple Local Buffer Overflow Vulnerabilities
11. FreeBSD 'telnetd' Daemon Remote Code Execution Vulnerability
12. Lighttpd Trailing Slash Information Disclosure Vulnerability
13. Soulseek Distributed File Search Buffer Overflow Vulnerability
14. Nullsoft Winamp 'gen_ff.dll' Buffer Overflow Vulnerability
15. SonicWALL Global VPN Client 'RampartSvc' Local Privilege Escalation Vulnerability
16. SonicWALL Global Security Client Local Privilege Escalation Vulnerability
17. SonicWALL Global VPN Client Log File Remote Format String Vulnerability
18. SAP AG SAPgui EAI WebViewer3D ActiveX Control Stack Buffer Overflow Vulnerability
19. Microsoft PowerPoint Paragraph Data Remote Code Execution Vulnerability
20. IBM Director CIM Server Privilege Escalation Vulnerability
21. Nortel Networks Contact Center Administration CCMA Cookie Authentication Bypass Vulnerability
22. Wireshark Prior to 1.0.7 Multiple Denial Of Service Vulnerabilities
23. Wireshark PN-DCP Data Format String Vulnerability
24. Realty Web-Base 'list_list.php' Parameter SQL Injection Vulnerability
25. NetDecision TFTP Server Directory Traversal Vulnerability
26. VidsharePro SQL Injection and Cross Site Scripting Vulnerabilities
27. OpenSSL 'dtls1_retrieve_buffered_fragment()' DTLS Packet Denial of Service Vulnerability
28. IBM WebSphere Partner Gateway 'bcgarchive' Information Disclosure Vulnerability
29. Pinnacle Hollywood FX '.hfz' File Handling Remote Denial of Service Vulnerability
30. Linux Kernel CIFS 'decode_unicode_ssetup()' Remote Buffer Overflow Vulnerability
31. Linux Kernel CIFS Remote Buffer Overflow Vulnerability
32. libwmf WMF Image File Remote Code Execution Vulnerability
33. Eggdrop 'ctcpbuf' Remote Denial Of Service Vulnerability
34. acpid Local Denial of Service Vulnerability
35. PRTG Traffic Grapher 'Monitor_Bandwidth' Cross Site Scripting Vulnerability
36. Smarty Template Engine 'function.math.php' Security Bypass Vulnerability
37. libsndfile Audio Data Multiple Denial Of Service Vulnerabilities
38. Phorum 'image/bmp' MIME Type HTML Injection Vulnerability
39. Woltlab Burning Board 'image/bmp' MIME Type HTML-Injection Vulnerability
40. Simple Machines Forum 'image/bmp' MIME Type HTML Injection Vulnerability
41. Citrix Password Manager Secondary Credentials Local Information Disclosure Vulnerability
42. Mozilla Firefox 'keygen' HTML Tag Denial of Service Vulnerability
43. ATutor 'documentation/index.php' URL Handling Phishing Vulnerability
44. HP Data Protector Express Local Unspecified Privilege Escalation Vulnerability
45. Drupal Embedded Media Field Module Create Content Multiple HTML Injection Vulnerabilities
46. FreeType TT_Load_Simple_Glyph() TTF File Integer Overflow Vulnerability
47. Lussumo Vanilla 'ajax/updatecheck.php' Cross-Site Scripting Vulnerability
48. FreeType LWFN Files Buffer Overflow Vulnerability
49. Sun Solaris 'sadmind' Daemon Multiple Buffer Overflow Vulnerabilities
50. Lussumo Vanilla 'updatecheck.php' Cross Site Scripting Vulnerability
51. phpBugTracker 'include.php' SQL Injection Vulnerability
52. Microsoft DirectX DirectShow QuickTime Video Remote Code Execution Vulnerability
53. Ston3D S3DPlayer Web and StandAlone 'system.openURL()' Remote Command Injection Vulnerability
54. Wireshark PCNFSD Dissector Denial of Service Vulnerability
55. Linux Kernel 'sock.c' SO_BSDCOMPAT Option Information Disclosure Vulnerability
56. Linux Kernel Cloned Process 'CLONE_PARENT' Local Origin Validation Weakness
57. Linux Kernel Audit System 'audit_syscall_entry()' System Call Security Bypass Vulnerability
58. Linux Kernel 'drivers/char/agp/generic.c' Local Information Disclosure Vulnerability
59. Linux Kernel 'ptrace_attach()' Local Privilege Escalation Vulnerability
60. Linux Kernel 'exit_notify()' CAP_KILL Verification Local Privilege Escalation Vulnerability
61. Linux Kernel 'kill_something_info()' Local Denial of Service Vulnerability
62. Linux Kernel 'EFER_LME' Local Denial of Service Vulnerability
63. Linux Kernel nfsd 'CAP_MKNOD' Unauthorized Access Vulnerability
64. NTP 'ntpd' Autokey Stack Buffer Overflow Vulnerability
65. Cyrus SASL 'sasl_encode64()' Remote Buffer Overflow Vulnerability
66. libsndfile VOC and AIFF Processing Buffer Overflow Vulnerabilities
67. OpenSSL 'zlib' Compression Memory Leak Remote Denial of Service Vulnerability
68. OpenSC 'pkcs11-tool' Inseure Key Generation Vulnerability
69. SiteX 'THEME_FOLDER' Parameter Multiple Local File Include Vulnerabilities
70. AgoraGroups Joomla! Component 'id' Parameter SQL Injection Vulnerability
71. Microsoft IIS Unicode Requests to WebDAV Multiple Authentication Bypass Vulnerabilities
72. Drupal Ajax Session Module Multiple Input Validation Vulnerabilities
73. Easy PX 41 CMS 'fiche' Parameter Local File Include Vulnerability
74. RSGallery2 Component for Mambo/Joomla! Backdoor Vulnerability
75. PHP-Nuke 'main/tracking/userLog.php' SQL Injection Vulnerability
76. pam_krb5 Existing/Non-Existing Username Enumeration Weakness
77. Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability
78. Sun Java Runtime Environment and Java Development Kit Multiple Security Vulnerabilities
79. IBM Hardware Management Console (HMC) Shared Memory Unspecified Vulnerability
80. Microsoft Windows 'win32k.sys' Local Denial Of Service Vulnerability
81. Microsoft Windows Desktop Wall Paper System Parameter Local Denial Of Service Vulnerability
82. Pidgin Multiple Buffer Overflow Vulnerabilities
83. ImageMagick TIFF File Integer Overflow Vulnerability
84. Dokuwiki 'doku.php' Local File Include Vulnerability
85. RoomPHPlanning Multiple Vulnerabilities
86. ProFTPD CIDR Access Control Rule Bypass Vulnerability
87. Jetty Cross Site Scripting and Information Disclosure Vulnerabilities
88. SquirrelMail Prior to 1.4.18 Multiple Vulnerabilities
89. Nortel Contact Center Manager Administration Password Disclosure Vulnerability
90. Multiple ATEN IP KVM Switches Multiple Remote Vulnerabilities and Weakness
91. ZEECAREERS and SHAADICLONE 'admin/addadminmembercode.php' Authentication Bypass Vulnerability
92. Graphiks MyForum Login Multiple SQL Injection Vulnerabilities
93. DBD::Pg BYTEA Values Memory Leak Denial of Service Vulnerability
94. MySQL MyISAM Table Privileges Secuity Bypass Vulnerability
95. PostgreSQL Conversion Encoding Remote Denial of Service Vulnerability
96. DBD::Pg 'pg_getline()' and 'getline()' Heap Buffer Overflow Vulnerabilities
97. MySQL Empty Binary String Literal Remote Denial Of Service Vulnerability
98. Multiple ArcaBit ArcaVir Products Multiple IOCTL Request Local Privilege Escalation Vulnerabilities
99. phpBugTracker 'index.php' SQL Injection Vulnerability
100. cpCommerce 'GLOBALS[prefix]' Local/Remote File Include Vulnerability
III. SECURITYFOCUS NEWS
1. Browsers bashed first in hacking contest
2. Experts: U.S. needs to defend its "cyber turf"
3. Advisor: U.S. needs policy to defend cyberspace
4. Cabal forms to fight Conficker, offers bounty
IV. SECURITY JOBS LIST SUMMARY
V. INCIDENTS LIST SUMMARY
VI. VULN-DEV RESEARCH LIST SUMMARY
VII. MICROSOFT FOCUS LIST SUMMARY
1. New Tech Tip: Configuring Windows 7 for a limited user
2. AD Password complexity - passwords too long?
VIII. SUN FOCUS LIST SUMMARY
IX. LINUX FOCUS LIST SUMMARY
1. curuncula dbr rootkit detection tool
X. UNSUBSCRIBE INSTRUCTIONS
XI. SPONSOR INFORMATION
I. FRONT AND CENTER
---------------------
1. A Botnet by Any Other Name
By Gubter Ollmann
The news has been awash the last few weeks with fears over globe-spanning botnets and their criminal intent: Conficker managed to hog the limelight for well over a month, and then came Finjan's disclosure of a previously unknown - and currently unnamed - botnet consisting of some 1.9 million malicious agents.
http://www.securityfocus.com/columnists/501
2.Projecting Borders into Cyberspace
By Jeffrey Carr
Two recent stories of significant cyber attacks come close to blaming the Chinese for the intrusions but stop short.
http://www.securityfocus.com/columnists/500
II. BUGTRAQ SUMMARY
--------------------
1. Novell GroupWise WebAccess Multiple Security Vulnerabilities
BugTraq ID: 35066
Remote: Yes
Last Updated: 2009-05-28
Relevant URL: http://www.securityfocus.com/bid/35066
Summary:
Novell GroupWise WebAccess is prone to multiple security vulnerabilities.
An attacker may leverage these issues to bypass certain security restrictions or conduct cross-site scripting attacks.
Note that some of the issues may be related to BID 35061. We will update this BID as more information emerges.
Versions prior to WebAccess 7.03 HP3 and 8.0.0 HP2 are vulnerable.
2. Apple Mac OS X PICT Image Handling Integer Overflow Vulnerability
BugTraq ID: 34938
Remote: Yes
Last Updated: 2009-05-28
Relevant URL: http://www.securityfocus.com/bid/34938
Summary:
Apple Mac OS X is prone to an integer-overflow vulnerability when handling PICT image files.
An attacker can exploit this issue to execute arbitrary code in the context of the victim.
NOTE: This issue was previously covered in BID 34926 (Apple Mac OS X 2009-002 Multiple Security Vulnerabilities), but has been assigned its own record to better document it.
3. NTP 'ntpq' Stack Buffer Overflow Vulnerability
BugTraq ID: 34481
Remote: Yes
Last Updated: 2009-05-26
Relevant URL: http://www.securityfocus.com/bid/34481
Summary:
The 'ntpq' command is prone to a stack-based buffer-overflow vulnerability.
Successful exploits will crash the affected utility. Code execution may also be possible, but has not been confirmed.
4. vbPlaza 'name' Parameter SQL Injection Vulnerability
BugTraq ID: 35099
Remote: Yes
Last Updated: 2009-05-26
Relevant URL: http://www.securityfocus.com/bid/35099
Summary:
vbPlaza is prone to an SQL-injection vulnerability because it fails to properly sanitize user-supplied input before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.
5. BlackBerry Attachment Service PDF Distiller Multiple Unspecified Security Vulnerabilities
BugTraq ID: 35102
Remote: Yes
Last Updated: 2009-05-26
Relevant URL: http://www.securityfocus.com/bid/35102
Summary:
BlackBerry Attachment Service is prone to multiple remote code-execution vulnerabilities when handling specially crafted PDF files.
Attackers can leverage these issues to execute arbitrary machine code in the context of the vulnerable service, possibly with SYSTEM-level privileges. Successful exploits will compromise the server. Failed attacks will likely result in denial-of-service conditions.
6. Gallarific Cross Site Scripting and Authentication Bypass Vulnerabilities
BugTraq ID: 28163
Remote: Yes
Last Updated: 2009-05-26
Relevant URL: http://www.securityfocus.com/bid/28163
Summary:
Gallarific is prone to a cross-site scripting vulnerability and multiple authentication-bypass vulnerabilities.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, add new categories, add new users, and modify existing users. Other attacks are also possible.
These issues affect both the commercial and the free versions of Gallarific.
7. Red Hat Certificate System Agent Group Security Bypass Vulnerability
BugTraq ID: 35104
Remote: No
Last Updated: 2009-05-26
Relevant URL: http://www.securityfocus.com/bid/35104
Summary:
Red Hat Certificate System (RHCS) is prone to a security-bypass vulnerability because of an error related to the handling of multiple agent groups.
Successfully exploiting this issue allows agent groups to approve or reject certificates in arbitrary queues; this may aid in further attacks.
RHCS 7.3 is vulnerable; other versions may also be affected.
8. WP-Lytebox 'main.php' Local File Include Vulnerability
BugTraq ID: 35098
Remote: Yes
Last Updated: 2009-05-26
Relevant URL: http://www.securityfocus.com/bid/35098
Summary:
WP-Lytebox is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.
An attacker can exploit this vulnerability to view files and execute local scripts in the context of the webserver process, which may aid in further attacks.
WP-Lytebox 1.3 is vulnerable; other versions may also be affected.
9. libxml XML Entity Name Heap Buffer Overflow Vulnerability
BugTraq ID: 31126
Remote: Yes
Last Updated: 2009-05-26
Relevant URL: http://www.securityfocus.com/bid/31126
Summary:
The 'libxml' library is prone to a heap-based buffer-overflow vulnerability because the software fails to perform adequate boundary checks on user-supplied data.
An attacker can exploit this issue to execute arbitrary within the context of an application using the affected library. Failed exploit attempts will result in a denial-of-service vulnerability.
10. Multiple SlySoft Products Driver IOCTL Request Multiple Local Buffer Overflow Vulnerabilities
BugTraq ID: 34103
Remote: No
Last Updated: 2009-05-26
Relevant URL: http://www.securityfocus.com/bid/34103
Summary:
Multiple SlySoft products are prone to multiple buffer-overflow vulnerabilities because they fail to adequately validate user-supplied input.
A local attacker can exploit these issues to execute arbitrary code with SYSTEM-level privileges. Failed attacks will result in denial-of-service conditions.
The following applications are vulnerable:
SlySoft AnyDVD 6.5.2.2
SlySoft AnyDVD HD 6.5.2.2
SlySoft Virtual CloneDrive 5.4.2.3
SlySoft CloneDVD 2.9.2.0
SlySoft CloneCD 5.3.1.3
11. FreeBSD 'telnetd' Daemon Remote Code Execution Vulnerability
BugTraq ID: 33777
Remote: Yes
Last Updated: 2009-05-26
Relevant URL: http://www.securityfocus.com/bid/33777
Summary:
FreeBSD is prone to a remote code-execution vulnerability.
Remote attackers can exploit this issue to execute arbitrary code with superuser privileges. Successfully exploiting this issue will facilitate in the complete compromise of affected computers.
FreeBSD 7.0 and 7.1 branches are vulnerable.
12. Lighttpd Trailing Slash Information Disclosure Vulnerability
BugTraq ID: 35097
Remote: Yes
Last Updated: 2009-05-26
Relevant URL: http://www.securityfocus.com/bid/35097
Summary:
Lighttpd is prone to an information-disclosure vulnerability.
Attackers can exploit this issue to obtain sensitive information that may lead to further attacks.
Lighttpd 1.4.23 is vulnerable; other versions may also be affected.
13. Soulseek Distributed File Search Buffer Overflow Vulnerability
BugTraq ID: 35091
Remote: Yes
Last Updated: 2009-05-26
Relevant URL: http://www.securityfocus.com/bid/35091
Summary:
Soulseek is prone to a stack-based buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data.
Attackers can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempt will result in a denial-of-service condition.
Soulseek 156 and 157 NS are vulnerable; other versions may also be affected.
14. Nullsoft Winamp 'gen_ff.dll' Buffer Overflow Vulnerability
BugTraq ID: 35052
Remote: Yes
Last Updated: 2009-05-26
Relevant URL: http://www.securityfocus.com/bid/35052
Summary:
Nullsoft Winamp is prone to a buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied input.
Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.
Winamp 5.55 and prior versions are vulnerable.
15. SonicWALL Global VPN Client 'RampartSvc' Local Privilege Escalation Vulnerability
BugTraq ID: 35092
Remote: No
Last Updated: 2009-05-26
Relevant URL: http://www.securityfocus.com/bid/35092
Summary:
SonicWALL Global VPN Client is prone to a local privilege-escalation vulnerability.
Successfully exploiting this issue allows local users to execute arbitrary code with LocalSystem privileges, facilitating the complete compromise of affected computers.
Global VPN Client 4.0.0.835 is vulnerable; other versions may also be affected.
16. SonicWALL Global Security Client Local Privilege Escalation Vulnerability
BugTraq ID: 35094
Remote: No
Last Updated: 2009-05-26
Relevant URL: http://www.securityfocus.com/bid/35094
Summary:
SonicWALL Global Security Client is prone to a local privilege-escalation vulnerability because the application fails to perform adequate boundary checks on user-supplied data.
A local attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successfully exploiting this issue will result in the complete compromise of affected computers.
Global Security Client 1.0.0.15 is vulnerable; other versions may also be affected.
17. SonicWALL Global VPN Client Log File Remote Format String Vulnerability
BugTraq ID: 35093
Remote: Yes
Last Updated: 2009-05-26
Relevant URL: http://www.securityfocus.com/bid/35093
Summary:
SonicWALL Global VPN Client is prone to a remote format-string vulnerability because it fails to properly sanitize user-supplied input before passing it as the format specifier to a formatted-printing function.
Successfully exploiting this issue allows remote attackers to execute arbitrary machine code in the context of the application. Failed attempts may cause denial-of-service conditions.
Global VPN Client 4.0.0.2-51e Standard and Enhanced are vulnerable; other versions may also be affected.
18. SAP AG SAPgui EAI WebViewer3D ActiveX Control Stack Buffer Overflow Vulnerability
BugTraq ID: 34310
Remote: Yes
Last Updated: 2009-05-26
Relevant URL: http://www.securityfocus.com/bid/34310
Summary:
SAP AG SAPgui is prone to a remote stack-based buffer-overflow vulnerability.
Attackers can exploit this issue to execute arbitrary code within the context of an application that uses the ActiveX control (typically Internet Explorer). Failed exploit attempts will result in a denial-of-service condition.
Versions prior to SAPgui 7.10 Patch Level 9 are vulnerable.
19. Microsoft PowerPoint Paragraph Data Remote Code Execution Vulnerability
BugTraq ID: 34833
Remote: Yes
Last Updated: 2009-05-26
Relevant URL: http://www.securityfocus.com/bid/34833
Summary:
Microsoft PowerPoint is prone to a remote code-execution vulnerability.
An attacker could exploit this issue by enticing a victim to open a malicious PowerPoint file.
Successfully exploiting this issue would allow the attacker to execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts will result in a denial-of-service condition.
20. IBM Director CIM Server Privilege Escalation Vulnerability
BugTraq ID: 34065
Remote: No
Last Updated: 2009-05-26
Relevant URL: http://www.securityfocus.com/bid/34065
Summary:
IBM Director is prone to a privilege-escalation vulnerability that affects the CIM server.
Attackers can leverage this issue to execute arbitrary code with elevated privileges in the context of the CIM server process.
Versions prior to IBM Director 5.20.3 Service Update 2 are affected.
21. Nortel Networks Contact Center Administration CCMA Cookie Authentication Bypass Vulnerability
BugTraq ID: 34966
Remote: Yes
Last Updated: 2009-05-26
Relevant URL: http://www.securityfocus.com/bid/34966
Summary:
Nortel Networks Contact Center Manager Administration (CCMA) is prone to an authentication-bypass vulnerability because it fails to adequately verify user-supplied input used for cookie-based authentication.
Attackers can exploit this vulnerability to gain unauthorized access to the affected application, which may aid in further attacks.
CCMA 6.0 is vulnerable; other versions may also be affected.
22. Wireshark Prior to 1.0.7 Multiple Denial Of Service Vulnerabilities
BugTraq ID: 34457
Remote: Yes
Last Updated: 2009-05-26
Relevant URL: http://www.securityfocus.com/bid/34457
Summary:
Wireshark is prone to multiple denial-of-service vulnerabilities.
Exploiting these issues may allow attackers to crash the application, denying service to legitimate users. Attackers may be able to leverage some of these vulnerabilities to execute arbitrary code, but this has not been confirmed.
Versions prior to Wireshark 1.0.7 are vulnerable.
23. Wireshark PN-DCP Data Format String Vulnerability
BugTraq ID: 34291
Remote: Yes
Last Updated: 2009-05-26
Relevant URL: http://www.securityfocus.com/bid/34291
Summary:
Wireshark is prone to a format-string vulnerability.
Attackers can leverage this issue to execute arbitrary code within the context of the vulnerable application. Failed attacks will likely cause denial-of-service conditions.
Wireshark 1.0.6 is vulnerable; other versions may also be affected.
24. Realty Web-Base 'list_list.php' Parameter SQL Injection Vulnerability
BugTraq ID: 35043
Remote: Yes
Last Updated: 2009-05-25
Relevant URL: http://www.securityfocus.com/bid/35043
Summary:
Realty Web-Base is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Realty Web-Base 1.0 is vulnerable; other versions may also be affected.
25. NetDecision TFTP Server Directory Traversal Vulnerability
BugTraq ID: 35002
Remote: Yes
Last Updated: 2009-05-25
Relevant URL: http://www.securityfocus.com/bid/35002
Summary:
NetDecision TFTP Server is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input.
Exploiting this issue can allow an attacker to upload and download arbitrary files outside of the TFTP server root directory. This could help the attacker launch further attacks.
NetDecision TFTP Server 4.2 is vulnerable; other versions may also be affected.
26. VidsharePro SQL Injection and Cross Site Scripting Vulnerabilities
BugTraq ID: 35033
Remote: Yes
Last Updated: 2009-05-25
Relevant URL: http://www.securityfocus.com/bid/35033
Summary:
VidsharePro is prone to an SQL-injection vulnerability and a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.
Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
27. OpenSSL 'dtls1_retrieve_buffered_fragment()' DTLS Packet Denial of Service Vulnerability
BugTraq ID: 35138
Remote: Yes
Last Updated: 2009-05-28
Relevant URL: http://www.securityfocus.com/bid/35138
Summary:
OpenSSL is prone to a vulnerability that may allow attackers to cause denial-of-service conditions.
OpenSSL 1.0.0 Beta 2 is vulnerable; other versions may also be affected.
28. IBM WebSphere Partner Gateway 'bcgarchive' Information Disclosure Vulnerability
BugTraq ID: 35136
Remote: Yes
Last Updated: 2009-05-28
Relevant URL: http://www.securityfocus.com/bid/35136
Summary:
IBM WebSphere Partner Gateway (WPG) is prone to an information-disclosure vulnerability.
Exploiting this issue may allow an attacker to obtain sensitive information that may aid in further attacks.
WPG 6.1.0 and 6.1.1 are vulnerable.
29. Pinnacle Hollywood FX '.hfz' File Handling Remote Denial of Service Vulnerability
BugTraq ID: 35137
Remote: Yes
Last Updated: 2009-05-28
Relevant URL: http://www.securityfocus.com/bid/35137
Summary:
Pinnacle Hollywood FX is prone to a remote denial-of-service vulnerability because the application fails to handle specially crafted files.
Exploiting this issue allows remote attackers to crash the application, denying further service to legitimate users.
This issue may be related to the vulnerability described in BID 34936 (Pinnacle Studio '.hfz' File Directory Traversal Vulnerability).
Pinnacle Hollywood FX 6 is vulnerable; other versions may also be affected.
30. Linux Kernel CIFS 'decode_unicode_ssetup()' Remote Buffer Overflow Vulnerability
BugTraq ID: 34612
Remote: Yes
Last Updated: 2009-05-28
Relevant URL: http://www.securityfocus.com/bid/34612
Summary:
The Linux Kernel is prone to a remote buffer-overflow vulnerability because the software fails to perform adequate boundary checks on user-supplied data.
An attacker can exploit this issue to execute arbitrary code with kernel-level privileges. Successfully exploiting this issue will result in the complete compromise of affected computers. Failed exploit attempts will result in a denial-of-service condition.
31. Linux Kernel CIFS Remote Buffer Overflow Vulnerability
BugTraq ID: 34453
Remote: Yes
Last Updated: 2009-05-28
Relevant URL: http://www.securityfocus.com/bid/34453
Summary:
The Linux Kernel is prone to a remote buffer-overflow vulnerability because the software fails to perform adequate boundary checks on user-supplied data.
An attacker can exploit this issue to execute arbitrary code with kernel-level privileges. Successfully exploiting this issue will result in the complete compromise of affected computers. Failed exploit attempts will result in a denial-of-service condition.
The issue affects Linux Kernel 2.6.29; other versions may also be vulnerable.
32. libwmf WMF Image File Remote Code Execution Vulnerability
BugTraq ID: 34792
Remote: Yes
Last Updated: 2009-05-28
Relevant URL: http://www.securityfocus.com/bid/34792
Summary:
The 'libwmf' library is prone to a buffer-overflow vulnerability because the vector graphics linked library improperly allocates memory when parsing WMF image files.
Successfully exploiting this issue would allow an attacker to corrupt memory and execute arbitrary code in the context of the currently logged-in user.
33. Eggdrop 'ctcpbuf' Remote Denial Of Service Vulnerability
BugTraq ID: 34985
Remote: Yes
Last Updated: 2009-05-28
Relevant URL: http://www.securityfocus.com/bid/34985
Summary:
Eggdrop is prone to a remote denial-of-service vulnerability because it fails to adequately validate user-supplied input.
An attacker may exploit this issue to crash the application, resulting in a denial-of-service condition.
This issue is related to the vulnerability described in BID 24070 (Eggdrop Server Module Message Handling Remote Buffer Overflow Vulnerability).
Versions prior to Eggdrop 1.6.19+ctcpfix are vulnerable.
34. acpid Local Denial of Service Vulnerability
BugTraq ID: 34692
Remote: No
Last Updated: 2009-05-28
Relevant URL: http://www.securityfocus.com/bid/34692
Summary:
The 'acpid' daemon is prone to a local denial-of-service vulnerability.
Successful exploits will allow attackers to make the daemon unresponsive, resulting in denial-of-service conditions.
The issue affects versions prior to acpid 1.0.10.
35. PRTG Traffic Grapher 'Monitor_Bandwidth' Cross Site Scripting Vulnerability
BugTraq ID: 35128
Remote: Yes
Last Updated: 2009-05-28
Relevant URL: http://www.securityfocus.com/bid/35128
Summary:
PRTG Traffic Grapher is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
PRTG Traffic Grapher 6.2.2.977 is vulnerable.
36. Smarty Template Engine 'function.math.php' Security Bypass Vulnerability
BugTraq ID: 34918
Remote: Yes
Last Updated: 2009-05-28
Relevant URL: http://www.securityfocus.com/bid/34918
Summary:
Smarty Template Engine is prone to a security-bypass vulnerability because it fails to adequately sanitize user-supplied input.
Attackers may exploit the issue to bypass certain security restrictions and execute arbitrary PHP code in the context of the application.
Smarty Template Engine 2.6.22 for Windows is vulnerable; other versions may also be affected.
37. libsndfile Audio Data Multiple Denial Of Service Vulnerabilities
BugTraq ID: 35126
Remote: Yes
Last Updated: 2009-05-28
Relevant URL: http://www.securityfocus.com/bid/35126
Summary:
The 'libsndfile' library is prone to multiple denial-of-service vulnerabilities.
Exploiting these issues may allow attackers to crash an application that uses the affected library, denying service to legitimate users.
These issues affect libsndfile 1.0.20; other versions may also be affected.
38. Phorum 'image/bmp' MIME Type HTML Injection Vulnerability
BugTraq ID: 35134
Remote: Yes
Last Updated: 2009-05-28
Relevant URL: http://www.securityfocus.com/bid/35134
Summary:
Phorum is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input.
Attacker-supplied HTML and script code would execute in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user; other attacks are also possible.
39. Woltlab Burning Board 'image/bmp' MIME Type HTML-Injection Vulnerability
BugTraq ID: 35135
Remote: Yes
Last Updated: 2009-05-28
Relevant URL: http://www.securityfocus.com/bid/35135
Summary:
Woltlab Burning Board is prone to a HTML-injection vulnerability because the application fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
The following are vulnerable:
Burning Board 3.0.8 and prior
Burning Board Lite 2.0.1 and prior
40. Simple Machines Forum 'image/bmp' MIME Type HTML Injection Vulnerability
BugTraq ID: 35130
Remote: Yes
Last Updated: 2009-05-28
Relevant URL: http://www.securityfocus.com/bid/35130
Summary:
Simple Machines Forum (SMF) is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input.
Attacker-supplied HTML and script code would run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.
NOTE: This issue was originally documented as a cross-site scripting vulnerability. After further analysis, the BID has been rewritten as an HTML-injection issue.
41. Citrix Password Manager Secondary Credentials Local Information Disclosure Vulnerability
BugTraq ID: 35133
Remote: No
Last Updated: 2009-05-28
Relevant URL: http://www.securityfocus.com/bid/35133
Summary:
Citrix Password Manager is prone to a local information-disclosure vulnerability.
Exploiting this issue may allow a local attacker to obtain sensitive information that may aid in further attacks.
Versions prior to Password Manager 4.6 SP1 are vulnerable.
42. Mozilla Firefox 'keygen' HTML Tag Denial of Service Vulnerability
BugTraq ID: 35132
Remote: Yes
Last Updated: 2009-05-28
Relevant URL: http://www.securityfocus.com/bid/35132
Summary:
Mozilla Firefox is prone to a remote denial-of-service vulnerability.
Successful exploits can allow attackers to cause the browser to stop responding, thus denying service to legitimate users.
43. ATutor 'documentation/index.php' URL Handling Phishing Vulnerability
BugTraq ID: 35129
Remote: Yes
Last Updated: 2009-05-28
Relevant URL: http://www.securityfocus.com/bid/35129
Summary:
ATutor is prone to a vulnerability that can aid in phishing attacks.
Successful exploits may allow attackers to redirect victims to a malicious website. This may lead to other attacks.
ATutor 1.6.2 is vulnerable; other versions may also be affected.
44. HP Data Protector Express Local Unspecified Privilege Escalation Vulnerability
BugTraq ID: 34955
Remote: No
Last Updated: 2009-05-28
Relevant URL: http://www.securityfocus.com/bid/34955
Summary:
HP Data Protector Express is prone to a local privilege-escalation vulnerability.
Local attackers can exploit this issue to execute arbitrary code with escalated privileges or cause denial-of-service conditions. Successfully exploiting this issue may result in the complete compromise of affected computers.
The issue affects the following:
HP Data Protector Express and SSE 3.x prior to build 47065
HP Data Protector Express and SSE 4.x prior to build 46537
45. Drupal Embedded Media Field Module Create Content Multiple HTML Injection Vulnerabilities
BugTraq ID: 35131
Remote: Yes
Last Updated: 2009-05-28
Relevant URL: http://www.securityfocus.com/bid/35131
Summary:
The Embedded Media Field module for Drupal is prone to multiple HTML-injection vulnerabilities because the module fails to properly sanitize user-supplied input before using it in dynamically generated content.
Attacker-supplied HTML and script code would run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.
Note that to exploit these issues, attackers require 'Administer content types' permissions within the Drupal application.
Embedded Media Field 6.x-1.0 is vulnerable; other versions may also be affected.
http://drupal.org/node/207891
46. FreeType TT_Load_Simple_Glyph() TTF File Integer Overflow Vulnerability
BugTraq ID: 24074
Remote: Yes
Last Updated: 2009-05-28
Relevant URL: http://www.securityfocus.com/bid/24074
Summary:
FreeType is prone to an integer-overflow vulnerability because it fails to properly validate TTF files.
An attacker may exploit this issue by enticing victims into opening maliciously crafted TTF Files.
Successful exploits will allow attackers to execute arbitrary code in the context in the context of applications that use the affected library. Failed exploit attempts will likely result in denial-of-service conditions.
This issue affects FreeType 2.3.4 and prior versions.
47. Lussumo Vanilla 'ajax/updatecheck.php' Cross-Site Scripting Vulnerability
BugTraq ID: 35114
Remote: Yes
Last Updated: 2009-05-28
Relevant URL: http://www.securityfocus.com/bid/35114
Summary:
Lussumo Vanilla is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
Vanilla 1.1.5 and 1.1.7 are vulnerable; other versions may also be affected.
48. FreeType LWFN Files Buffer Overflow Vulnerability
BugTraq ID: 18034
Remote: Yes
Last Updated: 2009-05-28
Relevant URL: http://www.securityfocus.com/bid/18034
Summary:
FreeType is prone to a buffer-overflow vulnerability because of an integer overflow that causes a buffer to be overrun with attacker-supplied data.
Exploiting this issue allows remote attackers to execute arbitrary machine code in the context of applications that use the affected library. Failed exploit attempts will likely crash applications, denying service to legitimate users.
Versions prior to FreeType 2.2.1 are vulnerable.
49. Sun Solaris 'sadmind' Daemon Multiple Buffer Overflow Vulnerabilities
BugTraq ID: 35083
Remote: Yes
Last Updated: 2009-05-28
Relevant URL: http://www.securityfocus.com/bid/35083
Summary:
Sun Solaris is prone to multiple buffer-overflow vulnerabilities because the software fails to perform adequate boundary checks on user-supplied input.
Attackers can leverage these issues to execute arbitrary code with superuser privileges. Failed attacks will cause denial-of-service conditions.
These issues affect Solaris 8 and 9.
50. Lussumo Vanilla 'updatecheck.php' Cross Site Scripting Vulnerability
BugTraq ID: 35124
Remote: Yes
Last Updated: 2009-05-28
Relevant URL: http://www.securityfocus.com/bid/35124
Summary:
Vanilla is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
Versions prior to Vanilla 1.1.8 are vulnerable.
51. phpBugTracker 'include.php' SQL Injection Vulnerability
BugTraq ID: 35125
Remote: Yes
Last Updated: 2009-05-28
Relevant URL: http://www.securityfocus.com/bid/35125
Summary:
phpBugTracker is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
phpBugTracker 1.0.4 and prior versions are vulnerable.
52. Microsoft DirectX DirectShow QuickTime Video Remote Code Execution Vulnerability
BugTraq ID: 35139
Remote: Yes
Last Updated: 2009-05-28
Relevant URL: http://www.securityfocus.com/bid/35139
Summary:
Microsoft DirectX is prone to a remote code-execution vulnerability because the DirectShow component fails to properly handle QuickTime media files.
Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the user running the application that uses DirectX. Failed exploit attempts will result in a denial-of-service condition.
53. Ston3D S3DPlayer Web and StandAlone 'system.openURL()' Remote Command Injection Vulnerability
BugTraq ID: 35105
Remote: Yes
Last Updated: 2009-05-28
Relevant URL: http://www.securityfocus.com/bid/35105
Summary:
S3DPlayer Web and StandAlone are prone to a remote command-injection vulnerability because they fail to adequately sanitize user-supplied input data.
Attackers can exploit this issue to execute arbitrary commands, within the context of the affected application.
54. Wireshark PCNFSD Dissector Denial of Service Vulnerability
BugTraq ID: 35081
Remote: Yes
Last Updated: 2009-05-27
Relevant URL: http://www.securityfocus.com/bid/35081
Summary:
Wireshark is prone to a denial-of-service vulnerability.
Exploiting this issue may allow attackers to cause the application to crash.
This issue affects Wireshark 0.8.20 through 1.0.7.
55. Linux Kernel 'sock.c' SO_BSDCOMPAT Option Information Disclosure Vulnerability
BugTraq ID: 33846
Remote: No
Last Updated: 2009-05-27
Relevant URL: http://www.securityfocus.com/bid/33846
Summary:
The Linux Kernel is prone to an information-disclosure vulnerability because it fails to properly initialize certain memory before using using it in a user-accessible operation.
Successful exploits will allow attackers to view portions of kernel memory. Information harvested may be used in further attacks.
Versions prior to Linux Kernel 2.6.28.8 are vulnerable.
56. Linux Kernel Cloned Process 'CLONE_PARENT' Local Origin Validation Weakness
BugTraq ID: 33906
Remote: No
Last Updated: 2009-05-27
Relevant URL: http://www.securityfocus.com/bid/33906
Summary:
The Linux kernel is prone to an origin-validation weakness when dealing with signal handling.
This weakness occurs when a privileged process calls attacker-supplied processes as children. Attackers may exploit this to send arbitrary signals to the privileged parent process.
A local attacker may exploit this issue to kill vulnerable processes, resulting in a denial-of-service condition. In some cases, other attacks may also be possible.
Linux kernel 2.6.28 is vulnerable; other versions may also be affected.
57. Linux Kernel Audit System 'audit_syscall_entry()' System Call Security Bypass Vulnerability
BugTraq ID: 33951
Remote: No
Last Updated: 2009-05-27
Relevant URL: http://www.securityfocus.com/bid/33951
Summary:
The Linux kernel is prone to a local security-bypass vulnerability.
A local attacker may be able to exploit this issue to bypass audit mechanisms imposed on system calls. This may allow malicious behavior to escape notice.
58. Linux Kernel 'drivers/char/agp/generic.c' Local Information Disclosure Vulnerability
BugTraq ID: 34673
Remote: No
Last Updated: 2009-05-27
Relevant URL: http://www.securityfocus.com/bid/34673
Summary:
The Linux kernel is prone to a local information-disclosure vulnerability.
Local attackers can exploit this issue to obtain sensitive information that may lead to further attacks.
Versions prior to the Linux kernel 2.6.30-rc3 are vulnerable.
59. Linux Kernel 'ptrace_attach()' Local Privilege Escalation Vulnerability
BugTraq ID: 34799
Remote: No
Last Updated: 2009-05-27
Relevant URL: http://www.securityfocus.com/bid/34799
Summary:
The Linux kernel is prone to a local privilege-escalation vulnerability.
A local attacker can exploit this issue to execute arbitrary code with superuser privileges, resulting in a complete compromise of the affected computer.
This issue affects Linux kernel 2.6.29; other versions may also be affected.
60. Linux Kernel 'exit_notify()' CAP_KILL Verification Local Privilege Escalation Vulnerability
BugTraq ID: 34405
Remote: No
Last Updated: 2009-05-27
Relevant URL: http://www.securityfocus.com/bid/34405
Summary:
The Linux kernel is prone to a local privilege-escalation vulnerability.
A local attacker can exploit this issue to execute arbitrary code with superuser privileges, resulting in a complete compromise of the affected computer.
Versions prior to Linux kernel 2.6.29-git14 are vulnerable.
61. Linux Kernel 'kill_something_info()' Local Denial of Service Vulnerability
BugTraq ID: 34558
Remote: No
Last Updated: 2009-05-27
Relevant URL: http://www.securityfocus.com/bid/34558
Summary:
The Linux kernel is prone to a local denial-of-service vulnerability.
Attackers can exploit this issue to signal all processes on the affected computer, resulting in a denial-of-service condition.
The Linux Kernel 2.6.24 through 2.6.27.12 are vulnerable.
62. Linux Kernel 'EFER_LME' Local Denial of Service Vulnerability
BugTraq ID: 34331
Remote: No
Last Updated: 2009-05-27
Relevant URL: http://www.securityfocus.com/bid/34331
Summary:
The Linux kernel is prone to a local denial-of-service vulnerability.
Attackers can exploit this issue to trigger a kernel oops, resulting in a denial-of-service condition.
This issue affects Linux kernel 2.6.19 through 2.6.29.
63. Linux Kernel nfsd 'CAP_MKNOD' Unauthorized Access Vulnerability
BugTraq ID: 34205
Remote: Yes
Last Updated: 2009-05-27
Relevant URL: http://www.securityfocus.com/bid/34205
Summary:
The Linux Kernel is prone to an unauthorized-access vulnerability that can occur when users with certain capabilities connect to the 'nfsd' service.
An attacker with authenticated access to the affected application can exploit this issue to perform privileged operations on a vulnerable computer; this may aid in further attacks.
64. NTP 'ntpd' Autokey Stack Buffer Overflow Vulnerability
BugTraq ID: 35017
Remote: Yes
Last Updated: 2009-05-27
Relevant URL: http://www.securityfocus.com/bid/35017
Summary:
The 'ntpd' daemon is prone to a stack-based buffer-overflow vulnerability when it is configured to use the 'autokey' OpenSSL protocol.
Attackers can exploit this issue to execute arbitrary code in the context of the application. Failed attempts will likely crash the application, causing denial-of-service conditions.
65. Cyrus SASL 'sasl_encode64()' Remote Buffer Overflow Vulnerability
BugTraq ID: 34961
Remote: Yes
Last Updated: 2009-05-27
Relevant URL: http://www.securityfocus.com/bid/34961
Summary:
Cyrus SASL is prone to a buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it into an insufficiently sized memory buffer.
An attacker can exploit this issue to execute arbitrary code within the context of an application using the affected library. Failed exploit attempts will result in denial-of-service conditions.
Versions prior to Cyrus SASL 2.1.23 are vulnerable.
66. libsndfile VOC and AIFF Processing Buffer Overflow Vulnerabilities
BugTraq ID: 34978
Remote: Yes
Last Updated: 2009-05-27
Relevant URL: http://www.securityfocus.com/bid/34978
Summary:
The 'libsndfile' library is prone to multiple buffer-overflow vulnerabilities because it fails to perform adequate boundary checks on user-supplied data.
Attackers can exploit these issues to execute arbitrary code in the context of an application using the library. This can compromise the affected application and possibly the computer. Failed attacks will likely cause denial-of-service conditions.
These issues affect versions prior to libsndfile 1.0.20.
67. OpenSSL 'zlib' Compression Memory Leak Remote Denial of Service Vulnerability
BugTraq ID: 31692
Remote: Yes
Last Updated: 2009-05-27
Relevant URL: http://www.securityfocus.com/bid/31692
Summary:
OpenSSL is prone to a remote denial-of-service vulnerability.
Attackers can cause an application that uses this library to crash by consuming available memory, denying service to legitimate users.
This issue affects OpenSSL 0.9.8f through 0.9.8h.
68. OpenSC 'pkcs11-tool' Inseure Key Generation Vulnerability
BugTraq ID: 34884
Remote: No
Last Updated: 2009-05-27
Relevant URL: http://www.securityfocus.com/bid/34884
Summary:
OpenSC is prone to a security vulnerability that may result in the use of an insecure RSA public key. This issue stems from a design error in the 'pkcs11-tool' module.
Attackers can exploit this issue to gain access to the private decryption key. Successfully exploiting this issue may allow attackers to obtain sensitive information or gain unauthorized access to the smartcard.
This issue affects only OpenSC 0.11.7 and the SVN trunk.
69. SiteX 'THEME_FOLDER' Parameter Multiple Local File Include Vulnerabilities
BugTraq ID: 35122
Remote: Yes
Last Updated: 2009-05-27
Relevant URL: http://www.securityfocus.com/bid/35122
Summary:
SiteX is prone to multiple local file-include vulnerabilities because it fails to properly sanitize user-supplied input.
An attacker can exploit this vulnerability to obtain potentially sensitive information and execute arbitrary local scripts in the context of the webserver process. This may allow the attacker to compromise the application and the computer; other attacks are also possible.
SiteX 0.7.4.418 is vulnerable; other versions may also be affected.
70. AgoraGroups Joomla! Component 'id' Parameter SQL Injection Vulnerability
BugTraq ID: 35118
Remote: Yes
Last Updated: 2009-05-27
Relevant URL: http://www.securityfocus.com/bid/35118
Summary:
The AgoraGroups module for Joomla! is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
AgoraGroups 0.3.5.3 is vulnerable; other versions may also be affected.
71. Microsoft IIS Unicode Requests to WebDAV Multiple Authentication Bypass Vulnerabilities
BugTraq ID: 34993
Remote: Yes
Last Updated: 2009-05-27
Relevant URL: http://www.securityfocus.com/bid/34993
Summary:
Microsoft Internet Information Service (IIS) is prone to multiple authentication-bypass vulnerabilities because the application fails to properly enforce access restrictions on certain requests to password-protected WebDAV folders.
An attacker can exploit these issues to gain unauthorized access to protected WebDAV resources, which may lead to other attacks.
This issue affects IIS 5.0, 5.1, and 6.0.
72. Drupal Ajax Session Module Multiple Input Validation Vulnerabilities
BugTraq ID: 35123
Remote: Yes
Last Updated: 2009-05-27
Relevant URL: http://www.securityfocus.com/bid/35123
Summary:
Drupal Ajax Session module is prone to multiple cross-site scripting and cross-site-request-forgery vulnerabilities because it fails to adequately sanitize user-supplied input.
Exploiting these issues may allow a remote attacker to perform arbitrary actions on the vulnerable application. Attackers can also exploit these issues to execute arbitrary script code and steal cookie-based authentication credentials.
Ajax Session 5.x-1.0 is vulnerable; other versions may also be affected.
73. Easy PX 41 CMS 'fiche' Parameter Local File Include Vulnerability
BugTraq ID: 35119
Remote: Yes
Last Updated: 2009-05-27
Relevant URL: http://www.securityfocus.com/bid/35119
Summary:
Easy PX 41 CMS is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.
An attacker can exploit this vulnerability to view files and execute local scripts in the context of the webserver process, which may aid in further attacks.
Easy PX 41 CMS 09.00.00B1 is vulnerable; other versions may also be affected.
74. RSGallery2 Component for Mambo/Joomla! Backdoor Vulnerability
BugTraq ID: 35106
Remote: Yes
Last Updated: 2009-05-27
Relevant URL: http://www.securityfocus.com/bid/35106
Summary:
RSGallery2 is prone to a backdoor vulnerability.
Attackers can exploit this issue to execute arbitrary commands in the context of the application. Successful attacks will compromise the affected application and possibly the webserver or computer.
RSGallery2 1.14.3 and 2.0.0b1 are vulnerable; other versions may also be affected.
75. PHP-Nuke 'main/tracking/userLog.php' SQL Injection Vulnerability
BugTraq ID: 35117
Remote: Yes
Last Updated: 2009-05-27
Relevant URL: http://www.securityfocus.com/bid/35117
Summary:
PHP-Nuke is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
PHP-Nuke 8.0.0 is vulnerable; other versions may also be affected.
76. pam_krb5 Existing/Non-Existing Username Enumeration Weakness
BugTraq ID: 35112
Remote: Yes
Last Updated: 2009-05-27
Relevant URL: http://www.securityfocus.com/bid/35112
Summary:
The 'pam_krb5' module is prone to a username-enumeration weakness because it displays different responses to login attempts, depending on whether or not the username exists.
Attackers may exploit this weakness to discern valid usernames. This may aid them in brute-force password cracking or other attacks.
This issue affects pam_krb5 2.2.14; other versions may also be affected.
77. Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability
BugTraq ID: 35115
Remote: No
Last Updated: 2009-05-27
Relevant URL: http://www.securityfocus.com/bid/35115
Summary:
Apache HTTP server is prone to a security-bypass vulnerability related to the handling of specific configuration directives.
A local attacker may exploit this issue to execute arbitrary code within the context of the webserver process. This may result in elevated privileges or aid in further attacks.
Versions prior to Apache 2.2.9 are vulnerable.
78. Sun Java Runtime Environment and Java Development Kit Multiple Security Vulnerabilities
BugTraq ID: 34240
Remote: Yes
Last Updated: 2009-05-27
Relevant URL: http://www.securityfocus.com/bid/34240
Summary:
Sun Java Runtime Environment and Java Development Kit are prone to multiple security vulnerabilities.
Successful exploits may allow attackers to violate the same-origin policy, obtain sensitive information, bypass security restrictions, run untrusted applets with elevated privileges, and cause denial-of-service conditions. This may result in a compromise of affected computers.
These issues affect versions *prior to* the following:
JDK and JRE 6 Update 13
JDK and JRE 5.0 Update 18
SDK and JRE 1.4.2_20
SDK and JRE 1.3.1_25
79. IBM Hardware Management Console (HMC) Shared Memory Unspecified Vulnerability
BugTraq ID: 35113
Remote: Yes
Last Updated: 2009-05-27
Relevant URL: http://www.securityfocus.com/bid/35113
Summary:
IBM Hardware Management Console (HMC) is prone to an unspecified vulnerability.
This issue is tracked by APAR MB03011.
Currently, very little is known about this issue. We will update this BID as more information emerges.
This issue affects HMC 7 Release 3.4.0 Service Pack 2.
80. Microsoft Windows 'win32k.sys' Local Denial Of Service Vulnerability
BugTraq ID: 35121
Remote: No
Last Updated: 2009-05-27
Relevant URL: http://www.securityfocus.com/bid/35121
Summary:
Microsoft Windows is prone to a local denial-of-service vulnerability.
Currently, few technical details are available. We will update this BID when more information emerges.
Attackers may exploit this issue to crash the affected computer, denying service to legitimate users. Given the nature of this issue, attackers may also be able to run arbitrary code with SYSTEM-level privileges, but this has not been confirmed.
Windows Vista and Windows Server 2003 are reported vulnerable; other versions may also be affected.
81. Microsoft Windows Desktop Wall Paper System Parameter Local Denial Of Service Vulnerability
BugTraq ID: 35120
Remote: No
Last Updated: 2009-05-27
Relevant URL: http://www.securityfocus.com/bid/35120
Summary:
Microsoft Windows is prone to a local denial-of-service vulnerability.
Attackers may exploit this issue to cause the computer to crash, denying further service to legitimate users. Given the nature of this issue, attackers may also be able to run arbitrary code, but this has not been confirmed.
This issue affects Windows XP SP3; other versions may also be affected.
82. Pidgin Multiple Buffer Overflow Vulnerabilities
BugTraq ID: 35067
Remote: Yes
Last Updated: 2009-05-27
Relevant URL: http://www.securityfocus.com/bid/35067
Summary:
Pidgin is prone to multiple buffer-overflow vulnerabilities because it fails to perform adequate boundary checks on user-supplied data.
Successful exploits may allow attackers to execute arbitrary code with the privileges of a user running the software or cause denial-of-service conditions.
Versions prior to Pidgin 2.5.6 are vulnerable.
83. ImageMagick TIFF File Integer Overflow Vulnerability
BugTraq ID: 35111
Remote: Yes
Last Updated: 2009-05-27
Relevant URL: http://www.securityfocus.com/bid/35111
Summary:
ImageMagick is prone to an integer-overflow vulnerability because it fails to properly bounds-check user-supplied input. The vulnerability occurs when handling malformed TIFF files.
Successfully exploiting this issue allows attackers to execute arbitrary code with the privileges of a user running the application. Failed exploit attempts will result in a denial-of-service condition.
ImageMagick 6.5.2-8 is vulnerable; other versions may be affected as well.
84. Dokuwiki 'doku.php' Local File Include Vulnerability
BugTraq ID: 35095
Remote: Yes
Last Updated: 2009-05-27
Relevant URL: http://www.securityfocus.com/bid/35095
Summary:
Dokuwiki is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.
An attacker can exploit this vulnerability to view files and execute local scripts in the context of the webserver process, which may aid in further attacks.
Dokuwiki 2009-02-14, rc2009-02-06, and rc2009-01-30 are vulnerable; other versions may also be affected.
85. RoomPHPlanning Multiple Vulnerabilities
BugTraq ID: 35110
Remote: Yes
Last Updated: 2009-05-27
Relevant URL: http://www.securityfocus.com/bid/35110
Summary:
RoomPHPlanning is prone to multiple vulnerabilities, including multiple SQL-injection issues, an authentication-bypass issue, and a security-bypass issue.
Attackers can exploit these issues to:
- gain administrative access to the affected application, which may aid in further attacks
- manipulate the SQL query logic to carry out unauthorized actions on the underlying database
- perform restricted actions
RoomPHPlanning 1.6 is vulnerable; other versions may also be affected.
86. ProFTPD CIDR Access Control Rule Bypass Vulnerability
BugTraq ID: 10252
Remote: Yes
Last Updated: 2009-05-27
Relevant URL: http://www.securityfocus.com/bid/10252
Summary:
ProFTPD is prone to a vulnerability that an attacker could exploit to bypass an Access Control List (ACL). The issue was reportedly introduced when a 'portability workaround' was applied to ProFTPD 1.2.9.
This vulnerability may lead a system administrator into a false sense of security, where access to the ProFTPD server is believed to be restricted by ACLs, but in reality the access restrictions will not be enforced at all.
87. Jetty Cross Site Scripting and Information Disclosure Vulnerabilities
BugTraq ID: 34800
Remote: Yes
Last Updated: 2009-05-27
Relevant URL: http://www.securityfocus.com/bid/34800
Summary:
Jetty is prone to a cross-site scripting vulnerability and an information-disclosure vulnerability.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, and obtain sensitive information.
Jetty 6.1.16 and prior versions are affected.
88. SquirrelMail Prior to 1.4.18 Multiple Vulnerabilities
BugTraq ID: 34916
Remote: Yes
Last Updated: 2009-05-27
Relevant URL: http://www.securityfocus.com/bid/34916
Summary:
SquirrelMail is prone to multiple vulnerabilities, including multiple session-fixation issues, a code-injection issue, and multiple cross-site scripting issues.
Attackers may exploit these issues to execute arbitrary script code in the browser of an unsuspecting user, to hijack the session of a valid user, or to inject and execute arbitrary PHP code in the context of the webserver process. This may facilitate a compromise of the application and the computer; other attacks are also possible.
Versions prior to SquirrelMail 1.4.18 are vulnerable.
89. Nortel Contact Center Manager Administration Password Disclosure Vulnerability
BugTraq ID: 34964
Remote: Yes
Last Updated: 2009-05-27
Relevant URL: http://www.securityfocus.com/bid/34964
Summary:
Nortel Contact Center Manager Administration is prone to a password-disclosure vulnerability caused by a design error.
Attackers can exploit this issue to gain access to the 'sysadmin' password. Successfully exploiting this issue may lead to other attacks.
90. Multiple ATEN IP KVM Switches Multiple Remote Vulnerabilities and Weakness
BugTraq ID: 35108
Remote: Yes
Last Updated: 2009-05-27
Relevant URL: http://www.securityfocus.com/bid/35108
Summary:
Multiple ATEN IP KVM switches are prone to multiple remote vulnerabilities and a weakness:
- A security weakness may allow attackers to decrypt HTTP traffic.
- A remote code-execution vulnerability is present.
- A security vulnerability may allow attackers to gain access to the session key.
- A security vulnerability may allow attackers to gain access to mouse events.
- A security vulnerability may allow attackers to gain access to the session ID.
Attackers can exploit these issues to execute Java code, compromise and gain unauthorized access to the affected device connected to the KVM, gain access to the session key, and gain access to the session ID. Other attacks are also possible.
91. ZEECAREERS and SHAADICLONE 'admin/addadminmembercode.php' Authentication Bypass Vulnerability
BugTraq ID: 35107
Remote: Yes
Last Updated: 2009-05-26
Relevant URL: http://www.securityfocus.com/bid/35107
Summary:
Zeeways ZEECAREERS and SHAADICLONE are prone to an authentication-bypass vulnerability.
Attackers can exploit this issue to gain administrative access to an affected application. This may aid in further attacks.
SHAADICLONE 2.0 and ZEECAREERS 2.0 are vulnerable; other versions may also be affected.
92. Graphiks MyForum Login Multiple SQL Injection Vulnerabilities
BugTraq ID: 35096
Remote: Yes
Last Updated: 2009-05-26
Relevant URL: http://www.securityfocus.com/bid/35096
Summary:
Graphiks MyForum is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied input before using it in an SQL query.
A successful exploit may allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
MyForum 1.3 is vulnerable; other versions may also be affected.
93. DBD::Pg BYTEA Values Memory Leak Denial of Service Vulnerability
BugTraq ID: 34757
Remote: Yes
Last Updated: 2009-05-26
Relevant URL: http://www.securityfocus.com/bid/34757
Summary:
DBD::Pg is prone to a denial-of-service vulnerability caused by a memory leak when handling BYTEA data.
Successful exploits may allow remote attackers to cause denial-of-service conditions on computers running the affected software.
DBD::Pg 1.49 as distributed with Debian 4.0 is vulnerable; other versions may also be affected.
94. MySQL MyISAM Table Privileges Secuity Bypass Vulnerability
BugTraq ID: 29106
Remote: Yes
Last Updated: 2009-05-26
Relevant URL: http://www.securityfocus.com/bid/29106
Summary:
MySQL is prone to a security-bypass vulnerability.
An attacker can exploit this issue to gain access to table files created by other users, bypassing certain security restrictions.
NOTE 1: This issue was also assigned CVE-2008-4097 because CVE-2008-2079 was incompletely fixed, allowing symlink attacks.
NOTE 2: CVE-2008-4098 was assigned because fixes for the vector described in CVE-2008-4097 can also be bypassed.
This issue affects versions prior to MySQL 4 (prior to 4.1.24) and MySQL 5 (prior to 5.0.60).
95. PostgreSQL Conversion Encoding Remote Denial of Service Vulnerability
BugTraq ID: 34090
Remote: Yes
Last Updated: 2009-05-26
Relevant URL: http://www.securityfocus.com/bid/34090
Summary:
PostgreSQL is prone to a remote denial-of-service vulnerability.
Exploiting this issue may allow attackers to terminate connections to the PostgreSQL server, denying service to legitimate users.
96. DBD::Pg 'pg_getline()' and 'getline()' Heap Buffer Overflow Vulnerabilities
BugTraq ID: 34755
Remote: Yes
Last Updated: 2009-05-26
Relevant URL: http://www.securityfocus.com/bid/34755
Summary:
DBD::Pg is prone to multiple heap-based buffer-overflow vulnerabilities that occur because the application fails to perform adequate boundary checks on user-supplied data.
Attackers may be able to exploit these issues to execute arbitrary code within the context of an application that uses the vulnerable module. Failed exploit attempts will result in a denial-of-service condition.
DBD::Pg 1.49 as distributed with Debian 4.0 is vulnerable; other versions may also be affected.
97. MySQL Empty Binary String Literal Remote Denial Of Service Vulnerability
BugTraq ID: 31081
Remote: Yes
Last Updated: 2009-05-26
Relevant URL: http://www.securityfocus.com/bid/31081
Summary:
MySQL is prone to a remote denial-of-service vulnerability because it fails to handle empty binary string literals.
An attacker can exploit this issue to crash the application, denying access to legitimate users.
This issue affects versions prior to MySQL 5.0.66, 5.1.26, and 6.0.6.
98. Multiple ArcaBit ArcaVir Products Multiple IOCTL Request Local Privilege Escalation Vulnerabilities
BugTraq ID: 35100
Remote: No
Last Updated: 2009-05-26
Relevant URL: http://www.securityfocus.com/bid/35100
Summary:
Multiple ArcaBit ArcaVir products are prone to multiple local privilege-escalation vulnerabilities that affect the 'ps_drv.sys' driver.
An attacker can exploit these issues to execute arbitrary code with elevated privileges, facilitating a complete compromise of the affected computer.
The following applications are vulnerable:
ArcaVir 2009 Antivirus Protection
ArcaVir 2009 Internet Security
ArcaVir 2009 System Protection
ArcaVir 2009 Home Protection
99. phpBugTracker 'index.php' SQL Injection Vulnerability
BugTraq ID: 35101
Remote: Yes
Last Updated: 2009-05-26
Relevant URL: http://www.securityfocus.com/bid/35101
Summary:
phpBugTracker is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
phpBugTracker 1.0.3 is vulnerable; other versions may also be affected.
100. cpCommerce 'GLOBALS[prefix]' Local/Remote File Include Vulnerability
BugTraq ID: 35103
Remote: Yes
Last Updated: 2009-05-26
Relevant URL: http://www.securityfocus.com/bid/35103
Summary:
cpCommerce is prone to a local/remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data.
Exploiting this issue may allow an attacker to compromise the application and the computer; other attacks are also possible.
Versions in the cpCommerce 1.2.x branch are vulnerable.
III. SECURITYFOCUS NEWS ARTICLES
--------------------------------
1. Browsers bashed first in hacking contest
By: Robert Lemos
A security researcher keeps a vulnerability on ice for an entire year, before using it at the Pwn2Own contest to exploit Apple's browser. Microsoft's Internet Explorer 8 falls soon after.
http://www.securityfocus.com/news/11549
2. Experts: U.S. needs to defend its "cyber turf"
By: Robert Lemos
The United States must develop a Monroe Doctrine for the Internet, defining what constitutes its cyberspace and pledging to defend its virtual borders, security experts told Congress.
http://www.securityfocus.com/news/11548
3. Advisor: U.S. needs policy to defend cyberspace
By: Robert Lemos
An Obama transition-team member argues that any future cyber policy needs to deal with the role of the intelligence community, the militarization of cyberspace and designating a lead disaster agency.
http://www.securityfocus.com/news/11547
4. Cabal forms to fight Conficker, offers bounty
By: Robert Lemos
Microsoft offers $250,000 for information leading to the arrest of the author and, along with security firms and Internet service providers, pledges to work to prevent the prolific worm from spreading further.
http://www.securityfocus.com/news/11546
IV. SECURITY JOBS LIST SUMMARY
-------------------------------
V. INCIDENTS LIST SUMMARY
---------------------------
VI. VULN-DEV RESEARCH LIST SUMMARY
-----------------------------------
VII. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. New Tech Tip: Configuring Windows 7 for a limited user
http://www.securityfocus.com/archive/88/503884
2. AD Password complexity - passwords too long?
http://www.securityfocus.com/archive/88/503573
VIII. SUN FOCUS LIST SUMMARY
----------------------------
IX. LINUX FOCUS LIST SUMMARY
----------------------------
1. curuncula dbr rootkit detection tool
http://www.securityfocus.com/archive/91/502934
X. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to sf-news-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.
If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.
XI. SPONSOR INFORMATION
------------------------
This issue is sponsored by Thawte
SExtended Validation SSL Certificates: Inspire Trust, Improve Confidence and Increase Sales
Extended Validation SSL delivers the acknowledged industry standard for the highest level of online identity assurance processes for SSL certificate issuance. Find out how the EV standard increases the visibility of authentication status through the use of a green address bar in the latest high security web browsers.
http://www.dinclinx.com/Redirect.aspx?36;5004;25;1371;0;3;946;54442f0f214c470a
