Summary of Security Items from April 20 through April 26, 2006
The US-CERT Cyber Security Bulletin provides a summary of new and updated vulnerabilities, exploits, trends, and malicious code that have recently been openly reported. Information in the Cyber Security Bulletin is a compilation of open source and US-CERT vulnerability information. As such, the Cyber Security Bulletin includes information published by sources outside of US-CERT and should not be considered the result of US-CERT analysis or as an official report of US-CERT. Although this information does reflect open source reports, it is not an official description and should be used for informational purposes only. The intention of the Cyber Security Bulletin is to serve as a comprehensive directory of pertinent vulnerability reports, providing brief summaries and additional sources for further investigation.
The tables below summarize vulnerabilities that have been reported by various open source organizations or presented in newsgroups and on web sites. Items in bold designate updates that have been made to past entries. Entries are grouped by the operating system on which the reported software operates, and vulnerabilities which affect both Windows and Unix/ Linux Operating Systems are included in the Multiple Operating Systems table. Note, entries in each table are not necessarily vulnerabilities in that operating system, but vulnerabilities in software which operate on some version of that operating system.
Entries may contain additional US-CERT sponsored information, including Common Vulnerabilities and Exposures (CVE) numbers, National Vulnerability Database (NVD) links, Common Vulnerability Scoring System (CVSS) values, Open Vulnerability and Assessment Language (OVAL) definitions, or links to US-CERT Vulnerability Notes. Metrics, values, and information included in the Cyber Security Bulletin which has been provided by other US-CERT sponsored programs, is prepared, managed, and contributed by those respective programs. CVSS values are managed and provided by the US-CERT/ NIST National Vulnerability Database. Links are also provided to patches and workarounds that have been provided by the product’s vendor.
The Risk levels are defined below:
High - Vulnerabilities will be labeled “High” severity if they have a CVSS base score of 7.0-10.0.
Medium - Vulnerabilities will be labeled “Medium” severity if they have a base CVSS score of 4.0-6.9.
Low - Vulnerabilities will be labeled “Low” severity if they have a CVSS base score of 0.0-3.9.
Note that scores provided prior to 11/9/2005 are approximated from only partially available CVSS metric data. Such scores are marked as "Approximated" within NVD. In particular, the following CVSS metrics are only partially available for these vulnerabilities and NVD assumes certain values based on an approximation algorithm: AccessComplexity, Authentication, ConfImpact of 'partial', IntegImpact of 'partial', AvailImpact of 'partial', and the impact biases.
Windows Operating Systems Only
Vendor & Software Name
Description
Common Name
CVSS
Resources
ampleShop 2.1
Multiple vulnerabilities have been reported in ampleShop that could let remote malicious users perform SQL injection.
No workaround or patch available at time of publishing.
Currently we are not aware of any exploits for this vulnerability.
HP StorageWorks Secure Path for Windows Denial Of Service
Not Available
Security Tracker, Alert ID: 1015969, April 20, 2006
iOpus Secure Email Attachments
A vulnerability has been reported in iOpus Secure Email Attachments, insecure encryption, that could let remote malicious users disclose encrypted information.
No workaround or patch available at time of publishing.
There is no exploit code required.
iOpus Secure Email Attachments Information Disclosure
A buffer overflow vulnerability has been reported in SpeedProject products, ACE archive handling, that could let remote malicious users execute arbitrary code execution.
Several vulnerabilities have been reported: a buffer overflow vulnerability was reported when parsing an RTSP URL received from a client due to a boundary error, which could let a remote malicious user execute arbitrary code; and a remote Denial of Service vulnerability was reported due to an input validation error when handling the Content-Length HTTP header received from a client.
No workaround or patch available at time of publishing.
Proof of Concept exploits and an exploit script, fenice.c, have been published.
A Cross-Site Scripting vulnerability has been reported in 'register.php' ' due to insufficient sanitization of the 'user_name' parameter before using, which could let a remote malicious user execute arbitrary HTML and script code.
No workaround or patch available at time of publishing.
Vulnerability can be exploited through a web client; however, a Proof of Concept exploit has been published.
Safari 2.0-2.0.3, Mac OS X Server 10.4-10.4.6, 10.3-10.3.9, OS X 10.4-10.4.6, 10.3-10.3.9
Multiple vulnerabilities have been reported which could let a remote malicious user cause a Denial of Service or execute arbitrary code: a vulnerability was reported in the 'BOMStackPop()' function in the 'BOMArchiveHelper' when decompressing malformed ZIP archives, a vulnerability was reported in the 'KWQListlteratorImpl(),' 'drawText(),' and 'objc_msgSend_rtp()' functions in Safari when processing malformed HTML tags; a vulnerability was reported in the 'ReadBM()' function when processing malformed BMP images; a vulnerability was reported in the 'CFAllocatorAllocate()' function when processing malformed GIF images; and a vulnerability was reported in the '_cg_TIFFSetField()' and 'PredictorVSetField()' functions when processing malformed TIFF images.
No workaround or patch available at time of publishing.
Gentoo Linux Security Advisory, GLSA 200604-09, April 21, 2006
Ubuntu Security Notice, USN-272-1, April 24, 2006
Debian Security Advisory,
DSA-1042-1, April 25, 2006
Dan Littlejohn
Asterisk Recording Interface 0.7.15
A buffer overflow vulnerability has been reported in 'audio.php' due to a signedness error in 'format_jpeg.c' when processing an overly large JPEG image, which could let a remote malicious user execute arbitrary code.
A vulnerability has been reported in the 'fbgs' script because temporary files are created insecurely when the 'TMPDIR' environment variable isn't defined, which could let a remote malicious user create/overwrite arbitrary files.
Gentoo Linux Security Advisory, GLSA 200604-13, April 23, 2006
Free
RADIUS
FreeRADIUS 1.0-1.0.5
A vulnerability has been reported in the EAP-MSCHAPv2 state machine due to an error, which could let a malicious user bypass authentication and cause a Denial of Service.
Security Focus, Bugtraq ID: 15523, November 22, 2005
Ubuntu Security Notice, USN-221-1, December 01, 2005
Gentoo Linux Security Advisory, GLSA 200512-04, December 12, 2005
SUSE Security Announcement, SUSE-SA:2005:070, December 20, 2005
Conectiva Linux Announcement, CLSA-2006:1058, January 2, 2006
Mandriva Security Advisory, MDKSA-2006:020, January 25, 2006
Debian Security Advisory,
DSA-965-1, February 6, 2006
RedHat Security Advisory, RHSA-2006:0267-11, April 25, 2006
ISC
BIND 4.x.x, 8.x.x, 9.2.x, 9.3.x
A remote Denial of Service vulnerability has been reported due to a failure to properly handle malformed TSIG (Secret Key Transaction Authentication for DNS) replies.
No workaround or patch available at time of publishing.
Currently we are not aware of any exploits for this vulnerability.
ISC BIND TSIG Zone Transfer Remote Denial of Service
Not Available
Security Focus, Bugtraq ID: 17692, April 25, 2006
KRANKIKOM GmbH
ContentBoxX 0
A Cross-Site Scripting vulnerability has been reported in 'login.php' due to insufficient sanitization of the 'action' parameter, which could let a remote malicious user execute arbitrary HTML and script code.
No workaround or patch available at time of publishing.
Vulnerability can be exploited through a web client; however, a Proof of Concept exploit has been published.
Xpdf 3.0 pl2 & pl3, 3.0 1, 3.00, 2.0-2.03, 1.0 0, 1.0 0a, 0.90-0.93; RedHat Fedora Core4, Core3, Enterprise Linux WS 4, WS 3, WS 2.1 IA64, WS 2.1, ES 4, ES 3, ES 2.1 IA64, 2.1, Enterprise Linux AS 4, AS 3, 2.1 IA64, 2.1, Desktop 4.0, 3.0, Advanced Workstation for the Itanium Processor 2.1 IA64, 2.1; teTeX 2.0.1, 2.0; Poppler poppler 0.4.2;
KDE kpdf 0.5, KOffice 1.4.2 ; PDFTOHTML DFTOHTML 0.36
Multiple vulnerabilities have been reported: a heap-based buffer overflow vulnerability was reported in the 'DCTStream::read
BaselineSOF()' function in 'xpdf/Stream.cc' when copying data from a PDF file, which could let a remote malicious user potentially execute arbitrary code; a buffer overflow vulnerability was reported in the 'DCTStream::read
ProgressiveSOF()' function in 'xpdf/Stream.cc' when copying data from a PDF file, which could let a remote malicious user potentially execute arbitrary code; a buffer overflow vulnerability was reported in the 'StreamPredictor::
StreamPredictor()' function in 'xpdf/Stream.cc' when using the 'numComps' value to calculate the memory size, which could let a remote malicious user potentially execute arbitrary code; and a vulnerability was reported in the 'JPXStream:
:readCodestream()' function in 'xpdf/JPXStream.cc' when using the 'nXTiles' and 'nYTiles' values from a PDF file to copy data from the file into allocated memory, which could let a remote malicious user potentially execute arbitrary code.
Multiple buffer overflow vulnerabilities have been reported when processing ABC music files due to various boundary errors, which could let a remote malicious user execute arbitrary code.
A vulnerability has been reported due to a failure to sanitize user-supplied input before using in a Python 'eval' statement, which could let a remote malicious user execute arbitrary python code.
Fedora Update Notifications, FEDORA-2006-421,
FEDORA-2006-423, April 19 & 20, 2006
Multiple Vendors
Linux Kernel 2.6.x
A vulnerability has been reported because AMD K7/K8 CPUs only save/restore certain x87 registers in FXSAVE instructions when an exception is pending, which could let a remote malicious user obtain sensitive information.
A vulnerability has been reported in GDM gdm due to the way permissions on the '.ICEauthority' file are modified, which could let a remote malicious user obtain sensitive information.
This issue has been addressed in the latest CVS repository.
Vulnerability may be exploited with standard utilities and applications.
GNOME Foundation GDM .ICEauthority Improper File Permissions
A vulnerability has been reported due to the insecure construction of command line arguments that are passed to external helper applications, which could let a remote malicious user execute arbitrary code.
XFree86 X11R6 4.3 .0,
4.1 .0; X.org X11R6 6.8.2;
RedHat Enterprise Linux WS 2.1, IA64, ES 2.1, IA64, AS 2.1, IA64, Advanced Workstation for the Itanium Processor 2.1, IA64; Gentoo Linux
A buffer overflow vulnerability has been reported in the pixmap processing code, which could let a malicious user execute arbitrary code and possibly obtain superuser privileges.
Fedora Update Notifications,
FEDORA-2005-893 & 894, September 16, 2005
Trustix Secure Linux Security Advisory, TSLSA-2005-0049, September 16, 2005
Debian Security Advisory DSA 816-1, September 19, 2005
Sun(sm) Alert Notification
Sun Alert ID: 101926, September 19, 2005
SUSE Security Announcement, SUSE-SA:2005:056, September 26, 2005
Slackware Security Advisory, SSA:2005-269-02, September 26, 2005
Sun(sm) Alert Notification
Sun Alert ID: 101953, October 3, 2005
SUSE Security Summary Report, SUSE-SR:2005:023, October 14, 2005
Avaya Security Advisory, ASA-2005-218, October 19, 2005
Sun(sm) Alert Notification
Sun Alert ID: 101926, Updated October 24, 2005
NetBSD Security Update, October 31, 2005
SGI Security Advisory, 20060403-01-U, April 11, 2006
SCO Security Advisory, SCOSA-2006.22, April 21, 2006
Multiple Vendors
xzgv Image Viewer 0.8 0.7, 0.6;
SuSE Linux Professional 10.0 OSS, 9.3 x86_64, 9.3, 9.2 x86_64, 9.2, 9.1 x86_64, 9.1, Linux Personal 10.0 OSS, 9.3 x86_64, 9.3, 9.2 x86_64, 9.2, 9.1 x86_64, 9.1
A buffer overflow vulnerability has been reported when processing JPEG files due to a boundary error, which could let a remote malicious user execute arbitrary code.
Mandriva Security Advisory, MDKSA-2006:079, April 25, 2006
Net Clubs Pro
Net Clubs Pro 4.0
Cross-Site Scripting vulnerabilities have been reported in '/vchat/scripts/
sendim.cgi' due to insufficient sanitization of the 'onuser,' 'pass,' 'chatsys,' 'room,' 'username,' and 'to' parameters, in 'vchat/scripts/imessge.cgi' due to insufficient sanitization of the 'username' parameter, and in 'login.cgi' due to insufficient sanitization of the 'password' parameter, which could let a remote malicious user execute arbitrary HTML and script code.
No workaround or patch available at time of publishing.
Vulnerabilities can be exploited through a web client; however, a Proof of Concept exploit has been published.
Currently we are not aware of any exploits for this vulnerability.
PDNSD DNS Query Remote Denial of Service
Not Available
Secunia Advisory: SA19835, April 26, 2006
Sendmail Consortium
Sendmail prior to 8.13.6: Sun Cobalt RaQ 4, RaQ 550, RaQ XTR
A vulnerability has been reported due to a race condition caused by the improper handling of
asynchronous signals, which could let a remote malicious user execute arbitrary code.
RedHat Security Advisories, RHSA-2006:0264-8 & RHSA-2006:0265-9, March 22, 2006
Sun(sm) Alert Notification
Sun Alert ID: 102262, March 24, 2006
Gentoo Linux Security Advisory, GLSA 200603-21, March 22, 2006
SUSE Security Announcement, SUSE-SA:2006:017, March 22, 2006
FreeBSD Security Advisory, FreeBSD-SA-06:13, March 22, 2006
Slackware Security Advisory, SSA:2006-081-01, March 22, 2006
Avaya Security Advisory, ASA-2006-074, March 24, 2006
Debian Security Advisory,
DSA-1015-1, March 24, 2006
HP Security Bulletin,
HPSBUX02108, March 27, 2006
NetBSD Security Advisory, /NetBSD-SA2006-010, March 28, 2006
SGI Security Advisory, 20060302-01-P, March 22, 2006
F-Secure Security Bulletin, FSC-2006-2, March 28, 2006
SGI Security Advisory, 20060401-01-U, April 4, 2006
Sun(sm) Alert Notification
Sun Alert ID: 102324, April 25, 2006
Sun Microsystems Inc.
Solaris 10_x86, 10
A vulnerability has been reported in the 'getpwnam()' family of non-reentrant functions due to a failure of the PKCS#11 library to properly utilize non-reentrant functions, which could let a malicious user obtain elevated privileges.
SUSE Security Summary Report, SUSE-SR:2005:023, October 14, 2005
Mandriva Linux Security Update Advisory, MDKSA-2005:189 & 194, October 21 & 26, 2005
Slackware Security Advisory, SSA:2005-310-06, November 7, 2005
Conectiva Linux Announcement, CLSA-2005:1046, November 21, 2005
RedHat Security Advisory, RHSA-2005:848-6 & 850-5, December 6, 2005
Fedora Update Notifications,
FEDORA-2005-1112 & 1115, December 8, 2005
Trustix Secure Linux Security Advisory, TSLSA-2005-0074, December 23, 2005
SGI Security Advisory, 20051201-01-U, January 20, 2006
RedHat Security Advisory, RHSA-2006:0267-11, April 25, 2006
UPDI Network Enterprise
@1 Event Publisher
Several vulnerabilities have been reported: an HTML injection vulnerability was reported in 'event-publisher_
admin.htm' and 'eventpublisher_
usersubmit.htm' due to insufficient sanitization of the 'Event,' 'Description,' 'Time,' 'Website,' and 'Public Remarks' fields before using, which could let a remote malicious user execute arbitrary HTML and script code; and a vulnerability was reported due to insufficient restriction of 'eventpublisher.txt' which could lead to the disclosure of sensitive information.
No workaround or patch available at time of publishing.
Vulnerabilities can be exploited through a web client.
@1 Event Publisher HTML Injection & Information Disclosure
An HTML injection vulnerability has been reported due to insufficient sanitization of the 'Title of table' field when adding a new table, which could let a remote malicious user execute arbitrary HTML and script code.
No workaround or patch available at time of publishing.
Vulnerability can be exploited through a web client.
An SQL injection vulnerability has been reported in 'haberler.asp' due to insufficient sanitization of the 'id' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.
A file include vulnerability has been reported in 'Movie_CLS.PHP3' due to insufficient sanitization of the 'full_path' parameter, which could let a remote malicious user execute arbitrary PHP code.
No workaround or patch available at time of publishing.
Vulnerability can be exploited through a web client; however, a Proof of Concept exploit script, built2go.rfi.txt, has been published.
Several vulnerabilities have been reported: SQL injection vulnerabilities were reported in 'Results.cfm' due to insufficient sanitization of the 'category' parameter and in 'Details.cfm' due to insufficient sanitization of the 'ProdID' parameter, which could let a remote malicious user execute arbitrary SQL code; and it is also possible to reveal installation path by passing invalid parameter values to 'Results.cfm,' 'Details.cfm,' and 'Results.cfm.'
No workaround or patch available at time of publishing.
Currently we are not aware of any exploits for these vulnerabilities.
Remote Denials of Service vulnerabilities have been reported when processing malformed SIP (Session Initiation Protocol) messages due to various errors.
No workaround or patch available at time of publishing.
Currently we are not aware of any exploits for these vulnerabilities.
Multiple input validation vulnerabilities have been reported including a remote file include vulnerability and an SQL injection vulnerability due to insufficient sanitization of user-supplied input, which could lead to the execution of arbitrary SQL and PHP code.
No workaround or patch available at time of publishing.
Vulnerabilities can be exploited through a web client; however, Proof of Concept exploit scripts, 17655-exploit.pl and 17655.html, have been published.
A Cross-Site Scripting vulnerability has been reported in 'A2Z.JSP' due to insufficient sanitization of the 'kwd' parameter before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code.
No workaround or patch available at time of publishing.
Vulnerability can be exploited through a web client.
Multiple input validation vulnerabilities have been reported in 'DCBoard.cgi' include Cross-Site Scripting and SQL injection due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary HTML, script code, and SQL code.
No workaround or patch available at time of publishing.
Vulnerabilities can be exploited through a web client; however, a Proof of Concept exploit script, dcforumlite-3.0-sql-xss.txt, has been published.
Currently we are not aware of any exploits for this vulnerability.
DeleGate DNS Query Handling Remote Denial of Service
Not Available
Secunia Advisory: SA19750, April 26, 2006
dForum
dForum 1.5 & prior
File include vulnerabilities have been reported due to insufficient verification of the 'DFORUM_PATH' parameter in various scripts, which could let a remote malicious user execute arbitrary PHP files.
No workaround or patch available at time of publishing.
Vulnerabilities can be exploited through a web client; however, a Proof of Concept exploit has been published.
Multiple remote buffer overflow vulnerabilities have been reported due to a failure to properly bounds-check user-supplied input before copying it into insufficiently sized memory buffers, which could let a remote malicious user execute arbitrary code.
The vendor has released version 0.95-pre6, along with a patch for 0.94 to address these issues.
Mandriva Security Advisory, MDKSA-2006:062, April 3, 2006
Debian Security Advisory,
DSA-1025-1, April 6, 2006
Gentoo Linux Security Advisory, GLSA 200604-14, April 23, 2006
DUware
DUportal Pro 3.4
An SQL injection vulnerability has been reported in 'cat.asp' due to insufficient sanitization of user-supplied input before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.
No workaround or patch available at time of publishing.
Vulnerability can be exploited through a web client; however, a Proof of Concept exploit script, DUportalPro-cat.asp-sql.txt, has been published.
DUWare DUPortal Pro SQL Injection
Not Available
Security Focus, Bugtraq ID: 17702, April 26, 2006
Help Center Live
Help Center Live 2.0, 1.2- 1.2.8, 1.0
Multiple SQL injection vulnerabilities have been reported in the 'osTicket' module due to insufficient sanitization of unspecified parameters before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.
A Cross-Site Scripting and SQL injection vulnerability has been reported in 'portfolio_photo_
popup.php' due to insufficient sanitization of the 'id' parameter, which could let a remote malicious user execute arbitrary HTML, script code, and SQL code.
No workaround or patch available at time of publishing.
Vulnerabilities can be exploited through a web client; however, a Proof of Concept exploit script, instantphotogallery-xss.txt, has been published.
Multiple vulnerabilities have been reported: a vulnerability was reported in the 'search.php' due to insufficient sanitization of the 'lastdate' parameter before using in a 'preg_replace()' call, which could let a remote malicious user execute arbitrary PHP code; an SQL injection vulnerability was reported in 'index.php' due to insufficient sanitization of the 'ck' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code; a vulnerability was reported in 'admin.php' because it is possible for administrators to include arbitrary PHP scripts via the 'name' parameter, which could lead to the execution of arbitrary PHP code; and a vulnerability was reported because it is possible to upload a malicious JPEG image with a GIF header, which could let a remote malicious user execute arbitrary HTML and script code.
Vulnerabilities can be exploited through a web client; however, a Proof of Concept exploit script, invisionpowerboard-
2.1.5-sql-inj.txt, has been published.
Multiple vulnerabilities have been reported: an SQL injection vulnerability was reported due to insufficient sanitization of unspecified input passed to the web interface before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code; a vulnerability was reported due to input validation errors in the command line interface, which could let a remote malicious user inject arbitrary shell commands; a vulnerability was reported because the shadow password file has world-readable permissions, which could let a remote malicious user obtain sensitive information; and a vulnerability was reported because the database file is stored with world-readable and world-writable permissions.
A file include vulnerability has been reported in 'common.php' due to insufficient verification of the 'include_path' parameter, which could let a remote malicious user execute arbitrary PHP code.
No workaround or patch available at time of publishing.
Vulnerability can be exploited through a web client; however, a Proof of Concept exploit has been published.
A remote Denial of Service vulnerability has been reported due to a failure to properly handle DNS datagrams.
The vendor has released updated versions of the affected software to address this issue.
Currently we are not aware of any exploits for this vulnerability.
Juniper JUNOSe DNS Client Remote Denial of Service
Not Available
Security Focus, Bugtraq ID: 17693, April 25, 2006
kcscripts.com
Portal Pack 6.0
Cross-Site Scripting vulnerabilities have been reported in 'calendar/Visitor.cgi' and 'news/NsVisitor.cgi' due to insufficient sanitization of the 'sort_order' parameter, in 'search/search.cgi' due to insufficient sanitization of the 'q' parameter, and in 'classifieds/viewcat.cgi' due to insufficient sanitization of the 'cat_id' parameter, which could let a remote malicious user execute arbitrary HTML and script code.
No workaround or patch available at time of publishing.
Vulnerabilities can be exploited through a web client; however, Proof of Concept exploit scripts have been published.
An HTML injection vulnerability has been reported in 'MWguest.PHP' due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary HTML and script code.
No workaround or patch available at time of publishing.
Vulnerability can be exploited through a web client; however, a Proof of Concept exploit has been published.
SQL injection vulnerabilities have been reported due to insufficient sanitization of the 'Username' and 'Password' fields during login, which could let a remote malicious user execute arbitrary SQL code.
No workaround or patch available at time of publishing.
Vulnerabilities can be exploited through a web client.
An SQL injection vulnerability has been reported in 'pages.asp' due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary SQL code.
No workaround or patch available at time of publishing.
Vulnerability can be exploited through a web client; however, a Proof of Concept exploit has been published.
Several vulnerabilities have been reported: an SQL injection vulnerability was reported in the 'include/VB/vb_board_
functions.php' script due to insufficient validation of several parameters, which could let a remote malicious user execute arbitrary SQL code; and a Cross-Site Scripting vulnerability was reported in the 'includes/pm_popup.php' script due to insufficient filtering of HTML code from user-supplied input before displaying, which could let a remote malicious user execute arbitrary HTML and script code.
No workaround or patch available at time of publishing.
Vulnerabilities can be exploited through a web client; however, a Proof of Concept exploit has been published.
SuSE Security Announcement, SUSE-SA:2006:021, April 20, 2006
Gentoo Linux Security Advisory, GLSA 200604-12, April 23, 2006
Mandriva Security Advisory, MDKSA-2006:075, April 24, 2006
Slackware Security Advisory, SSA:2006-114-01, April 24, 2006
SGI Security Advisory, 20060404-01-U, April 24, 2006
RedHat Security Advisory, RHSA-2006:0330-15, April 25, 2006
Mandriva Security Advisory, MDKSA-2006:078, April 25, 2006
SuSE Security Announcement, SUSE-SA:2006:022, April 25, 2006
Mozilla.oeg
Thunderbird prior to 1.0.8, 1.5 - 1.5.0.1; Seamonkey prior to 1.0.1; Mozilla browser prior to 1.7.13; Firefox prior to 1.0.8, 1.5 - 1.5.0.1
A integer overflow vulnerability has been reported because a remote malicious user can create an HTML based email that contains a specially crafted CSS letter-spacing property value, which could lead to the execution of arbitrary code.
SuSE Security Announcement, SUSE-SA:2006:021, April 20, 2006
Gentoo Linux Security Advisory, GLSA 200604-12, April 23, 2006
Mandriva Security Advisory, MDKSA-2006:075, April 24, 2006
Slackware Security Advisory, SSA:2006-114-01, April 24, 2006
SGI Security Advisory, 20060404-01-U, April 24, 2006
RedHat Security Advisory, RHSA-2006:0330-15, April 25, 2006
Mandriva Security Advisory, MDKSA-2006:078, April 25, 2006
SuSE Security Announcement, SUSE-SA:2006:022, April 25, 2006
Mozilla.org
Firefox 0.x, 1.x
Multiple vulnerabilities have been reported: a vulnerability was reported due to an error because untrusted events generated by web content are delivered to the browser user interface; a vulnerability was reported because scripts in XBL controls can be executed even when JavaScript has been disabled; a vulnerability was reported because remote malicious users can execute arbitrary code by tricking the user into using the 'Set As Wallpaper' context menu on an image URL that is really a javascript; a vulnerability was reported in the 'Install
Trigger.install()' function due to an error in the callback function, which could let a remote malicious user execute arbitrary code; a vulnerability was reported due to an error when handling 'data:' URL that originates from the sidebar, which could let a remote malicious user execute arbitrary code; an input validation vulnerability was reported in the 'InstallVersion.compareTo()' function when handling unexpected JavaScript objects, which could let a remote malicious user execute arbitrary code; a vulnerability was reported because it is possible for a remote malicious user to steal information and possibly execute arbitrary code by using standalone applications such as Flash and QuickTime to open a javascript: URL; a vulnerability was reported due to an error when handling DOM node names with different namespaces, which could let a remote malicious user execute arbitrary code; and a vulnerability was reported due to insecure cloning of base objects, which could let a remote malicious user execute arbitrary code.
Ubuntu Security Notices, USN-157-1 & 157-2 August 1& 2, 2005
SUSE Security Announcement, SUSE-SA:2005:045, August 11, 2005
Debian Security Advisory, DSA 775-1, August 15, 2005
SGI Security Advisory, 20050802-01-U, August 15, 2005
Debian Security Advisory, DSA 777-1, August 17, 2005
Debian Security Advisory, DSA 779-1, August 20, 2005
Debian Security Advisory, DSA 781-1, August 23, 2005
Gentoo Linux Security Advisory, GLSA 200507-24, August 26, 2005
Mandriva Linux Security Update Advisory, MDKSA-2005:127-1, August 26, 2005
Slackware Security Advisory, SSA:2005-085-01, August 28, 2005
Debian Security Advisory, DSA 779-2, September 1, 2005
Debian Security Advisory, DSA 810-1, September 13, 2005
Fedora Legacy Update Advisory, FLSA:160202, September 14, 2005
HP Security Bulletin, HPSBOV01229, September 19, 2005
HP Security Bulletin,
HPSBUX01230, October 3, 2005
Ubuntu Security Notice, USN-155-3, October 04, 2005
Sun(sm) Alert Notification
Sun Alert ID: 101952, October 17, 2005
SUSE Security Summary Report, SUSE-SR:2005:028, December 2, 2005
Mandriva Linux Security Advisory, MDKSA-2005:226, December 12, 2005
SuSE Security Announcement, SUSE-SA:2006:022, April 25, 2006
Mozilla.org
Firefox 1.5-1.5.2, 1.5.0.2
A buffer overflow vulnerability has been reported in the 'iframe.contentWindow.focus()' function due to improper processing of certain JavaScript code, which could let a remote malicious user cause a Denial or Service or execute arbitrary code.
No workaround or patch available at time of publishing.
A Proof of Concept exploit script, ffdos.txt, has been published.
Mozilla Firefox 'iframe.content
Window.focus()' Buffer Overflow
Security Tracker Alert ID: 1015981, April 24, 2006
Multiple Vendors
Mozilla Firefox 1.0-1.0.6; Mozilla Browser 1.7-1.7.11; Netscape Browser 8.0.3.3
Multiple vulnerabilities have been reported: a heap overflow vulnerability was reported when processing malformed XBM images, which could let a remote malicious user execute arbitrary code; a vulnerability was reported when unicode sequences contain 'zero-width non-joiner' characters, which could let a remote malicious user cause a Denial of Service or execute arbitrary code; a vulnerability was reported due to a flaw when making XMLHttp requests, which could let a remote malicious user spoof XMLHttpRequest headers; a vulnerability was reported because a remote malicious user can create specially crafted HTML that spoofs XML objects to create an XBL binding to execute arbitrary JavaScript with elevated (chrome) permissions; an integer overflow vulnerability was reported in the JavaScript engine, which could let a remote malicious user obtain unauthorized access; a vulnerability was reported because a remote malicious user can load privileged 'chrome' pages from an unprivileged 'about:' page, which could lead to unauthorized access; and a window spoofing vulnerability was reported when a blank 'chrom' canvas is obtained by opening a window from a reference to a closed window, which could let a remote malicious user conduct phishing type attacks.
Mandriva Linux Security Update Advisory, MDKSA-2005:169 & 170, September 26, 2005
Fedora Update Notifications,
FEDORA-2005-926-934, September 26, 2005
Slackware Security Advisory, SSA:2005-269-01, September 26, 2005
SGI Security Advisory, 20050903-02-U, September 28, 2005
Conectiva Linux Announcement, CLSA-2005:1017, September 28, 2005
Gentoo Linux Security Advisory [UPDATE], September 29, 2005
SUSE Security Announcement, SUSE-SA:2005:058, September 30, 2005
Fedora Update Notifications,
FEDORA-2005-962 & 963, September 30, 2005
Debian Security Advisory, DSA 838-1, October 2, 2005
Turbolinux Security Advisory, TLSA-2005-93, October 3, 2005
Mandriva Linux Security Update Advisory, MDKSA-2005:174, October 6, 2005
Ubuntu Security Notice, USN-200-1, October 11, 2005
Security Focus, Bugtraq ID: 14916, October 19, 2005
Debian Security Advisories, DSA 866-1 & 868-1, October 20, 2005
Fedora Legacy Update Advisory, FLSA:168375, January 9, 2006
SuSE Security Announcement, SUSE-SA:2006:022, April 25, 2006
Multiple Vendors
Mozilla Browser 0.8-0.9.9, 0.9.35, 0.9.48, 1.0-1.7.12, Thunderbird 0.x, 1.x, Firefox 0.x, 1.x; SeaMonkey 1.0; RedHat Enterprise Linux WS 4, WS 3, WS 2.1 IA64, WS 2.1, ES 4, ES 3, ES 2.1 IA64, ES 2.1, AS 4, AS 3, AS 2.1 IA64, AS 2.1, Desktop 4.0, 3.0, Advanced Workstation for the Itanium Processor 2.1 IA64, 2.1
Multiple vulnerabilities have been reported: vulnerabilities were reported because temporary variables that are not properly protected are used in the JavaScript engine's garbage collection, which could let a remote malicious user cause a Denial of Service or execute arbitrary code; a vulnerability was reported because a remote malicious user can create HTML that will dynamically change the style of an element from position:relative to position:static; a vulnerability was reported because a remote malicious user can create HTML that invokes the QueryInterface() method of the built-in Location and Navigator objects; a vulnerability was reported in the 'XULDocument.persist()' function due to improper validation of the user-supplied attribute name, which could let a remote malicious user execute arbitrary code; an integer overflow vulnerability was reported in the 'E4X,' 'SVG,' and 'Canvas' features, which could let a remote malicious user execute arbitrary code; a vulnerability was reported in the XML parser because data can be read from locations beyond the end of the buffer, which could lead to a Denial of Service; and a vulnerability was reported because the 'E4X' implementation's internal 'AnyName' object is incorrectly available to web content, which could let a remote malicious user bypass same-origin restrictions.
Mandriva Security Advisories, MDKSA-2006:036 & MDKSA-2006:037, February 7, 2006
SGI Security Advisory, 20060201-01-U, March 14, 2006
Ubuntu Security Notice, USN-271-1 April 19, 2006
Gentoo Linux Security Advisory, GLSA 200604-12, April 23, 2006
RedHat Security Advisory, RHSA-2006:0330-15, April 25, 2006
Mandriva Security Advisory, MDKSA-2006:078, April 25, 2006
SuSE Security Announcement, SUSE-SA:2006:022, April 25, 2006
Multiple Vendors
RedHat Fedora Core5; Ethereal Group Ethereal 0.10-0.10.14, 0.9-0.9.16, 0.8.5
Multiple vulnerabilities have been reported vulnerabilities due to various types of errors including boundary errors, an off-by-one error, an infinite loop error, and several unspecified errors in a multitude of protocol dissectors, which could let a remote malicious user cause a Denial of Service or execute arbitrary code.
Mandriva Security Advisory, MDKSA-2006:077, April 25, 2006
Multiple Vendors
Slackware Linux 10.2, -current;
RedHat Fedora Core5, Core4, Enterprise Linux WS 4, ES 4, AS 4, Desktop 4.0; Netscape 7.2,
Netscape Browser 8.0.4;
Mozilla Thunderbird 1.5.1, 1.5 Beta 2, 1.5, 1.0-1.0.7, 0.9, 0.8, 0.7-0.7.3, 0.6;
Mozilla SeaMonkey 1.0 dev, 1.0;
Mozilla Firefox 1.5.1, 1.5 beta 1 & beta2, 1.5, 1.0-1.0.7, 0.10.1, 0.10, 0.9- 0.9.3, 0.8, Firefox Preview Release;
Mozilla Browser 1.8 Alpha 1 - Alpha 4,
Mozilla Browser 1.8 Alpha 3
Mozilla Browser 1.8 Alpha 2
Mozilla Browser 1.8 Alpha 1
Mozilla Browser 1.7-1.7.12, 1.6, 1.5.1, 1.5, 1.4.4, 1.4.2, 1.4.1, 1.4 b, 1.4 a, 1.4 , 1.3.1, 1.3, 1.2.1, 1.2 Alpha & Beta, 1.2, 1.1 Alpha & Beta, 1.1, 1.0-1.0.2, 0.9.48, 0.9.35, 0.9.9, 0.9.2-0.9.8, M16, M15
Multiple vulnerabilities have been reported which could lead to the execution of arbitrary code, cause a Denial or Service, elevated privileges, execution of arbitrary JavaScript code, disclosure of sensitive information, bypass security restrictions, or spoofing of windows contents.
New versions of the Mozilla Suite, Firefox, SeaMonkey, and Thunderbird are available to address these issues.
SuSE Security Announcement, SUSE-SA:2006:021, April 20, 2006
Gentoo Linux Security Advisory, GLSA 200604-12, April 23, 2006
Mandriva Security Advisory, MDKSA-2006:075, April 24, 2006
Slackware Security Advisory, SSA:2006-114-01, April 24, 2006
SGI Security Advisory, 20060404-01-U, April 24, 2006
RedHat Security Advisory, RHSA-2006:0330-15, April 25, 2006
Mandriva Security Advisory, MDKSA-2006:078, April 25, 2006
SuSE Security Announcement, SUSE-SA:2006:022, April 25, 2006
My Gaming Ladder
My Gaming Ladder 7.0
A file include vulnerability has been reported in 'stats.php' due to insufficient verification of the 'dir[base]' parameter, which could let a remote malicious user execute arbitrary PHP code.
No workaround or patch available at time of publishing.
Vulnerability can be exploited through a web client; however, a Proof of Concept exploit script, 17657-exploit.pl, has been published.
A Cross-Site Scripting vulnerability has been reported in 'Member.PHP' due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary HTML and script code.
No workaround or patch available at time of publishing.
Vulnerability can be exploited through a web client; however, a Proof of Concept exploit script, DevBB-1.0.0-xss.txt, has been published.
Multiple HTML injection vulnerabilities have been reported due to insufficient sanitization of user-supplied input before using it in dynamically generated content, which could let a remote malicious user execute arbitrary HTML and script code.
No workaround or patch available at time of publishing.
Vulnerabilities can be exploited through a web client; however, a Proof of Concept exploit script, nextage-html-inj.txt, has been published.
Several vulnerabilities have been reported: a remote Denial of Service vulnerability was reported in the 'PACKET_SERVER_ERROR' and 'PACKET_CLIENT_ERROR' command packets due to an error; and a vulnerability was reported due to an error when handling the packet size field in a received UDP.
The vulnerability has reportedly been fixed in revision r4531 in the CVS repositories.
Vulnerabilities can be exploited through a web client; however, a Proof of Concept exploit script, openttdx.zip, has been published.
JD Edwards EnterpriseOne 8.x, OneWorld 8.x,
Oracle Application Server 10g, Collaboration Suite 10.x, Database 10g, 8.x, E-Business Suite 11i, Enterprise Manager 10.x, PeopleSoft Enterprise Tools 8.x, Pharmaceutical Applications 4.x, Workflow 11.x,
Oracle9i Application Server,
Oracle9i Collaboration Suite,
Oracle9i Database Enterprise Edition,
Standard Edition,
Oracle9i Developer Suite
Oracle has released a Critical Patch Update advisory for April 2006 to address multiple vulnerabilities. Some have an unknown impact, and others can be exploited to conduct SQL injection attacks.
Several vulnerabilities have been reported: an SQL injection vulnerability was reported in 'main.php' due to insufficient sanitization of the 'login' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code; and a file include vulnerability was reported in 'main.php' due to insufficient verification of the 'language' parameter, which could let a remote malicious user execute arbitrary PHP code.
No workaround or patch available at time of publishing.
Vulnerabilities can be exploited through a web client; however, an exploit script, PCPIN_Chat-5.0.4_
RCE.php, has been published.
Security Tracker Alert ID: 1015968, April 20, 2006
Photokorn
Photokorn 1.542, 1.53
Multiple SQL injection vulnerabilities have been reported due to insufficient sanitization of user-supplied input before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.
No workaround or patch available at time of publishing.
Vulnerabilities can be exploited through a web client; however, a Proof of Concept exploit script, photokorn-1.53-sql.txt, has been published.
Multiple vulnerabilities have been reported: a Cross-Site Scripting vulnerability was reported in the 'phpinfo()' PHP function because only the first 4096 characters of an array request parameter are sanitized before returning to users, which could let a remote malicious user execute arbitrary HTML and script code; a Directory Traversal vulnerability was reported in the 'tempnam()' PHP function due to an error, which could let a remote malicious create arbitrary files; a vulnerability was reported in the 'copy()' PHP function due to an error, which could let a remote malicious create arbitrary files; and a vulnerability was reported in the 'copy()' PHP function because the safe mode mechanism can be bypassed by a remote malicious user.
Mandriva Security Advisory, MDKSA-2006:074, April 24, 2006
RedHat Security Advisory, RHSA-2006:0276-9, April 25, 2006
PHP Group
PHP 4.3.x, 4.4.x, 5.0.x, 5.1.x
A vulnerability has been reported in the 'html_entity_decode()' function because it is not binary safe, which could let a remote malicious user obtain sensitive information.
The vulnerability has been fixed in the CVS repository and in version 5.1.3-RC1.
Mandriva Security Advisory, MDKSA-2006:063, April 2, 2006
Trustix Secure Linux Security Advisory #2006-0020, April 7, 2006
RedHat Security Advisory, RHSA-2006:0276-9, April 25, 2006
PHP Group
PHP 4.4.2, 5.1.2
A buffer overflow vulnerability has been reported in the 'wordwrap()' function in 'string.c' when calculating an integer value based on user-supplied input, which could let a remote malicious user cause a Denial or Service or execute arbitrary code.
No workaround or patch available at time of publishing.
Security Tracker Alert ID: 1015979, April 24, 2006
PHP
PHP 5.1.1, 5.1
Several vulnerabilities have been reported: a vulnerability was reported due to insufficient of the session ID in the session extension before returning to the user, which could let a remote malicious user inject arbitrary HTTP headers; a format string vulnerability was reported in the 'mysqli' extension when processing error messages, which could let a remote malicious user execute arbitrary code; and a vulnerability was reported due to insufficient sanitization of unspecified input that is passed under certain error conditions, which could let a remote malicious user execute arbitrary HTML and script code.
Mandriva Security Advisory, MDKSA-2006:028, February 1, 2006
Ubuntu Security Notice, USN-261-1, March 10, 2006
Gentoo Linux Security Advisory, GLSA 200603-22, March 22, 2006
RedHat Security Advisory, RHSA-2006-0276, April 25, 2006
PHP
Surveyor
PHPSurveyor 0.995
Several vulnerabilities have been reported: an SQL injection vulnerability was reported in the 'save.php' script due to insufficient sanitization of the 'surveyid' cookie parameter, which could let a remote malicious user execute arbitrary SQL code; and a vulnerability was reported because a remote malicious user can cause the system to write arbitrary PHP code to a file
No workaround or patch available at time of publishing.
Vulnerabilities can be exploited through a web client; however, a Proof of Concept exploit script, phpsurveror.php, has been published.
Security Tracker Alert ID: 1015970, April 20, 2006
phpldapadmin
phpldapadmin 0.9.8
Several vulnerabilities have been reported: an HTML injection vulnerability was reported due to insufficient sanitization of 'compare_form.php,' ' copy_form.php,' 'rename_form.php,' 'template_engine.php,' 'delete_form.php,' and 'search.php,' which could let a remote malicious user execute arbitrary HTML and script code: and a Cross-Site Scripting vulnerability was reported in 'template_engine.php' due to insufficient sanitization of the 'Container DN,' 'Machine Name, ' and 'UID Number' parameters before using, which could let a remote malicious user execute arbitrary HTML and script code.
No workaround or patch available at time of publishing.
Vulnerabilities can be exploited through a web client; however, a Proof of Concept exploit script, 17643.html, has been published.
A file include vulnerability has been reported in 'agenda.php3' due to insufficient sanitization of the 'rootagend' parameter, which could let a remote malicious user execute arbitrary PHP code.
No workaround or patch available at time of publishing.
Vulnerability can be exploited through a web client; however, a Proof of Concept exploit script, phpMyAgenda_fi.txt, has been published.
A vulnerability has been reported in the 'mb_send_mail()' function due to an input validation error, which could let a remote malicious user inject arbitrary headers to generated email messages.
Security Focus, Bugtraq ID: 15571, November 25, 2005
SUSE Security Announcement, SUSE-SA:2005:069, December 14, 2005
Ubuntu Security Notice, USN-232-1, December 23, 2005
Mandriva Linux Security Advisory, MDKSA-2005:238, December 27, 2005
RedHat Security Advisory, RHSA-2006-0276, April 25, 2006
PhpWeb
Gallery
PhpWeb
Gallery 1.x
A vulnerability has been reported in 'picture.php' because it is possible to disclose arbitrary pictures by not defining a value for the 'cat' parameter, which could let a remote malicious user obtain sensitive information.
The vulnerability has been fixed in version 1.6.0RC1.
Currently we are not aware of any exploits for this vulnerability.
Cross-Site Scripting vulnerabilities have been reported due to insufficient sanitization of user-supplied input using the HTTP 'POST' method when submitting a malicious URI, which could let a remote malicious user execute arbitrary HTML and script code.
No workaround or patch available at time of publishing.
Vulnerabilities can be exploited through a web client; however, a Proof of Concept exploit script, phpwebftp-2.3-xss.txt, has been published.
SQL injection vulnerabilities have been reported in 'plexum.php' due to insufficient sanitization of the 'pagesize,' 'maxrec,' 'startpos' parameters before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.
No workaround or patch available at time of publishing.
Vulnerabilities can be exploited through a web client; however, Proof of Concept exploit scripts have been published.
Several vulnerabilities have been reported: a Directory Traversal vulnerability was reported in the 'index.php' script due to insufficient validation of the 'p' field, which could let a remote malicious user obtain sensitive information; and a path disclosure vulnerability was reported in the 'p' field due to an input validation error when processing a non-existing directory, which could let a remote malicious user obtain sensitive information.
The vendor has released an update to address this issue.
Vulnerabilities can be exploited through a web client; however, a Proof of Concept exploit script, 17649-directory-traversal.exploit, has been published.
A Cross-Site Scripting vulnerability has been reported in 'index.php' due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary HTML and script code.
No workaround or patch available at time of publishing.
Vulnerability can be exploited through a web client; however, a Proof of Concept exploit script, scry_xss.txt, has been published.
Multiple vulnerabilities have been reported: an SQL injection vulnerability was reported in 'page.php' due to insufficient sanitization of the 'id_page' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code; a Directory Traversal vulnerability was reported in 'gallerie.php' due to insufficient sanitization of the 'rep' parameter before using to list images, which could let a remote malicious user obtain sensitive information; and a Cross-Site Scripting vulnerability was reported in 'recherche.php' due to insufficient sanitization of the 'recherche' parameter before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code.
No workaround or patch available at time of publishing.
Vulnerabilities can be exploited through a web client.
Several vulnerabilities have been reported: SQL injection vulnerabilities were reported in 'archive.php' due to insufficient sanitization of the 'cid,' 'pid,' and 'eid' parameters, in 'preview.php' due to insufficient sanitization of the 'tid' parameter, and in 'comments.php' due to insufficient sanitization of the 'pid' parameter, which could let a remote malicious user execute arbitrary SQL code; and Cross-Site Scripting vulnerabilities were reported in 'imagelist.php' due to insufficient sanitization of the 'imagedir' parameter before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code.
Vulnerabilities can be exploited through a web client; however, Proof of Concept exploit scripts, 17652.html, and 17652-exploit.pl, have been published.
Multiple vulnerabilities have been reported: a vulnerability was reported in the authentication mechanism due a design error, which could let a remote malicious user obtain unauthorized access; a vulnerability was reported because a static private DSA key is used for SSL communications, which could let a remote malicious user conduct man-in-the-middle attacks; and a vulnerability was reported due to insufficient access restriction to files in the installation directory, which could let a remote malicious user obtain sensitive information.
Symantec Security Advisory, SYM06-008 , April 21, 2006
Thwboard
Thwboard 3.0 Beta 2.84
A Cross-Site Scripting vulnerability has been reported in 'index.php' due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary HTML and script code.
No workaround or patch available at time of publishing.
Vulnerability can be exploited through a web client; however, a Proof of Concept exploit has been published.
A Cross-Site Scripting vulnerability has been reported due to insufficient sanitization of the 'sid' parameter before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code.
No workaround or patch available at time of publishing.
Vulnerability can be exploited through a web client; however, a Proof of Concept exploit has been published.
A Cross-Site Scripting vulnerability has been reported in 'EasyGallery.PHP' due to insufficient sanitization of the 'ordner' parameter before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code.
No workaround or patch available at time of publishing.
Vulnerability can be exploited through a web client; however, a Proof of Concept exploit has been published.
SQL injection vulnerabilities have been reported in 'message_list.php' due to insufficient sanitization of the 'messages' parameter and in 'register.php' due to insufficient sanitization of the 'referral_id' parameter, which could let a remote malicious user execute arbitrary SQL code.
No workaround or patch available at time of publishing.
Vulnerabilities can be exploited through a web client.
This section contains wireless vulnerabilities, articles, and malicious code
that has been identified during the current reporting period.
Bringing More Security to Wi-Fi Networks: According to the research director for Gartner, protecting enterprise Wi-Fi networks from intrusions is a big challenge, but IT has a growing arsenal of products available to help, including those based on the 2004 Wi-Fi security standard (the IEEE's 802.11i) and the Wi-Fi Alliance's closely related implementation protocol, WPA2 (the Wi-Fi Protected Access 2). Advanced encryption and authentication mechanisms make these specs "actually more secure than most wired networks."
Bluetooth virus leaves mobile users out of pocket:Security experts warned at Infosec Europe 2006, that a newly detected mobile phone virus is charging mobile phone users $5 to send a premium rate SMS message. According to F-Secure, a Proof of Concept attack has been reengineered to make money illegally from mobile phone users. "The virus gets your phone to send an SMS to a premium rate number and then sends an authority that they can charge you without you knowing about it," said Richard Hales, country manager for UK and Ireland at F-Secure.
This section contains brief summaries and links to articles which discuss or present
information pertinent to the cyber security community.
Asia Now Top Spam-Relaying Region:According to a report released by Sophos, Asia has overtaken North America to become the top spam-relaying region in the world. Nearly one-half the spam Sophos captured on its global spam-monitoring network originated in Asia, with North America coming in a distant second as the source of just over 25 percent of spam.
As recently as two years ago, the U.S. was responsible for the majority of spam sent around the world, said Graham Cluley, senior technology consultant for Sophos.
Hacker's Toolkit Attacks Unpatched Computers: According to an online alert from Websense, a dirt-cheap, do-it-yourself hacking kit sold by a Russian Web site is being used by more than 1,000 malicious Web sites. Those sites have confiscated hundreds of thousands of computers using the "smartbomb" kit, which sniffs for seven unpatched vulnerabilities in Internet Explorer and Firefox, then attacks the easiest-to-exploit weakness.
Weak passwords leave firms open to hackers: According to a survey published at Infosec Europe 2006, poor password policy management is leaving firms open to hacking attacks. Nearly two thirds of the 500 IT administrators who responded to the poll considered the passwords of their users to be inadequate, either using common dictionary words, names or other weak passwords.
A list of high threat viruses, as reported to various anti-virus vendors and virus incident reporting organizations, has been ranked and categorized in the table below. For the purposes of collecting and collating data, infections involving multiple systems at a single location are considered a single infection. It is therefore possible that a virus has infected hundreds of machines but has only been counted once. With the number of viruses that appear each month, it is possible that a new virus will become widely distributed before the next edition of this publication. To limit the possibility of infection, readers are reminded to update their anti-virus packages as soon as updates become available. The table lists the viruses by ranking (number of sites affected), common virus name, type of virus code (i.e., boot, file, macro, multi-partite, script), trends (based on number of infections reported since last week), and approximate date first found.
Rank
Common Name
Type of Code
Trend
Date
Description
1
Netsky-P
Win32 Worm
Stable
March 2004
A mass-mailing worm that uses its own SMTP engine to send itself to the email addresses it finds when scanning the hard drives and mapped drives. The worm also tries to spread through various file-sharing programs by copying itself into various shared folder.
2
Zafi-B
Win32 Worm
Stable
June 2004
A mass-mailing worm that spreads via e-mail using several different languages, including English, Hungarian and Russian. When executed, the worm makes two copies of itself in the %System% directory with randomly generated file names.
3
Lovgate.w
Win32 Worm
Stable
April 2004
A mass-mailing worm that propagates via by using MAPI as a reply to messages, by using an internal SMTP, by dropping copies of itself on network shares, and through peer-to-peer networks. Attempts to access all machines in the local area network.
4
Mytob.C
Win32 Worm
Stable
March 2004
A mass-mailing worm with IRC backdoor functionality which can also infect computers vulnerable to the Windows LSASS (MS04-011) exploit. The worm will attempt to harvest email addresses from the local hard disk by scanning files.
5
Mytob-GH
Win32 Worm
Stable
November 2005
A variant of the mass-mailing worm that disables security related programs and allows other to access the infected system. This version sends itself to email addresses harvested from the system, forging the sender’s address.
6
Nyxum-D
Win32 Worm
Stable
March 2006
A mass-mailing worm that turns off anti-virus, deletes files, downloads code from the internet, and installs in the registry. This version also harvests emails addresses from the infected machine and uses its own emailing engine to forge the senders address.
7
Netsky-D
Win32 Worm
Stable
March 2004
A simplified variant of the Netsky mass-mailing worm in that it does not contain many of the text strings that were present in NetSky.C and it does not copy itself to shared folders. Netsky.D spreads itself in e-mails as an executable attachment only.
8
Mytob-BE
Win32 Worm
Stable
June 2005
A slight variant of the mass-mailing worm that utilizes an IRC backdoor, LSASS vulnerability, and email to propagate. Harvesting addresses from the Windows address book, disabling antivirus, and modifying data.
9
Mytob-AS
Win32 Worm
Stable
June 2005
A slight variant of the mass-mailing worm that disables security related programs and processes, redirection various sites, and changing registry values. This version downloads code from the net and utilizes its own email engine.
10
Zafi-D
Win32 Worm
Stable
December 2004
A mass-mailing worm that sends itself to email addresses gathered from the infected computer. The worm may also attempt to lower security settings, terminate processes, and open a back door on the compromised computer.