Summary of Security Items from January 5 through January 11, 2006
The US-CERT Cyber Security Bulletin provides a summary of new and updated vulnerabilities,
exploits, trends, and malicious code that have recently been openly reported. Information
in the Cyber Security Bulletin is a compilation of open source and US-CERT vulnerability
information. As such, the Cyber Security Bulletin includes information published by sources
outside of US-CERT and should not be considered the result of US-CERT
analysis or as an official report of US-CERT. Although this
information does reflect open source reports, it is not an official description and should
be used for informational purposes only. The intention of the Cyber Security Bulletin is to
serve as a comprehensive directory of pertinent vulnerability reports, providing brief
summaries and additional sources for further investigation.
The tables below summarize vulnerabilities that have been reported by various open
source organizations or presented in newsgroups and on web sites. Items in
bold designate updates that have been made to past entries. Entries are
grouped by the operating system on which the reported software operates, and
vulnerabilities which affect both Windows and Unix/ Linux Operating Systems are
included in the Multiple Operating
Systems table. Note, entries in each table are not necessarily vulnerabilities in that operating system, but vulnerabilities in software which operate on some version of that operating system.
Entries may contain additional US-CERT sponsored information, including Common Vulnerabilities and Exposures (CVE) numbers, National Vulnerability Database (NVD) links, Common Vulnerability Scoring System (CVSS) values, Open Vulnerability and Assessment Language (OVAL) definitions, or links to US-CERT Vulnerability Notes. Metrics, values, and information included in the Cyber Security Bulletin which has been provided by other US-CERT sponsored programs, is prepared, managed, and contributed by those respective programs. CVSS values are managed and provided by the US-CERT/ NIST National Vulnerability Database. Links are also provided to patches and workarounds that have been provided by the product�s vendor.
The Risk levels are defined below:
High - Vulnerabilities will be labeled “High” severity if they have a CVSS base score of 7.0-10.0.
Medium - Vulnerabilities will be labeled “Medium” severity if they have a base CVSS score of 4.0-6.9.
Low - Vulnerabilities will be labeled “Low” severity if they have a CVSS base score of 0.0-3.9.
Note that scores provided prior to 11/9/2005 are approximated from only partially available CVSS metric data. Such scores are marked as "Approximated" within NVD. In particular, the following CVSS metrics are only partially available for these vulnerabilities and NVD assumes certain values based on an approximation algorithm: AccessComplexity, Authentication, ConfImpact of 'partial', IntegImpact of 'partial', AvailImpact of 'partial', and the impact biases.
Windows Operating Systems Only
Vendor & Software Name
Description
Common Name
CVSS
Resources
Aquifer CMS
A vulnerability has been reported in Aquifer CMS that could let remote malicious users conduct Cross-Site Scripting.
No workaround or patch available at time of publishing.
Several buffer overflow vulnerabilities have been reported: a vulnerability was reported in bogofilter and bogolexer when character set conversion is performed on invalid input sequences, which could let a remote malicious user cause a Denial of Service; and a vulnerability was reported in bogofilter and bogolexer when processing input that contains overly long words, which could let a remote malicious user cause a Denial of Service.
A buffer overflow vulnerability has been reported when attempting to handle compressed UPX files due to an unspecified boundary error in "libclamav/upx.c, which could let a remote malicious user execute arbitrary code.
A vulnerability has been reported in incoming print jobs due to a failure to properly apply ACLs (Access Control List), which could let a remote malicious user bypass ACLs.
Multiple vulnerabilities exist: remote Denial of Service vulnerabilities exist in the COPS, DLSw, DNP, Gnutella, and MMSE dissectors; and a buffer overflow vulnerability exists in the X11 dissector, which could let a remote malicious user execute arbitrary code.
FreeBSD Security Advisory, FreeBSD-SA-06:04.ipfw, January 11, 2006
FreeBSD
FreeBSD 4.x
FreeBSD 5.x
FreeBSD 6.x
A vulnerability has been reported in the 'EE' editor when executing a spell check operation due to the insecure creation of temporary files, which could let a malicious user obtain elevated privileges.
FreeBSD Security Advisory, FreeBSD-SA-06:02.ee, January 11, 2006
GNU
cpio 1.0-1.3, 2.4.2, 2.5, 2.5.90, 2.6
A vulnerability has been reported when an archive is extracted into a world or group writeable directory because non-atomic procedures are used, which could let a malicious user modify file permissions.
Trustix Secure Linux Security Advisory, TSLSA-2005-0030, June 24, 2005
Mandriva
Linux Security Update Advisory, MDKSA2005:
116, July 12,
2005
RedHat Security Advisory, RHSA-2005:378-17, July 21, 2005
SGI Security Advisory, 20050802-01-U, August 15, 2005
SCO Security Advisory, SCOSA-2005.32, August 18, 2005
Avaya Security Advisory, ASA-2005-191, September 6, 2005
Conectiva Linux Announcement, CLSA-2005:1002, September 13, 2005
Ubuntu Security Notice, USN-189-1, September 29, 2005
Debian Security Advisory, DSA 846-1, October 7, 2005
RedHat Security Advisory, RHSA-2005:806-8, November 10, 2005
SCO Security Advisory, SCOSA-2006.2, January 3, 2006
FreeBSD Security Advisory, FreeBSD-SA-06:03.cpio, January 11, 2006
GNU
cpio 2.6
A Directory Traversal vulnerability has been reported when invoking cpio on a malicious archive, which could let a remote malicious user obtain sensitive information.
Mandriva Linux Security Advisory MDKSA-2005:237, December 23, 2005
Ubuntu Security Notice, USN-234-1, January 02, 2006
FreeBSD Security Advisory, FreeBSD-SA-06:03.cpio, January 11, 2006
GNU
Texinfo 4.7
A vulnerability has been reported in 'textindex.c' due to insecure creation of temporary files by the 'sort_offline()' function, which could let a malicious user create/ overwrite arbitrary files.
Security Focus, Bugtraq ID: 15523, November 22, 2005
Ubuntu Security Notice, USN-221-1, December 01, 2005
Gentoo Linux Security Advisory, GLSA 200512-04, December 12, 2005
SUSE Security Announcement, SUSE-SA:2005:070, December 20, 2005
Conectiva Linux Announcement, CLSA-2006:1058, January 2, 2006
Multiple Vendors
Xpdf 3.0 pl2 & pl3, 3.0 1, 3.00, 2.0-2.03, 1.0 0, 1.0 0a, 0.90-0.93; RedHat Fedora Core4, Core3, Enterprise Linux WS 4, WS 3, WS 2.1 IA64, WS 2.1, ES 4, ES 3, ES 2.1 IA64, 2.1, Enterprise Linux AS 4, AS 3, 2.1 IA64, 2.1, Desktop 4.0, 3.0, Advanced Workstation for the Itanium Processor 2.1 IA64, 2.1; teTeX 2.0.1, 2.0; Poppler poppler 0.4.2;
KDE kpdf 0.5, KOffice 1.4.2 ; PDFTOHTML DFTOHTML 0.36
Multiple vulnerabilities have been reported: a heap-based buffer overflow vulnerability was reported in the 'DCTStream::read
BaselineSOF()' function in 'xpdf/Stream.cc' when copying data from a PDF file, which could let a remote malicious user potentially execute arbitrary code; a buffer overflow vulnerability was reported in the 'DCTStream::read
ProgressiveSOF()' function in 'xpdf/Stream.cc' when copying data from a PDF file, which could let a remote malicious user potentially execute arbitrary code; a buffer overflow vulnerability was reported in the 'StreamPredictor::
StreamPredictor()' function in 'xpdf/Stream.cc' when using the 'numComps' value to calculate the memory size, which could let a remote malicious user potentially execute arbitrary code; and a vulnerability was reported in the 'JPXStream:
:readCodestream()' function in 'xpdf/JPXStream.cc' when using the 'nXTiles' and 'nYTiles' values from a PDF file to copy data from the file into allocated memory, which could let a remote malicious user potentially execute arbitrary code.
A Cross-Site Scripting vulnerability exists due to insufficient filtering of HTML code from the 'config' parameter, which could let a remote malicious user execute arbitrary HTML and script code.
SUSE Security Summary Report, SUSE-SR:2005:003, February 4, 2005
Debian Security Advisory, DSA 680-1, February 14, 2005
Gentoo Linux Security Advisory, GLSA 200502-16,
February 14, 2005
Mandrakelinux Security Update Advisory,
MDKSA-2005:063, March 31, 2005
Fedora Update Notification,
FEDORA-2005-367, April 19, 2005
SCO Security Advisory, SCOSA-2005.46, November 2, 2005
Fedora Legacy Update Advisory, FLSA:152907, January 9, 2006
Multiple Vendors
Hylafax 4.2-4.2.3;
Gentoo Linux
Several vulnerabilities have been reported: a vulnerability was reported in 'hfaxd' when compiled with PAM support disabled, which could let a remote malicious user obtain unauthorized access; a vulnerability was reported due to insufficient sanitization of the 'notify' script, which could let a remote malicious user execute arbitrary commands; and a vulnerability was reported in the 'faxrcvd' script due to insufficient sanitization, which could let a remote malicious user execute arbitrary commands.
A vulnerability has been reported in the 'rmtree()' function in the 'File::Path.pm' module when handling directory permissions while cleaning up directories, which could let a malicious user obtain elevated privileges.
Gentoo Linux Security Advisory [UPDATE], GLSA 200501-38:03, March 15, 2005
Debian Security Advisory, DSA 696-1 , March 22, 2005
Turbolinux Security Advisory, TLSA-2005-45, April 19, 2005
Mandriva Linux Security Update Advisory, MDKSA-2005:079, April 29, 2005
HP Security Bulletin, HPSBUX01208, June 16, 2005
Secunia, Advisory: SA16193, July 25, 2005
Avaya Security Advisory, ASA-2005-196, September 13, 2005
RedHat Security Advisory, RHSA-2005:674-10, October 5, 2005
Conectiva Linux Announcement, CLSA-2006:1056, January 2, 2006
Multiple Vendors
NetBSD 2.1, 2.0-2.0.3, 1.6-1.6.2, NetBSD Current
Linux kernel 2.6-2.6.15 -rc3
A vulnerability has been reported because the system clock can be set to an arbitrary value, which could let malicious user bypass security restrictions.
SUSE Security Announce-
ment, SUSE-SA:2005:044, August 4, 2005
Conectiva Linux Announcement, CLSA-2006:1059, January 2, 2006
Multiple Vendors
SuSE Linux Professional
9.3, x86_64,
9.2, x86_64, Linux Personal 9.3, x86_64; Linux kernel
2.6-2.6.12
A buffer overflow vulnerability has been reported in the XFRM network architecture code due to insufficient validation of user-supplied input, which could let a malicious user execute arbitrary code.
Ubuntu Security Notice, USN-169-1, August 19, 2005
SUSE Security Announcement, SUSE-SA:2005:050, September 1, 2005
RedHat Security Advisory, RHSA-2005:663-19, September 28, 2005
Mandriva Linux Security Update Advisory, MDKSA-2005:171, October 3, 2005
RedHat Security Advisory, RHSA-2005:514-46, October 5, 200
Mandriva Linux Security Advisories, MDKSA-2005:219 & 220, November 30, 2005
Conectiva Linux Announcement, CLSA-2006:1059, January 2, 2006
Multiple Vendors
Trustix Secure Linux 3.0, 2.2, Secure Enterprise Linux 2.0, SuSE Novell Linux Desktop 9.0, Linux Professional 9.3 x86_64, 9.3, 9.2 x86_64, 9.2, 9.1 x86_64, 9.1, Linux Personal 9.3 x86_64, 9.3, 9.2 x86_64, 9.2, 9.1 x86_64, 9.1, Linux Enterprise Server for S/390 9.0, Linux Enterprise Server 9; 2.6-2.6.12 .4
A Denial of Service vulnerability has been reported due to a failure to handle malformed compressed files.
SUSE Security Announcement, SUSE-SA:2005:050, September 1, 2005
Trustix Secure Linux Security Advisory, TSLSA-2005-0043, September 2, 2005
Mandriva Linux Security Update Advisory, MDKSA-2005:171, October 3, 2005
Mandriva Linux Security Advisories, MDKSA-2005:219 & 220, November 30, 2005
SUSE Security Announcement, SUSE-SA:2005:068, December 14, 2005
Conectiva Linux Announcement, CLSA-2006:1059, January 2, 2006
Multiple Vendors
Ubuntu Linux 5.10 powerpc, i386, amd64, 5.0 4 powerpc, i386, amd64, 4.1 ppc, ia64, ia32;
Todd Miller Sudo 1.6-1.6.8, 1.5.6-1.5.9
A vulnerability has been reported in the 'PYTHONINSPECT' variable, which could let a malicious user bypass security restrictions and obtain elevated privileges.
Security Focus, Bugtraq ID: 16184, January 9, 2006
Multiple Vendors
zlib 1.2.2, 1.2.1, 1.2 .0.7, 1.1-1.1.4, 1.0-1.0.9; Ubuntu Linux 5.0 4, powerpc, i386, amd64, 4.1 ppc, ia64, ia32; SuSE Open-Enterprise-Server 9.0, Novell Linux Desktop 9.0, Linux Professional 9.3, x86_64, 9.2, x86_64, 9.1, x86_64, Linux Personal 9.3, x86_64, 9.2, x86_64, 9.1, x86_64, Linux Enterprise Server 9; Gentoo Linux;
FreeBSD 5.4, -RELENG, -RELEASE, -PRERELEASE, 5.3, -STABLE, -RELENG, -RELEASE;
Debian Linux 3.1, sparc, s/390, ppc, mipsel, mips, m68k, ia-64, ia-32, hppa, arm, alpha; zsync 0.4, 0.3-0.3.3, 0.2-0.2.3, 0.1-0.1.6 1, 0.0.1-0.0.6
A buffer overflow vulnerability has been reported due to insufficient validation of input data prior to utilizing it in a memory copy operation, which could let a remote malicious user execute arbitrary code.
Gentoo Linux Security Advisory GLSA 200601-02, January 5, 2006
Ubuntu Security Notice, USN-236-1, January 05, 2006
Fedora Update Notifications,
FEDORA-2005-000, January 5, 2006
Mandriva Linux Security Advisories MDKSA-2006:003-003-006 & 008, January 6 & 7, 2006
Ubuntu Security Notice, USN-236-2, January 09, 2006
Debian Security Advisory DSA 931-1, January 9, 2006
Debian Security Advisory,
DSA-936-1, January 11, 2006
Multiple Vendors
Larry Wall Perl 5.8, 5.8.1, 5.8.3, 5.8.4, 5.8.4 -1-5.8.4-5; Ubuntu Linux 4.1 ppc, ia64, ia32
Multiple vulnerabilities exist: a buffer overflow vulnerability exists in the 'PERLIO_DEBUG' SuidPerl environment variable, which could let a malicious user execute arbitrary code; and a vulnerability exists due to an error when handling debug message output, which could let a malicious user corrupt arbitrary files.
Ubuntu Security Notice, USN-72-1, February 2, 2005
MandrakeSoft Security Advisory, MDKSA-2005:031, February 9, 2005
RedHat Security Advisory, RHSA-2005:105-11, February 7, 2005
SGI Security Advisory, 20050202-01-U, February 9, 2005
SUSE Security Summary Report, SUSE-SR:2005:004, February 11, 2005
Gentoo Linux Security Advisory, GLSA 200502-13, February 11, 2005
Trustix Secure Linux Security Advisory, TSLSA-2005-0003,February 11, 2005
IBM SECURITY ADVISORY, February 28, 2005
Fedora Update Notification,
FEDORA-2005-353, May 2, 2005
Conectiva Linux Announcement, CLSA-2006:1056, January 2, 2006
Multiple Vendors
Linux kernel
2.6 prior to 2.6.12.1
A vulnerability has been reported in the 'restore_sigcontext()' function due to a failure to restrict access to the 'ar.rsc' register, which could let a malicious user cause a Denial of Service or obtain elevated privileges.
Security Focus, Bugtraq ID: 14791, September 9, 2005
Ubuntu Security Notice, USN-178-1, September 09, 2005
Mandriva Linux Security Update Advisory, MDKSA-2005:171, October 3, 2005
RedHat Security Advisory, RHSA-2005:514-46, October 5, 2005
Mandriva Linux Security Advisories, MDKSA-2005:219 & 220, November 30, 2005
SUSE Security Announcement, SUSE-SA:2005:068, December 14, 2005
Conectiva Linux Announcement, CLSA-2006:1059, January 2, 2006
Multiple Vendors
Linux kernel 2.6.8-2.6.10, 2.4.21
Several vulnerabilities have been reported: a buffer overflow vulnerability was reported in 'msg_control' when copying 32 bit contents, which could let a malicious user obtain root privileges and execute arbitrary code; and a vulnerability was reported in the 'raw_sendmsg()' function, which could let a malicious user obtain sensitive information or cause a Denial of Service.
Ubuntu Security Notice, USN-178-1, September 09, 2005
Trustix Secure Linux Security Advisory, TSLSA-2005-0049, September 16, 2005
Fedora Update Notifications,
FEDORA-2005-905 & 906, September 22, 2005
RedHat Security Advisory, RHSA-2005:663-19, September 28, 2005
Mandriva Linux Security Update Advisory, MDKSA-2005:171, October 3, 2005
RedHat Security Advisory, RHSA-2005:514-46, October 5, 2005
Mandriva Linux Security Advisories, MDKSA-2005:219 & 220, November 30, 2005
SUSE Security Announcement, SUSE-SA:2005:068, December 14, 2005
Conectiva Linux Announcement, CLSA-2006:1059, January 2, 2006
Multiple Vendors
Linux kernel 2.6-2.6.12 .1
A vulnerability has been reported due to insufficient authorization before accessing a privileged function, which could let a malicious user bypass IPSEC policies.
Ubuntu Security Notice, USN-219-1, November 22, 2005
Mandriva Linux Security Advisories, MDKSA-2005:218, 219 & 220, November 30, 2005
SUSE Security Announcement, SUSE-SA:2005:068, December 14, 2005
Conectiva Linux Announcement, CLSA-2006:1059, January 2, 2006
Multiple Vendors
Linux kernel 2.6-2.6.13.1
A Denial of Service vulnerability has been reported due to an omitted call to the 'sockfd_put()' function in the 32-bit compatible 'routing_ioctl()' function.
Security Tracker Alert ID: 1014944, September 21, 2005
Ubuntu Security Notice, USN-187-1, September 25, 2005
Mandriva Linux Security Advisories, MDKSA-2005:218, 219, 220, November 30, 2005
SUSE Security Announcement, SUSE-SA:2005:067, December 6, 2005
SUSE Security Announcement, SUSE-SA:2005:068, December 14, 2005
Conectiva Linux Announcement, CLSA-2006:1059, January 2, 2006
Multiple Vendors
Linux kernel 2.6-2.6.14
Several vulnerabilities have been reported: a Denial of Service vulnerability was reported due to a memory leak in '/security/keys/request_
key_auth.c;' a Denial of Service vulnerability was reported due to a memory leak in '/fs/namei.c' when the 'CONFIG_AUDITSYSCALL' option is enabled; and a vulnerability was reported because the orinoco wireless driver fails to pad data packets with zeroes when increasing the length, which could let a malicious user obtain sensitive information.
Trustix Secure Linux Security Advisory, TSLSA-2005-0057, October 14, 2005
Fedora Update Notifications,
FEDORA-2005-1013, October 20, 2005
RedHat Security Advisory, RHSA-2005:808-14, October 27, 2005
Ubuntu Security Notice, USN-219-1, November 22, 2005
Mandriva Linux Security Advisories, MDKSA-2005:218, 219 & 220, November 30, 2005
SUSE Security Announcement, SUSE-SA:2005:067, December 6, 2005
SUSE Security Announcement, SUSE-SA:2005:068, December 14, 2005
Conectiva Linux Announcement, CLSA-2006:1059, January 2, 2006
Multiple Vendors
Linux kernel 2.6-2.6.14
Several vulnerabilities have been reported: a Denial of Service vulnerability was reported when handling asynchronous USB access via usbdevio; and a Denial of Service vulnerability was reported in the 'ipt_recent.c' netfilter module due to an error in jiffies comparison.
RedHat Security Advisory, RHSA-2005:514-46, October 5, 2005
Ubuntu Security Notice, USN-219-1, November 22, 2005
Mandriva Linux Security Advisories, MDKSA-2005:218, 219 & 220, November 30, 2005
SUSE Security Announcement, SUSE-SA:2005:067, December 6, 2005
SUSE Security Announcement, SUSE-SA:2005:068, December 14, 2005
Conectiva Linux Announcement, CLSA-2006:1059, January 2, 2006
Multiple Vendors
Linux Kernel 2.6-2.6.14
Multiple vulnerabilities have been reported: a Denial of Service vulnerability was reported in the 'sys_set_
mempolicy' function when a malicious user submits a negative first argument; a Denial of Service vulnerability was reported when threads are sharing memory mapping via 'CLONE_VM'; a Denial of Service vulnerability was reported in 'fs/exec.c' when one thread is tracing another thread that shares the same memory map; a Denial of Service vulnerability was reported in 'mm/ioremap.c' when performing a lookup of a non-existent page; a Denial of Service vulnerability was reported in the HFS and HFS+ (hfsplus) modules; and a remote Denial of Service vulnerability was reported due to a race condition in 'ebtables.c' when running on a SMP system that is operating under a heavy load.
A vulnerability has been reported due to the way console keyboard mapping is handled, which could let a malicious user modify the console keymap to include scripted macro commands.
Security Focus, Bugtraq ID: 15122, October 17, 2005
Mandriva Linux Security Advisories, MDKSA-2005:218, 219 & 220, November 30, 2005
Fedora Update Notification,
FEDORA-2005-1138, December 13, 2005
Conectiva Linux Announcement, CLSA-2006:1059, January 2, 2006
Multiple Vendors
Linux kernel
2.6-2.6.12 .1
Several vulnerabilities have been reported: a Denial of Service vulnerability was reported due to an error when handling key rings; and a Denial of Service vulnerability was reported in the 'KE YCTL_JOIN_SESSION
_KEYRING' operation due to an error when attempting to join a key management session.
A buffer overflow vulnerability has been reported in the 'nbd-server' when handling specially crafted requests, which could let a remote malicious user execute arbitrary code.
Security Focus, Bugtraq ID: 16029, December 21, 2005
Debian Security Advisory, DSA 924-1, December 21, 2005
Gentoo Linux Security Advisory, GLSA 200512-14, December 23, 2006
Ubuntu Security Notice, USN-237-1, January 06, 2006
Multiple Vendors
petris 1.0.1
A buffer overflow vulnerability has been reported when handling environment variables when processing highscores, which could let a malicious user execute arbitrary code.
Debian Security Advisory, DSA-929-1, January 9, 2006
Multiple Vendors
RedHat Enterprise Linux WS 4, WS 3, ES 4, ES 3, AS 4, AS 3, Desktop 4.0, 3.0; mod_auth_pgsql 2.0.1
A format string vulnerability has been reported in 'mod_auth_pgsql' when logging information, which could let a remote malicious user execute arbitrary code.
Security Focus, Bugtraq ID: 15154, October 20, 2005
Fedora Update Notification
FEDORA-2005-1007, October 20, 2005
Mandriva Linux Security Advisory, MDKSA-2005:220, November 30, 2005
Conectiva Linux Announcement, CLSA-2006:1059, January 2, 2006
Multiple Vendors
Stefan Frings SMS Server Tools 1.14.8;
Debian Linux 3.1, sparc, s/390, ppc, mipsel, mips, m68k, ia-64, ia-32, hppa, arm, amd64, alpha,
A format string vulnerability has been reported in 'logging.c' when attempting to log messages using a formatted print function, which could let a remote malicious user execute arbitrary code.
Security Focus, Bugtraq ID: 16188, January 9, 2006
Debian Security Advisory, DSA-930-2, January 9, 2006
Multiple Vendors
Ubuntu Linux 5.0 4 powerpc, i386, amd64, 4.1 ppc, ia64, ia32;
Linux kernel 2.6.10, rc2, 2.6.8, rc1
A remote Denial of Service vulnerability has been reported in the kernel driver for compressed ISO file systems when attempting to mount a malicious compressed ISO image.
A format string vulnerability has been reported in 'Perl_sv_
vcatpvfnl' due to a failure to properly handle format specifiers in formatted printing functions, which could let a remote malicious user cause a Denial of Service.
An integer overflow vulnerability exists in 'scan.c' due to insufficient sanity checks on on the 'bitmap_unit' value, which could let a remote malicious user execute arbitrary code.
SCO Security Advisory, SCOSA-2005.57, December 14, 2005
SCO Security Advisory, SCOSA-2006.5, January 4, 2006
Fedora Legacy Update Advisory, FLSA:152803, January 10, 2006
NetBSD
NetBSD 2.1, 2.0-2.0.3, 1.6- 1.6.2, NetBSD Current
A vulnerability has been reported in the 'kernfs' file system due to insufficient sanitization, which could let a malicious user obtain sensitive information.
Security Focus, Bugtraq ID: 16201, January 11, 2006
Qualcomm
Eudora Internet Mail Server for OS X Light 3.2.8, 3.2.4-3.2.6, Mail Server for OS X3.2.4-3.2.8
Denial of service vulnerabilities have been reported when a malformed NTLM authentication request, corrupted incoming Mail X, or malformed temporary mail is submitted.
A buffer overflow vulnerability has been reported due to an unspecified error in the uucp(1C) and uustat(1C) utilities, which could let a malicious user execute arbitrary code.
Sun(sm) Alert Notification,
Sun Alert ID: 101933, January 9, 2006
Todd Miller
Sudo 1.x
A vulnerability has been reported in the environment cleaning due to insufficient sanitization, which could let a malicious user obtain elevated privileges.
Debian Security Advisory, DSA 870-1, October 25, 2005
Mandriva Linux Security Advisory, MDKSA-2005:201, October 27, 2005
Ubuntu Security Notice, USN-213-1, October 28, 2005
SUSE Security Summary Report, SUSE-SR:2005:025, November 4, 2005
Security Focus, Bugtraq ID: 15191, November 10, 2005
Trustix Secure Linux Security Advisory, TSLSA-2005-0062, November 22, 2005
Conectiva Linux Announcement, CLSA-2006:1057, January 2, 2006
Todd Miller
Sudo prior to 1.6.8p12
A vulnerability has been reported due to an error when handling the 'PERLLIB,' 'PERL5LIB,' and 'PERL5OPT' environment variables when tainting is ignored, which could let a malicious user bypass security restrictions and include arbitrary library files.
Security Focus, Bugtraq ID: 16175, January 9, 2006
Xmame
Xmame 0.102
Several vulnerabilities have been reported: a buffer overflow vulnerability was reported in the 'lang' command line option due to a boundary error, which could let a malicious user execute arbitrary code; and a buffer overflow vulnerability was reported when handling the 'lang,' 'ctrlr,' 'pb,' and 'rec' command line options, which could let a malicious user execute arbitrary code.
The vulnerabilities have been fixed in the CVS repositories.
Proof of Concept exploits, xmameOverflow-ruby.txt, have been published.
An SQL injection vulnerability has been reported in 'showthread.php' due to insufficient sanitization before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.
No workaround or patch available at time of publishing.
There is no exploit code required; however, a Proof of Concept exploit, EV0018.txt, has been published.
Security Focus, Bugtraq ID: 16178, January 9, 2006
ADN Forum
ADN Forum 1.0 b, 1.0
Several input validation vulnerabilities have been reported: an SQL injection vulnerability was reported in 'index.php' due to insufficient sanitization of the 'fid' parameter and in 'verpag.php' due to insufficient sanitization of the 'pagid' parameter, which could let a remote malicious user execute arbitrary SQL code; and a Cross-Site Scripting vulnerability was reported due to insufficient sanitization of the 'titulo' parameter, which could let a remote malicious user execute arbitrary HTML and script code.
No workaround or patch available at time of publishing.
There is no exploit code required; however, exploit details, EV0015.txt, have been published.
Security Tracker Alert ID: 1015445, January 6, 2006
Andromeda
Andromeda 1.9.3 .4
A Cross-Site Scripting vulnerability has been reported in 'andromeda.php' due to insufficient sanitization of the 's' parameter before returning the user, which could let a remote malicious user execute arbitrary HTML and script code.
No workaround or patch available at time of publishing.
A Cross-Site Scripting vulnerability has been reported in the 'Referer' directive in 'mod_imap' due to insufficient sanitization before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code.
The vulnerability has been fixed in version 1.3.35-dev, and 2.0.56-dev.
Apple Security Advisory, APPLE-SA-2006-01-05, January 5, 2006
Apple
QuickTime Player 7.0-7.0.3
Several vulnerabilities have been reported: a heap-based buffer overflow vulnerability was reported when handling 'QTIF' images due to a boundary error, which could let a remote malicious user execute arbitrary code; a buffer overflow vulnerability was reported when handling 'TGA' images, which could let a remote malicious user execute arbitrary code; an integer overflow vulnerability was reported when handling 'TIFF' images, which could let a remote malicious user execute arbitrary code; a heap-based buffer overflow vulnerability was reported when handling 'GIF' images, which could let a remote malicious user execute arbitrary code; and a heap-based buffer overflow vulnerability was reported when handling certain media files, which could let a remote malicious user execute arbitrary code.
A vulnerability has been reported due to insufficient verification of the 'appserv_root' parameter in 'appserv/main.php' before used to include files, which could let a remote malicious user execute arbitrary PHP code.
No workaround or patch available at time of publishing.
There is no exploit code required; however, a Proof of Concept exploit, EV0018.txt, has been published.
An HTML injection vulnerability has been reported in the title field when a new event is added due to insufficient sanitization, which could let a remote malicious user execute arbitrary HTML and script code.
No workaround or patch available at time of publishing.
A vulnerability has been reported because a default static administrative password is set during installation, which could let a malicious user obtain unauthorized administrative access.
Security Focus, Bugtraq ID: 16200, January 10, 2006
Cray
UNICOS 9.0.2 .2
A buffer overflow vulnerability has been reported due to insufficient bounds checking of command line parameters, which could let a malicious user execute arbitrary code with superuser privileges.
No workaround or patch available at time of publishing.
Security Focus, Bugtraq ID: 16205, January 10, 2006
Dave Carrigan
auth_ldap 1.6 .0, 1.4 .x, 1.3 .x, 1.2 .x
A format string vulnerability has been reported due to insufficient sanitization of user-supplied input before using in the format-specifier of a formatted printing function, which could let a remote malicious user execute arbitrary code.
Security Focus, Bugtraq ID: 16177, January 9, 2006
RedHat Security Advisory, RHSA-2006:0179-7, January 10, 2006
Edgewall Software
Trac 0.9.2
An HTML injection vulnerability has been reported in the WikiProcessor Wiki Content due to insufficient sanitization, which could let a remote malicious user execute arbitrary HTML and script code.
Security Focus, Bugtraq ID: 16198, January 10, 2006
Ethereal
Ethereal
V0.10.11
Multiple dissector and zlib vulnerabilities have been reported in Ethereal that could let remote malicious users cause a Denial of Service or execute arbitrary code.
A buffer overflow vulnerability has been reported in the 'dissect_ospf_ v3_address_
prefix()' function in the OSPF protocol dissector due to a boundary error when converting received binary data to a human readable string, which could let a remote malicious user execute arbitrary code.
Avaya Converged Communications Server (CCS) 2.x, Avaya S8XXX Media Servers
Multiple vulnerabilities were reported that affects more 50 different dissectors, which could let a remote malicious user cause a Denial of Service, enter an endless loop, or execute arbitrary code. The following dissectors are affected: 802.3 Slow, AIM, ANSI A, BER, Bittorrent, CMIP, CMP, CMS, CRMF, DHCP, DICOM, DISTCC, DLSw, E IGRP, ESS, FCELS, Fibre Channel, GSM, GSM MAP, H.245, IAX2, ICEP, ISIS, ISUP, KINK, L2TP, LDAP, LMP, MEGACO, MGCP, MRDISC, NCP, NDPS, NTLMSSP, OCSP, PKIX Qualified, PKIX1Explitit, Presentation, Q.931, RADIUS, RPC, RSVP, SIP, SMB, SMB Mailslot, SMB NETLOGON, SMB PIPE, SRVLOC, TCAP, Telnet, TZSP, WSP, and X.509.
Ethereal Security Advisory, enpa-sa-00022, December 27, 2005
Mandriva Linux Security Advisory MDKSA-2006:002, January 3, 2006
RedHat Security Advisory, RHSA-2006:0156-6, January 11, 2006
Ethereal Group
Ethereal 0.10-0.10.8
A buffer overflow vulnerability exists due to a failure to copy network derived data securely into sensitive process buffers, which could let a remote malicious user execute arbitrary code.
Gentoo Linux Security Advisory, GLSA 200503-16, March 12, 2005
Fedora Update Notifications,
FEDORA-2005-212 & 213, March 16, 2005
Mandrakelinux Security Update Advisory, MDKSA-2005:053, March 16, 2005
RedHat Security Advisory, RHSA-2005:306-10, March 18, 2005
Conectiva Security Linux Announcement, CLA-2005:942, March 28, 2005
ALTLinux Security Advisory, March 29, 2005
Avaya Security Advisory, ASA-2005-131, June 13, 2005
Fedora Legacy Update Advisory, FLSA:152922, January 9, 2006
Ethereal Group
Ethereal 0.9-0.9.16, 0.10-0.10.9
Multiple vulnerabilities have been reported: a buffer overflow vulnerability has been reported in the Etheric dissector, which could let a remote malicious user cause a Denial of Service or execute arbitrary code; a remote Denial of Service vulnerability has been reported in the GPRS-LLC dissector if the 'ignore cipher bit' option is enabled; a buffer overflow vulnerability has been reported in the 3GPP2 A11 dissector, which could let a remote malicious user cause a Denial of Service or execute arbitrary code; and remote Denial of Service vulnerabilities have been reported in the JXTA and sFLow dissectors.
Gentoo Linux Security Advisory, GLSA 200503-16, March 12, 2005
Fedora Update Notifications,
FEDORA-2005-212 & 213, March 16, 2005
Mandrakelinux Security Update Advisory, MDKSA-2005:053, March 16, 2005
RedHat Security Advisory, RHSA-2005:306-10, March 18, 2005
Conectiva Security Linux Announcement, CLA-2005:942, March 28, 2005
ALTLinux Security Advisory, March 29, 2005
Debian Security Advisory, DSA 718-1, April 28, 2005
Avaya Security Advisory, ASA-2005-131, June 13, 2005
Fedora Legacy Update Advisory, FLSA:152922, January 9, 2006
foxrum
foxrum 4.0.4 f
Multiple script injection vulnerabilities have been reported due to insufficient sanitization of user-supplied input before including in dynamically generated content, which could let a remote malicious user execute arbitrary HTML and script code.
No workaround or patch available at time of publishing.
There is no exploit code required; however, exploit details, EV0020.txt, have been published.
Security Focus, Bugtraq ID: 16172, January 9, 2006
Globalissa
phpChamber
A Cross-Site Scripting vulnerability has been reported in 'search_result.php' due to insufficient sanitization of the 'needle' parameter before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code.
No workaround or patch available at time of publishing.
Multiple vulnerabilities have been reported including unspecified potential security issues in 'Agents;' an unspecified boundary error in CD to MIME Conversion, which could lead to a Denial of Service; a stack overflow vulnerability in in Domino for AIX when evaluating a long formula in 'Design,' which could lead to a Denial of Service; a vulnerability due to unspecified errors in the Directory Services that could lead to a Denial of Service when performing LDAP searches; a vulnerability due to an unspecified error in the IMAP server which could lead to a Denial of Service; a vulnerability due to an unspecified error when compact is executed from the client could lead to a Denial of Service; and several vulnerabilities due to unspecified errors when handling corrupted bitmap images or when performing the 'Delete Attachment' action.
An SQL injection vulnerability has been reported due to insufficient sanitization of the 'viewID' parameter and potentially other parameters in various scripts, which could let a remote malicious user execute arbitrary SQL code.
No workaround or patch available at time of publishing.
Security Focus, Bugtraq ID: 16159, January 6, 2006
iNETstore Corporation
iNETstore Online
A Cross-Site Scripting vulnerability has been reported in 'search.inetstore' due to insufficient sanitization of the 'searchterm' parameter before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code.
No workaround or patch available at time of publishing.
Security Focus, Bugtraq ID: 16156, January 6, 2006
Javier Suarez Sanz
Foro Domus 2.10
A Cross-Site Scripting and SQL injection vulnerability has been reported in 'escribir.php' due to insufficient sanitization of the 'email' parameter, which could let a remote malicious user execute arbitrary HTML and script code or SQL code.
No workaround or patch available at time of publishing.
There is no exploit code required; however, exploit details, EV0016.txt, have been published.
An information disclosure vulnerability has been reported due to a failure to properly secure sensitive and privileged information, which could let a remote malicious user obtain sensitive information.
Security Focus, Bugtraq ID: 16185, January 9, 2006
Modular Merchant
Modular Merchant Shopping Cart Software
A Cross-Site Scripting vulnerability has been reported in 'category.php' due to insufficient sanitization of the 'cat' parameter before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code.
No workaround or patch available at time of publishing.
Netscape 8.0.3.3, 7.2;
Mozilla Firefox 1.5 Beta1, 1.0.6;
Mozilla Browser 1.7.11; Mozilla Thunderbird 1.0.6
A buffer overflow vulnerability has been reported due to an error when handling IDN URLs that contain the 0xAD character in the domain name, which could let a remote malicious user execute arbitrary code.
HPSBUX01231 Rrev.2: HP-UX Mozilla Remote Unauthorized Execution of Privileged Code or Denial of Service (DoS)) is available detailing information on the availability of version 1.7.12.01 of Mozilla for various HP platforms. Users should see the referenced advisory or contact HP for further information.
Gentoo Linux Security Advisory GLSA 200509-11, September 18, 2005
Security Focus, Bugtraq ID: 14784, September 22, 2005
Slackware Security Advisory, SSA:2005-269-01, September 26, 2005
Gentoo Linux Security Advisory [UPDATE], GLSA 200509-11:02, September 29, 2005
Conectiva Linux Announcement, CLSA-2005:1017, September 28, 2005
Fedora Update Notifications,
FEDORA-2005-962 & 963, September 30, 2005
Debian Security Advisory, DSA 837-1, October 2, 2005
Turbolinux Security Advisory, TLSA-2005-93, October 3, 2005
HP Security Bulletin,
HPSBUX01231, October 3, 2005
Mandriva Linux Security Update Advisory, MDKSA-2005:174, October 6, 2005
HP Security Bulletin,
HPSBUX01231 Rev 1, October 12, 2005
Debian Security Advisories, DSA 866-1 & 868-1, October 20, 2005
HP Security Bulletin,
HPSBUX01231 Rev 2, November 9, 2005
Fedora Legacy Update Advisory, FLSA:168375, January 9, 2006
Multiple Vendors
Mozilla Firefox 1.0-1.0.6; Mozilla Browser 1.7-1.7.11; Netscape Browser 8.0.3.3
Multiple vulnerabilities have been reported: a heap overflow vulnerability was reported when processing malformed XBM images, which could let a remote malicious user execute arbitrary code; a vulnerability was reported when unicode sequences contain 'zero-width non-joiner' characters, which could let a remote malicious user cause a Denial of Service or execute arbitrary code; a vulnerability was reported due to a flaw when making XMLHttp requests, which could let a remote malicious user spoof XMLHttpRequest headers; a vulnerability was reported because a remote malicious user can create specially crafted HTML that spoofs XML objects to create an XBL binding to execute arbitrary JavaScript with elevated (chrome) permissions; an integer overflow vulnerability was reported in the JavaScript engine, which could let a remote malicious user obtain unauthorized access; a vulnerability was reported because a remote malicious user can load privileged 'chrome' pages from an unprivileged 'about:' page, which could lead to unauthorized access; and a window spoofing vulnerability was reported when a blank 'chrom' canvas is obtained by opening a window from a reference to a closed window, which could let a remote malicious user conduct phishing type attacks.
Mandriva Linux Security Update Advisory, MDKSA-2005:169 & 170, September 26, 2005
Fedora Update Notifications,
FEDORA-2005-926-934, September 26, 2005
Slackware Security Advisory, SSA:2005-269-01, September 26, 2005
SGI Security Advisory, 20050903-02-U, September 28, 2005
Conectiva Linux Announcement, CLSA-2005:1017, September 28, 2005
Gentoo Linux Security Advisory [UPDATE], September 29, 2005
SUSE Security Announcement, SUSE-SA:2005:058, September 30, 2005
Fedora Update Notifications,
FEDORA-2005-962 & 963, September 30, 2005
Debian Security Advisory, DSA 838-1, October 2, 2005
Turbolinux Security Advisory, TLSA-2005-93, October 3, 2005
Mandriva Linux Security Update Advisory, MDKSA-2005:174, October 6, 2005
Ubuntu Security Notice, USN-200-1, October 11, 2005
Security Focus, Bugtraq ID: 14916, October 19, 2005
Debian Security Advisories, DSA 866-1 & 868-1, October 20, 2005
Fedora Legacy Update Advisory, FLSA:168375, January 9, 2006
Multiple Vendors
Netscape Browser 8.0.3.3;
Mozilla Firefox 1.0-1.0.6, Mozilla Browser 1.7-1.7.11
A remote Denial of Service vulnerability has been reported when a malicious user creates a Proxy Auto-Config (PAC) script that contains a specially crafted eval() statement.
Mandriva Linux Security Advisory, MDKSA-2005:193-1, October 26, 2005
Gentoo Linux Security Advisor, GLSA 200510-25, October 30, 2005
SUSE Security Summary Report, SUSE-SR:2005:025, November 4, 2005
Conectiva Security Announce-ment, CLSA-2005:1043, November 8, 2005
Fedora Update Notification
FEDORA-2005-000, January 5, 2006
RedHat Security Advisory, RHSA-2006:0156-6, January 11, 2006
Multiple Vendors
PostNuke Development Team PostNuke 0.761; moodle 1.5.3; Mantis 1.0.0RC4, 0.19.4; Cacti 0.8.6 g; ADOdb 4.68, 4.66; Xaraya 1.x
Several vulnerabilities have been reported: an SQL injection vulnerability was reported in the 'server.php' test script, which could let a remote malicious user execute arbitrary SQL code and PHP script code; and a vulnerability was reported in the 'tests/tmssql.php' text script, which could let a remote malicious user call an arbitrary PHP function.
Several vulnerabilities have been reported: a remote Denial of Service vulnerability was reported in the ISAKMP, FC-FCS, RSVP, and ISIS LSP dissectors; a remote Denial of Service vulnerability was reported in the IrDA dissector; a buffer overflow vulnerability was reported in the SLIMP3, AgentX, and SRVLOC dissectors, which could let a remote malicious user execute arbitrary code; a remote Denial of Service vulnerability was reported in the BER dissector; a remote Denial of Service vulnerability was reported in the SigComp UDVM dissector; a remote Denial of service vulnerability was reported due to a null pointer dereference in the SCSI, sFlow, and RTnet dissectors; a vulnerability was reported because a remote malicious user can trigger a divide by zero error in the X11 dissector; a vulnerability was reported because a remote malicious user can cause an invalid pointer to be freed in the WSP dissector; a remote Denial of Service vulnerability was reported if the 'Dissect unknown RPC program numbers' option is enabled (not the default setting); and a remote Denial of Service vulnerability was reported if SMB transaction payload reassembly is enabled (not the default setting).
Ethereal Security Advisory, enpa-sa-00021, October 19, 2005
Fedora Update Notifications,
FEDORA-2005-1008 & 1011, October 20, 2005
RedHat Security Advisory, RHSA-2005:809-6, October 25, 2005
Mandriva Linux Security Advisory, MDKSA-2005:193, October 25, 2005
Avaya Security Advisory, ASA-2005-227, October 28, 2005
Gentoo Linux Security Advisory, GLSA 200510-25, October 30, 2005
Mandriva Linux Security Advisory, MDKSA-2005:193-2, October 31, 2005
SUSE Security Summary Report, SUSE-SR:2005:025, November 4, 2005
SGI Security Advisory, 20051101-01-U, November 29, 2005
Fedora Legacy Update Advisory, FLSA:152922, January 9, 2006
Multiple Vendors
Ubuntu Linux 5.10 powerpc, i386, amd64; Blender 2.40 alpha, 2.39, 2.37 a, 2.37, 2.30-2.35, 2.25 -2.28, 2.0 4
A buffer overflow vulnerability has been reported in 'get_bhead()' when parsing '.blend' files, which could let a remote malicious user cause a Denial of Service and potentially execute arbitrary code.
Ubuntu Security Notice, USN-238-2, January 06, 2006
Multiple Vendors
University of Kansas Lynx 2.8.6 dev.1-dev.13, 2.8.5 dev.8, 2.8.5 dev.2-dev.5, 2.8.5, 2.8.4 rel.1, 2.8.4, 2.8.3 rel.1, 2.8.3 pre.5, 2.8.3 dev2x, 2.8.3 dev.22, 2.8.3, 2.8.2 rel.1, 2.8.1, 2.8, 2.7;
RedHat Enterprise Linux WS 4, WS 3, 2.1, ES 4, ES 3, ES 2.1, AS 4, AS 3, AS 2.1,
RedHat Desktop 4.0, 3.0,
RedHat Advanced Workstation for the Itanium Processor 2.1 IA64
A buffer overflow vulnerability has been reported in the 'HTrjis()' function when handling NNTP article headers, which could let a remote malicious user execute arbitrary code.
Ubuntu
(Note: Ubuntu advisory USN-206-1 was previously released to address this vulnerability, however, the fixes contained an error that caused lynx to crash.)
Gentoo Linux Security Advisory, GLSA 200510-15, October 17, 2005
Ubuntu Security Notice, USN-206-1, October 17, 2005
RedHat Security Advisory, RHSA-2005:803-4, October 17, 2005
Fedora Update Notifications,
FEDORA-2005-993 & 994, October 17, 2005
Mandriva Linux Security Update Advisory, MDKSA-2005:186, October 18, 2005
Conectiva Linux Announcement, CLSA-2005:1037, October 19, 2005
Trustix Secure Linux Security Advisory, TSLSA-2005-0059, October 21, 2005
SGI Security Advisory, 20051003-01-U, October 26, 2005
Mandriva Linux Security Advisory, MDKSA-2005:186-1, October 26, 2005
Debian Security Advisories, DSA 874-1 & 876-1, October 27, 2005
Ubuntu Security Notice, USN-206-2, October 29, 2005
SUSE Security Summary Report, SUSE-SR:2005:025, November 4, 2005
Slackware Security Advisory, SSA:2005-310-03, November 7, 2005
SCO Security Advisory, SCOSA-2005.47, November 8, 2005
OpenPKG Security Advisory, OpenPKG-SA-2005.026, December 3, 2005
Fedora Legacy Update Advisory, FLSA:152832, December 17, 2005
SCO Security Advisory, SCOSA-2006.7, January 10, 2006
MyPhPim
MyPhPim 01.05
Multiple vulnerabilities have been reported: a file upload vulnerability was reported in the 'addresses.php3' script, which could let a remote malicious user execute arbitrary code; an SQL injection vulnerability was reported in 'calendar.php3' due to insufficient sanitization of the 'cal_id' parameter and in the password field when logging, which could let a remote malicious user execute arbitrary SQL code; and a Cross-Site Scripting vulnerability was reported due to insufficient sanitization of the description field when creating a new todo, which could let a remote malicious user execute arbitrary HTML and script code.
No workaround or patch available at time of publishing.
There is no exploit code required; however, Proof of Concept exploits have been published.
A vulnerability has been reported due to insufficient sanitization of input received via certain BBcode tags, which could let a remote malicious user execute arbitrary JavaScript code.
No workaround or patch available at time of publishing.
There is no exploit code required; however, exploit details, EV0019.txt, have been published.
Security Focus, Bugtraq ID: 16165, January 7, 2006
OnePlug Solutions
OnePlug CMS
SQL injection vulnerabilities have been reported due to insufficient sanitization of unspecified input before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.
No workaround or patch available at time of publishing.
There is no exploit code required; however, Proof of Concept exploits have been published.
Several vulnerabilities have been reported: a vulnerability was reported due to an error when handling dynamic port forwarding when no listen address is specified, which could let a remote malicious user cause "GatewayPorts" to be incorrectly activated; and a vulnerability was reported due to an error when handling GSSAPI credential delegation, which could let a remote malicious user be delegated with GSSAPI credentials.
Fedora Update Notification,
FEDORA-2005-858, September 7, 2005
Trustix Secure Linux Security Advisory, TSLSA-2005-0047, September 9, 2005
Slackware Security Advisory, SSA:2005-251-03, September 9, 2005
Fedora Update Notification,
FEDORA-2005-860, September 12, 2005
RedHat Security Advisory, RHSA-2005:527-16, October 5, 2005
Mandriva Linux Security Update Advisory, MDKSA-2005:172, October 6, 2005
Ubuntu Security Notice, USN-209-1, October 17, 2005
Conectiva Linux Announcement, CLSA-2005:1039, October 19, 2005
Security Focus, Bugtraq ID: 14729, January 10, 2006
Orjinweb E-commerce
Orjinweb E-commerce
A file include vulnerability has been reported in 'index.php' due to insufficient sanitization, which could let a remote malicious user execute arbitrary PHP code.
No workaround or patch available at time of publishing.
There is no exploit code required; however, a Proof of Concept exploit, orjinweb.txt, has been published.
Security Focus, Bugtraq ID: 16199, January 10, 2006
PHP-Nuke
PHP-Nuke EV 7.7
An SQL injection vulnerability has been reported in the search module due to insufficient sanitization of the 'query' variable before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.
No workaround or patch available at time of publishing.
There is no exploit code required; however, a Proof of Concept exploit has been published.
Security Focus, Bugtraq ID: 16186, January 9, 2006
PHP-Nuke
PHP-Nuke Pool Module, News Module
An HTML injection vulnerability has been reported due to insufficient sanitization of user-supplied input before using in dynamically generated content, which could let a remote malicious user execute arbitrary HTML and script code.
No workaround or patch available at time of publishing.
There is no exploit code required; however, a Proof of Concept exploit has been published.
Security Focus, Bugtraq ID: 16192, January 10, 2006
Ralph Capper
TinyPHPForum 3.6
Several vulnerabilities have been reported: a vulnerability was reported due to insufficient verification of input passed to the URL of a link when posting a message, which could let a remote malicious user execute arbitrary JavaScript; a vulnerability was reported in the 'users' directory because user credentials are stored insecurely, which could let a remote malicious user obtain sensitive information; and a Directory Traversal vulnerability was reported in 'profile.php' due to insufficient sanitization of the 'uname' parameter when viewing a profile, which could let a remote malicious user obtain sensitive information.
No workaround or patch available at time of publishing.
There is no exploit code required; however, exploit details, EV0014.txt, have been published.
TinyPHPForum Information Disclosure & Cross-Site Scripting
Security Tracker Alert ID: 1015436, January 5, 2005
Reamday Enterprises
Magic News Plus 1.0.3
A vulnerability has been reported due to insufficient verification of user-supplied input, which could let a remote malicious user change the administrator password.
No workaround or patch available at time of publishing.
There is no exploit code required; however, Proof of Concept exploit scripts, MagicNewsPlus-pw-change.pl and cijfer-mnxpl.pl.txt, have been published.
Security Focus, Bugtraq ID: 16182, January 9, 2006
Research In Motion
Blackberry Enterprise Server for Novell Groupwise 4.0, SP1 & SP2, Enterprise Server for Exchange 4.0, SP1 & SP2, Enterprise Server for Domino 4.0, SP1 & SP2
A remote Denial of Service vulnerability has been reported when handling a malformed PNG attachment.
Several input validation vulnerabilities have been reported: an SQL injection vulnerability was reported due to insufficient sanitization of the 'username' parameter in 'login.php' before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code; and a Cross-Site Scripting vulnerability was reported due to insufficient sanitization of the'register.php' script, which could let a remote malicious user execute arbitrary HTML and script code.
No workaround or patch available at time of publishing.
There is no exploit code required; however, exploit details, EV0017.txt, have been published.
SQL injection vulnerabilities have been reported due to insufficient sanitization of the '$parent,' '$root,' and '$topic_id' variables before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.
No workaround or patch available at time of publishing.
There is no exploit code required; however, a Proof of Concept exploit, EV0021.txt, has been published.
A vulnerability has been reported in the VMware Management Interface due to an unspecified error, which could let a remote malicious user execute arbitrary code.
Security Tracker Alert ID: 1015422, December 29, 2005
Gentoo Linux Security Advisory, GLSA 200601-04, January 7, 2006
Xoops
Xoops Pool Module
An HTML injection vulnerability has been reported in the IMG tag due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary HTML and script code.
No workaround or patch available at time of publishing.
There is no exploit code required; however, a Proof of Concept exploit has been published.
Xoops Pool Module HTML Injection
Not available
Security Focus, Bugtraq ID: 16189, January 9, 2006
British Parliament members demand Wi-Fi access: Wireless Internet access should be installed in parts of the Houses of Parliament to give its members access to information on the move. According to a report by the U.K. House of Commons Administration Committee, they are calling for secure wireless access after it found that some new members of Parliament struggled to work before they were given office space.
Wireless Spending To Exceed Wireline In 2006: Study: According to a study by market research firm, In-Stat, enterprises will spend more for wireless voice service than on wireline in 2006.
In addition, the study found that wireless data service will start growing quickly, with an average growth rate of 18 percent a year through 2009.
This section contains brief summaries and links to articles which discuss or present
information pertinent to the cyber security community.
Security flaws on the rise, questions remain: The number of publicly reported vulnerabilities jumped in 2005. This number was boosted by easy-to-find bugs in Web applications. A survey of four major vulnerability databases found that the number of flaws counted by each in the past five years differed significantly. However, three of the four databases exhibited a relative plateau in the number of flaws publicly disclosed in 2002 through 2004. And, every database saw a significant increase in their count of the flaws disclosed in 2005. Recent numbers produced by the U.S. Computer Emergency Readiness Team (US-CERT) revealed some of the problems with refined vulnerability sources. Managed by the CERT Coordination Center, the US-CERT's security bulletins outline security issues but are updated each week. In a year end list published last week, the US-CERT announced that 5,198 vulnerabilities had been reported in 2005.
Your IM Buddy, Or A Hacker? It's Getting Harder To Tell:
Instant-messaging security vendors FaceTime Communications Inc. and IMlogic Inc. reported that malware delivered over instant-message clients skyrocketed in recent months. There has been more than a 20-fold increase in the number of reported IM worm and virus variants since 2004.
Popular certifications don't ensure security:According to a survey from the SANS Institute, many popular information technology security certifications don't improve holders' ability to ensure computer systems' security, according to a new survey from the SANS Institute, a training and education organization for security professionals.
A list of high threat viruses, as reported to various anti-virus vendors and virus incident reporting organizations, has been ranked and categorized in the table below. For the purposes of collecting and collating data, infections involving multiple systems at a single location are considered a single infection. It is therefore possible that a virus has infected hundreds of machines but has only been counted once. With the number of viruses that appear each month, it is possible that a new virus will become widely distributed before the next edition of this publication. To limit the possibility of infection, readers are reminded to update their anti-virus packages as soon as updates become available. The table lists the viruses by ranking (number of sites affected), common virus name, type of virus code (i.e., boot, file, macro, multi-partite, script), trends (based on number of infections reported since last week), and approximate date first found.
Rank
Common Name
Type of Code
Trend
Date
Description
1
Netsky-P
Win32 Worm
Stable
March 2004
A mass-mailing worm that uses its own SMTP engine to send itself to the email addresses it finds when scanning the hard drives and mapped drives. The worm also tries to spread through various file-sharing programs by copying itself into various shared folders.
2
Mytob-GH
Win32 Worm
Stable
November 2005
A variant of the mass-mailing worm that disables security related programs and allows other to access the infected system. This version sends itself to email addresses harvested from the system, forging the sender’s address.
3
Netsky-D
Win32 Worm
Stable
March 2004
A simplified variant of the Netsky mass-mailing worm in that it does not contain many of the text strings that were present in NetSky.C and it does not copy itself to shared folders. Netsky.D spreads itself in e-mails as an executable attachment only.
4
Zafi-B
Win32 Worm
Stable
June 2004
A mass-mailing worm that spreads via e-mail using several different languages, including English, Hungarian and Russian. When executed, the worm makes two copies of itself in the %System% directory with randomly generated file names.
5
Sober-Z
Win32 Worm
Stable
December 2005
This worm travels as an email attachment, forging the senders address, harvesting addresses from infected machines, and using its own mail engine. It further download code from the internet, installs into the registry, and reduces overall system security.
6
Lovgate.w
Win32 Worm
Stable
April 2004
A mass-mailing worm that propagates via by using MAPI as a reply to messages, by using an internal SMTP, by dropping copies of itself on network shares, and through peer-to-peer networks. Attempts to access all machines in the local area network.
7
Mytob.C
Win32 Worm
Stable
March 2004
A mass-mailing worm with IRC backdoor functionality which can also infect computers vulnerable to the Windows LSASS (MS04-011) exploit. The worm will attempt to harvest email addresses from the local hard disk by scanning files.
8
Zafi-D
Win32 Worm
Stable
December 2004
A mass-mailing worm that sends itself to email addresses gathered from the infected computer. The worm may also attempt to lower security settings, terminate processes, and open a back door on the compromised computer.
9
Mytob-BE
Win32 Worm
Stable
June 2005
A slight variant of the mass-mailing worm that utilizes an IRC backdoor, LSASS vulnerability, and email to propagate. Harvesting addresses from the Windows address book, disabling anti virus, and modifying data.
10
Mytob-AS
Win32 Worm
Stable
June 2005
A slight variant of the mass-mailing worm that disables security related programs and processes, redirection various sites, and changing registry values. This version downloads code from the net and utilizes its own email engine.